Cookies AND Privacy Policy

Last updated: 10.06.2025

Welcome to The Only Guide, your trusted travel companion. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information.

Who we are

The Only Guide (theonly.guide) is a travel blog and digital content platform operated by Maria and Marcin Rybak (“we,” “us,” or “our”). We publish travel guides, destination articles, and sell digital travel products including ebooks and comprehensive travel guides.

Contact Information:

• Email: blog[at]theonly.guide or use Contact form
• Website: theonly.guide

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Consent: When you subscribe to our newsletter or accept cookies
• Contract Performance: When you purchase our digital products
• Legitimate Interest: For analytics and website optimization
• Legal Obligation: For tax and accounting purposes

What Data We Collect and Why

Website Visitors

Data collected:

• IP address and general location data
• Browser type and version
• Pages visited and time spent
• Device information
• Referral sources

Purpose: Website analytics, security, and performance optimization. Legal basis: Legitimate interest. Retention: 26 months (Google Analytics default)

Newsletter Subscribers

Data collected:

• Email address
• First name (optional)
• Subscription preferences
• Engagement data (opens, clicks)

Purpose: Sending travel tips newsletter, guides, and product updates Legal basis: Consent Retention: Until you unsubscribe or request deletion

Digital Product Customers

Data collected:

• Email address
• Full name
• Billing information
• Transaction details
• IP address (for fraud prevention)

Purpose: Order processing, product delivery, customer support, legal compliance Legal basis: Contract performance and legal obligation Retention: 7 years (for accounting/tax purposes), unless longer retention required by law

Contact Form Users

Data collected:

• Name (optional)
• Email address
• Message content

Purpose: Responding to inquiries and providing customer support Legal basis: Legitimate interest Retention: 1 year from last contact

Third-Party Services We Use

Google Analytics

We use Google Analytics to understand how visitors use our website. Google Analytics collects information anonymously and reports website trends without identifying individual visitors.

Data shared: Anonymized usage data, IP addresses (anonymized) Purpose: Website performance analysis Privacy Policy: Google Analytics Privacy Policy

ConvertKit (Email Marketing)

We use ConvertKit to manage our newsletter and email communications.

Data shared: Email addresses, names, engagement data Purpose: Newsletter delivery and email marketing Location: USA (adequate protection under Privacy Shield successor agreements) Privacy Policy: ConvertKit Privacy Policy

Stripe (Payment Processing)

We use Stripe to process payments for our digital products.

Data shared: Transaction data, billing information Purpose: Payment processing and order fulfillment Location: USA (adequate protection under Privacy Shield successor agreements) Privacy Policy: Stripe Privacy Policy

Cloudflare (Content Delivery & Security)

We use Cloudflare to optimize website performance and protect against malicious attacks.

Data shared: IP addresses, browser information Purpose: Website security and performance optimization Location: Worldwide network with EU data centers Privacy Policy: Cloudflare Privacy Policy

Hetzner (Web Hosting)

Our website is hosted on Hetzner servers located in Germany.

Data shared: All website data and visitor information Purpose: Website hosting and data storage Location: Germany (EU) Privacy Policy: Hetzner Privacy Policy

Google reCAPTCHA

We use Google reCAPTCHA to prevent spam and protect our forms.

Data shared: IP address, browser information, interaction data Purpose: Spam prevention and security Privacy Policy: Google Privacy Policy

Cookies and Similar Technologies

What Are Cookies?

Cookies are small text files stored on your device that help us improve your browsing experience and analyze website performance.

Types of Cookies We Use

Essential Cookies

These cookies are necessary for the website to function properly.

• Session management
• Security features
• Basic functionality

Legal basis: Legitimate interest (essential for service provision)

Analytics Cookies

These cookies help us understand how visitors interact with our website.

• Google Analytics cookies
• Performance measurement
• Usage statistics

Legal basis: Consent (requested via cookie banner)

Marketing Cookies

These cookies may be set by our third-party partners for advertising purposes.

• Social media integrations
• Advertising optimization
• Conversion tracking

Legal basis: Consent (requested via cookie banner)

Managing Your Cookie Preferences

You can control cookies through:

1. Cookie Settings: Use our cookie preference center
2. Browser Settings: Configure your browser to block or delete cookies
3. Opt-out Tools: Use third-party opt-out mechanisms

Note: Disabling certain cookies may affect website functionality.

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Information

You have the right to know how your data is processed (covered in this policy).

Right of Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data, subject to legal limitations.

Right to Restrict Processing

You can request that we limit how we process your personal data.

Right to Data Portability

You can request your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or direct marketing.

Right to Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

How to Exercise Your Rights: Contact us at blog[at]theonly.guide with your request. We will respond within 30 days.

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS encryption for data transmission
• Secure hosting infrastructure
• Regular security updates
• Access controls and authentication
• Data backup procedures

International Data Transfers

Some of our service providers are located outside the EU. When we transfer data internationally, we ensure adequate protection through:

• EU-U.S. Data Privacy Framework (DPF): For transfers to certified U.S. companies (including Stripe, ConvertKit, Google Analytics, Cloudflare)
• Adequacy decisions: Based on European Commission determinations
• Standard Contractual Clauses (SCCs): For transfers where DPF certification is not available
• UK Extension to DPF: For transfers from the UK to certified U.S. companies
• Explicit consent: Where other mechanisms are not applicable The DPF provides adequate protection for personal data transferred from the EU/UK to participating U.S. companies, offering enhanced privacy safeguards and redress mechanisms.

Data Retention

We retain personal data only as long as necessary:

• Website analytics: 26 months
• Newsletter data: Until unsubscription or deletion request
• Customer data: 7 years (legal requirement)
• Contact inquiries: 2 years

Children’s Privacy

Our website is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately.

External Content and Social Media

Our website may embed content from third-party platforms (YouTube, Instagram, Facebook). These platforms may set their own cookies and collect data according to their privacy policies:

• YouTube Privacy Policy
• Facebook Privacy Policy
• Instagram Privacy Policy
• TikTok Privacy Policy

Important: When you interact with embedded content from these platforms, they may collect information about your browsing behavior and set cookies on your device. We recommend reviewing their privacy policies to understand how your data is processed.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this website
• Updating the “Last updated” date
• Sending email notification for significant changes (to newsletter subscribers)

Complaints

If you have concerns about how we handle your personal data, you can:

1. Contact us directly at blog[at]theonly.guide
2. File a complaint with your local data protection authority
3. Contact the Spanish Data Protection Agency (AEPD) if you believe we have violated GDPR

Contact Us

We are committed to transparency and protecting your privacy. We make every effort to keep this privacy policy accurate and up-to-date, but if you have any questions about this privacy policy or our data practices, please don’t hesitate to reach out.

Email: blog[at]theonly.guide
Website: theonly.guide

We value your concerns and will do our best to work with you to find an appropriate solution. Whether you have questions about your data rights, need clarification about our practices, or want to discuss any privacy-related matter, we’re here to help.