Privacy Policy for Personal Data Processing

1. Introduction

Welcome to the Kinosura Creative Studio website! We respect your privacy and are committed to protecting personal data. This Policy describes:

• What information do we collect
• Why and on what legal basis do we process it
• With whom and under what conditions do we share data
• How long do we retain data
• Your rights as a data subject
• How to contact us regarding GDPR matters

2. Data Controller

Kinosura Creative Studio
Business ID (Y-tunnus): 2 677 199-8
Address: Taivaanpankontie A 1, 70 200 Kuopio, Finland
Contact email: boris.smirin@gmail.com
GDPR Responsible Person: Boris Smirin

3. Data We Collect

1. Photo sales via the website:
   • Name
   • Email address
   • Phone number
2. Photo session inquiry form:
   • Name
   • Email address
   • Phone number
   • Project description
   • Location and date of session
3. Customer reviews form:
   • Name
   • Email address

4. Purposes and Legal Grounds for Processing

Processing PurposeData CollectedGDPR Legal BasisExecuting photo sales agreementsName, email, phone numberArt. 6(1) (b) – Performance of contractPre-contractual measures (inquiry handling)Name, email, phone number, description, location, dateArt. 6(1) (b) – Pre-contractual measuresCollecting customer reviewsName, email addressArt. 6(1) (f) – Legitimate interest

5. Cookies and Tracking Technologies

We use the following tracking tools on our site:

• Google Analytics
• Facebook Pixel
• Google Ads Pixel

No third-party cookies are placed without your explicit consent (cookie banner).

6. Disclosure to Third Parties

We disclose personal data only to trusted partners for contract execution and website maintenance:

• Stripe – payment service provider. Stripe’s Data Processing Agreement (DPA) is available at https://stripe.com/legal/dpa. A signed DPA with Stripe ensures lawful data processing.
• Wfolio – website CMS platform. According to Wfolio’s terms, the service does not process your customers’ personal data but only provides infrastructure (”CMS does not process personal data collected by the User on the Sites”). Therefore, a DPA with Wfolio is not required.

7. Data Retention Periods

• Photo sales customer data (name, email, phone): up to 5 years for accounting and potential inquiries.
• Inquiry form data: 1 year after processing and sending a proposal.
• Customer reviews data: up to 5 years to support feedback processes and service improvements.

8. Data Subject Rights

You have the right to:

• Request access to your data
• Rectify inaccurate information
• Request deletion of your data (”right to be forgotten”)
• Restrict processing of your data
• Data portability to another controller
• Object to processing (including legitimate interest processing)
• Withdraw consent (if applicable)

Submit requests to boris.smirin@gmail.com. We will respond within one month.

9. Security Measures

We implement the following measures to protect data:

• HTTPS encryption and database encryption
• Regular backups and software updates
• Access control (passwords, two-factor authentication)

10. Data Breach Notification

In the event of a data breach, we will notify the supervisory authority and affected individuals without undue delay, and no later than 72 hours after becoming aware of the breach.

11. Contact Information and Supervisory Authority

If you have questions or wish to lodge a complaint regarding data processing, contact us at:

• Email: boris.smirin@gmail.com
• Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)

12. Policy Updates

We may update this Policy as needed. The date of the latest revision will be indicated at the top of the page.