PRIVACY POLICY

Introduction

We ("we", "us", "our") take the privacy of users ("user" or "you") of our website and/or mobile app (the " website" or the "mobile app") very seriously and are committed to protecting the information that users provide to us in connection with the use of our website and/or mobile app (together: "digital assets"). We are also committed to protecting and using your information in accordance with applicable law.

This privacy policy explains our practices regarding the collection, use and disclosure of your information using our digital assets (the " services") when you access the services through your devices.

Please read the privacy policy carefully and make sure you fully understand our practices regarding your data before using our services. If you have read and fully understand this policy and do not agree with our practices, you must stop using our digital assets and services. By using our services, you agree to the terms of this privacy policy. Your continued use of the services constitutes your acceptance of this privacy policy and any changes to it.

In this privacy policy you will learn

Who is responsible for data collection on this website?
Hosting WIX
What data we collect
How we collect data
Cookies
Server log files
Contact form
Request by e-mail or phone
Why we collect this data
Who we share the data with
Where the data is stored
How long the data is stored
How we protect the data
Updates or changes to the privacy policy
Information the responsible body (contact)

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator's contact details in the section "Information on the responsible body" in this privacy policy.

Hosting WIX

We host our website with Wix.com Ltd, 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter "WIX").

WIX is a tool for creating and hosting websites. When you visit our website, WIX is used to analyze user behavior, visitor sources, the region of website visitors and visitor numbers (see below). WIX stores cookies on your browser that are required to display the website and to ensure security (essential cookies).

The data is stored on WIX servers in Israel. Israel is considered a secure third country under data protection law. This means that Israel has a level of data protection that corresponds to the level of data protection in the European Union.

Details can be found in the WIX privacy policy: https://www.wix.com/about/privacy.

The use of WIX is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The

consent can be revoked at any time.

What data do we collect?

Below is an overview of the data we may collect:

Non-identified and non-identifiable information that you provide during the registration process or that is collected using our services ("non-personal data"). Non-personal information does not allow us to identify who it was collected from. Non-personal information that we collect consists primarily of technical and aggregated usage information.
Individually identifiable information, i.e. any information by which you can be identified or could reasonably be identified ("personal data"). Personal data that we collect through our services may include information that is requested from time to time, such as names, e-mail addresses, addresses, phone numbers, IP addresses and more. If we combine personal data with non-personal data, we will treat it as personal data for as long as it is combined.

How do we collect data?

On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

The most important methods we use to collect data are listed below:

We collect data when you use our services. Thus, when you visit our digital assets and use services, we may collect, record and store usage, sessions and related information.
We collect data that you provide to us yourself, for example when you contact us directly via a communication channel (e.g. an e-mail with a comment or feedback).
We may collect data from third party sources as described below.
We collect data that you provide to us when you log in to our services via a third-party provider such as Facebook or Google.

Our website uses so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (essential cookies) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of essential cookies for the technically correct and optimized provision of its services. If the user's agreement to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively based on this agreement (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the agreement can be revoked at any time.

You can configure your browser to notify you when cookies are set and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general and to activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Server log files

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources.

This data is collected based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically accurate presentation and optimization of its website - the server log files must be recorded for this purpose.

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed in accordance with Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Enquiry by e-mail or telephone

If you contact us by e-mail or telephone, we will store and process your enquiry, including all resulting personal data (name, enquiry), for the purpose of processing your request. We will not pass on this data without your consent.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Why do we collect this data?

We may use your data for the following purposes:

to provide and operate our services;
to develop, customize and improve our services;
to respond to your feedback, queries and requests and to provide assistance
to analyze request and usage patterns;
for other internal, statistical and research purposes;
to improve our data security and fraud prevention capabilities
to investigate violations and enforce our terms and policies and to comply with applicable law, regulation or governmental request;
to provide you with updates, news, promotional materials and other information related to our services. For promotional e-mails, you can decide for yourself whether you wish to continue receiving them. If not, simply click on the unsubscribe link in these emails.

Who do we share this data with?

We may share your data with our service providers in order to operate our services (e.g. storage of data via third party hosting services, provision of technical support, etc.).

We may also disclose your information in the following circumstances: (i) to investigate, detect, prevent or take action regarding illegal activities or other misconduct; (ii) to establish or exercise our rights of defence; (iii) to protect our rights, property or personal safety, or the safety of our users or the public; (iv) in the event of a change of control of us or any of our affiliates (by way of merger, acquisition or purchase of (substantially) all of our assets, etc.); (v) to collect, hold and/or manage your information using authorised third party service providers (e.g. cloud service providers) as appropriate for business purposes; (vi) to work with third parties to improve your user experience. For the avoidance of any misunderstanding, please note that we may transfer, disclose or otherwise use non-personal data to third parties at our discretion.

Cookies and similar technologies

When you visit or access our services, we authorise third parties to use web beacons, cookies, pixel tags, scripts and other technologies and analytics services ("tracking technologies"). These tracking technologies may enable third parties to automatically collect your data in order to improve the browsing experience on our digital assets, optimise their performance and ensure a customised user experience, as well as for security and fraud prevention purposes.

