Privacy Policy

• Summary
  • 1. Introduction
    • 1.1 Objectives of this Policy
    • 1.2 What is GDPR?
    • 1.3 What Information is Collected
  • 2. Contact Information
  • 3. Lawfulness of Processing
    • 3.1 Legal Basis for Processing
    • 3.2 Summary
  • 4. Rights of Concerned Individuals
    • 4.1 Right of Access
    • 4.2 Right to Rectification
    • 4.3 Right to Erasure / Right to Be Forgotten
    • 4.4 Right to Restriction of Processing
    • 4.5 Right to Data Portability
    • 4.6 Right to Object
    • 4.7 Right Not to Be Subject to Automated Decision-Making
    • 4.8 Summary
  • 5. Data Collection
    • 5.1 Information Provided Directly by the User
    • 5.2 Information Automatically Collected
    • 5.3 Information from Third-Party Services
  • 6. Use of Your Personal Data
    • 6.1 Communication and Service
    • 6.2 Service Improvement
    • 6.3 Legal Compliance
  • 7. Sharing of Your Personal Data
    • 7.1 Service Partners
    • 7.2 Legal Requirements
    • 7.3 International Transfers
  • 8. Data Collected
    • 8.1 Cookies
    • 8.2 Consent Management via Real Cookie Banner
    • 8.3 WordPress Comments
    • 8.4 Contact Form 7
    • 8.5 Google reCAPTCHA
    • 8.6 Google Fonts
    • 8.7 Google Maps
    • 8.8 Jetpack Stats
    • 8.9 Jetpack Comments
    • 8.10 Jetpack Notifications
    • 8.11 Jetpack Subscriptions
    • 8.12 WPML
    • 8.13 Vimeo
  • 9. Third-Party Service Providers
    • 9.1 Web Hosting
  • 10. Security Measures
    • 10.1 Technical and Organisational Measures
    • 10.2 Breach Notification Process
    • 10.3 Data Retention Period
  • 11. Changes to Our Privacy Policy
  • 12. Conclusion

Last modified: 2025-08-28

1. Introduction

Welcome to www.graphicatelier.com (hereinafter referred to as the “Site”), a website operated by graphicatelier (hereinafter referred to as “We” or “Our” or “graphicatelier”). If you use this site, you are considered a user (hereinafter referred to as “You” or “Your” or “User”). This privacy policy (hereinafter referred to as the “Policy”) governs how we collect, use, store, and disclose information about you when you use this site. This Policy also applies to information collected by third-party services we use to enhance your experience on the Site (hereinafter referred to as “Third-Party Services”).

1.1 Objectives of this Policy

The objectives of this Policy are to inform you about:

• The types of information we collect
• How we use this information
• With whom we share this information
• Your data protection rights
• Our compliance with applicable data protection regulations

1.2 What is GDPR?

GDPR, or General Data Protection Regulation (2016/679), is a European Union law that came into effect on May 25, 2018. GDPR aims to give EU citizens full control over their personal data and simplify the regulatory framework for international trade by harmonising data protection regulations within the EU. It establishes strict requirements for organisations that collect, process, and store personal data, and provides individuals with enhanced rights regarding their personal information.

1.3 What Information is Collected

We collect various types of information to provide you with our services. This information may include but is not limited to:

• Personal data (name, email address, etc.)
• Browsing data (visited pages, time spent on the site, etc.)
• Technical data (browser type, IP address, etc.)
• Cookie data (preferences, session information, etc.)

The specific information we collect and how we use it is detailed throughout this Policy.

2. Contact Information

If you have any questions or concerns about this Policy or how we handle your data, you can contact the data protection officer of graphicatelier, who is the data controller for your personal information:

• Company Name: graphicatelier
• Address: Wimmerfeld 27, 4492 Hofkirchen, Austria
• Representative Name: Pierre Niel
• Phone Number: +43 650 956 5454
• Email Address: pierre@graphicatelier.com

You also have the right to lodge a complaint with the Austrian Data Protection Authority if you believe that the processing of your personal data infringes the provisions of the GDPR:

• Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
• Address: Barichgasse 40-42, 1030 Vienna, Austria
• Phone: +43 1 52 152-0
• Email: dsb@dsb.gv.at
• Website: https://www.dsb.gv.at/

3. Lawfulness of Processing

In this section, we will explain the legal bases on which we rely for processing your personal data in accordance with the provisions of GDPR.

3.1 Legal Basis for Processing

The processing of your personal data is based on one or more of the following legal bases:

3.1.1 Consent

When you use this Site, you give your consent to the processing of your personal data for specific purposes, as provided in Article 6(1)(a) of GDPR. You have the right to withdraw this consent at any time by contacting us. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

3.1.2 Legitimate Interests

We may process your data when it is necessary for our legitimate interests or those of a third party, provided that these interests do not override your rights and interests, as stipulated in Article 6(1)(f) of GDPR. Before processing data on this basis, we conduct a legitimate interest assessment to ensure a proper balance between our interests and your rights. This assessment considers the nature of the data, the impact on you, and any additional safeguards that might be appropriate.

3.1.3 Contractual Necessity

Processing of your data may be necessary for the performance of a contract to which you are a party or for taking pre-contractual steps at your request, in accordance with Article 6(1)(b) of GDPR. This may include processing data to provide services you have requested or to respond to inquiries.

3.1.4 Legal Obligations

We may process your data when it is necessary to comply with a legal obligation to which we are subject, in accordance with Article 6(1)(c) of GDPR. This includes obligations related to tax laws, accounting regulations, and other legal requirements.

3.1.5 Vital Interests

In rare situations where a person’s life or health is at stake, we may process personal data if it is necessary to safeguard vital interests, in accordance with Article 6(1)(d) of GDPR. This basis is only used in emergency situations where no other legal basis is applicable.

3.1.6 Public Interest

We may also process your personal data when such processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, in accordance with Article 6(1)(e) of GDPR. This basis is rarely used in our context but may apply in specific situations.

3.2 Summary

The lawfulness of processing your personal data by graphicatelier is established on several legal bases, including your consent, our legitimate interests, contractual necessity, legal obligations, safeguarding vital interests, and tasks of public interest. Each data processing activity is aligned with at least one of these legal bases to ensure transparent and appropriate use of your data. When processing is based on legitimate interests, we conduct a balancing test to ensure your rights are respected. For processing activities that may pose a high risk to your rights and freedoms, we conduct Data Protection Impact Assessments as required by Article 35 of GDPR.

4. Rights of Concerned Individuals

As a User, you have certain rights regarding the processing of your personal data. We are committed to respecting these rights and facilitating their exercise, in accordance with the provisions of GDPR.

4.1 Right of Access

According to Article 15 of GDPR, you have the right to obtain confirmation as to whether personal data concerning you is being processed, access this data, and receive additional information about its use. This includes information about the purposes of processing, categories of data concerned, recipients of the data, retention periods, and your rights regarding the data.

4.2 Right to Rectification

Under Article 16 of GDPR, you have the right to request the correction of your personal data if it is inaccurate or incomplete. We will respond to such requests without undue delay, typically within one month.

4.3 Right to Erasure / Right to Be Forgotten

According to Article 17 of GDPR, you have the right to request the deletion of your personal data under certain conditions, especially when such data is no longer necessary for the purposes for which it was collected. This right is not absolute and may be limited by legal obligations or legitimate interests.

4.4 Right to Restriction of Processing

According to Article 18 of GDPR, you can request the restriction of the processing of your personal data in certain circumstances, particularly when you dispute the accuracy of such data, when the processing is unlawful, when we no longer need the data but you require it for legal claims, or when you have objected to processing and verification of legitimate grounds is pending.

4.5 Right to Data Portability

Under Article 20 of GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format and to transmit it to another data controller without hindrance from us. This right applies when processing is based on consent or a contract and is carried out by automated means.

4.6 Right to Object

According to Article 21 of GDPR, you have the right to object to the processing of your personal data in certain situations, especially when such processing is based on our legitimate interests or when your data is used for direct marketing purposes. When you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims.

4.7 Right Not to Be Subject to Automated Decision-Making

Under Article 22 of GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, when it has legal effects on you or significantly affects you. This right ensures that significant decisions about you involve human assessment. We do not currently make any automated decisions with legal or similarly significant effects.

4.8 Summary

You have various rights related to your data: the right of access, the right of rectification, the right to erasure, the right to restriction of processing, the right to data portability, the right to object, and the right not to be subject to automated decision-making. If you wish to exercise any of these rights, please contact us using the information provided in the “Contact Information” section. We will respond to your request without undue delay and at the latest within one month, unless the request is particularly complex or we have received numerous requests, in which case we may extend the response period by up to two additional months. If we extend the response period, we will inform you within one month of receiving your request.

5. Data Collection

When you use our Site, various categories of information may be gathered to provide you with an optimal user experience, in line with our service objectives. This data collection is carried out in compliance with GDPR.

5.1 Information Provided Directly by the User

When you browse the Site or use certain of our services, you have the option to provide us with data such as your name, email address, phone number, and more. This data collection is done with your consent and is necessary to provide you with our services, in accordance with Article 6(1)(a) of GDPR. Examples of when you might provide this information include:

• When filling out contact forms
• When subscribing to newsletters
• When posting comments on articles
• When participating in surveys or contests

5.2 Information Automatically Collected

When you visit the Site, certain information may be automatically collected, such as your IP address, browser details, operating system, and more. This automatic information collection is aimed at analyzing and improving the quality of our services, in accordance with Article 6(1)(f) of GDPR based on legitimate interest. The automatically collected information includes:

• IP address and approximate location derived from it
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Referring website
• Pages visited and time spent on each page
• Actions taken on the Site
• Date and time of visit

5.3 Information from Third-Party Services

We may also receive information about you from Third-Party Services we use to enhance our Site and services. This information is collected to better understand our users and improve our Site, in accordance with Article 6(1)(f) of GDPR based on legitimate interest. These Third-Party Services may include:

• Analytics providers (e.g., Jetpack Stats)
• Social media platforms (if you interact with our content on these platforms)
• Content embedding services (e.g., Vimeo)
• Security services (e.g., Google reCAPTCHA)

For detailed information about each Third-Party Service and the data they collect, please refer to the “Data Collected” section.

If you have questions regarding the collection of your personal data, please refer to the “Contact Information” section.

6. Use of Your Personal Data

The personal data we collect is used for various purposes, always in strict compliance with applicable laws. Each use is governed by the GDPR to ensure the absolute respect of your rights.

