This privacy policy is intended to inform you about the types of personal data we collect, how we use it, and to what extent. It applies to all processing of personal data carried out by us, both in the course of providing our services and in connection with our online presence, including our websites, mobile applications, and external platforms such as social media profiles (collectively referred to as the “Online Services”).
Last updated: December 18, 2025
Sarah Nagy
E-Mail:
Impressum: www.sarah-design.com/impressum
The following overview summarizes the types of personal data we process, the purposes for which they are processed, and the parties concerned.
We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws. Depending on the situation, processing is based on one or more of the following legal grounds:
Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contract Performance and Pre-Contractual Requests (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract or to take steps prior to entering into a contract at the request of the data subject.
Legal Obligation (Art. 6(1)(c) GDPR): Processing is necessary to comply with a legal obligation.
Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of legitimate interests pursued by the data controller, provided that such interests are not overridden by the rights and freedoms of the data subject.
Where applicable, national data protection regulations may also apply in addition to the GDPR.
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse. In doing so, we take into account the current state of technology as well as the nature and scope of the data processing.
Access to personal data is restricted to what is strictly necessary and is processed solely for the intended purposes.
To secure data transmission, we use TLS/SSL encryption (HTTPS), which ensures that data transmitted between the user’s browser and this website is protected against access by third parties.
Personal data will only be shared with third parties to the extent necessary to process your order or inquiry, for example with payment service providers. No further transfer of personal data to third parties takes place.
Personal data is generally processed within the European Union (EU) or the European Economic Area (EEA). In certain cases, data may be transferred to countries outside these regions if this is necessary to process your inquiry or order, for example when using payment services or hosting providers.
In such cases, we ensure that appropriate safeguards are in place to protect personal data in accordance with applicable legal requirements. This may include contractual agreements or the application of recognized data protection standards.
Personal data is transferred to third countries only to the extent necessary and solely for the purpose of data processing. The data will not be used for other purposes or stored beyond what is required.
This ensures that an adequate level of data protection is maintained even when data is transferred across borders.
We process personal data exclusively in accordance with applicable legal requirements. Personal data is stored only for as long as necessary to fulfill the respective purpose.
If you contact us by email, the data you provide (such as your email address and the content of your message) will be stored in order to process your inquiry and, if applicable, to fulfill the related order. The data will be stored until the contract has been fully completed, meaning until the agreed book cover has been delivered to the customer.
After completion of the order and termination of the contractual relationship, personal data related to the communication will be deleted unless there are legitimate reasons for further retention, such as legal retention obligations.
No further processing or archiving of personal data takes place.
You have the right to:
The exercise of these rights is free of charge and can be requested easily by contacting us via email.
In the course of providing our services, we process personal data of our customers, in particular name, email address, and, where applicable, payment information (e.g., PayPal address). This data is used exclusively to handle inquiries, fulfill orders, and provide and deliver the ordered book covers.
Data is collected and processed only to the extent necessary and solely for purposes required to fulfill the respective contract. This includes, for example, communication with customers to clarify details, order coordination, and payment processing.
Personal data is stored only for as long as necessary to complete and process the respective order. After the order has been completed and the cover has been delivered, the data will be deleted unless legal retention obligations or other legitimate reasons require longer storage.
The processing of personal data is based on the performance of a contract or pre-contractual measures in accordance with Art. 6(1)(b) GDPR. This ensures that personal data is used only to the extent necessary and that the rights of data subjects are respected.
To process payments, we use external payment service providers such as PayPal. In doing so, personal data necessary for payment processing may be processed, including name, email address, and payment-related information.
Payment details are entered and transmitted exclusively via the systems of the respective payment service providers. We do not receive or store any bank account or credit card information. We only receive confirmation or rejection of the payment.
Payment data is transmitted in encrypted form by the payment service providers in accordance with applicable security standards. The processing of payment data is carried out under the responsibility of the respective payment provider and in accordance with their privacy policies and applicable data protection laws.
Further information on how payment service providers process personal data can be found in their respective privacy policies.
To provide our online services, we process technically necessary data, including your IP address. This data is used solely to deliver website content to your device and to ensure smooth operation of the site.
We use external web hosting services to store and deliver our website content. Server log files are stored for a maximum of 30 days and then deleted or anonymized. Data required for evidence purposes may be retained until the relevant issue is resolved.
Server log files are stored for a maximum of 30 days and are then deleted or anonymized. Data necessary for evidence purposes may be retained until the relevant issue is fully resolved.
Our website uses cookies to ensure the proper functioning of the site and to make your visit as convenient as possible. Cookies are small text files stored on your device that help improve your browsing experience.
We only use technically necessary cookies, such as session cookies, which are automatically deleted when you close your browser. These cookies are required to process forms or requests correctly and to maintain the security of the website.
Data collected via cookies may include technical information such as IP addresses and temporary session information. Users can manage or disable cookies through their browser settings.
If additional cookies that go beyond the strictly necessary functionality are used, we obtain your consent in advance. Consent can be withdrawn at any time.
Using cookies makes our website more reliable, secure, and easier to use.
When you contact us, for example via email or social media, we process the personal data you provide to handle your inquiry, respond to your questions, or provide the requested services. Only the data necessary for communication and processing your request is used.
This typically includes your name, email address, and the content of your message. These details allow us to assign inquiries correctly, ask follow-up questions if needed, and provide accurate responses. Data is stored only as long as necessary to fulfill the purpose and is deleted afterward, unless legal retention obligations apply.
Processing is based on the fulfillment of a contract or pre-contractual measures where relevant, and on our legitimate interests to ensure efficient handling of inquiries and proper documentation of communication.
We use the data solely to respond to your inquiry and do not share it with third parties without your explicit consent, except where necessary to fulfill your request or required by law. This ensures that your personal data is treated confidentially and only processed for the purposes specified during the contact.
We maintain online presences on social networks such as Instagram and Pinterest to communicate with you, provide information about our services, and share content.
When you interact with us on these platforms, the respective service provider (Instagram: Meta Platforms Ireland Limited, Pinterest: Pinterest Europe Limited) may process personal data such as contact information (e.g., email address in messages), content data (e.g., your messages, comments, or posts), and other information you provide on the platform.
Data processing usually occurs outside the European Union. As a result, enforcement of data subject rights may be limited. We recommend that you direct any requests for information or objections directly to the respective platform. We can assist where possible, but do not have direct access to user data on these platforms.
Purpose of Processing: Communication, public relations, feedback, and interaction with users.
Data Retention and Deletion: Data is stored according to the policies and regulations of the respective platform.
Service Providers and Links to Privacy Policies:Our website uses certain functions and content from third-party providers to ensure proper display, usability, and functionality. This includes, for example, Google Fonts for font rendering and other scripts or libraries necessary for the website’s design and technical implementation.
To deliver this content correctly, your device’s IP address may be transmitted to the servers of the respective third-party providers. This data is used solely for delivering the content to your browser. We do not use this data for any other purpose.
Processed Data: IP address and technical data necessary to display the content.
Affected Persons: Users of our website.
Purpose of Processing: Providing our online services, ensuring functionality, design, and user-friendliness.
Data Retention and Deletion: Only data necessary to provide the content is processed. Cookies or similar storage methods, if used, are stored according to legal requirements or your browser settings.