I. Controller, Data protection officer, Scope
LFI Photographie GmbH (hereinafter referred to as “provider”) is the controller in accordance with relevant data protection regulations. Please refer to the imprint for details of the address as required for a summons and powers of representation.
The protection of personal data has the highest priority for us. We would therefore like to inform you about which data we collect when, and how we process your personal data. This privacy statement describes the collection and processing of personal data via the websites https://lfi-online.de, http://m-magazine.photography, http://s-magazine.photography/ (hereinafter collectively referred to as "website").
The provider allows you to upload your own photos via the website and view photos of others in the form of a gallery. The "Shop" function of the website also allows users to purchase photo cameras and photo equipment. Users also have the possibility to purchase or subscribe to magazines on the subject of photography published by the provider. Goods or services offered for payment can be purchased by users as guests without having to create a user account.
The provider also uses the personal data for statistical and market analysis purposes, e.g. on the basis of customer groups, delivery areas and market areas, and evaluates them anonymously. Details can be found in the relevant sections of this privacy statement. Additional privacy notices may apply to special services or promotions (e.g. special offers). We will inform you about these at the beginning of the usage process of the respective service or action.
II. General information on data processing
1. Scope of processing of personal data
In principle, we only process personal data of our users if this is necessary to provide a functional application as well as our contents and services. The processing of personal data of our users generally only takes place after the user has given his consent or on the basis of other legal regulations, which permit data processing.
2. Legal basis for the processing of personal data
Whenever we collect the data subject’s consent to the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
contract or pre-contractual measures
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party and if such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6 para. 1 lit. f GDPR serves as the legal basis.
3. Data erasure and storage time
In principle and unless otherwise stated, your personal data will only be stored until the purpose of the collection and storage is achieved. With your consent, data can also be stored for longer as long as you do not revoke your consent (for example, if you have created a user account, data will be stored until you delete the user account again).
Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
4. Transfer to third countries
Unless otherwise stated, all data processing operations take place within the EU or the EEA countries.
Data processing operations carried out by third-party providers established outside the geographical area mentioned (see e.g. Sections VI, VIII) may be carried out in part or in full in the countries of the respective branch or in accordance with the relevant data protection regulations.
A transfer of personal data outside the EU or the EEA is exclusively based on an adequacy decision of the European Commission, including the adequacy decision on the EU-US Privacy Shield. A list of current adequacy decisions is available on the European Commission's website.
Information on the EU-US Privacy Shield and in particular on the participation of a specific company can be found on the website of the US Department of Commerce.
III. Use of data in general form in the provision of applications and creation of log files
Regardless of whether you place an order, we automatically store use-related data about the usage process when using our platforms or apps. This includes in particular the URL of the accessed website, date and time of the access, transferred data volume, http status code of the answer to the access, web browser and HTTP referer as well as the IP address. This information is not associated with your person. We store the IP addresses in the log files for a limited period of time, if this is necessary for security purposes.
We collect this data to ensure the provision of our applications. In addition, they are used to anonymously analyze, store and evaluate user behavior and to continuously improve and further develop the service. For more details on the systems used, please refer to the sections on cookies and social media below.
We only store your IP address in the log files for a limited period of time, if this is necessary for security purposes.
These purposes constitute our legitimate interest, which justifies data processing.
IV. Data processing when creating a user account
When creating a user account, we store the following data: Name, e-mail address, public photographer name, login, language, country and password. These data are used for the allocation of your entries and activities in our gallery.
When creating a user account, you can also consent to receiving our newsletter.
You can save a profile picture in your user account. Under your profile name, you can publish images in the gallery, add them to your favorites and share them with others via Twitter and Facebook (see the relevant sections of this privacy statement for more information) and make personal recommendations on orders placed. For this we can display your user profile name and your profile picture. Your profile picture can be accessible under your profile name.
If you wish to purchase goods from the magazine or shop area while logged into your user account, your data from the user account will be transferred directly into the ordering process in order to make it more attractive and easier.
The basis of data use when creating a user account is your consent.
V. Data processing when ordering in the magazine or shop area
After selecting the desired goods and/or subscriptions we collect and store your first name and last name, your company, complete billing address and delivery address (if different), telephone number, e-mail address and the method of payment selected by you. We need these data to fulfil and process the ordering procedure. In addition, these data are required in the event of complaints, inquiries and in order to communicate with you within the scope of Section IX.
Your payment data will be forwarded to various payment service providers with whom we cooperate, depending on your chosen online payment method (such as credit card payment, direct debit or Paypal). They will inform us about the payment. We do not receive or store any personal data on bank and payment means.
