top of page

PRIVACY

In the following, we will inform you about the type, scope and purpose of the processing of personal data by our company in accordance with the legal requirements of data protection law (in particular in accordance with BDSG nF and the European General Data Protection Regulation 'DS-GVO'). This data protection declaration also applies to our websites and social media profiles. With regard to the definition of terms such as "personal data" or "processing", we refer to Art. 4 GDPR.

Name and contact details of the person responsible

Our responsible person (hereinafter “responsible person”) within the meaning of Art. 4 no. 7 GDPR is:

Michael Mach
Albin-Hänseroth-Weg 10
50859 Cologne
Managing director: Michael Mach Email address: info@machfoto.de

Types of data, purposes of processing and categories of data subjects

In the following we will inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. Types of data we process

Usage data (access times, websites visited, etc.), inventory data (name, address, etc.), contact data (telephone number, email, fax, etc.), contract data (subject of the contract, duration, etc.), content data (text input, videos, photos etc.), communication data (IP address etc.),

2. Purposes of processing according to Art. 13 Para. 1 c) GDPR

Processing of contracts, optimizing the website technically and economically, enabling easy access to the website, fulfilling contractual obligations, establishing contact in the event of legal complaints by third parties, fulfilling statutory retention requirements, optimizing and statistical analysis of our services, supporting commercial use of the website, improving user experience, designing the website in a user-friendly manner , Marketing / sales / advertising, creation of statistics, avoidance of SPAM and abuse, customer service and customer care, handling contact requests, providing websites with functions and content, security measures, uninterrupted, secure operation of our website,

3. Categories of data subjects according to Art. 13 Para. 1 e) GDPR

Visitors / users of the website, customers, suppliers, interested parties, employees of customers or suppliers,

The data subjects are collectively referred to as "users".

Legal basis for processing personal data

In the following we will inform you about the legal basis for the processing of personal data:

1. If we have obtained your consent for the processing of personal data, Article 6 Paragraph 1 Sentence 1 Letter a) GDPR is the legal basis.

2. If processing is necessary to fulfill a contract or to carry out pre-contractual measures that are carried out at your request, the legal basis is Article 6 (1) sentence 1 lit. b) GDPR.

  1. If processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory retention requirements), the legal basis is Article 6 Paragraph 1 Sentence 1 Letter c) GDPR.

  2. If processing is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Art. 6 Para. 1 S. 1 lit.d) GDPR.

  3. If processing is necessary to safeguard our interests or the legitimate interests of a third party and if your interests or fundamental rights and freedoms do not outweigh your interests, Article 6 (1) sentence 1 lit.f) GDPR is the legal basis.

Transfer of personal data to third parties and processors

As a matter of principle, we will not pass on any data to third parties without your consent. If this is the case, then the transfer takes place on the basis of the aforementioned legal bases, e.g. when transferring data to online payment providers to fulfill a contract or due to a court order or due to a legal obligation to release the data for the purpose of criminal prosecution, to avert danger or to enforce intellectual property rights.

We also use contract processors (external service providers, e.g. for web hosting our websites and databases) to process your data. If data is passed on to the processors as part of an agreement for order processing, this always takes place in accordance with Art. 28 GDPR. We carefully select our processors, check them regularly and have given us the right to issue instructions with regard to the data. In addition, the processors must have taken suitable technical and organizational measures and comply with the data protection regulations according to BDSG nF and DS-GVO

Data transfer to third countries

The adoption of the European General Data Protection Regulation (GDPR) created a uniform basis for data protection in Europe. Your data will therefore mainly be processed by companies for which the GDPR applies. Should the processing by third party services take place outside the European Union or the European Economic Area, these must meet the special requirements of Art. 44 ff. GDPR. This means that processing takes place on the basis of special guarantees, such as the establishment of a data protection level that is officially recognized by the EU Commission or compliance with officially recognized special contractual obligations, the so-called “standard contractual clauses”.

