PRIVACY POLICY
Last updated: April 8th, 2025
1. General Information
We at https://swanprints.art, operated by Nicola Hackl-Haslinger ("we," "us," or "our"), respect your privacy and are committed to protecting your personal data.
This Privacy Policy explains how we collect, use, and protect your data when you visit our website https://swanprints.art, purchase products, subscribe to our newsletter, or contact us.
We comply with the General Data Protection Regulation (GDPR) and Austrian data protection laws (DSG).
2. Data Controller
The responsible party for data processing is:
Nicola Hackl-Haslinger
Leitnergasse 4, 4040 Gramastetten, Austria
photography@nhh.art
If you have any questions about how we process your data, please contact us.
3. Data We Collect
We only collect data necessary to provide our services. The following types of data are processed:
3.1 Automatically Collected Data (Server Logs & Analytics)
When you visit our website, the following data is automatically recorded:
- Your IP address (anonymized)
- Browser type and version
- Operating system
- Referrer URL
- Date and time of access
- Pages visited
Analytics: We use self-hosted Umami analytics to analyze website traffic without storing personal data or using cookies.
3.2 Data You Provide
When you make a purchase, subscribe to our newsletter, or contact us, we collect:
- Name
- Email address
- Shipping and billing address
- Payment details (processed securely via Stripe or other payment providers; we do not store credit card details)
- Order history
- Any additional information you provide voluntarily
For secure payment processing, we use Stripe, a certified PCI-DSS compliant service provider. When you enter your payment information, it is sent directly to Stripe and never stored on our servers. You can read Stripe’s privacy policy here: https://stripe.com/privacy
3.3 Newsletter and Marketing Emails
We use self-hosted Listmonk to manage newsletters and email communications.
If you subscribe, we collect:
- Your email address
- Your name (if provided)
You can unsubscribe anytime using the link in our emails.
3.4 Transactional Emails
For order confirmations, invoices, and account-related emails, we use:
These services process only the necessary data for email delivery.
4. Cookies
Our website uses only essential cookies for security and functionality.
We do not use tracking cookies or third-party advertising cookies.
If you disable cookies in your browser settings, some website features may not function properly.
5. Purpose of Data Processing
We process your data for the following purposes:
- To process and fulfill your orders (legal basis: Art. 6(1)(b) GDPR, contract performance)
- To send order confirmations, invoices, and support messages (Art. 6(1)(b) GDPR)
- To send newsletters (only with your consent, Art. 6(1)(a) GDPR)
- To securely process payments via Stripe (Art. 6(1)(b) GDPR, contract performance)
- To analyze website performance and improve user experience (Art. 6(1)(f) GDPR, legitimate interest)
- To comply with legal obligations (e.g., tax regulations, Art. 6(1)(c) GDPR)
6. Data Security
We take security seriously and implement:
- Encrypted connections via SSL/TLS
- Secure self-hosted infrastructure
- Limited access to customer data
Your data is never shared with third parties except where necessary for order fulfillment or legal compliance.
7. Data Sharing and Third-Party Services
We do not share or sell your data to third parties. Data is only shared where necessary:
| Service | Purpose | Location | Data Processed |
|---|---|---|---|
| Stripe | Payment processing | USA/EU | Name, email, address, payment details |
| Resend | Transactional emails | USA | Email address, order details |
| Amazon SES | Transactional emails | USA/EU | Email address, order details |
| Listmonk (Self-hosted) | Newsletters | Self-hosted | Email address |
| Umami (Self-hosted) | Website analytics | Self-hosted | Anonymized visit data |
Each service is GDPR-compliant and processes only essential data.
Stripe is certified to the EU-U.S. Data Privacy Framework and implements appropriate safeguards to protect your data. We only share data required to process your payment securely.
8. Data Retention
We store data only as long as necessary:
- Orders & invoices: 7 years (legal requirement)
- Newsletter subscriptions: Until you unsubscribe
- Customer accounts: Until you request deletion
- Server logs & analytics: 30 days (anonymized)
You can request data deletion at any time (see Section 10).
Payment details: Not stored by us. Processed by Stripe according to their data retention policies.
9. Your Rights Under GDPR
As an EU resident, you have the right to:
- Access your data (Art. 15 GDPR)
- Correct inaccurate data (Art. 16 GDPR)
- Request deletion ("right to be forgotten") (Art. 17 GDPR)
- Restrict processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
To exercise these rights, contact us at photography@nhh.art.
If you believe we are violating data protection laws, you have the right to file a complaint with the Austrian Data Protection Authority:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Austria
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at
10. How to Request Data Deletion
If you wish to delete your data, send a request to photography@nhh.art.
- Orders and invoices cannot be deleted due to legal tax requirements.
- Newsletter subscriptions can be canceled via the unsubscribe link.
- Customer accounts can be deleted upon request.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The latest version will always be available at https://swanprints.art/privacypolicy. If changes affect your rights, we will notify you via email.
12. Contact Information
For any privacy-related questions, please contact:
Nicola Hackl-Haslinger
Leitnergasse 4, 4040 Gramastetten, Austria
photography@nhh.art
