Legal

Privacy
Policy.

Version v2 · Last updated May 27, 2026

1. Overview

Alta Studio is a photography studio website operated by NetViper in Athens, Greece.

This Privacy Policy explains how NetViper collects, uses, stores, and protects personal data when you visit altastudio.gr, submit an inquiry, access a private gallery, download photographs, subscribe to updates, or otherwise interact with Alta Studio.

Alta Studio is designed to avoid unnecessary tracking. We do not use advertising pixels, third-party analytics platforms, social-media tracking widgets, third-party font requests, or behavioral profiling systems.

We process personal data only for the purposes described in this Policy, including operating the website, responding to inquiries, delivering photography services, protecting private galleries, maintaining security, and complying with legal obligations.

2. Data Controller

For purposes of the General Data Protection Regulation (GDPR), the data controller is:

NetViper
Operating Alta Studio
Athens, Greece
Website: altastudio.gr
Legal and privacy contact: info@netviper.gr

All legal, privacy, and GDPR requests should be sent to info@netviper.gr or submitted through the GDPR request form.

3. Scope of This Policy

This Policy applies to:

  • Visitors to altastudio.gr
  • People who submit inquiries through the contact form
  • Clients who commission photography services
  • People who access private galleries
  • People who appear in photographs hosted or published by Alta Studio
  • People who subscribe to blog or email updates, if that feature is enabled

This Policy does not replace any signed photography agreement, model release, image-use agreement, invoice terms, or other written contract between a client and Alta Studio or NetViper. If a signed client contract contains more specific terms, that contract controls the services covered by it.

4. Data We Collect

Depending on how you use the website, we may collect the following categories of data.

4.1 Technical Request Data

When you load a page, our self-hosted defensive request-logging and security layer may record:

  • IP address
  • Browser user-agent
  • Requested URL or page path
  • Referring URL, if provided by your browser
  • HTTP status code
  • Timestamp of the request
  • Approximate country derived from the IP address
  • Autonomous System Number (ASN) or similar network information derived from the IP address

This information is used for security, abuse prevention, troubleshooting, reliability, and infrastructure defense. We do not use this information for advertising, behavioral profiling, or cross-site tracking.

4.2 Contact Form and Inquiry Data

If you submit an inquiry through the website, we may collect:

  • Name
  • Email address
  • Phone number, if provided
  • Session or event details you provide
  • Message content
  • IP address and timestamp of submission
  • Record of your consent or acknowledgment of this Policy

We use this information to respond to your inquiry, discuss potential services, prepare bookings, deliver photography services, and maintain a record of communications.

4.3 Private Gallery Access Data

Private galleries are accessed through unique, hard-to-guess links. A private gallery may also use a password, PIN, email gate, or other access-control mechanism.

Depending on the gallery settings, we may collect:

  • Name and email address entered through an email gate
  • Gallery access timestamps
  • Gallery opens
  • Individual photo views
  • Favorite selections or shortlist activity
  • Download activity, including individual photo or ZIP downloads
  • IP address and browser user-agent associated with access, views, selections, or downloads

These features are used to protect gallery access, confirm delivery, assist with client selections, prepare final image delivery, investigate misuse, and maintain service records.

Private gallery tracking features may be enabled or disabled depending on the gallery configuration and client requirements.

4.4 Client and Gallery Metadata

A gallery may include client-related metadata, such as:

  • Client name or project name
  • Session name
  • Event name
  • Gallery title
  • Delivery status
  • Expiration date
  • Internal notes required to manage the photography service

This information is used to organize and deliver photography work.

4.5 Photographs and Likenesses

Photographs may contain identifiable images of people. A photograph may therefore be personal data under GDPR when a person can be identified from it.

Depending on the session, photographs may also reveal contextual information, such as family relationships, event attendance, religious ceremonies, health context, intimate settings, or other sensitive circumstances.

Alta Studio processes photographs to provide photography services, deliver galleries, preserve client work, maintain studio records, and use images for portfolio, website, social media, promotional, advertising, editorial, and studio marketing purposes where permitted by contract or applicable law.

Public-facing photographs are used only where Alta Studio or NetViper has the necessary contractual rights, permissions, releases, ownership, license, legitimate basis, or other legal basis to do so.

If you appear in a public-facing photograph on this website and would like it reviewed or removed, contact info@netviper.gr.

4.6 Blog or Email Subscription Data

If blog subscription, newsletter, or email-update features are enabled, we may collect:

  • Email address
  • Name, if requested
  • Subscription preferences
  • IP address and timestamp of subscription
  • Unsubscribe or consent records

We will use this information only to send the updates you requested or consented to receive. We do not sell subscription lists or share them with advertising networks.

