BLOCHBERGER | PHOTOGRAPHY
Provision of data
In order to use our website, it is usually not required by law or contract to provide personal data. If the provision of data is necessary for the conclusion of a contract or the user is obliged to provide personal data, we will inform you of this fact and the consequences of not providing it in this data protection declaration.
Data transfer to third countries
It is possible that we use service providers and third-party providers who are based in countries outside the European Union and the European Economic Area. The transfer of personal data to such third countries takes place on the basis of an adequacy decision by the European Commission (Art. 45 GDPR) or we have provided suitable guarantees to ensure data protection (Art. 46 GDPR). If there is an adequacy decision by the European Commission for data transfer to a third country, we will point this out in this data protection declaration. In addition, users can obtain a copy of the appropriate guarantees from us, unless this is already included in the data protection declarations of the service providers or third-party providers.
Automated decision making
Should we carry out automated decision-making including profiling, we will inform you in this data protection declaration about this fact, about the logic involved and the scope and intended effects of such processing. Otherwise, automated decision-making does not take place.
Processing for other purposes
In principle, data are only processed for the purposes for which they were collected. If, as an exception, they should be processed for other purposes, we will inform you about these other purposes before further processing and provide all other relevant information (Art. 13 Para. 3 GDPR).
Each time our website is accessed, the user’s browser transmits various data. For the duration of the visit to the website, the following data is processed and stored in log files even after the connection has ended:
- Browser type and version used
- Operating system
- Pages and files accessed
- Amount of data transferred
- Date and time of the request
- Provider of the user
- IP address in anonymized form
- Referrer URL
The processing of this data is necessary in order to be able to deliver the website to the user and to optimize it for his end device. The storage in log files serves to improve the security of our website (e.g. protection against DDOS attacks). IP addresses are anonymized before they are saved in log files.
The legal basis for the processing is Art. 6 Para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in the provision of the website and the improvement of website security. Log files are automatically deleted after 14 days.
Our online shop is designed and operated via Shopify. Provider: Shopify International Ltd., Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
The processing of personal data takes place on our behalf. It is possible that Shopify transmits this data to other companies belonging to the group that are based outside the European Economic Area. In this case, these companies process the data on behalf of Shopify International. There is an adequacy decision by the European Commission with regard to Canada. If data is transmitted to other regions, suitable guarantees for the protection of personal data have been established through internal group agreements between Shopify International Ltd. and the receiving company agreed.
Cookies, tracking pixels and mobile identifiers
We use technologies on our website to recognize the device used. These can be cookies, tracking pixels and / or mobile identifiers. A terminal device can be recognized for different purposes. It may be necessary to provide functions on our website, for example to provide a shopping cart. In addition, the technologies mentioned can be used to understand the behavior of users on the site, for example for advertising purposes. Which technologies we use in detail and for which purposes are described separately in this data protection declaration. For a better understanding, we explain in general how cookies, tracking pixels and mobile identifiers work:
- Cookies are small text files that contain certain information and are stored on the user’s device. In most cases, it is an identification number that is assigned to an end device (cookie ID).
- A tracking pixel is a transparent graphic file that is integrated on a page and enables a log file analysis.
- A mobile identifier is a unique number (Mobile ID) that is stored on a mobile device and can be read out via a website.
If you contact us, we process the user’s details, date and time for the purpose of processing the request, including any queries.
The legal basis for data processing is Art. 6 Paragraph 1 subparagraph. 1 letter f) GDPR. Our legitimate interest lies in answering our users’ inquiries. Additional legal basis is Art. 6 Para. 1 subpara. 1 letter b) GDPR if the processing is necessary for the performance of a contract or to carry out pre-contractual measures.
The data will be deleted as soon as the request including any queries has been answered. We check at regular intervals, but at least every two years, whether any data that has arisen in connection with making contact needs to be deleted.
