top of page

Privacy Policy

We at SERJOTATTOO (”we”, “us”, or “our”) respect your privacy and are committed to protecting it. This Privacy Policy explains how we collect, use, and share your personal data when you use our website (the “Site”), which includes our tattoo portfolio and online art shop.

It also outlines the legal bases for processing under the GDPR, your rights regarding your data, and how we use cookies and tracking technologies.

By using our Site, you acknowledge that you have read and understood this Policy.

Personal Data Collection

Information You Provide to Us: When you interact with our Site (for example, by making a purchase or contacting us), you may provide certain personal information. This can include your name, email address, phone number, shipping and billing address, payment details, and any other information you choose to give. We collect this data only when you voluntarily submit it (e.g. to place an order or ask a question) and use it for the purposes for which you provided it – such as fulfilling your order, responding to your inquiries, or providing services you requested.

Information Collected Automatically: When you visit our Site, we automatically receive certain technical data about your device and usage of the Site. This data is collected by our website platform provider (Wix) and analytics services (Google Analytics) through cookies, scripts, and other tracking technologies. It may include details like your IP address, browser type and version, device identifiers, time zone, referring pages, and how you navigate and interact with our Site (pages viewed, clicks, and other usage information). We collect this information to operate and secure the website properly, to analyze traffic and performance (so we can improve our Site and services), and to personalize your experience. This usage data is generally aggregated and does not directly identify you, but it may be considered personal data under GDPR if it can be linked to you. Where required by law, we will obtain your consent before using cookies or similar technologies to collect this information.

Third-Party Data Collection (Wix and Google): Our Site is built on the Wix platform, which means Wix may process site visitor data on our behalf to enable website functionality (e.g. displaying content, enabling the shop, and maintaining security). Wix may collect and store data such as your IP address and device information in log files and databases to operate the site . We also use Google Analytics to understand how visitors use our Site; Google Analytics uses its own cookies and similar tools to collect information about your Site usage and report to us. Additionally, we use Google Ads (e.g. Google Ads conversion tracking or remarketing tags) to help advertise our products and measure the effectiveness of our ads. These Google services may collect data about your visit (such as pages you viewed or if you came to our Site via an advertisement) and use cookies or online identifiers to show you targeted ads on other platforms. Please note that we do not obtain personal identifiers like your name or email from Google Analytics or Google Ads – we only see aggregated statistics and advertising audiences. However, Google may process personal data about you as part of providing these services, as explained in their privacy policy. We provide more details about cookies and how to manage them in the Cookies and Tracking section of this Policy.

We do not actively collect any sensitive personal data (such as health information, etc.) on our Site. We ask that you refrain from submitting such sensitive data through any forms. Our Site is intended for use by adults; we do not knowingly collect personal information from children under 16, and if you are under 16 you should only use the Site with permission/oversight of a parent or guardian. If we learn we have inadvertently collected data from a minor under 16, we will delete it.

Legal Basis for Processing

 

We process personal data of users in accordance with the General Data Protection Regulation (GDPR) when applicable. This means that for visitors from the European Economic Area (EEA) or United Kingdom, we ensure there is a lawful basis for each use of your data. The legal grounds we rely on include:

Consent: We will ask for your consent where required – for example, if we place non-essential cookies (such as analytics or advertising cookies) on your device, or if we send you marketing emails. You have the right to withdraw consent at any time (see Your Rights below).

Performance of a Contract: When we need your data to provide a service or product you requested, we process it on the basis that it is necessary for the performance of our contract with you. For instance, when you buy artwork from our online shop, we use your personal information to process payment, fulfill the order, and ship the product to you.

Legitimate Interests: We may process data as needed for our legitimate business interests, provided those are not overridden by your data protection rights. This can include using certain analytics to improve our website’s functionality and efficiency, ensuring IT security, preventing fraud, responding to your inquiries, or showcasing relevant promotions to you. If we rely on legitimate interests, we will consider and balance any potential impact on your rights. You have the right to object to processing based on legitimate interests (see Your Rights).

