Privacy Policy

Personal data (usually referred to just as “data” below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the “GDPR”), “processing” refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing

I. Information about us as controllers of your data

The party responsible for this website (the “controller”) for purposes of data protection law is:

Oliver Sommer
Meusdorfer Straße 63
04277 Leipzig
Germany

Telephone: +49 15110724310
Email: datenschutz@oliversommerfotografie.de

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right

  • to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Introduction

We are committed to safeguarding the privacy of our website visitors; in this policy we explain how we will treat your personal information. Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

Credit

This document was partly created using a template from SEQ Legal (http://www.seqlegal.com). It is also partly a Model Data Protection Statement for Anwaltskanzlei Weiß & Partner.

Collecting personal information

We may collect, store and use the different kinds of personal information as provided to us and described in the sections below.

Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.

We do not collect credit card or other payment information.

Using personal information

Personal information submitted to us through our website will be used for the purposes specified in this policy below or on the relevant pages of the website.

We may use your personal information as outlined in the following paragraphs below, in particular to:

(a) administer our website and business;

(b) personalise our website for you;

(c) send you goods purchased through our website;

(d) send statements, invoices and payment reminders to you, and collect payments from you;

(e) send you email notifications that you have specifically requested;

(f) send you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter);

(g) deal with enquiries and complaints made by or about you relating to our website;

(h) keep our website secure and prevent fraud; and

(i) verify compliance with the terms and conditions governing the use of our website.

If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us as described in our Terms of Service.

We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.

Disclosing personal information

We may disclose your personal information to any of our employees, officers, insurers, or professional advisers insofar as reasonably necessary for the purposes set out in this policy.

We may disclose your personal information to third party companies and individuals to facilitate our Service only as described in this privacy policy below, to provide the Service on our behalf, to perform Service-related services, to assist us in analyzing how our Service is used, to assist us in operating our website, conducting our business, or serving our users. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We may disclose your personal information:

(a) to the extent that we are required to do so by law;

(b) in connection with any ongoing or prospective legal proceedings;

(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);

(d) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

Except as provided in this policy, we will not provide your personal information to third parties.

Retaining personal information

Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes, unless described otherwise in this privacy policy.

Notwithstanding the provision above, we will retain documents (including electronic documents) containing personal data:

(a) to the extent that we are required to do so by law;

(b) if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and

(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

Security of personal information

We will take commercially reasonable technical and organisational precautions, including regular Malware Scanning, to prevent the loss, misuse or alteration of your personal information.

We will store all the personal information you provide on our secure (password- and firewall-protected) servers.

All electronic financial transactions entered into through our website will be protected by encryption technology.

You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).

We do not use vulnerability scanning and/or scanning to PCI standards.

We do not use SSL certificates because you are not required to enter sensitive information to be able to use our website

Amendments

We may update this policy from time to time by publishing a new version on our website.

You should check this page occasionally to ensure you are happy with any changes to this policy.

Server data

For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.

The data thus collected will be temporarily stored, but not in association with any other of your data.

The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

Cookies

a) Session cookies

We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address.

This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.

The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.

When you close your browser, these session cookies are deleted.

b) Third-party cookies

If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analyzing, or improving the features of our website.

Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.

c) Disabling cookies

You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support.

If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

Order processing

The data you submit when ordering goods and/or services from us will have to be processed in order to fulfill your order. Please note that orders cannot be processed without providing this data.

The legal basis for this processing is Art. 6 Para. 1 lit. b) GDPR.

After your order has been completed, your personal data will be deleted, but only after the retention periods required by tax and commercial law.

In order to process your order, we will share your data with the shipping company responsible for delivery to the extent required to deliver your order and/or with the payment service provider to the extent required to process your payment.

The legal basis for the transfer of this data is Art. 6 Para. 1 lit. b) GDPR.

