Information pursuant to Articles 13, 14 and 21 of the EU General Data Protection Regulation (GDPR).
We hereby inform you about our processing of your personal data and the claims and rights to which you are entitled according to data protection regulations. The exact type of data that is processed and how it is used is determined by the services you have requested or that have been arranged with you.
1. Who is responsible for data processing and who can I contact?
The person responsible is:
Fotografen Online Service GmbH
Greifswalder Str. 207
10405 Berlin, Germany
Please feel free to contact our data protection officer: firstname.lastname@example.org
2. What sources and data do we use?
We process the personal data that we receive from you as part of our business relationship. In addition, we process, to the extent necessary for the provision of our services, personal data that we receive from other sources (e.g. our customers as a data processor) in a legally permissible way (e.g. to execute orders, to fulfil contracts or on the basis of a consent granted by you). We are also permitted to process personal data which we may have obtained from publicly available sources (e.g. debtor directories, press, media) in a legally permissible way. Relevant personal data are personal details and contact details (name, address, telephone number and email address). In addition, this may also include order data or data from the fulfilment of our contractual obligations, such as advertising and sales data, documentation data, data on your use of our tele-media offerings, as well as other data comparable with the aforementioned categories.
3. Why do we process your data (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR).
3.1 To fulfil contractual obligations (Art. 6 (1) letter. b GDPR)
The processing of personal data is carried out for the provision of our electronic services and in particular also to carry out our contracts or pre-contractual measures with you. The purposes of data processing are primarily obligations arising from the sales contract in which you enter with us by placing an order in our shop and can include, among other things, reminders of important events. You can find further details about the purpose of data processing in the respective terms and conditions.
3.2 In the context of the balancing of interests (Art. 6 (1) letter f GDPR)
If necessary, we process your data beyond the actual fulfilment of the contract in order to protect our own legitimate interests or those of third parties. For: advertising or market and opinion research, insofar as you have not objected to the use of your data; the enforcement of legal claims and defence in legal disputes; ensuring IT security; prevention and investigation of criminal offences; measures for business management and further development of services and products.
We also process personal data when you contact us through our contact formular. We process any data you include in the formular. These data are needed to process and respond to your inquiry or request. As soon as your inquiry or request has been solved, we delete your data.
3.3 On the basis of your consent (Art. 6 (1) letter a GDPR)
If you have given us consent to the processing of personal data for certain purposes (e.g. contacting you for verification), the legality of such processing is based on your consent. You may revoke your consent at any time with effect for the future. Please note that the revocation only takes effect in the future. Processing carried out before the revocation remains unaffected.
3.4 Pursuant to legal requirements (Art. 6 (1) letter c GDPR) or in the public interest (Art. 6 (1) letter e GDPR)
We also process personal data on the basis of legal requirements. For example, we store invoice data (name, address) on the basis of existing legislation, such as the retention obligations arising from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Tax Code (Abgabenordnung, AO), as our business is located in Germany.
4. Who gets my data?
In the course of using the services of GotPhoto, your data will be received by those who require the data to fulfil our contractual and legal obligations. Our processors (Art. 28 GDPR) may also receive data for these purposes. These are companies in the IT Services, photo labs, social media companies, mail distribution services categories. A data transfer to recipients external to GotPhoto takes place only if legal provisions so permit and you have given your consent or we are authorised to issue such information. Under these conditions, recipients of personal data may be, for example: public bodies and institutions (e.g. supervisory authorities) in the presence of a statutory or official obligation.
- Other data recipients may be those for which you have given us your consent for the transmission of data or have waived your consent.
5. How long will my data be stored?
Where necessary, we process and store your personal data to the extent necessary to comply with our contractual obligations. In addition, we are subject to various retention and documentation obligations. The time limits for storage and documentation can be two to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which are usually three years, but can also be up to thirty years in certain cases.
6. Is data transmitted to a third country or to an international organisation?
Data transmission to third countries (states outside the European Economic Area, EEA) takes place only to the extent necessary to fulfil our contractual requirements towards you, if required by law, or if you have given us your consent. We will inform you separately about the details if doing so is required by law.
