Privacy Policy

Last updated: April 2026

This Privacy Policy explains how Música, Arte, Innovación y Kreatividad, S.L. (operating as maik. studio, hereinafter "MAIK", "we", "us") processes personal data collected through wearemaik.com, in compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

1. Data Controller

Controller: Música, Arte, Innovación y Kreatividad, S.L. (operating as maik. studio).

Tax ID (NIF): B75939629.

Registered office: Paseo de la Florida 6, 5th floor (Left), 33012 Oviedo, Asturias, Spain.

Registered at the Asturias Mercantile Registry. Incorporation date: 2025-04-03.

Operations: Barcelona, Spain.

Contact: [email protected].

2. Data we collect

We process the following categories of personal data, only when you actively provide them:

  • Identification and contact data submitted via our contact form: name, email address, optional event type, and the message you write.
  • Email address submitted via our newsletter form.
  • Connection data automatically logged for security and operations: IP address, browser, operating system, and timestamp.
  • Cookies and similar technologies, only those strictly necessary or those for which you have given consent (see our cookie banner).

3. Purposes and legal basis

  • Replying to enquiries you send us — legal basis: pre-contractual measures and your request (Art. 6.1.b GDPR).
  • Sending newsletter emails about events and experiences — legal basis: your explicit consent (Art. 6.1.a GDPR), revocable at any time.
  • Operating the website and protecting it from abuse (rate limiting, spam filtering) — legal basis: our legitimate interest (Art. 6.1.f GDPR).
  • Complying with legal obligations — legal basis: Art. 6.1.c GDPR.

4. Data retention

Contact form submissions: kept for the time strictly necessary to respond and, where applicable, for the legal terms relating to civil and commercial liability (up to 5 years).

Newsletter subscribers: kept until you unsubscribe.

Server logs: kept for a maximum of 90 days unless required for security investigation.

5. Data recipients and processors

We rely on the following processors who process data on our behalf under written contracts compliant with Art. 28 GDPR:

  • Hostinger International Ltd. — VPS hosting (servers in the EU).
  • Cloudflare, Inc. — CDN, DNS and security layer (data may transit through global infrastructure under EU SCCs and DPF where applicable).
  • Resend Inc. — transactional email and newsletter delivery (EU region used by default).
  • Functional Software, Inc. (Sentry) — error monitoring (EU region).

6. International transfers

Some processors are based in the United States. Where data is transferred outside the EEA, we rely on EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework, as published by the providers.

7. Your rights

Under GDPR and LOPDGDD you have the right to:

  • Access, rectify, erase, port, restrict or object to the processing of your personal data.
  • Withdraw your consent at any time, without affecting prior lawful processing.
  • Lodge a complaint with the Spanish Data Protection Authority (AEPD) at www.aepd.es if you believe your rights have been infringed.

8. How to exercise your rights

You can exercise any of these rights free of charge by emailing [email protected] with proof of identity. We will respond within one month.

9. Security

We apply appropriate technical and organisational measures: HTTPS-only connections, encrypted disk storage, restricted access, strong authentication, and regular security updates.

10. Changes

We may update this policy to reflect changes in our practices or applicable law. The "Last updated" date at the top will be revised accordingly. Material changes will be communicated via the website.

11. Contact

For any privacy-related question, write to [email protected].