Legal
Privacy Policy
Last updated: May 2026.
Who we are
SteelQueens (steelqueens.com) is operated from Switzerland. Contact: [email protected]. Postal address available on the Impressum.
What personal data we collect
- About visitors: standard server logs (IP address, user agent, requested URL, timestamp) for up to 30 days, used for security and debugging only.
- Newsletter subscribers: email address, processed by Beehiiv (Beehiiv, Inc., USA — Standard Contractual Clauses). You can unsubscribe in one click from any email.
- Pro & product purchasers: name, email, billing country (handled by Lemon Squeezy as merchant of record). We never see card numbers.
- Athlete-portal members: name, email, federation membership claim. Stored only with your explicit consent, deletable on request.
- Correction reports: optional email if you choose to provide one. Used once to confirm the fix, then deleted.
Personal data about athletes featured on the site
SteelQueens publishes biographical and competition data about female bodybuilders. The legal basis is legitimate interest (FADP Art. 31 / GDPR Art. 6(1)(f)) — public figures in a public sport, where the data is voluntarily made public by the athletes themselves, federations, or accredited press. We never publish private contact information, home addresses, or medical history. Athletes can claim their profile at /athlete-portal/ or request edits via /submit-correction/.
Cookies & tracking
We use a Google-certified Consent Management Platform (CookieYes) with TCF 2.2 integration. Cookies fall into:
- Necessary — session, security (always on).
- Analytics — Google Analytics 4. Only loaded after explicit consent.
- Marketing — affiliate-network attribution. Only loaded after explicit consent.
You can revoke consent at any time via the cookie banner footer link. Details on the Cookie Policy.
Embeds (third-party content)
Athlete profiles may embed Instagram posts, YouTube videos, Twitter/X posts, and Getty editorial images via official iframe SDKs. These embeds are loaded directly from the third party once present on the page and may set their own cookies. You can disable them by blocking third-party content in your browser.
Your rights
Under FADP (Switzerland) and GDPR (EU/UK) you have the right to access, correct, restrict, port, and delete personal data we hold about you, and to lodge a complaint with the Swiss FDPIC or your national data protection authority. Email [email protected] for any of these.
Data retention
- Server logs: 30 days.
- Newsletter subscriber email: until you unsubscribe.
- Purchase records: 10 years (Swiss tax law minimum).
- Athlete-portal profile data: until you ask us to delete it.
- Correction-report email: deleted after the fix is published.
Material updates to this policy are announced in the next monthly newsletter and dated above.
Effective Date: April 7, 2026
Last Updated: April 7, 2026
1. Data Controller
SteelQueens
Email: [email protected]
Website: https://steelqueens.com
This Privacy Policy explains how SteelQueens (“we,” “us,” or “our”) collects, uses, stores, and protects your personal data when you visit our website at steelqueens.com (the “Website”). We are committed to compliance with the Swiss Federal Act on Data Protection (FADP/nDSG), the EU General Data Protection Regulation (GDPR), and all applicable data protection legislation.
2. What Data We Collect
2.1 Data Collected Automatically
When you visit the Website, we may automatically collect:
- Usage data: pages visited, time spent on pages, referral source, browser type, device type, operating system, screen resolution, and language preference.
- IP address: collected by our analytics and security services. IP anonymization is enabled where applicable.
- Cookies and similar technologies: see our Cookie Policy for full details.
2.2 Data You Provide Voluntarily
- Newsletter subscription: if you subscribe to our newsletter via Beehiiv, we collect your email address. This data is processed by Beehiiv, Inc. under their privacy policy.
- Contact inquiries: if you contact us via email, we collect your email address and any information you include in your message.
2.3 Data We Do Not Collect
We do not collect sensitive personal data such as health information, biometric data, political opinions, religious beliefs, or trade union membership. We do not require account registration to access the Website.
