Privacy policy

Controller and contact

The controller is Vorkalinvorm, 539 Liberty Ave, Pittsburgh, PA 15222, United States. Email: ask@vorkalinvorm.world. Phone: +1 412-880-1042.

Categories of personal data

Depending on how you interact with us, we may process:

• Identity and contact details you provide (for example name, email address, and message text in forms).
• Booking or visit records needed to operate services.
• Technical data such as IP address, browser type, device category, and approximate region derived from network information.
• Cookie and consent records stored on your device when you use our cookie tool.
• Communication records if you contact us by email or phone.

Purposes and legal bases

Responding to inquiries

We use contact details to reply to your questions and to coordinate visits. This may rely on steps prior to a contract or on legitimate interests in operating a responsive studio.

Operating the website

We process technical data and security logs to keep the site available, to detect abuse, and to improve reliability. Where optional analytics or marketing tools are used, we rely on consent.

Legal and compliance

We retain certain records where tax, safety, or accounting rules require it.

Online advertising and U.S. state notices

If you arrived through an online advertisement, the platform that showed the ad may process technical data under its own policies. On this website, optional analytics or marketing tools run only when you enable those categories in our cookie settings. We do not sell personal information for monetary consideration as that practice is commonly described in U.S. state privacy laws; we use service providers under written terms.

Residents of California and other U.S. states may have additional rights under applicable law. You may exercise privacy requests by emailing us with “Privacy request” in the subject line to the address in the Controller section above.

Retention periods

General contact messages: up to twenty-four months unless a longer period is needed for a dispute or legal claim. Consent logs: up to twelve months. Security logs: rolling ninety days unless an investigation requires longer retention. Booking records follow statutory and contractual minimums and are reviewed annually.

Processors and sharing

We use hosting, email delivery, and analytics providers that process data on our instructions. We do not sell personal data. Processors are bound by contract to confidentiality and security measures compatible with this notice.

Your rights

Where the GDPR applies, you may request access, rectification, erasure, restriction of processing, data portability, and objection to processing based on legitimate interests. You may withdraw consent where processing is consent-based. You may lodge a complaint with a supervisory authority in your country of residence or work.

Security measures

We apply access controls, encryption in transit where supported, least-privilege accounts, periodic review of vendors, and staff training. We assess risks when we change tools or infrastructure.

International transfers

Where data is transferred outside the EEA or UK, we implement safeguards such as Standard Contractual Clauses and, where appropriate, supplementary measures informed by regulatory guidance.

Supervisory authorities

If you are in the Netherlands, you may contact the Autoriteit Persoonsgegevens. Other authorities apply depending on your location. We welcome the chance to resolve concerns directly before you escalate.

Children

This site is not directed to children. If you believe we received data from a child without appropriate authority, contact us and we will take appropriate steps.

Changes to this notice

We update this policy when our practices or legal obligations change. The hero section on this page shows today’s date when you load it so you can align your review with the current calendar day.

Related documents: Cookie Policy, Terms of Use, Return Policy.