Privacy policy

Status: 8. March 2021, Version 3.2

This Privacy Policy gives you an overview of how your personal data is processed at https://api.picanova.com (subsequently “our website”).

Introduction

Picanova GmbH, Hohenzollernring 25, 50672 Cologne, Germany is the responsible data controller for the processing of personal data on this website within the meaning of Art. 4 No. 7 DSGVO. The corresponding contact details can be found at the end of this document.

1 Which personal data do we process from you?

We offer you various services which you can use in different ways. Depending on whether you contact us online, by telephone or in any other way, and which services you use, different data is generated from different sources. Many of the personal data processed by us are provided by yourself when you use our services or contact us. For example, when you place an order you provide us with your name, e-mail address or postal address. We also receive technical device and access data that is automatically collected by us when you interact with our services, like information about the device you use to contact us. We collect further data through our own data analyses (e.g. in the context of market research studies). We may also receive data about you from third parties, such as payment service providers.

1.1 Usage data

When you visit our web pages, a data record of so-called usage data is temporarily stored on our web server for statistical purposes as a protocol, to improve the quality of our web pages. We use servers from Amazon Web Services (AWS) with server location in Germany. The legal basis for this is Art. 6 para. 1 lit. f GDPR. 

This data record consists of

• the page from which the file was requested (a "page" is a file on a web server)

• the name of the file

• the date and time of the query

• the amount of data transferred

• the access status (file transferred, file not found)

• the description of the type of web browser used

• the IP address of the requesting computer

We store the IP address transmitted by your web browser for a maximum period of 30 days, for the purpose of detecting, limiting and eliminating attacks on our websites. In order to be able to trace the origin of such attacks, it is necessary to temporarily store the IP address. After this period, we delete the IP address. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.

1.2 Customer account

If you create a personal login or user account, you must first register and agree to the API Agreement, which also governs data privacy for the use of the API and the ordering products and includes a GDPR data processing agreement. On this website we collect and process the following data: Title, surname, first name, e-mail address, street, postal code, city, country, telephone number (optional), your password and the names and contact details of your company and the contact persons you provide us with. The legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. We use data that you provide to us in the course of registration or your inquiries to create a customer account for you and to make it even easier for you to place orders. You can change or even delete the information in your user account at any time within the user account. The data will then be automatically removed from our system if there are no retention periods or if the data is not required in individual cases (for example, in the case of open claims to collect the receivables).

2 What do we use the data for?

We process your data in compliance with all applicable data protection laws. We abide in particular by the principles of the data protection laws for the processing of personal data. We therefore process your data only for the purposes explained to you in this Privacy Policy or for the purposes communicated to you when the data was collected. 

These are primarily the operation of the website and your registration with the service as well as the security of our services. In addition, we use your data within the framework of the strict German and European data protection laws, but also for other purposes, such as product development, scientific research (especially in the areas of machine learning, artificial intelligence and deep learning) and market research, for the optimization of business processes, the design of our services to meet your needs and for personalized advertising.

For reasons of data protection, we do not integrate social media plugins directly into our website. Therefore, when you call up our pages, no data is transmitted to social media services such as Facebook, Instagram, Twitter, and Pinterest. 

2.1 Analysis of the website

To improve and monitor our website, we use the services: Salesforce, Facebook Business Manager, Facebook Custom Audience List, Google Customer Match List, intelliAd, Google Analytics, Google AdSense, Google Adwords. For data protection information of the individual providers, please contact the respective provider directly.

2.2 Hosting

For hosting purposes, we use the services: Amazon Elastic Cloud Computing (EC2), Amazon Elastic Load Balancer (ELB), Amazon Relational Database Services (RDS) and Amazon Simple Storage Service (S3) by Amazon Web Services (AWS), utilizing the AWS data centre in Frankfurt.

2.3 Data Transfer within the Picanova Group of Companies

This website is operated by Picanova GmbH, the parent company of Picanova Group. The Picanova Group operates several web shops and sells photo products all over the world. Many systems and technologies are shared within the Picanova Group. This enables us to offer you a cheaper, better, safer, more consistent and more interesting service. For this reason, those companies and departments within the Picanova Group are given access to your data when required to fulfil our contractual and legal obligations or to perform their respective functions within the Picanova Group.

When processing your order, we ensure that only the relevant departments and companies of Picanova Group have access to your data. 

2.4 Data transfer to third countries

In the case of the EU countries, the EU Commission has established an adequate level of data protection in accordance with Art. 45 (1) GDPR. In some cases, we also transfer personal data to third countries outside the EU. In each case, we ensure an appropriate level of data protection according to the requirements of the GDPR.

