The security and protection of your personal data is very important to us. Therefore, we would like you to be informed about the processing of personal data (referred to as ‘data’ below) within the scope of our internet presence at https://photoclaim.com/. There also exist third party websites which are linked to our website to optimize it and improve the user experience. For this reason, we provide you with relevant information about the third-party components which may result in processing the data they collect.
1. Information About us as the Data Controller
PhotoClaim sp. z o.o.
Wąchocka 1F, room 11
03-934 Warsaw; Poland
VAT ID no.: PL8971816636,
Chairman of the Board: Daria Trinkhaus
Telephone: +48 577 770 754,
Fax: +49 (30) 555 786 849
2. Affected Parties, Type of Data and the Time and Purpose of Collecting and Processing
When you visit our website at https://photoclaim.com/, the following information is automatically collected and temporarily stored:
- Usage data (e.g. the date and time of access, previously visited website)
- Meta or communication data (e.g. the browser and, if applicable, your computer’s operating system and the name of your access provider, IP addresses)
Furthermore, the data you send us as the user of our website is also affected by the collection and processing, for example, through contacting us using the provided contact options or by filling in the application form. In this context, the following information may be collected and processed:
- User’s inventory data (e.g. name and address)
- User’s contact or communication data (e.g. e-mail address or phone number)
- Further content data (e.g. by using the contact form or by uploading photographs)
We also collect and process your data as part of our business activities, for the provision of our website (by a hosting provider), for administration, financial accounting, office organisation and/or contact management as well as for business management analysis (see also Section 15 of the declaration). In addition to the data listed above, the following data may be collected and processed by us or our hosting provider:
- Contract data (e.g. customer’s name and address, prospect or business partner, contract’s subject matter, portfolio)
- Payment data (e.g. name, bank details, payment history)
- Inventory data, contact data, content data, usage data, metadata, communication data (see above for examples of the individual points)
The purpose of collecting and processing the above-mentioned data is:
- the provision of our website, including its functions and contents as well as the guarantee of a smooth user experience for the website visitors (g. provision of a contact form, infrastructure and platform services, computing capacity, storage space and database services, e-mail transmission, security services and technical maintenance services),
- the guarantee of communication with customers, interested parties or business partners (e.g. by the possibility of answering your contact inquiries or the possibility of a later establishment of contact),
- enabling measures for system security and stability
- implementation of a range measurement/marketing/market research/advertising
- provision of contractual services (e.g. checking your inquiry) and customer care,
- ensuring a functioning business (e.g. through administration, financial accounting, office organization, archiving of data),
- adaptation and optimisation of our Internet presence to the user’s needs (this includes e.g. contractual partners, interested parties, customers or website visitors).
4. Relevant Legal Bases
According to Art. 13 GDPR, we are obligated to inform you about the legal basis of our data processing. First of all, the basis of data collection and data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. This results from the purpose listed under No. 2. If we obtain your consent for the collection and processing of your personal data, the corresponding legal bases are Art. 6 para. 1 lit. a and Art. 7 GDPR. The processing to fulfil our legal obligations is carried out on the basis of Art. 6 para. 1 lit. c GDPR. In addition, we collect and process data within the scope of our performance, contract execution and processing of inquiries on the basis of Art. 6 Para. 1 lit. b GDPR. The legal basis for the processing of data based on the vital interests of the data subject or another natural person is Art. 6 para. 1 lit. d GDPR. Should the processing be carried out on further legal bases, we will expressly point this out.
5. Security of Processing
In accordance with Art. 32 GDPR and with the collaboration of contract processors, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity fort he rights and freedoms of natural persons.
Such measures include, inter alia:
- the pseudonymisation and SSL encryption of personal data;
- the ability to ensure the long-term confidentiality, integrity, availability and resilience of the systems and services associated with the processing;
- the ability to rapidly restore the availability of and access to personal data in the event of a physical or technical incident;
- a procedure for the regular review, testing and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing.
In addition, we take appropriate technical and organisational measures to ensure that only personal data whose processing is necessary for the respective specific processing purpose is processed by default. This obligation applies to the amount of personal data, the scope of its processing, its storage period and its accessibility. The measures also ensure in particular that personal data cannot be made accessible to an indefinite number of natural persons without our intervention (Art. 25 GDPR).