6.1 Communication and Service

We process your data, such as your email address, to communicate with you, keep you informed of our service updates, or respond to your requests. This use arises from our contractual obligation to provide you with the service for which you have registered, in accordance with Article 6(1)(b) of GDPR. Specific communication and service purposes include:

• Responding to inquiries submitted through contact forms
• Providing the information or services you have requested
• Managing your account if you have created one
• Sending administrative notices, such as service updates or security alerts

6.2 Service Improvement

Automatically collected information, such as those related to your browser or operating system, helps us understand how users interact with our Site. This understanding allows us to enhance our services to better meet your needs, in accordance with Article 6(1)(f) of GDPR regarding legitimate interest. Service improvement purposes include:

• Analyzing site usage to identify popular features and content
• Detecting and resolving technical issues
• Improving site navigation and user experience
• Developing new features based on user behavior and feedback
• Ensuring the security and stability of our services

6.3 Legal Compliance

We may also use your data to comply with our legal obligations, for example, to respond to a request from a judicial authority or to maintain required business records, in accordance with Article 6(1)(c) of GDPR. Legal compliance purposes include:

• Maintaining business records as required by law
• Complying with tax and accounting obligations
• Responding to legal requests and court orders
• Investigating and preventing fraudulent activities or other illegal actions
• Protecting our legal rights and interests

If you have questions regarding the use of your personal data, please refer to the “Contact Information” section.

7. Sharing of Your Personal Data

We attach great importance to the privacy of your data. However, in certain situations, it may be necessary to share your personal data. Each sharing is strictly regulated by GDPR, ensuring the highest protection of your information.

7.1 Service Partners

We may share your data with third-party partners who assist us in operating the Site, providing our services, or processing transactions on our behalf. These third parties are required to process this data in accordance with the law and in compliance with our commitment to protecting your privacy, in alignment with Article 28 of GDPR. We only share the minimum amount of data necessary for these partners to perform their functions. Our service partners include:

• Web hosting providers
• IT service providers
• Analytics services
• Security and fraud prevention services
• Customer support tools

We have agreements in place with each service partner that require them to protect your data and only use it for the specific purposes we have authorised.

7.2 Legal Requirements

We may be obligated to disclose your data if required by law, when we believe such disclosure is necessary to protect our rights, the safety of others, or to respond to a judicial or governmental request, in accordance with Article 6(1)(c) of GDPR. This may include:

• Responding to court orders or legal processes
• Complying with regulatory requirements
• Protecting against fraudulent, abusive, or unlawful activity
• Safeguarding our rights, property, or safety, or the rights, property, or safety of others

When disclosing data for legal reasons, we strive to provide only the information that is required by the specific legal request or obligation.

7.3 International Transfers

If we need to transfer your data outside of the European Economic Area (EEA), we ensure that these transfers comply with the requirements of the GDPR, thus ensuring adequate protection of your data, in accordance with Chapter V of GDPR. This includes implementing appropriate safeguards such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs) for transfers within a corporate group
• Certification mechanisms approved by the relevant supervisory authorities
• Transfer Impact Assessments to evaluate the level of protection in the recipient country
• Supplementary measures as necessary to ensure an adequate level of protection

We continuously monitor legal developments regarding international data transfers and update our practices accordingly.

7.3.1 EU-US Data Privacy Framework

The EU-US Data Privacy Framework (DPF) is a mechanism designed to enable the transfer of personal data from the European Union to participating organisations in the United States. It replaced the previous EU-US Privacy Shield, which was invalidated by the Court of Justice of the European Union in the “Schrems II” decision in July 2020.

The DPF became operational in July 2023 following a European Commission adequacy decision, which determined that the framework provides an adequate level of protection for personal data transferred from the EU to participating US organisations. This framework requires participating companies to commit to a set of privacy principles and is subject to oversight by US authorities.

According to Article 45 of GDPR, the transfer of personal data to a third country such as the United States is permitted if the European Commission has determined that the country ensures an adequate level of protection.

Some of our service providers may participate in the EU-US Data Privacy Framework. You can verify an organisation’s participation status on the official Data Privacy Framework website.

Despite the existence of the DPF, we continue to implement additional safeguards for international transfers, such as Standard Contractual Clauses, to provide enhanced protection for your data.

If you have any questions regarding the sharing of your personal data, please refer to the “Contact Information” section.

8. Data Collected

Our Site uses various technologies to collect and store information when you visit it. This may include the use of cookies or similar technologies to identify your browser or device.

8.1 Cookies

8.1.1 What Are Cookies?

Cookies are small text files that websites place on your device to store information about your preferences, enhance site functionality, and collect analytics data. When you consent, these files are stored on your device to distinguish users of the Site and remember certain information about your visit.

8.1.2 Purpose of Cookies

Cookies serve several important functions on websites:

• Essential cookies: Required for the website to function properly. They enable basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
• Functional cookies: Help to enhance the functionality and personalisation of the website. They may be set by us or by third-party providers whose services we have added to our pages.
• Statistics cookies: Help website owners understand how visitors interact with websites by collecting and reporting information anonymously.
• Marketing cookies: Used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.

8.1.3 How Cookies Are Regulated

The use of cookies is primarily regulated by two key pieces of legislation in the European Union:

• The General Data Protection Regulation (GDPR): GDPR applies when cookies collect personal data, requiring a lawful basis for processing such data.
• The ePrivacy Directive: This directive, often referred to as the “Cookie Law,” specifically regulates the use of cookies and similar technologies. It requires websites to obtain user consent before storing or accessing information on a user’s device, with certain exceptions for strictly necessary cookies.

According to these regulations:

• Essential cookies do not require consent as they are strictly necessary for the website to function.
• All other types of cookies (functional, statistics, marketing) require explicit, informed consent from users before they can be placed on their devices.
• Users must be able to withdraw their consent as easily as they gave it.
• Websites must provide clear and comprehensive information about the cookies they use.

8.1.4 How to Manage Cookies

You have several options for managing cookies:

• Through our consent management tool: We use Real Cookie Banner to allow you to customise your cookie preferences. You can access this tool by clicking on the cookie settings button in the footer of our website.
• Browser settings: Most browsers allow you to refuse to accept cookies and to delete cookies already stored. The methods for doing so vary from browser to browser, and from version to version.

Here’s how to manage cookies in common browsers:

• Google Chrome:
  1. Click the three dots in the upper right corner
  2. Select “Settings”
  3. Under “Privacy and security,” click “Cookies and other site data”
  4. Adjust your cookie preferences

  Google Chrome Official Documentation

• Mozilla Firefox:
  1. Click the menu button (three lines) in the upper right corner
  2. Select “Settings”
  3. Select “Privacy & Security” from the left menu
  4. Under “Cookies and Site Data,” adjust your preferences

  Firefox Official Documentation

• Safari:
  1. Click “Safari” in the menu bar
  2. Select “Preferences”
  3. Click the “Privacy” tab
  4. Adjust your cookie preferences

  Safari Official Documentation

• Microsoft Edge:
  1. Click the three dots in the upper right corner
  2. Select “Settings”
  3. Click “Cookies and site permissions”
  4. Adjust your cookie settings

  Microsoft Edge Official Documentation

Browser Extensions for Privacy: There are various browser extensions that can help you manage cookies and enhance your privacy online:

• Privacy Badger: Automatically learns to block invisible trackers
• Ghostery: Blocks ads, stops trackers, and speeds up websites
• Adblock Plus: Blocks annoying ads and tracking
• uBlock Origin: An efficient blocker for various browsers

Please note that blocking all cookies will have a negative impact on the usability of many websites. If you block cookies, you may not be able to use all the features on our website.

8.1.5 Types of Cookies

Cookies come in different types, classified by their origin, function, and lifespan:

• First-party cookies: Issued by the site you visit. They are often necessary for the proper functioning of the site, such as maintaining your session active during your visit.
• Third-party cookies: Issued by domains other than the site you visit, such as external analytics tools or social media sharing buttons.
• Session cookies: Temporary, they are only stored for the duration of your browsing session and disappear when you close your browser.
• Persistent cookies: Stored on your device for a specified period, even after you close your browser. They are used, for example, to remember user preferences across multiple sessions.

8.1.6 Legal Basis for Using Cookies

The legal basis for using cookies depends on the type of cookie:

• Essential cookies: The legal basis is Article 6(1)(f) of GDPR (legitimate interest) as these cookies are necessary for the proper functioning of the website. They are exempt from the consent requirement under the ePrivacy Directive.
• Functional, Statistics, and Marketing cookies: The legal basis is Article 6(1)(a) of GDPR (consent). Under the ePrivacy Directive, these cookies require prior informed consent from users.

8.1.7 In Summary

Cookies are small text files that help websites function properly and provide a better user experience. Different types of cookies serve different purposes, from essential website functions to personalisation and analytics. While essential cookies do not require consent, all other types do. You can manage your cookie preferences through our consent management tool or your browser settings. Blocking cookies may impact your ability to use certain features of our website.

8.2 Consent Management via Real Cookie Banner

8.2.1 Definition and Provider

Real Cookie Banner is a WordPress plugin that helps website owners manage cookie consent in compliance with GDPR and ePrivacy regulations. It provides a customisable cookie banner, detailed consent records, and tools for managing cookie settings. The plugin is developed by devowl.io GmbH, located at Tannet 12, 94539 Grafling, Germany, and can be contacted via email at support@devowl.io. For more information, you can visit their legal notice page or product processing information.

8.2.2 Purpose

We use Real Cookie Banner on our website to ensure legal compliance with cookie consent regulations while providing you with a transparent and user-friendly way to manage your privacy preferences. The tool helps us obtain, record, and manage your consent for different types of cookies and similar technologies used on our website, as required by GDPR and the ePrivacy Directive.

8.2.3 Categories of Personal Data Processed

Real Cookie Banner processes the following personal data to manage cookie consent:

• Your consent choices (accepted or declined cookies/services)
• Timestamp of when consent was given
• A unique identifier for your consent (UUID)
• Browser type and version
• IP address (anonymized)
• Language preferences
• Operating system information
• Referrer URL (which page you were on when consent was given)

8.2.4 Cookies and Local Storage

Real Cookie Banner uses several cookies to manage your consent preferences:

Cookie Name	Host	Example Value	Purpose	Persistence
real_cookie_banner*	graphicatelier.com	1695556215%3A6679e4d8-f483-4d79-b60c-[hash]	Stores the Universally Unique Identifier (UUID) allocated to the consent given by the visitor.	1 year
real_cookie_banner-*-tcf	graphicatelier.com	COtybnMOpzYcSABABAENAk-AAAqyAAA	Stores consent given via the Transparency & Consent Framework (TCF).	1 year
real_cookie_banner-test	graphicatelier.com	a3d2e4f5b679c8d9e01f2g3h4i567890	Used to test whether HTTP cookies can be set. It will be deleted immediately after the test.	Session
real_cookie_banner-*-blog	graphicatelier.com	1	Stores the consent status for a specific WordPress blog in a multisite network.	1 year

8.2.5 External Data Loading and International Transfers

Real Cookie Banner is hosted directly on our web server and does not transmit your personal data to external servers by default. All consent data is stored locally in our database. No data is transferred outside the European Economic Area (EEA) by the plugin itself. However, if you consent to third-party services through the banner, those services may transfer data internationally according to their own privacy policies.