Customer account/registration

If you create a customer account with us via our website, we will use the data you entered during registration (e.g. your name, your address, or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to provide you with an overview of your previous orders or to be able to offer you a wishlist function). We also store your IP address and the date and time of your registration. This data will not be transferred to third parties.

During the registration process, your consent will be obtained for this processing of your data, with reference made to this privacy policy. The data collected by us will be used exclusively to provide your customer account.

If you give your consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for this processing.

If the opening of the customer account is also intended to lead to the initiation of a contractual relationship with us or to fulfill an existing contract with us, the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.

The data previously collected will then be deleted as soon as processing is no longer necessary. However, we must observe any retention periods required under tax and commercial law.

Newsletter

If you register for our free newsletter, the data requested from you for this purpose, i.e. your email address, will be sent to us. We also store the IP address of your computer and the date and time of your registration. During the registration process, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter. This website can send emails through the MailPoet sending service (Wysija SARL, 6 rue Dieudé, 13006, Marseille, France). This service allows us to track opens and clicks on our emails. We use this information to improve the content of our newsletters. No identifiable information is otherwise tracked outside this website except for the email address. Our legitimate interest lies in the improvement of the functionality of our website.

The legal basis for this is Art. 6 Para. 1 lit. a) and lit. f) GDPR.

You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter.

Contact

If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

User posts, comments, and ratings

We offer you the opportunity to post questions, answers, opinions, ratings and media on our website, hereinafter referred to jointly as “posts.” If you make use of this opportunity, we will process and publish your post, the date and time you submitted it, and any pseudonym you may have used.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.

In addition, we will also process your IP address and email address. The IP address is processed because we might have a legitimate interest in taking or supporting further action if your post infringes the rights of third parties and/or is otherwise unlawful.

In this case, the legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in any legal defense we may have to mount.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Children’s Privacy

Our Service does not address anyone under the age of 13 (“Children”).

We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we discover that a Children under 13 has provided us with Personal Information, we will delete such information from our servers immediately.

Our service is in compliance with COPPA (Children Online Privacy Protection Act)

Third party websites

Our website includes hyperlinks to, and details of, third party websites.

We have no control over, and are not responsible for, the privacy policies and practices of third parties. We strongly advise you to review the Privacy Policy of every site you visit.

California Online Privacy Protection Act

Our service is in compliance with CalOPPA

Users can visit our site anonymously.

Do Not Track signals

We honor Do Not Track signals and do not track visitors when a Do Not Track (DNT) browser mechanism is in place.

Fair Information Practices

In compliance with Fair Information Practices we will, should a data breach occur, notify you via email and in-site notification within 2 business days.

CAN SPAM Act

In compliance with CANSPAM, we agree to the following:

(a) We do not use false or misleading subjects or email addresses, and identify advertisement as such in some reasonable way.

(b) Allow users to unsubscribe by using the link at the bottom of each email, and honor unsubscribe requests quickly.

Google Analytics

We use Google Analytics on our website. This is a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google).

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google guarantees that it will follow the EU’s data protection regulations when processing data in the United States.

The Google Analytics service is used to analyze how our website is used. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.

Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US.

The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general.

Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at

https://www.google.com/intl/de/policies/privacy/partners,

including options you can exercise to prevent such use of your data.

In addition, Google offers an opt-out add-on at

https://tools.google.com/dlpage/gaoptout?hl=en

in addition with further information. This add-on can be installed on the most popular browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs Google Analytics’ JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services we may use as detailed herein.

Google reCAPTCHA

Our website uses Google reCAPTCHA to check and prevent automated servers (“bots”) from accessing and interacting with our website. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google).

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google guarantees that it will follow the EU’s data protection regulations when processing data in the United States.

This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our website and in the prevention of unwanted, automated access in the form of spam or similar.

Google offers detailed information at

https://policies.google.com/privacy

concerning the general handling of your user data.

Model Data Protection Statement for Anwaltskanzlei Weiß & Partner

Last modification 2018-05-24