PRIVACY NOTICE

1. Introduction

This Privacy Notice explains how MagnetOui Studio (“we”, “our”, “us”) collect, use, store, disclose, and protect personal data when you order our customised products, using the photos you provide and when you interact with us. We process data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable EU laws.

2. Categories of Personal Data We Process

2.1 Data You Provide Directly

  • Name, surname
  • Email, telephone number
  • Billing and shipping address
  • Photos/images submitted
  • Order details and communications
  • Payment‑related information (handled exclusively by third‑party service providers)

Note on photos:
Photos may contain personal data (e.g., identifiable individuals, minors, sensitive visual cues). We do not perform biometric analysis, and we do not request or require special category data.
You are advised not to upload sensitive or unnecessary data.

2.2 Data Collected Automatically (if using our website)

  • IP address, browser and device data
  • Usage behaviour and cookies (see Cookie Policy)

3. Purposes and Legal Bases

PurposeDescriptionLegal Basis
Order fulfillmentReceiving photos, producing magnets, packaging, shippingArt. 6(1)(b) – Contract
Customer communicationEmail/tel. updates, supportArt. 6(1)(b) – Contract
Payment processingVia secure third‑party providersArt. 6(1)(b) – Contract (Payment processor acts as independent controller)
Compliance with tax/accounting lawsIssuing invoices, record keepingArt. 6(1)(c) – Legal obligation
Quality assuranceVisual check to ensure product accuracyArt. 6(1)(f) – Legitimate interest (minimal, controlled access; interest does not override rights)
Marketing emails (optional)Newsletter, offersArt. 6(1)(a) – Consent
Publishing your photos (optional)Website, Instagram, promotional materialsArt. 6(1)(a) – Consent; Art. 9(2)(a) for incidental special category data
Delivery by postal serviceDelivery of your parcelArt. 6(1)(b) (Postal operator acts as independent controller)

4. Special Categories of Data (Art. 9)

We do not require special category data (racial/ethnic origin, religious beliefs, health, etc.).
If such elements appear incidentally in photos, processing occurs only with your explicit consent under Art. 9(2)(a).

5. Instructions for Customers

Before submitting any content, please ensure that: 

  • You have the right to submit the image.
  • Individuals depicted have authorised their inclusion.
  • Images do not contain illegal or inappropriate content.
  • Sensitive data is shared only if strictly necessary.

6. Recipients of Personal Data (Art. 13(1)(e))

6.1 Processors acting on our behalf (Art. 28 GDPR)

We use carefully selected processors who act only under our instructions:

  • IT and hosting providers – storing orders and photos
  • Printing/production partners (if applicable)
  • Customer support tools (if any)

All processors operate under written Data Processing Agreements.

6.2 Postal / Courier Services – Independent Controller

To deliver your order, we share:

  • name
  • delivery address
  • telephone number (if required)

Postal and courier providers process delivery data as independent controllers, determining:

  • their own legal bases
  • retention periods
  • routing and tracking methods

For access/erasure of delivery data, please contact the postal provider directly.

6.3 Payment processors – process payments securely

6.4 Instagram / Meta Platforms – Independent Controller

If you consent to publication:

  • The photo is shared with Instagram/Meta Platforms Ireland Ltd.
  • Meta acts as an independent controller for all processing after upload.

6.5 Joint Controllership for Instagram Insights

For Instagram “Insights” (aggregated analytics), Meta and our business act as joint controllers, per Art. 26 GDPR.

The essential arrangement:

  • Meta processes analytics data.
  • We receive aggregated statistics.
  • Meta’s controller terms apply.

7. International Transfers (Art. 13(1)(f))

7.1 Transfers via Instagram/Meta

Instagram/Meta may transfer your published image to:

  • United States and other non‑EEA locations.

Transfers rely on:

  • Standard Contractual Clauses (SCCs)
  • Meta’s supplementary safeguards.

7.2 Hosting Provider Transfers

Our hosting provider may transfer data outside the EU subject to SCCs

8. Security Measures (Art. 32 GDPR)

We implement:

  • Encrypted transmission and storage
  • Access control and authentication
  • EU‑based secure hosting
  • Controlled internal access to photos
  • Secure erasure procedures

9. Retention Periods

Data CategoryRetention
Photos for productionDeleted within 30 days of order completion (or earlier upon request)
Order details, financial and tax records10 years as required by law
Published photos (consent‑based)Until withdrawal
Proof of consentPublication period + 2 years 

10. Your Rights

You may exercise the following rights:

Where Instagram is an independent controller, rights must be exercised directly with Meta.

11. Children’s Data

If images include minors, you confirm you have lawful authority to submit and, where applicable, consent to their publication.

12. Automated Decision-Making

We do not use automated decision‑making or profiling within Art. 22 GDPR.

13. Photo Publication (Consent‑Based)

12.1 Purpose

Marketing/portfolio display on:

  • Website
  • Social media (including Instagram @magnetouistudio
  • Promotional print/digital media

12.2 Legal Bases

  • Art. 6(1)(a) – Consent
  • Art. 9(2)(a) – Explicit consent (if sensitive data appears)

12.3 Instagram Processing

Once uploaded, Meta becomes an independent controller.
Instagram may process your image globally under its own policies.

12.4 Withdrawal

You may withdraw consent at any time by contacting us.
We will remove the image from platforms we control.
Instagram may retain cached versions temporarily (platform‑level limitation).

12.5 Retention

  • Photos kept until withdrawal
  • Proof of consent retained for publication + 2 years

13. Contact

Email: info[at]magnetouistudio.com

14. Updates

We may update this Notice to reflect changes in law or operations.