Legal

Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

Ester Batllori I Vila
Riesestr. 11, 12347 Berlin
Email: ester.batllori@gmail.com

2. Collection and processing of personal data

I only collect personal data to the extent necessary for the performance of a contract or on the basis of your explicit consent. The legal bases are set out in Art. 6 GDPR.

When purchasing an artwork, I process the following data:

  • First and last name
  • Delivery address
  • Email address
  • Phone number
  • Payment information (processed directly by the payment service providers)

This data is used solely for processing the purchase contract and organising delivery (Art. 6 (1)(b) GDPR).

3. Contact form

If you use the contact form, the data you enter (name, email address, message) will be stored to process your enquiry. I will not share this data without your consent. The legal basis is Art. 6 (1)(b) GDPR (contract-related enquiries) and Art. 6 (1)(f) GDPR (legitimate interest in responding to enquiries).

4. Third-party providers and processors

Vercel (Hosting)

This website is hosted on servers operated by Vercel Inc., 340 Pine Street, Suite 801, San Francisco, CA 94104, USA. When you visit the website, your IP address and technical access data are automatically transmitted to Vercel. Data may be transferred to servers in the United States. The transfer is based on the EU-US Data Privacy Framework, under which Vercel is certified. More information: vercel.com/legal/privacy-policy

Supabase (Database)

Order data is stored in a database operated by Supabase Inc. Supabase processes data in accordance with GDPR using servers in the EU. More information: supabase.com/privacy

Stripe (Payment processing)

For card payments I use Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Your payment data is transmitted directly and encrypted to Stripe. I do not have access to full card details at any time. More information: stripe.com/privacy

PayPal

When paying via PayPal, the data required for the transaction is transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Privacy policy: paypal.com/privacy

Klarna

When paying via Klarna, your data is transmitted to Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. Klarna may perform a credit check. Privacy policy: klarna.com/privacy

Resend (Email delivery)

For sending order confirmations I use Resend Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA. Your email address and name are transmitted. Resend processes data in accordance with GDPR. More information: resend.com/legal/privacy-policy

5. Cookies and local storage

This website uses only technically necessary storage mechanisms (such as browser local storage) to ensure the functionality of the website, for example to store the shopping cart. No tracking or analytics technologies are used.

These technologies are used on the basis of Art. 6 (1)(f) GDPR (legitimate interest in providing a functional website).

6. Data retention

Personal data is stored only for as long as necessary for the respective purposes or as required by statutory retention obligations. Order data is retained in accordance with commercial and tax law retention periods (up to 10 years).

7. Your rights (Art. 15–21 GDPR)

You have the right to:

  • Access the personal data stored about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

To exercise these rights, please contact me by email: ester.batllori@gmail.com

8. Right to lodge a complaint

You have the right to lodge a complaint with the competent data protection supervisory authority. For Berlin, this is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, mailbox@datenschutz-berlin.de.

9. Data security

This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries. You can recognise an encrypted connection by the "https://" in your browser's address bar.

10. Server log files

When you visit this website, the hosting provider automatically collects and stores information in so-called server log files. This may include:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL
  • Time of the server request

This data is not merged with other data sources and is used to ensure the technical stability and security of the website.

The legal basis is Art. 6 (1)(f) GDPR.

Last updated: March 2026

Cart

Your cart is empty.

Browse paintings