Insofar as we obtain your express consent to data transmission to the USA due to the ineffectiveness of the so-called "Privacy Shield" according to Art. 49 Paragraph 1 Sentence 1 lit. by US authorities and the use of the data for monitoring purposes, possibly without legal remedies for EU citizens.

Deletion of data and storage duration

Unless expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as you revoke your consent to processing or the purpose for storage no longer applies or the data is no longer required for the purpose, unless it is further Storage is required for evidence purposes or there are statutory retention requirements. This includes, for example, commercial law retention obligations for business letters in accordance with Section 257 (1) HGB (6 years) and tax retention obligations in accordance with Section 147 (1) AO of documents (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion or fulfillment of a contract.

Existence of automated decision-making

We do not use automatic decision-making or profiling.

Provision of our website and creation of log files

  1. If you only use our website for information purposes (i.e. no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data:

    • IP address;
    • Internet service provider of the user;
    • the date and time of the request;
    • browser type;
    • language and browser version;
    • content of the call;
    • time zone;
    • Access status / HTTP status code;
    • amount of data;
    • Websites from which the request came;
    • Operating system.
    A storage of this data together with other personal data does not take place.

  2. These data serve the purpose of user-friendly, functional and secure delivery of our website to you with functions and content as well as their optimization and statistical evaluation.

  3. The legal basis for this is our legitimate interest in data processing in accordance with Article 6, Paragraph 1, Sentence 1, Letter f) of the GDPR, which is also part of the above-mentioned purposes.

  4. For security reasons, we store this data in server log files for a storage period of 70 days. After this period has expired, these are automatically deleted, unless we need to keep them for evidence purposes in the event of attacks on the server infrastructure or other legal violations.

Cookies

1. We use so-called cookies when you visit our website. Cookies are small text files that your internet browser stores and saves on your computer. When you visit our website again, these cookies provide information in order to automatically recognize you. Cookies also include the so-called “user IDs”, where user information is stored using pseudonymised profiles. When you visit our website, we will inform you about the use of cookies for the aforementioned purposes and how you can object to them or prevent their storage (“opt-out”) by means of a reference to our data protection declaration.

A distinction is made between the following types of cookies:

• Necessary, essential cookies: Essential cookies are cookies that are absolutely necessary for the operation of the website in order to save certain functions of the website such as logins, shopping cart or user input, e.g. regarding the language of the website.

• Session cookies: Session cookies are required to recognize multiple uses of an offer by the same user (e.g. if you have logged in to determine your login status). When you visit our site again, these cookies provide information in order to automatically recognize you. The information obtained in this way is used to optimize our offers and to give you easier access to our site. When you close the browser or log out, the session cookies are deleted.

• Persistent cookies: These cookies are saved even after the browser is closed. They are used to store the login, to measure the range and for marketing purposes. These are automatically deleted after a specified period, which differs depending on the cookie

can. You can delete cookies at any time in the security settings of your browser.

• Cookies from third-party providers (third-party cookies, in particular from advertisers): You can configure your browser settings according to your wishes. B. Reject the acceptance of third-party cookies or all cookies. However, we would like to point out at this point that you may then not be able to use all the functions of this website. Read more about these cookies in the respective data protection declarations for the third party providers.

  1. Data categories: user data, cookies, user ID (in particular the pages visited, device information, access times and IP addresses).

  2. Purpose of processing: The information obtained in this way is used to optimize our web offers technically and economically and to enable you to access our website more easily and securely.

  3. Legal basis: If we process your personal data with the help of cookies on the basis of your consent (“opt-in”), then Article 6 (1) sentence 1 lit. a) GDPR is the legal basis. Otherwise, we have a legitimate interest in the effective functionality, improvement and economic operation of the website, so that the legal basis in this case is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. The legal basis is also Article 6, Paragraph 1, Sentence 1, Letter b) GDPR, if the cookies are used to initiate contracts, e.g. for orders.

  4. Storage period / deletion: The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

    Otherwise, cookies are stored on your computer and transmitted to our site from there. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

    Here you can find information on how to delete cookies by browser:

    Chrome: https://support.google.com/chrome/answer/95647

    Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac

    Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen

    Internet Explorer:

    https://support.microsoft.com/de-at/help/17442/windows-internet-explorer-delete-manage-cookies Microsoft Edge: https://support.microsoft.com/de-at/help/4027947/ windows-delete-cookies

  5. Objection and "opt-out": You can generally prevent cookies from being saved on your hard drive, regardless of your consent or legal permission, by selecting "do not accept cookies" in your browser settings. However, this can limit the functionality of our offers. You can opt out of the use of third-party cookies for advertising purposes via this American
    Website (https://optout.aboutads.info) or this European
    Website (http://www.youronlinechoices.com/de/praferenzmanagement/).

Cookie Consent Solutions

Usercentrics Consent Management Platform

  1. We have integrated the Usercentrics Consent Management Platform (service provider: Usercentrics GmbH, Rosental 4, 80331 Munich) as a consent management service on our website.

  2. Data categories and description of data processing: Cookies, date and time of the visit, device information, browser information, anonymized IP address, opt-in and opt-out data. Through this service we can obtain your consent to the storage of cookies and also document them. In addition, a cookie is stored in your browser in order to be able to assign your consent or its revocation. You will find further information in the data protection declaration of the data processor Usercentrics below: https://usercentrics.com/privacy-policy/

  3. Purposes of data processing: compliance with legal obligations, consent storage.

  4. Legal basis: The legal basis for the processing of personal data is our legitimate interest in the above purposes according to Art. 6 Para. 1 S. 1 lit.f) GDPR as well as the fulfillment of legal obligations according to Art. 6 Para. 1 S. 1 lit. c) GDPR.

  5. Storage period: Storage of the data until you delete the CMP cookie in your browser yourself or the purpose for data storage no longer applies. The revocation receipt of a previously given consent will be kept for a period of three years. The storage is based on the one hand in our accountability in accordance with Art. 5 Para. 2 GDPR. This obliges to comply with the processing of personal data in accordance with the General Data Protection Regulation. On the other hand, storage is within the regular statute of limitations according to § 195 BGB of three years. This limitation period begins at the end of the year in which the claim arose (Section 199 BGB). As a result, the three-year limitation period begins at the end of December 31. and ends three years later on December 31, midnight.

  6. Data transmission / recipient category: CMP provider. We have therefore concluded an order processing contract in accordance with Art. 28 GDPR with the data processor.

Borlabs Cookie

  1. We have integrated the Borlabs Cookie Consent Plugin for Wordpress (service provider: Borlabs - Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg) as a consent management service on our website.

  2. Data categories and description of data processing: Cookies, date and time of the visit, device information, browser information, anonymized IP address, opt-in and opt-out data. Through this service we can obtain your consent to the storage of cookies and also document them. In addition, a cookie is stored in your browser in order to be able to assign your consent or its revocation. You can find more information below in Borlabs' data protection declaration here: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

  3. Purposes of data processing: compliance with legal obligations, consent storage.

4. Legal basis: The legal basis for processing personal data is

our legitimate interest in the above purposes according to Art. 6 Para. 1 S. 1 lit.f) GDPR as well as the fulfillment of legal obligations according to Art. 6 Abs. 1 S. 1 lit. c) GDPR.

  1. Storage period: Storage of the data until you delete the Borlabs cookie in your browser yourself or the purpose for data storage no longer applies. The revocation receipt of a previously given consent will be kept for a period of three years. The storage is based on our accountability in accordance with Art. 5 Para. 2 GDPR and the regular statute of limitations.

  2. Data transfer / recipient category: the data will not be passed on to Borlabs.

Consent Manager Provider

  1. We have integrated the Consent Manager Provider (CMP) (service provider: Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de) as a consent management service on our website.

  2. Data categories and description of data processing: Cookies, date and time of the visit, device information, browser information, anonymized IP address, opt-in and opt-out data. Through this service we can obtain your consent to the storage of cookies and also document them. In addition, a cookie is stored in your browser in order to be able to assign your consent or its revocation. You can find further information below in the data protection declaration of the data processor CMP: https://www.consentmanager.de/privacy.php.

