Data Privacy Policy

Preamble
We hereby inform you about our processing of your personal data and how it is used is determined by the services you have requested or that have been arranged with you.

1. Who can I contact?
Please feel free to contact us via: business@gotphoto.com

2. What sources and data do we use?
We process the personal data that we receive from you as part of our business relationship. In addition, we process, to the extent necessary for the provision of our services, personal data that we receive from other sources (e.g. our customers as a data processor) in a legally permissible way (e.g. to execute orders, to fulfil contracts or on the basis of a consent granted by you). We are also permitted to process personal data which we may have obtained from publicly available sources (e.g. debtor directories, press, media) in a legally permissible way. Relevant personal data are personal details and contact details (name, address, telephone number and email address). In addition, this may also include order data or data from the fulfilment of our contractual obligations, such as advertising and sales data, documentation data, data on your use of our tele-media offerings, as well as other data comparable with the aforementioned categories.

3. Why do we process your data (purpose of processing) and on what legal basis?
3.1 To fulfil contractual obligations

The processing of personal data is carried out for the provision of our electronic services and in particular also to carry out our contracts or pre-contractual measures with you. The purposes of data processing are primarily obligations arising from the sales contract in which you enter with us by placing an order in our shop and can include, among other things, reminders of important events.

3.2 In the context of the balancing of interests

If necessary, we process your data beyond the actual fulfilment of the contract in order to protect our own legitimate interests or those of third parties. For: advertising or market and opinion research, insofar as you have not objected to the use of your data; the enforcement of legal claims and defence in legal disputes; ensuring IT security; prevention and investigation of criminal offences; measures for business management and further development of services and products.

We also process personal data when you contact us through our contact formular. We process any data you include in the formular. These data are needed to process and respond to your inquiry or request. As soon as your inquiry or request has been solved, we delete your data.

3.3 On the basis of your consent

If you have given us consent to the processing of personal data for certain purposes (e.g. contacting you for verification), the legality of such processing is based on your consent. You may revoke your consent at any time with effect for the future. Please note that the revocation only takes effect in the future. Processing carried out before the revocation remains unaffected.

3.4 Pursuant to legal requirements

We also process personal data on the basis of legal requirements. For example, we store invoice data (name, address) on the basis of existing legislation, such as the retention obligations arising from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Tax Code (Abgabenordnung, AO), as our business is located in Germany.

4. Who gets my data?
In the course of using the services of GotPhoto, your data will be received by those who require the data to fulfil our contractual and legal obligations. Our processors may also receive data for these purposes. These are companies in the IT Services, photo labs, social media companies, mail distribution services categories. A data transfer to recipients external to GotPhoto takes place only if legal provisions so permit and you have given your consent or we are authorised to issue such information. Under these conditions, recipients of personal data may be, for example: public bodies and institutions (e.g. supervisory authorities) in the presence of a statutory or official obligation.

Other data recipients may be those for which you have given us your consent for the transmission of data or have waived your consent.
5. How long will my data be stored?
Where necessary, we process and store your personal data to the extent necessary to comply with our contractual obligations. In addition, we are subject to various retention and documentation obligations. The time limits for storage and documentation can be two to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which are usually three years, but can also be up to thirty years in certain cases.

6. Is data transmitted to a third country or to an international organisation?
Data transmission to third countries (states outside the European Economic Area, EEA) takes place only to the extent necessary to fulfil our contractual requirements towards you, if required by law, or if you have given us your consent. We will inform you separately about the details if doing so is required by law.

7. Is there a duty for me to provide data?
In the context of our business relationship, you must provide only the personal data necessary for the establishment, execution and termination of a business relationship or for which we are legally obliged to collect. Without this data, we will usually have to reject the conclusion of the contract or the execution of the order or will no longer be able to execute an existing contract and may have to terminate. Furthermore, it is necessary for us to request additional data for the provision of paid services, including how to process your desired payment method

8. Newsletter
When you register to receive our notifications by email and/or SMS, the data you provide will be used exclusively for this purpose. We log your consent to receive the notification, including your IP address. No further data will be collected. The data will only be used for sending notifications and will be passed on to third parties only for the purpose of delivery. You can revoke your consent to the processing of your personal data and their use for sending notifications at any time. In each notification you will find an applicable link for revocation; in addition you can always send an objection by email to business@gotphoto.com. Please note that the revocation will only take effect in the future. Processing carried out before the revocation remains unaffected.

10. Third-party functions
10.1 Cookies

What are cookies?

“Cookies” are text files that are stored on your computer that allow an analysis of your use of the website.

What exactly do cookies do?

The information generated by the cookie about your use of this website is usually transferred to a server and stored there. However, due to the activation of IP anonymisation on some websites, your IP address is sometimes shortened in advance within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Depending on the service provider, such an IP address is stored truncated.

What are the transferred data used for?

On behalf of GotPhoto, the third party will use this information to analyse your use of the website, to compile reports on the activities of the website and to provide further services to the website operator related to the use of the website and the Internet.

How do I turn off cookies?

You can prevent the storage of cookies by changing the corresponding setting in your browser software; however, we would point out that in this case you may not be able to use all the functions of this website to their full extent. We also have implemented a function to turn off cookies once you reached our website. Which third-party cookies are used? We use the following third-party cookies on our website:

Google Analytics (Further Information: https://support.google.com/analytics/answer/6004245?hl=de)
Google Adwords (Further Information: https://policies.google.com/privacy?hl=de)
New Relic Inc. (Further Information: https://newrelic.com/termsandconditions/privacy)
Hubspot (Further Information: https://legal.hubspot.com/de/privacy-policy)
Wistia (Further Information: https://wistia.com/privacy)
Google Places API (Further Information: https://policies.google.com/privacy)

10.2 Social media plugins

We do not use any social media plugins on our website. However, forwarding to a social media website is possible. Once you use one of the forwarding to a social media website you will be directed to the respective side directly. Please accept that we have no control if and which data will be collected from these sides. Please find below a list of social media website with an active forwarding:

Facebook Inc. (1601 S. California Ave – Palo Alto – CA 94304 – USA) (for more information, see: https://www.facebook.com/policy.php)
Twitter Inc. (795 Folsom St. – Suite 600-San Francisco – CA 94107 – USA) (for more information, see: https://twitter.com/en/privacy#update)
Youtube ( for more information, see: https://support.google.com/youtube/answer/2801895?hl=de)
As of: 15 May 2018

10.3 Google webfonts

In order to render our content correctly and ensure it looks graphically appealing across all browsers, we use script and font libraries, such as Google Web Fonts (https://www.google.com/webfonts/). Google Web Fonts prevent multiple loading into the cache of your browser. However, if your browser does not support Google Web Fonts or prohibits its access, content will be displayed in a standard font. The calling of script or font libraries automatically triggers a connection to the operator of the library. It is currently unclear if and for what purposes the operators of such libraries collect data.

The privacy policy of Google’s library operator can be found at: https://www.google.com/policies/privacy/

© gotphoto.com 2019

10.4 2.10 Sign-up flow in the app
When you sign-up in our app, we use Google Places API to facilitate the sign-up procedure by automatically filling your address requested in the sign-up flow. For this purpose we process your:
a. search terms
b. IP address and
c. latitude/longitude coordinates
This processing occurs through scripts placed by Google Places API and relies on your consent, collected via the cookie banner (GDPR Art.6.1a).