privacy policy

Last updated: [05.12.2025]

This Privacy Policy explains how personal data is collected, used, stored, and protected when you visit valeriapopova.com (“the Website”). The Website is operated by Valeria Popova, an independent artist based in Riga, Latvia (“we”, “us”, “our”). We are committed to processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and all applicable Latvian and EU data protection laws. By using this Website, you acknowledge that you have read and understood this Privacy Policy.


For any privacy-related questions, email:
info@valeriapopova.com

1. Data Controller

The data controller for the processing described in this notice is:

Valeria Popova
Riga, Latvia
Email: info@valeriapopova.com

2. Personal Data We Collect

We only collect personal data that is necessary to operate the Website and provide our services.

2.1 Data Collected Automatically (via Framer and Hosting Provider-GoDaddy)

When you visit the Website, certain information is collected automatically via your browser, our hosting environment, and the Framer platform:

  • IP address

  • Browser type and version

  • Device information

  • Operating system

  • Date and time of access

  • Pages visited

  • Referring URL

  • Basic diagnostic and security logs

  • This information is required to ensure the Website functions properly, remains secure, and is optimised for performance.

  • Framer acts as a data processor for this technical data.

2.2 Data Collected via Newsletter Subscription (Mailchimp)

If you subscribe to the newsletter, we collect:

  • Email address

  • (Optional) Name

This data is managed by Mailchimp (Intuit Inc.), which acts as a data processor on our behalf.

You may unsubscribe at any time using the link included in the emails.

2.3 Data Collected Through Contact, Commission, and Artwork Enquire Forms (Web3Forms)

The Website features several forms powered by Web3Forms, which securely receive and forward form submissions to our email inbox. These include:

  • General contact form

  • Commission request form

  • Artwork purchase request form

When you submit any of these forms, we collect:

  • Full name

  • Email address

  • Service selection (if applicable)

  • Selected artwork (if applicable)

  • Your message or inquiry

  • Metadata automatically captured by Web3Forms (e.g., IP address, submission time, anti-spam validation)

Web3Forms acts as a data processor and only processes personal data for the purpose of transmitting your form submission.

2.4. Cookies and Similar Technologies

The Website uses minimal, essential cookies required for:

  • Framer website functionality

  • Security and load balancing

  • Ensuring forms and navigation work correctly

We do not use advertising cookies, behavioural trackers, or invasive analytics.

A detailed cookie breakdown is available upon request.

3. Purpose and Legal Bases for Processing

3.1. Consent – Art. 6(1)(a)

For:

  • Newsletter subscription via Mailchimp

  • Contact, commission, and purchase forms via Web3Forms

You may withdraw your consent at any time by emailing info@valeriapopova.com or unsubscribing from the newsletter.

3.2. Performance of a Contract – Art. 6(1)(b)

For:

  • Responding to your inquiries

  • Discussing or preparing an artwork purchase

  • Preparing and fulfilling an artwork commission

  • Providing information you have requested

3.3. Legitimate Interests – Art. 6(1)(f)

For:

  • Website security

  • Fraud prevention

  • Server performance monitoring

  • Non-identifying analytics and log data

We always balance these interests with your rights.

4. How We Use Your Personal Data

We use your personal data solely to:

  • Respond to your messages and inquiries

  • Provide details about purchasing artwork

  • Manage commission requests

  • Send newsletters (if you opted in)

  • Improve, secure, and maintain the Website

  • Comply with legal and financial obligations

  • Keep necessary business records

We do not use your data for:

  • Automated decision-making

  • Behavioural profiling

  • Advertising or retargeting

  • Selling data to third parties

5. Data Sharing and Third-Party Processors

We never sell your personal data.

We share it only with trusted service providers that enable the Website to function:

5.1. Framer (Website Platform)

Processes technical data necessary for serving the Website.
Acts as a data processor.

5.2. Web3Forms (Form Submission Backend)

Processes:

  • Contact form submissions

  • Commission requests

  • Artwork purchase forms

Web3Forms securely receives form data and forwards it to our inbox.
Acts as a data processor.

5.3. Mailchimp (Newsletter Management)

Stores email subscriber data and sends newsletters.
Acts as a data processor.

5.4. Hosting Provider and Email Service

Processes server logs and email communication.
Acts as data processors.

5.5. Legal Authorities (only if required)

We may be legally obligated to share data when responding to:

  • Court orders

  • Legal investigations

  • Accounting or tax obligations

We never share more than required.

6. International Data Transfers

Some data may be transferred outside the European Economic Area (EEA), particularly when processed by:

  • Mailchimp (United States)

  • Web3Forms (servers in multiple regions)

Such transfers are protected by:

  • Standard Contractual Clauses (SCCs)

  • Data Processing Agreements (DPAs)

  • Additional organisational and technical safeguards

These ensure GDPR-compliant protection levels.

7. Data Retention

We store personal data only as long as necessary for its purpose.

  • Newsletter data: until you unsubscribe

  • Contact, commission, and purchase inquiries: up to 2 years

  • Client project and sales records: 5–7 years (legal and accounting obligations)

  • Server logs: 30–180 days, depending on provider

  • Emails related to ongoing conversations: for the duration of the conversation, then archived securely

You may request deletion at any time (see section 9).

8. Data Security

We take the protection of your data seriously and use appropriate safeguards:

  • HTTPS encryption

  • Restricted administrative access

  • Secure password and authentication systems

  • Anti-malware and firewall protections

  • Encrypted data transfers to processors

  • Secure infrastructure provided by Framer and service partners

No online system is completely risk-free, but we follow best practices to minimise risks.

9. Your Rights Under GDPR

As an EU user, you have the following rights:

  • Right of access – request a copy of your personal data

  • Right to rectification – correct inaccurate data

  • Right to erasure – ask us to delete your data

  • Right to restrict processing

  • Right to object to certain processing

  • Right to data portability

  • Right to withdraw consent at any time

  • Right to lodge a complaint with the Latvian Data State Inspectorate or your local EU Data Protection Authority


To exercise any rights, email:
info@valeriapopova.com


We will respond within 30 days, as required by GDPR.

10. Children’s Data

This Website is not directed at children under 16.
We do not knowingly collect personal data from minors.

If you believe we have inadvertently collected such data, contact us immediately.

11. External Links

Our Website may contain links to external websites.
We are not responsible for their content or privacy practices.
We encourage you to review the privacy policies of any third-party websites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically.
Updated versions will be published on this page with a revised “Last Updated” date.

Contact

For questions, concerns, or data requests, contact:


Valeria Popova
Email: info@valeriapopova.com