Legal Obligation: In some cases, we must process and retain certain personal data to comply with laws or regulations. For example, we may keep transaction records to meet financial reporting and tax obligations. If authorities lawfully require personal data (e.g. via a court order), we may process data to comply with that legal requirement.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose (and we have a lawful basis to do so). If we need to process your personal data for an unrelated purpose, we will notify you and explain the legal basis, or seek your consent if required.

Your Rights Under GDPR

If you are in the EEA, UK, or another jurisdiction with similar data protection laws, you have certain rights over your personal data. We are committed to upholding these rights. Subject to applicable law and certain exceptions, you have the right to:

• Access Your Data: You can request confirmation of whether we are processing your personal data and, if so, request a copy of the data we hold about you. This enables you to know and verify the information we have on you.

Rectification: You have the right to have inaccurate personal data corrected or incomplete data completed . If any information we hold about you is incorrect, please let us know and we will fix it.

Erasure (Right to be Forgotten): You can ask us to delete your personal data in certain circumstances . For example, you can request erasure if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis to continue processing. We will honor valid requests for deletion, provided we do not have a legal obligation or overriding legitimate interest to retain the data.

Restriction of Processing: You have the right to request that we limit the processing of your personal data in certain situations . This might apply if you contest the accuracy of the data or if you want us to preserve data while a complaint is resolved, for instance. When processing is restricted, we can store the data but not use it (except to establish or defend legal claims, or as otherwise allowed by law).

Data Portability: For data you provided to us and that we process by automated means on the basis of your consent or a contract, you have the right to obtain a copy in a structured, commonly used, machine-readable format and/or to request we transmit that data to another service provider where technically feasible . In practice, this means you can ask for an export of the personal information you gave us (for example, contact and account details) so you can reuse it elsewhere.

Object to Processing: You have the right to object to our processing of your personal data when we do so on the basis of legitimate interests . If you object, we will evaluate whether our legitimate grounds for processing outweigh your privacy rights, and we will stop processing unless we have a compelling reason or an ongoing legal obligation. If your personal data is used for direct marketing purposes, you have an absolute right to object or opt-out at any time. This means you can ask us to stop sending you promotional communications or disable targeted advertising, and we will comply.

Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw that consent at any time . For example, if you consented to receive a newsletter or allowed analytics cookies, you can later opt-out or change your mind. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing under other lawful bases.

Lodge a Complaint: If you believe our handling of your personal data infringes the GDPR or applicable data protection laws, you have the right to lodge a complaint with a supervisory authority (such as your country’s Data Protection Authority). For instance, EU/EEA residents can contact the data protection regulator in the country where they live, work, or where the issue occurred. We would, however, appreciate the chance to address your concerns directly before you do this – so please consider reaching out to us first. We are committed to resolving any privacy issues in a fair and transparent manner.

How to Exercise Your Rights: You can contact us at any time to exercise the rights above (see the Contact Us section for how to reach us). We may need to verify your identity before fulfilling certain requests (to protect your data from unauthorized access). We will respond to valid requests within the timeframe required by law (typically within one month for GDPR). Note that some rights may be limited – for example, if fulfilling your request would reveal personal data about another person, or if you request deletion of information that we are legally required to keep, we may not be able to fully comply. In such cases, we will inform you of the specific reasons we cannot fulfill the request.

Cookies and Tracking

Like most websites, our Site uses cookies and similar tracking technologies to provide and improve our services, analyze usage, and deliver a better user experience. This section explains what cookies are, what types we use, and how you can manage your preferences.

What Are Cookies? Cookies are small text files that are placed on your computer or device when you visit a website. They allow the website to recognize your device and remember certain information about your visit (e.g. your preferences or items in your cart). Cookies can serve various purposes: some are essential for the site to function, while others provide analytics or advertising insights. We also use related technologies like pixels (small code blocks or images that can track actions) and local storage – for simplicity, we refer to all these as “cookies” here.

Cookies We Use and Why: We use the following categories of cookies on our Site:

Essential/FUNCTIONAL Cookies: These cookies are necessary for the website to operate correctly. They enable core functionalities such as security, network management, and accessibility. For example, Wix (our site host) uses cookies to remember your site preferences, keep you logged in (if applicable), or maintain your shopping cart. Without these, the site may not function properly. These cookies do not require consent under GDPR, as they are needed for the service you requested (our website).

• Analytics/Performance Cookies: We use Google Analytics cookies to collect information about how visitors use our Site (e.g. which pages are visited, how long users stay, and any errors encountered). This helps us understand website traffic and user interactions so we can improve our content and services. The data collected by Google Analytics is pseudonymous (it does not directly identify you by name) and is aggregated for analysis. We have configured Google Analytics in a privacy-friendly way as much as possible (for instance, by enabling IP anonymization, which truncates your IP address so Google Analytics does not store your full IP). Google Analytics cookies typically remain on your browser for a set period (Google may use a default retention period such as 14 months for user-level data). We only use these analytics cookies with your consent (you will be prompted via our cookie banner or settings if required by law). You can opt-out of Google Analytics as described below.

Advertising/Marketing Cookies: Our Site may employ advertising cookies, particularly through Google Ads. If we are running advertising campaigns, Google Ads cookies help us track the performance of those ads (for example, to know if you clicked an ad to reach our Site or if you later made a purchase). We may also use Google Ads remarketing cookies, which allow Google to record that you visited our Site and then display targeted ads for our studio or products on other websites you visit. These cookies use an identifier linked to your browser, not your name or email, and they do not show us personal details about you – but they do enable more relevant ads to be shown to you on Google’s network. Advertising cookies will only be set with your consent. If you opt-in but later change your mind, you can adjust your browser settings or use Google’s opt-out tools to disable these cookies. (See Managing Cookies below.)

Managing Cookies and Opt-Out: You have the right to choose whether to accept or reject certain cookies. When you first visit our Site from the EU/UK, you may see a cookie consent banner that allows you to accept or decline non-essential cookies. Even if you accepted, you can always change your mind by clearing cookies or adjusting your browser settings. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when cookies are being sent . Please note that if you disable or block certain cookies, parts of our Site (especially those that rely on essential cookies) may not function properly, and your user experience may be affected.

• Browser Controls: You can typically remove or reject cookies via your browser’s settings. Each browser is a bit different, but look for the “Privacy” or “Cookies” settings. You may delete existing cookies and prevent future ones from being placed. For more information on how to configure your browser, you can refer to your browser’s help documentation or visit resources like AllAboutCookies.org which provide guidance on cookie management.

• Google Analytics Opt-Out: If you want to opt out of Google Analytics tracking, Google provides an official Browser Add-on that you can install, which prevents Google Analytics from collecting data on your visits. You can find it here: Google Analytics Opt-out Browser Add-on.

• Google Ads and Other Advertising Opt-Out: To opt out of Google’s personalized advertising, you can adjust your Google Ads Settings (for example, you can disable ad personalization) . Additionally, many advertising companies are part of industry opt-out programs. You can visit the Network Advertising Initiative’s opt-out page or the Digital Advertising Alliance’s opt-out portal to opt out of interest-based ads from participating networks . Keep in mind that opting out of advertising cookies does not mean you will no longer see ads – it just means the ads will not be tailored to your interests based on cookies.

Do Not Track Signals: Some browsers have a “Do Not Track” (DNT) feature that, when enabled, sends a signal to websites requesting not to track your activities. Currently, there is no uniform standard for how to respond to DNT signals, and our Site does not respond differently to a browser’s DNT signal. We will treat all user data in accordance with this Privacy Policy, whether or not DNT is enabled.

