Responsible in the sense of GDPR is
FotoFinder Systems GmbH
84364 Bad Birnbach
You will find further information about our company, details of the authorized representatives and other contact details in our imprint on our website: www.fatrant.com/impressum/
1. Data Protection Officer
We have appointed a data protection officer in our company. You can reach them under the following address:
FotoFinder Systems GmbH
Data protection officer
84364 Bad Birnbach
E-mail: Datenschutzbeauftragter (at) fotofinder.de
2. Which data we collect and process
Cookies are small identifiers that a server stores on the terminal device with which you access our website or our services. They contain information that can be called up when accessing our services and thus enable a more efficient and better use of our offers.
Session cookies are deleted when you close your web browser. Permanent cookies remain on your computer until they are no longer necessary to achieve their purpose.
Cookies improve our services and the use of certain features. You can prevent the setting of cookies at any time by means of an appropriate setting of your Internet browser and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers. If you deactivate cookies in the Internet browser, not all functions of our website may be fully usable.
b) We use the following tracking and analysis tools
The Google Analytics component is operated by Google Inc 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, whose purpose is to analyze the flow of visitors to our website. Google uses the data and information obtained to evaluate the use of our website in order to compile online reports for us. Google Analytics sets a cookie in your browser. By setting the cookie, Google is enabled to analyze the use of our website. Every time you visit a website on which a Google Analytics component has been integrated, the Internet browser is automatically prompted to transmit data to Google. No personal data is transmitted to Google. The IP address is only forwarded to Google after it has been made anonymous. If you refuse Google Analytics you should download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout.
Google AdWords services is a service of Google Inc 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. If you access our website via a Google ad, a so-called conversion cookie is stored on your browser by Google. A conversion cookie loses its validity after thirty days and is not used for identification. If the cookie has not yet expired, the conversion cookie is used to determine whether certain sub-pages have been accessed on our website. The conversion cookie enables us and Google to track whether our visitors have reached our website via an AdWords ad.
The data and information collected through the use of the conversion cookie is used to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither we nor other Google AdWords advertisers receive information from Google that could identify our website visitors. No personal data is transmitted to Google. The IP address is only forwarded to Google after it has been made anonymous.
If you refuse Google Adword cookies please click at https://support.google.com/ads/answer/2662922?hl=en
c) Social media buttons, e.g. from Facebook, Instagram, Twitter, google plus, LinkedIn
The social media buttons are initially disabled and do not collect any data. If you wish to use them, you must first activate the buttons. Before activation, your consent is required for data processing according to the conditions of the respective provider (e.g. Facebook). After activation, data is collected, processed and used according to the conditions of the respective provider. We have no influence on the type and scope of data collection. If you refuse to use your data for social media purposes, you may not activate the buttons.
d) YOUTUBE VIDEO PLUGIN
Third-party content is included on this website. This content is provided by Google Inc ("Provider").YouTube is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
For videos from YouTube included on our site, the advanced privacy setting is enabled. This means that no information from website visitors is collected and stored on YouTube unless they play the video.
The purpose and scope of data collection and the further processing and use of the data by the providers as well as your rights and setting options for the protection of your privacy can be found in the Google data protection information: www.google.com/intl/de/+/policy/+1button.html.
e) Contact page
If the opportunity for the input of personal or business data (email addresses, name, and addresses) is given, the input of these data takes place voluntarily. Your data will be treated confidentially and not passed on to third parties. The data from the contact form is transmitted using SSL encryption.
The information you provide in the contact form will be passed on to our respective sales partner in your country of origin for further processing if you request further information (quotation, service instructions, etc.).
f) Newsletter and analysis using CleverReach
We work with CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede to send newsletters to you.
If you want to receive newsletter from us, we need only your e-mail address. If you enter your e-mail address in the mailing list, then your e-mail address will initially be stored temporary by the list provider ("CleverReach"). CleverReach will send an e-mail address in which the owner of the email address can confirm its entry in the e-mail list ("double opt-in"). If the e-mail address has been confirmed, it will be stored permanently with the list provider until the e-mail address is deleted by the owner of the e-mail address or by us. In order to be able to prove the entry in the list and to defend itself against any accusation of unsolicited e-mails sent, the list provider stores the date of entry in the list as well as the IP address under which the entry was made. We have no influence on the fact that the IP address is stored. We do not use the IP address for any other purpose.
Furthermore, the following data is stored by CleverReach:
- Date of last profile update
- opening rate
- Click Rate
Click rate is the ratio of open newsletters to clicks made on clickable elements (e.g. buttons or links).
