PRIVACY POLICY - YOUR TRUST MATTERS

Last updated: 02.07.2026

At CHECKSIX, trust has always been one of our most valuable assets. The same care, professionalism and integrity that guide our editorial work also define the way we handle personal information.

This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website, contact us, subscribe to our services, create an account or purchase digital products through our online store.

1. Controller

The controller responsible for this website within the meaning of the General Data Protection Regulation (GDPR) is:

Robert Kysela
CHECKSIX – The International Military Aviation Journal
Editorial Office
Burggaillenreuth116
91320 Ebermannstadt
Germany

Email: chiefeditor@checksix-journal.com
VAT ID: DE303509387

2. General Information

We process personal data only where this is necessary, lawful and transparent. Personal data means any information relating to an identified or identifiable natural person.

Depending on how you use our website, we may process data for the following purposes:

  • to provide and secure our website;
  • to operate our online store;
  • to provide subscriber access;
  • to process orders and payments;
  • to deliver digital editions and downloads;
  • to respond to enquiries;
  • to inform subscribers about new issues;
  • to comply with legal retention obligations;
  • to protect our website against misuse, fraud and security threats.

3. Legal Basis for Processing

We process personal data on the following legal bases:

  • Art. 6(1)(a) GDPR – consent, for example for non-essential cookies;
  • Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures, for example when processing orders, subscriptions or account access;
  • Art. 6(1)(c) GDPR – compliance with legal obligations, for example tax and accounting requirements;
  • Art. 6(1)(f) GDPR – legitimate interests, for example website security, fraud prevention, technical stability and protection of our publishing platform.

4. Hosting

Our website is hosted by:

Alfahosting GmbH
Ankerstraße 3b
06108 Halle (Saale)
Germany

When you access our website, technical data is processed by our hosting provider to deliver the website securely and reliably. This may include:

  • IP address;
  • date and time of access;
  • browser type and version;
  • operating system;
  • referrer URL;
  • requested pages or files;
  • server status codes.

The processing is necessary to provide the website, ensure technical stability and protect against misuse. The legal basis is Art. 6(1)(f) GDPR.

We have concluded, or will conclude where required, a data processing agreement with our hosting provider in accordance with Art. 28 GDPR.

5. Server Log Files

Our server automatically records information in server log files when you visit our website. These log files are used for security, troubleshooting and technical maintenance.

Server log files are not used to identify individual visitors unless this is required to investigate security incidents or unlawful use.

6. Cookies and Consent Management

Our website uses cookies and similar technologies.

Cookies may be necessary to:

  • display the website correctly;
  • maintain login sessions;
  • operate the subscriber area;
  • manage the shopping cart and checkout;
  • remember cookie preferences;
  • protect the website against misuse.

We use Real Cookie Banner to manage cookie consent. Non-essential cookies are only used where you have given your consent.

You may change or withdraw your consent at any time via the cookie settings on our website.

The legal basis for essential cookies is Art. 6(1)(f) GDPR. The legal basis for non-essential cookies is Art. 6(1)(a) GDPR.

7. WordPress

Our website is based on WordPress. WordPress may process technical and account-related data required for website operation, user login, content management and security.

Where users create accounts, WordPress may store:

  • username;
  • email address;
  • encrypted password;
  • role and access permissions;
  • login status;
  • technical session data.

This processing is necessary for account management and secure website operation. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

8. Subscriber Area and Membership Accounts

CHECKSIX provides a protected subscriber area. This area is operated using membership functionality, currently including Ultimate Membership Pro.

When you create or use a subscriber account, we may process:

  • name;
  • email address;
  • username;
  • encrypted password;
  • subscription status;
  • access rights;
  • membership level;
  • login history;
  • download access;
  • billing-related information where applicable.

The purpose of this processing is to provide access to subscribed content, manage accounts and ensure that digital editions are available to authorised users.

The legal basis is Art. 6(1)(b) GDPR. Security-related processing is also based on Art. 6(1)(f) GDPR.

9. WooCommerce Online Store

We operate an online store using WooCommerce.

Currently, the store primarily offers digital editions of CHECKSIX in PDF format. In the future, the store may also offer physical products such as calendars, patches, badges or merchandise.

When you place an order, we may process:

  • name;
  • billing address;
  • shipping address where applicable;
  • email address;
  • order details;
  • purchased products;
  • payment method;
  • transaction status;
  • customer account information;
  • IP address and technical order data.

The purpose of this processing is to process your order, provide digital downloads, manage customer accounts, issue invoices and comply with legal obligations.

The legal basis is Art. 6(1)(b) GDPR. Legal retention obligations are based on Art. 6(1)(c) GDPR.

10. Digital Editions and Downloads

When you purchase or access digital editions, we may process technical data relating to downloads, including:

  • purchased issue;
  • download link;
  • time of access;
  • number of downloads;
  • account or order reference;
  • IP address where technically required.

This processing is necessary to provide digital products, prevent misuse and ensure reliable access to purchased content.

The legal basis is Art. 6(1)(b) GDPR. Measures against misuse and unauthorised distribution may also be based on Art. 6(1)(f) GDPR.

11. Payment Processing

Payments are processed through external payment service providers. We do not store complete credit card numbers or full payment credentials on our own systems.

Depending on the selected payment method, payment data may be transmitted to the relevant provider.

11.1 Stripe

We use Stripe for payment processing.

When you choose Stripe as a payment method, order and payment-related data may be transmitted to Stripe. This may include:

  • name;
  • email address;
  • billing address;
  • payment amount;
  • currency;
  • transaction details;
  • payment status;
  • technical fraud-prevention data.

Stripe processes payment data in accordance with its own privacy documentation.

