Scope of application
- Michael Herzog
- mh photography
- Bergstr. 53
- 53343 Wachtberg
Types of processed data
- Inventory data (e.g., names, addresses)
- Contact details (e.g., e-mail, phone numbers)
- Content data (e.g., text input, photographs, videos)
- Usage data (e.g., websites visited, interest in content, access times)
- Meta / communication data (e.g., device information, IP addresses)
Categories of affected persons
Visitors and users of the online offer (in the following we refer to the affected persons as “users”).
Purpose of processing
- Provision of the online offer, its functions and contents
- Answering contact requests and communicating with users
- Safety measures
- Audience measurement / marketing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is considered as identifiable, which can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (eg cookie) or to one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person. “Processing” means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term goes far and includes virtually every handling of data. “Responsible person” means the natural or legal person, public authority, body or body that decides, alone or in concert with others, on the purposes and means of processing personal data.
Relevant legal bases
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.
Collaboration with processors and third parties
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (eg if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or on the basis of our legitimate interests (eg the use of agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called “contract processing contract”, this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. That the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
Rights of the affected person
If personal data belonging to you are processed, you are the affected person in the sense of the GDPR and you have the following rights with respect to the controller:
a) Right of access
You can request confirmation from the controller as to whether personal data concerning you are processed by us.
If this processing does indeed occur, you can request access to the following information from the controller:
(1) The purposes for which the personal data are processed
(2) The categories of personal data processed
(3) The recipients and/or the categories of recipients to whom the personal data concerning you were disclosed or are still disclosed
(4) The planned duration of storage of the personal data concerning you or, if not concrete information on this can be obtained, criteria for setting the storage duration
(5) The existence of a right to correction or deletion of the personal data concerning you, a right to restriction of the processing by the controller or a right to opt out of this processing
(6) The existence of a right to make a compliant to a regulatory authority
(7) All available information about the origin of the data if the personal data were not collected from the person concerned.
You have the right to request information as to whether the personal data concerning you are transmitted to a third country to an international organisation. In this context, you can request information about the appropriate guarantees pursuant to Article 46 of the GDPR in connection with the transmission.
b) Right to correction
You have the right to correction and/or completion with respect to the controller if the processed personal data that concerns you are incorrect or incomplete. The controller must implement the correction without delay.
c) Right to restrict processing
You can request a restriction on the processing of personal data concerning you under the following conditions:
(1) If you contest the accuracy of personal data concerning you for a period of time that enables the controller to verify the accuracy of your personal data
(2) The processing is unlawful and you reject the deletion of the personal data in favour of requesting a restriction on the use thereof
(3) The controller no longer needs the personal data for the purposes of processing but you, however, need them for the purpose of asserting, exercising or defending legal claims or
(4) If you have filed an objection to the processing pursuant to Article 21 (1) of the GDPR and it has not yet been clarified whether the controller’s legitimate reasons outweigh your own reasons.
If the processing of personal data concerning you has been restricted, these data (aside from the storage thereof) may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction on processing was restricted in accordance with the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
d) Right to deletion
- Duty to delete
You can demand that the controller delete the personal data concerning you immediately and the controller is responsible for deleting this data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or processed in another way.
(2) You revoke the consent you previously gave, on which the processing was based pursuant to Article 6 (1a) or Article 9 (2a) of the GDPR and there is no other legal basis for the processing.
(3) You are entering an objection to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate reasons for the processing or you are entering an objection to the processing pursuant to Article 21 (2) of the GDPR.
(4) The personal data concerning you were processed unlawfully.
(5) The deletion of the personal data concerning you is required to fulfil a legal obligation in accordance with European Union law or the law of member states to which the controller is subject.
(6) The personal data concerning you were collected in relation to the provision of information society services pursuant to Article 8 (1) of the GDPR.
- Information to third parties
If the controller has made the personal data concerning you public and is obliged to delete it pursuant to Article 17 (1) of the GDPR, taking into account available technology and implementation costs, it shall take appropriate measures, including technical means, to inform entities responsible for data processing who process the personal data that you, as the affected person, have requested the deletion of all links to these personal data or of copies or replications of these personal data.
There is no right to deletion if the processing is required
(1) to exercise the right to freedom of expression and information
(2) to fulfil a legal obligation in accordance with European Union law or the law of member states to which the controller is subject or to perform a task in the public interest or in the exercise of official authority assigned to the controller
(3) for reasons of public interest in the area of public health pursuant to Article 9 (2h/i), as well as Article 9 (3) of the GDPR
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) of the GDPR, if it is not anticipated that the right mentioned in section a) will make achieving the objectives of this processing impossible or seriously affect it or
(5) for the purpose of asserting, exercising or defending legal claims.
e) Right to information
If you have asserted the right to correction, deletion or restriction of processing with respect to the responsibly entity, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction to its processing unless this proves to be impossible or would involve disproportionate effort.
You have the right to have the controller inform you of these recipients.
f) Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, common and machine-readable format. In addition, you have the rate to transmit these data to another controller without hindrance on the part of the controller to which the personal data were provided, if
(1) the processing is based on consent pursuant to Article 6 (1a) of the GDPR or Article 9 (2a) of the GDPR or a contract pursuant to Article 6 (1b) Of the GDPR and
(2) the data are processed by means of an automated process.
In exercising this right, you also have the right to request the direct transmission of the personal data concerning you from one controller to another controller if this is technically feasible. The freedoms and rights of other people must not be affected by this.