  3. Purposes of data processing: compliance with legal obligations, consent storage.

  4. Legal basis: The legal basis for the processing of personal data is our legitimate interest in the above purposes according to Art. 6 Para. 1 S. 1 lit.f) GDPR as well as the fulfillment of legal obligations according to Art. 6 Para. 1 S. 1 lit. c) GDPR.

  5. Storage period: Storage of the data until you delete the CMP cookie in your browser yourself or the purpose for data storage no longer applies. The revocation receipt of a previously given consent will be kept for a period of three years. The storage is based on the one hand in our accountability in accordance with Art. 5 Para. 2 GDPR.

  6. Data transmission / recipient category: CMP provider in Europe. We have therefore concluded an order processing contract in accordance with Art. 28 GDPR with the data processor.

Processing of contracts

1. We process inventory data (e.g. company, title / academic degree, names and addresses as well as contact details of users, email), contract data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) for the purpose of fulfilling our contractual obligations (knowledge of who is a contractual partner; justification, content design and processing of the contract; checking for plausibility of the data) and services (e.g. contacting customer service) in accordance with Art. 6 Para. 1 S. 1 lit b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

  1. A transfer of this data to third parties does not take place, unless it is necessary to pursue our claims (e.g. handing over to a lawyer for collection) or to fulfill the contract (e.g. handing over the data to payment providers) or there is a legal obligation to do so in accordance with Art . 6 para. 1 sentence 1 lit. c) GDPR.

  2. We can also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.

  3. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the inventory and contract data when the data is no longer required for the execution of the contract and claims can no longer be asserted from the contract because they are statute-barred (warranty: two years / standard limitation: three years ). Due to commercial and tax law requirements, we are obliged to save your address, payment and order data for a period of ten years. However, if the contract is terminated after three years, we will restrict processing, ie your data will only be used to comply with legal obligations. Information in the user account remains until it is deleted.

Contact via contact form / email / fax / post

  1. When you contact us via the contact form, fax, post or email, your details will be processed for the purpose of handling the contact request.

  2. If you have given your consent, the legal basis for the processing of the data is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. The legal basis for the processing of the data that is transmitted in the course of a contact request or email, letter or fax is Art. 6 Para. 1 S. 1 lit.f) GDPR. The person responsible has a legitimate interest in the processing and storage of the data in order to be able to answer user inquiries, to preserve evidence for reasons of liability and, if necessary, to be able to meet his statutory retention requirements for business letters. If the contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 S. 1 lit. b) GDPR.

  3. We can save your details and contact requests in our customer relationship management system ("CRM system") or a comparable system.

  4. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. We store inquiries from users who have an account or contract with us for up to two years after the end of the contract. In the case of statutory archiving obligations, the deletion takes place after their expiry: End of commercial law (6 years) and tax law (10 years) retention obligation.

  5. You have the option at any time to revoke your consent to the processing of personal data in accordance with Art. 6 Para. 1 S. 1 lit. If you contact us by email, you can object to the storage of personal data at any time.

Newsletter

  1. You can subscribe to our newsletter with your voluntary consent by entering your email address. Only this is a duty. The provision of further data is voluntary and only serves the purpose of personal contact. We use the so-called "double opt-in procedure" for registration. After you have registered with your e-mail, you will receive an e-mail from us with a link to confirm your registration. If you click this confirmation link, your e-mail will be added to the newsletter distribution list and saved for the purpose of sending e-mails. If you do not click on the confirmation link within 24 hours, your login data will be blocked and automatically deleted after 30 days.

  2. We also log the IP address you used when you registered, as well as the date and time of the double opt-in (registration and confirmation). The purpose of this storage is the fulfillment of legal requirements with regard to the proof of your registration as well as the prevention of misuse with regard to your e-mail.