5. Purposes of Processing

We process personal data for the following purposes:

  • Operating altastudio.gr
  • Protecting the website, server, forms, galleries, and dashboard from abuse
  • Responding to inquiries
  • Preparing and delivering photography services
  • Managing private gallery access
  • Confirming gallery delivery, views, selections, and downloads
  • Supporting client image selection and final delivery
  • Preserving photography work for client service, contract, archive, and legal purposes
  • Publishing portfolio and marketing images where permitted
  • Managing blog or email subscriptions, if enabled
  • Detecting scraping, unauthorized access, brute-force attempts, spam, and malicious traffic
  • Troubleshooting errors and maintaining system reliability
  • Complying with legal, tax, accounting, contract, and dispute-resolution obligations

We do not use personal data for third-party advertising, behavioral advertising, cross-site tracking, or sale to data brokers.

6. Lawful Bases Under GDPR

Where GDPR applies, we rely on the following lawful bases.

6.1 Legitimate Interests

We process technical request data, security logs, abuse-prevention data, gallery access logs, and certain delivery records under GDPR Article 6(1)(f), based on our legitimate interest in operating a secure, reliable, abuse-resistant photography service.

This includes preventing unauthorized gallery access, detecting malicious traffic, confirming delivery, investigating misuse, and protecting our infrastructure, clients, images, and business.

6.2 Contract and Pre-Contract Steps

We process inquiry data, client communications, gallery delivery data, client metadata, photographs, selections, and downloads where processing is necessary to take steps before entering into a contract or to perform a photography contract under GDPR Article 6(1)(b).

6.3 Consent

We may rely on consent under GDPR Article 6(1)(a) where consent is the appropriate basis, including optional blog or newsletter subscriptions, optional communications, or specific uses that require separate consent.

Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect processing that occurred before withdrawal.

6.4 Legal Obligations

We may process and retain certain records where required for legal, accounting, tax, contract, dispute-resolution, or regulatory obligations under GDPR Article 6(1)(c).

6.5 Contractual Image-Use Rights

For commissioned photography services, image-use rights may be governed by the signed client contract.

By signing the applicable Alta Studio service agreement, the client may grant Alta Studio and NetViper permission to use selected photographs for portfolio, website, social media, promotional, advertising, editorial, and studio marketing purposes, unless a different written agreement is negotiated and accepted before the contract is signed.

Clients who do not agree to the standard image-use terms should not sign the service agreement. Alta Studio may decline work where requested confidentiality restrictions materially conflict with the studio’s standard contract, portfolio model, or creative or commercial requirements.

Intimate, boudoir, nude, medical, or similarly sensitive photographs are not published or used for marketing without separate explicit written approval.

7. Cookies

Alta Studio uses only cookies that are necessary for website operation, security, gallery access, language preference, or cookie-notice state.

We do not use analytics cookies, advertising cookies, remarketing cookies, social-media tracking cookies, or third-party tracking cookies.

Cookies used by the website may include:

CookiePurpose
sessionidKeeps authorized sessions active for private galleries and the photographer dashboard.
csrftokenProtects forms against cross-site request forgery.
alta_viewer_<id>Remembers the name and email entered for an email-gated private gallery so they do not need to be re-entered every session. This cookie is signed to prevent tampering.
alta_consentRecords that the cookie notice has been dismissed.
django_languageRemembers the selected language, such as Greek or English.

More detail is available in the Cookie Policy.

8. Service Providers and Infrastructure

Alta Studio is operated by NetViper using NetViper-controlled software and security systems.

The website, application, gallery system, and security stack are custom-built and operated by NetViper. Security monitoring, request logging, defensive analytics, and abuse detection are processed on NetViper-controlled infrastructure and are not sent to third-party analytics or advertising services.

Infrastructure may include:

  • Application hosting through EU-based Hetzner infrastructure
  • Managed database, cache, or object-storage infrastructure through EU-region DigitalOcean services
  • Object storage for gallery assets hosted in EU-based infrastructure
  • Business email handled through Google Workspace/Gmail

We do not sell personal data. We do not share personal data with advertising networks, data brokers, or remarketing platforms.

We may disclose information only where necessary to operate the service, comply with law, enforce agreements, protect rights, investigate abuse, or respond to valid legal requests.

9. International Transfers

Alta Studio is operated for Greece and the European Union, and the core website and gallery infrastructure are hosted in the European Union.

Some operational services, such as business email through Google Workspace/Gmail, may involve processing or access outside Greece or the European Economic Area depending on the provider’s infrastructure and configuration.

Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards where required by law, such as contractual protections, provider compliance commitments, or other legally recognized transfer mechanisms.

10. Data Retention

We retain personal data only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required for legal, tax, contract, accounting, dispute-resolution, or security reasons.

Current retention periods are:

Data CategoryRetention Period
Inquiry records24 months
Gallery viewer records24 months after the gallery expires
Gallery view logs12 months
Download logs24 months
Security request logs90 days live, with aggregated security retention up to 13 months
Photograph originalsTypically 5 years, unless a different contract, legal, archive, or client-delivery reason applies
Blog or newsletter subscription recordsUntil unsubscribe, deletion request, or account/list cleanup

Photograph originals may be retained to support client delivery, re-delivery, archival continuity, contract performance, legal claims, tax/accounting records, or studio portfolio rights.

Deletion of gallery access records does not automatically require deletion of photographs where those photographs are retained under contract, legal obligation, legitimate interest, or studio image-use rights.

11. GDPR Rights

Where GDPR applies, you may have the right to:

  • Request access to personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of personal data where applicable
  • Request restriction of processing
  • Object to certain processing
  • Request a portable copy of certain data
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Hellenic Data Protection Authority

To exercise your rights, contact info@netviper.gr or use the GDPR request form.

We may need to verify your identity before disclosing, correcting, restricting, or deleting data. For server logs or gallery access records, we may need sufficient identifying context, such as email address, gallery link, IP address, approximate timestamp, or other information that allows us to locate the relevant records.

We will respond to GDPR requests within 30 days unless the law allows an extension due to complexity or volume.

12. GDPR Deletion and Request Form

Alta Studio provides a GDPR request form.

This form may be used to request deletion or other privacy actions. Requests submitted through the form are tracked in the backend and escalated urgently to the responsible operator or processor for review.

Submitting a deletion request does not guarantee immediate deletion of every record. Certain records may be retained where necessary for legal obligations, contract performance, tax/accounting requirements, security investigations, fraud prevention, dispute handling, or establishment, exercise, or defense of legal claims.

If your request relates to a photograph in which you appear, please provide enough detail for us to identify the image, such as the gallery link, event name, approximate date, image filename, screenshot, or page URL.

13. Public Images and Removal Requests

If you appear in a public-facing image on altastudio.gr or an Alta Studio-controlled social-media or marketing channel and you want the image reviewed, contact info@netviper.gr.

Please include enough information to identify the image, such as the page URL, social-media post link, event name, approximate date, image filename, or a screenshot.

Alta Studio will review the request and remove or restrict the image where legally required or otherwise appropriate. Some image-use rights may be governed by a signed client contract, model release, event agreement, or other legal basis.

14. Security

Alta Studio uses technical and organizational measures designed to protect personal data and private galleries.

These measures may include:

  • HTTPS encryption
  • HTTP Strict Transport Security (HSTS)
  • Self-hosted NetViper defensive middleware
  • Request filtering and abuse detection
  • Admin access restrictions
  • Geofencing where appropriate
  • Fail2ban or equivalent defensive controls
  • Password and PIN hashing using Django password-hashing mechanisms
  • Signed cookies where appropriate
  • Limited access to backend systems
  • No plaintext logging of private gallery passwords or PINs

No website or online service can guarantee absolute security. If we become aware of a security incident affecting personal data, we will assess it and take action as required by applicable law.

15. Children and Minors

Alta Studio may photograph families, events, or sessions involving children or minors where arranged by a parent, guardian, school, organization, or commissioning client.

Private gallery access for minors should be managed by the responsible adult or commissioning client. Public use of images involving minors is governed by the applicable client contract, release, permission, or legal basis.

If you are a parent or guardian and have a concern about a photograph of a minor, contact info@netviper.gr.

16. Third-Party Links

The website may contain links to third-party websites, platforms, or social-media pages. Alta Studio and NetViper are not responsible for the privacy practices, content, or security of third-party websites.

You should review the privacy policies of any third-party website you visit.

17. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be reflected by updating the “Last updated” date at the top of this page.

Material changes may also be communicated through the website where appropriate.

18. Contact

For legal, privacy, GDPR, or data-protection requests, contact:

NetViper
Operating Alta Studio
Athens, Greece
Email: info@netviper.gr
Website: altastudio.gr

Privacy Terms Cookies Gallery Terms Image Use GDPR Requests

Alta Studio uses only necessary cookies for security, private gallery access, language preference, and remembering this notice. We do not use advertising cookies, analytics cookies, or third-party tracking cookies. Cookie Policy.