7. What data privacy rights do I have?
Each person concerned shall have the right to information according to Art. 15 of the GDPR, the right to rectification under Art. 16 GDPR, the right to deletion in accordance with Art. 17 GDPR, the right to restrict the data processing according to Art. 18 GDPR and the right to data transferability under Art. 20 GDPR. In the right to information and the right to deletion, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR).
8. Is there a duty for me to provide data?
In the context of our business relationship, you must provide only the personal data necessary for the establishment, execution and termination of a business relationship or for which we are legally obliged to collect. Without this data, we will usually have to reject the conclusion of the contract or the execution of the order or will no longer be able to execute an existing contract and may have to terminate. Furthermore, it is necessary for us to request additional data for the provision of paid services, including how to process your desired payment method
When you register to receive our notifications by email and/or SMS, the data you provide will be used exclusively for this purpose. We log your consent to receive the notification, including your IP address. No further data will be collected. The data will only be used for sending notifications and will be passed on to third parties only for the purpose of delivery. You can revoke your consent to the processing of your personal data and their use for sending notifications at any time. In each notification you will find an applicable link for revocation; in addition you can always send an objection by email to email@example.com. Please note that the revocation will only take effect in the future. Processing carried out before the revocation remains unaffected.
10. Third-party functions
What are cookies?
“Cookies” are text files that are stored on your computer that allow an analysis of your use of the website.
What exactly do cookies do?
The information generated by the cookie about your use of this website is usually transferred to a server and stored there. However, due to the activation of IP anonymisation on some websites, your IP address is sometimes shortened in advance within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Depending on the service provider, such an IP address is stored truncated.
What are the transferred data used for?
On behalf of GotPhoto, the third party will use this information to analyse your use of the website, to compile reports on the activities of the website and to provide further services to the website operator related to the use of the website and the Internet.
How do I turn off cookies?
You can prevent the storage of cookies by changing the corresponding setting in your browser software; however, we would point out that in this case you may not be able to use all the functions of this website to their full extent. We also have implemented a function to turn off cookies once you reached our website. Which third-party cookies are used? We use the following third-party cookies on our website:
- Google Analytics (Weitere Informationen unter: https://support.google.com/analytics/answer/6004245?hl=de)
- Google Adwords (Weitere Informationen unter: https://policies.google.com/privacy?hl=de)
- New Relic Inc. (Weitere Informationen unter: https://newrelic.com/termsandconditions/privacy)
- Hubspot (Weitere Informationen unter: https://legal.hubspot.com/de/privacy-policy)
- Wistia (Weitere Informationen unter: https://wistia.com/privacy)
10.2 Social media plugins
We do not use any social media plugins on our website. However, forwarding to a social media website is possible. Once you use one of the forwarding to a social media website you will be directed to the respective side directly. Please accept that we have no control if and which data will be collected from these sides. Please find below a list of social media website with an active forwarding:
- Facebook Inc. (1601 S. California Ave – Palo Alto – CA 94304 – USA) (for more information, see: https://www.facebook.com/policy.php)
- Twitter Inc. (795 Folsom St. – Suite 600-San Francisco – CA 94107 – USA) (for more information, see: https://twitter.com/en/privacy#update)
- Youtube ( for more information, see: https://support.google.com/youtube/answer/2801895?hl=de)
As of: 15 May 2018
10.3 Google webfonts
In order to render our content correctly and ensure it looks graphically appealing across all browsers, we use script and font libraries, such as Google Web Fonts (https://www.google.com/webfonts/). Google Web Fonts prevent multiple loading into the cache of your browser. However, if your browser does not support Google Web Fonts or prohibits its access, content will be displayed in a standard font. The calling of script or font libraries automatically triggers a connection to the operator of the library. It is currently unclear if and for what purposes the operators of such libraries collect data.
Information about your right to object
According to Art. 21 GDPR
1. General right to object
You have the right, for reasons arising from your particular situation, to file an objection at any time to the processing of personal data relating to you, on the basis of Art. 6 (1) letter f GDPR (data processing based on the balancing of interests). If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcement, exercise or defence of legal claims.
2. Right to object against the processing of data for direct marketing purposes
In individual cases we process your personal data in order to perform direct marketing. You have the right at any time to object to the processing of personal data relating to you for the purpose of such marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection must be addressed in writing by email to the following contact person: