Last updated: April 2026
Your privacy matters to us.
At Driftly, we believe in full transparency — about our content, our opinions, and how we handle your data. This Privacy Policy explains what information we collect, why we collect it, how we use it, and what rights you have regardless of where in the world you are reading this.
1. Who We Are
Website: driftly.blog
Contact: driftlyblog@gmail.com
Operator: Marchel Marketing Services LTD
(Registered in Cyprus, EU)Marchel Marketing Services LTD is the data controller responsible for your personal data. As a Cyprus-registered company, we operate under EU law and are subject to the General Data Protection Regulation (GDPR).
2. Who This Policy Applies To
This Privacy Policy applies to all visitors and users of driftly.blog regardless of your country of residence. We serve a global audience and take our obligations to readers in all jurisdictions seriously.
Specific rights by region are set out in Section 8.
3. What Data We Collect and Why
3.1 Website Analytics
We use Google Analytics 4 (via Google Tag Manager) to collect anonymised data about how visitors use our website. This includes pages visited, time spent on site, approximate location (country/region), device type and referral source.
Legal basis (EU/UK): Legitimate interest (Art. 6(1)(f) GDPR) and, where required, your consent via our cookie banner.
For US visitors: This data collection is disclosed in accordance with applicable US state privacy laws. You may opt out via our cookie banner at any time.
Data processor: Google LLC, USA. Data transfers to the USA are covered by Google’s Standard Contractual Clauses under GDPR Chapter V.
3.2 Newsletter and Email Subscription
If you subscribe to our newsletter or download a free guide such as the 30-Day Sleep Challenge, we collect your first name and email address.
Legal basis (EU/UK): Your explicit consent (Art. 6(1)(a) GDPR). We operate a confirmed double opt-in process.
For US visitors: By submitting your email address you consent to receive the requested content and occasional wellness communications from Driftly. You may withdraw consent at any time.
What we use it for: Delivering the content you requested and occasional wellness tips from Driftly. We do not share your email address with third parties for their marketing purposes. We never sell your data.
Data processor: Brevo (Sendinblue SAS), 106 Boulevard Haussmann, 75008 Paris, France. Privacy policy: brevo.com/legal/privacypolicy
You can unsubscribe at any time by clicking the unsubscribe link in any email, or by contacting us at driftlyblog@gmail.com.
3.3 Contact Form
If you contact us via the form at driftly.blog/contact, we collect your name, email address and message content.
Legal basis (EU/UK): Consent and legitimate interest (Art. 6(1)(a) and (f) GDPR).
What we use it for: Responding to your message only. Contact form submissions are not added to our newsletter list without your separate consent.
Data processor: WPForms / Rocketgenius Inc., USA.
3.4 Cookies
Driftly uses cookies to ensure the website functions correctly and to analyse traffic patterns.
Types of cookies we use:
Strictly necessary — Required for the website to function. Cannot be disabled.
Analytics cookies — Used by Google Analytics to understand visitor behaviour. Only placed with your consent.
Functional cookies — Used to remember your preferences and consent choices.
You can manage or withdraw your cookie consent at any time via our cookie banner (powered by CookieYes) or via your browser settings. Disabling certain cookies may affect website functionality.
4. Affiliate Disclosure
This website contains affiliate links. This means we may earn a small commission if you click a link and make a purchase, at no additional cost to you.
Affiliate programmes we participate in:
→ Amazon Associates
(Amazon Services LLC Associates Program)
→ Awin affiliate network
→ Other programmes disclosed
within individual postsAffiliate relationships are clearly disclosed within our content. We only recommend products we genuinely believe are relevant and useful to our readers. All opinions are our own.
This disclosure is made in accordance with:
→ FTC Endorsement Guidelines (USA)
→ UK ASA CAP Code (UK)
→ GDPR transparency requirements (EU/EEA)
→ Cyprus consumer protection regulations5. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Analytics 4 | Website analytics | policies.google.com/privacy |
| Google Tag Manager | Tag management | policies.google.com/privacy |
| Google Search Console | SEO monitoring | policies.google.com/privacy |
| Brevo (Sendinblue) | Email marketing | brevo.com/legal/privacypolicy |
| WPForms | Contact form | wpforms.com/privacy-policy |
| CookieYes | Cookie consent management | cookieyes.com/privacy-policy |
| WordPress / EasyWP | Website platform | wordpress.org/about/privacy |
| Social/traffic platform | policy.pinterest.com/privacy-policy |
6. Data Retention
Analytics data: 14 months
(Google Analytics default)
Newsletter data: Until you unsubscribe
or request deletion
Contact form data: Up to 12 months after
last contact
Cookie consent data: 12 months7. International Data Transfers
As a Cyprus-based company serving a global audience, data may be transferred to and processed in countries outside the EU/EEA, including the United States.
All such transfers are conducted in accordance with GDPR Chapter V using one or more of the following safeguards:
→ Standard Contractual Clauses (SCCs) approved by the European Commission
→ Adequacy decisions where applicable
→ Binding Corporate Rules where applicable8. Your Rights by Region
8.1 EU, EEA and Cyprus Residents (GDPR)
You have the right to:
→ Access personal data we hold about you
→ Correct inaccurate or incomplete data
→ Request erasure ("right to be forgotten")
→ Restrict processing in certain circumstances
→ Data portability in a structured format
→ Object to processing based on
legitimate interests
→ Withdraw consent at any time
→ Lodge a complaint with a supervisory authorityCyprus supervisory authority: Commissioner for Personal Data Protection dataprotection.gov.cy commissioner@dataprotection.gov.cy
Response time: We will respond to all requests within 30 days.
8.2 UK Residents (UK GDPR)
You have the same rights as EU residents under the UK GDPR. The relevant supervisory authority is the Information Commissioner’s Office (ICO): ico.org.uk
8.3 US Residents
Note: Driftly does not currently meet the thresholds that trigger mandatory CCPA/CPRA compliance (annual gross revenue exceeding $26.6M or processing data of 100,000+ California consumers). However, we voluntarily extend the following rights to all US readers as a matter of good practice:
→ Right to know what data we collect and why
→ Right to request deletion of your personal data
→ Right to opt out of any data sharing (we do not sell your data)
→ Right to non-discrimination for exercising your privacy rightsTo exercise any of these rights, contact us at driftlyblog@gmail.com.
8.4 All Other Visitors
Regardless of your location, you may contact us at any time to request access to, correction of, or deletion of any personal data we hold about you. We will respond within 30 days.
9. How to Exercise Your Rights
To exercise any of the rights described in Section 8:
Email: driftlyblog@gmail.com
Subject: "Privacy Rights Request"
Please include:
→ Your full name
→ Email address associated with your data
→ The specific right you wish to exercise
→ Any relevant detailsWe may ask you to verify your identity before processing your request. We will not charge a fee for reasonable requests.
10. Data Security
We implement reasonable technical and organisational security measures including:
→ SSL/TLS encryption (HTTPS) across the entire website
→ Secure hosting via EasyWP/Namecheap
→ Regular security monitoring via Solid Security
→ Access controls for all data systems
→ Regular software and plugin updatesNo method of internet transmission is 100% secure. In the event of a data breach that is likely to affect your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR, and notify affected individuals without undue delay.
11. Children’s Privacy
Driftly is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at driftlyblog@gmail.com and we will delete it promptly.
For US visitors, we comply with the Children’s Online Privacy Protection Act (COPPA) and do not knowingly collect data from children under 13.
12. Do Not Track and Opt-Out Signals
Some browsers and devices send a “Do Not Track” (DNT) signal. Currently, there is no universal standard for how websites must respond to DNT signals. We honour opt-out requests made via our cookie banner.
US visitors in states that support Global Privacy Control (GPC) signals may use a GPC-enabled browser to opt out of certain data processing activities.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. All changes will be posted on this page with an updated date at the top.
For material changes, we will provide a more prominent notice where appropriate. We encourage you to review this page periodically.
14. Legal Basis Summary (GDPR Reference)
| Processing Activity | Legal Basis | Article |
|---|---|---|
| Analytics | Legitimate interest / Consent | 6(1)(f) / 6(1)(a) |
| Newsletter | Consent | 6(1)(a) |
| Contact form | Consent + Legitimate interest | 6(1)(a) + 6(1)(f) |
| Cookie management | Consent | 6(1)(a) |
| Security measures | Legal obligation + Legitimate interest | 6(1)(c) + 6(1)(f) |
15. Contact
For any questions, concerns or requests relating to this Privacy Policy or the way we handle your data:
Marchel Marketing Services LTD
driftlyblog@gmail.com
driftly.blog
Cyprus, European UnionWe aim to respond to all privacy-related enquiries within 5 business days.
