PRIVACY POLICY

This Privacy Policy (“Policy”) is designed to inform users about the management of their information by Atelier Angel Karagiozov (“the Studio”). This Policy applies to all online services and platforms owned and operated by the Studio.

Non-Commercial Purpose

The Studio's website is not intended for commercial use. As such, we do not employ cookies for tracking or advertising purposes.

Analytics Data

We collect some  

  to gain insights into unique visits, visited pages, and general geolocation. This data helps us improve our services and user experience.

No Cookie Consent Popups

Since our website  

, there is no requirement for cookie consent popups or any other intrusive design elements. This decision aligns with our commitment to maintaining a user-friendly and aesthetically pleasing user experience.

Compliance with Privacy Regulations

Our website is fully  

 with EU privacy regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Brazilian General Data Protection Law (LGPD).

How visitors are determined

Instead of relying on cookies like many analytics products, visitors are identified by a hash created from the incoming request. Using a generated hash provides a privacy-friendly experience for your visitors and means visitors can't be tracked between different days or different websites. The generated hash is valid for a single day, at which point it is automatically reset. If a visitor loads your website for the first time, we immediately track this visit as a page view. Subsequent page views are tracked through the native Browser API.
source

GDPR

What is the GDPR? Europe's new data privacy and security law includes hundreds of pages' worth of new requirements for organizations around the world. This GDPR overview will help you understand the law and determine what parts of it apply to you. The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros. With the GDPR, Europe is signaling its firm stance on data privacy and security at a time when more people are entrusting their personal data with cloud services and breaches are a daily occurrence. The regulation itself is large, far-reaching, and fairly light on specifics, making GDPR compliance a daunting prospect, particularly for small and medium-sized enterprises (SMEs).
source

LGPD

The General Personal Data Protection Law (Portuguese: Lei Geral de Proteção de Dados Pessoais, or LGPD; Lei 13709/2018), is a statutory law on data protection and privacy in the Federative Republic of Brazil. The law's primary aim is to unify 40 different Brazilian laws that regulate the processing of personal data. The LGPD contains provisions and requirements related to the processing of personal data of individuals, where the data is of individuals located in Brazil, where the data is collected or processed in Brazil, or where the data is used to offer goods or services to individuals in Brazil.
source

CCPA

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. This landmark law secures new privacy rights for California consumers, including:

• The right to know about the personal information a business collects about them and how it is used and shared;
• The right to delete personal information collected from them (with some exceptions);
• The right to opt-out of the sale or sharing of their personal information; and
• The right to non-discrimination for exercising their CCPA rights. In November of 2020, California voters approved

Proposition 24, the CPRA, which amended the CCPA and added new additional privacy protections that began on January 1, 2023. As of January 1, 2023, consumers have new rights in addition to those above, such as:

• The right to correct inaccurate personal information that a business has about them; and
• The right to limit the use and disclosure of sensitive personal information collected about them. Businesses that are subject to the CCPA have several responsibilities, including responding to consumer requests to exercise these rights and giving consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.

source

FAQ

Is Google Analytics illegal?

No, Google Analytics is not illegal for most countries in the EU and it's not illegal in the US or any other country. It is, however, currently illegal in Austria, France, Italy, Denmark, Finland, Norway and Sweden. Sweden have even issued the first significant fine of €1 million for using Google Analytics.

Why is Google Analytics illegal in some countries of the EU?

This is due to a problem with IP addresses. IP addresses are considered personal data, and thus hashing the last 3 octets is not considered strong enough anonymisation as there's a 1 in 255 chance of re-identify. Thus DPO are requiring the IP address not to leave the EU region. This is a problem as the IP is sent natively from the browser to the server. A lot of Google's servers are based in the US, which is outside of the EU. Thus violating GDPR. There is a way to get around this though… You can load the gtag.js and associated pixels via Server-side Google Tag Manager from an EU server. Then purge IPs before they are sent to Google Analytics for processing in order to make GA4 legal in the EU. Here's how to do that.

Using Google Fonts Violates GDPR?

According to GDPR, an IP address is personal information which can be used for identifying the user. Thus, Google Fonts violates GDPR by collecting and sharing personal information with third-party services without user consent.

Do You use Google Fonts?

Yes, we use  Silkscreen due to the native  font optimization in Next JS  for the  " improved privacy and performance ", and when that's not possible, we host them ourselves. This is the only workaround to avoid violating the privacy rights of our users.

Do you use third-party cookies such as Facebook?

It is possible to use third-party tracking, provided you honor your users' privacy rights and strengthen the integrity of your data management practices. The requirement here is to strip away the IP address from these trackers as well. You can accomplish this by employing the 'transform' function with Server-Side Google Tag Manager (SGTM). However, we do not use third-party cookies.