  3. As part of your declaration of consent, the contents (e.g. advertised products / services, offers, advertising and topics) of the newsletter are specifically described.

  4. When sending the newsletter, we evaluate your user behavior. The newsletters contain so-called "web beacons" or "tracking pixels" that are called up when the newsletter is opened. For the evaluations, we link the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. The data is only collected in pseudonymized form, i.e. the IDs are not linked to your other personal data, and direct personal reference is excluded. With this data we can determine whether and when you have opened the newsletter and which links have been clicked in the newsletter. This serves the purpose of optimizing and statistical analysis of our newsletter.

  5. The legal basis for sending the newsletter, measuring success and saving the e-mail is your consent in accordance with Art. 6 Paragraph 1 Clause 1 lit. a) GDPR in conjunction with Section 7 Paragraph 2 No. 3 UWG and for logging your consent Art. 6 Para. 1 S. 1 lit.f) GDPR, as this serves our legitimate interest in providing legal evidence.

  6. You can object to tracking at any time by clicking the unsubscribe link at the end of the newsletter. In this case, however, the receipt of the newsletter would also end. Tracking is also not possible if you deactivate the display of images in your e-mail software. However, this may have restrictions with regard to the functions of the newsletter and the images contained are then not displayed.

  7. You can revoke your consent to the sending of the newsletter at any time. You can exercise your revocation by clicking the unsubscribe link at the end of the newsletter, sending an email or sending a message to our contact details above. We save your data as long as you have subscribed to the newsletter. After you have unsubscribed, your data will only be saved anonymously for statistical purposes.

Google ReCAPTCHA

1. We have the anti-spam function "reCAPTCHA" from "Google" (provider:

Google Ireland Limited, Register No .: 368047, Gordon House, Barrow Street, Dublin 4, Ireland).

  1. Data category and description of data processing: usage data (e.g. website accessed, IP). By using "reCAPTCHA" in our forms, we can determine whether the entry was made by a machine (robot) or a human. When using the service, your IP address and any other data required for this can be transmitted to Google servers in the USA.

  2. Purpose of processing: Avoidance of spam and abuse as well as our economic interest in optimizing our website.

  3. Legal basis: If you have given your consent to the processing of your personal data by the third party provider using “reCaptcha” (“opt-in”), then Article 6 (1) sentence 1 lit. a) GDPR is the legal basis. The legal basis is also our legitimate interest in data processing in accordance with Article 6, Paragraph 1, Sentence 1, Letter f) of the GDPR.

  4. Data transfer / recipient category: Third party providers in the USA.

  5. Storage period: until the cookies are deleted by you as the user.

  6. You can find more information about Google ReCAPTCHA at https://www.google.com/recaptcha/ and in Google's privacy policy at: https://policies.google.com/privacy.

Presence on social media

  1. We maintain profiles and fan pages in social media. When you use and call up our profile in the respective network, the respective data protection information and terms of use of the respective network apply.

  2. Data categories and description of data processing: usage data, contact data, content data, inventory data. Furthermore, the data of users within social networks are usually processed for market research and advertising purposes. For example, usage profiles can be created on the basis of user behavior and the interests of the users resulting therefrom. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks. In the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.

  3. Purpose of processing: communication with users connected and registered on social networks; Information and advertising for our products, offers and services; External representation and image cultivation; Evaluation and analysis of the users and content of our presence in social media.

  1. Legal basis: The legal basis for the processing of personal data is our legitimate interest in the above purposes in accordance with Art. 6 Para. 1 S. 1 lit.f) GDPR. If you have given us or the person responsible for the social network your consent to the processing of your personal data, the legal basis is Art. 6 Para. 1 S. 1 lit. a) in conjunction with Art. 7 GDPR.

  2. Data transmission / recipient category: social network.

  3. The data protection notices, information options and options for objection (opt-out) of the respective networks / service providers can be found here:

    • Facebook service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland); Website: www.facebook.com; Data protection declaration: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com; Objection: https://www.facebook.com/help/contact/2061665240770586; Agreement on joint processing of personal data on Facebook pages (Art. 26 GDPR): https://www.facebook.com/legal/terms/page_controller_addendum, data protection information for Facebook pages: https://www.facebook.com / legal / terms / information_about_page_insights_data.

