Data Privacy Policy

Information pursuant to Articles 13, 14 and 21 of the EU General Data Protection Regulation (GDPR).

Preamble

We hereby inform you about our processing of your personal data and the claims and rights to which you are entitled according to data protection regulations. The exact type of data that is processed and how it is used is determined by the services you have requested or that have been arranged with you.

1. Who is responsible for data processing and who can I contact?

The person responsible is:

Fotografen Online Service GmbH
Greifswalder Str. 207
10405 Berlin, Germany

hereinafter “GotPhoto“

Please feel free to contact our data protection officer: privacy@gotphoto.com

2. What sources and data do we use?

We process the personal data that we receive from you as part of our business relationship. In addition, we process, to the extent necessary for the provision of our services, personal data that we receive from other sources (e.g. our customers as a data processor) in a legally permissible way (e.g. to execute orders, to fulfil contracts or on the basis of a consent granted by you). We are also permitted to process personal data which we may have obtained from publicly available sources (e.g. debtor directories, press, media) in a legally permissible way. Relevant personal data are personal details and contact details (name, address, telephone number and email address). In addition, this may also include order data or data from the fulfilment of our contractual obligations, such as advertising and sales data, documentation data, data on your use of our tele-media offerings, as well as other data comparable with the aforementioned categories.

3. Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR).

3.1 To fulfil contractual obligations (Art. 6 (1) letter. b GDPR)

The processing of personal data is carried out for the provision of our electronic services and in particular also to carry out our contracts or pre-contractual measures with you. The purposes of data processing are primarily obligations arising from the sales contract in which you enter with us by placing an order in our shop and can include, among other things, reminders of important events. You can find further details about the purpose of data processing in the respective terms and conditions.

3.2 In the context of the balancing of interests (Art. 6 (1) letter f GDPR)

If necessary, we process your data beyond the actual fulfilment of the contract in order to protect our own legitimate interests or those of third parties. For: advertising or market and opinion research, insofar as you have not objected to the use of your data; the enforcement of legal claims and defence in legal disputes; ensuring IT security; prevention and investigation of criminal offences; measures for business management and further development of services and products.

We also process personal data when you contact us through our contact formular. We process any data you include in the formular. These data are needed to process and respond to your inquiry or request. As soon as your inquiry or request has been solved, we delete your data.

3.3 On the basis of your consent (Art. 6 (1) letter a GDPR)

If you have given us consent to the processing of personal data for certain purposes (e.g. contacting you for verification), the legality of such processing is based on your consent. You may revoke your consent at any time with effect for the future. Please note that the revocation only takes effect in the future. Processing carried out before the revocation remains unaffected.

3.4 Pursuant to legal requirements (Art. 6 (1) letter c GDPR) or in the public interest (Art. 6 (1) letter e GDPR)

We also process personal data on the basis of legal requirements. For example, we store invoice data (name, address) on the basis of existing legislation, such as the retention obligations arising from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Tax Code (Abgabenordnung, AO), as our business is located in Germany.

4. Who gets my data?

In the course of using the services of GotPhoto, your data will be received by those who require the data to fulfil our contractual and legal obligations. Our processors (Art. 28 GDPR) may also receive data for these purposes. These are companies in the IT Services, photo labs, social media companies, mail distribution services categories. A data transfer to recipients external to GotPhoto takes place only if legal provisions so permit and you have given your consent or we are authorised to issue such information. Under these conditions, recipients of personal data may be, for example: public bodies and institutions (e.g. supervisory authorities) in the presence of a statutory or official obligation.

5. How long will my data be stored?

Where necessary, we process and store your personal data to the extent necessary to comply with our contractual obligations. In addition, we are subject to various retention and documentation obligations. The time limits for storage and documentation can be two to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which are usually three years, but can also be up to thirty years in certain cases.

6. Is data transmitted to a third country or to an international organisation?

Data transmission to third countries (states outside the European Economic Area, EEA) takes place only to the extent necessary to fulfil our contractual requirements towards you, if required by law, or if you have given us your consent. We will inform you separately about the details if doing so is required by law.

7. What data privacy rights do I have?

Each person concerned shall have the right to information according to Art. 15 of the GDPR, the right to rectification under Art. 16 GDPR, the right to deletion in accordance with Art. 17 GDPR, the right to restrict the data processing according to Art. 18 GDPR and the right to data transferability under Art. 20 GDPR. In the right to information and the right to deletion, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR).

