Skip to main content

1. Summary of Key Points

We collect only the data necessary to operate and improve our website and services. We process personal data lawfully and transparently, relying on clear legal bases. You have rights of access, correction, deletion, restriction, portability, objection, and withdrawal of consent. We use cookies and third‑party services only with your consent (except strictly necessary cookies). We retain data only as long as required, then delete or anonymize it. Detailed contact information and procedures for exercising your rights are provided below.

2. Data Controller and Contact Details

Controller
Sladjana Karvounis
Website: https://slakarvounis.com

Data Protection Officer (DPO)
If you have questions about this policy or wish to exercise your rights, you may contact our DPO at:
Email: slakarvounis+dpo@gmail.com

We act as the controller of your personal data under Article 4(7) GDPR and are responsible for ensuring all processing complies with applicable law GDPR.

3. Personal Data We Collect

3.1 Comments

When you leave a comment, we collect the information you provide (name, email, comment text), plus your IP address and browser user agent string for spam detection GDPR.

3.2 Media

If you upload images, please avoid embedding location (EXIF GPS) data, as visitors can download and extract such data GDPR.eu.

3.3 Cookies and Tracking

We use the following categories of cookies:

  • Strictly Necessary Cookies: required for site functionality.

  • Performance and Analytics Cookies: to measure and improve site performance.

  • Functional Cookies: to remember preferences.

  • Marketing Cookies: to deliver relevant ads only if you consent 

3.4 Embedded Content

Articles may include media from other sites (e.g., videos, images). These act as if you visited the external site directly; they may collect data, use cookies, and track interactions 

4. Legal Bases for Processing

We rely on the following lawful bases under Article 6 GDPR:

  • Consent: for cookies (other than strictly necessary) and optional services.

  • Contractual Necessity: to provide services you request.

  • Legal Obligation: to comply with tax and record‑keeping laws.

  • Legitimate Interests: for spam prevention, site security, and improvements, provided they do not override your rights GDPR.

For California residents, we provide a “Notice at Collection” of personal data categories and purposes, as required by the CCPA California Attorney General.

5. How We Use Your Data

We use your information to:

  • Publish and moderate comments.

  • Authenticate and manage user sessions.

  • Optimize site performance and analytics.

  • Personalize content where consented.

  • Prevent fraud and spam.

We do not sell your personal data. We may share it with trusted service providers who process data on our behalf under confidentiality obligations.

6. Data Retention

We retain personal data only as long as necessary:

  • Comments and Metadata: indefinitely, so we can recognize and approve follow‑ups automatically dpocentre.comEuropean Commission.

  • User Accounts: until you delete your account or we are required by law to retain it.

  • Cookies: per the durations below (e.g., comment cookies—1 year; login cookies—2 days or up to 14 days if “Remember Me” is selected) GDPR.eu.

7. Third‑Party Sharing

We may share data with:

  • Spam Detection Services: to check comments.

  • Analytics Providers: under strict data‑processing agreements.

  • Payment Processors: if you purchase services (only basic billing data).

We do not otherwise disclose personal data without your consent, except to comply with legal obligations or protect our rights.

8. Your Rights

Under GDPR (and similar US laws where applicable), you have the right to:

  1. Access the personal data we hold about you.

  2. Rectify inaccurate or incomplete data.

  3. Erase your data (“right to be forgotten”), subject to legal exceptions.

  4. Restrict processing of your data.

  5. Object to processing based on legitimate interests or direct marketing.

  6. Data Portability: receive your data in a structured, machine‑readable format.

  7. Withdraw Consent at any time without affecting the lawfulness of prior processing GDPR.

California residents additionally have the right to opt out of the sale of personal information and to non-discrimination for exercising CCPA rights California Privacy Protection Agency.

To exercise any right, contact us at dpo@slakarvounis.com.

9. Data Transfers Outside the EU

If we transfer data outside the European Economic Area (EEA), we ensure adequate safeguards such as Standard Contractual Clauses approved by the European Commission to protect your data European Commission.

10. Security

We implement technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction of personal data.

11. Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect data from minors. If you believe we have, please contact us to have it removed.

12. Changes to This Policy

We may update this policy to reflect changes in law or our practices. We will publish the revised date at the top and, where required, obtain fresh consent.

Last updated: April 19, 2025

MAKE UP & HAIR PACKAGES
PHOTOGRAPHY PACKAGES
TIVOLI WEDDING PACKAGES