Privacy policy
1. Scope and object of the privacy policy
The object of this privacy policy is to provide information on which personal data we collect via the website, retrievable under picter.com, and to which purpose we process them. If links are placed to other sites, we do not have any influence or control over the linked content or the privacy policy of those sites. We recommend that you check the privacy policies on the linked sites, in order to establish whether and to what extent personal data are collected, processed, used or made accessible to third parties.
2. Important definitions and terms
Beforehand, here is a selection of some legal definitions that may be helpful to you in understanding the privacy policy. The complete text of the General Data Protection Regulations (GDPR), including further definitions and terms, can be retrieved under the following link.
Personal data
All information that refers to an identified or identifiable natural person (hereafter “data subjects”); identifiable is defined as those natural persons who can be identified directly or indirectly, in particular by means of allocation to an identifier such as a name, ID number, location data, an online ID or to one or more special features, which are an expression of the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person;
Processing
Every process carried out with or without the help of automated methods, or any such series of processes in connection with personal data, such as collecting, recording, organising, sorting, storing, adapting or altering, evaluating, retrieving, using, revealing by transmission, distributing or any other form of provision, comparing or linking, restricting, deleting or erasing;
Controller
The natural or legal person, authority, institution or other office that decides, solely or together with others, on the purposes and means of processing of personal data; if the purposes and means of this processing prescribed by EU law or the law of the member states, the controller, or the specific criteria of his appointment, may be defined under EU law or the law of the member states;
Recipient
A natural or legal person, authority, institution or other office to whom personal data is revealed, irrespective of whether or not this is a third party. However, authorities that receive possibly personal data in the context of a certain inquiry under EU law or the law of the member states are not regarded as recipients; this data is processed by the aforementioned authorities in harmony with the valid data protection regulations pursuant to the purpose of the processing;
Third party
A natural or legal person, authority, institution or other office, excluding the data subject, the controller, the order processor and the persons authorised to process the personal data under the direct responsibility of the controller or of the order processor;
3. Name and contact details of the controller
Picter GmbH, Bismarckstr. 3 (Hofhaus) 86159 Augsburg, represented by the Managing Director, Claudio Ricci, e-mail legal@picter.com.
4. Name and contact details of the data protection officer
IITR Datenschutz GmbH, Dr. Sebastian Kraska, Eschenrieder Straße 62c, 82194 Gröbenzell, skraska@iitr.de
5. Categories of personal data
1. ACCESSING THE WEBSITES: Creation of so-called logfiles
Personal data:
- IP address
- Cookie identification
Description and purpose of the data processing:
When our website is accessed we collect so-called access data and store them in a protocol file (so-called logfile). These access data also include the IP address. In addition, the log file also stores the name of the website accessed, the file accessed, the date and time of the access, the data volume transmitted and notification of the successful access, the browser type and version, the operating system, the so-called referrer URL (the site visited previously) as well as the accessing provider.
In addition, when our website is accessed, so-called cookies are installed on your end device (laptop, tablet, smartphone or PC). Details about the cookies used on the website, their specific purpose and a description of how you can delete these cookies, can be found in the Cookie and opt-out advice.
The logfile data serve the evaluation of the system security and stability, as well as administrative purposes. With the help of the cookie ID, the user can be authenticated by our application when accessing multiple pages (login session).
Interest in the data processing:
The logfile data, including the IP address, serve merely the technical and design-related optimisation of the website and the security of our systems (e.g. in the context of an attack on our IT or a security incident). No personal connection can be established by us from the logfile data, including the IP address, when our website is accessed. This can only occur if you login simultaneously to our application. In this case, we can allocate your IP address directly. With the help of the cookie ID we learn, e.g. whether and to what extent you have already visited our website, whether you have already registered with us using a certain ID, and when you returned to it. Details and information on how you can delete cookies, can be found in the Cookie and opt-out advice.
Recipient and processor of this data
We host our website with an external third party. We forward the collected data to this third party, including your IP address, which can be read by this service provider for technical reasons. If you have registered on our platform, it is possible for us to establish a personal connection, however this is not possible for our host.
AWS Cloud Computing, Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA
Purpose of data processing: Technical and design-related optimisation of the website and security of our systems.
Details on the provider & privacy notice:
• https://aws.amazon.com/privacy/?nc1=f_ls
• https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/
Duration of data storage
The logfiles, including the IP address contained therein, shall be erased six (6) months after collection. More details on the cookies we use, the duration of their storage, and how you can delete these cookies, can be found in the Cookie and opt-out advice.