In order to process your order, we pass on your data to service providers that we use to fulfil the concluded contract. These are service providers who are responsible for the packaging and delivery of your order or the processing of payments. Such service providers process the data exclusively on our behalf and for the purpose of contract fulfilment. Under no circumstances will your data be used by the service providers for their own purposes. We have concluded contracts for order processing with all our service providers in accordance with Art. 28 GDPR.
The basis for the use of data for orders is the execution of pre-contractual measures or the fulfilment of the contract.
a) Description and scope of data processing
In order to make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies to recognize your browser on your next visit (persistent cookies).
You can set your browser in such a way that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. You can also manually delete cookies from your terminal at any time.
If cookies are not accepted, the functionality of our website or our app may be limited.
The use of technical cookies is based on our legitimate interest.
technically unnecessary cookies
We implement technically not necessary cookies in order to analyse the use of our website and improve it continuously. Such analytics enable us to offer you a better service that meets your interests better. The legal basis thereof is Art. 6 par. 1 lit. f).
You can object to the storage and use of data via Piwik at any time by using the Opt-Out Tool provided by Piwik. In this case, an opt-out cookie is stored on your terminal. Piwik then no longer collects any data. Please note that after deletion of the opt-out cookie, the cancellation will also be deleted and, if you continue to object, you will have to activate the above-mentioned checkbox again.
b) Duration of storage, possibility of objection and elimination
You can subscribe to our newsletter by ticking the appropriate box when creating a user account or by entering your e-mail address in the provided input mask. You can indicate your name voluntarily. We use it only to address you personally.
You will then receive an automatic confirmation e-mail containing a link to the specified address. The registration process is not complete until you click on this link.
By giving your consent to receiving our newsletter, we use your e-mail address to send you advertising and interesting offers about our own goods and services and those of partner companies. The data will not be passed on to third parties. You can withdraw your consent to receive newsletters at any time by objecting to the receipt of newsletters.
The basis for this form of data processing is your consent.
If we have collected your e-mail address in connection with the use of our offers (e.g. when purchasing our goods or services, or when using the free gallery), we may also send you e-mail newsletters for our offers without your prior consent, which are similar to the goods or services you have already ordered from us, if you have not objected to receiving such newsletters. The basis for this is Section 7 (3) UWG.
You can object to receiving any type of newsletters from us at any time without incurring any costs other than the transmission costs according to the basic rates (e.g. the costs of your Internet provider). We will inform you about the right of objection when collecting the email address and in the respective newsletter.
VIII. Social Media Plugins
On out website we implement social media plugins of various providers in order to improve our service and make it more attractive for you. The legal basis for the processing of personal data resulting thereof is Art. 6 par. 1 lit f) GDPR.
We include videos on our website via the Vimeo.com portal of Vimeo, LLC, 555 West 18th Street, New York, New York, New York 10011, USA ("Vimeo"). When accessing a page that integrates videos via Vimeo, initially only integrated video windows are loaded with a "Play" icon. When you press the "Play" button, an information text will appear explaining how your data will be processed by playing the Vimeo video. Only when you confirm this with "Ok", a connection to the Vimeo servers in the USA will be established. As a result, information about your visit and your IP address is stored there. Interactions with the Vimeo plugins such as clicking the start button are directly collected and stored by Vimeo.
If you have a Vimeo account and are logged in to Vimeo, Vimeo is able to associate your viewing of the video with your account. If you do not want this, you must log out of Vimeo before visiting our website.
Vimeo provides additional interactive features in relation to the videos we have included, such as rating or sharing the videos. To use these features, you may be required to log in to Vimeo or other providers (such as Facebook or Twitter) with your user account.
For Vimeo's privacy statement and more information about Vimeo's collection and use of your data, please visit http://vimeo.com/privacy.
Vimeo also uses the Google Analytics service via the iFrame in which the video is integrated with us. For more information on how Google Analytics works and how you can object to it, please refer to the relevant section of this privacy statement under point VI.
The transfer of your data to Vimeo in the USA takes place within the framework of the EU-USA Privacy Shield.
Our website uses so-called social plugins ("plugins") of the social network Facebook. This service is provided by Facebook Inc.
Facebook is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").
In order to increase the protection of your data when you visit our website, the plug-ins are integrated into the site by means of a so-called "2-click solution". This integration ensures that no connection to the Facebook servers is established when a page of our website containing such plug-ins is accessed. Your browser does not establish a direct connection to Facebook's servers until you activate the plug-ins and thus give your consent to data transmission. The content of the respective plugin is transmitted directly to your browser and integrated into the page. By integrating the plugins, Facebook receives the information that your browser has accessed the respective page of our website, even if you do not have a Facebook profile or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you interact with the plugins, for example by pressing the "Share" button, this information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your contacts.
The purpose and scope of the data collection and the further processing and use of data by Facebook as well as your rights and setting options for the protection of your privacy can be found in Facebook's data protection information at http://www.facebook.com/policy.php
The transmission of your data to Facebook in the USA takes place within the framework of the EU-USA Privacy Shield.
This website uses plugins of the microblogging service Twitter, operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The plugins are marked with a Twitter logo, for example in the form of a blue "Twitter bird".
When our website is accessed, which contains such a plugin, the user's browser establishes a direct connection to Twitter's servers. The content of the plugin is transmitted directly from Twitter to the browser and integrated into the page. Through this integration Twitter receives the information that the browser has accessed the respective page, even if the user does not have a Twitter profile or is not currently logged on to Twitter. This information (including the IP address) is transmitted directly from the browser to a Twitter server in the USA and stored there.
If the user is logged in to Twitter, Twitter can directly associate the visit to our website to the Twitter account of the user. When interacting with Twitter plugins, for example by pressing the "Twitter" button, this information is also transmitted directly to a Twitter server and stored there. The information is also published on the Twitter user account and displayed to contacts there.
The purpose and scope of data collection and the further processing and use of data by Twitter as well as your rights and setting options for the protection of your privacy can be found in the Twitter data protection information: https://twitter.com/privacy
In order to prevent Twitter from directly associating the data collected via our website with the Twitter account of the user, the user must log out of Twitter before visiting the website. The loading of Twitter plugins can also be completely prevented with add-ons for the browser, e.g. with a script blocker.
The transmission of your data to Twitter in the USA takes place within the framework of the EU-USA Privacy Shield.
YouTube Video Plugins
Third-party content is integrated on our website. This content is provided by Google LLC via the YouTube video service.
Youtube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
For videos from Youtube, which are integrated on our site, the extended data protection setting is activated. This means that no information from website visitors is collected and stored by YouTube unless they play the video. The integration of the videos serves our overriding legitimate interests in an optimal marketing of our offer.
The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your relevant rights and setting options for the protection of your privacy can be found in the data protection information of Google http://www.google.com/intl/de/+/policy/+1button.html.
The transmission of your data to Google in the USA takes place within the framework of the EU-USA Privacy Shield.
IX. Rights of the data subject
If your personal data are processed, you are affected within the meaning of the GDPR and you have the following rights against the controller:
1. Right to access
You can require the controller to confirm whether personal data concerning you are processed by us.
If such processing takes place, you can request to be informed by the controller about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
(4) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) any available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling, referred to in Art. 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transmission.
2. Right to rectification
You have a right to rectification and/or completion against the data controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall make the correction without undue delay.
3. Right to restriction of processing
Under the following conditions, you may request the restriction of processing of personal data concerning you:
(1) if you contest the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) if the data controller no longer needs the personal data for the purposes of the processing, but you do need them for the establishment, exercise or defence of legal claims or
(4) if you have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If the processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to delete
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent, on which the processing was based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.
b) Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 DSGVO, insofar as the right referred to under a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defence of legal claims.
5. Right to notification
If you have exercised your right to have the data controller rectify, erase or limit the processing, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(2) the processing is carried out by means of automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technical feasible. This shall not adversely affect the rights and freedoms of others.
The right to transferability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time without giving reasons to the processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
8. Right to withdraw consent
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR
X. Amendments to this privacy statement
Due to the dynamic development of the Internet, new technologies and possibilities are constantly developing. To enable us to offer you these possibilities and technologies, we reserve the right to change this privacy statement for the future when introducing new, additional or when changing or extending existing services or service elements.
If the change to the privacy statement only affects the use of data in a general form and/or the use of data for orders and not also the use of data within the scope of a user account, the new privacy statement shall apply from the date of its update on the website.
A change of the privacy statement, which refers to the use of the data already collected and stored in your user account, only takes place if this is reasonable for you. If and to the extent that changes to the privacy statement relate to the use of data already collected and stored in your user account, we will notify you in good time by e-mail, on our websites, in our apps or in another way. You have the right to object to the new privacy statement within six weeks of receiving the notification. In the event of an objection, we reserve the right to terminate the contract and delete your user account. If no objection is raised within the aforementioned period, the amended privacy statement shall be deemed accepted by you. We will inform you in the notification of your right to object and the significance of the objection period.
Send your enquiries to the data protection commissioner at: firstname.lastname@example.org