Privacy Policy

Last updated: December 28, 2025

Summary

  • We collect minimal personal data (email, name, address).
  • We use data only for orders, emails, and analytics.
  • We respect your privacy and never sell your data.
  • You have rights to access, correct, or delete your data.
  • GDPR compliance: Data protected and retention limited.

This summary is for convenience only. See full details below.

Overview

Wojtek Photography ("we," "us," or "our") operates this website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and purchase digital products.

What Information We Collect

1. Information You Provide

  • Purchase Information: First name, last name, email, country (via payment modal).
  • Contact Information: Email and message content if you submit the contact form.
  • Payment Data: Handled securely by Stripe (we never store card numbers).

2. Information Collected Automatically

  • Browser & Device Data: Browser type, device type, operating system (via Google Analytics).
  • Usage Data: Pages visited, time spent, links clicked, referral source.
  • IP Address: Anonymized by Google Analytics; we do not store raw IPs.
  • Cookies: Essential, analytics, and marketing cookies as described in our Cookies Policy.

3. Information Not Collected

We do not collect sensitive data such as passwords, financial details, health information, or biometric data.

How We Use Your Information

  • Order Processing: Name and email to confirm purchase, generate invoices, and send download links.
  • Communication: Email to send order confirmations, download instructions, and support responses.
  • Analytics: Aggregated usage data to improve site performance and user experience.
  • Legal Compliance: To comply with tax, accounting, and Swiss law requirements.
  • Marketing: Facebook Pixel for remarketing ads (only if you consent).

Data Sharing

We do not share or sell your personal data. Limited sharing occurs with:

  • Payment Providers: Stripe (for payment processing only).
  • Email Service: Gmail SMTP (for sending order confirmations and support emails).
  • Analytics: Google Analytics (anonymized usage data only).
  • Remarketing: Facebook Pixel (anonymized event data, with your consent).
  • Legal Authorities: Only if required by Swiss law or court order.

Data Retention

  • Purchase Records: Kept for 7 years (Swiss tax law requirement).
  • Download Tokens: Deleted after 30 days (download expiry).
  • Consent Cookies: Retained for 180 days; can be cleared anytime.
  • Analytics Data: Automatically deleted after 26 months (Google Analytics default).
  • Contact Form Data: Deleted after 90 days if not part of an order.

Your GDPR Rights (EU Residents)

If you are located in the EU, you have the following rights under GDPR:

  • Right to Access: Request a copy of your personal data.
  • Right to Correction: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Restrict Processing: Request that we stop processing your data temporarily.
  • Right to Data Portability: Request your data in a portable format.
  • Right to Object: Object to marketing and analytics processing.
  • Right to Withdraw Consent: Withdraw consent for non-essential cookies anytime.

To exercise any of these rights, email [email protected] with "GDPR Request" in the subject. We will respond within 30 days.

Data Security

  • HTTPS encryption for all website traffic.
  • Payment data handled by PCI-DSS compliant provider (Stripe).
  • No sensitive data stored on our servers (payment details, passwords, credit cards).
  • Email and order data stored in secure JSON files with restricted access.
  • Regular security monitoring and updates.

Third-Party Links

This website contains links to external sites (Stripe, Google, Facebook). We are not responsible for their privacy practices. Please review their privacy policies before sharing information.

Children's Privacy

This website is not intended for children under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided information, please contact us immediately at [email protected].

Policy Updates

We may update this policy periodically. Changes will be posted on this page with an updated "Last updated" date. Continued use of the site after updates constitutes acceptance of the new policy.

Contact & Data Protection

For privacy questions, data access requests, or to exercise your GDPR rights, contact:

  • Email: [email protected]
  • Subject Line: "Privacy Request" or "GDPR Request"
  • Response Time: Within 30 days

Legal Jurisdiction

This Privacy Policy is governed by Swiss law. For disputes, the competent courts of Zurich, Switzerland shall have jurisdiction.