GDPR
GDPR — General Data Protection Regulation
Last updated: April 6, 2026
Comments
Gill’s Studio is committed to protecting your personal data and respecting your privacy. This page explains your rights under the General Data Protection Regulation (GDPR) and how we comply with it as a business operating within the European Union.
If you haven’t already, please also read our full Privacy Policy for detailed information on what data we collect and how we use it.
1. Who Is Responsible for Your Data?
Gill’s Studio is the data controller responsible for your personal data collected through this website.
Contact: 📧 gillsdigitalstudio@gmail.com 🌐 gillsdigitalstudio.com
If you have any questions or concerns about how your data is handled, please contact us directly at the address above.
2. What Data We Collect and Why
We only collect data that is necessary to provide our services and operate our business. This includes:
- Contact information — name and email address when you fill in a contact form or place an order
- Order information — details of products or services purchased
- Communication history — emails and messages exchanged during a project or inquiry
- Technical data — IP address, browser type, and pages visited, collected automatically via analytics tools
- Payment data — processed exclusively and securely by Stripe. We never see or store your card details
We do not collect sensitive personal data such as health information, political opinions, or religious beliefs.
3. Legal Basis for Processing Your Data
Under GDPR we are required to have a valid legal basis for processing your personal data. Depending on the situation we rely on one or more of the following:
- Contract — when processing is necessary to fulfill a service or product you have purchased
- Legitimate interests — when processing is necessary for the normal and secure operation of our business, provided your rights are not overridden
- Legal obligation — when we are required by law to process or retain certain data, such as financial records
- Consent — where you have clearly and freely given us permission to use your data for a specific purpose, such as receiving marketing communications
You may withdraw your consent at any time by contacting us.
4. Your Rights Under GDPR
As a data subject under GDPR you have the following rights. You can exercise any of these at any time by contacting us:
Right of Access
You have the right to request a copy of all personal data we hold about you. We will provide this within 30 days of your request free of charge.
Right to Rectification
If any of the data we hold about you is inaccurate or incomplete, you have the right to request that we correct it without undue delay.
Right to Erasure
Also known as the right to be forgotten. You can request that we delete your personal data where there is no legitimate reason for us to continue holding it. Please note that some data may need to be retained for legal or accounting purposes.
Right to Restriction of Processing
You have the right to request that we limit how we use your data in certain circumstances — for example while a dispute is being resolved.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another service provider where technically feasible.
Right to Object
You have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your rights.
Right Not to Be Subject to Automated Decision-Making
Gill’s Studio does not use automated decision-making or profiling that produces legal or similarly significant effects on you.
Right to Withdraw Consent
Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
5. How to Exercise Your Rights
To exercise any of the rights listed above, please contact me.
Please include your name, email address, and a clear description of your request. We will respond within 30 days. In complex cases we may extend this by a further 60 days — if so, we will notify you within the initial 30-day period.
We will not charge a fee for reasonable requests. However, we reserve the right to charge a reasonable administrative fee for requests that are manifestly unfounded or excessive.
6. How Long We Keep Your Data
We retain personal data only for as long as necessary:
| Type of Data | Retention Period |
|---|---|
| Order & payment records | Minimum 5 years (Slovak tax law) |
| Project files & communication | Up to 2 years after project completion |
| Contact form inquiries (no project) | Up to 12 months |
| Analytics data | Retained in anonymized form |
Once data is no longer needed it is securely and permanently deleted.
7. Data Transfers Outside the EU
Some of our third party service providers — including Stripe — may process data outside of the European Economic Area (EEA). Where this occurs we ensure that appropriate safeguards are in place in accordance with GDPR requirements, such as Standard Contractual Clauses or adequacy decisions recognized by the European Commission.
8. Third Party Processors
We work with a limited number of trusted third party processors who may handle your data on our behalf:
| Processor | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Payment processing | stripe.com/privacy |
| Analytics provider | Website traffic analysis | Dependent on tool used |
| Email provider | Delivering files & communications | Dependent on provider used |
All third party processors are required to process your data only on our instructions and in compliance with GDPR.
9. Cookies and Tracking
This website uses cookies to improve your experience and analyze traffic. You can manage your cookie preferences through your browser settings at any time.
For full details on the cookies we use please refer to our Privacy Policy.
10. Data Security
We take appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or damage. All payment processing is handled by Stripe which is PCI DSS compliant — the highest standard of payment security available.
11. Right to Lodge a Complaint
If you believe your data protection rights have been violated and we have not resolved your concern satisfactorily, you have the right to lodge a complaint with the Slovak data protection supervisory authority:
Úrad na ochranu osobných údajov Slovenskej republiky (Office for Personal Data Protection of the Slovak Republic) 📧 statny.dozor@pdp.gov.sk 🌐 dataprotection.gov.sk 📍 Hraničná 12, 820 07 Bratislava, Slovak Republic
12. Updates to This Page
Gill’s Studio reserves the right to update this GDPR page at any time in response to changes in legislation or our business practices. The most current version will always be available on this page. We encourage you to check back periodically.
13. Contact
For any GDPR related questions or requests please contact us.
We are committed to resolving any concerns promptly and transparently.