§ VIII — Privacy

Privacy
policy.

Last revised · MMXXVI · May · Applies to bodyfluid.art
§ 1

Controller

The controller responsible for the processing of personal data on this site within the meaning of the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") is René Markus, Maybachufer 40, 12047 Berlin, Germany. Full contact details are set out in the imprint. Data-related correspondence is handled at hello@bodyfluid.art.

§ 2

Scope

This policy describes how bodyfluid.art processes data when a visitor browses the catalogue, views a plate, or initiates a purchase via the linked Stripe Checkout page. The site does not set first-party cookies, does not use analytics, and does not embed advertising or social trackers.

§ 3

What is collected, and on what legal basis

The site is delivered as static HTML; no account is created and no form data is collected here directly. The categories below are the only ones touched in connection with this site:

  • Server access logs. When a page is requested, the hosting infrastructure receives the technical request data (IP address, requested path, timestamp, referrer, user-agent string). This is necessary to deliver the page and is processed under Art. 6(1)(f) GDPR (legitimate interest in operating and securing the site). Logs are retained for no longer than necessary and are not used to profile visitors.
  • Email correspondence. When a visitor writes to hello@bodyfluid.art, the message and contact details are processed on the basis of Art. 6(1)(b) GDPR (steps prior to entering into a contract) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries), and retained as long as the matter requires.
  • Purchase data. A purchase is initiated by clicking "Acquire" on a plate, which redirects to Stripe Checkout. From that point, the data the buyer enters (name, billing and shipping address, payment data) is collected by Stripe; the studio receives a fulfilment record (name, shipping address, plate, price, transaction reference) on the legal basis of Art. 6(1)(b) GDPR (performance of the sales contract). Payment-card data is never processed by or stored on this site.
§ 4

Third parties involved in delivering the site

The site relies on two categories of external service. Each is named below, together with the data it receives and the legal basis under Art. 6(1)(f) GDPR (legitimate interest in delivering a fast, typographically consistent, payment-enabled site).

Hosting / log files

The site is served as a static page from [hosting provider — please confirm and replace this placeholder]. The hoster processes the access logs described in § 3 on the studio's behalf as a data processor within the meaning of Art. 28 GDPR; a data-processing agreement is in place.

Fonts — Bunny Fonts (BunnyWay d.o.o., Slovenia)

The display and body typefaces are loaded from Bunny Fonts, an EU-based mirror of the Google Fonts catalogue operated by BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia. Bunny Fonts does not set cookies and, per its public commitment, does not log IP addresses for the purpose of profiling. Data leaves the visitor's browser solely to retrieve the CSS and font files. Bunny's privacy notice is available at bunny.net/privacy.

Payment — Stripe Payments Europe, Ltd. (Ireland)

Acquisition links from individual plates redirect to checkout.stripe.com, operated by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe is the controller of the payment data processed there. The data the buyer enters in Checkout (name, billing and shipping address, payment instrument data) is collected by Stripe under its own privacy policy at stripe.com/privacy; the studio receives only the fulfilment record described in § 3. No Stripe scripts, cookies, or fingerprinting tools run on bodyfluid.art itself — they activate only after the redirect.

§ 5

International transfers

The services named in § 4 operate from EU member states (Slovenia, Ireland). Stripe may transfer payment data to its parent company in the United States; such transfers are covered by the EU–US Data Privacy Framework adequacy decision of 10 July 2023 and by Stripe's Standard Contractual Clauses. Bunny Fonts requests are served from EU infrastructure.

§ 6

Cookies and tracking

This site sets no cookies and runs no analytics, advertising or social-tracking scripts. No consent banner is therefore presented. Should this change in the future, this policy will be updated and explicit consent will be obtained where the law requires it.

§ 7

Your rights

Subject to the conditions set out in the GDPR, you have the following rights with respect to data we process about you:

  • Right of access (Art. 15 GDPR);
  • Right to rectification (Art. 16);
  • Right to erasure (Art. 17);
  • Right to restriction of processing (Art. 18);
  • Right to data portability (Art. 20);
  • Right to object to processing carried out under Art. 6(1)(f) (Art. 21);
  • Right to withdraw consent at any time where processing is based on consent (Art. 7(3)), without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, write to hello@bodyfluid.art. You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for the controller is the Berlin Commissioner for Data Protection and Freedom of Information (datenschutz-berlin.de).

§ 8

Data security

The site is served over HTTPS. Email correspondence is exchanged via the providers chosen by the studio and the visitor and is, by the nature of email, not end-to-end encrypted by default.

§ 9

Changes to this policy

This policy applies as of the date shown above. Updates may be made to reflect changes in technology, legal requirements, or the third-party services involved in delivering the site. The version in force is always the one published at this URL.

terms of sale withdrawal shipping back to the catalogue →