6. Cooperation With Contract Processors and Third Parties
If processing is carried out on our behalf, we only cooperate with contract processors or third parties who offer sufficient guarantees that suitable technical and organisational measures are carried out in such a way that the processing is carried out in accordance with the requirements of the General Data Protection Regulation and guarantees the protection of the rights of the data subject (Art. 28 GDPR). Processing by a processor is carried out on the basis of a contract or other legal instrument concluded with him, in accordance with Union law or the law of the Member States which binds the processor to us and which defines the subject and duration of the processing, the nature and purpose of the processing, the nature of the personal data, the categories of data subjects and our obligations and rights.
7. Transfers to Third Countries
A transfer of data which has already been processed or which will be processed after its transfer to a third country or an international organisation is only permitted if we as well as the processor fulfil the requirements of Art. 44 ff. GDPR and if other provisions of the Regulation are also complied with, including the possible transfer of personal data from the third country or international organisation concerned to another third country or international organisation.
We ensure that the level of protection for people guaranteed by the General Data Protection Regulation is not undermined. Furthermore, data may only be processed in a third country for the fulfilment of (pre)contractual or legal obligations, on the basis of justified interests and/or with your express consent.
8. Data Subject Rights
You have the right:
- to request information from us as to whether or not we process your personal data; if this is the case, you have information rights on this personal data and on further information in accordance with Art. 15 GDPR (e.g. the purpose of the processing, the categories of personal data being processed or, if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration). For our website, use https://photoclaim.com/data-protection-policy/
- to request the correction or completion of incorrect or incomplete personal data concerning you (Art. 16 GDPR).,
- to request us to erase any personal data relating to you without delay (Art. 17 GDPR). In accordance with Art. 18 GDPR, you may also request us to restrict the processing of your data.,
- to receive the personal data concerning you, which you have previously provided to us, in a structured, commonly used and machine-readable format (Art. 20 GDPR). You also have the right to transfer this data to another controller without our interference in accordance with Art. 20 GDPR,
- to withdraw any consent you may have given at any time (Art. 7 GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal,
- to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
9. Right to Object
You also have the right to object to the future processing of your personal data at any time in accordance with Art. 21 GDPR.
10. Cookies and the Right to Object in Direct Advertising
Many Internet browsers automatically accept cookies. However, if you do not want them to be accepted and thus stored on your end device, you can configure your browser settings so that no cookies are stored or a message always appears before a new cookie is created. In addition, cookies that have already been saved can be subsequently deleted in the settings of your browser. However, please note that complete removal and deactivation of cookies may prevent you from using all functions of our website.
11. Retention and Erasure of Data
The legal basis for the storage of your data within the scope of our business operations in documents such as books, accounting documents or other records in Germany is §§ 147 para. 1 Fiscal Code of Germany (AO), 257 para. 1 no. 1 and 4, para. 4 German Commercial Code (HGB). This is a retention obligation for 10 years (tax retention obligation). If your data is available to us in the context of commercial letters, it must be kept for 6 years in accordance with § 257 Para. 1 No. 2 and No. 3, Para. 4 HGB (commercial law retention obligation).
If you contact us (e.g. via the contact form, e-mail or telephone), your data will be stored and processed to process and handle the contact request in accordance with Art. 6 Para. 1 lit. b) GDPR. However, we delete the data if it is no longer necessary. The necessity is reviewed every two years; in addition, the statutory archiving obligations apply.
13. Integration of Third Party Services and Third Party Content
We use content or service offers from third parties within our webpage on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our webpage pursuant to Art. 6 para. 1 lit. f. GDPR) in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as content).
This always requires that the third party providers of this content perceive the IP address of the user since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every attempt to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate certain information on the website (e.g. visitor traffic on the pages of this website). The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our webpage, as well as be linked to such information from other sources.
14. Customer Account or Registration
15. Google Analytics
We use the Google Analytics service, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter „Google“), to adapt and optimise our website to the needs of users (this includes e.g. contractual partners, interested parties, customers, visitors to our website).
