Privacy Policy

Effective date: July 8, 2025

Location of business: Estonia

Applicable laws: EU General Data Protection Regulation (GDPR), Finnish Data Protection Act (Tietosuojalaki 1050/2018)

Tattoo For Her (“we”, “our”, “us”) operates the website https://tattooforher.com, which provides custom tattoo design services for a global audience.

This Privacy Policy explains how we collect, use, store, and share personal information when you visit our website or use our services.

By using this website, you agree to the terms described in this policy. If you do not agree, please do not use our site.

1. Information We Collect

We collect the following types of personal data:

a) Information you provide directly

When you fill out a form, place an order, or contact us, we may collect:

  • Full name
  • Email address
  • Tattoo design preferences and notes
  • Country (for processing context)
  • Any additional info you choose to include
b) Information collected automatically

When you browse our site, we automatically collect:

  • IP address
  • Device type
  • Browser type
  • Referring pages
  • Date and time of access
  • Usage and interaction data

This data is collected via cookies, web beacons, and similar technologies. You can learn more in our Cookie Policy.

2. How We Use Your Information

We use your personal information for the following purposes:

  • To process and fulfill your custom tattoo design orders
  • To communicate with you about your request or design
  • To send order confirmation, delivery, and revision emails
  • To provide customer service and respond to your inquiries
  • To improve our website and user experience through analytics
  • To send occasional promotional emails (only if you opt-in)
  • To comply with legal and financial obligations under Finnish and EU law

We do not use your data for profiling, automated decision-making, or resale to third parties.

3. Legal Basis for Processing (GDPR Compliance)

We rely on the following legal bases under the General Data Protection Regulation (GDPR) and Finnish law:

  • Contractual necessity – to process and deliver your tattoo design
  • Legitimate interest – to improve user experience and maintain website security
  • Consent – for optional marketing communication and cookies
  • Legal obligation – for tax records and invoicing under Finnish law (Tietosuojalaki and accounting regulations)

You may withdraw your consent at any time by contacting us or using the unsubscribe link in our emails.

4. Sharing Your Information

We may share your personal data with trusted third parties in the following cases:

  • Email & Hosting Providers (e.g., Gmail, hosting provider) – to deliver communications and operate our website
  • Payment Processors (e.g., Stripe, PayPal) – to securely process your payments
  • Freelance Tattoo Designers – only when necessary to fulfill your custom request, and only with limited data (design idea, first name)
  • Analytics Services (e.g., Google Analytics) – for improving site performance
  • Legal Authorities – when required by law or in the event of fraud or abuse

All third-party processors are required to follow GDPR-compliant practices, including data minimization and secure handling.

We do not sell, rent, or trade your personal data.

5. Data Storage and Retention

We store your data on secure servers in the EU or in countries with adequate data protection laws.

Data is retained only as long as necessary:

Data Type Retention Period
Order & delivery data Up to 6 years (legal)
Contact form entries 12–24 months
Analytics (cookies) 6–26 months
Marketing opt-in Until user unsubscribes

Once data is no longer needed, it is safely deleted or anonymized.

6. International Data Transfers

Our services may involve data transfer outside the EU (e.g., U.S.-based email or payment services). When this happens, we ensure that your data is protected through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfer to countries with adequate level of protection (under GDPR)
  • Contracts with third-party providers to ensure GDPR compliance

By using our services, you consent to these international transfers in line with GDPR Article 49(1)(a).

Shopping Cart
Scroll to Top