top of page
LOGO.png

Privacy Policy

Studio Seciao

 

Studio Seciao – operated by Eva Gallien

Last updated: March 2026

 

The protection of your personal data is important to Studio Seciao (“we”, “us”, “the Studio”). This Privacy Policy explains what personal data we collect, why we collect it, how we process it, and what rights you have under the EU General Data Protection Regulation (GDPR) and applicable Austrian data protection legislation.

 

1. Controller

The controller responsible for data processing is:

Eva Gallien / Studio Seciao

Halmweg 4, 8054 Graz, Austria

E-mail: studioseciao@gmail.com

Website: www.seciao.com

 

2. What Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

 

2.1 Contact and communication data

• Name, e-mail address, phone number, business name

Messages sent via our website contact form, e-mail (Gmail), Instagram or TikTok DMs, WhatsApp, or phone

 

2.2 Contract and billing data

• Business address, VAT number (if applicable), bank/payment details

• Project details, invoices, payment records

 

2.3 Project-related data

• Photographs, videos, and other creative content produced during a project

• Location data, styling preferences, briefing documents, and other materials you provide

 

2.4 Website usage data

• IP address (anonymised), browser type, device information, pages visited, time of access

• Collected via Google Analytics (see Section 6 below)

 

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases under Art. 6(1) GDPR:

 

3.1 Contract performance – Art. 6(1)(b) GDPR

• Processing inquiries and communicating with you

• Preparing offers, concluding and performing contracts

• Invoicing and payment processing

• Delivering project files and managing project-related communication

 

3.2 Legal obligations – Art. 6(1)(c) GDPR

• Retaining invoices and accounting records as required by Austrian tax law (§ 132 BAO: 7-year retention)

 

3.3 Legitimate interests – Art. 6(1)(f) GDPR

• Using your work in our portfolio, website, and social media (our legitimate interest in self-promotion; see GTC Section 14)

• Analysing website traffic via Google Analytics to improve our online presence

• Protecting our legal rights (e.g. in the event of disputes)

 

3.4 Consent – Art. 6(1)(a) GDPR

• Sending marketing communications such as newsletters or offers (only with your prior consent)

• Any other processing that requires your consent

You may withdraw your consent at any time by contacting us at studioseciao@gmail.com. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

 

4. How We Collect Your Data

We collect personal data in the following ways:

• Directly from you: when you contact us via our website contact form, e-mail, phone, WhatsApp, or social media DMs; when you place an order or enter into a contract with us; when you provide materials for a project.

• Automatically: when you visit our website, certain technical data is collected via cookies and Google Analytics.

• From third parties: in rare cases, we may receive your contact details from a referral or through a platform you use to reach us (e.g. Instagram, TikTok).

 

5. Recipients and Third-Party Processors

We may share your personal data with the following categories of recipients, solely to the extent necessary for the purposes described above:

 

5.1 Cloud storage

We use Dropbox (Dropbox, Inc., USA) to store and manage project files. Dropbox processes data on servers in the USA and/or the EU. The transfer to the USA is safeguarded by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. More information: https://www.dropbox.com/privacy

 

5.2 E-mail

We use Google Gmail (Google LLC, USA) for e-mail communication. Google processes data on servers worldwide. The transfer is safeguarded by SCCs. More information: https://policies.google.com/privacy

 

5.3 Website analytics

We use Google Analytics (Google LLC, USA) to analyse website traffic. See Section 6 below for details.

 

5.4 Social media platforms

When you contact us via Instagram (Meta Platforms, Inc.), TikTok (ByteDance Ltd.), or WhatsApp (Meta Platforms, Inc.), the respective platform processes your data according to its own privacy policy. We have no influence over this processing.

 

5.5 Other recipients

• Tax advisor / accountant (legal obligation)

• Third-party contractors engaged for projects (e.g. assistants, stylists, drone operators) – only to the extent necessary for project execution

• Courts and authorities, if legally required

We do not sell your personal data to any third party.