    • Instagram - service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) - data protection declaration / opt-out: https://help.instagram.com/519522125107875, objection: https: // help .instagram.com / contact / 186020218683230; Agreement on joint processing of personal data on Instagram pages (Art. 26 GDPR): https://www.facebook.com/legal/terms/page_controller_addendum.

    • Twitter - service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - data protection declaration: https://twitter.com/de/privacy, opt-out: https://twitter.com / personalization.

Social media plug-ins

  1. We use social media plug-ins from social networks on our website. We use the so-called "two-click solution" Shariff from c't or heise.de: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz -2467514.html; Service provider: Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hanover, Germany; Data protection declaration: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html.

  2. Data category and description of data processing: usage data, content data, inventory data. When you visit our website, “Shariff” does not transmit any personal data to the third-party providers of the social plug-ins. Next to the logo or the brand of the social network you will find a controller with which you can activate the plug-in with a click. This activation represents your consent in the form that the respective provider of the social network receives the information that you have accessed our website and that your personal data is transmitted to the provider of the plug-in and stored there. These are so-called third-party cookies. With some providers such as Facebook and XING, according to their information, your IP will be anonymized immediately after collection. The plug-in provider saves the data collected about the user as a usage profile. You can revoke your consent at any time by deactivating the controller.

  3. Purpose of data processing: improving and optimizing our website; Increasing our awareness through social networks; Ability to interact with you and the user

with each other via social networks; Advertising, analysis and / or needs-based design of the website.

  1. Legal basis: The legal basis for the processing of personal data is our legitimate interest in the above purposes in accordance with Art. 6 Para. 1 S. 1 lit.f) GDPR. If you have given us or the person responsible for the social network your consent to the processing of your personal data, the legal basis is Art. 6 Para. 1 S. 1 lit. a) in conjunction with Art. 7 GDPR. For pre-contractual inquiries or when using your personal data to fulfill a contract, Art. 6 Para. 1 S. 1 lit. b) GDPR is the legal basis.

  2. Data transmission / recipient category: social network.

  3. Social networks used and objection: We refer you to the respective data protection declarations of the social networks with regard to the purpose and scope of data collection and processing. There you will also find information about your rights and setting options for protecting your personal data. You have the right to object to the creation of these user profiles, whereby you can contact the respective plug-in provider directly to exercise these rights.

Facebook

  1. We have plug-ins from the social network Facebook.com (company headquarters in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) on our website as part of the so-called "two-click solution" You can recognize this by the Facebook logo “f” or the addition “Like”, “Like” or “Share”.

  2. As soon as you willingly activate the Facebook plug-in, a connection will be established from your browser to the Facebook servers. Facebook receives the information, including your IP, that you have accessed our website and transmits this information to Facebook servers in the USA, where this information is stored. If you are logged into your Facebook account, Facebook can assign this information to your account. When you use the functions of the plug-in, e.g. pressing the “Like” button, this information is also transferred from your browser to the Facebook server in the USA and stored there and displayed in your Facebook profile and, if applicable, with your friends .

  3. The purpose and scope of the data collection as well as its further processing and use of the data by Facebook as well as your related rights and setting options to protect your privacy can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/. Data collection with the "Like" button: https://www.facebook.com/help/186325668085084. You can manage and contradict your settings regarding the use of your profile data for advertising purposes on Facebook here: https://www.facebook.com/ads/preferences/.

  4. If you log out of Facebook before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your profile on Facebook when the plug-in is activated.

  5. Agreement on joint processing of personal data on Facebook pages (Art. 26 GDPR): https://www.facebook.com/legal/terms/page_controller_addendum, data protection information for Facebook pages: https://www.facebook.com / legal / terms / information_about_page_insights_data.