Advertising services

We will not pass on your e-mail address or other personal data to advertising companies or advertising networks without your consent.

Where do we store the data?

Non-personal data

Please note that our companies and our trusted partners and service providers are located around the world. For the purposes set out in this privacy policy, we store and process all non-personal data that we collect in different jurisdictions.

Personal Data

Personal data may be maintained, processed and stored in the United States, Ireland, South Korea, Taiwan, Israel and, to the extent necessary for the proper provision of our services and/or required by law (as further explained above and below), in other jurisdictions.

How long will the data be retained?

Please note that we will retain the data we collect for as long as necessary to provide our services, to comply with our legal and contractual obligations to you, to resolve disputes and to enforce our agreements.

We may correct, amend or delete inaccurate or incomplete data at any time at our discretion.

How do we protect the data?

The hosting service for our digital assets provides us with the online platform through which we can offer you our services. Your data can be stored via our hosting provider's data storage, databases and general applications. They store your data on secure servers behind a firewall and provide secure HTTPS access to most areas of their services.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

All payment options offered by us and our hosting provider for our digital assets comply with the PCI-DSS (Payment Card Industry Data Security Standard) regulations of the PCI Security Standards Council. This is a collaboration between brands such as Visa, MasterCard, American Express and Discover. PCI-DSS requirements help to ensure the secure handling of credit card data (including physical, electronic and procedural measures) by our shop and service providers.

We also offer the option of processing the payment transaction via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, we pass on the following data to PayPal to the extent necessary for the fulfilment of the contract (Art. 6 para. 1 lit. b. GDPR): First name, surname, address, e-mail address, telephone number. The processing of the data specified in this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via PayPal. You have the option of choosing a different payment method. PayPal carries out a credit check for various services such as payment by direct debit to ensure your willingness and ability to pay. This corresponds to PayPal's legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the fulfilment of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). Your data (name, address and date of birth, bank account details) will be passed on to credit agencies for this purpose. We have no influence on this process and only receive the result of whether the payment has been made or rejected or whether a review is pending. Further information on how to object to and remove PayPal can be found at: https://www.paypal.com/us/legalhub/privacy-full. Your data will be stored until the payment has been processed. This also includes the period required for processing refunds, claims management and fraud prevention.

Notwithstanding the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee absolute protection and security of the data that you upload, publish or otherwise disclose to us or others.

For this reason, we ask you to set secure passwords and, where possible, not to provide us or others with confidential information that you feel could cause you significant or lasting harm if disclosed. As e-mail and instant messaging are not considered secure forms of communication, we also ask you not to disclose any confidential information via either of these communication channels.

We will only use your personal data for the purposes set out in the privacy policy and only if we are convinced that:

the use of your personal data is necessary to fulfil or conclude a contract (e.g. to provide you with the services themselves or customer service or technical support);
the use of your personal data is necessary to comply with relevant legal or regulatory obligations; or
the use of your personal data is necessary to support our legitimate business interests (provided that this is done at all times in a way that is proportionate and respects your data protection rights).

As an EU resident you can:

request confirmation as to whether or not personal data concerning you is being processed and request access to your stored personal data and certain additional information;
request to receive the personal data you have provided to us in a structured, commonly used and machine-readable format
request the rectification of your personal data stored by us
request the erasure of your personal data;
object to the processing of your personal data by us;
request the restriction of the processing of your personal data, or
lodge a complaint with a supervisory authority.

However, please note that these rights are not without limitations and may be subject to our own legitimate interests and regulatory requirements. If you have any general questions about the personal data we collect and how we use it, please contact us as set out below.

In the course of providing the services, we may transfer data across borders to affiliated companies or other third parties and from your country/jurisdiction to other countries/jurisdictions worldwide. By using the services, you consent to the transfer of your data outside the EEA.

If you are based in the EEA, your personal data will only be transferred to locations outside the EEA where we are satisfied that an adequate or equivalent level of protection of personal data exists. We will take appropriate steps to ensure that we have appropriate contractual arrangements with our third parties to ensure that appropriate safeguards are in place so that the risk of unlawful use, alteration, deletion, loss or theft of your personal data is minimised and that such third parties act at all times in accordance with applicable laws.

Rights under the California Consumer Privacy Act

If you use the services as a California resident, you may be entitled to request access to and deletion of your information under the California Consumer Privacy Act ("CCPA").

To exercise your right to access and delete your data, please read below how to contact us.

We do not sell users' personal data for the purposes of the CCPA.

Updates or changes to the privacy policy

We may revise this privacy policy from time to time at our own discretion, the version published on the website is always up-to-date (see "status"). We ask you to check this privacy policy regularly for changes. In the event of significant changes, we will publish a notice on our website. If you continue to use the services after being notified of changes on our website, this will be deemed to be your confirmation and consent to the changes to the privacy policy and your agreement to be bound by the terms of these changes.

Note on the responsible body (contact)

If you have general questions about the services or the data we collect about you and how we use it, please contact us at:

Sophie Schuster and Thomas Wanner

Johann-Schütz-Straße 31

87435 Kempten, Germany

info@sw-naturfotografie.de

Status: 10.01.2025