The right to data portability does not apply to the processing of personal data required to perform a task in the public interest or in the exercise of official authority assigned to the controller.
g) Right to object
You have the right, for reasons arising from your particular situation, to file an objection at any time to the processing of the personal data concerning you on the basis of Article 6 (1e) or (1f) of the GDPR; this also applies to profiling based on these provisions.
The responsibly entity does not process the personal data concerning you unless they can provide evidence of compelling, legitimate grounds for the processing, which outweigh your interests, rights and freedoms or the processing serves the purposes of asserting, exercising or defending legal claims.
If the personal data concerning you are processed in order to carry out direct advertising, you have the right to file an objection at any time against the processing of the personal data concerning you for such advertising; this also applies to profiling if it is associated with such direct advertising.
If you object to the processing for purposes of direct advertising, this means that the personal data concerning you will no longer be used for these purposes.
In the context of the use of services of the information society, you are able to exercise your right of objection by means of an automated process in which technical specifications are used.
h) Right to revoke data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The legality of any processing carried out on the grounds of the consent up to the point of the revocation remains unaffected by the revocation.
Cookies and right to object in direct mail
Deletion of data
In addition, we process
- contract data (e.g., contract, term, customer category)
- Payment details (e.g., bank details, payment history)
from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
The hosting services we use are for the purpose of providing the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services we use to operate this online service. Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer acc. Art. 6 para. 1 lit. f GDPR i.V.m. Art. 28 GDPR (conclusion of contract processing contract).
Collection of access data and log files
We, or our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR Data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
Provision of contractual services
We process inventory data (e.g., names and addresses as well as contact information of users), contract data (e.g., services used, names of contacts, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. Art. 6 para. 1 lit b. GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract. As part of the use of our online services, we store the IP address and the time of each user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 lit. c GDPR. We process usage data (e.g., the visited web pages of our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile to inform the user e.g. To display product instructions based on their previously used services. The deletion of the data takes place after expiration of legal warranty and comparable obligations, the necessity of the storage of the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after its expiration. Information in the customer’s account remains until it is deleted.
Users can optionally create a user account. As part of the registration, the required mandatory information will be communicated to the users. The data entered during registration will be used for the purpose of using the offer. Users may be informed by e-mail about offer or registration-related information, such as changes in the scope of the offer or technical circumstances. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention is for commercial or tax law reasons according to Art. 6 para. 1 lit. c GDPR necessary. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract. In the context of the use of our registration and registration functions as well as the use of user accounts, the IP address and the time of the respective user action will be saved. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 lit. c GDPR. The IP addresses will be anonymized or deleted after 7 days at the latest.
When contacting us (for example, by contact form, e-mail, telephone or via social media) the information of the user to process the contact request and its processing in accordance with. Art. 6 para. 1 lit. b) GDPR processed. User information can be stored in a Customer Relationship Management System (“CRM System”) or comparable request organization. We delete the requests, if they are no longer required. We check the necessity every two years; furthermore, the legal archiving obligations apply.
Comments and posts
If users leave comments or other contributions, their IP addresses are based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR stored for 7 days. This is for our own safety, if someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
Facebook Pixels, Custom Audiences and Facebook Conversion
Within our online offer is due to our legitimate interests in analysis, optimization and economic operation of our online offer and for these purposes, the so-called “Facebook pixel” of the social network Facebook, by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 , USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). With the help of the Facebook pixel, it is on the one hand possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook Pixel to display the Facebook Ads we have been sent only to those Facebook users who have shown an interest in our online offer or who have certain features (eg interests in certain topics or products visited by them) Web pages determined), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook pixel we can also understand the effectiveness of the Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”). The processing of the data by Facebook is part of Facebook’s data usage policy. Accordingly, general notes on the presentation of Facebook Ads, in the data usage policy of Facebook: https://www.facebook.com/policy.php. Special information and details about the Facebook pixel and how it works can be found in the Help section of Facebook: https://www.facebook.com/business/help/651294705016616. You may object to the capture by the Facebook Pixel and use of your data to display Facebook Ads. To set which types of ads you see within Facebook, you can go to the page set up by Facebook and follow the instructions on the usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform independent, i. they are adopted for all devices, such as desktop computers or mobile devices. You can also use the Cookies for distance measurement and promotional purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and in addition the US website (http://www.aboutads.info/ choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Online presence in social media
We embed the videos of the Vimeo platform of Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Data protection: https://vimeo.com/privacy.
We embed the videos on the YouTube platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
We include maps from the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Use of Facebook social plugins
Features and content of the Twitter service offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be incorporated into our online offering. For this, e.g. Content such as images, videos, or text and buttons that users use to promote their content, subscribe to content creators, or subscribe to our posts. If the users are members of the platform Twitter, Twitter can call the o.g. Assign contents and functions to the profiles of the users there. Privacy Statement of Twitter: https://twitter.com/de/privacy. Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Datenschutzerklärung: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
Within our online offering, features and content of the Instagram service can be incorporated, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For this, e.g. Content such as images, videos, or text and buttons that users use to promote their content, subscribe to the content creators, or subscribe to our posts. If the users are members of the platform Instagram, Instagram can call the o.g. Assign contents and functions to the profiles of the users there. Privacy Statement of Instagram: http://instagram.com/about/legal/privacy/.
Partially created with Datenschutz-Generator.de by Lawyer Dr. Thomas Schwenke