§ Privacy

Privacy Policy

1. Controller

Lara Meya (MYA)
c/o SourceArt
Tuttlingerstraße 45
78333 Stockach
Germany
E-mail: larameya.art@gmail.com

2. Purposes and legal basis of processing

  • Contact and inquiry handling — Art. 6 (1) (b) and (f) GDPR.
  • Technical provision of the website, security, abuse prevention and server log files — Art. 6 (1) (f) GDPR.
  • Scheduling of online meetings (Zoom / Microsoft Teams / Google Calendar) — Art. 6 (1) (b) GDPR, only upon your active request.

3. Recipients and processors

  • Hosting / CDN: Lovable (Lovable AB, Sweden) and Cloudflare, Inc. (USA). Cloudflare processes connection data (IP address, request metadata) to deliver the site and protect against attacks.
  • E-mail: Google Ireland Ltd. / Google LLC (Gmail) — used to receive and answer your inquiries sent to larameya.art@gmail.com.
  • Online meetings (optional, only on request): Zoom Video Communications, Inc. (USA), Microsoft Ireland Operations Ltd. (Teams) and Google Ireland Ltd. (Google Calendar). These services are only contacted when you actively pick a date on the meeting page.

4. Contact form / e-mail inquiries

The contact form on this website does not transmit data to a server of ours. When submitted, your local e-mail client opens with a pre-filled message that you send yourself. The data you provide (name, e-mail, country, language, budget, timeframe, message) is processed solely to answer your inquiry and is deleted at the latest three years after the last contact, unless legal retention obligations apply.

5. Server log files

When you visit this site, the hosting provider automatically processes technical data (IP address, date and time, requested URL, referrer, user agent) for the purpose of providing the website and ensuring its security. Log data is stored for a maximum of 30 days and then deleted.

6. Local storage (no cookies)

This website does not use tracking cookies. For the shopping cart and selected fair days, we use the browser's local storage. This is strictly necessary to provide the functionality you requested (§ 25 (2) no. 2 TDDDG) and does not require consent. You can delete this data at any time via your browser settings.

7. International data transfers

Some of the services listed above (Cloudflare, Zoom, Microsoft, Google) may process data in the United States. Transfers take place on the basis of the EU-US Data Privacy Framework (Art. 45 GDPR) and/or EU Standard Contractual Clauses (Art. 46 GDPR) together with additional safeguards.

8. Your rights

You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and to object (Art. 21).

Right to object pursuant to Art. 21 (1) GDPR: You have the right to object at any time to the processing of your personal data based on Art. 6 (1) (f) GDPR (legitimate interest) for reasons arising from your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Consents given can be revoked at any time with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority — for us the competent authority is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (Königstraße 10a, 70173 Stuttgart).

9. No obligation to provide data / No automated decision-making

You are neither legally nor contractually obliged to provide us with your personal data. However, providing your contact details is necessary for us to process your inquiry.

We do not use any automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

Last updated: May 2026