- Geolocalization & Time Zone:
Based on the e-mail address, Clever Reach performs a geolocalization and, with the help of a "Geolocation Service Provider", determines information about the IP address (geolocation data and possibly available location information). Geolocation is also used to determine time zones. This in turn is used for the simultaneous sending of newsletters at certain times. Geolocalisation is carried out both when subscribing to the newsletter and when opening newsletter e-mails. This evaluation also includes information about the devices used (such as PC, mobile phone or tablets).
Bounces are undeliverable e-mails that either cannot be delivered temporarily (soft bounce) or not at all (hard bounce). Softbounces exist, for example, if the recipient's mailbox is overfilled; in the case of a hardbounce, however, the mail address no longer exists or the server blocks the mail.
- Language information:
If CleverReach can determine the language you have set from your browser when subscribing to the newsletter or when calling up links, this will also be saved to your profile. This function can be used in particular to form segments of subscribers by language. This enables us, for example, to send newsletter e-mails in English to subscribers who have set English as their default language in their browser.
- Groups & Segments:
We send newsletters adapted to subscribers. For example, newer subscribers may receive a different newsletter or a separate newsletter or e-mail.
3. Legal basis of data processing
Art. 6 I lit. a GDPR serves as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing processes that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If we are subject to a legal obligation by which a processing of personal data becomes necessary, for example for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to protect our legitimate interests or those of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. Such processing procedures are permitted to us in particular because they have been specifically mentioned by the European legislator. A legitimate interest is usually assumed if the person concerned is a customer of the person responsible.
If the processing of personal data is based on Article 6 I lit. f GDPR, it is in our legitimate interest to carry out our business activities.
We process applicant data in accordance with Art. 88 GDPR in conjunction with § 26 BDSG (new).
Users have the right to request free information about the personal data stored about them. In addition, they have the right to have this personal data corrected, blocked and deleted in accordance with the statutory provisions.
4 Duration of storage
We process and store personal data only for the time required to achieve the storage purpose or to the extent required by law. As a rule, the processing purpose is achieved upon termination of your contract.
Data that you enter during the application process will be stored for a maximum of six months.
Data collected via Google Analytics will be deleted after 14 months at the latest.
5. Data transmission to third countries
Personal data is passed on to IT service providers commissioned by us, in particular data center operators who have access to personal data from our area of responsibility. In certain cases it may be necessary to transfer personal data to third parties who do not have their registered office within the EU or the European Economic Area (EEA). We will only transfer your data to such third parties outside the EU/EEA if we can ensure that they guarantee an adequate level of data protection or if you have given us your express consent to the transfer. In order to fulfil the contract, we will also pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the order process, we pass on the payment data collected for the processing of payments to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account there. In this case, you must log in to the payment service provider with your access data during the ordering process. The data protection declaration of the respective payment service provider applies in this respect.
6 Your rights
a) Right to information and confirmation
You have the right to receive free information from us at any time and confirmation of the personal data stored about you and a copy of this information.
b) Right of correction
You have the right to request the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
c) Deletion rights
You have the right to have your personal data deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
They withdraw their consent on which the processing was based and there is no other legal basis for the processing.
You file an objection to the processing pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or you file an objection to the processing pursuant to Art. 21 para. 2 GDPR.
The personal data have been processed unlawfully.
The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
d) Right to limitation of processing
You have the right to request a limitation of the processing if one of the following conditions is met:
The accuracy of the personal data is disputed by you for a period that enables us to verify the accuracy of the personal data.
The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data.
We no longer need the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims.
You have filed an objection against the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether our justified reasons outweigh yours.
(e) rights of opposition to processing
You have the right to object at any time to the processing of your personal data on the basis of Article 6(1)(e) or (f) GDPR.
We will no longer process personal data in the event of an objection, unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You have the right to object at any time to the processing of your personal data for direct marketing purposes.
f) Right to data transferability
You have the right to receive the personal data relating to you that has been provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without our interference, provided that the processing is based on the consent provided for in Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the controller.
Furthermore, when exercising your right to data transferability pursuant to Art. 20 para. 1 GDPR, you have the right to obtain that the personal data be transferred directly from one data controller to another data controller, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.
g) Right to revoke consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time.
h) Right of appeal to the supervisory authority
You have the right to contact a supervisory authority in the Member State where you reside or work or where you suspect that the processing of personal data concerning you violates the EU Data Protection Regulation at any time.
7. Legal or contractual regulations for the provision of personal data, necessity for the conclusion of the contract, obligation to provide the personal data, possible consequences of nonprovision
The provision of personal data may be required in part by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for you to provide us with personal data, which we will subsequently have to process. For example, you are obliged to provide us with personal data when we conclude a contract with you (e.g. in the webshop). Failure to provide personal data would mean that the contract could not be concluded.
8. Existence of automatic decision making / profiling
We do not make automatic decision making or profiling.