pinterest-site-verification=70d12a13c4a05433e0d6404c86d6e774
top of page
SB-Only.png

Privacy Policy

Author:

Soufiane Boudarraja

Date:

February 24, 2026

1. Purpose and Scope

This Privacy Policy explains how Soufiane Boudarraja ("we", "us", "our") collects, uses, shares, and protects personal data when you interact with our ecosystem (the "Ecosystem"). It applies to visitors of our websites, customers purchasing digital products or merchandise, participants in trainings or events, podcast guests and collaborators, and business customers receiving professional services or software.

This Policy is designed to cover the Ecosystem as a whole, so that you can understand data handling across our offerings without needing separate privacy notices for each sub-brand. Where a specific contract (for example, a Data Processing Agreement) applies to a business service, that contract supplements this Policy for that context.

2. Controller and Contact Details

Controller (data controller under the EU General Data Protection Regulation): Soufiane Boudarraja. The full legal entity address and statutory contact details are published in the Impressum / Legal Notice on our website.

We have not appointed a Data Protection Officer (DPO).

For privacy questions or to exercise your rights under this Policy, use our contact page: https://www.soufianeboudarraja.com/contact.

3. Definitions

For clarity, the following terms are used in this Policy:

Ecosystem: Our websites and the services, products, programs, and software we operate under the Soufiane Boudarraja brand and related sub-brands, including consulting services (including Outbound Engine), digital products (including Souf at School), print-on-demand merchandise (including Speak Up), learning and workshops (including Own. Forge. Become.), content platforms (including Insights to Lead and The Unspoken Truths), and related support operations.

Websites: Our domains and subdomains, including soufianeboudarraja.com, soufbouda.com, kaoboudarraja.com, soufiane-boudarraja.com, consultingbysb.com, boudarraja.com, and any other domains we own and operate.

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.

Customer: A person or legal entity that purchases products, books services, or uses our software.

User: Any person who visits our Websites or otherwise interacts with the Ecosystem.

Controller and Processor: Terms used as defined under GDPR. In many contexts we act as Controller; for certain B2B services we may act as Processor on behalf of a Customer (see Section 4).

4. Roles: When We Act as Controller vs Processor

Controller contexts (most interactions): We act as Controller when you browse our Websites, contact us directly, subscribe to updates, purchase digital products or merchandise, participate in our trainings or events, or otherwise interact with the Ecosystem for our own business purposes.

Processor contexts (B2B services): For certain professional services and software delivered to business customers (for example, Outbound Engine and related tooling), we may process personal data on behalf of the business customer. In those cases, the business customer is typically the Controller and is responsible for providing privacy notices to its end users. Our processing in that context is governed by the applicable contract and, where relevant, a Data Processing Agreement (DPA).

5. Personal Data We Process

We process personal data only to the extent necessary for the purposes described in this Policy. Depending on how you interact with the Ecosystem, this may include:

Website and technical data

  • IP address, device and      browser information, language and approximate location derived from IP,      referral URL, pages viewed, and timestamps.

  • Cookie and similar      identifiers depending on your consent choices (see Section 7).

Contact and communications data

  • Name, email address, phone      number, postal address, and the content of messages you send to us (for      example via email or contact forms).

  • Scheduling details when you      book calls or sessions.

Transaction and account data

  • Purchase history, order      identifiers, billing information, and delivery information for physical      merchandise.

  • Digital product delivery      records and proof-of-purchase identifiers used to provide support and      replacement downloads (see Section 11).

Business service and software data (B2B)

  • Business contact data and      professional details provided in the course of contracting, onboarding,      service delivery, or support.

  • Operational data inputs that      you or your organization choose to provide to us for the service.

Community, content, and events

  • Event registration details,      attendance confirmations, and participation information.

  • If you appear as a podcast      guest or collaborator: your name, biography, role, audio/video recordings,      and related communications, subject to your agreement and consent where      required.

Support, security, and compliance data

  • Support tickets,      troubleshooting logs, and service communications.

  • Fraud prevention, security      monitoring, and compliance records where legally required.

6. Purposes and Legal Bases for Processing

We process personal data only when we have a lawful basis under GDPR. The table below summarizes typical purposes, examples, and legal bases. Exact processing depends on your interaction with the Ecosystem.

Purpose

Examples of processing

Legal basis (GDPR)

Provide and operate Websites and core services

Serve pages, ensure functionality, maintain   security, troubleshoot issues.

Art. 6(1)(f) legitimate interests; Art. 6(1)(b)   contract when applicable

Process purchases and deliver products

Process payments, deliver digital downloads,   fulfill print-on-demand orders, handle refunds where applicable.

Art. 6(1)(b) contract; Art. 6(1)(c) legal   obligation (tax/accounting)

Customer support and product replacement

Respond to inquiries, provide technical help,   verify proof of purchase for replacement downloads.

Art. 6(1)(b) contract; Art. 6(1)(f) legitimate   interests

Provide consulting, training, and professional   services

Scope work, deliver services, manage engagement,   provide reports or deliverables.

Art. 6(1)(b) contract; Art. 6(1)(f) legitimate   interests

Communications and relationship management

Respond to messages, schedule calls, send   service-related notices.

Art. 6(1)(b) contract; Art. 6(1)(f) legitimate   interests

Marketing and updates (where you opt in)

Send newsletters or announcements, notify about new   products or content.

Art. 6(1)(a) consent; Art. 6(1)(f) legitimate   interests for limited direct marketing where permitted

Analytics and service improvement

Measure site performance and content engagement,   improve user experience.

Art. 6(1)(a) consent for non-essential tracking;   Art. 6(1)(f) legitimate interests for strictly necessary measurements

Legal compliance and enforcement

Accounting retention, responding to lawful   requests, enforcing our terms.

Art. 6(1)(c) legal obligation; Art. 6(1)(f)   legitimate interests

Podcast and media production (where applicable)

Record, edit, publish episodes; manage releases and   guest agreements.

Art. 6(1)(a) consent and/or Art. 6(1)(b) contract   depending on arrangement

7. Cookies and Similar Technologies

We use cookies and similar technologies to operate our Websites, remember preferences, and, where enabled and permitted, measure and improve performance. Non-essential cookies are used only where you provide consent through our cookie banner or settings.

For a detailed explanation of cookie categories, retention, and controls, please refer to our Cookies Policy.

8. Sharing of Personal Data

We do not sell your personal data. We share personal data only with recipients that are necessary to operate the Ecosystem, deliver services, or meet legal obligations. Typical categories include:

  • Website hosting and      e-commerce platform providers (for example, Wix).

  • Payment processing providers      integrated with our storefront (for example, Wix Payments). We do not      store full payment card details on our systems.

  • Fulfillment partners for      print-on-demand merchandise (for example, Printful) to manufacture and      ship orders.

  • Digital delivery components      integrated with our storefront to deliver downloads securely.

  • Communication and      productivity providers used to operate the business (for example, email,      calendaring/booking, document storage).

  • Analytics and performance      monitoring tools, where enabled and subject to your cookie preferences.

  • Professional advisors (legal,      accounting) and authorities where required by law.

For certain B2B services, additional categories of subprocessors and tooling may apply. These are described in the Third Party Tools and Data Providers Annex and, where applicable, in the relevant service agreement or DPA.

9. International Data Transfers

We are based in Germany (EEA). Some service providers we use may process data outside the EEA, including in the United States. Where personal data is transferred internationally, we apply appropriate safeguards required by GDPR, such as Standard Contractual Clauses (SCCs) and additional technical and organizational measures where appropriate.

10. Security

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Measures include access controls, encryption in transit where supported, and using reputable service providers for payment processing and hosting.

No online system is 100% secure. You should also take reasonable steps to protect your information, including using strong passwords and keeping devices secure.

11. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, then delete or anonymize it unless longer retention is required by law.

  • Website logs and security      data: retained for the period necessary to ensure security and investigate      incidents, then deleted or anonymized.

  • Customer communications:      retained for as long as needed to handle your request and maintain records      of our relationship.

  • Transactions and invoices:      retained to comply with German legal and tax retention obligations.

  • Digital product support      (Token system): for digital purchases, we retain limited proof-of-purchase      identifiers (such as name, email, and order ID) to provide the 24-month      replacement download guarantee described in our Digital Product Support      and Retention Policy.

  • Business services (B2B):      retained in line with the service contract, applicable legal requirements,      and the needs of ongoing support or dispute resolution.

12. Your Rights (GDPR)

If you are in the EEA/UK or otherwise covered by GDPR-like laws, you may have the following rights, subject to legal limitations:

  • Right of access to your      personal data.

  • Right to rectification of      inaccurate or incomplete data.

  • Right to erasure ("right      to be forgotten") in certain circumstances.

  • Right to restriction of      processing in certain circumstances.

  • Right to data portability for      data you provided to us, where applicable.

  • Right to object to processing      based on legitimate interests, including direct marketing.

  • Right to withdraw consent at      any time where processing is based on consent (withdrawal does not affect      legality before withdrawal).

  • Right to lodge a complaint      with a supervisory authority, particularly in your country of habitual      residence, place of work, or place of the alleged infringement.

To exercise your rights, use our contact page: https://www.soufianeboudarraja.com/contact. We may request information to verify your identity before fulfilling a request.

13. Children’s Privacy

Our products may be designed for use with children, but our Websites, storefront, and services are intended to be used by adults (parents, guardians, educators, and business customers). We do not knowingly collect personal data directly from children under 16. If you believe a child has provided personal data to us, use our contact page: https://www.soufianeboudarraja.com/contactand we will take appropriate steps to delete it.

14. Automated Decision-Making

We do not use personal data to make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, the Ecosystem, or our practices. The updated version will be posted on our Websites with a revised "Last updated" date. If changes are material, we may provide additional notice where appropriate.

16. Contact

For questions, requests, or concerns about this Privacy Policy or our handling of personal data, use our contact page: https://www.soufianeboudarraja.com/contact.

For statutory legal entity and address details, see the Impressum / Legal Notice on our website.

bottom of page