 

6. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies to help us analyse how visitors use our website.

We have enabled IP anonymisation (anonymizeIp), which means Google truncates your IP address within the EU/EEA before transmitting it to Google servers in the USA. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in analysing website usage to improve our services). Where required by law, we obtain your consent before setting analytics cookies (Art. 6(1)(a) GDPR).

You can prevent the collection of data by Google Analytics by using a browser opt-out plugin available at https://tools.google.com/dlpage/gaoptout, or by adjusting your cookie settings on our website.

 

7. Google Fonts

Our website uses Google Fonts, a font delivery service provided by Google LLC (“Google”). Specifically, we use the fonts Figtree and Ovo. When you visit our website, your browser loads these fonts directly from Google’s servers, which causes your IP address and certain browser data to be transmitted to Google in the USA.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a visually consistent and professionally designed website). The transfer to the USA is safeguarded by Standard Contractual Clauses (SCCs).

Alternatively, you can prevent the loading of Google Fonts by adjusting your browser settings to block requests to fonts.googleapis.com or fonts.gstatic.com. This may affect the visual appearance of the website.

More information: https://developers.google.com/fonts/faq/privacy

 

8. Cookies

Our website uses cookies. Cookies are small text files stored on your device by your browser.

We use the following types of cookies:

• Strictly necessary cookies: required for the website to function properly. Legal basis: Art. 6(1)(f) GDPR.

• Analytics cookies (Google Analytics): used to understand how visitors interact with the website. Legal basis: consent, Art. 6(1)(a) GDPR, or legitimate interest, Art. 6(1)(f) GDPR, depending on applicable requirements.

You can manage or delete cookies through your browser settings at any time. Blocking certain cookies may affect the functionality of the website.

 

9. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law:

• Contract and billing data: 7 years after the end of the relevant fiscal year (Austrian tax law, § 132 BAO).

• Project files (photos, videos, deliverables): up to 3 years from delivery (see GTC Section 17). After this period, files may be deleted without notice.

• Communication data (e-mails, messages): retained for the duration of the business relationship and up to 3 years thereafter for the purpose of defending potential legal claims.

• Website analytics data: automatically deleted after 14 months (Google Analytics default with data retention settings applied).

• Marketing data: until you withdraw your consent.

After the applicable retention period, data is securely deleted or anonymised.

 

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): You may request confirmation of whether we process your personal data and, if so, access to that data.

• Right to rectification (Art. 16 GDPR): You may request correction of inaccurate data or completion of incomplete data.

• Right to erasure (Art. 17 GDPR): You may request deletion of your data where there is no legal basis or legitimate reason for its continued processing.

• Right to restriction of processing (Art. 18 GDPR): You may request restriction of processing under certain conditions.

• Right to data portability (Art. 20 GDPR): You may request to receive your data in a structured, commonly used, machine-readable format.

• Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests at any time. We will cease processing unless we demonstrate compelling legitimate grounds.

• Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at studioseciao@gmail.com. We will respond within one month of receiving your request.

 

11. Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for Austria is:

Österreichische Datenschutzbehörde (Austrian Data Protection Authority)

Barichgasse 40–42, 1030 Vienna, Austria

E-mail: dsb@dsb.gv.at

Website: https://www.dsb.gv.at

 

12. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encrypted communication (SSL/TLS), access controls, and secure storage of physical and digital files. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

 

13. International Data Transfers

Some of the third-party services we use (Google, Dropbox, Meta) are based in the USA. Where personal data is transferred outside the EU/EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2)(c) GDPR. You may request a copy of the relevant safeguards by contacting us.

 

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The current version will always be available on our website at www.seciao.com. We encourage you to review this page periodically. Material changes will be communicated where appropriate.

 

15. Contact

If you have any questions about this Privacy Policy or our data processing practices, please contact us:

Eva Gallien / Studio Seciao

E-mail: studioseciao@gmail.com

Website: www.seciao.com

bottom of page