Privacy Policy - susen.photos

1. Data Protection at a Glance

General Information

Here, you will get a simple overview of what happens to your personal data when you visit my website. Personal data refers to any information that can be used to personally identify you. Detailed information about data protection can be found further below in this privacy policy.

Data Collection on This Website

Who is responsible for data collection on this website?

I am responsible for data processing on this website. My contact details can be found in the “Information about the Responsible Party” section of this privacy policy.

How do I collect your data?

Your data is collected in two ways:

You provide it to me directly, for example, when you fill out a contact form.
Other data is collected automatically or with your consent when you visit the website through my IT systems. This includes primarily technical data (such as your internet browser, operating system, or the time of your page visit). This data collection occurs automatically as soon as you enter my website.

What do I use your data for?

Some of the data helps me ensure that the website is presented correctly. Other data is used to analyze your user behavior. If contracts can be concluded or initiated through the website, I process the transmitted data for contract offers, orders, or other inquiries.

What rights do you have regarding your data?

You have the right to obtain free information about the origin of your stored personal data, who receives it, and what I use it for. You can also request that I correct incorrect data or delete your data.

If you have given me consent for data processing, you can withdraw it at any time for the future. In certain cases, you can also request that I restrict the processing of your data. Additionally, you have the right to lodge a complaint with a supervisory authority.

2. Hosting

I host my website with the following provider:

webgo

The provider is webgo GmbH, Heidenkampsweg 81, 20097 Hamburg (hereinafter referred to as “webgo”). When you visit my website, webgo stores various log files, including your IP address. You can find more information about this in webgo’s privacy policy:

https://www.webgo.de/datenschutz/

The use of webgo is based on Art. 6(1)(f) GDPR. My legitimate interest lies in providing you with a reliable display of the website. If I have obtained your consent, processing is solely based on Art. 6(1)(a) GDPR and § 25(1) TDDG. This applies, for example, to storing cookies or accessing information on your device (such as device fingerprinting). You can withdraw your consent at any time.

Order Processing

I have entered into an agreement with webgo for order processing (AVV). This ensures that your personal data is only processed according to my instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

General Information and Mandatory Information

Data Protection

I take the protection of your personal data very seriously. Your personal data is treated confidentially and in accordance with legal data protection regulations as well as this privacy policy. When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data I collect and how I use it. It also explains how and for what purpose this happens.

Please note that data transmission over the internet (e.g., when communicating via email) can have security gaps. Complete protection of data from third-party access is not possible.

Note on the responsible entity

The responsible entity for data processing on this website is:

Susen Bolz

Phone: +49 152 38848186

Email: hi@susenphoto.com

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Retention Period

Unless a more specific retention period is mentioned in this privacy policy, your personal data will remain with me until the purpose for the data processing no longer applies. If you request the deletion of data or revoke your consent for data processing, your data will be deleted, provided I have no other legally permissible reasons for retaining your personal data (e.g., tax or commercial retention periods); in this case, the deletion will occur once these reasons no longer apply.

General Information on the Legal Basis of Data Processing on This Website

If you have consented to data processing, I process your personal data based on Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, if special categories of data are processed under Art. 9 (1) GDPR. In the case of explicit consent for the transfer of personal data to third countries, data processing also occurs based on Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing also occurs based on § 25 (1) TDDG. You can revoke your consent at any time.

If your data is required for contract fulfillment or to take pre-contractual measures, I process your data based on Art. 6 (1) (b) GDPR. Additionally, I process your data if it is required to fulfill a legal obligation based on Art. 6 (1) (c) GDPR.

Data processing may also take place based on my legitimate interests according to Art. 6 (1) (f) GDPR. I will inform you of the applicable legal basis in the following sections of this privacy policy. Note on Data Transfer to Third Countries and Transfers to U.S. Companies Not Certified Under the EU-US Data Privacy Framework

I use tools from companies based in third countries that do not have an adequate level of data protection, as well as U.S.-based tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. Please note that in countries with insufficient data protection, no level of protection comparable to the EU’s can be guaranteed. I also note that the USA, as a safe third country, generally has a level of data protection comparable to the EU’s. Data transfers to the USA are permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional guarantees in place.