8.2.6 Data Retention

Consent records are stored for a period of 12 months from the date consent was given, or until you withdraw your consent. This retention period is necessary to comply with legal requirements for proof of consent. After this period, or upon withdrawal of consent, the data is anonymized or deleted in accordance with our data retention policy.

8.2.7 How to Withdraw or Object Consent

You can manage your cookie preferences at any time through our website:

• Using the Cookie Banner: Click on the “Cookie Settings” button in the footer of our website to open the consent management tool. Here, you can adjust your preferences for different cookie categories.
• Withdrawing Consent: In the Cookie Settings interface, you can withdraw your consent by deselecting the previously accepted cookie categories and saving your preferences.
• Browser Settings: You can also clear cookies stored by our website through your browser settings as described in the Cookie Management section.

Please note that essential cookies, which are necessary for the basic functionality of the website, cannot be declined.

8.2.8 Legal Basis

The processing of personal data in this context is based on:

• Article 6(1)(c) of the GDPR (legal obligation) as we are legally required to obtain and store your consent for certain types of cookies under the ePrivacy Directive.
• Article 6(1)(f) of the GDPR (legitimate interest) in managing cookies and similar technologies, as well as associated consents.

Providing this personal data is not contractually required, but it is necessary for us to comply with legal obligations regarding cookie consent management.

8.2.9 Contact and Documentation

For more information about Real Cookie Banner’s data processing practices, you can visit their data processing documentation. If you have specific questions about the plugin, you can contact the developer at support@devowl.io or visit their product page.

8.2.10 In Summary

Real Cookie Banner is a consent management tool that helps us comply with privacy regulations while giving you control over your cookie preferences. It stores your consent choices using cookies and keeps records of your consent for legal compliance purposes. You can manage your preferences at any time through the Cookie Settings button on our website.

8.3 WordPress Comments

8.3.1 Definition and Provider

WordPress Comments is a native feature of WordPress that allows users to leave comments on published articles. It provides a platform for interaction between readers and content authors, as well as among readers themselves. As this is a core feature of WordPress, it is self-hosted on our website and no external third party receives the comment data by default. WordPress is developed by Automattic Inc., but the comments feature operates entirely within our website’s infrastructure.

8.3.2 Purpose

The purpose of WordPress Comments is to facilitate open discussion and encourage feedback on our published content. It helps enhance community engagement, allows readers to share their thoughts and questions, and provides valuable insights to us as content creators. The comment system also helps create a more interactive and engaging experience for all visitors to our website.

8.3.3 Categories of Personal Data Processed

When you leave a comment on our website, the following personal data may be collected:

• Name (as entered in the comment form)
• Email address (not published publicly)
• Website URL (if provided, optional)
• IP address
• Browser user agent string (identifies your browser and operating system)
• The content of your comment
• Time and date of submission

This data helps us manage comments and identify and prevent spam or abusive comments.

8.3.4 Cookies and Local Storage

WordPress Comments uses cookies to enhance the commenting experience by remembering your information for future comments:

Cookie Name	Host	Example Value	Purpose	Persistence
comment_author_[hash]	graphicatelier.com	JohnDoe	Stores the name you enter in the comment form to prefill it on subsequent visits.	1 year
comment_author_email_[hash]	graphicatelier.com	john.doe@example.com	Stores the email address you enter in the comment form to prefill it on subsequent visits.	1 year
comment_author_url_[hash]	graphicatelier.com	http://example.com	Stores the website URL you enter in the comment form to prefill it on subsequent visits.	1 year

The [hash] part of the cookie name is a unique identifier based on the website’s URL.

8.3.5 External Data Loading and International Transfers

WordPress Comments is a self-hosted feature and does not by default send your comment data to external servers. All comment data is stored in our website’s database, which is hosted by our web hosting provider as described in the Web Hosting section.

However, if you have provided a Gravatar-linked email address, your browser may make a request to Gravatar (a service of Automattic Inc.) to fetch your profile picture. This request includes your email address in hashed form. Automattic’s servers may be located outside the EEA, primarily in the United States. For more information about how Gravatar processes data, please refer to Automattic’s Privacy Policy.

8.3.6 Data Retention

Comments and their associated metadata are retained indefinitely on our website. This allows us to recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if applicable), we also store the personal information they provide in their user profile indefinitely. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

8.3.7 How to Withdraw or Object Consent

You have several options to manage your comment data:

• Request Deletion: You can request deletion of your comments by contacting us with the specific details of the comment(s) you wish to have removed.
• Manage Cookies: To prevent WordPress from storing cookies related to the comment form, you can clear or block cookies through your browser settings as described in the Cookie Management section.
• Anonymous Commenting: If you prefer not to provide personal information, you can comment anonymously by entering a pseudonym instead of your real name.

Please note that deleting a comment may affect the context and flow of the discussion thread it was part of.

8.3.8 Legal Basis

The processing of personal data through WordPress Comments is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – By submitting a comment, you consent to the processing of the personal data you provide.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in facilitating discussions on our content and protecting our website from spam and abusive comments.

For the use of comment-related cookies, the legal basis is also your consent in accordance with the ePrivacy Directive.

8.3.9 Contact and Documentation

Since WordPress Comments is a core feature of our website, you can direct any questions or requests regarding your comment data to us using the contact information provided in the Contact Information section.

For more information about WordPress’s general data handling practices, you can visit the WordPress Privacy Policy.

8.3.10 In Summary

WordPress Comments is a self-hosted feature that allows users to engage in discussions on our website content. When you comment, we collect information such as your name, email, and comment content. This data is stored on our server and used to facilitate discussions and prevent spam. You can request deletion of your comments by contacting us directly, and you can manage comment-related cookies through your browser settings.

8.4 Contact Form 7

8.4.1 Definition and Provider

Contact Form 7 is a popular WordPress plugin that enables the creation and management of contact forms on websites. It allows for the collection and processing of user-submitted data through customisable forms. Contact Form 7 is developed by Takayuki Miyoshi, but it is self-hosted on our website, meaning that the plugin developer does not receive form submissions by default. All form data is processed and stored within our website’s infrastructure.

8.4.2 Purpose

The primary purpose of Contact Form 7 on our website is to provide you with a convenient and efficient means to communicate with us. The contact forms allow you to submit inquiries, feedback, requests for information, or other messages directly through our website without having to use external communication tools. This helps us respond to your needs more effectively and improve our services based on your feedback.

8.4.3 Categories of Personal Data Processed

When you submit a form through Contact Form 7 on our website, the following types of personal data may be collected, depending on the specific form fields:

• Name (first name, last name)
• Email address
• Phone number (if requested)
• Message content
• Subject line
• Any other information you voluntarily provide in the form fields

Additionally, the following technical data may be automatically collected:

• IP address
• Date and time of form submission
• Browser user agent
• Referring URL

8.4.4 Cookies and Local Storage

Contact Form 7 itself does not set any cookies in our current configuration:

Cookie Name	Host	Example Value	Purpose	Persistence
—	—	—	No cookies are set by Contact Form 7 in our implementation	—

While Contact Form 7 itself does not set cookies, other features integrated with the form (such as reCAPTCHA for spam protection) may set cookies as described in their respective sections.

8.4.5 External Data Loading and International Transfers

Contact Form 7 is a self-hosted plugin, and in our basic implementation, form submissions are processed entirely on our server. The data you submit through the contact form is sent to our email address and/or stored in our website’s database, which is hosted by our web hosting provider as described in the Web Hosting section.

No data is transferred outside the European Economic Area (EEA) by the Contact Form 7 plugin itself. However, if we use additional services with Contact Form 7 (such as integration with email marketing services), those services may involve international data transfers according to their own privacy policies.

8.4.6 Data Retention

Data submitted through Contact Form 7 is retained in our email system and/or database for as long as necessary to respond to your inquiry and maintain a record of our communication. Generally, we retain form submissions for up to 3 years, after which they are securely deleted unless there is a legitimate business or legal reason to retain them longer (such as ongoing business relationships or legal obligations).

If your submission includes personal data related to a contract or service we provide, we may retain this information for the duration of our business relationship plus any applicable statutory retention periods.

8.4.7 How to Withdraw or Object Consent

If you have submitted information through our contact form and wish to have it modified, deleted, or have questions about how we process it, you have several options:

• Contact Us: You can contact us directly to request access to, correction, or deletion of your personal data submitted through the form.
• Data Subject Rights: You can exercise your rights as outlined in the Rights of Concerned Individuals section, including the right to access, rectify, or erase your personal data.
• Avoid Form Submission: If you prefer not to submit your data through our contact form, you can use alternative contact methods provided in the Contact Information section, such as direct email or phone.

8.4.8 Legal Basis

The processing of personal data through our contact forms is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – By submitting the contact form, you consent to the processing of the personal data you provide for the purpose of responding to your inquiry.
• Article 6(1)(b) of GDPR (contract) – If your inquiry relates to a potential or existing contractual relationship, processing may be necessary for taking steps at your request prior to entering into a contract or for the performance of an existing contract.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in responding to your inquiries and maintaining records of our communications for business purposes.

8.4.9 Contact and Documentation

Since Contact Form 7 is a self-hosted plugin on our website, you can direct any questions about how we handle form submissions to us using the contact information provided in the Contact Information section.

For information about the Contact Form 7 plugin itself, you can visit the developer’s website.

8.4.10 In Summary

Contact Form 7 enables you to communicate with us through forms on our website. When you submit a form, we collect the information you provide (such as your name, email, and message) to respond to your inquiry. This data is processed on our server and is not shared with third parties unless specifically stated. You can request access to or deletion of your submitted data by contacting us directly.

8.5 Google reCAPTCHA

8.5.1 Definition and Provider

Google reCAPTCHA is a security service developed and provided by Google that helps protect websites from spam and abuse. It uses advanced risk analysis techniques to distinguish between human users and automated bots. The service is provided by Google Ireland Limited, with its European headquarters at Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

For more information about Google’s privacy practices, you can visit their Privacy Policy or use their Data Subject Request form.

8.5.2 Purpose

We implement Google reCAPTCHA on our website to protect our forms from spam submissions and automated abuse. This helps ensure that interactions with our website come from legitimate human users rather than bots or automated scripts. By filtering out automated spam submissions, reCAPTCHA helps maintain the integrity of our website, protect our users, and improve the overall user experience by allowing us to focus on genuine inquiries and interactions.

8.5.3 Categories of Personal Data Processed

Google reCAPTCHA collects and processes various types of data to determine whether a user is human or a bot:

• IP address
• Browser type and version
• Operating system
• Cookies
• Mouse movements and clicks
• Time spent on the website
• Language settings
• Date
• Screen size and resolution
• Browser plugins installed
• JavaScript objects

If you are logged into your Google account while using our website, Google may also associate your behavior with your account.

8.5.4 Cookies and Local Storage

Google reCAPTCHA uses various cookies to function effectively:

Cookie Name	Host	Example Value	Purpose	Persistence
_grecaptcha	.google.com	AQzOHyfRgRjYU1-2f	Used to distinguish between humans and bots	Session
CONSENT	.google.com	YES+XX.XX.XX+V10+PS	Stores user consent preferences	18 years
NID	.google.com	204=h5tGAXXXXXX	Contains a unique ID to remember user preferences	6 months
1P_JAR	.google.com	2023-08-28-13	Used for gathering website statistics and tracking conversion rates	1 month
SIDCC	.google.com	AJ1XXXXXXXXX	Security cookie to protect user data from unauthorized access	1 year
__Secure-3PSID	.google.com	QAg-XXXXXXXXX	Used for targeting purposes to build a profile of the website visitor’s interests	2 years
__Secure-3PAPISID	.google.com	XXXXXXXXXXXXXX	Used for targeting purposes to build a profile of the website visitor’s interests	2 years

8.5.5 External Data Loading and International Transfers

When Google reCAPTCHA is implemented on our website, data is transmitted to Google’s servers, which may be located outside the European Economic Area (EEA), including in the United States. Google processes this data to evaluate whether the interaction with our website is by a human or an automated system.

For transfers of data to the United States, Google LLC participates in the EU-US Data Privacy Framework, which provides an adequate level of protection for personal data according to the European Commission’s adequacy decision.

Additionally, Google has implemented Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Article 46, paragraphs 2 and 3 of the GDPR. These SCCs provide appropriate safeguards for international data transfers.

We have conducted a Transfer Impact Assessment (TIA) to evaluate the level of data protection in the recipient country and have implemented supplementary measures where necessary to ensure adequate protection of your data.

8.5.6 Data Retention

Google retains data collected through reCAPTCHA in accordance with its own data retention policies. According to Google’s privacy policy, the retention period varies depending on the specific type of data, the purpose for which it is used, and legal or operational retention needs. For specific information about Google’s data retention practices, please refer to the Google Privacy Policy.

8.5.7 How to Withdraw or Object Consent

Google reCAPTCHA is an important security feature that helps protect our website from spam and abuse. However, if you wish to limit your interaction with reCAPTCHA, you have several options:

• Cookie Settings: You can manage your cookie preferences through our cookie banner by clicking on the “Cookie Settings” button in the footer of our website. In the preferences center, you can disable the “Functional” category, which includes Google reCAPTCHA. Please note that this may affect your ability to use certain forms on our website.
• Browser Settings: You can block or delete cookies related to Google reCAPTCHA through your browser settings. Instructions for managing cookies in different browsers are provided in the Cookie Management section.
• Privacy-Enhancing Browser Extensions: You can use browser extensions that enhance privacy by blocking trackers:
  • Privacy Badger
  • Ghostery
  • Adblock Plus
  • uBlock Origin
• Alternative Contact Methods: If you prefer to avoid reCAPTCHA completely, you can use alternative methods to contact us, such as direct email or phone, as provided in the Contact Information section.

Please note that disabling reCAPTCHA may require you to complete more challenging verification steps when submitting forms on our website, as we need to ensure that submissions are from legitimate users.

8.5.8 Legal Basis

The use of Google reCAPTCHA on our website is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – We obtain your consent through our cookie banner before implementing non-essential cookies, including those used by reCAPTCHA.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in protecting our website from spam, automated form submissions, and other malicious activities that could compromise the security and functionality of our site.

For the use of cookies and similar technologies, we also comply with the ePrivacy Directive, which requires obtaining user consent for non-essential cookies.

8.5.9 Contact and Documentation

For more information about Google reCAPTCHA and how Google processes your data, you can visit:

• Google Privacy Policy
• Google Terms of Service
• About Google reCAPTCHA

If you have questions about your data rights or wish to submit a data subject request to Google, you can use their Data Subject Request form or contact their Data Protection Officer at data-protection-office@google.com.

For questions specific to our implementation of reCAPTCHA, please contact us using the information provided in the Contact Information section.

8.5.10 In Summary

Google reCAPTCHA is a security service we use to protect our website from spam and automated abuse. It collects data about your browsing behavior and device to determine whether you are a human or a bot. This data may be transferred to Google’s servers, including those outside the EEA. You can manage your interaction with reCAPTCHA through our cookie banner or your browser settings, though disabling it may affect your ability to use certain features of our website.

8.6 Google Fonts

8.6.1 Definition and Provider

Google Fonts is a library of free, licensed font families provided by Google that can be integrated into websites to enhance their visual appearance and typography. The service is provided by Google Ireland Limited, with its European headquarters at Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can learn more about Google’s privacy practices by visiting their Privacy Policy or contacting them through their Data Subject Request form.

8.6.2 Purpose

We use Google Fonts on our website to enhance the visual presentation and readability of our content. This service allows us to use a wide variety of professionally designed typefaces that may not be available on all user devices by default. By using Google Fonts, we can ensure consistent typography across different platforms and devices, improving the overall user experience and aesthetic appeal of our website.

8.6.3 Categories of Personal Data Processed

When you visit our website with Google Fonts implemented, the following data may be transmitted to Google:

• IP address
• Browser type and version
• Operating system
• Screen resolution
• Language preferences
• URL of the page on our website that you are visiting
• Date and time of your visit
• Referrer URL (the website you visited before coming to our site)

This data is necessary for Google to provide the requested fonts and to optimize the service based on user needs and technical requirements.

8.6.4 Cookies and Local Storage

Google Fonts itself does not set cookies in our implementation:

Cookie Name	Host	Example Value	Purpose	Persistence
—	—	—	No cookies are set by Google Fonts in our implementation	—

While Google Fonts itself does not set cookies, it’s important to note that your browser may cache the font files locally to improve loading times on subsequent visits to websites using the same fonts.

8.6.5 External Data Loading and International Transfers

When Google Fonts is implemented on our website, your browser sends a request to Google’s servers to download the necessary font files. This request includes some of the data mentioned in the “Categories of Personal Data Processed” section. Google’s servers may be located outside the European Economic Area (EEA), including in the United States.

For transfers of data to the United States, Google LLC participates in the EU-US Data Privacy Framework, which provides an adequate level of protection for personal data according to the European Commission’s adequacy decision.

Additionally, Google has implemented Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Article 46, paragraphs 2 and 3 of the GDPR. These SCCs provide appropriate safeguards for international data transfers.

We have conducted a Transfer Impact Assessment (TIA) to evaluate the level of data protection in the recipient country and have implemented supplementary measures where necessary to ensure adequate protection of your data.

8.6.6 Data Retention

Google retains server logs that include the data transmitted when users request Google Fonts. According to Google’s privacy policy, these logs are typically stored for a limited period, after which they are either deleted or anonymized. For specific information about Google’s data retention practices, please refer to the Google Privacy Policy.

8.6.7 How to Withdraw or Object Consent

If you wish to prevent the loading of Google Fonts on our website, you have several options:

• Cookie Settings: You can manage your preferences through our cookie banner by clicking on the “Cookie Settings” button in the footer of our website. In the preferences center, you can disable the “Functional” category, which includes Google Fonts. Please note that this may affect the visual appearance of our website.
• Browser Settings: You can configure your browser to block requests to Google’s domains. Instructions for managing site permissions in different browsers:
  • Chrome
  • Firefox
  • Safari
  • Microsoft Edge
• Browser Extensions: You can use content-blocking extensions that prevent connections to Google’s servers:
  • uBlock Origin
  • Privacy Badger
  • Ghostery
• Offline Fonts: You can install fonts locally on your device and configure your browser to use your local fonts instead of web fonts.

Please note that blocking Google Fonts may affect the visual appearance of our website and potentially impact your user experience.

8.6.8 Legal Basis

The use of Google Fonts on our website is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – We obtain your consent through our cookie banner before implementing non-essential features, including Google Fonts.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in enhancing the visual appearance and readability of our website to provide a better user experience.

For the use of cookies and similar technologies, we also comply with the ePrivacy Directive, which requires obtaining user consent for non-essential cookies.

8.6.9 Contact and Documentation

For more information about Google Fonts and how Google processes your data, you can visit:

• Google Privacy Policy
• Google Fonts FAQ
• About Google Fonts

If you have questions about your data rights or wish to submit a data subject request to Google, you can use their Data Subject Request form or contact their Data Protection Officer at data-protection-office@google.com.

For questions specific to our implementation of Google Fonts, please contact us using the information provided in the Contact Information section.

8.6.10 In Summary

Google Fonts is a service we use to enhance the typography and visual appearance of our website. When you visit our site, your browser sends a request to Google’s servers to download the necessary font files, which may include sending certain technical data such as your IP address. You can prevent the loading of Google Fonts through our cookie banner or by using browser settings and extensions, though this may affect the visual appearance of our website.

8.7 Google Maps

8.7.1 Definition and Provider

Google Maps is an online mapping service that provides interactive maps, satellite imagery, street views, and route planning capabilities. We integrate Google Maps on our website to help visitors find our location and get directions. The service is provided by Google Ireland Limited, with its European headquarters at Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can learn more about Google’s privacy practices by visiting their Privacy Policy or contacting them through their Data Subject Request form.

8.7.2 Purpose

We implement Google Maps on our website to provide you with useful location-based information. This integration allows you to easily find our physical location, get directions to our premises, explore the surrounding area, and plan your visit efficiently. The interactive map feature enhances the user experience by providing visual geographic context and navigation assistance, making it easier for you to connect with our physical location.

8.7.3 Categories of Personal Data Processed

When you interact with Google Maps embedded on our website, various types of data may be processed:

• IP address
• Geographic location (if location services are enabled on your device)
• Browser type and version
• Operating system
• Device information (type, model, screen resolution)
• Date and time of access
• Referrer URL
• Search queries and directions requested within the map
• Interaction data (clicks, zooming, panning)

If you are logged into your Google account while using Google Maps on our website, Google may associate this data with your account, potentially enabling personalized features.

8.7.4 Cookies and Local Storage

Google Maps uses various cookies to provide its functionality and improve user experience:

Cookie Name	Host	Example Value	Purpose	Persistence
NID	.google.com	204=h5tGAXXXXXX	Contains a unique ID to store user preferences and personalize ads	6 months
CONSENT	.google.com	YES+XX.XX.XX+V10+PS	Stores user consent preferences	18 years
1P_JAR	.google.com	2023-08-28-13	Used for gathering website statistics and tracking conversion rates	1 month
SIDCC	.google.com	AJ1XXXXXXXXX	Security cookie to protect user data	1 year
__Secure-3PSID	.google.com	QAg-XXXXXXXXX	Targeting/advertising cookie	2 years
SAPISID	.google.com	XXXXXXXXXXXXXX	Used to build a profile of website visitor interests	2 years
HSID	.google.com	XXXXXXXXXXXXXX	Security cookie to authenticate users	2 years
SSID	.google.com	XXXXXXXXXXXXXX	Stores user preferences and information	2 years
APISID	.google.com	XXXXXXXXXXXXXX	Used to build a profile of website visitor interests	2 years
SID	.google.com	XXXXXXXXXXXXXX	Security cookie to authenticate users	2 years

8.7.5 External Data Loading and International Transfers

When you interact with Google Maps embedded on our website, your browser establishes a direct connection with Google’s servers to load map data, images, and scripts. This involves the transmission of certain data (as described in the “Categories of Personal Data Processed” section) to Google’s servers, which may be located outside the European Economic Area (EEA), including in the United States.

For transfers of data to the United States, Google LLC participates in the EU-US Data Privacy Framework, which provides an adequate level of protection for personal data according to the European Commission’s adequacy decision.

Additionally, Google has implemented Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Article 46, paragraphs 2 and 3 of the GDPR. These SCCs provide appropriate safeguards for international data transfers.

We have conducted a Transfer Impact Assessment (TIA) to evaluate the level of data protection in the recipient country and have implemented supplementary measures where necessary to ensure adequate protection of your data.

8.7.6 Data Retention

Google retains data collected through Google Maps in accordance with its own data retention policies. The retention period varies depending on the type of data, the purpose for which it is used, and legal or operational retention needs. For specific information about Google’s data retention practices, please refer to the Google Privacy Policy.

8.7.7 How to Withdraw or Object Consent

If you wish to prevent the loading and operation of Google Maps on our website, you have several options:

• Cookie Settings: You can manage your preferences through our cookie banner by clicking on the “Cookie Settings” button in the footer of our website. In the preferences center, you can disable the “Functional” category, which includes Google Maps. Please note that this will prevent the maps from displaying on our website.
• Browser Settings: You can configure your browser to block requests to Google’s domains or to block third-party cookies. Instructions for managing cookies in different browsers are provided in the Cookie Management section.
• Browser Extensions: You can use content-blocking extensions that prevent connections to Google’s servers:
  • uBlock Origin
  • Privacy Badger
  • Ghostery
• Alternative Contact Methods: If you need location information but prefer not to use Google Maps, you can contact us directly using the information provided in the Contact Information section, and we will be happy to provide location details through alternative means.

Please note that blocking Google Maps will prevent you from viewing and interacting with maps on our website, which may limit your ability to easily find directions to our location.

8.7.8 Legal Basis

The use of Google Maps on our website is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – We obtain your consent through our cookie banner before implementing Google Maps on our website.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in providing location information and directions to our visitors to facilitate physical visits to our premises.

For the use of cookies and similar technologies, we also comply with the ePrivacy Directive, which requires obtaining user consent for non-essential cookies.

8.7.9 Contact and Documentation

For more information about Google Maps and how Google processes your data, you can visit:

• Google Privacy Policy
• Google Terms of Service
• Google Maps/Google Earth Additional Terms of Service

If you have questions about your data rights or wish to submit a data subject request to Google, you can use their Data Subject Request form or contact their Data Protection Officer at data-protection-office@google.com.

For questions specific to our implementation of Google Maps, please contact us using the information provided in the Contact Information section.

8.7.10 In Summary

Google Maps is integrated into our website to provide you with interactive maps, location information, and directions to our premises. When you interact with the maps, certain data is transmitted to Google’s servers, including your IP address and location data if enabled. You can prevent the loading of Google Maps through our cookie banner or using browser settings and extensions, though this will prevent you from viewing maps on our website.

8.8 Jetpack Stats

8.8.1 Definition and Provider

Jetpack Stats is an analytics service integrated into the WordPress plugin Jetpack, which provides website owners with insights about their site’s traffic, visitor interactions, and performance metrics. The service is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, with its EU representative: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Place, Dublin D02 AY86, Ireland.

For more information about Automattic’s privacy practices, you can visit their Privacy Policy or contact them directly at privacy@automattic.com or through their Contact page.

8.8.2 Purpose

We use Jetpack Stats on our website to collect and analyze statistical information about how visitors interact with our site. This helps us understand which content is most engaging, how users navigate through our pages, and how we can improve the overall user experience. The insights provided by Jetpack Stats enable us to make data-driven decisions about content creation, site design, and functionality enhancements, ultimately allowing us to better serve our visitors’ needs and interests.

8.8.3 Categories of Personal Data Processed

Jetpack Stats collects and processes the following types of data when you visit our website:

• IP address (anonymized)
• Browser type and version
• Operating system
• Device information
• Referring website
• Date and time of visit
• Pages visited
• Time spent on each page
• Click events (what links were clicked)
• Country or region of origin
• Search terms used to find the website (if applicable)

Jetpack Stats uses anonymization techniques to protect user privacy, such as truncating IP addresses to prevent the identification of individual users.

8.8.4 Cookies and Local Storage

Jetpack Stats uses cookies to track visitor activity and provide accurate analytics:

Cookie Name	Host	Example Value	Purpose	Persistence
tk_ai	graphicatelier.com	woo:xxxxxxxxxx	Used for anonymous visitor tracking	Session to 5 years
tk_lr	.graphicatelier.com	https://www.google.com/	Stores the referring site	1 year
tk_r3d	.graphicatelier.com	https://www.google.com/	Referrer cookie for the WordPress.com Reader	3 days
tk_qs	.graphicatelier.com	true	Tracks if the visitor has seen embedded content	30 minutes
wordpress_test_cookie	graphicatelier.com	WP Cookie check	Tests if cookies are enabled	Session

8.8.5 External Data Loading and International Transfers

When Jetpack Stats is active on our website, data about your visit is transmitted to Automattic’s servers for processing and analysis. Automattic’s servers may be located outside the European Economic Area (EEA), primarily in the United States.

Automattic has implemented various measures to ensure adequate protection for data transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Article 46, paragraphs 2 and 3 of the GDPR
• Technical and organizational measures to ensure data security and privacy
• Data minimization practices, including IP anonymization

We have conducted a Transfer Impact Assessment (TIA) to evaluate the level of data protection and have implemented supplementary measures where necessary to ensure adequate protection of your data.

8.8.6 Data Retention

Automattic retains Jetpack Stats data for as long as necessary to provide the analytics service to website owners. According to Automattic’s privacy policy, analytics data is retained for a limited period, typically no longer than 28 days for raw logs, after which the data is aggregated and anonymized for long-term statistical purposes. For specific information about Automattic’s data retention practices, please refer to their Privacy Policy.

8.8.7 How to Withdraw or Object Consent

If you wish to prevent Jetpack Stats from collecting information about your visit to our website, you have several options:

• Cookie Settings: You can manage your preferences through our cookie banner by clicking on the “Cookie Settings” button in the footer of our website. In the preferences center, you can disable the “Statistics” category, which includes Jetpack Stats.
• Browser Settings: You can configure your browser to block or delete cookies related to Jetpack Stats. Instructions for managing cookies in different browsers are provided in the Cookie Management section.
• Do Not Track: You can enable the “Do Not Track” feature in your browser, which Jetpack Stats respects. When this feature is enabled, Jetpack Stats will not track your activity on websites that honor this request.
• Browser Extensions: You can use privacy-focused browser extensions that block tracking scripts:
  • uBlock Origin
  • Privacy Badger
  • Ghostery

Please note that blocking analytics tools like Jetpack Stats does not affect your ability to use our website, but it does impact our ability to improve our services based on visitor behavior and preferences.

8.8.8 Legal Basis

The use of Jetpack Stats on our website is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – We obtain your consent through our cookie banner before implementing analytics cookies, including those used by Jetpack Stats.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in analyzing website usage to improve our content and services, optimize user experience, and ensure the proper functioning of our website.

For the use of cookies and similar technologies, we also comply with the ePrivacy Directive, which requires obtaining user consent for non-essential cookies.

8.8.9 Contact and Documentation

For more information about Jetpack Stats and how Automattic processes your data, you can visit:

• Automattic Privacy Policy
• Jetpack Stats Documentation
• Automattic Terms of Service

If you have questions about your data rights or wish to submit a data subject request to Automattic, you can contact them at privacy@automattic.com or through their Contact page.

For questions specific to our implementation of Jetpack Stats, please contact us using the information provided in the Contact Information section.

8.8.10 In Summary

Jetpack Stats is an analytics service we use to collect anonymous statistical information about how visitors interact with our website. It helps us understand which content is most popular and how users navigate our site, allowing us to make improvements. The service uses cookies to track visitor activity, and you can opt out through our cookie banner, browser settings, or privacy-focused browser extensions.

8.9 Jetpack Comments

8.9.1 Definition and Provider

Jetpack Comments is a feature of the Jetpack plugin that enhances the native WordPress commenting system with additional functionality, including social login options and improved spam protection. This service is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, with its EU representative: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Place, Dublin D02 AY86, Ireland.

For more information about Automattic’s privacy practices, you can visit their Privacy Policy or contact them directly at privacy@automattic.com or through their Contact page.

8.9.2 Purpose

We use Jetpack Comments on our website to provide an enhanced commenting experience for our visitors. This feature allows users to leave comments using their WordPress.com, Facebook, or Google accounts, streamlining the commenting process by eliminating the need to fill out name and email fields manually. It also offers improved spam protection, email notifications for comment replies, and a more user-friendly interface, creating a better environment for discussion and engagement on our content.

8.9.3 Categories of Personal Data Processed

When you use Jetpack Comments to leave a comment on our website, the following personal data may be processed:

• Name (as displayed publicly with your comment)
• Email address (not published publicly)
• Website URL (if provided, optional)
• IP address
• Browser user agent string
• The content of your comment
• Time and date of submission

If you choose to log in through a social media account:

• Social media profile information (such as name, profile picture)
• Authentication token from the social media platform
• Email address associated with your social media account

This data is used to display your comment, verify your identity, prevent spam, and notify you of replies if you’ve opted in to notifications.

8.9.4 Cookies and Local Storage

Jetpack Comments uses cookies to facilitate the commenting experience:

Cookie Name	Host	Example Value	Purpose	Persistence
comment_author_[hash]	graphicatelier.com	JohnDoe	Stores the commenter’s name	1 year
comment_author_email_[hash]	graphicatelier.com	john.doe@example.com	Stores the commenter’s email address	1 year
comment_author_url_[hash]	graphicatelier.com	http://example.com	Stores the commenter’s website URL	1 year
jetpack_comments_subscribe_[post_id]	graphicatelier.com	1	Tracks whether the user has subscribed to comment notifications	1 year
jetpack.blog.cookies.[id]	.wordpress.com	1	Used for comment authentication	1 year

Additional cookies may be set if you choose to log in through a social media account, as those platforms may set their own cookies.

8.9.5 External Data Loading and International Transfers

When you use Jetpack Comments, your comment data is processed both on our server and on Automattic’s servers. This involves the transmission of data to Automattic’s servers, which may be located outside the European Economic Area (EEA), primarily in the United States.

If you choose to log in through a social media account (Facebook, Google, etc.), data may also be exchanged with those third-party services, and their data processing practices are governed by their respective privacy policies.

Automattic has implemented various measures to ensure adequate protection for data transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Article 46, paragraphs 2 and 3 of the GDPR
• Technical and organizational measures to ensure data security and privacy

We have conducted a Transfer Impact Assessment (TIA) to evaluate the level of data protection and have implemented supplementary measures where necessary to ensure adequate protection of your data.

8.9.6 Data Retention

Comments and their associated metadata are retained indefinitely on our website and on Automattic’s servers. This allows for automatic recognition of follow-up comments and approval without holding them in a moderation queue. For specific information about how Automattic retains comment data, please refer to their Privacy Policy.

If you have registered an account on WordPress.com and use it to comment, your personal information will be stored on Automattic’s servers according to their data retention policies.

8.9.7 How to Withdraw or Object Consent

You have several options to manage your comment data and privacy preferences:

• Delete or Edit Comments: If you wish to delete or edit a comment you’ve made, you can contact us with the specific details of the comment you’d like to modify or remove.
• Unsubscribe from Notifications: If you’ve subscribed to comment notifications, each notification email contains an unsubscribe link you can use to stop receiving updates.
• Manage Cookies: You can delete cookies related to Jetpack Comments through your browser settings as described in the Cookie Management section.
• WordPress.com Account: If you used a WordPress.com account to comment, you can manage your comment data through your WordPress.com account settings.
• Social Media Accounts: If you used a social media account to comment, you can manage connection permissions through your social media account settings.
• Cookie Settings: You can manage your preferences through our cookie banner by clicking on the “Cookie Settings” button in the footer of our website. In the preferences center, you can disable the “Functional” category, which includes Jetpack Comments.

Please note that disabling Jetpack Comments will revert the commenting system to the standard WordPress commenting system, and any existing comments will remain visible.

8.9.8 Legal Basis

The processing of personal data through Jetpack Comments is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – By submitting a comment or logging in through a social media account, you consent to the processing of your personal data for commenting purposes.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in facilitating discussions on our content and protecting our website from spam and abusive comments.

For the use of cookies and similar technologies, we also comply with the ePrivacy Directive, which requires obtaining user consent for non-essential cookies.

8.9.9 Contact and Documentation

For more information about Jetpack Comments and how Automattic processes your data, you can visit:

• Automattic Privacy Policy
• Jetpack Comments Documentation
• Automattic Terms of Service

If you have questions about your data rights or wish to submit a data subject request to Automattic, you can contact them at privacy@automattic.com or through their Contact page.

For questions specific to comments on our website, please contact us using the information provided in the Contact Information section.

8.9.10 In Summary

Jetpack Comments enhances our website’s commenting system with social login options and improved functionality. When you comment, we collect information such as your name, email, and comment content. This data is processed both on our server and on Automattic’s servers. You can manage your comment data by contacting us, adjusting your browser settings, or through your WordPress.com or social media account settings if applicable.

8.10 Jetpack Notifications

8.10.1 Definition and Provider

Jetpack Notifications is a feature of the Jetpack plugin that provides real-time notifications about site activity, such as new comments, likes, followers, and other interactions on your WordPress website. This service is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, with its EU representative: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Place, Dublin D02 AY86, Ireland.

For more information about Automattic’s privacy practices, you can visit their Privacy Policy or contact them directly at privacy@automattic.com or through their Contact page.

8.10.2 Purpose

We use Jetpack Notifications to enhance our website’s functionality by providing timely alerts about site activity. This allows us to respond promptly to comments and other user interactions, improving engagement and communication with our audience. The notification system helps us maintain an active and responsive presence on our website, ensuring that we can address user inquiries, moderate comments effectively, and stay informed about important site events without constantly monitoring the admin dashboard.

8.10.3 Categories of Personal Data Processed

Jetpack Notifications processes the following types of data:

• Site administrator information (email, WordPress.com account details if connected)
• Notification content (comment text, user names, email addresses of commenters)
• Site activity data (timestamps, action types, page URLs)
• Browser information (user agent, language preferences)
• IP addresses of site visitors who trigger notifications

For site visitors who interact with our website (e.g., by leaving comments), the data processed includes the information you provide when commenting or interacting with the site, such as your name, email address, website (if provided), and the content of your comment or interaction.

8.10.4 Cookies and Local Storage

Jetpack Notifications uses cookies to function properly and provide a seamless notification experience:

Cookie Name	Host	Example Value	Purpose	Persistence
jp_notifications_seen	graphicatelier.com	[“123456″,”789012”]	Tracks which notifications have been viewed	Session
jetpack_comments_subscribe_[post_id]	graphicatelier.com	1	Tracks whether the user has subscribed to comment notifications	1 year
wordpress_logged_in_[hash]	graphicatelier.com	username%7C1234567890%7Cabcdef	Keeps users logged in	Session

8.10.5 External Data Loading and International Transfers

Jetpack Notifications transmits data between our website and Automattic’s servers to deliver notifications about site activity. This involves the transmission of data to Automattic’s servers, which may be located outside the European Economic Area (EEA), primarily in the United States.

Automattic has implemented various measures to ensure adequate protection for data transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Article 46, paragraphs 2 and 3 of the GDPR
• Technical and organizational measures to ensure data security and privacy

We have conducted a Transfer Impact Assessment (TIA) to evaluate the level of data protection and have implemented supplementary measures where necessary to ensure adequate protection of your data.

8.10.6 Data Retention

Notification data is typically retained on Automattic’s servers for as long as necessary to provide the notification service. The retention period varies depending on the type of notification and its relevance. For specific information about Automattic’s data retention practices, please refer to their Privacy Policy.

From our side, we retain notification data in our WordPress dashboard for administrative purposes, typically for a period of up to 90 days, after which older notifications may be automatically cleared.

8.10.7 How to Withdraw or Object Consent

If you interact with our website (e.g., by leaving comments) and wish to manage how your data is used in relation to Jetpack Notifications, you have several options:

• Unsubscribe from Notifications: If you’ve subscribed to comment notifications, each notification email contains an unsubscribe link you can use to stop receiving updates.
• Cookie Settings: You can manage your preferences through our cookie banner by clicking on the “Cookie Settings” button in the footer of our website. In the preferences center, you can disable the “Functional” category, which includes Jetpack features.
• Manage Cookies: You can delete cookies related to Jetpack through your browser settings as described in the Cookie Management section.
• Contact Us: You can contact us to request that your personal data not be used for notification purposes or to address any concerns about how your data is processed.

Please note that as site administrators, we use Jetpack Notifications primarily for our own administrative purposes. Disabling this feature would not directly affect your browsing experience on our website but may impact how quickly we can respond to your comments or interactions.

8.10.8 Legal Basis

The processing of personal data through Jetpack Notifications is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – When you interact with our website in ways that trigger notifications, you consent to the processing of your personal data for this purpose.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in receiving notifications about site activity to manage our website effectively, respond to user inquiries, and maintain site security.

For the use of cookies and similar technologies, we also comply with the ePrivacy Directive, which requires obtaining user consent for non-essential cookies.

8.10.9 Contact and Documentation

For more information about Jetpack Notifications and how Automattic processes your data, you can visit:

• Automattic Privacy Policy
• Jetpack Notifications Documentation
• Automattic Terms of Service

If you have questions about your data rights or wish to submit a data subject request to Automattic, you can contact them at privacy@automattic.com or through their Contact page.

For questions specific to how we use Jetpack Notifications on our website, please contact us using the information provided in the Contact Information section.

8.10.10 In Summary

Jetpack Notifications is a feature we use to receive alerts about activity on our website, such as new comments or interactions. When you interact with our site, information about your interaction may be transmitted to Automattic’s servers to generate notifications. You can manage your notification preferences for comments by using the unsubscribe links in notification emails or by contacting us directly.

8.11 Jetpack Subscriptions

8.11.1 Definition and Provider

Jetpack Subscriptions is a feature of the Jetpack plugin that allows website visitors to subscribe to receive email notifications when new content is published on our website or when new comments are added to specific posts. This service is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, with its EU representative: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Place, Dublin D02 AY86, Ireland.

For more information about Automattic’s privacy practices, you can visit their Privacy Policy or contact them directly at privacy@automattic.com or through their Contact page.

8.11.2 Purpose

We use Jetpack Subscriptions to allow our readers to stay informed about new content on our website without having to regularly check for updates. This feature enables us to build a direct communication channel with interested visitors, providing them with timely notifications about new blog posts, articles, or other content they’ve expressed interest in. It also allows commenters to receive notifications about responses to their comments, facilitating ongoing discussions and engagement with our content.

8.11.3 Categories of Personal Data Processed

When you subscribe to our website using Jetpack Subscriptions, the following personal data may be processed:

• Email address
• IP address at the time of subscription
• Timestamp of subscription
• Subscription preferences (post updates, comment notifications)
• Subscription status (active, pending, unsubscribed)
• Browser user agent information
• Language preferences
• Engagement data (email opens, clicks) for subscription emails

This data is necessary to provide you with the subscription service, verify your subscription request, deliver email notifications, and manage your subscription preferences.

8.11.4 Cookies and Local Storage

Jetpack Subscriptions uses cookies to manage the subscription process and track subscription status:

Cookie Name	Host	Example Value	Purpose	Persistence
jetpack_blog_subscribe_[blog_id]	graphicatelier.com	1	Tracks whether you have subscribed to blog updates	1 year
jetpack_comments_subscribe_[post_id]	graphicatelier.com	1	Tracks whether you have subscribed to comment notifications for a specific post	1 year
subscription-manager	.wordpress.com	XXXXXXXXX	Used for managing subscription preferences	1 year

8.11.5 External Data Loading and International Transfers

When you subscribe to our website using Jetpack Subscriptions, your subscription data is transmitted to and stored on Automattic’s servers. Automattic handles the subscription management, email delivery, and processing of subscription-related data. These servers may be located outside the European Economic Area (EEA), primarily in the United States.

Automattic has implemented various measures to ensure adequate protection for data transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Article 46, paragraphs 2 and 3 of the GDPR
• Technical and organizational measures to ensure data security and privacy

We have conducted a Transfer Impact Assessment (TIA) to evaluate the level of data protection and have implemented supplementary measures where necessary to ensure adequate protection of your data.

8.11.6 Data Retention

Subscription data is retained on Automattic’s servers for as long as you remain subscribed to our website. If you unsubscribe, your email address and associated data may be retained in the subscription system for a limited period to prevent accidental resubscription and to honor your request not to receive further communications. For specific information about Automattic’s data retention practices for subscription data, please refer to their Privacy Policy.

8.11.7 How to Withdraw or Object Consent

If you have subscribed to our website using Jetpack Subscriptions, you have several options to manage or withdraw your consent:

• Unsubscribe Links: Every subscription email you receive includes an unsubscribe link at the bottom. Clicking this link will take you to a page where you can unsubscribe from that specific type of notification or manage your subscription preferences.
• Subscription Management Page: You can manage all your WordPress.com subscriptions by visiting the WordPress.com Subscription Management page.
• Contact Us: You can contact us directly to request removal from our subscription list.
• Cookie Settings: You can manage your preferences through our cookie banner by clicking on the “Cookie Settings” button in the footer of our website. In the preferences center, you can disable the “Marketing” category, which includes Jetpack Subscriptions.
• Manage Cookies: You can delete cookies related to Jetpack Subscriptions through your browser settings as described in the Cookie Management section.