Legal basis
Art. 6 (1) (f) GDPR
Provision prescribed or necessary
The provision of the aforementioned personal data is neither legally nor contractually prescribed. However, without the IP address and the cookie identification, the service and the functionality of our website cannot be guaranteed, and individual services may be restricted.
2. ACCESSING THE WEBSITE: Web analysis
Personal data:
- IP address
- Cookie identification
Description and purpose of the data processing:
So-called tracking tools are used on the website, in which cookies are also used and the IP address processed. Tracking tools typically investigate where the visitor comes from, which areas of a website are sought and how often, and for how long which subpages and categories are looked at. By these means it can be established, e.g., which search terms and websites the user entered, in order to secure a needs-related design and continuous optimisation of our website.
The use of tracking tools thus serves to evaluate user behaviour, in order to be able to adapt the online offer to the interests of visitors and to learn how our services are used. We also use the tracking measures in order to record the use of our website statistically and for the purpose of optimising our offer for you.
Interest in the data processing:
The statistical evaluation of the user profiles allow us to derive information about the functioning and success of our websites, providing answers to questions such as how often information pages on certain product groups are accessed, or how many visitors clicked on certain offers. With the help of the tracking tools we can tailor our offer in a more targeted manner towards our customers, visitors and interested parties. Details about the provider, the function and information on how you can delete the cookies used and prevent tracking, can be found in the Cookie and opt-out advice.
Recipient and processor of this data
The following providers of tracking tools process data on our behalf for the purpose of user analysis and statistical processing. For this purpose we have concluded the relevant order processing contracts. Further details on the technical functioning of the tools and information on how you can prevent data transmission (tracking), can be found in the Cookie and opt-out advice.
Google Analytics by Google Tag Manager, Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Details on the provider & privacy notice:
• http://www.google.com/policies/
• https://support.google.com/analytics/answer/6004245?hl=de
• Privacy Shield certification
Segment, Segment.io, Inc., 101 15th Street San Francisco, CA 94103, USA
Details on the provider & privacy notice:
• https://segment.com/docs/legal/terms/
• https://segment.com/docs/legal/privacy/
• https://segment.com/product/gdpr
Facebook Pixel, Facebook, Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA
Details on the provider & privacy notice:
• https://www.facebook.com/legal/terms/
• https://de-de.facebook.com/about/privacy/
• Privacy Shield certification
• https://www.facebook.com/about/privacyshield
• https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Heap, Heap Inc., 116 Natoma Street, 3rd Floor, San Francisco, CA 94105, USA
Details on the provider & privacy notice:
• https://heapanalytics.com/tos
• https://heapanalytics.com/privacy
• https://heapanalytics.com/blog/company/heaps-commitment-to-gdpr-and-data-privacy
Duration of data storage
The collected data shall be deleted automatically 26 months (Google) after collection. Details on the tools and cookies used in the context of these tracking tools, their storage duration, and information on how you can delete these cookies and end tracking, can be found in the Cookie and opt-out advice.
Legal basis
Art. 6 (1) (f) GDPR
Provision prescribed or necessary
The provision of the aforementioned personal data is neither legally nor contractually prescribed.
Profiling
With the help of the tracking tools the behaviour of the website visitors can be assessed and their interests analysed. To this end we create a pseudonym user profile. If you log in with your user data, we can connect the data to your person with the help of this profile information.
3. REGISTRATION: Registering and login
Personal data:
Registering
- Password
- Optional forename and surname
Login
- Password for login
Description and purpose of the data processing:
If you have a customer account, we need your login data (e-mail and password) to verify your customer account.
Recipient of payment data:
Paypal, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449, Luxembourg
Details on the provider & privacy notice:
• https://www.paypal.com/us/webapps/mpp/ua/privacy-full
Stripe, Stripe Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA
Details on the provider & privacy notice:
• https://stripe.com/de/privacy
Duration of data storage
The login data entered by you into your “Picter” customer account are available to use for the duration of the contractual term and for the duration of the existence of your customer account with us, and shall be stored by us for this duration. All personal data related to your customer account, except commercial records (such as orders, invoices, quotations), will be deleted if you do so yourself with regard to individual data, or if you demand that we do so. We are obliged under statutory provision to retain commercial records for different retention periods. When the contract ends, when you or we terminate the contractual relationship, we shall erase your data (except commercial records) no later than seven (7) days after termination. However, if you deliberately shared your information with third parties on Picter (such as organizations hosting competitions), you entered a legal obligation with them and therefore you are required to directly contact them to delete the data you submitted to them. We are not allowed to delete the data you submitted to them.
