Privacy Policy

2. Personal Data We Collect

We collect personal data in three main ways: (a) data you provide directly, (b) data collected automatically through normal website operation, and (c) data created when you interact with our ads or attribution systems after you consent (where applicable).

• Identity and contact data: name, email address, phone number.
• Form content: messages you send us, including details about placement, size, style preferences, and any logistical notes for scheduling.
• Technical data: IP address, browser type and version, device identifiers, operating system, language preferences, approximate location derived from IP (city/region level), and time zone.
• Usage data: pages visited, time spent on pages, click paths, referring page, and basic interaction events (for example, whether a form submission succeeded).
• Cookies and identifiers: first-party cookies used for session continuity and consent storage, and (if you consent) third-party cookies used for analytics and marketing measurement.
• Conversion events: if you consent to marketing cookies, we may record events such as page views and form submissions to understand which campaigns are working and to prevent duplicate measurement.

We do not intentionally collect special-category data (such as health data, religious beliefs, or political opinions), financial account details, or government identification numbers through this website. Please avoid sending sensitive information through the contact form. If you voluntarily include such information in a message, you consent to our processing of that information for the purpose of responding to your request.

3. Why We Process Personal Data & Legal Basis

If you are located in the European Economic Area (EEA) or the United Kingdom, we process personal data under the legal bases in Article 6 of the GDPR/UK GDPR. If you are located elsewhere, we process personal data under applicable local privacy laws and our legitimate need to operate the website and respond to requests.

• Responding to contact and quote requests: to reply, clarify your brief, and coordinate scheduling. Legal basis: Art. 6(1)(b) (contract steps) and Art. 6(1)(a) (consent, where you explicitly provide information and request contact).
• Website operations and security: to maintain availability, prevent fraud, and defend against abusive traffic. Legal basis: Art. 6(1)(f) (legitimate interests).
• Analytics (only after consent where required): to understand usage patterns and improve site content. Legal basis: Art. 6(1)(a) (consent).
• Marketing and advertising measurement (only after consent where required): to attribute conversions, build remarketing audiences, and improve ad relevance. Legal basis: Art. 6(1)(a) (consent).
• Legal obligations: to comply with applicable laws, respond to lawful requests, and maintain records where required. Legal basis: Art. 6(1)(c) (legal obligation).

Automated decision-making (Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and server-side event forwarding where applicable. We group cookies into categories that match our cookie consent choices.

Essential cookies (always active)

Essential cookies are required for the site to function. These include cookies that preserve basic session continuity and store your cookie preferences. Typical retention ranges from a session up to 12 months, depending on the cookie.

Analytics cookies (consent required where applicable)

If you enable analytics cookies, we may use Google Analytics 4 (GA4) to understand how visitors use the site. Where configured, IP anonymization is used. Analytics data retention is typically set to 14 months.

Examples include: _ga (2 years) and _ga_XXXXXXXXXX (2 years; the GA4 property identifier varies). If you reject analytics cookies, we will not activate these analytics tags through our consent system.

Marketing cookies (consent required where applicable)

If you enable marketing cookies, we may support advertising measurement and remarketing for platforms such as Google Ads and Meta. Marketing cookies can be used to measure conversions, limit repeat ads, and build custom or lookalike audiences.

Examples include: _gcl_au (90 days), _fbp (90 days), and _fbc (90 days when a click identifier is present).

For more detail about cookie names, purposes, and retention, see our Cookie Policy.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Art. 6(1)(a)). Your choice is recorded in the cookie_consent browser cookie for up to 12 months.

You can withdraw consent at any time by using the “Manage cookie preferences” link in the footer or by clearing cookies in your browser. Withdrawing consent does not affect processing that occurred before withdrawal.

6. Sharing With Advertising & Service Partners

We use service providers to run the site and, if you consent, to understand performance and measure advertising. We do not sell personal data. We share data only as needed for the purposes described in this policy.