Data Sharing with Third Parties

We do not sell or rent your personal data to third-party companies for their own marketing purposes. However, we do share certain information with third parties in the following contexts, to operate our business and provide services to you:

Wix (Website Host and Service Provider): Our website is hosted on the Wix.com platform. Wix provides us with the online platform that allows us to showcase our portfolio and sell products to you. Personal data that you provide through the Site (e.g. information from orders or contact forms) may be stored on Wix’s servers. Wix acts as a “data processor” for us, meaning they process your data on our behalf and under our instructions. Wix may need to access or use the data to maintain and support our website’s functionality (for example, backing up data or troubleshooting technical issues). According to Wix’s Privacy Policy, they store user data on secure servers behind firewalls . We have a data processing agreement with Wix as required by GDPR, ensuring they protect your data. You can learn more about Wix’s privacy practices in their official Privacy Policy.

Payment Processors: If you purchase items from our online shop, your payment will be processed by Wix Payments or another third-party payment gateway (such as PayPal or credit card processors) integrated into our Site. These payment providers will receive the necessary personal data to process the transaction, such as your name, credit card details, billing address, and purchase amount. We do not see or store your full credit card number – that information is handled securely by the payment processor. All payment transactions on our Site follow PCI-DSS (Payment Card Industry Data Security Standard) requirements for security . This means your payment data is encrypted and protected during processing. The payment processors are authorized to use your data only for the purpose of payment processing and are obligated to keep it confidential.

Shipping and Fulfillment Partners: If we need to ship physical products to you (for example, art prints or merchandise you purchased), we will share the necessary information with postal services or courier companies to deliver your order. This typically includes your name and shipping address, and possibly your phone number or email (for delivery updates). We limit the data shared to only what is required for fulfilling the delivery. The shipping carriers are third-party data controllers who have their own privacy obligations to you.

Google Analytics: As noted, we use Google Analytics to gather usage statistics. In this context, Google acts as a data processor for us, but it may also use the data for its own purposes. We have configured Google Analytics to minimize data sharing. We have accepted the Google Analytics Data Processing Amendment, which means that Google only processes the data on our behalf and according to our instructions, and we have not enabled more invasive data sharing features. However, Google may still use cookies and gather information for improving their services. We share data with Google Analytics to the extent that your browser transmits it automatically (through the Google Analytics script running on our Site). For more details on how Google uses data from sites that use its analytics tools, see Google’s Privacy Policy.

Google Ads: If we use Google Ads for marketing, we may share some site data with Google Ads (for example, through a conversion tracking pixel that tells Google you completed a purchase, so we can measure ad effectiveness). We may also utilize Google Ads remarketing, which involves our Site sending a hashed identifier or cookie ID to Google to indicate you visited, so that Google can show you our ads on other websites. This involves sharing pseudonymous identifiers and event data (like “user visited page X”) with Google. Google does not receive your name or contact information from these scripts, only technical data used for ad targeting. Google may combine this information with data from your Google account if you are logged in and have consented to personalized ads. You can control this via your Google ad settings as described in the Cookies section.

Other Service Providers: We may engage other third-party services to assist with operations – for example, an email service provider to send newsletters (if you subscribed), or a scheduling app if you book tattoo appointments online. If we do, those providers will process personal data (like your email for newsletters, or your name/appointment details for scheduling) strictly for our business purposes and under agreements that protect your data. We will ensure any such provider has appropriate data protection measures in place.

Legal Requirements and Protection: We may disclose personal information to outside parties if required by law or legal process, or if we have a good-faith belief that such disclosure is necessary to (i) comply with a legal obligation (for example, a court order or subpoena), (ii) enforce our Terms and other agreements, (iii) protect our rights, property, or safety, or that of our customers or others, or (iv) investigate and prevent fraud or security issues. In such cases, we will only share what is necessary and will inform you if legally permitted.

In all cases, we only share your personal data with third parties to the extent necessary for the purposes described above. Whenever your data is shared with third parties acting on our behalf (processors), they are bound by contracts to process it securely and only for the instructed purposes. When third parties receive data as independent controllers (e.g., shipping companies or government authorities), they are responsible for handling your data in line with their own privacy policies and applicable laws.

Data Security

We take the security of your personal information seriously. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Secure Hosting: As mentioned, our Site is hosted by Wix, which maintains high security standards. Your data is stored on Wix’s secure servers, which are protected by firewalls and other advanced security technologies . Wix continuously updates its security protocols to counter evolving threats.