Legal basis
Art. 6 (1) (b) GDPR
Provision prescribed or necessary
The provision of the aforementioned personal data for the customer account is contractually stipulated. Otherwise, no order is possible.
4. NEWSLETTER
Personal data:
- E-mail address
- Optionally forename and surname
Description and purpose of the data processing:
When you register for our e-mail newsletter, we send you regular information on special actions or news from Picter. To send the newsletter we use the so-called double opt-in method. This means that we shall only send you an e-mail newsletter if you have explicitly confirmed that you consent to the sending of newsletters. We then send you a confirmation e-mail, requesting that you confirm that you wish to receive the newsletter in future by clicking on the relevant link. Only with the activation of the confirmation link do you give your consent for the use of your personal data. The data are used solely for the purpose of promotional contact by means of the newsletter. The forename and surname are required as a means of address and their provision is optional.
Recipient and processor of this data
The newsletter dispatch is provided by the following provider, with whom we have concluded the relevant contracts regarding order processing.
Mailchimp, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
Purpose of data processing: Technical and design-related optimisation of the website and security of our systems.
Details on the provider & privacy notice:
• https://mailchimp.com/legal/privacy/
• https://kb.mailchimp.com/binaries/content/assets/mailchimpkb/us/en/pdfs/mailchimp_gdpr_sept2017.pdf
Duration of data storage
You may reject at any time the receipt of newsletters and thus the processing of your aforementioned data for the purpose of e-mail advertising. If you no longer wish to receive e-mails, you can click on the so-called “unsubscribe link” in every e-mail or directly here, or contact us at support@picter.com. The legality of the processing on the basis of the consent until your revocation remains unaffected. After successful deregistration, your e-mail address will be deleted immediately from our newsletter mailing list, unless you have explicitly consented to the further use of your data.
Legal basis
Art. 6 (1) (a) GDPR
Provision prescribed or necessary
The provision of the aforementioned personal data is neither legally nor contractually prescribed. However, without entering your e-mail address it is not possible to send or receive the newsletter.
5. CONTACT & CHAT
Personal data:
- E-mail address
- Forename and surname
- Telephone number
- Company
- Comment (enquiry)
Description and purpose of the data processing:
We use the contact and chat function on our website in order to communicate with our customers and with interested parties and to answer their enquiries and requests. We process the enquiries and information sent to us in this context for the purpose of answering your enquiry and establishing contact with you. At the same time, the data serve to allocate the enquiry to your profile, provided you have registered as a customer with the same data. We also use your contact form data, including the enquiry itself, for the purpose of creating offers.
Recipient and processor of this data
The contact and chat functions are provided by the following providers, with whom we have concluded the relevant contracts with regard to order processing.
Zendesk, Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA
Details on the provider & privacy notice:
• https://www.zendesk.com/company/customers-partners/privacy-policy/
• https://support.zendesk.com/hc/en-us/articles/203657756-About-ticket-archiving
Intercom, Intercom, Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA
Details on the provider & privacy notice:
• https://www.intercom.com/terms-and-policies#privacy
• https://www.intercom.com/terms-and-policies#eu-us
Duration of data storage
We use the data until each respective conversation no longer than 120 days after our conversation with you has ended (request solved or closed). The conversation with you is deemed to have ended when circumstances suggest that the matter under discussion has been dealt with conclusively. Furthermore, we save the communication until we are requested to delete it. You may revoke your consent to the data processing at any time, without affecting the legality of the processing that is conducted on the basis of your consent until the withdrawal of that consent;
Legal basis
Art. 6 (1) (a, b) GDPR
Provision prescribed or necessary
The provision of the aforementioned personal data is neither legally nor contractually prescribed. However, without this information, it is not possible to process the enquiry.
6. Your rights
You have the right to demand at any time confirmation as to whether we process personal data, and you have the right to information about these personal data. You also have the right to the correction, erasure and restriction of the data processing, as well as the right to opt out at any time from the processing of personal data, to withdraw at any time your consent to data processing, or to demand the transfer of the data. In addition, you have the right, in the event of a data breach, to complain to a supervisory authority.
You may assert all of your rights against use by e-mail to legal@picter.com, or to the contact details provided in the point “Controller”.