Google creates and uses pseudonymised user profiles and cookies. The information generated by the cookie about your use of our website is transferred to a Google server in the USA and stored there. The information is used to enable an evaluation of website usage, to document website activities and to provide further services associated with website and internet usage for market research and design purposes. By subjecting Google to the Privacy Shield Agreement, Google guarantees that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use Google Analytics within the framework of our website with activated IP anonymisation. Your IP address will be reduced by Google within the EU member states or in other signatory states to the Agreement on the European Economic Area and only in exceptional cases will the full IP address be transmitted to a Google server in the USA, where it will subsequently be reduced. Your IP address will not be combined with other information that may also be available to Google.
16. Social Media
Within the scope of our internet presence, functions and contents of the Google platform offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), can be integrated. It is possible to integrate content such as images, videos or texts and buttons with which users can share content from this website within Twitter. If these users are members of the Google platform, it is possible that Google assigns the retrieval of the previously listed contents and functions to the profiles of the users there.
On our website we include videos uploaded to the YouTube platform offered by YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter “YouTube”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”) for the purpose of improving quality (legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR). If you are logged in with your YouTube account when using our website, your data can be linked to your YouTube account. To prevent this, you must log out of your YouTube account before using our website. Alternatively, you can also adjust the settings in your YouTube user account so that the data is not linked.
If you use YouTube videos embedded on our website, YouTube sets a cookie on your device. This cookie is used to process user settings and user data. It is possible to delete the cookie manually. Alternatively, you can prevent cookies from being stored in your browser settings. Details can be found under point 10 of this data protection declaration.
By subjecting Google and thus also YouTube to the Privacy Shield agreement, it is guaranteed that Google, as well as YouTube, comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). For more information about Google’s data collection and processing, please visit https://policies.google.com/privacy?hl=en.
On our website, we use the Twitter service provided by Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (hereinafter referred to as “Twitter”) social network plug-in to improve quality (legitimate interest pursuant to Art. 6 Para. 1 lit. f) GDPR).
When you visit a website where the Twitter plug-in is stored, your Internet browser downloads a representation of the plug-in from Twitter’s servers in the USA. Twitter stores and processes the website you visit, your IP address as well as the date and time of your access.
If you are logged in with your Twitter account when using our website, your data can be linked to your Twitter account. This is especially the case when you use the “Share” button of Twitter. This will store the shared information in your Twitter account and may publish it on the Twitter platform. To prevent this, you must log out of your Twitter account before using our website. Alternatively, you can also adjust the settings in your Twitter user account so that the data is not linked.
By subjecting Twitter to the Privacy Shield Agreement, Twitter guarantees that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). For more information about Twitter’s data collection and processing, please visit https://twitter.com/en/privacy.
On our website, we use the Instagram social network plug-in offered by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (hereinafter referred to as “Instagram”) to improve quality (legitimate interest pursuant to Art. 6 Para. 1 lit. f) GDPR).
When you visit a Web page that contains the Instagram plug-in, your Internet browser downloads a representation of the plug-in from Instagram’s servers in the United States. Instagram stores and processes the website you visit, your IP address as well as the date and time of your access.
If you are logged in with your Instagram account when using our website, your data can be linked to your Instagram account. This will store the information you share in your Instagram account and may publish it on the Instagram platform. To prevent this, you must log out of your Instagram account before using our website. Alternatively, you can adjust the settings in your Instagram user account so that the data is not linked. For more information about Instagram’s data collection and processing, please visit https://help.instagram.com/155833707900388/.
On our website we use the plug-in of the social network Facebook, offered by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; in the EU: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter both referred to as “Facebook”), to improve quality (legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR).
If you visit a web page that has the Facebook plug-in stored on it, your Internet browser downloads a representation of the plug-in from Facebook’s servers. Facebook stores and processes at least the website you visit, your IP address as well as date and time of your access. This way, Facebook is able to create a user profile of you. We have no influence on this procedure.
If you are logged in with your Facebook account when using our website, your data can be linked to your Facebook account. Facebook will store the information you share in your Facebook account and may publish it on the Facebook platform. To prevent this, you have to log out of your Facebook account and delete the cookies before using our website. Alternatively, you can adjust the settings in your Facebook account so that the data is not linked.
