PRIVACY POLICY

Last updated: August 31, 2025

1. Introduction

We take the protection of your personal data seriously. This Privacy Policy explains what data we collect, for what purposes, on what legal basis, and which rights you have. “Personal data” means any information relating to an identified or identifiable individual.

When you visit our website, certain technical data is collected automatically (e.g., IP address, access time, pages viewed). Additional data is only processed if you provide it voluntarily (e.g., when placing an order, contacting us) or if you consent to optional features (e.g., embedded social media).

2. Controller

ATELIER ALBA GbR
Represented by:
Katarina Fedora von Studnitz and Christina-Marie Vißing
Breitenfelder Str. 60
20251 Hamburg
Germany

Email: info@atelieralba.de
Imprint: www.atelieralba.de/imprint

3. Legal Bases

  • Art. 6(1)(a) GDPR – Consent

  • Art. 6(1)(b) GDPR – Contract performance or steps prior to entering into a contract

  • Art. 6(1)(f) GDPR – Legitimate interests (e.g., IT security, site functionality)

  • § 25 TDDDG – Device access through cookies/trackers

You may withdraw your consent at any time with future effect using the “Cookie Settings” link in the footer.

4. Hosting / Website Platform

Our website is hosted by Squarespace Ireland Ltd., Dublin (parent company: Squarespace, Inc., USA).

Data processed: IP address, timestamps, browser data, order details (for shop/checkout).
Legal basis: Art. 6(1)(b) and (f) GDPR.
International transfers: safeguarded through the EU–US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCC).

5. Cookies & Consent

  • Essential cookies: required for core features (session, checkout, security).

  • Non-essential cookies: e.g., third-party content such as Instagram embeds.

Legal basis: Art. 6(1)(a) GDPR.
Consent can be withdrawn anytime.

6. Contact & Forms

If you contact us by email or through forms, we process your contact details and inquiry.
Legal basis: Art. 6(1)(b) and (f) GDPR.

To protect forms from misuse, we use Google reCAPTCHA (Google Ireland Ltd., Dublin; parent: Google LLC, USA).

7. Orders & Payments

When placing an order, we process order and payment information.

  • Stripe (Stripe Payments Europe, Dublin; parent: Stripe, Inc., USA)

  • PayPal (PayPal Europe, Luxembourg; parent: PayPal, Inc., USA)

Legal basis: Art. 6(1)(b) GDPR.
Transfers outside the EU are safeguarded by DPF or SCC.

Invoices are processed via Billbee GmbH, Twistetal, Germany under a Data Processing Agreement (Art. 28 GDPR).

8. Embedded Content & Social Media

Our website may include Instagram posts or reels. Loading this content connects you to Meta Platforms Ireland Ltd.(parent: Meta Platforms, Inc., USA).
Legal basis: Art. 6(1)(a) GDPR.

We also maintain social media profiles (e.g., Instagram, Spotify). Data you provide there is subject to each platform’s own privacy policy.

9. Data Retention

We retain personal data only as long as necessary for contractual purposes or as required by law (e.g., tax obligations). Data will then be erased.

10. Your Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21)

  • Right to withdraw consent (Art. 7(3))

You may also lodge a complaint with a supervisory authority (Art. 77 GDPR).

11. Security

We take appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, or disclosure.

12. Updates

We may update this Privacy Policy from time to time. The latest version will always be available on this website.