Privacy Policy

Effective Date: February 26, 2026

This Privacy Policy explains how Galerie Slansky (represented by Markus Slansky) ("we," "our," or "us") collects, uses, and protects your personal data when you use our website, services, and purchase our artworks. We are committed to ensuring that your privacy is protected and compliant with the General Data Protection Regulation (GDPR) and applicable Austrian data protection laws (DSG).

1. Data Controller

The entity responsible for the processing of your personal data on this website is:
Galerie Slansky
Markus Slansky
Email: contact@galerieslansky.com

2. Legal Basis for Processing

We process your personal data based on the following legal foundations (Art. 6 GDPR):

• Contractual Necessity: Processing is necessary to fulfill a contract (e.g., fulfilling and shipping your order).
• Legitimate Interests: Processing for our legitimate interests (e.g., preventing fraud, website security, and analytics).
• Consent: When you have given explicit consent (e.g., subscribing to a newsletter or accepting non-essential cookies).
• Legal Obligation: Processing necessary to comply with legal requirements (e.g., tax and accounting laws).

3. Data We Collect

Depending on your interaction with us, we may collect the following data:

• Identity & Contact Data: Name, email address, phone number, shipping and billing address.
• Financial & Transaction Data: Details of your orders and partial payment info (processed securely by Stripe, we do not store full credit card numbers).
• Technical Data: IP address, browser type, device identifiers, time zone, and operating system.
• Usage Data: Information about how you use our website and services, captured securely via Vercel Analytics.

4. Third-Party Data Processors

To provide our services, we share necessary data with trusted third-party service providers (Data Processors). We have Data Processing Agreements (DPAs) in place where legally required:

• Authentication & User Identity (Clerk): We use Clerk to manage user accounts. Clerk processes your name, email, and authentication tokens to keep your session secure.
• Payment Processing (Stripe): Order payments are securely handled by Stripe. Stripe acts as an independent data controller for your financial information.
• Database & Application Hosting (Neon DB & Vercel): Your user data and order history are securely hosted in data centers operated by Vercel and Neon.
• Transactional Emails (Resend): We use Resend to deliver system emails, such as order receipts and password resets.
• Media Storage (Cloudinary): Profile avatars and artwork images are managed through Cloudinary.

5. International Data Transfers

Some of our third-party processors (such as Clerk and Stripe) may transfer your data outside the European Economic Area (EEA), primarily to the United States. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to guarantee a level of protection equivalent to the GDPR.

6. Cookies and Local Storage

We strictly utilize cookies and local storage where it is essential to the function of the website:

• Auth Cookies: Assigned by Clerk to verify logged-in status.
• Application State: LocalStorage keys like cart store your cart items before checkout to ensure a seamless experience.

We do not use aggressive third-party advertising tracking cookies on this site without explicit opt-in.

7. Your Rights Under GDPR

As a data subject in the EU/EEA, you possess robust rights regarding your data:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct incomplete or inaccurate data.
• Right to Erasure (Right to be Forgotten): You can ask us to delete your personal data when there is no longer a good reason for us to process it. (Note: Statutory retention periods for invoices override this right).
• Right to Object: You can object to processing based on legitimate interests.
• Right to Data Portability: You can request the transfer of your data to you or a third party.
• Right to Withdraw Consent: You can withdraw consent at any time.

To exercise these rights, please email us at contact@galerieslansky.com. We respond to all legitimate requests within 30 days.

8. Data Retention

We keep your personal information only as long as necessary. For fulfilled orders, Austrian commercial and tax law strictly requires us to keep billing and transaction data for seven (7) years.

9. Changes to this Policy

We may update this Privacy Policy over time to reflect legal changes or feature updates. We recommend checking back periodically.

10. Contact Information & Complaints

If you have any questions, you can contact us at:
Email: contact@galerieslansky.com

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde) if you believe your data is being mishandled.