Skip to content
Current waiting time: 3 weeks
atelier.mk

Privacy Policy

Last updated: February 18, 2026

At atelier.mk, we take your privacy seriously. This policy explains what personal data we collect, why we collect it, and how we handle it. We are committed to processing as little data as possible and being fully transparent about our practices.

Data Controller

The data controller for this website is atelier.mk, a family-run interior design and custom furniture studio based in Slovakia. For any privacy-related inquiries, you can reach us through the contact form on our website or via the email address listed on our contact page.

Contact Form

When you submit our contact form, we collect the following information:

  • First name and last name
  • Email address
  • Phone number (optional)
  • Your message

We use this data solely to respond to your inquiry and to discuss potential projects. Your data is stored in our secure database and is only accessible to our team.

Legal basis: Processing is based on your consent (Article 6(1)(a) GDPR), given by voluntarily submitting the form, and on our legitimate interest in responding to business inquiries (Article 6(1)(f) GDPR).

Retention: We retain contact submissions for up to 2 years after the last communication, unless a business relationship is established, in which case standard business retention periods apply.

Website Analytics

We use a privacy-friendly, self-hosted analytics system that does not use cookies and does not track you across websites. We collect:

  • Pages visited and time spent on each page
  • Referrer (the website that led you to us)
  • Approximate geographic location (country, region — derived from your IP address via server headers, not stored)
  • Device type, browser, and operating system (derived from the user agent string)
  • Screen width
  • Scroll depth

Your IP address is never stored. Instead, it is combined with the current date and a secret salt, then irreversibly hashed (SHA-256) to produce a daily-rotating anonymous identifier. This means we can count unique visitors per day without being able to identify or track any individual across days or sessions.

Legal basis: Legitimate interest in understanding how our website is used and improving its content (Article 6(1)(f) GDPR). Because no personal data is stored and no cookies are used, this processing has minimal impact on your privacy.

Cookies & Local Storage

We use minimal browser storage, limited to essential functionality only:

  • NEXT_LOCALE — A cookie that stores your language preference (English, Slovak, or German). It is set only when you use the language switcher. Valid for 1 year.
  • Session storage — A randomly generated session ID is stored in your browser's session storage for the duration of your visit. It is used only for analytics and is automatically deleted when you close the tab. It cannot be used to identify you.

Third-Party Services

We use a minimal number of third-party services to operate this website:

  • Vercel — Hosts our website and provides server infrastructure. Vercel may process your IP address and basic request headers to deliver pages. See Vercel's privacy policy for details.
  • Neon — Hosts our database (PostgreSQL). All data is encrypted at rest and in transit.
  • Resend — Delivers email notifications when you submit the contact form. Your name and email address are shared with Resend solely for email delivery.
  • Vercel Blob — Stores images and media files uploaded by our team. No visitor data is stored there.

Data Security

We implement appropriate technical measures to protect your data, including: HTTPS encryption on all connections, strict Content Security Policy headers, rate limiting on form submissions and API endpoints, and access-controlled administrative interfaces. All data transfers to third-party services occur over encrypted connections.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can ask us to correct inaccurate data.
  • Right to erasure — You can ask us to delete your personal data.
  • Right to restriction — You can ask us to limit how we process your data.
  • Right to data portability — You can request your data in a structured, machine-readable format.
  • Right to object — You can object to processing based on legitimate interest.
  • Right to lodge a complaint — You have the right to file a complaint with the Slovak Data Protection Authority (Úrad na ochranu osobných údajov SR).

To exercise any of these rights, please contact us via our contact page. We will respond within 30 days.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated date. We encourage you to review this policy periodically.