Twitter

  1. We have integrated plug-ins from the social network Twitter.com (Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA) on our website as part of the so-called “two-click solution” from Shariff . You can recognize these plug-ins by the Twitter logo with a white bird on a blue background. You can find an overview of Twitter buttons and tweets at: https://developer.twitter.com/en/docs/twitter-for-websites/overview.

  2. If you are logged into your Twitter account while deliberately activating the Twitter plug-ins, Twitter can assign the call to our website to your Twitter profile.

  3. If you want to exclude data transmission to Twitter when activating the plug-in, log out of Twitter before visiting our website and delete your cookies.

  4. The purpose and scope of the data collection as well as its further processing and use of the data by Twitter as well as your related rights and setting options to protect your privacy can be found in Twitter's data protection information: https://twitter.com/de/privacy. Objection (opt-out): https://twitter.com/personalization.

Instagram

  1. We have integrated plug-ins from the social network Instagram (service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) on our website as part of the so-called "two-click solution" from Shariff. You can recognize this by the Instagram logo in the form of a square camera.

  2. If you willingly activate the plug-in, a connection will be established from your browser to the Instagram servers. In doing so, Instagram receives the information, including your IP address, that you have visited our site and transmits the information to Instagram's servers in the USA, where this information is stored. If you are logged into your Instagram account, Instagram can assign this information to your account and you can click the Instagram button and thus share and save the content of our pages on your Instagram account and, if necessary, display it to your friends there. We have no knowledge of the exact content of the transmitted data, their use and storage duration by Instagram.

  3. If you log out of Instagram before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your profile on Instagram when the plug-in is activated.

  4. You can find more information in Instagram's privacy policy / opt-out at / opt-out: https://help.instagram.com/519522125107875, objection: https://help.instagram.com/contact/186020218683230; Agreement on joint processing of personal data on Instagram pages (Art. 26 GDPR): https://www.facebook.com/legal/terms/page_controller_addendum.

Rights of the data subject

1. Objection or revocation against the processing of your data

Insofar as the processing is based on your consent in accordance with Art. 6 Paragraph 1 Clause 1 lit. a), Art. 7 GDPR, you have the right to withdraw your consent at any time. This does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

If we base the processing of your personal data on the balancing of interests in accordance with Art. 6 Paragraph 1 Sentence 1 Letter f) GDPR, you can object to the processing. This is the case, in particular, if the processing is not necessary to fulfill a contract with you, which we describe in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue processing.

You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right of objection free of charge. You can inform us about your objection to advertising using the following contact details:

MachPhoto
Albin-Hänseroth-Weg 10
50859
Managing Director Michael Mach Email address: info@machfoto.de

2. Right to information
You have the right to request confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to information about your personal data stored by us in accordance with Art. 15 GDPR. This includes, in particular, information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it was collected directly from you.

3. Right to rectification
You have the right to correct incorrect data or to complete correct data in accordance with Art. 16 GDPR.

4. Right to cancellation
You have the right to have your data stored by us deleted in accordance with Art. 17 GDPR, unless this is contrary to statutory or contractual retention periods or other statutory obligations or rights to further storage.

5. Right to Restriction
You have the right to request a restriction on the processing of your personal data if one of the requirements in Art. 18 Para. 1 lit. a) to d) GDPR is met:
• If you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to check the accuracy of the personal data;

• the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

• the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

• if you have objected to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

6. Right to data portability
You have a right to data portability in accordance with Art. 20 GDPR, which means that you can receive the personal data we have stored about you in a structured, common and machine-readable format or you can request that it be transmitted to another person responsible.

7. Right to Complain
You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority in particular in the member state of your place of residence, your place of work or the place of the alleged violation.

Data security

In order to protect all personal data that is transmitted to us and to ensure that we and our external service providers comply with data protection regulations, we have taken suitable technical and organizational security measures. Therefore, among other things, all data between your browser and our server is encrypted via a secure SSL connection.

As of: 09/26/2020

Source: Sample data protection declaration from www.juraforum.de

bottom of page