8. Is there a duty for me to provide data?

In the context of our business relationship, you must provide only the personal data necessary for the establishment, execution and termination of a business relationship or for which we are legally obliged to collect. Without this data, we will usually have to reject the conclusion of the contract or the execution of the order or will no longer be able to execute an existing contract and may have to terminate. Furthermore, it is necessary for us to request additional data for the provision of paid services, including how to process your desired payment method

9. Newsletter

When you register to receive our notifications by email and/or SMS, the data you provide will be used exclusively for this purpose. We log your consent to receive the notification, including your IP address. No further data will be collected. The data will only be used for sending notifications and will be passed on to third parties only for the purpose of delivery. You can revoke your consent to the processing of your personal data and their use for sending notifications at any time. In each notification you will find an applicable link for revocation; in addition you can always send an objection by email to service@gotphoto.co.uk. Please note that the revocation will only take effect in the future. Processing carried out before the revocation remains unaffected.

10. Use of Cookies

What are cookies?

“Cookies” are text files that are stored on your computer that allow an analysis of your use of the website.

What exactly do cookies do?

The information generated by the cookie about your use of this website is usually transferred to a server and stored there. However, due to the activation of IP anonymisation on some websites, your IP address is sometimes shortened in advance within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Depending on the service provider, such an IP address is stored truncated.

What are the transferred data used for?

On behalf of GotPhoto, the third party will use this information to analyse your use of the website, to compile reports on the activities of the website and to provide further services to the website operator related to the use of the website and the Internet.

How do I turn off cookies?

You can prevent the storage of cookies by changing the corresponding setting in your browser software; however, we would point out that in this case you may not be able to use all the functions of this website to their full extent.
If you would like to revoke this consent, simply delete the cookie in your browser or use the “Change cookie settings” button. When you re-enter / reload the website, you will be asked again for your cookie consent.

Cookie-Einstellungen ändern

Which third-party cookies are used?

We use the following third-party cookies on our website:

11. Google Services

We use the Google services listed in this section on our website (Google Ireland Limited Gordon House, Barrow Street Dublin 4th Ireland) if you have given us your consent to the individual Google services in the website’s cookie banner.

General information on cooperation with Google: The following information applies to all Google services and generally to our cooperation with Google. The information collected by Google services is also transmitted to Google based in the USA. For the USA there is currently no adequate level of protection established by the EU Commission. Insofar as personal data is transferred to Google’s servers in the USA and stored and processed there, we have concluded the standard data protection clauses adopted by the EU Commission with Google, which allow the transfer of personal data to the USA. A copy of the standard data protection clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087. You can find more information on data protection at Google at https://policies.google.com/privacy?hl=en.

11.1 Google Analytics

Our website uses Google Analytics, a web analysis service from Google, if you have given us your consent.

a) Details on data processing

Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. With the activation of the IP anonymization on our website (see below), however, your IP address will be shortened beforehand by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. Data transfers outside the European Union and the European Economic Area are based on the standard data protection clauses adopted by the EU Commission, which allow personal data to be transferred to the USA. Under “General information on cooperation with Google” you will find further information on data transfers in connection with Google services. On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.
We would like to point out that Google Analytics has been expanded to include the code “gat._anonymizeIp ();” on our website in order to ensure that IP addresses are recorded anonymously. Google Analytics enables the creation of statistics on website usage and its sources. Google will use this information to evaluate the use of our online offer in order to compile reports on the activities within this online offer. In doing so, pseudonymous usage profiles are created from the processed data. The retention period agreed with Google for user and event data linked to cookies, user IDs and advertising IDs is 26 months from the time you give your consent. We use Google Analytics for statistical purposes, e.g. to keep track of how many users have clicked on a certain element or information. This website continues to use the “demographic characteristics” function of Google Analytics. This allows reports to be created that contain statements on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the processing of your data by Google Analytics.

The legal basis for data processing is your consent (Art. 6 Para. 1 lit. a GDPR), which you can give in our cookie banner.

b) Revocation of your consent

You can revoke your consent within the meaning of Article 6 (1) (a) GDPR at any time with effect for the future by calling up our Consent Manager and deselecting the relevant data processing.

