Back to luckysings.comLuckySings

Legal

Privacy Policy

Last updated · Version 1.0 · Effective on launch

The short, plain-English version of how LuckySings handles your data. The site is run by one independent artist in Prague — no tracking empire, no data brokers. Here's everything I collect and why.

Who runs this site

Controller
LuckySings (Lucky Omoruan, sole trader / OSVČ) — an individual artist operating as a natural person under Czech law.
Address
Prague, Czech Republic. Full business address is listed in the Imprint.
Contact for privacy matters
luckysingsinbox@gmail.com

What I collect and why

Nothing by default. When you load a page, the site fetches content and renders it. That's it. No account is created, no identifier is stored. Strictly necessary cookies (there's one — for your cookie-banner choice) are the only thing set unless you opt in below.

Analytics (only if you consent). If you accept analytics, Google Analytics 4 records which pages you visit, roughly where you're from (country / city), what device and browser you're on, and whether you arrived via search, social, or direct. IP addresses are anonymized by GA before processing. It answers questions like 'did the newsletter drive people to the new music video?' — aggregate patterns, not personal profiles.

Marketing (only if you consent). If you opt in to marketing, the Meta Pixel loads. It reports page-view events back to Facebook / Instagram so I can see whether ads I'm running are bringing people to the site. It doesn't load at all if you haven't consented.

Newsletter (only if you subscribe). When you submit your email to the newsletter, it's stored in Mailchimp. I use it to send new-music and show announcements. Every email has a one-click unsubscribe link. If you unsubscribe, you're removed.

Contact form. When you send a message via the contact form, your name, email, and message are sent to my inbox and stored there so I can reply. Not shared with anyone, not used for marketing.

What I never do: Sell your data, share it with data brokers, or use it to build advertising profiles across other sites. I don't email you without your consent. If that ever changes, you'll see it here first.

Legal basis (GDPR)

  • Consent — analytics, marketing cookies, newsletter (Art. 6(1)(a) GDPR)
  • Contract — merch order fulfillment (Art. 6(1)(b))
  • Legitimate interest — replying to contact-form messages, basic site security (Art. 6(1)(f))

Who I share data with

Only the processors needed to run the site:

  • Vercel — site hosting (EU region where possible)
  • Sanity — content management (EU region)
  • Google Analytics — analytics, only after consent
  • Meta — marketing pixel, only after consent
  • Mailchimp — newsletter delivery
  • Shopify / Stripe — merch checkout and payment processing
  • Bandsintown — shows (you're redirected to their site when RSVPing)

Each of these has its own privacy policy and DPA. Where any of them transfer data outside the EU, they rely on standard contractual clauses.

How long I keep things

  • Newsletter email — until you unsubscribe
  • Contact-form message — 12 months, then deleted unless part of an active booking conversation
  • Analytics data — 14 months (GA default)
  • Order & invoice records — 7 years (required by Czech accounting law)

Your rights under GDPR

You can ask me to:

  • Show you what data I have about you (access)
  • Fix anything that's wrong (rectification)
  • Delete it (erasure / 'right to be forgotten')
  • Stop using it for a specific purpose (object / restrict)
  • Export it in a machine-readable format (portability)
  • Withdraw any consent you gave — without affecting past lawful processing

Email luckysingsinbox@gmail.com and I'll respond within 30 days. You can also lodge a complaint with the Czech Data-Protection Authority (Úřad pro ochranu osobních údajů, uoou.gov.cz).

Changes to this policy

If I change anything material, I'll update the 'Last updated' date at the top and, for significant changes, note them on the homepage.