2.5 Tracking tools

For the demand-oriented design of our website we create pseudonymous user profiles with the help of Google Analytics and Instana. We explain the functionality of both tools using Google Analytics as an example. Google Analytics uses cookies that are stored on your end device and can be read by us. In this way we are able to recognize returning visitors and count them as such. The data processing is based on Art. 6 para. 1 lit. f GDPR or § 15 para. 3 TMG and in the interest of finding out how often our web pages have been accessed by different users.

The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, since we have activated IP anonymisation on this website, your IP address will first be shortened by Google within the member states of the European Union. Only in exceptional cases will the full IP address be transferred to a Google server in the USA (an appropriate level of data protection is provided by Google's participation in the Privacy Shield in accordance with Art. 45 para. 1 GDPR) and only be shortened there. We have made an agreement with Google Inc. (USA) for commissioned data processing in accordance with Art. 28 GDPR. According to this, Google may use all information only strictly for the purpose of evaluating the use of our website for us and compiling reports on website activity.

You can object to this processing at any time. Please use one of the following options:

• You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

• You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

3 How is your data protected?

The protection of your data is of great importance to us. We have taken technical and organisational measures to protect your data as comprehensively as possible from unwanted access. 

We use an encryption procedure on our pages. Your information is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can recognise this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

4 What data protection rights (rights of data subjects) do I have as a user?

Respecting your rights is of particular concern to us. As our customer, you have the right to revoke the use of your data at any time for the future. In addition, you have a right to information, the right to correction and deletion of your data, the right to restrict data processing, the right to data transferability, the right to objection, as well as a right to appeal to a data protection supervisory authority. 

To exercise these rights of data subjects, you can contact our data protection coordinators at any time. The contact details can be found at the end of this document. You can also contact our data protection coordinator.

4.1 Right to information (Art. 15 GDPR):

You have the right to request confirmation as to whether personal data concerning you is processed; if this is the case, you have a right of access to this personal data and to the information specified in Article 15 of the GDPR. 

4.2 Right to correction and deletion (Art. 16 and 17 GDPR):

You have the right to immediately request the correction of incorrect personal data concerning you and if necessary, the completion of incomplete personal data.
Users also have the right to request that personal data concerning them be deleted immediately if one of the reasons specified in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued. 

4.3 Right to restrict processing (Art. 18 GDPR):

You have the right to request a restriction on processing, if one of the conditions set out in Article 18 GDPR is met, e.g. if you have lodged an objection to processing, for the duration of any examination.

4.4 Right to data transferability (Art. 20 GDPR):

In certain cases, which are detailed in Article 20 GDPR, you have the right to receive personal data concerning you in a structured, common and machine-readable format or to request the transmission of this data to a third party.

4.5 Right of objection (Art. 21 GDPR):

If the data is collected on the basis of Art. 6 para. 1 lit. f) (data processing to protect legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data, unless there are demonstrably compelling reasons worthy of protection for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

4.6 Right of appeal to a supervisory authority (Art. 77 GDPR):

According to Art. 77 GDPR, you have the right of appeal to a regulatory authority if you believe that the processing of data concerning you violates data protection regulations. The right of appeal may be exercised before a supervisory authority in the member state where you are staying, working or suspected your rights are infringed.

5 Note on cookies

We use cookies on our websites. Cookies are small text files that can be stored and read out on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Cookies can contain data that enable recognition of the device used. However, in some cases cookies only contain information on certain settings that cannot be related to a specific person.

We use first party and third-party cookies as session and permanent cookies on our websites. The processing is based on Art. 6 para. 1 lit. f GDPR and in the interest of optimizing or enabling user guidance and adapting the presentation of our website.

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time using the appropriate browser setting and prevent the placing of new cookies (opt-out). Please note that our web pages may not be correctly displayed and that some functions may no longer be available for technical reasons.

6 Contact-person for data protection, data protection officer, changes to the data protection declaration

In the course of the further development of our websites, apps and clients, the implementation of new technologies, the improvement of our service for you and in order to take into account legal and regulatory changes, updates to this data protection declaration may become necessary. Therefore, the date of the last update of the Privacy Policy is shown at the beginning of this document. 

Please note: The e-mail address of our data protection coordinator and our data protection officer is not intended for technical customer service. Please therefore always contact our customer service for service requests.

Learn more

Controller in the sense of Art. 4 No. 7 GDPR for the data protection on this website is:

Picanova GmbH

Data Protection Coordination

Hohenzollernring 25

D-50672 Köln

Phone: +49 (221) 4670 4107* (Mo.-Fr. 11-16 o’clock, GMT +1)
E-mail: data-protection-officer@picanova.com

(*Costs per minute correspond to the tariff of your landline or mobile phone provider for a national call)

In addition to our data protection coordinators, you are also free to contact our data protection officer directly with your data protection queries:

data protection süd GmbH

Wörthstraße 15

97082 Würzburg

E-mail: office@datenschutz-sued.de