Data Privacy Policy

Information pursuant to Articles 13, 14 and 21 of the EU General Data Protection Regulation (GDPR).

Preamble

We hereby inform you about our processing of your personal data and the claims and rights to which you are entitled according to data protection regulations. The exact type of data that is processed and how it is used is determined by the services you have requested or that have been arranged with you.

1. Who is responsible for data processing and who can I contact?

The person responsible is:

Fotografen Online Service GmbH
Greifswalder Str. 207
10405 Berlin, Germany

hereinafter “GotPhoto“

Please feel free to contact our data protection officer: privacy@gotphoto.com

2. What sources and data do we use?

We process the personal data that we receive from you as part of our business relationship. In addition, we process, to the extent necessary for the provision of our services, personal data that we receive from other sources (e.g. our customers as a data processor) in a legally permissible way (e.g. to execute orders, to fulfil contracts or on the basis of a consent granted by you). We are also permitted to process personal data which we may have obtained from publicly available sources (e.g. debtor directories, press, media) in a legally permissible way. Relevant personal data are personal details and contact details (name, address, telephone number and email address). In addition, this may also include order data or data from the fulfilment of our contractual obligations, such as advertising and sales data, documentation data, data on your use of our tele-media offerings, as well as other data comparable with the aforementioned categories.

3. Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR).

3.1 To fulfil contractual obligations (Art. 6 (1) letter. b GDPR)

The processing of personal data is carried out for the provision of our electronic services and in particular also to carry out our contracts or pre-contractual measures with you. The purposes of data processing are primarily obligations arising from the sales contract in which you enter with us by placing an order in our shop and can include, among other things, reminders of important events. You can find further details about the purpose of data processing in the respective terms and conditions.

3.2 In the context of the balancing of interests (Art. 6 (1) letter f GDPR)

If necessary, we process your data beyond the actual fulfilment of the contract in order to protect our own legitimate interests or those of third parties. For: advertising or market and opinion research, insofar as you have not objected to the use of your data; the enforcement of legal claims and defence in legal disputes; ensuring IT security; prevention and investigation of criminal offences; measures for business management and further development of services and products.

We also process personal data when you contact us through our contact formular. We process any data you include in the formular. These data are needed to process and respond to your inquiry or request. As soon as your inquiry or request has been solved, we delete your data.

3.3 On the basis of your consent (Art. 6 (1) letter a GDPR)

If you have given us consent to the processing of personal data for certain purposes (e.g. contacting you for verification), the legality of such processing is based on your consent. You may revoke your consent at any time with effect for the future. Please note that the revocation only takes effect in the future. Processing carried out before the revocation remains unaffected.

3.4 Pursuant to legal requirements (Art. 6 (1) letter c GDPR) or in the public interest (Art. 6 (1) letter e GDPR)

We also process personal data on the basis of legal requirements. For example, we store invoice data (name, address) on the basis of existing legislation, such as the retention obligations arising from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Tax Code (Abgabenordnung, AO), as our business is located in Germany.

4. Who gets my data?

In the course of using the services of GotPhoto, your data will be received by those who require the data to fulfil our contractual and legal obligations. Our processors (Art. 28 GDPR) may also receive data for these purposes. These are companies in the IT Services, photo labs, social media companies, mail distribution services categories. A data transfer to recipients external to GotPhoto takes place only if legal provisions so permit and you have given your consent or we are authorised to issue such information. Under these conditions, recipients of personal data may be, for example: public bodies and institutions (e.g. supervisory authorities) in the presence of a statutory or official obligation.

5. How long will my data be stored?

Where necessary, we process and store your personal data to the extent necessary to comply with our contractual obligations. In addition, we are subject to various retention and documentation obligations. The time limits for storage and documentation can be two to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which are usually three years, but can also be up to thirty years in certain cases.

6. Is data transmitted to a third country or to an international organisation?

Data transmission to third countries (states outside the European Economic Area, EEA) takes place only to the extent necessary to fulfil our contractual requirements towards you, if required by law, or if you have given us your consent. We will inform you separately about the details if doing so is required by law.

7. What data privacy rights do I have?

Each person concerned shall have the right to information according to Art. 15 of the GDPR, the right to rectification under Art. 16 GDPR, the right to deletion in accordance with Art. 17 GDPR, the right to restrict the data processing according to Art. 18 GDPR and the right to data transferability under Art. 20 GDPR. In the right to information and the right to deletion, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR).