Information about data transfers to third countries, including recipients of the data, is available in this privacy policy.

Recipients of Personal Data

As part of my business activities, I collaborate with various external entities. In some cases, the transfer of personal data to these external entities is required. I only share personal data with external entities when it is necessary for the fulfillment of a contract, when I am legally required to do so (e.g., sharing data with tax authorities), when I have a legitimate interest based on Art. 6 (1) (f) GDPR, or when another legal basis permits the transfer of data. When using data processors, I only share personal data with them based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of Your Consent to Data Processing

Many data processing activities are only possible with your explicit consent. You can revoke any consent given at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Specific Cases and Against Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS INCLUDES PROFILES BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS FOR THE PROCESSING IS PROVIDED IN THIS PRIVACY POLICY. IF YOU OBJECT, I WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS I CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR DATA FOR SUCH MARKETING; THIS ALSO INCLUDES PROFILES TO THE EXTENT THAT THEY ARE RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 (2) GDPR).

Right to Complain to the Competent Supervisory Authority

In case of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your usual residence, your place of work, or the place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to request that data I process automatically based on your consent or for the fulfillment of a contract be provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of data to another controller, this will only occur if technically feasible.

Access, Correction, and Deletion

You have the right to request information about your stored personal data, its origin, recipients, and the purpose of data processing at any time free of charge, as well as the right to correct or delete this data, in accordance with applicable legal provisions. You can contact me at any time for this purpose or for any further questions about personal data.

4. Data Collection on This Website

Cookies

My website uses so-called “cookies.” These are small data packages that do not harm your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain until you delete them yourself or your browser deletes them for you.

Cookies can come from me (first-party cookies) or from third parties (third-party cookies). Third-party cookies enable services such as payment processing.

Cookies serve various purposes. Some are technically necessary for certain features of the website to function (like the shopping cart or video playback). Others analyze user behavior or serve advertising purposes.

Cookies necessary for the electronic communication process, desired functions (such as the shopping cart), or website optimization (e.g., for audience measurement) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified.

I have a legitimate interest in storing necessary cookies to provide my services without technical errors and in an optimized manner. If I ask for your consent to store cookies and similar technologies, the processing is based solely on this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG). You can withdraw your consent at any time.

You can set your browser to notify you about cookies being set, allow cookies only on a case-by-case basis, block cookies generally, or activate automatic deletion when closing the browser. If you disable cookies, the functionality of this website may be limited. You can find out which cookies and services I use in this privacy policy.

Contact Form

If you send an inquiry via the contact form, I will store your information from the form, including the provided contact details, in order to process your inquiry and address any follow-up questions. I will not share this data without your consent.

I process this data based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to a contract or requires pre-contractual measures. In all other cases, the processing is based on my legitimate interest in effectively handling your inquiry (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if you have provided it. You can withdraw your consent at any time.

The data you provide will remain with me until you request its deletion, revoke your consent to storage, or the purpose of storage no longer applies (e.g., after your inquiry has been fully processed). Legal retention periods remain unaffected.

Inquiry by Email, Phone, or Fax

If you contact me by email, phone, or fax, I will store and process your inquiry, including any personal data arising from it (name, inquiry), to process your request. I will not share this data without your consent.

The data you submit will remain with me until you request its deletion, revoke your consent to storage, or the purpose of storage no longer applies (e.g., after your concern has been fully addressed). Legal retention periods remain unaffected.

5. Social Media

Instagram

My website integrates features from the service Instagram. These features are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram then receives information about your visit to my website. If you are logged into your Instagram account, you can link content from my website to your Instagram profile by clicking on the Instagram button. Instagram then associates the visit with your user account.

Please note that I do not have precise knowledge of the content of the transmitted data and its use by Instagram.

The use of this service is based on your consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG). You can withdraw your consent at any time.

If this tool collects personal data and forwards it to Facebook or Instagram, Meta and I are jointly responsible for this data processing (Art. 26 GDPR). However, our joint responsibility is limited to the collection and forwarding of the data. What Facebook or Instagram does with the data thereafter is not my responsibility.

In our joint processing agreement (https://www.facebook.com/legal/controller_addendum), it is stated that I am responsible for providing the privacy information and ensuring the privacy-compliant integration of the tool on my website. Facebook is responsible for the data security of Facebook and Instagram products.

You can exercise your rights (e.g., requests for information) regarding data processing at Facebook or Instagram directly with Facebook. If you contact me, I will forward your request to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. More information can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum https://privacycenter.instagram.com/policy/https://de-de.facebook.com/help/566994660333381 More information on data processing can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/

Meta is certified under the “EU-US Data Privacy Framework” and is committed to complying with data privacy standards. More information can be found here: https://www.dataprivacyframework.gov/participant/4452

Pinterest

My website also integrates features from the social network Pinterest, operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you visit a page that includes a Pinterest element, your browser establishes a direct connection to Pinterest’s servers. Log data may be transmitted to Pinterest’s server in the USA. This data may include your IP address, the address of visited websites that also include Pinterest features, browser information, date and time of your request, and information about your Pinterest usage and cookies.

The use of this service is based on your consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG). You can withdraw your consent at any time.

More information about data processing and your rights can be found in Pinterest’s privacy policy:https://policy.pinterest.com/de/privacy-policy

6. Analytics Tools and Advertising

Matomo

This website uses the open-source web analytics service Matomo.

Matomo helps us collect and analyze data about how visitors use our website. This allows us to determine, for example, when specific pages are accessed and from which region. We also collect various log files (e.g., IP address, referrer, browser, and operating system) and can track whether visitors perform specific actions (e.g., clicks or purchases).

The use of this analytics tool is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both their website and advertising. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to user device information (e.g., device fingerprinting). Consent can be withdrawn at any time.

Hosting

We exclusively host Matomo on our own servers, ensuring that all analytics data remains with us and is not shared.

7. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on this website, we require your email address and information that allows us to verify that you are the owner of the email address and agree to receive the newsletter. No other data is collected, or only on a voluntary basis. We use this data solely for the delivery of the requested information and do not share it with third parties.

The data entered into the newsletter sign-up form is processed exclusively on the basis of your consent (Article 6(1)(a) GDPR). You can revoke your consent to the storage of data, the email address, and its use for sending the newsletter at any time, such as by clicking the “unsubscribe” link in the newsletter. The legality of data processing operations already carried out remains unaffected by the withdrawal.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or until the purpose for storing it no longer applies. We reserve the right to delete or block email addresses from our mailing list at our own discretion within the framework of our legitimate interest (Article 6(1)(f) GDPR).

Data stored for other purposes remains unaffected.

After unsubscribing, your email address may be stored in a blacklist to prevent future mailings if necessary. The data in the blacklist is only used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for newsletter distribution (legitimate interest under Article 6(1)(f) GDPR). Blacklist storage is not time-limited. You may object to this storage if your interests outweigh our legitimate interest.

8. Plugins and Tools

Google Fonts

Our website uses Google Fonts to ensure a consistent font display. When you access a page, your browser loads the required fonts to correctly display the content.

This involves establishing a connection to Google servers, through which Google may receive your IP address. The use of Google Fonts is based on Article 6(1)(f) GDPR, as we have a legitimate interest in a uniform and appealing website presentation. If you have provided your consent, processing is based solely on Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as cookies or comparable technologies are used. You can withdraw your consent at any time.

If your browser does not support Google Fonts, a standard font from your computer will be used.

For more information about Google Fonts, click here. You can view Google’s privacy policy here.

Google is certified under the EU-US Data Privacy Framework (DPF), which ensures compliance with European data protection standards.

Google reCAPTCHA

To protect our website from spam and abuse, we use Google reCAPTCHA. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA analyzes the behavior of visitors to determine whether an input is made by a human or an automated system. This analysis starts automatically when the website is accessed and includes evaluations such as IP addresses, mouse movements, and time spent on the site. The collected data is transmitted to Google.

The use of reCAPTCHA is based on Article 6(1)(f) GDPR, as we have a legitimate interest in protecting our website from automated attacks. If you have provided consent, processing is based solely on Article 6(1)(a) GDPR and Section 25(1) TTDSG. You can withdraw your consent at any time.

More information about Google reCAPTCHA can be found in Google’s Privacy Policy and Terms of Use.

Google is certified under the EU-US Data Privacy Framework (DPF).