Privacy Policy

Last updated: May 2026

1. Introduction

Oktavian d.o.o., trading as Tiny Tiger Studio ("we", "us", "our"), is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal information when you use tinytigerphoto.com or engage with our services.

We are the data controller for personal data processed in connection with our services. For any privacy-related questions, contact us at: [email protected].

2. Data We Collect

2.1 Information You Provide Directly

  • Full name and contact details (email address, phone number where provided)
  • Billing information (processed securely via our payment provider — we do not store card details)
  • Photos and images you submit for editing
  • Instructions, preferences and communications you send us
  • Information provided when booking appointments or requesting quotes

2.2 Information Collected Automatically

  • IP address and approximate location
  • Browser type and version
  • Pages visited and time spent on the Website
  • Referring URL
  • Device information

2.3 Cookies

We use cookies and similar technologies to operate and improve our Website. Please see Section 9 of this policy for full details on how we use cookies and how you can manage your preferences.

3. How We Use Your Data

We process your personal data for the following purposes:

  • To fulfil and deliver your order
  • To communicate with you about your order, revisions and delivery
  • To process payment securely via our payment provider
  • To send you order confirmations and service-related notifications
  • To respond to your enquiries and provide customer support
  • To improve our Website and services
  • To comply with our legal obligations
  • To send you marketing communications where you have given consent (you may opt out at any time)

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:

Contract — processing necessary to fulfil your order or respond to a pre-contractual request
Legal obligation — processing required to comply with applicable law
Legitimate interests — improving our services, fraud prevention, Website analytics
Consent — where you have explicitly agreed, such as for marketing communications or portfolio use of your images

5. How Long We Keep Your Data

  • Order information and communications: 5 years from the date of order (for legal and accounting purposes)
  • Submitted photos: retained for up to 30 days after delivery, then deleted unless you have given consent for portfolio use
  • Marketing consent records: until you withdraw consent
  • Website analytics data: up to 26 months

6. Sharing Your Data

We do not sell your personal data. We may share it with:

  • Payment processors (e.g. Stripe) to handle transactions securely
  • Email and communication service providers to deliver order confirmations and notifications
  • Cloud storage providers for secure file storage
  • Analytics providers (e.g. Google Analytics) for Website performance data
  • Legal or regulatory authorities if required by law

All third-party processors are required to handle your data in compliance with GDPR and have appropriate data processing agreements in place.

7. International Transfers

Some of our service providers may be located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your data in certain circumstances
  • Right to restrict processing — to request that we limit how we use your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — at any time where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) at www.azop.hr, or your local supervisory authority.

9. Cookies

Essential Cookies

Required for the Website to function correctly. These cannot be disabled.

Analytics Cookies

Help us understand how visitors use our Website (e.g. Google Analytics). These are set only with your consent.

Marketing Cookies

Used to deliver relevant advertising and track campaign performance. These are set only with your consent. You can manage your cookie preferences at any time via the cookie banner on our Website or through your browser settings.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These include encrypted data storage, secure HTTPS connections, and restricted access to personal data by staff.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

11. Children

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe we have inadvertently collected such data, please contact us immediately at [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. The updated policy will be published on our Website with a revised effective date. Where changes are material, we will notify you by email where possible.

Questions?

Contact us at any time for privacy-related questions or to exercise your rights.

[email protected]