Cookie-Einstellungen ändern

c) More information

You can find more information on the terms of use and data protection at Google Analytics at https://policies.google.com/privacy?hl=en.

11.2 Google Ads Conversion Tracking

Our website uses Google Ads Conversion Tracking, a web analysis service from Google, if you have given us your consent.

a) Details on data processing

We use Google Ads Conversion Tracking to draw attention to our offers with the help of advertisements (Google Ads) on external websites and to measure the success of the advertisements. These advertisements are displayed by Google. We use Google Ads conversion cookies, which can be used to measure success measurement parameters such as the display of advertisements or clicks by visitors to third-party websites. If you access our website via a Google ad, Google Ads will store a cookie on your computer. These cookies lose their validity after 30 days. If the cookie has been saved in your browser and has not yet expired, we and Google can tell that you clicked on the ad and were redirected to our website. The unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and opt-out information are saved as analysis values ​​for this cookie.

A different cookie is assigned to each Google Ads customer. This means that cookies cannot be tracked via the websites of Google Ads customers. Google provides us with statistical evaluations. Based on these evaluations, we can see how effective and successful our advertisements are. If Google Ads Conversion is activated, your browser automatically connects directly to the Google server. By integrating Google Ads Conversion, Google receives the information that you have accessed the relevant part of our website or clicked on the ad from us. If you are registered with a Google service, Google can assign the visit to your account and your IP address. If you are not registered and logged in with Google, then Google also records your IP address. Data transfers outside the European Union and the European Economic Area are based on the standard data protection clauses adopted by the EU Commission, which allow personal data to be transferred to the USA. Under “General information on cooperation with Google” you will find further information on data transfers in connection with Google services.

If you take certain actions on our site, e.g. register as a photographer (so-called “conversion”), we will integrate a code provided by Google on the website that appears (“conversion page”). This causes your browser to connect to Google and transmit the content of the conversion cookie. In this way, Google records that your click on a certain advertisement led to a conversion with us and provides us with the result in a processed, statistical and, for us, non-personal form (“conversion tracking”). Information on data protection at Google and conversion tracking can be found at https://support.google.com/google-ads/answer/1722022?hl=en.

The legal basis for data processing is your consent (Art. 6 Para. 1 lit. a GDPR), which you can give in our cookie banner.

b) Revocation of your consent

You can revoke your consent within the meaning of Article 6 (1) (a) GDPR at any time with effect for the future by calling up our Consent Manager and deselecting the relevant data processing.

Cookie-Einstellungen ändern

11.3 Google Remarketing

Our website uses Google Remarketing, a web analysis service from Google, if you have given us your consent.

a) Details on data processing

If you visit certain pages on our website, e.g. start the registration process as a photographer, we have integrated a program code provided by Google for remarketing there. As a result, a key figure that Google previously saved in a cookie in your browser is transmitted to Google. According to Google, the code is only used to uniquely identify a web browser on a specific computer. Google records that you have previously accessed certain FDE websites (e.g. registration as a photographer). If you later enter search terms on Google or see advertisements from the Google network on other websites (e.g. on YouTube), we have the option of targeting our advertisements to you there (so-called “remarketing”). Your interaction with our websites is analyzed, e.g. which components of our website offer you have viewed, in order to be able to show you targeted advertising on other pages even after visiting our website. For this purpose, Google stores cookies on your device when you visit certain Google services or websites in the Google Display Network. These cookies are used to record your visits. Data transfers outside the European Union and the European Economic Area are based on the standard data protection clauses adopted by the EU Commission, which allow personal data to be transferred to the USA. Under “General information on cooperation with Google” you will find further information on data transfers in connection with Google services.

You can find information on data protection at Google and remarketing at https://policies.google.com/privacy or https://support.google.com/adwords/answer/2454000.

The legal basis for data processing is your consent (Art. 6 Para. 1 lit. a GDPR), which you can give in our cookie banner.

b) Revocation of your consent

You can revoke your consent within the meaning of Article 6 (1) (a) GDPR at any time with effect for the future by calling up our Consent Manager and deselecting the relevant data processing.