Orders and payment processing
When placing an order in our online shop, we process the data provided when ordering, such as Name, bank details or payment details to process the order. We only pass on payment data to our payment service providers if this is necessary to process the payment.
The legal basis for the processing of order data is Art. 6 Para. 1 subpara. 1 letter b) GDPR. If the user stores his order data in a user account, Art. 6 para. 1 subpar. 1 letter a) GDPR is the legal basis. Otherwise, the processing is based on Art. 6 Para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in the processing of repayments and the pursuit of claims.
Order and payment data will be deleted as soon as they are no longer required for processing the order, including reversing the payment (e.g. due to a revocation or a withdrawal from the contract) and processing warranty cases, and there are no statutory retention requirements. In the event that the user has stored his order data for a new order in his user account, the data will be deleted together with the user account if they are not required for the processing of a specific order.
When paying via Google Pay, the payment is processed by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
When paying via PayPal, the payment is processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
When paying via Apple Pay, the payment is processed by Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.
When paying via SOFORT, the payment is processed by SOFORT GmbH, Theresienhöhe 12, 80339 Munich. The company belongs to the Swedish Klarna Group.
Other third-party services
We use the content delivery network (CDN) BootstrapCDN. Provider: StackPath LLC, 2021 McKinney Ave. Suite 1100, Dallas, TX 75201.
Contents are loaded from servers of the CDN. In order for a connection to be established, it is technically necessary to transmit the user’s IP address.
The legal basis for the processing is Art. 6 Para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in improving the speed and availability of our website.
Google Hosted Libraries
We use Google Hosted Libraries to improve the speed of our website. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
In order to establish a connection with the Google server, it is technically necessary to transmit the IP address of the user to Google. Google Hosted Libraries only sets cookies that are necessary to guarantee security and to prevent improper use.
The legal basis for processing is Art. 6 Para. 1 subpara. 1 letter f) GDPR. A legitimate interest on our part is to shorten the loading times of our website.
We use Google Fonts on our website. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Fonts are downloaded from the Google server. In order to establish a connection to the server, it is technically necessary to transmit the user’s IP address.
The legal basis for processing is Art. 6 Para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in the shortening of loading times and a uniform display on different end devices.
Profiles in social networks
We are present in one or more social networks. The details are: Facebook or Instagram. When you contact us, we process personal data as described above under Contact.
The providers of social networks process data in accordance with their data protection regulations, which can be accessed here:
If a user is logged in with their account, the activities on our profile in the respective social network can be assigned to them. This can be done across devices and, if necessary, also without login, for example using cookies or mobile identifiers. The providers of social networks use the collected data to create pseudonymized user profiles with which they can display personalized advertising in particular.
Data Subject Rights
If the user’s personal data is processed, he is the data subject within the meaning of the GDPR. Affected persons have the following rights:
Right to information: The person concerned has the right to request confirmation as to whether personal data concerning them are being processed. If personal data is processed, the person concerned has the right to free information and a copy of the personal data that is the subject of the processing.
Right to correction: The data subject has the right to request the immediate correction of incorrect or incomplete personal data.
Right to deletion: The data subject has the right to request the immediate deletion of personal data relating to them in accordance with the statutory provisions.
Right to restriction of processing: The person concerned has the right to request a restriction on the processing of personal data concerning them in accordance with the statutory provisions.
Right to data portability: The person concerned has the right to receive the personal data relating to them in a structured, common and machine-readable format or to request transmission to another person responsible.
Right to objection: The data subject has the right, for reasons that arise from their particular situation, to object at any time to the processing of personal data concerning them, which is based on Art. 6 Para. 1 letter e) or f) GDPR takes place, to object; this also applies to profiling based on these provisions. If personal data are processed in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data concerning them for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.
Right of revocation: The person concerned has the right to revoke their consent at any time.
Right to complain: The data subject has the right to complain to a supervisory authority.
Status of the data protection declaration: August 20, 2020