Privacy Policy

Yes, even a world of sculptures and drawings comes with paperwork. This page tells you how your data is stored, guarded, and never turned into art without your consent. Cookies here are not edible, but they do keep the website from collapsing like a badly built pedestal. Think of it as the fine balance between legal duty and artistic freedom.

Privacy Policy (GDPR)

I. Basic Information

  1. The personal data controller is:
    MgA. Barbora Maštrlová, Břežany II 31, 28201, Czech Republic
    Email: b.mastrlova@gmail.com
    (hereinafter referred to as the “Controller”)
  2. The Controller processes personal data in accordance with Regulation (EU) 2016/679 (GDPR).
  3. Personal data means any information relating to an identified or identifiable natural person.
  4. The data subject is a client or user as defined in the general terms and conditions.

II. Purpose and Legal Basis

  1. The Controller processes personal data for the following purposes:
    • to fulfil a contract (Article 6(1)(b) GDPR)
    • to send newsletters and updates (based on consent under Article 6(1)(a) GDPR)
  2. The Controller processes the following data:
    • full name
    • email address
    • date of birth
    • residential address
  3. Data is obtained via a website form and through cookies or similar tracking technologies.
  4. Data may be shared with trusted processors who comply with Article 28 of the GDPR.

III. Data Security

  1. The Controller has implemented appropriate technical and organizational measures to ensure data security.
  2. Data will not be disclosed to third parties without explicit consent, except to authorized processors.

IV. Retention Period

  1. Data is retained for the duration of the contractual relationship.
  2. After termination, data is retained for 10 years (e.g. for tax/accounting reasons).
  3. After this period, the data will be securely deleted.

V. Rights of Data Subjects

The data subject has the right to:

  • access their data (Article 15 GDPR)
  • rectification (Article 16 GDPR)
  • erasure (Article 17 GDPR)
  • restriction of processing (Article 18 GDPR)
  • data portability (Article 20 GDPR)
  • lodge a complaint with the Data Protection Authority (www.uoou.cz)