Cookie-Einstellungen ändern

11.4 DoubleClick by Google

a) Details on data processing

We use the online marketing tool DoubleClick by Google from Google Ireland Limited, Gordon House, Barrow Street Dublin 4. Ireland (“Google”). Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being displayed multiple times. In addition, DoubleClick can use cookie IDs to record so-called conversions that relate to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data that is collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or have clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google and have not logged in, there is a possibility that the provider will find out your IP address and save it. DoubleClick uses cookies to show ads that are relevant to users, to improve reports on campaign performance and to prevent a user from seeing the same ads multiple times.

The legal basis for processing your data is Art. 6 Par. 1 S. 1 lit. a GDPR. Data transfers outside the European Union and the European Economic Area are based on the standard data protection clauses adopted by the EU Commission, which allow personal data to be transferred to the USA. Under “General information on cooperation with Google” you will find further information on data transfers in connection with Google services. The data processed by you by Google can be viewed by us for 12 months.

b) Revocation of your consent

You can revoke your consent within the meaning of Article 6 (1) (a) GDPR at any time with effect for the future by calling up our Consent Manager and deselecting the relevant data processing.

Cookie-Einstellungen ändern

11.5 Google Web Fonts

a) Details on data processing

We use fonts from Google Ireland Limited, Gordon House, Barrow Street Dublin 4. Ireland (“Google”) on our website. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. We use Google Fonts to present our website in an appealing way. We also use Google Fonts to improve the loading speed of our website. The legal basis for data processing is Art. 6 Par. 1 S. 1 lit. a GDPR. Data transfers outside the European Union and the European Economic Area are based on the standard data protection clauses adopted by the EU Commission, which allow personal data to be transferred to the USA. Under “General information on cooperation with Google” you will find further information on data transfers in connection with Google services.

Further information on the duration of data storage can be found in Google’s data protection declaration (https://policies.google.com/technologies/retention).

b) Revocation of your consent

You can revoke your consent within the meaning of Article 6 (1) (a) GDPR at any time with effect for the future by calling up our Consent Manager and deselecting the relevant data processing.

Cookie-Einstellungen ändern

12. Facebook Services

12.1 Facebook Social Graph

We use a web tracking service from Facebook (Facebook Ireland Limited, 4 Grand Canal Square, 2 Dublin, Ireland) on our website. As part of web tracking, Facebook Social Graph uses cookies that are stored on your computer and that allow an analysis of the use of our website and your surfing behavior in order to be able to make our offers even more attractive for you. Your IP address and your interactions with our website are processed by Facebook. The legal basis for data processing is Article 6 (1) (a) GDPR. Insofar as personal data is transferred to Facebook servers in the USA and stored and processed there, Facebook Ireland Ltd., 4 Grand Canal Square, 2 Dublin, Ireland has the standard data protection clauses adopted by the EU Commission with the Facebook companies based in the USA concluded, which allow a transfer of personal data to the USA in individual cases. We do not save any personal data through the use of the Facebook Social Graph.

Further information on data protection on Facebook can be found at: https://www.facebook.com/about/privacy.

12.2 Facebook Custom Audience

We partly use the remarketing function Custom Audiences from Facebook (Facebook Ireland Limited, 4 Grand Canal Square, 2 Dublin, Ireland) on our website. You will be informed about this in advance by us in specific individual cases. The data you enter (in the current context of use: first and last name, email address, telephone number) are passed on to Facebook in hashed list form. By using Facebook Custom Audiences, users can be shown interest-related advertisements (“Facebook Ads”) when visiting the social network Facebook or other websites that also use the process. We are interested in showing you advertisements that are of interest to you in order to make our website and our offers more interesting for you. We have no influence on the further use of the data by Facebook for other purposes and therefore inform you according to our level of knowledge. By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website on our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. The legal basis for data processing is Article 6 Paragraph 1 S. 1 lit. a GDPR.
Insofar as personal data are transferred to Facebook servers in the USA and stored and processed there, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2 Dublin, Ireland has Facebook companies based in the USA that have been approved by the EU Commission Standard data protection clauses have been concluded that allow the transmission of personal data to the USA in individual cases. The targeting will be continued by Facebook as long as it is necessary to achieve the purpose or until you revoke your consent.

Further information on data protection on Facebook can be found at: https://www.facebook.com/about/privacy.

