Data Protection Declaration

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Dima Peters, Scheibenstar 116, 48153 Müsnter, Germany, Email: info [at] lordofbugs.com, Website: lordofbugs.com. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.

2) Hosting and Server Log Files

This website is hosted by an external service provider (hoster): All-inkl.com – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. Personal data collected on this website (in particular IP addresses in server log files) is stored on the hoster’s servers in Germany.

The use of All-inkl is based on Art. 6 (1) lit. f GDPR (our legitimate interest in a secure, fast and efficient provision of our online offer by a professional provider). We have concluded a data processing agreement (DPA/AVV) with All-inkl in accordance with Art. 28 GDPR.

When using our website for information only, we only collect data that your browser transmits to the server (server log files). This includes:

• Visited website
• Date and time of access
• Amount of data sent
• Source/reference from which you reached the page
• Browser used
• Operating system used
• IP address used (anonymised where possible)

The processing of these log files is based on Art. 6 (1) lit. f GDPR (legitimate interest in the stability and functionality of the website). The data is not passed on or used in any other way, unless there are concrete indications of illegal use.

3) Cookies and Consent Management (Borlabs Cookie)

To make visiting our website attractive and to enable the use of certain functions (e.g. embedded videos, analytics), we use cookies and similar technologies on various pages. Cookies are small text files that are stored on your device.

Essential cookies are required for the basic functioning of the website and are set without consent. Non-essential cookies (e.g. for external media, analytics) are only set after you have given your active consent via our consent banner.

We use the WordPress plugin **Borlabs Cookie** (provider: Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany) to obtain, document, and manage your consent for cookies and similar technologies. Borlabs Cookie stores your consent choices in a technically necessary cookie (“borlabs-cookie”) on your device. No personal data is transmitted to Borlabs. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in legally compliant consent management) and Art. 6 (1) lit. c GDPR (fulfilment of legal obligations under Art. 5 (2) GDPR).

You can view, change, or withdraw your consent settings at any time via the cookie banner (accessible via a button in the footer or a dedicated link).

You can also configure your browser to inform you about the setting of cookies and decide individually whether to accept them. Instructions for common browsers:

• Chrome: Manage cookies
• Firefox: Manage cookies
• Safari: Manage cookies
• Edge: Manage cookies

If you do not accept non-essential cookies, certain functions of our website (e.g. video playback, analytics) may be limited.

4) Contacting Us

When you contact us (e.g. via contact form or email), personal data is collected. The data collected via a contact form is evident from the form itself. This data is stored and used solely to respond to your inquiry and for related technical administration. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in answering your request). If your contact aims at concluding a contract, the additional legal basis is Art. 6 (1) lit. b GDPR. Your data will be deleted once your inquiry has been fully processed, provided no legal retention obligations apply.

5) Newsletter

5.1 Subscribing to our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information (e.g. about new artworks, exhibitions, or offers). The only mandatory information is your email address. Any further data is voluntary and used to address you personally. We use the double opt-in procedure: you will only receive the newsletter after you have expressly confirmed your consent by clicking a link in a confirmation email.

By activating the confirmation link, you consent to the use of your personal data pursuant to Art. 6 (1) lit. a GDPR. We store your IP address, date, and time of registration to document consent and prevent misuse. The data is used exclusively for sending the newsletter. You can withdraw your consent and unsubscribe at any time via the link in the newsletter or by contacting us. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

5.2 Newsletter Dispatch via Brevo

We use Brevo (formerly Sendinblue) to send our newsletters. The provider is Sendinblue GmbH (Brevo), Köpenicker Straße 126, 10179 Berlin, Germany.

Data you provide for the newsletter (e.g. email address, name if given, IP address, registration timestamp) is stored on Brevo servers in the European Union. Brevo enables us to analyse newsletter campaigns (e.g. open/click rates). If you do not want analysis by Brevo, you must unsubscribe from the newsletter.

Brevo acts as a processor under Art. 28 GDPR. We have concluded a data processing agreement (DPA) with Brevo. Data is stored until you unsubscribe; after unsubscription it is deleted from our and Brevo’s servers (your email may remain in a blacklist to prevent future mailings – legitimate interest, Art. 6 (1) lit. f GDPR).

Further information: Brevo Privacy Policy

6) Embedded YouTube Videos

With your consent (Art. 6 (1) lit. a GDPR, given via the Borlabs Cookie banner under the “External Media” category), we embed videos from YouTube (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, USA).

We use YouTube’s enhanced privacy mode. According to YouTube, this mode means that no data about you as a user is transmitted to YouTube until you play the video. Only when you play a video does YouTube receive information (e.g. your IP address, device data, viewed video). This data may be transferred to the USA. Google is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection.

You can withdraw your consent at any time via the cookie banner, which will block future video loading.

Further information: Google Privacy Policy and YouTube Enhanced Privacy Mode

7) Web Analytics – Google Analytics & Google Tag Manager

With your consent (Art. 6 (1) lit. a GDPR, given via the Borlabs Cookie banner), we use **Google Tag Manager** and **Google Analytics** (both provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, USA).

Google Tag Manager manages tags without collecting personal data itself but triggers other tags (e.g. Google Analytics).

Google Analytics uses cookies to analyse website usage (e.g. pages visited, duration, sources). We use IP anonymisation (“_anonymizeIp()”), so your IP address is shortened before further processing. Data may be transferred to the USA; Google is certified under the EU-US Data Privacy Framework.

You can withdraw consent via the cookie banner or install the browser add-on: Google Analytics Opt-out.

Further information: Google Privacy Policy

8) Links to External Websites (Shopify Store)

Our website contains simple hyperlinks to our external Shopify store at dimapeters.com. Clicking these links redirects you to the Shopify platform (Shopify International Limited, Ireland). No personal data is transmitted to Shopify merely by displaying the link. All processing that occurs after clicking (e.g. during purchases) is governed exclusively by Shopify’s privacy policy: Shopify Privacy Policy.

9) Rights of the Data Subject

9.1 The GDPR grants you the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

9.2 Right to Object

You have the right to object at any time to processing based on Art. 6 (1) lit. f GDPR on grounds relating to your particular situation. For direct marketing, you have an absolute right to object.

10) Duration of Storage of Personal Data

Personal data is stored only as long as necessary for the respective purpose or as required by law (e.g. tax/commercial retention periods for any invoices or contracts). After that, the data is routinely deleted.