8. Is there a duty for me to provide data?

In the context of our business relationship, you must provide only the personal data necessary for the establishment, execution and termination of a business relationship or for which we are legally obliged to collect. Without this data, we will usually have to reject the conclusion of the contract or the execution of the order or will no longer be able to execute an existing contract and may have to terminate. Furthermore, it is necessary for us to request additional data for the provision of paid services, including how to process your desired payment method

9. Newsletter

When you register to receive our notifications by email and/or SMS, the data you provide will be used exclusively for this purpose. We log your consent to receive the notification, including your IP address. No further data will be collected. The data will only be used for sending notifications and will be passed on to third parties only for the purpose of delivery. You can revoke your consent to the processing of your personal data and their use for sending notifications at any time. In each notification you will find an applicable link for revocation; in addition you can always send an objection by email to service@gotphoto.co.uk. Please note that the revocation will only take effect in the future. Processing carried out before the revocation remains unaffected.

10. Use of Cookies

What are cookies?

“Cookies” are text files that are stored on your computer that allow an analysis of your use of the website.

What exactly do cookies do?

The information generated by the cookie about your use of this website is usually transferred to a server and stored there. However, due to the activation of IP anonymisation on some websites, your IP address is sometimes shortened in advance within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Depending on the service provider, such an IP address is stored truncated.

What are the transferred data used for?

On behalf of GotPhoto, the third party will use this information to analyse your use of the website, to compile reports on the activities of the website and to provide further services to the website operator related to the use of the website and the Internet.

How do I turn off cookies?

You can prevent the storage of cookies by changing the corresponding setting in your browser software; however, we would point out that in this case you may not be able to use all the functions of this website to their full extent.
If you would like to revoke this consent, simply delete the cookie in your browser or use the “Change cookie settings” button. When you re-enter / reload the website, you will be asked again for your cookie consent.

Cookie-Einstellungen ändern

Which third-party cookies are used?

We use the following third-party cookies on our website:

11. Google Services

We use the Google services listed in this section on our website (Google Ireland Limited Gordon House, Barrow Street Dublin 4th Ireland) if you have given us your consent to the individual Google services in the website’s cookie banner.

General information on cooperation with Google: The following information applies to all Google services and generally to our cooperation with Google. The information collected by Google services is also transmitted to Google based in the USA. For the USA there is currently no adequate level of protection established by the EU Commission. Insofar as personal data is transferred to Google’s servers in the USA and stored and processed there, we have concluded the standard data protection clauses adopted by the EU Commission with Google, which allow the transfer of personal data to the USA. A copy of the standard data protection clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087. You can find more information on data protection at Google at https://policies.google.com/privacy?hl=en.

11.1 Google Analytics

Our website uses Google Analytics, a web analysis service from Google, if you have given us your consent.

a) Details on data processing

Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. With the activation of the IP anonymization on our website (see below), however, your IP address will be shortened beforehand by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. Data transfers outside the European Union and the European Economic Area are based on the standard data protection clauses adopted by the EU Commission, which allow personal data to be transferred to the USA. Under “General information on cooperation with Google” you will find further information on data transfers in connection with Google services. On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.
We would like to point out that Google Analytics has been expanded to include the code “gat._anonymizeIp ();” on our website in order to ensure that IP addresses are recorded anonymously. Google Analytics enables the creation of statistics on website usage and its sources. Google will use this information to evaluate the use of our online offer in order to compile reports on the activities within this online offer. In doing so, pseudonymous usage profiles are created from the processed data. The retention period agreed with Google for user and event data linked to cookies, user IDs and advertising IDs is 26 months from the time you give your consent. We use Google Analytics for statistical purposes, e.g. to keep track of how many users have clicked on a certain element or information. This website continues to use the “demographic characteristics” function of Google Analytics. This allows reports to be created that contain statements on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the processing of your data by Google Analytics.

The legal basis for data processing is your consent (Art. 6 Para. 1 lit. a GDPR), which you can give in our cookie banner.

b) Revocation of your consent

You can revoke your consent within the meaning of Article 6 (1) (a) GDPR at any time with effect for the future by calling up our Consent Manager and deselecting the relevant data processing.

Cookie-Einstellungen ändern

c) More information

You can find more information on the terms of use and data protection at Google Analytics at https://policies.google.com/privacy?hl=en.

11.2 Google Web Fonts

a) Details on data processing

We use fonts from Google Ireland Limited, Gordon House, Barrow Street Dublin 4. Ireland (“Google”) on our website. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. We use Google Fonts to present our website in an appealing way. We also use Google Fonts to improve the loading speed of our website. The legal basis for data processing is Art. 6 Par. 1 S. 1 lit. a GDPR. Data transfers outside the European Union and the European Economic Area are based on the standard data protection clauses adopted by the EU Commission, which allow personal data to be transferred to the USA. Under “General information on cooperation with Google” you will find further information on data transfers in connection with Google services.

Further information on the duration of data storage can be found in Google’s data protection declaration (https://policies.google.com/technologies/retention).

b) Revocation of your consent

You can revoke your consent within the meaning of Article 6 (1) (a) GDPR at any time with effect for the future by calling up our Consent Manager and deselecting the relevant data processing.

Cookie-Einstellungen ändern

12. Facebook Services

12.1 Facebook Social Graph

We use a web tracking service from Facebook (Facebook Ireland Limited, 4 Grand Canal Square, 2 Dublin, Ireland) on our website. As part of web tracking, Facebook Social Graph uses cookies that are stored on your computer and that allow an analysis of the use of our website and your surfing behavior in order to be able to make our offers even more attractive for you. Your IP address and your interactions with our website are processed by Facebook. The legal basis for data processing is Article 6 (1) (a) GDPR. Insofar as personal data is transferred to Facebook servers in the USA and stored and processed there, Facebook Ireland Ltd., 4 Grand Canal Square, 2 Dublin, Ireland has the standard data protection clauses adopted by the EU Commission with the Facebook companies based in the USA concluded, which allow a transfer of personal data to the USA in individual cases. We do not save any personal data through the use of the Facebook Social Graph.

Further information on data protection on Facebook can be found at: https://www.facebook.com/about/privacy.

13. Hotjar

Our website uses the Hotjar web analysis service from Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, Tel: +1 (855) 464-6788). Hotjar processes the screen size of your surfing device, the device type and browser information, the geographical location (only the country) and the preferred language in order to display our website. Areas of the websites in which personal data from you or third parties are displayed are automatically hidden by Hotjar and are therefore never traceable. In order to exclude a direct personal reference, IP addresses are only stored anonymously and processed further. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that is transmitted by your browser as part of web page requests. This would be, for example, cookies or your IP address.

The data protection declaration of Hotjar Ltd. can be found at: https://www.hotjar.com/privacy/

With Hotjar we can better understand the movements on our website (so-called heat maps). For example, it can be seen how far users scroll and which buttons users click and how often. The tool can also be used to obtain feedback directly from website users. This enables us to make our website even more user-friendly, more valuable and easier to use for end users. The legal basis for data processing is Article 6 (1) lit. a) GDPR.

14. New Relic

This website uses the New Relic tool from New Relic, Inc., a Delaware corporation with headquarters at 188 Spear Street, Suite 1200, San Francisco, CA 94105. A cookie placed on your device also enables your IP address to be processed. We use New Relic to be able to analyze the use of our website even better. The legal basis for data processing is Art. 6 Par. 1 S. 1 lit. a GDPR. Insofar as personal data is transferred to New Relic’s servers in the USA and stored and processed there, we have concluded the standard data protection clauses adopted by the EU Commission with New Relic, which allow the transmission of personal data to the USA in individual cases. The data processed by you by New Relic can be viewed by us for 12 months.

Further information on data protection can be found at: https://newrelic.com/termsandconditions/privacy.

15. Social media plugins

We do not use any social media plugins on our website. However, forwarding to a social media website is possible. Once you use one of the forwarding to a social media website you will be directed to the respective side directly.

Please accept that we have no control if and which data will be collected from these sides.

Please find below a list of social media website with an active forwarding:

As of: 15 May 2018

Information about your right to object

According to Art. 21 GDPR

1. General right to object

You have the right, for reasons arising from your particular situation, to file an objection at any time to the processing of personal data relating to you, on the basis of Art. 6 (1) letter f GDPR (data processing based on the balancing of interests). If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcement, exercise or defence of legal claims.

2. Right to object against the processing of data for direct marketing purposes

In individual cases we process your personal data in order to perform direct marketing. You have the right at any time to object to the processing of personal data relating to you for the purpose of such marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection must be addressed in writing by email to the following contact person:

GotPhoto

support@gotphoto.co.uk