Privacy Policy for Drake Design Studio

Last Updated: 9 April 2026

---

1. Introduction & Data Controller

Drake Design Studio is a trade name (handelsnaam) registered under Junovy at the Dutch Chamber of Commerce (KvK 71813977), based in Amsterdam, The Netherlands. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://drakedesign.studio.

Junovy is the data controller responsible for your personal data under the General Data Protection Regulation (GDPR).

Registered Address: [protected], The Netherlands
KvK Number: 71813977
Privacy Contact: [protected email]

2. Information We Collect

We collect information that you provide directly to us and information automatically collected when you use our website.

2.1 Personal Data You Provide

When you use our contact form or communicate with us, we may collect:

• Full name
• Email address
• Phone number (if provided)
• Company name (if applicable)
• Message content and project details
• Any other information you choose to provide

2.2 Automatically Collected Data

When you visit drakedesign.studio, the Junovy infrastructure layer (Traefik reverse proxy, running on Hetzner) writes access logs containing:

• IP address (retained only in access logs for 90 days for security and troubleshooting; never used for user profiling or cross-site tracking)
• Browser type and version (User-Agent header)
• Pages visited and time of visit
• Referring website (Referer header, if sent by your browser)

The drakedesign.studio site does not run any JavaScript analytics, fingerprinting, or cross-site trackers. We do not correlate access-log IPs with any other data we hold.

3. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): When you submit a contact form or subscribe to communications, you provide explicit consent for us to process your data.
• Legitimate Interests (Article 6(1)(f)): To respond to your inquiries, improve our services, and maintain website security.
• Contractual Necessity (Article 6(1)(b)): When processing is necessary to fulfill a contract or provide services you've requested.
• Legal Obligation (Article 6(1)(c)): When required by law (e.g., tax records, accounting).

4. How We Use Your Data

• To respond to your inquiries and provide customer support
• To provide design services and fulfill project requirements
• To send you updates about your projects and services
• To improve our website and user experience
• To send marketing communications (only with your consent)
• To analyze website usage and performance
• To comply with legal obligations and prevent fraud
• To maintain website security and protect against threats

5. Cookies & Tracking Technologies

The drakedesign.studio marketing site does not set any cookies until you interact with the cookie consent banner. By default, before you click anything, no cookies or localStorage entries are written.

5.1 Consent Storage

When you interact with the consent banner, your choice is stored in localStorage under the key dds_cookie_consent (not a cookie, but within scope of ePrivacy Directive Article 5(3) in the same way). The value records which categories you allowed.

5.2 Functional Cookies (opt-in only)

If you opt in to functional cookies, we load our self-hosted Chatwoot live chat support widget from ask.junovy.com, which sets a first-party cw_conversation cookie to preserve your chat session. Chatwoot is operated by Junovy itself and is not a third party. If you decline, Chatwoot is not loaded at all and no cookie is set.

5.3 Analytics and Marketing

We do not use analytics cookies, marketing cookies, advertising cookies, or any third-party tracking technology on drakedesign.studio. There is no Google Analytics, no Meta Pixel, no Segment, no Mixpanel.

For the full list, see our Cookie Declaration.

6. Data Sharing & Third Parties

We do not sell your personal data. The drakedesign.studio site uses a minimal set of EU-based processors, each of which has signed a Data Processing Agreement with Junovy under Article 28 GDPR:

• Hetzner Online GmbH (Gunzenhausen, Germany) — Cloud infrastructure hosting drakedesign.studio. Location: Germany (EU).
• BunnyWay d.o.o. (Bunny.net) (Ljubljana, Slovenia) — Secondary authoritative DNS, operated as a backup to the primary DNS provider. Processes DNS query metadata only. Location: Slovenia (EU).
• Mailjet SAS (Sinch Group) (Paris, France) — Transactional email delivery for contact form replies. Processes recipient email addresses and message content. Location: France (EU).
• Internet Security Research Group (Let's Encrypt) — Issues SSL/TLS certificates. Processes domain names only; no personal data is shared.

Chatwoot is self-hosted by Junovy at ask.junovy.com and is not a third-party processor. None of the processors above are permitted to use the data they process for their own purposes.

7. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses, adequacy decisions by the European Commission, and data processing agreements with GDPR-compliant providers.

8. Data Retention

• Contact Form Submissions: Retained for 2 years after last contact
• Client Project Data: Retained for the duration of the project plus 7 years
• Email Correspondence: Retained for 3 years after last communication
• Analytics Data: Anonymized after 14 months

9. Your Rights Under GDPR

• Right of Access (Article 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Article 17): Request deletion of your personal data.
• Right to Restrict Processing (Article 18): Request that we limit how we use your data.
• Right to Data Portability (Article 20): Request your data in a structured, machine-readable format.
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time.
• Right to Lodge a Complaint: File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

To exercise any of these rights, please contact us at [protected email] . We will respond within 30 days.

10. Data Security & Privacy by Design

Privacy by design and by default (Article 25 GDPR) is built into Drake Design Studio from the ground up. Concretely, this means we host all personal data inside the European Union, we use no third-party analytics, advertising, or tracking vendors of any kind, and consent-gated services (such as our Chatwoot live chat) are loaded only after affirmative user action. These choices are architectural: they cannot be toggled off, and they apply to every visitor automatically.

We implement the technical and organisational measures required by Article 32 GDPR, including:

• TLS 1.2+ encryption for all traffic to and from drakedesign.studio.
• Role-based access control and least-privilege principles for staff access.
• Encrypted storage for sensitive credentials, managed via HashiCorp Vault.
• Automatic dependency scanning and regular security updates.
• Encrypted backups stored in EU-based object storage.
• A documented incident response plan.

11. Data Breach Notification

If a personal data breach occurs, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of it, in accordance with Article 33 GDPR. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users directly and without undue delay, in plain language and with a description of the likely consequences and the measures we are taking, in accordance with Article 34 GDPR.

11a. Data Protection Officer (Article 37 GDPR)

Junovy is a small Dutch business and is not required to appoint a Data Protection Officer under Article 37 GDPR: we do not carry out large-scale systematic monitoring of individuals, nor do we process special categories of personal data on a large scale. All privacy questions, data subject requests, and breach reports should be sent to the privacy contact below, which is handled directly by the person responsible for Drake Design Studio.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page.

14. Contact Us

Junovy (trading as Drake Design Studio)
[protected]
The Netherlands
KvK: 71813977

Privacy Inquiries: [protected email]
General Contact: Contact Form

---

This privacy policy is compliant with the General Data Protection Regulation (GDPR) and Dutch data protection laws.