Please note that after unsubscribing, you will no longer receive notification emails about new content or comments from our website.

8.11.8 Legal Basis

The processing of personal data through Jetpack Subscriptions is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – When you subscribe to our website, you provide explicit consent for us to process your email address and send you notification emails.
• Article 6(1)(b) of GDPR (contract) – The processing is necessary to fulfill our obligation to provide you with the subscription service you have requested.

For the use of cookies and similar technologies, we also comply with the ePrivacy Directive, which requires obtaining user consent for non-essential cookies.

8.11.9 Contact and Documentation

For more information about Jetpack Subscriptions and how Automattic processes your data, you can visit:

• Automattic Privacy Policy
• Jetpack Subscriptions Documentation
• Automattic Terms of Service

If you have questions about your data rights or wish to submit a data subject request to Automattic, you can contact them at privacy@automattic.com or through their Contact page.

For questions specific to subscriptions on our website, please contact us using the information provided in the Contact Information section.

8.11.10 In Summary

Jetpack Subscriptions allows you to subscribe to email notifications for new content or comments on our website. When you subscribe, your email address and subscription preferences are stored on Automattic’s servers. You can unsubscribe at any time by using the unsubscribe links in the emails you receive, visiting the WordPress.com Subscription Management page, or contacting us directly.

8.12 WPML

8.12.1 Definition and Provider

WPML (WordPress Multilingual Plugin) is a premium WordPress plugin that enables website owners to create and manage multilingual content. It provides tools for translating pages, posts, custom types, taxonomies, and themes. WPML is developed and provided by OnTheGoSystems Limited, with headquarters at 22/F, 3 Lockhart Road, Wanchai, Hong Kong.

For more information about WPML’s privacy practices, you can visit their Privacy Policy and GDPR Compliance documentation or contact them through their Contact page.

8.12.2 Purpose

We use WPML on our website to provide content in multiple languages, making our information accessible to a broader, international audience. This enhances the user experience for visitors who prefer to browse in their native language, improves content accessibility, and helps us communicate more effectively with our diverse audience. WPML enables seamless language switching throughout the site, maintaining consistent navigation and user experience across all language versions.

8.12.3 Categories of Personal Data Processed

WPML processes a limited amount of personal data in its core functionality:

• Language preferences (the language you select for browsing our website)
• Browser language settings
• IP address (may be used for automatic language redirection based on geolocation)
• Browser user agent string

WPML does not collect personally identifiable information from website visitors beyond these technical data points necessary for language switching and preference management.

8.12.4 Cookies and Local Storage

WPML uses cookies to remember your language preferences and provide a consistent language experience across our website:

Cookie Name	Host	Example Value	Purpose	Persistence
wp-wpml_current_language	graphicatelier.com	en	Stores your selected language preference	1 day
wp-wpml_current_admin_language_*	graphicatelier.com	en	Stores the administrator’s preferred language for the admin interface	1 day
_icl_visitor_lang_js	graphicatelier.com	en	Stores language preference for JavaScript-based features	Session
wpml_browser_redirect_test	graphicatelier.com	1	Used for testing browser language redirection functionality	Session

These cookies do not contain personally identifiable information and are used solely for enhancing the multilingual functionality of our website.

8.12.5 External Data Loading and International Transfers

WPML primarily operates within our website’s infrastructure and does not routinely transfer personal data to external servers. However, certain WPML features such as automatic translation services or plugin updates may involve communication with OnTheGoSystems’ servers.

When such transfers occur, data may be processed outside the European Economic Area (EEA), as OnTheGoSystems is based in Hong Kong. OnTheGoSystems has implemented appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Article 46, paragraphs 2 and 3 of the GDPR.

We have conducted a Transfer Impact Assessment (TIA) to evaluate the level of data protection and have implemented supplementary measures where necessary to ensure adequate protection of your data.

8.12.6 Data Retention

Language preference cookies set by WPML typically expire after 24 hours (for persistent cookies) or when you close your browser session (for session cookies). WPML does not maintain long-term storage of user preferences or personal data beyond these temporary cookies necessary for site functionality.

Any data transmitted to OnTheGoSystems for functionality purposes (such as during plugin updates or when using translation services) is retained according to their privacy policy, which you can review at WPML’s Privacy Policy.

8.12.7 How to Withdraw or Object Consent

Since WPML’s primary function is to provide multilingual content, there are limited options to withdraw consent while maintaining full site functionality. However, you can manage your interaction with WPML in the following ways:

• Language Selection: You can manually select your preferred language using the language switcher on our website, overriding any automatic language selection based on browser settings or geolocation.
• Cookie Settings: You can manage your preferences through our cookie banner by clicking on the “Cookie Settings” button in the footer of our website. In the preferences center, you can disable the “Essential” category cookies, though this may affect the basic functionality of the website, including language persistence.
• Manage Cookies: You can delete cookies related to WPML through your browser settings as described in the Cookie Management section. This will reset your language preferences to default settings.
• Disable Geolocation: If you wish to prevent automatic language selection based on your location, you can use browser settings or extensions to limit geolocation access.

Please note that disabling WPML-related cookies will reset your language preference each time you visit our website, requiring you to manually select your preferred language for each session.

8.12.8 Legal Basis

The processing of personal data through WPML is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – When you select a language preference, you consent to the storage of this preference.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in providing content in multiple languages to better serve our diverse audience and improve accessibility.

For the use of cookies and similar technologies, we also comply with the ePrivacy Directive, which requires obtaining user consent for non-essential cookies. The language preference cookies used by WPML may be considered essential for providing the core multilingual functionality of our website.

8.12.9 Contact and Documentation

For more information about WPML and how OnTheGoSystems processes your data, you can visit:

• WPML Privacy Policy and GDPR Compliance
• WPML Terms and Conditions
• WPML Contact Page

For questions specific to how we use WPML on our website, please contact us using the information provided in the Contact Information section.

8.12.10 In Summary

WPML is a multilingual plugin that allows us to provide our website content in multiple languages. It uses cookies to remember your language preferences and may process technical data such as your IP address for automatic language redirection. These cookies are generally considered essential for the proper functioning of our multilingual website. You can manage your language preferences manually through the language switcher on our site.

8.13 Vimeo

8.13.1 Definition and Provider

Vimeo is a video hosting and sharing platform that allows users to upload, share, view, and interact with videos. We embed Vimeo videos on our website to enhance our content with rich media presentations. Vimeo is provided by Vimeo.com, Inc., with headquarters at Attention: Data Protection Officer, 330 West 34th Street, 10th Floor, New York, NY 10001, USA.

For more information about Vimeo’s privacy practices, you can visit their Privacy Policy or contact them directly at privacy@vimeo.com or through their Contact page.

8.13.2 Purpose

We integrate Vimeo videos on our website to provide you with engaging visual content that enhances your understanding of our products, services, or topics of interest. Video content can explain complex concepts more effectively than text alone, demonstrate product features, showcase customer testimonials, or provide instructional content. By embedding Vimeo videos, we aim to create a more dynamic and informative user experience while leveraging Vimeo’s robust, high-quality video delivery infrastructure.

8.13.3 Categories of Personal Data Processed

When you interact with Vimeo videos embedded on our website, the following types of personal data may be processed:

• IP address
• Browser type and version
• Operating system
• Referring URL (the page on our website where the video is embedded)
• Date and time of access
• Video playback interactions (play, pause, skip, volume adjustments)
• Playback progress and completion rates
• Video quality preferences
• Device information (type, model, screen resolution)

If you are logged into your Vimeo account while viewing embedded videos on our site, Vimeo may associate your viewing history with your account. Additionally, if you interact with Vimeo features such as the “like” button or sharing options, this activity may also be linked to your Vimeo account.

8.13.4 Cookies and Local Storage

Vimeo uses various cookies and local storage to provide and enhance its video services:

Cookie Name	Host	Example Value	Purpose	Persistence
vuid	.vimeo.com	pl1234567890.1234567890	Analytics cookie used to identify unique visitors	2 years
player	.vimeo.com	{“volume”:0.8,”quality”:”auto”}	Stores user preferences for the video player	1 year
__cf_bm	.vimeo.com	xxxxxxxxxxxxxxxxxxxx	Cloudflare bot management cookie for security	30 minutes
language	.vimeo.com	en	Stores language preference	1 year
continuous_play_v3	.vimeo.com	1	Controls autoplay behavior	1 month
OptanonConsent	.vimeo.com	isIABGlobal=false&datestamp=…	Stores consent preferences for OneTrust cookie compliance	1 year
OptanonAlertBoxClosed	.vimeo.com	2023-08-28T12:00:00.000Z	Records that the cookie notice was closed	1 year

In addition to cookies, Vimeo may use local storage and other tracking technologies to enhance video delivery and performance.

8.13.5 External Data Loading and International Transfers

When you view a page on our website with an embedded Vimeo video, your browser establishes a direct connection to Vimeo’s servers to load the video player and content. This connection involves the transmission of certain data (as described in the “Categories of Personal Data Processed” section) to Vimeo’s servers, which are located in the United States.

As a US-based company, Vimeo may process your data outside the European Economic Area (EEA). Vimeo has implemented various measures to ensure adequate protection for international data transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Article 46, paragraphs 2 and 3 of the GDPR
• Technical and organizational measures to ensure data security and privacy

We have conducted a Transfer Impact Assessment (TIA) to evaluate the level of data protection and have implemented supplementary measures where necessary to ensure adequate protection of your data.

8.13.6 Data Retention

Vimeo retains data collected through embedded videos in accordance with its own data retention policies. The retention period varies depending on the type of data, the purpose for which it is used, and legal or operational retention needs. For specific information about Vimeo’s data retention practices, please refer to their Privacy Policy.

Cookies set by Vimeo typically persist for the durations indicated in the cookie table above, after which they expire or are renewed based on user activity.

8.13.7 How to Withdraw or Object Consent

If you wish to prevent the loading and playback of Vimeo videos on our website, you have several options:

• Cookie Settings: You can manage your preferences through our cookie banner by clicking on the “Cookie Settings” button in the footer of our website. In the preferences center, you can disable the “Functional” category, which includes Vimeo. This will prevent Vimeo videos from loading on our website.
• Browser Settings: You can configure your browser to block requests to Vimeo’s domains or to block third-party cookies. Instructions for managing cookies in different browsers are provided in the Cookie Management section.
• Browser Extensions: You can use content-blocking extensions that prevent connections to third-party services:
  • uBlock Origin
  • Privacy Badger
  • Ghostery
• Vimeo Account Settings: If you have a Vimeo account and are concerned about data collection while logged in, you can log out of Vimeo before visiting our website or adjust your privacy settings in your Vimeo account.
• Alternative Content: If you’re interested in our video content but prefer not to interact with Vimeo, please contact us to inquire about alternative ways to access the information.