The legal basis for transmitting payment-related data is Art. 6(1)(b) GDPR.

11.2 PayPal

We use PayPal for payment processing.

When you choose PayPal as a payment method, payment-related data may be transmitted to PayPal. This may include:

  • name;
  • email address;
  • billing information;
  • payment amount;
  • transaction reference;
  • payment status.

PayPal processes payment data in accordance with its own privacy documentation and may act as an independent controller for certain payment processing activities.

The legal basis for transmitting payment-related data is Art. 6(1)(b) GDPR.

12. Contact Form and Email Communication

If you contact us via the contact form or by email, we process the information you provide in order to respond to your enquiry.

This may include:

  • name;
  • email address;
  • subject;
  • message content;
  • any additional information voluntarily provided.

We use this information only to process and respond to your enquiry. We do not use contact form submissions for unrelated marketing purposes.

The legal basis is Art. 6(1)(b) GDPR where the enquiry relates to a contract or pre-contractual communication, and Art. 6(1)(f) GDPR in all other cases.

13. Subscriber Newsletter

We may send email notifications to subscribers to inform them when a new issue or subscribed digital edition becomes available.

This subscriber notification is related to the existing subscription relationship and is not a general public marketing newsletter.

The legal basis is Art. 6(1)(b) GDPR where the notification is necessary to provide subscriber services. Where separate consent is required, the legal basis is Art. 6(1)(a) GDPR.

You may object to or unsubscribe from non-essential email communication at any time.

14. Website Security and Wordfence

We use Wordfence to protect our website against attacks, unauthorised access and malicious activity.

For security purposes, Wordfence may process:

  • IP addresses;
  • login attempts;
  • security events;
  • browser and device information;
  • requested URLs;
  • firewall and malware scan data.

This processing serves our legitimate interest in maintaining the security, integrity and availability of our website.

The legal basis is Art. 6(1)(f) GDPR.

15. Search Engine Optimisation

We use Yoast SEO to improve the technical structure and visibility of our website in search engines.

Yoast SEO is primarily used for content and metadata optimisation. It does not serve as a user tracking or analytics tool in our configuration.

16. Website Design and Functionality

We use Elementor Pro to design and manage website layouts and functionality.

Elementor may be involved in displaying forms, pages, templates and interactive elements. Any personal data processed through Elementor-based forms or features is handled for the respective stated purpose, such as responding to enquiries or providing website functionality.

17. Backups and Technical Maintenance

We use technical tools such as Duplicator for backup, migration and maintenance purposes.

Backups may contain website data, including user, order or account data stored in WordPress or WooCommerce at the time the backup is created.

Backups are used only for security, restoration and technical maintenance purposes.

The legal basis is Art. 6(1)(f) GDPR.

18. Social Media Presence

CHECKSIX maintains profiles on social media platforms, including Facebook, Instagram and LinkedIn.

When you interact with our social media pages, the respective platform provider may process personal data in accordance with its own privacy policy.

We may process information visible to us through social media interaction, such as comments, messages, profile names or public engagement, only for communication, editorial or community-related purposes.

Please note that social media platforms may process user data outside our direct control.

19. No General Web Analytics

We currently do not use dedicated web analytics tools such as Google Analytics or Matomo.

If we introduce analytics tools in the future, we will update this Privacy Policy and, where required, request consent before activating non-essential tracking.

20. External Content

Our website may contain links to external websites or platforms. If you click external links, the privacy practices of the respective provider apply.

We are not responsible for the privacy practices of external websites.

21. Data Recipients

Personal data may be shared with service providers where necessary for website operation, order processing, payment processing, security, hosting or legal compliance.

Relevant recipients may include:

  • hosting provider;
  • payment service providers;
  • technical service providers;
  • IT security providers;
  • tax advisors or accountants where required;
  • public authorities where legally required.

We do not sell personal data.

22. International Data Transfers

Some service providers, particularly payment or security providers, may process data outside the European Economic Area.

Where personal data is transferred internationally, we rely on appropriate safeguards where required, such as adequacy decisions, standard contractual clauses or equivalent legal mechanisms.

23. Retention Periods

We retain personal data only for as long as necessary for the relevant purpose.

Typical retention periods include:

  • contact enquiries: retained as long as necessary to process the enquiry;
  • customer and order data: retained in accordance with statutory tax and commercial retention obligations;
  • subscriber account data: retained for the duration of the account or subscription, unless legal obligations require longer retention;
  • server logs: retained for a limited period necessary for security and technical operation;
  • backup data: retained only as long as necessary for technical security and restoration.

Where legal retention periods apply, data may be stored for up to the legally required period.

24. Your Rights

Under applicable data protection law, you have the following rights:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to data portability;
  • right to object to processing;
  • right to withdraw consent at any time;
  • right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact us using the contact details provided above.

25. Right to Object

Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object to such processing on grounds relating to your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing or the processing is necessary for the establishment, exercise or defence of legal claims.

26. Withdrawal of Consent

Where processing is based on your consent, you may withdraw that consent at any time.

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

27. Data Security

We use technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration or disclosure.

Our website uses SSL/TLS encryption. You can recognise an encrypted connection by the “https://” prefix in your browser.

28. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our website, services, legal obligations or technical infrastructure.

The current version is always available on our website.

29. Questions & Contact?

If you have any questions regarding this Privacy Policy or the processing of your personal information, please feel free to contact us.

Our goal is to handle your data with the same professionalism, transparency and respect that define our editorial work.

CHECKSIX – The International Military Aviation Journal
Editorial Office
Robert Kysela
Email: chiefeditor@checksix-journal.com

Cookie Consent with Real Cookie Banner