top of page

PRIVACY POLICY

1. Introduction
This Privacy Policy describes how Brand Atelier ("we", "us", "our", or "the Studio") collects, uses, stores, and protects the personal data of visitors and clients of our website https://www.brandatelier.studio (the "Website").
We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Greek data protection law (Law 4624/2019).
By using our Website or submitting our contact form, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
Legal name: [Full legal entity name] Trading as: Brand Atelier Registered address: [Street, Postal Code, City, Greece] VAT Number: [VAT] / Tax Office: [Tax Office] Email: hello@brandatelier.studio Phone: 0030 6984461065
For any questions or concerns about how we handle your personal data, please contact us at the email address above.
3. What Data We Collect
3.1 Data you provide through our contact form
When you fill in the form on our Contact page, we may collect:

  • Full name

  • Email address

  • Phone number (if you choose to provide it)

  • Business or brand name (if applicable)

  • Project information (description, budget, timeline, scope)

  • Any additional information you include in the message field

3.2 Data collected automatically
When you browse the Website, we may automatically collect:

  • IP address

  • Browser type and version

  • Operating system and device type

  • Pages visited and time spent on each page

  • Referring website

This data is collected through cookies and analytics tools (see Section 8).
3.3 Data collected during a project engagement
If we move forward with a working relationship, we may collect additional information necessary to deliver our services and issue invoices, such as VAT number, billing address, and payment details.
4. Purposes and Legal Basis for Processing
PurposeLegal basis
Responding to your enquiry submitted via the contact formSteps taken at your request prior to entering into a contract (Art. 6(1)(b) GDPR)
Delivering design services and performing the contractPerformance of a contract (Art. 6(1)(b) GDPR)
Issuing invoices and meeting tax/accounting obligationsCompliance with a legal obligation (Art. 6(1)(c) GDPR)
Improving the Website and analysing trafficOur legitimate interest in operating and improving our business (Art. 6(1)(f) GDPR)
Sending updates, newsletters, or marketing communicationsYour consent (Art. 6(1)(a) GDPR) — only if you have opted in
Showcasing completed work in our portfolioYour consent or our legitimate interest, subject to any confidentiality agreement
5. How We Use Your Data
We use the data we collect to:

  • Respond to your enquiry and prepare proposals or quotes

  • Communicate with you throughout the project

  • Deliver the agreed design services

  • Manage invoicing, payments, and accounting records

  • Improve our Website, services, and user experience

  • Comply with legal and regulatory obligations

  • Display selected work in our portfolio (with your prior consent where required)

We do not sell your personal data to third parties under any circumstances.
6. Sharing Your Data with Third Parties
We may share your personal data with carefully selected third-party service providers who help us operate our business. These include:

  • Website hosting & form processing (our website platform and form provider)

  • Email service providers (for receiving and sending project communications)

  • Cloud storage and project management tools (for storing project files and collaboration)

  • Accounting and invoicing software / our accountant (for issuing invoices and meeting tax obligations)

  • Analytics providers (e.g. Google Analytics or similar)

  • Payment processors (for handling payments, where applicable)

All third-party processors are bound by data protection agreements and are required to handle your data in line with the GDPR.
We may also disclose your data when required by law, court order, or to protect our legal rights.
Transfers outside the EU/EEA
Some of our service providers (e.g. cloud or analytics tools) may store data outside the European Economic Area. In such cases, we ensure that appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses, to guarantee an adequate level of protection.
 

7. How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes for which it was collected:

  • Contact form enquiries that don't lead to a project: up to 12 months

  • Active client data: for the duration of our engagement

  • Project files & communications after completion: up to 5 years (for portfolio reference and potential follow-ups)

  • Invoices and accounting records: for the period required by Greek tax law (currently 5–10 years)

  • Marketing data (where consent was given): until you withdraw your consent

After these periods expire, your data is securely deleted or anonymised.
8. Cookies
Our Website uses cookies and similar technologies to ensure proper functionality, analyse traffic, and improve user experience.
Types of cookies we use:

  • Essential cookies — necessary for the Website to function (cannot be disabled)

  • Analytics cookies — help us understand how visitors interact with the Website (e.g. Google Analytics)

  • Functional cookies — remember your preferences

You can manage or disable cookies at any time through your browser settings. Please note that disabling certain cookies may affect the Website's functionality.
When required, we will request your consent through a cookie banner before placing non-essential cookies on your device.
9. Your Rights Under the GDPR
As a data subject, you have the following rights:

  • Right of access — to know what data we hold about you and request a copy

  • Right to rectification — to correct inaccurate or incomplete data

  • Right to erasure ("right to be forgotten") — to request deletion of your data

  • Right to restrict processing — to limit how we use your data

  • Right to data portability — to receive your data in a structured, machine-readable format

  • Right to object — to object to processing based on our legitimate interest, including direct marketing

  • Right to withdraw consent — at any time, where processing is based on consent

  • Right to lodge a complaint — with the Hellenic Data Protection Authority (www.dpa.gr)

To exercise any of these rights, please contact us at [your-email@brandatelier.studio]. We will respond within one month, in line with GDPR requirements.
10. Data Security
We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure, including:

  • Encrypted data transmission (SSL/HTTPS)

  • Access controls and strong passwords

  • Secure cloud storage with reputable providers

  • Regular review of our security practices

However, no method of transmission or storage on the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
11. Children's Privacy
Our Website and services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on this page, with the "Last updated" date revised accordingly. We encourage you to review this Policy periodically.
13. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or how we handle your personal data, please contact us at:
Brand Atelier Email: hello@brandatelier.studio Address: [Street, Postal Code, City, Greece]
You also have the right to lodge a complaint with the Hellenic Data Protection Authority: Kifissias Avenue 1-3, 115 23 Athens www.dpa.gr

bottom of page