Privacy

The use of my website and my business activities generally involve the processing of personal data. To make these data processing activities transparent, I would like to inform you in this privacy policy about how I process personal data and what rights you have in this context. If you have any further questions, my contact details are provided below.

1. Who I am and how you can reach me

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Elisabeth Perez
Bäuerlegasse 3, 1200 Wien
Email: mail@soonartstudio.com

2. My data processing – purposes and legal bases for processing personal data

2.1 General Information

I process personal data in compliance with the applicable data protection laws, particularly the General Data Protection Regulation (GDPR, Regulation [EU] 2016/679) and the Austrian Data Protection Act (DSG). Processing is carried out only on the basis of a legal ground (especially under Art. 6 para. 1 lit. a–f GDPR), which is specified below for each type of data processing. All employees entrusted with data processing are obligated to maintain the confidentiality of your data (data secrecy). I do not carry out automated decision-making.

In principle, I collect personal data directly from the data subject. In some cases, I collect and store personal data (especially names, contact information) from correspondence with clients and business partners or from publicly available sources (e.g., phone directories, websites, company registers) based on Art. 6 para. 1 lit. f GDPR (and not directly from the data subject) when necessary for providing services or for contacting and administering, which constitutes my legitimate interest.

2.2 Operation of My Website

When you access my website (soonartstudio.com), your computer (device) or browser automatically transmits certain information to enable the visit and the operation of the site:

• IP address

• Date and time of the request

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (page/content accessed)

• Access status / HTTP(S) status code

• Referrer URL (previously visited website)

• Browser and browser version

• Operating system and its interface

This data is stored in the log files of my system. These data are not stored together with other personal data of the user.

Legal Basis and Purpose of Processing:
The legal basis for processing and temporary storage of this data in log files is Art. 6 para. 1 lit. f GDPR. The temporary storage is necessary to deliver the website to the user's device. Storage in log files ensures the functionality, security, and optimization of the website—specifically the integrity, confidentiality, and availability of data processed via the website. These purposes also constitute my legitimate interest under Art. 6 para. 1 lit. f GDPR.

Storage Duration:
The data is deleted once it is no longer necessary for the purpose it was collected. For website delivery, this means the end of the session; for log files, usually after seven days—unless further processing is needed to investigate a (suspected) cyberattack. Data may be shared with third parties (e.g., experts, authorities) only in the case of a security incident or criminal act for clarification and legal enforcement purposes.

2.3 Social Media

I use social media to present my work through common communication channels. Each platform has its own privacy policies governing how your personal data is processed when you access their pages. For example, when accessing a LinkedIn link, you are asked to accept LinkedIn cookies. If you have concerns about how your data is handled, please read the respective privacy policies before using the services:

• LinkedIn Privacy Policy

• Instagram Privacy Policy

2.4 Service Delivery, Client Support & Marketing

I process personal data for the purpose of delivering my services, client support, communication, internal documentation, and administration. Legal bases include the performance of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR), compliance with legal obligations (Art. 6 para. 1 lit. c GDPR), and my legitimate interests (Art. 6 para. 1 lit. f GDPR)—especially legal claims or internal business management.

Certain personal data must be provided by law or contract; otherwise, a contract cannot be concluded and services cannot be rendered.

2.5 Contact and Online Appointment Scheduling

When you contact me (e.g., through online appointment tools or via email), the data you provide (name, contact info, other details) are processed for documentation, processing, and response. Required fields are marked; additional fields are optional.

The legal basis for this processing is my legitimate interest in proper documentation and response (Art. 6 para. 1 lit. f GDPR). If the inquiry is part of a customer relationship or its initiation, the legal basis is the performance of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

If you contact me on behalf of your employer or client, my legitimate interest (Art. 6 para. 1 lit. f GDPR) also applies. In the case of an active client relationship, Art. 6 para. 1 lit. b GDPR also applies.

Tools used:

• ConvertKit (for newsletters): ConvertKit, Inc., 750 West Bannock Street #761, Boise, Idaho 83701-0761, USA. Your personal data is processed according to their privacy policy: https://convertkit.com/privacy

• Tally.so (for contact forms): Tally B.V., August Van Lokerenstraat 71, 9050 Gentbrugge, Belgium. Privacy details: https://tally.so/help/privacy-policy

3. How Long Do I Store Personal Data?

Unless otherwise stated, I store personal data only as long as needed to fulfill the stated purposes or as legally required.

For business documents, contracts, and bookings (per § 212 UGB and § 132 BAO), data is stored until the end of the business relationship or for at least 7 years to meet legal tax and commercial retention obligations, and longer if required for ongoing legal claims (up to 30 years in certain cases).

For inquiries (contact): voluntarily provided personal data will be stored for processing and record-keeping purposes for up to 3 years after resolution unless longer storage is required for legal obligations or the defense or assertion of claims.

4. Rights of the Data Subject

Provided the legal conditions are met, you have the following rights:

• Right of access (Art. 15 GDPR): You can request confirmation and information about whether and which personal data I process about you.

• Right to rectification (Art. 16 GDPR): If data about you is incorrect or incomplete.

• Right to erasure (Art. 17 GDPR): Under certain conditions, you can request deletion.

• Right to restriction of processing (Art. 18 GDPR).

• Right to data portability (Art. 20 GDPR): For data provided by you if processing is based on consent (Art. 6 para. 1 lit. a) or contract (Art. 6 para. 1 lit. b) and is carried out by automated means.

If processing is based on legitimate interests (Art. 6 para. 1 lit. f GDPR), you have the right to object under Art. 21 GDPR, especially if your particular situation justifies it. You may object to processing for direct marketing purposes at any time without restrictions.

You may withdraw any consent granted for the processing of personal data at any time. Please contact me (see contact details). Withdrawal does not affect the legality of processing carried out before the withdrawal.

4.1 Right to Lodge a Complaint

You have the right to file a complaint with your local data protection authority. In Austria, this is the:

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
Website: www.dsb.gv.at

However, if you are dissatisfied, I kindly ask you to contact me first so I can have the opportunity to resolve the issue promptly.