Please note that blocking Vimeo will prevent you from viewing the embedded videos on our website, which may limit your access to certain content.

8.13.8 Legal Basis

The use of Vimeo on our website is based on the following legal grounds:

• Article 6(1)(a) of GDPR (consent) – We obtain your consent through our cookie banner before loading Vimeo content on our website.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in providing engaging video content to enhance our website and improve user experience.

For the use of cookies and similar technologies, we also comply with the ePrivacy Directive, which requires obtaining user consent for non-essential cookies.

8.13.9 Contact and Documentation

For more information about Vimeo and how they process your data, you can visit:

• Vimeo Privacy Policy
• Vimeo Terms of Service
• Vimeo Cookie Policy

If you have questions about your data rights or wish to submit a data subject request to Vimeo, you can contact them at privacy@vimeo.com or through their Contact page.

For questions specific to our implementation of Vimeo videos, please contact us using the information provided in the Contact Information section.

8.13.10 In Summary

We embed Vimeo videos on our website to provide engaging visual content. When you view these videos, certain data such as your IP address and viewing behavior is transmitted to Vimeo’s servers in the United States. You can prevent Vimeo videos from loading by adjusting your cookie preferences through our cookie banner or by using browser settings and extensions. However, this will prevent you from viewing the embedded videos on our site.

9. Third-Party Service Providers

We engage third-party service providers to assist us in managing and improving our website. These providers may process or store personal data as part of providing these services. We ensure that these third-party service providers adhere to the same privacy and security standards as us and only share your personal data with them to the extent necessary for them to provide the respective services.

These third parties include:

• Web hosting and IT service providers to support our website and the services we offer
• Website analytics and tracking service providers who help us understand how users interact with our website and identify areas for improvement
• Content delivery networks to ensure fast and reliable access to our website
• Security service providers who assist us in protecting our website and maintaining the security of user data
• Communication and email service providers to facilitate our interactions with you

We carefully select our service providers based on their data protection practices and require them to process personal data only in accordance with our instructions and applicable data protection laws. We have data processing agreements in place with these providers as required by Article 28 of GDPR.

Please note that our website contains links to other websites that are not operated by us. We are not responsible for the privacy practices of these websites and encourage you to review their privacy policies before providing them with any personal information.

9.1 Web Hosting

9.1.1 Definition and Provider

Our website is hosted by Hetzner Online GmbH, a leading German web hosting provider that offers server infrastructure, data center services, and cloud solutions. Hetzner Online GmbH is located at Industriestr. 25, 91710 Gunzenhausen, Germany. The company’s Data Protection Officer can be contacted at data-protection@hetzner.com.

For more information about Hetzner’s privacy practices, you can visit their Privacy Policy or their Data Protection page.

9.1.2 Purpose

We use Hetzner Online GmbH as our web hosting provider to store, maintain, and deliver our website content to visitors. This service is essential for making our website accessible on the internet, processing user requests, storing user data securely, and ensuring reliable performance. The hosting infrastructure provides the technical foundation necessary for all features and functionality of our website, including database operations, file storage, and content delivery.

9.1.3 Categories of Personal Data Processed

As part of the web hosting service, the following personal data may be processed:

• IP addresses
• Date and time of server requests
• Browser type and version
• Operating system
• Referring URLs
• Files accessed on our website
• Data submitted through web forms
• Email messages sent through website functions
• Database content including user accounts and preferences
• Server logs and error reports

This data is processed on servers located in Germany, within the European Economic Area (EEA).

9.1.4 Data Retention

Server logs containing technical information such as IP addresses and request data are typically retained for a limited period (up to 14 days) for security and troubleshooting purposes. User data stored in our website’s database is retained according to the purposes described in the relevant sections of this privacy policy.

Hetzner Online GmbH itself retains certain data in accordance with its own privacy policy and legal obligations. For specific information about Hetzner’s data retention practices, please refer to their Privacy Policy.

9.1.5 Security Measures

Hetzner Online GmbH implements robust security measures to protect hosted data, including:

• Physical security in ISO 27001 certified data centers
• Network security including firewalls and intrusion detection systems
• Regular security updates and patches
• Backup systems and disaster recovery procedures
• Access controls and authentication requirements
• Encryption for data in transit (SSL/TLS)

These measures help ensure the confidentiality, integrity, and availability of our website and the data it processes.

9.1.6 Legal Basis

The processing of personal data by our web hosting provider is based on the following legal grounds:

• Article 6(1)(b) of GDPR (contract) – Processing is necessary for the performance of our contract with you to provide our website and services.
• Article 6(1)(f) of GDPR (legitimate interests) – We have a legitimate interest in ensuring the technical functionality, security, and performance of our website.

We have a data processing agreement with Hetzner Online GmbH in accordance with Article 28 of GDPR to ensure that they process personal data only according to our instructions and in compliance with applicable data protection laws.

9.1.7 Contact and Documentation

For more information about Hetzner Online GmbH and their data processing practices, you can visit:

• Hetzner Privacy Policy
• Hetzner Data Protection Information
• Hetzner Legal Information

If you have questions about how we use Hetzner’s services or how your data is processed in this context, please contact us using the information provided in the Contact Information section.

9.1.8 In Summary

Hetzner Online GmbH provides the web hosting infrastructure that makes our website accessible on the internet. This involves processing technical data such as IP addresses and browser information to deliver website content and handle user requests. The data is processed on servers located in Germany, with appropriate security measures in place to protect it. This processing is necessary for the basic operation of our website.

10. Security Measures

10.1 Technical and Organisational Measures

The security of your personal data is of paramount importance to us. To ensure the protection of your data against loss, alteration, unauthorized access, disclosure, or destruction, we have implemented comprehensive technical and organisational measures in accordance with Article 32 of GDPR. These measures include:

• Encryption: We use SSL (Secure Socket Layer) encryption to secure data in transit between your browser and our servers, ensuring that sensitive information cannot be intercepted or read by unauthorized parties.
• Access controls: We implement strict authentication and authorization mechanisms to ensure that only authorized personnel can access personal data, and only for legitimate purposes.
• Regular security assessments: We conduct periodic security audits, vulnerability scans, and penetration tests to identify and address potential security weaknesses.
• Staff training: Our employees and collaborators receive regular training on data protection principles, secure data handling practices, and recognizing security threats.
• Data minimization: We collect and retain only the personal data necessary for our stated purposes, reducing the risk and impact of potential data breaches.
• Backup procedures: We maintain regular backups of our systems and data to ensure quick recovery in case of technical failures or security incidents.
• Physical security: Our servers and physical infrastructure are protected by appropriate measures to prevent unauthorized physical access.
• Incident response plan: We have established procedures to detect, report, and investigate personal data breaches and to notify relevant parties when necessary.

10.1.1 SSL Encryption

SSL (Secure Socket Layer) encryption is a standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data transmitted between the web server and browser remains private and integral. We use SSL to protect your personal information online and strive to maintain the confidentiality of your transactions on our site.

SSL encryption is an essential requirement of the General Data Protection Regulation, in compliance with Article 32 of the GDPR, which mandates that organisations implement appropriate technical and organisational measures to ensure a level of security suitable for the risk.

To verify that our site uses SSL encryption, you can check your browser’s address bar. You should see a padlock icon and the “https://” prefix before our site’s address, indicating a secure connection.

10.2 Breach Notification Process

Despite all precautions, no method of transmission over the Internet or electronic storage is 100% secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will act promptly in accordance with Article 33 of GDPR. Our breach notification process includes:

• Breach identification and containment: We will take immediate steps to identify the cause of the breach and implement measures to contain it and prevent further unauthorized access.
• Impact assessment: We will assess the nature and scope of the breach, the categories and approximate number of individuals affected, and the potential consequences.
• Notification to supervisory authority: Where required, we will notify the relevant data protection authority (in our case, the Austrian Data Protection Authority) within 72 hours of becoming aware of the breach.
• Notification to affected individuals: If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, describing the nature of the breach, its likely consequences, and the measures we are taking to address it.
• Documentation: We will document all breaches, including the facts, effects, and remedial actions taken, to enable verification of compliance with our obligations.
• Review and improvement: Following any breach, we will review our security procedures and implement necessary improvements to prevent similar incidents in the future.

10.3 Data Retention Period

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods vary depending on the type of data and the purpose for which it is used:

• Account data: If you create an account on our website, we retain your account information for as long as your account remains active, plus a reasonable period afterward to handle any follow-up queries or issues.
• Communication data: Data related to inquiries or correspondence may be retained for up to three years from the last interaction to ensure continuity in our communications.
• Transaction data: Information related to transactions or business relationships is retained in accordance with tax and accounting requirements, typically for seven to ten years.
• Consent records: Records of consent are retained for as long as we process the data based on that consent, plus an additional period as required to demonstrate compliance with legal obligations.
• Log data and analytics: Technical logs and analytics data are typically retained for shorter periods (30-90 days) for security and performance analysis.

At the end of the applicable retention period, personal data is either securely deleted or anonymized in a way that prevents identification of individuals. Anonymized data may be retained indefinitely for statistical and analytical purposes.

You have the right to request deletion of your personal data in certain circumstances, as described in the Right to Erasure section of this policy.

11. Changes to Our Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, services, or legal requirements. When we make substantial changes to how we process your personal information, we will notify you through a prominently displayed notice on our website before the changes take effect.

Minor changes, such as clarifications or corrections that do not affect the substance of our data processing practices, may be implemented without prior notice.

The date of the last update is clearly indicated at the top of this Privacy Policy. By continuing to use our website after any changes to the Privacy Policy, you acknowledge and consent to the updated terms.

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information. Previous versions of this Privacy Policy may be available upon request.

If you have questions or concerns about changes to our Privacy Policy, please contact us using the information provided in the Contact Information section.

12. Conclusion

Thank you for taking the time to read our Privacy Policy. We understand that privacy matters are complex, but we hope this document has provided you with clear and comprehensive information about how we handle your personal data.

At graphicatelier, we are committed to protecting your privacy and maintaining the security of your personal information. We believe in transparency and aim to empower you with knowledge about your data and your rights.

Your trust is important to us, and we strive to earn it by adhering to responsible data practices and respecting your privacy choices. We continually review and improve our privacy practices to ensure they meet the highest standards of legal compliance and ethical responsibility.

If you have any questions, concerns, or feedback about our Privacy Policy or data practices, we encourage you to contact us using the information provided in the Contact Information section. We value your input and are committed to addressing any privacy-related inquiries promptly and thoroughly.

This Privacy Policy is protected by copyright. It was created by graphicatelier for use on www.graphicatelier.com. We kindly request that you respect the author’s work. Reproduction, even in part, is prohibited without the author’s authorization under Directive 2019/790/EU of April 17, 2019, on copyright and related rights in the Digital Single Market.

And finally, if you’ve made it this far, congratulations! You are among the few people who read privacy policies to the end. Your dedication to understanding how your personal data is handled is commendable. Thank you for your attention and for trusting us with your information.