By subjecting Facebook to the Privacy Shield Agreement, Facebook guarantees that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). For more information about the plug-in and Facebook’s data collection and processing, please visit https://developers.facebook.com/docs/plugins/ and https://www.facebook.com/about/privacy/.
Please note that your use of this Facebook page and its functions are your sole responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information provided on this page on our website at https://photoclaim.com/.
When visiting our Facebook page, Facebook collects your IP address and other information that are available on your PC as cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. More information about this can be found at:
The way in which Facebook uses the data about visited Facebook pages for its own purposes, the extent to which activities on the Facebook page are assigned to individual users, how long Facebook stores this data and weather data from a visit of a Facebook page is transferred to third parties is not conclusively, not clearly outlined by Facebook and not known to us.
When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is made anonymous (in the case of “German” IP addresses) and deleted after 90 days. Facebook also stores information about its users’ end devices (e.g. as part of the “Login Notification” function); Facebook may thus be able to draw conclusions from the used IP addresses and allocate certain individual users.
If you are currently logged in to Facebook as a user, you will notice that there is a cookie on your device, connect to your Facebook ID. This allows Facebook to retrace that you visited this page and how you used it. This also applies to all other Facebook pages. Facebook buttons integrated into websites allow Facebook to record your visits to these websites and to allocate them to your Facebook profile. On the basis of this data, content or advertising can be offered tailored to you.
To avoid this, you should log out of Facebook or disable the “Stay signed in” feature, delete the cookies present on your device and exit and restart your browser. This will delete all Facebook information that can be used to immediately identify you. This allows you to use our Facebook page without revealing your Facebook ID. While accessing interactive features of the site (Like it-button, comment-button, share-button, news, etc.), a Facebook login screen appears. Once you have logged in, Facebook will recognize you again as a particular user.
For information about how to manage or delete existing information about you, please visit the following Facebook support pages:
In order to improve the quality of our website (legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR), we include the content of the provider LinkedIn, offered by LinkedIn Ireland, Unlimited Company Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”).
If you are logged in with your LinkedIn account when using our website, your data can be linked to your LinkedIn account. The information you share will be stored in your LinkedIn account and may be published on LinkedIn’s platform. To prevent this, you must log out of your LinkedIn account before using our website. Alternatively, you can also adjust the settings in your LinkedIn user account so that the data is not linked.
By subjecting LinkedIn to the Privacy Shield Agreement, LinkedIn guarantees that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). For more information about LinkedIn’s data collection and processing, please visit https://www.linkedin.com/legal/privacy-policy. Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
17. Links to External Websites
This website contains links to external sites. We have no influence on the contents of external linked websites and are therefore not responsible for them, in particular, we do not adopt their contents as our own. If you are directed to an external site, the data protection declaration provided there applies. If you notice any illegal activities or contents on this page, you are welcome to inform us. In this case, we will review the content and respond appropriately (notice and takedown procedure).
18. Online Job Applications / Publication of Job Advertisements
You will regularly find job advertisements on our website for which you can apply by sending your application documents to the e-mail address provided. We store and process the documents you submit and the data contained therein within the framework of the recruitment procedure and subsequently keep them in your personnel file, provided that an employment contract is concluded between us (the legal basis for this processing is § 26 Para. 1 BDSG (Federal Data Protection Act) in conjunction with Art. 88 para. 1 GDPR).
If no employment contract is concluded and the data does not have to be kept due to legal regulations (e.g. the duty of proof, legal bases: Art. 6 para. 1 lit. f) GDPR and § 24 para. 1 no. 2 BDSG), we delete your data basically after two months. It is possible that you consent to a longer storage in order to be contacted by us at a later point in time with regard to a job offer. You can revoke this consent at any time with effect for the future.
19. Inclusion, Validity and Updating of the Data Protection Declaration
We need to be able to change our privacy practices and this privacy statement to adapt them to changes in laws and regulations or to better meet your needs (e.g. if our website is further developed). The current version of our data protection declaration is available for review, download and/or print on our website at any time.