Legal
Privacy Policy
Last updated: [LAST_UPDATED]
This Privacy Policy explains how KULTURA collects, uses, stores, and protects personal data when you visit kultura-mag.eu, submit work, communicate with us, or pay a participation fee. It is written in line with the EU General Data Protection Regulation (GDPR).
01. Data controller
The data controller is [LEGAL_ENTITY], registered at [REGISTERED_ADDRESS], registration number [REGISTRATION_NUMBER]. For any question regarding your personal data, contact us at info@kultura-mag.eu.
02. What data we collect
We collect: • Identification data you provide in the submission form: full name, email address, country, portfolio URL, bio, profile image. • Submission data: titles, statements, uploaded files (images, PDFs). • Account data: authentication tokens used for passwordless login. • Payment data: processed by Stripe — we do not store full card details ourselves; we keep payment metadata (amount, currency, status, Stripe identifier). • Communication data: emails you exchange with us. • Technical data: IP address, browser type, operating system, and timestamps recorded in server logs for security and debugging.
03. Lawful basis for processing
We rely on the following legal bases under GDPR Article 6: • Contract (Article 6(1)(b)): processing submissions, managing participation fees, and producing the editions in which selected work appears. • Consent (Article 6(1)(a)): optional analytics cookies; any marketing or newsletter communications you sign up to. • Legitimate interest (Article 6(1)(f)): securing the site, preventing fraud, maintaining operational logs, and replying to inquiries. • Legal obligation (Article 6(1)(c)): tax, accounting, and other obligations imposed on us as a publisher.
04. How we use your data
We use your data to: evaluate and respond to submissions; authenticate you when you log in to your artist dashboard; produce, print, and distribute editions you have agreed to take part in; process payments and refunds; communicate with you about your submission and account; maintain the security of the site and prevent abuse; comply with our legal obligations.
05. Third-party processors
We share data only with the processors necessary to run the service: • Stripe (payment processing — based in Ireland / United States, transfers governed by Standard Contractual Clauses). • [HOSTING_PROVIDER] (server hosting in [HOSTING_REGION]). • [EMAIL_PROVIDER] (transactional email delivery). • Twenty CRM (self-hosted by us, used to manage submissions and editorial workflow). • Google Analytics (optional, only loaded after you accept analytics cookies — see Section 9). All processors are bound by data processing agreements and only handle data on our documented instructions.
06. International transfers
Some processors are based outside the European Economic Area (for example, Stripe and Google Analytics). When data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses or an equivalent legal mechanism to ensure your data receives an adequate level of protection.
07. Data retention
We retain personal data only as long as needed for the purposes set out above: • Rejected submissions: deleted within [REJECTED_RETENTION_MONTHS] months of the editorial decision. • Selected submissions and editorial records: kept for the lifetime of the catalog entry plus the legal archival period. • Payment records: kept for [PAYMENT_RETENTION_YEARS] years to comply with tax and accounting law. • Server logs: rotated within [LOG_RETENTION_DAYS] days. On request we will delete data earlier where doing so is consistent with our legal obligations.
08. Your rights
Under GDPR you have the right to: access your data; have inaccurate data corrected; have your data erased (subject to legal retention); restrict or object to processing; request portability of data you provided to us; withdraw consent at any time (for processing based on consent); lodge a complaint with your national supervisory authority. To exercise any of these rights, contact us at info@kultura-mag.eu. We respond within one month.
09. Cookies and analytics
We use only strictly necessary cookies by default. These are required for the site to function (session, authentication, language preference, cookie-consent state) and do not require your consent. If you accept analytics cookies in the cookie banner, we additionally load Google Analytics to understand how the site is used in aggregate. Analytics cookies are not loaded until you accept, and you can withdraw your consent at any time by clearing your cookies or selecting "reject" in the banner.
10. Children
KULTURA is not intended for children. We do not knowingly accept submissions or collect personal data from anyone under 18. If you believe a minor has submitted work or provided personal data, please contact us and we will delete the data.
11. Security and changes to this policy
We protect your data using encryption in transit (HTTPS), restricted internal access, and infrastructure hardening. No system is perfectly secure: in the event of a personal-data breach affecting your rights, we will notify the supervisory authority within 72 hours and inform affected users without undue delay. This policy may change. When it does, we revise the "last updated" date above. Material changes will be notified by email where reasonably possible.
12. Contact
For privacy questions, data-subject access requests, or any other concern related to this policy, contact us at info@kultura-mag.eu. You may also lodge a complaint with the supervisory authority of your country of residence — in the case of [DATA_CONTROLLER_COUNTRY], that is [SUPERVISORY_AUTHORITY].