Stellar - fine art prints

Privacy Policy

This policy informs you about the processing of personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Slovak Act No. 18/2018 Coll. on the Protection of Personal Data.

1. Data Controller

slachta.gallery, s. r. o.
Štefánikova 5, 917 01 Trnava, Slovak Republic
Company ID (IČO): 53094875, VAT ID: SK2121266455
Email: stellar@slachta.gallery

A Data Protection Officer (DPO) has not been appointed — we are not required to designate one under Art. 37 GDPR. For privacy-related queries, please contact us at the email address above.

2. Data We Process, Purpose and Legal Basis

a) Order Data

We process: first and last name, email address, shipping and billing address, telephone number (if provided), data on ordered items, price, and payment method.

Purpose: conclusion and performance of the sales contract, order processing, delivery, invoicing.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and compliance with legal obligations (Art. 6(1)(c) GDPR).

b) Accounting and Tax Data

Data from issued invoices is processed for bookkeeping and compliance with tax obligations.

Legal basis: compliance with legal obligations under Slovak Act No. 431/2002 Coll. on Accounting and Act No. 222/2004 Coll. on VAT (Art. 6(1)(c) GDPR).

c) Server Log Files

Our hosting provider automatically records IP address, timestamp, requested URL, browser type, and referrer. This data is used to ensure the security and technical operation of the website.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in the secure and functional operation of the website.

d) Audience Measurement (Matomo)

For website audience measurement we use Matomo, operated on a server located in the Slovak Republic (WebSupport, s.r.o.). Matomo is configured in cookieless mode, IP addresses are anonymised, and the data is not shared with third parties. In line with established supervisory authority guidance, no consent is required for this type of measurement.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in evaluating and improving the website.

3. Cookies and Local Storage

Our website does not set any first-party cookies. In your browser's local storage (localStorage) we keep only the data necessary for cart functionality (cart contents, shipping method, customer note, promo code). This data is not transmitted to our servers, remains only in your browser, and can be cleared by you at any time.

During checkout, the payment service provider Stripe may set its own cookies within its own domain for security and fraud prevention purposes. These are third-party cookies strictly necessary for payment processing.

4. Payments — Stripe

Payments are processed by Stripe Payments Europe, Ltd. (Ireland), in certain cases with transfer to Stripe, Inc. (USA). We do not have access to complete card data. Transfers outside the EEA are carried out on the basis of the EU-US Data Privacy Framework (adequacy decision by the European Commission pursuant to Art. 45 GDPR) or Standard Contractual Clauses under Art. 46 GDPR.

stripe.com/privacy

5. Email Communication

Transactional emails (order confirmation, shipping notifications) are sent via Brevo (Sendinblue SAS, France). Sending these emails is necessary for the performance of the contract and does not require separate consent.

Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

6. Recipients of Your Data (Processors)

  • WebSupport, s.r.o. (Slovak Republic) — web hosting and server infrastructure
  • Stripe Payments Europe, Ltd. (Ireland) — payment processing
  • Sendinblue SAS (Brevo) (France) — delivery of transactional emails
  • Shipping carrier — data necessary to deliver the package (name, address, contact)

Your data is not shared with any other third parties unless we are legally required to do so.

7. Data Retention

  • Order and invoice data: 10 years (§ 35 Act No. 431/2002 Coll., § 76 Act No. 222/2004 Coll.)
  • Server log files: 14 days
  • Audience measurement (Matomo): aggregated data without personal identification

8. Your Rights

Under the GDPR, you have the right to:

  • access your personal data (Art. 15),
  • rectification of inaccurate data (Art. 16),
  • erasure of data where no legal retention obligation applies (Art. 17),
  • restriction of processing (Art. 18),
  • data portability (Art. 20),
  • object to processing based on legitimate interest (Art. 21),
  • withdraw consent at any time where processing is based on consent (Art. 7(3)); withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise your rights, contact us at: stellar@slachta.gallery.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority:

Úrad na ochranu osobných údajov Slovenskej republiky
(Office for Personal Data Protection of the Slovak Republic)
Hraničná 12, 820 07 Bratislava 27
dataprotection.gov.sk

10. Automated Decision-Making

No automated decision-making or profiling producing legal or similarly significant effects takes place.

11. Minors

Our services are intended exclusively for persons aged 18 or over. We do not knowingly collect personal data from persons under 18.

Last updated: 21 April 2026