Privacy Policy

Last updated: 30th August 2025

1) Who we are (Controller)

Controller: Studioaerith
Email: thestudioaerith@gmail.com
Website: https://www.studioaerith.com
Data Protection Officer: Not required. For privacy requests, contact us by email.

2) Scope

This policy explains how we collect and process personal data when you:

  • visit www.studioaerith.com

  • contact us,

  • subscribe to our newsletter,

  • download free resources,

  • purchase our products/services.

3) Data we collect & why (incl. legal bases, GDPR Art. 6)

Website operation & security (logs)

  • Data: IP address (short-term), timestamps, URLs visited, user agent, referrer.

  • Purpose: provide the site, prevent abuse, ensure security/performance.

  • Legal basis: Art. 6(1)(f) (legitimate interests).

  • Retention: short term in server logs (typically up to ~30 days) unless needed longer for security/incidents.

Analytics (optional)

  • Data: page views, events, device info (aggregated/pseudonymized).

  • Purpose: improve content and user experience.

  • Legal basis: Art. 6(1)(a) (consent via cookie banner).

  • Status: only if you consent; otherwise not loaded.

Contact forms & email

  • Data: name, email, message, and anything you include.

  • Purpose: answer your inquiry; pre-contract steps or customer support.

  • Legal basis: Art. 6(1)(b) (contract/pre-contract) and Art. 6(1)(f) (legitimate interests).

Newsletter

  • Data: email address, consent timestamp; optional first name.

  • Purpose: send news, tips, promotions.

  • Legal basis: Art. 6(1)(a) (consent). Unsubscribe anytime via link in every email.

Orders (digital downloads/services)

  • Data: name, email, billing address (and shipping if physical goods), order details, download/access history, payment status. We do not see or store full card, detailspayments are processed by our providers.

  • Purpose: process your order, deliver digital products, prevent fraud, comply with tax law.

  • Legal basis: Art. 6(1)(b) (contract), Art. 6(1)(c) (legal obligations), and Art. 6(1)(f) (fraud prevention).

Support & account history (if used)

  • Data: correspondence, order ID, technical metadata (e.g., error screenshots).

  • Purpose: provide support, diagnose issues.

  • Legal basis: Art. 6(1)(b)/(f).

Giveaways/free resource delivery

  • Data: email (and any provided fields).

  • Purpose: deliver the requested freebie; marketing only if you consent.

  • Legal basis: Art. 6(1)(b) to deliver; Art. 6(1)(a) for marketing emails.

We do not use automated individual decision-making that produces legal or similarly significant effects (Art. 22 GDPR).

4) Cookies & similar technologies

We use essential cookies (required for security, load balancing, consent storage). Under the German TTDSG, strictly necessary cookies do not require consent.
With your consent, we may use analytics/marketing cookies. Details and choices are in our [Cookie Policy] and via the “Manage cookie preferences” link in the footer.

5) Processors & third parties

We use trusted service providers acting on our instructions (processors) and/or independent controllers. Your data may be processed on their servers.

  • Website hosting & platform: Squarespace

  • Payments: [Stripe / PayPal] (controller for card data)

  • Email/newsletter: [Squarespace Email Campaigns / Mailchimp / ConvertKit]

  • Analytics (if enabled): [Plausible / Google Analytics] (with consent)

International transfers. Where data is transferred outside the EU/EEA (e.g., to the US), we rely on Standard Contractual Clauses and, where needed, supplementary measures.

6) Retention

We keep personal data only as long as necessary for the purposes above, then delete or anonymize it.

  • Enquiries: up to 12 months after last contact.

  • Order/tax records: per statutory retention (generally 6–10 years under applicable law).

  • Newsletter data: until you unsubscribe or we delete inactive contacts.

  • Analytics data: per the tool’s configured retention.

7) Your rights (EU/EEA)

You may have the right to:

  • Access your data (Art. 15),

  • Rectify inaccurate data (Art. 16),

  • Erase (“right to be forgotten”, Art. 17),

  • Restrict processing (Art. 18),

  • Data portability (Art. 20),

  • Object to processing based on our legitimate interests (Art. 21),

  • Withdraw consent at any time (Art. 7(3)) with future effect (e.g., unsubscribe).

You also have the right to lodge a complaint with your local supervisory authority (e.g., Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) or your state authority).

We may ask you to verify your identity before fulfilling a request.

8) Security

We take appropriate technical and organizational measures to protect personal data (encryption in transit, access controls, least-privilege). No method is 100% secure.

9) Children

Our site is not directed to children under 16. If you believe a child provided data, contact us and we’ll delete it.

10) Changes to this policy

We may update this policy from time to time. The latest version is always published here with the “Last updated” date.

11) Contact

For privacy questions or to exercise your rights, email thestudioaerith@gmail.com with the subject “Privacy Request.”