Information pursuant to Articles 13, 14 and 21 of the EU General Data Protection Regulation (GDPR).
We hereby inform you about our processing of your personal data and the claims and rights to which you are entitled according to data protection regulations. The exact type of data that is processed and how it is used is determined by the services you have requested or that have been arranged with you.
1. Who is responsible for data processing and who can I contact?
The person responsible is:
14, Fury Court
MK8 0AP Milton Keynes
2. What sources and data do we use?
We process the personal data that we receive from you as part of our business relationship. In addition, we process, to the extent necessary for the provision of our services, personal data that we receive from other sources (e.g. the facilities in which we photograph, such as schools and day-care centres) in a legally permissible way (e.g. to execute orders, to fulfil contracts or on the basis of a consent granted by you). We are also permitted to process personal data which we may have obtained from publicly available sources (e.g. debtor directories, press, media) in a legally permissible way. Relevant personal data are personal details and contact details (name, address, telephone number and email address). In addition, this may also include order data or data from the fulfilment of our contractual obligations, such as advertising and sales data, documentation data, data on your use of our tele-media offerings, as well as other data comparable with the aforementioned categories.
3. Why do we process your data (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR).
3.1. To fulfil contractual obligations (Art. 6 (1) letter. b GDPR)
The processing of personal data is carried out for the provision of the photographic services and the associated sale of captured images and their electronic transmission or production on photo products and delivery to customers, and in particular also to carry out our contracts or pre-contractual measures with you, as well as the execution of your orders. The purposes of data processing are primarily obligations arising from the sales contract in which you enter with us by placing an order in our shop and can include, among other things, reminders of important events. You can find further details about the purpose of data processing in the respective terms and conditions.
3.2. In the context of the balancing of interests (Art. 6 (1) letter f GDPR)
If necessary, we process your data beyond the actual fulfilment of the contract in order to protect our own legitimate interests or those of third parties. For: advertising or market and opinion research, insofar as you have not objected to the use of your data; the enforcement of legal claims and defence in legal disputes; ensuring IT security; prevention and investigation of criminal offences; measures for business management and further development of services and products.
We also process personal data when you contact us through our contact formular. We process any data you include in the formular. These data are needed to process and respond to your inquiry or request. As soon as your inquiry or request has been solved, we delete your data.
Should we be engaged in events where our photographic services have been used to take pictures, we process the personal data obtained there on the basis of the justified interest to fulfil the order given to us and to offer it for purchase. If this is the case, we shall refer to the photographs of the persons present during the event, as well as to a right of objection. Please note that an objection only takes effect in the future. All processing carried out until then remains unaffected.
3.3. On the basis of your consent (Art. 6 (1) letter a GDPR)
If you have given us consent to the processing of personal data for certain purposes (e.g. publication or use of images), the legality of such processing is based on your consent. You may revoke your consent at any time with effect for the future. Please note that the revocation only takes effect in the future. Processing carried out before the revocation remains unaffected.
3.4. Pursuant to legal requirements (Art. 6 (1) letter c GDPR) or in the public interest (Art. 6 (1) letter e GDPR)
We also process personal data on the basis of legal requirements. For example, we store invoice data (name, address) on the basis of existing legislation, such as the retention obligations.
4. Who gets my data?
In the course of using the online shop, your data will be received by those who require the data to fulfil our contractual and legal obligations. Our processors (Art. 28 GDPR) may also receive data for these purposes. These are companies in the IT services, production of photographic products, logistics, telecommunications and debt collection categories. A data transfer to recipients external to John Paine takes place only if legal provisions so permit and you have given your consent or we are authorised to issue such information. Under these conditions, recipients of personal data may be, for example: public bodies and institutions (e.g. supervisory authorities) in the presence of a statutory or official obligation. Other data recipients may be those for which you have given us your consent for the transmission of data or have waived your consent.
5. How long will my data be stored?
Where necessary, we process and store your personal data to the extent necessary to comply with our contractual obligations. In addition, we are subject to various retention and documentation obligations. The time limits for storage and documentation can be two to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which are usually three years, but can also be up to thirty years in certain cases.