Encryption: Our website uses SSL/TLS encryption. This means that when you provide personal information (like filling out a form or making a purchase), the data is encrypted in transit between your browser and our servers. You can verify that encryption is active by looking for “https” and the padlock icon in your browser’s address bar. Encryption helps prevent eavesdropping on the data exchange.

Payment Security: All payment transactions are handled through secure, PCI-DSS compliant payment gateways (as described above) . We do not store your sensitive payment details on our own servers. Credit card numbers are tokenized or encrypted by the payment processor.

Access Controls: Internally, access to personal data is limited on a need-to-know basis. Only the owner of [Tattoo Studio Name] and authorized personnel (if any) who require access to fulfill their duties (e.g., preparing your order or responding to your inquiry) can access your personal information, and they are obligated to keep it confidential. We do not have a large staff or complex IT environment, which means fewer people ever handle your data.

Monitoring and Testing: We keep our website platform, plugins, and integrations up to date to patch security vulnerabilities. We monitor for any suspicious activity on the Site, and Wix provides security features like automatic DDoS protection and traffic monitoring. We also ensure that any device or system we use to access personal data (like business computers or email accounts) are protected with strong passwords and security software.

Data Breach Procedures: Despite all precautions, no website or Internet transmission is completely secure. In the unlikely event of a data breach that affects your personal data, we will follow all applicable breach notification laws. This may include notifying you and relevant supervisory authorities of the breach, outlining what happened and what data was involved, and advising on any steps to protect yourself.

Please understand that while we strive to protect your information, we cannot guarantee absolute security of data transmitted over the internet or stored in electronic systems. You also play a role in security: we encourage you to use unique, strong passwords and not share your account (if you have one) credentials with others. If you have reason to believe that your interaction with our Site or your personal data is no longer secure (for example, if you suspect your account has been compromised), please contact us immediately.

International Data Transfers

[Tattoo Studio Name] is based in [Your Country], but our website services involve global providers (Wix and Google). Therefore, your personal data may be transferred to and stored in countries outside of your own country or outside the European Economic Area (EEA). In particular:

Wix (Israel and Other Countries): Wix.com is headquartered in Israel. Personal data that is collected through our Site and stored on Wix’s servers may be transferred to Israel. The European Commission has recognized Israel as a country that provides an adequate level of data protection for personal data . This means that data transfers from the EU/EEA to Israel can occur freely, just as if they were within the EU, under GDPR. In addition, Wix has servers and subprocessors in other countries (including the United States and Europe). Wix ensures that any transfers of EU personal data to other countries are done in compliance with GDPR – typically by using European Commission Standard Contractual Clauses (SCCs) or other approved transfer mechanisms with its subprocessors. Thus, data handled by Wix on our behalf enjoys protection no matter where it is processed.

Google (United States and Worldwide): Google LLC is a US-based company, and using Google Analytics and Google Ads involves transferring data to the United States. The US currently does not have an “adequacy decision” from the EU (meaning it’s not automatically considered to have EU-equivalent privacy laws). To safeguard EU personal data when it is transferred to Google in the US, Google relies on Standard Contractual Clauses (SCCs) as part of its data processing terms . SCCs are legal contracts approved by the European Commission that bind the recipient to protect personal data according to EU standards. Google has also implemented additional measures for data transfers (in response to the Schrems II decision) such as increased encryption and stricter access controls. By using Google services on our Site, we ensure that these contractual and technical safeguards are in place for any personal data leaving the EEA.

Other International Transfers: If we ever need to transfer your personal data to other third parties or servers located in countries outside the EEA (for example, if we use an email newsletter service based in the US or cloud storage outside EU), we will do so in accordance with GDPR’s transfer requirements. This typically means we will rely on SCCs, an adequacy decision, or another valid transfer mechanism, and we will put in place appropriate safeguards to protect your information. We will also inform you via this Privacy Policy or at the time of data collection, so you know where your data may go.

Regardless of where your personal data is processed, we will take steps to ensure it remains protected in line with this Policy and applicable law. Our data transfer arrangements are designed to maintain the same level of protection as your data has in your home country. If you have questions about international data transfers or want more details about the safeguards we have in place, feel free to contact us.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general:

Contact and Inquiry Data: If you contact us (e.g. via email or a contact form) but do not engage in a transaction, we may keep your communications and our response for a reasonable period in order to manage our relationship (for example, to follow up on your inquiry or refer back to previous conversations if you contact us again). Unless you request otherwise, we typically retain routine correspondence for up to 1 year, after which we delete it, unless we need to keep it longer (e.g. if needed for legal reasons or evidence). If you ask us to delete our correspondence, we will do so earlier (see Your Rights above).

Order and Transaction Data: If you make a purchase from our online shop, we will retain the personal information related to your order for longer periods, as this is necessary for contract performance and legal compliance. Order records (including your name, contact, order details, and transaction history) will be kept for as long as needed to process your order and provide any after-sale services (like handling returns or warranties). Additionally, we are required by law to retain certain information for a minimum period for tax, audit, and accounting purposes. For example, in many jurisdictions, commercial transaction records must be kept for X years (e.g. 6–7 years) . Therefore, we may archive basic order information for that duration. After the retention period expires, we will either delete the data securely or anonymize it so it no longer can be linked to you.

Analytics Data: Data collected via Google Analytics is retained according to the settings we’ve configured in Google Analytics. We have set a retention period (e.g. 14 months) for user-level and event data associated with cookies or user identifiers. This means that data older than this period is automatically deleted from Google Analytics reports. In any case, analytics data is aggregated, and we do not store it in a way that can identify individual users over the long term.

Marketing Data: If you have subscribed to a newsletter or given consent to receive marketing, we will retain your email and related preferences until you opt-out or unsubscribe, or until we discontinue the newsletter program. If you withdraw consent or unsubscribe, we will promptly remove you from the mailing list, but may keep a record of your request to ensure we respect your preference in the future.

Legal Hold: Notwithstanding the above, if we are dealing with a legal dispute or if law enforcement asks us to preserve data, we may retain relevant information beyond the typical retention period, specifically for these purposes. Once those issues are resolved, we will proceed with deletion or anonymization as appropriate.

After we no longer need your personal data, we will ensure it is either securely deleted or anonymized (so it can no longer be associated with you). For example, paper records will be shredded, and electronic data will be wiped from storage or overwritten. We continuously review the personal data we have and set policies for safe disposal. If you believe we are holding data about you longer than we should, please contact us and we will investigate and address it.

How to Contact Us

We welcome your questions, concerns, or requests regarding this Privacy Policy or your personal data. If you would like to exercise your data rights, or if you have any inquiries about how we handle your information, please reach out to us using the contact information below:

SERJOTATTOO

serjotattoo@gmail.com

Address: Mapu 18st. Tel-Aviv, Israel

Phone:+972584316066

Please include “Privacy Request” in the subject line of your email (if contacting via email) so we can route your inquiry to the right team. We will do our best to respond promptly and address your concerns.

If you are contacting us to exercise a GDPR right, please provide sufficient information for us to verify your identity (for example, by contacting us from the same email address you provided us, or by providing another identifying detail). This is to ensure we do not disclose or delete someone else’s data inappropriately.

Updates to This Privacy Policy

We may update or modify this Privacy Policy from time to time, for example to reflect changes in our practices, new legal requirements, or improvements in how we inform you. When we make changes, we will post the updated Policy on this page and adjust the “Last Updated” date below. If changes are significant, we may provide a more prominent notice (such as a banner on our site or an email notification). We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

Last Updated: March 18, 2025

By continuing to use our Site after any modifications to this Policy, you acknowledge the updated terms. If you do not agree with any updates or changes, you should stop using the Site and you may contact us to withdraw your consent or exercise your data rights.

 

 

Thank you for reading our Privacy Policy. We value your trust and are dedicated to keeping your personal data safe. If you have any questions or need further clarification, please contact us at any time. Your privacy matters to us, and we are here to help.

bottom of page