• Google LLC: analytics and advertising measurement (GA4, Google Ads, Google Tag Manager). Data may include cookie identifiers, usage data, and conversion events after consent.
• Meta Platforms, Inc.: advertising measurement and audience tools (Meta Pixel, Custom/Lookalike Audiences, Conversion API) after consent. Data may include page views and conversion events.
• Cloudflare, Inc.: content delivery and security services. Data may include IP address and request metadata used to protect against abusive traffic.

These providers process data under their own privacy policies and contractual terms. We do not permit them to use site data for their own independent commercial purposes beyond providing services and improving their security and measurement systems as permitted by their policies.

7. International Transfers

If you are located in the EEA/UK, your personal data may be transferred to and processed in countries outside the EEA/UK, including the United States, where some of our service providers operate. Where required, transfers rely on appropriate safeguards such as the EU–US Data Privacy Framework (DPF), the UK Extension to the DPF, the Swiss–US DPF (where applicable), and/or Standard Contractual Clauses (EU 2021/914) as a fallback. For the UK, we may also rely on the UK International Data Transfer Agreement (IDTA) as a fallback.

8. Retention

We keep personal data only as long as necessary for the purposes described above.

• Contact submissions: typically up to 2 years from the last interaction, unless a longer period is required for legal reasons.
• Analytics: typically 14 months (where enabled via consent), subject to configuration.
• Marketing cookies: retained per cookie lifetime (for example, 90 days), unless you withdraw consent.
• Email correspondence: for the duration of our relationship plus up to 1 year to maintain continuity and resolve follow-up questions.
• Server/security logs: typically up to 90 days, unless needed for incident investigation.
• Consent record: we may retain high-level proof of consent choices for up to 3 years for audit purposes, where required.

9. Your Rights (GDPR & UK GDPR)

If you are located in the EEA/UK, you may have the right to request: Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Data portability (Art. 20), Objection (Art. 21), and to withdraw consent (Art. 7(3)).

To exercise a right, email [email protected]. We may need to verify your identity. We typically respond within 30 days; this can be extended by up to 60 days for complex requests.

You may also lodge a complaint with a supervisory authority. Examples include:

• EEA: European Data Protection Board (EDPB) website for guidance and authority listings.
• UK: Information Commissioner’s Office (ICO).
• Germany: BfDI.
• France: CNIL.
• Poland: UODO.
• Spain: AEPD.

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will delete the data promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own handling for DNT and similar signals.

12. Data Deletion Requests

You can request deletion of personal data by emailing [email protected] with the subject line “Data Deletion Request.” We will complete deletion within 30 days after identity verification, unless we must retain certain data to comply with legal obligations or to establish, exercise, or defend legal claims.

13. Business Transfers

In the event of a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

This section applies to California residents where the California Consumer Privacy Act (CCPA), as amended by the CPRA, applies.

Categories of personal information disclosed in the past 12 months may include: identifiers (such as name, email, IP address, cookie IDs), internet/network activity (such as browsing and interaction data), and inferences (such as preferences derived from usage) where marketing cookies are enabled.

We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioral advertising where marketing cookies are enabled. California residents may opt out by using our cookie preferences panel (see “Manage cookie preferences” in the footer).

Rights may include: the right to know, delete, correct, and opt out of sale/sharing, and the right to non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request.” We will verify your request before completing it. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident and the Virginia Consumer Data Protection Act (VCDPA) applies, you may have rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising. To submit a request, email [email protected] with the subject “Virginia Privacy Request.”

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. If we deny a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request.” We will respond within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing us with the subject “Nevada Do Not Sell Request.” We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide a notice on the homepage at least 14 days before the changes take effect where feasible. The “Last Updated” date at the top of this page reflects the most recent revision.

18. Contact

If you have questions about privacy or want to exercise your rights, contact:

Black Ink Atelier LLC
777 S Figueroa St, Suite 4050, Downtown Los Angeles, CA 90017, USA
Email: [email protected]
Phone: +1 213 621 1966