13. Hotjar

Our website uses the Hotjar web analysis service from Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, Tel: +1 (855) 464-6788). Hotjar processes the screen size of your surfing device, the device type and browser information, the geographical location (only the country) and the preferred language in order to display our website. Areas of the websites in which personal data from you or third parties are displayed are automatically hidden by Hotjar and are therefore never traceable. In order to exclude a direct personal reference, IP addresses are only stored anonymously and processed further. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that is transmitted by your browser as part of web page requests. This would be, for example, cookies or your IP address.

The data protection declaration of Hotjar Ltd. can be found at: https://www.hotjar.com/privacy/

With Hotjar we can better understand the movements on our website (so-called heat maps). For example, it can be seen how far users scroll and which buttons users click and how often. The tool can also be used to obtain feedback directly from website users. This enables us to make our website even more user-friendly, more valuable and easier to use for end users. The legal basis for data processing is Article 6 (1) lit. a) GDPR.

14. Wistia

We use the service for hosting and embedding videos from Wistia (Wistia, Inc., 120 Brookline Street, Cambridge, Massachusetts, 02139 USA) on our website. Wistia collects data about the user’s video usage, such as: B. How much of the called video was viewed, at what point in time the video was paused or continued at another point, how many videos and how often they were viewed. The IP address, device class (“desktop”, “mobile”), operating system, browser, embbeded URL (page on which the video is played), internet provider, location, region and country, session start time (date and time of the first video view per video). The legal basis for this processing is Article 6 (1) (a) GDPR. Insofar as personal data is transferred to the Wistia server in the USA and stored and processed there, we have concluded the standard data protection clauses adopted by the EU Commission with Wistia, which allow the transmission of personal data to the USA in individual cases. The storage period of the personal data processed by Wistia depends on their type. For more information, please refer to the Wistia data protection declaration (https://wistia.com/privacy) under point VI.

Further information on data protection at Wistia can be found at: https://wistia.com/privacy.

15. Hubspot

Our website uses a tracking tool from Hubspot (HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland) with which we can analyze the visitor’s interaction with our website. The IP address, the geographical location, the type of browser, the duration of your visit and the websites accessed are processed. Hubspot leaves open which personal data is also processed. The legal basis for this processing is Article 6 (1) (a) GDPR. Insofar as personal data is transferred to Hubspot’s servers in the USA and stored there and processed further, the Irish Hubspot company has concluded the standard data protection clauses adopted by the EU Commission with the US Hubspot companies, which in individual cases allow the transfer of personal data to the USA.

Further information on data protection at Hubspot can be found at: https://legal.hubspot.com/de/privacy-policy.

16. New Relic

This website uses the New Relic tool from New Relic, Inc., a Delaware corporation with headquarters at 188 Spear Street, Suite 1200, San Francisco, CA 94105. A cookie placed on your device also enables your IP address to be processed. We use New Relic to be able to analyze the use of our website even better. The legal basis for data processing is Art. 6 Par. 1 S. 1 lit. a GDPR. Insofar as personal data is transferred to New Relic’s servers in the USA and stored and processed there, we have concluded the standard data protection clauses adopted by the EU Commission with New Relic, which allow the transmission of personal data to the USA in individual cases. The data processed by you by New Relic can be viewed by us for 12 months.

Further information on data protection can be found at: https://newrelic.com/termsandconditions/privacy.

17. Social media plugins

We do not use any social media plugins on our website. However, forwarding to a social media website is possible. Once you use one of the forwarding to a social media website you will be directed to the respective side directly.

Please accept that we have no control if and which data will be collected from these sides.

Please find below a list of social media website with an active forwarding:

As of: 15 May 2018

Information about your right to object

According to Art. 21 GDPR

1. General right to object

You have the right, for reasons arising from your particular situation, to file an objection at any time to the processing of personal data relating to you, on the basis of Art. 6 (1) letter f GDPR (data processing based on the balancing of interests). If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcement, exercise or defence of legal claims.

2. Right to object against the processing of data for direct marketing purposes

In individual cases we process your personal data in order to perform direct marketing. You have the right at any time to object to the processing of personal data relating to you for the purpose of such marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection must be addressed in writing by email to the following contact person:

GotPhoto

support@gotphoto.co.uk