3. Legal Basis for Processing
We process personal data on the following legal bases:
| Purpose | Legal Basis (FADP) | Legal Basis (GDPR) |
|---|---|---|
| Website functionality and security | Legitimate interest | Art. 6(1)(f) GDPR — Legitimate interest |
| Analytics (Google Analytics 4) | Consent | Art. 6(1)(a) GDPR — Consent |
| Newsletter delivery (Beehiiv) | Consent | Art. 6(1)(a) GDPR — Consent |
| Advertising (Google AdSense) | Consent | Art. 6(1)(a) GDPR — Consent |
| Legal compliance | Legal obligation | Art. 6(1)(c) GDPR — Legal obligation |
4. Third-Party Services
We use the following third-party services that may process your personal data:
4.1 Google Analytics 4 (GA4)
- Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- Purpose: website traffic analysis and usage statistics
- Data processed: anonymized IP address, usage data, device and browser information
- Data location: EU/EEA (Google Ireland); transfers to the US occur under the EU-US Data Privacy Framework
- Retention: 14 months
- Opt-out: you may disable analytics cookies via our cookie consent banner or install the Google Analytics Opt-out Browser Add-on
4.2 Cloudflare
- Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA
- Purpose: content delivery network (CDN), DNS resolution, DDoS protection, and performance optimization
- Data processed: IP address, request headers, browsing data (in transit)
- Data location: global edge network; Cloudflare is certified under the EU-US Data Privacy Framework
- Legal basis: legitimate interest in website security and performance
4.3 Beehiiv (Newsletter)
- Provider: Beehiiv, Inc., USA
- Purpose: newsletter distribution and subscriber management
- Data processed: email address, subscription date, open and click data
- Data location: USA
- Legal basis: consent (you actively subscribe to the newsletter)
- Unsubscribe: every newsletter contains an unsubscribe link. You may also contact us at [email protected].
4.4 Instagram oEmbed
- Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland
- Purpose: embedding public Instagram posts within articles
- Data processed: when an embedded Instagram post loads, Meta may collect your IP address, browser data, and cookies
- Legal basis: legitimate interest in editorial content presentation
- Note: Instagram embeds load only public content via Meta’s official oEmbed API. We do not download or store Instagram images on our servers.
4.5 Google AdSense
- Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- Purpose: display advertising
- Data processed: cookies, device identifiers, IP address, browsing behavior
- Data location: EU/EEA; transfers to the US occur under the EU-US Data Privacy Framework
- Legal basis: consent (managed via our cookie consent banner with TCF 2.2 integration)
- Opt-out: you may manage advertising preferences via our cookie consent banner or at Google Ad Settings
4.6 YouTube Embeds
- Provider: Google Ireland Limited
- Purpose: embedding video content within articles
- Data processed: when an embedded video loads, Google may collect your IP address, browser data, and cookies
- Legal basis: legitimate interest in editorial content presentation
- Note: we use YouTube’s privacy-enhanced mode (youtube-nocookie.com) where possible.
5. International Data Transfers
Your data may be transferred to and processed in countries outside Switzerland and the European Economic Area (EEA), including the United States. Where such transfers occur, we ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework: for transfers to US-based providers certified under the framework (Google, Cloudflare).
- Standard Contractual Clauses (SCCs): where the Data Privacy Framework does not apply, we rely on EU Standard Contractual Clauses approved by the European Commission.
- Swiss-US Data Privacy Framework: for transfers from Switzerland to the US, as recognized by the Swiss Federal Council.
6. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Analytics data (GA4) | 14 months |
| Newsletter subscriber data | Until you unsubscribe, plus 30 days |
| Contact inquiry emails | 12 months after resolution |
| Server logs (Cloudflare/Nginx) | 30 days |
| Cookie consent records | 12 months (then re-consent required) |
7. Your Rights
Under the FADP and GDPR, you have the following rights regarding your personal data:
- Right of access: you may request confirmation of whether we process your personal data and obtain a copy of it.
- Right to rectification: you may request correction of inaccurate personal data.
- Right to erasure (“right to be forgotten”): you may request deletion of your personal data where there is no compelling reason for continued processing.
- Right to restriction of processing: you may request that we restrict processing of your data in certain circumstances.
- Right to data portability: you may request your personal data in a structured, commonly used, machine-readable format.
- Right to object: you may object to processing based on legitimate interest at any time.
- Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at: [email protected]
We will respond to your request within 30 days. We may request verification of your identity before processing your request.
8. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
Swiss Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern
Switzerland
https://www.edoeb.admin.ch
For individuals in the EU/EEA, you may also lodge a complaint with your local data protection authority.
9. Children’s Privacy
The Website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at [email protected] and we will promptly delete it.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this policy periodically. Material changes will be communicated via a notice on the Website.
11. Contact
For any questions or concerns about this Privacy Policy or our data processing practices:
SteelQueens
Email: [email protected]
Website: https://steelqueens.com