6. Is data transmitted to a third country or to an international organisation?
Data transmission to third countries (states outside the European Economic Area, EEA) takes place only to the extent necessary to fulfil our contractual requirements towards you, if required by law, or if you have given us your consent. We will inform you separately about the details if doing so is required by law.
7. What data privacy rights do you have?
Each person concerned shall have the right to information according to Art. 15 of the GDPR, the right to rectification under Art. 16 GDPR, the right to deletion in accordance with Art. 17 GDPR, the right to restrict the data processing according to Art. 18 GDPR and the right to data transferability under Art. 20 GDPR. In the right to information and the right to deletion, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR).
8. Is there a duty for me to provide data?
In the context of our business relationship, you must provide only the personal data necessary for the establishment, execution and termination of a business relationship or for which we are legally obliged to collect. Without this data, we will usually have to reject the conclusion of the contract or the execution of the order or will no longer be able to execute an existing contract and may have to terminate. Furthermore, it is necessary for us to request additional data for the provision of paid services, including how to process your desired payment method.
9. Notification of important events
When you register to receive our notifications by email and/or SMS, the data you provide will be used exclusively for this purpose. We log your consent to receive the notification, including your IP address. No further data will be collected. The data will only be used for sending notifications and will be passed on to third parties only for the purpose of delivery. You can revoke your consent to the processing of your personal data and their use for sending notifications at any time. In each notification you will find an applicable link for revocation; in addition you can always send an objection by email to firstname.lastname@example.org. Please note that the revocation will only take effect in the future. Processing carried out before the revocation remains unaffected.
10. Third-party functions
What are cookies?
“Cookies” are text files that are stored on your computer that allow an analysis of your use of the website.
What exactly do cookies do?
The information generated by the cookie about your use of this website is usually transferred to a server and stored there. However, due to the activation of IP anonymisation on some websites, your IP address is sometimes shortened in advance within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Depending on the service provider, such an IP address is stored truncated.
What are the transferred data used for?
On behalf of John Paine, the third party will use this information to analyse your use of the website, to compile reports on the activities of the website and to provide further services to the website operator related to the use of the website and the Internet.
How do I turn off cookies?
You can prevent the storage of cookies by changing the corresponding setting in your browser software; however, we would point out that in this case you may not be able to use all the functions of this website to their full extent. Which third-party cookies are used? We use the following third-party cookies on our website:
- Google Analytics (For more information, see: https://support.google.com/analytics/answer/6004245?hl=de)
- Google Adwords (For more information, see: https://policies.google.com/privacy?hl=de)
- New Relic Inc. (For more information, see: https://newrelic.com/termsandconditions/privacy)
- gotphoto.co.uk (For more information, see: Fotografen Online Service GmbH) (https://www.fotograf.de/datenschutzhinweise/)
10.2. Social media plugins
- Facebook Inc. (1601 S. California Ave - Palo Alto - CA 94304 - USA) (for more information, see: https://www.facebook.com/policy.php)
- Twitter Inc. (795 Folsom St. - Suite 600 - San Francisco - CA 94107 - USA) (for more information, see: https://twitter.com/de/privacy)
- Pinterest Europe Ltd. (Palmerston House, 2nd Floor - Fenian Street - Dublin 2, Ireland) (for more information, see: https://policy.pinterest.com/de/privacy-policy)
- WhatsApp Ireland Limited (4 Grand Canal Square - Grand Canal Harbour - Dublin 2) (for more information, see: https://www.whatsapp.com/legal/?l=de#terms-of-service)
- Google Plus/Google Inc. (1600 Amphitheatre Parkway - Mountain View - CA 94043 - USA) (for more information, see: https://policies.google.com/privacy?hl=de)
As of: 30/05/2018
Information about your right to object
According to Art. 21 GDPR
1. General right to object
You have the right, for reasons arising from your particular situation, to file an objection at any time to the processing of personal data relating to you, on the basis of Art. 6 (1) letter f GDPR (data processing based on the balancing of interests). If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcement, exercise or defence of legal claims.
2. Right to object against the processing of data for direct marketing purposes
In individual cases we process your personal data in order to perform direct marketing. You have the right at any time to object to the processing of personal data relating to you for the purpose of such marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection must be addressed in writing by email to the following contact person: