Responsible party
Katrice Photo
Katrice Staden
Bussardweg 16
33813 Oerlinghausen, Germany
Phone: +49 (0) 173 6040683
Email: hello@katricephoto.com
General information
This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within my online offering and the associated websites, functions, and content, as well as external online presences, such as my social media profile. (hereinafter collectively referred to as “online offering”). With regard to the terms used, such as “processing” or “controller,” I refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Data protection
I take the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. As a rule, it is possible to use my website without providing personal data. Insofar as personal data (e.g. name, address or email addresses) is collected on the pages, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent. I would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.
Types of data processed
• Inventory data (e.g., names and addresses)
• Contact details (e.g., email and phone numbers)
• Content data (e.g., text entries, photographs, and videos)
• Usage data (e.g., websites visited, interest in content, or access times)
• Meta/communication data (e.g., device information and IP addresses)
Categories of data subjects
Visitors and users of the online offering. These data subjects are collectively referred to as “users” below.
Purpose of processing
• Provision of the online offering, its functions, and content
• Responding to contact requests and communicating with users
• Security measures
• Reach measurement
• Marketing
Relevant legal bases
In accordance with Art. 13 GDPR, I hereby inform you of the legal bases for my data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art. 7 GDPR, the legal basis for processing for the fulfillment of my services and the implementation of contractual measures as well as responding to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for processing to fulfill my legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing to protect my legitimate interests is Art. 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.
Rights of data subjects
You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR. In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you. In accordance with Art. 17 GDPR, you have the right to request that the data in question be deleted immediately or, alternatively, in accordance with Art. 18 GDPR, to request a restriction on the processing of the data. You have the right to request that the data concerning you that you have provided to me be received in accordance with Art. 20 GDPR and to request its transfer to other controllers. You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
Right of withdrawal
You have the right to withdraw your consent in accordance with Art. 7 (3) GDPR with effect for the future.
Right to object
You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. In particular, the objection may be made against processing for direct marketing purposes.
Deletion of data
The data processed by me will be deleted or restricted in its processing in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by me will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations that prevent deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons. In accordance with legal requirements in Germany, data is stored for a period of 6 years in accordance with Section 257 (1) of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.). In accordance with legal requirements in Austria, documents relating to electronically provided services, telecommunications, radio, and television services provided to non-business customers in EU member states and for which the Mini One Stop Shop (MOSS) is used must be retained for 10 years.
Business-related processing
In addition, I process
• Contract data (e.g., subject matter of the contract, term, customer category)
• Payment data (e.g., payment history)
from my customers, prospects, and business partners for the purpose of providing contractual services, customer care, marketing, advertising, and market research.
Hosting
The hosting services I use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which I use for the purpose of operating this online offering. In doing so, I or my hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties, and visitors to this online offering on the basis of my legitimate interests in the efficient and secure provision of this online offering in accordance with Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
Collection of access data and log files
I or my hosting provider collect data about every access to the server on which this service is located (so-called server log files) on the basis of my legitimate interests within the meaning of Art. 6 (1) lit. f GDPR. The access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider. Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data that must be retained for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
Provision of contractual services
I process inventory data (e.g., names and addresses as well as contact details of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling my contractual obligations and services in accordance with Art. 6 (1) lit. b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract. The data will be deleted after the expiry of statutory warranty and comparable obligations; the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the data will be deleted after their expiry. Information in any customer account remains until it is deleted.
Contact
When contacting me (e.g. via contact form, email, telephone or social media), the user’s details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 (1) lit. b) GDPR. The user’s information may be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization system. I delete the inquiries if they are no longer required. I review the necessity every two years; furthermore, the statutory archiving obligations apply.
Comments and posts
When users leave comments or other posts, their IP addresses are stored for 7 days on the basis of my legitimate interests within the meaning of Art. 6 (1) lit. f. GDPR. This is done for my security in case someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.). In this case, I myself can be prosecuted for the comment or contribution and am therefore interested in the identity of the author.
Integration of third-party services and content
Within my online offering, I use third-party content and services on the basis of my legitimate interests (i.e., interest in the analysis, optimization, and economic operation of my online offering within the meaning of Art. 6 para. 1 lit. f. GDPR) content or service offerings from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content perceive the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore necessary for the display of this content. I endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other information about the use of my online offering, and may also be linked to such information from other sources.
Google Analytics
Based on my legitimate interests (i.e., interest in the analysis, optimization, and economic operation of my online offering within the meaning of Art. 6 (1) lit. f. GDPR), I use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offering by users is usually transmitted to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on my behalf to evaluate the use of my online offering by users, to compile reports on the activities within this online offering, and to provide me with further services associated with the use of this online offering and the Internet. In doing so, pseudonymous user profiles can be created from the processed data. I only use Google Analytics with IP anonymization enabled. This means that the IP address of users will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Further information on data use by Google, settings and objection options can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use my partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you ads”).
Google Maps
I integrate maps from the Google Maps service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Online presence on social media
I maintain an online presence on social networks and platforms in order to communicate with customers, interested parties, and users who are active there and to inform them about my services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply. Unless otherwise stated in my privacy policy, I process the data of users who communicate with me within the social networks and platforms, e.g., by posting on my online presences or sending me messages.
Use of Facebook social plugins
Based on my legitimate interests (i.e., interest in the analysis, optimization, and economic operation of my online offering within the meaning of Art. 6 (1) lit. f. GDPR), I use social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). . The plugins can represent interaction elements or content (e.g., videos, graphics, or text posts) and are recognizable by one of the Facebook logos (white “f” on a blue tile, the terms “Like,” “I like it,” or a “thumbs up” sign) or are marked with the addition “Facebook social plugin.” The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user accesses a feature of this online offering that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the online offering. The processed data can be used to create user profiles. I therefore have no influence on the extent of the data that Facebook collects with the help of this plugin and therefore inform users according to my state of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for protecting the privacy of users, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/. If a user is a Facebook member and does not want Facebook to collect data about them via this online offer and link it to their membership data stored on Facebook, they must log out of Facebook and delete their cookies before using my online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
My online offering incorporates functions and content from the Instagram service, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include content such as images, videos, or text and buttons that allow users to express their liking for the content, subscribe to the authors of the content, or subscribe to my posts. If users are members of the Instagram platform, Instagram can assign the access to the above-mentioned content and functions to the users’ profiles there. Instagram’s privacy policy: http://instagram.com/about/legal/privacy/.
You are currently viewing a placeholder content from Vimeo. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from YouTube. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from TidyCal. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information