Name and contact of the responsible person according to article 4 paragraph 7 GDPR
Data protection officer:
ANKA Rechtsanwaltsgesellschaft mbH
Kaninenberghöhe 50, 45136 Essen
Security and protection of your personal data
We consider it our primary task to maintain the confidentiality of the information you provide, to protect personal data, and to protect it against unauthorized access. That's why we utilize utmost care and state of the art safety standards to ensure maximum protection of your personal data.
As a private company, we are subject to the provisions of European law General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act of Germany (BDSG). We have taken technical and organizational measures to ensure that the rules on privacy are respected both by us, as well as by our external service providers.
Legislation requires personal data to be collected lawfully, in good faith and in a manner that is understandable to the affected subjects ("legality, processing according to good faith, transparency "). To ensure this, we inform you about the individual legal definitions that are also used in this privacy statement:
Personal data"Personal data" means any information that relates to an identified or identifiable natural person (hereinafter referred to as "affected person"); being identifiable as a natural person is viewed directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier, or one or more several special features that can be identified, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
Processing"Processing" is any executed process, with or without the help of automated procedures, or any such series of events related to personal data such as collecting, the capture, organizing, organizing, storing, adapting, or changing, selecting, querying, using, disclosing through transmission, dissemination or another form of provisioning, matching or linking, restriction, deletion or annihilation.
Restriction of processing"Restriction of processing" is the marking of stored personal data with the aim to limit their future processing.
Profiling"Profiling" is any type of automated processing of personal data that consists of the usage of this personal information to identify certain personal aspects related to a natural person, to evaluate, in particular, aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location of that natural person to analyze or predict this.
Pseudonymization"Pseudonymization" is the processing of personal data in a way that the personal data can no longer be assigned to a specific person without the use of additional information, provided that this additional information is separate and subject to technical and organizational measures to ensure that that the personal data cannot be assigned to an identified or identifiable natural person.
File system"File system" is any structured collection of personal data that is determined by certain criteria regardless of whether this collection is centralized, decentralized or organized by functional or geographic point of view.
Responsible"Responsible person" means a natural or legal person, public authority, institution or other body, who alone or together with others decides about the purposes and means of processing personal data; should the purposes and means of this processing be predefined by the Union law or the law of the member states specific criteria of its designation can be made under Union law or national law of member states.
Processor"Processor" means a natural or legal person, public authority, institution or body, that processes personal data on behalf of the person responsible.
Receiver"Recipient" means a natural or legal person, public authority, institution or other body to whom personal information, regardless of whether it is a third party or not is disclosed. Authorities operating under a specific mission under the Union law or the law of the member states may receive personal data, however, are not considered recipients; the processing of this data by the said authorities takes place in accordance with applicable data protection legislation as per the purpose of processing.
Third party"Third party" means a natural or legal person, public authority, institution or agency, other than the person affected, the person responsible, the processor and the persons working under the direct responsibility of the person responsible or the processor who are ordered to process personal data.
ConsentA "consent" of the data subject is any information voluntarily given for the particular case, wise and unequivocal statements of intent in the form of a statement or other clear affirmative act by which the person concerned indicates that he or she agrees with the processing of personal data concerning him- or herself.
Legality of processing
The processing of personal data is only legal if there is a legal basis for processing. The legal basis for the processing may, in accordance with Article 6 (1) lit. a – f GDPR be, in particular:
- The data subject has given his/her consent to the processing of the personal data for one or more specific purposes;
- processing is required for the fulfillment of a contract to which the data subject is a party, or required to carry out pre-contractual action, respectively at the request of the data subject;
- the processing is necessary to fulfill a legal obligation that the person responsible is subject to;
- the processing is necessary to protect vital interests of the person concerned or to protect another natural person;
- the processing is necessary for the performance of a task of public interest or takes place in the exercise of public authority delegated to the person responsible;
- the processing is necessary for the protection of the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh these interests, especially if the person concerned is a child.
Information about the collection of personal data
(1) Below, we inform about the collection of personal data when using our website. Personal data is e.g. name, address, e-mail addresses, user behavior.
(2) When contacting us via e-mail or using the contact form (https://photoeditorsdk.com/pricing) the information provided by you (your e-mail address, if applicable, your name and your telephone number) will be saved by us to answer your questions. We delete the data arising in this context after the storage is no longer required, or the processing is restricted, if legal retention requirements exist.
Collection of personal data when visiting our website
In the case of merely informative use of the website, i.e. if you do not register or otherwise submit information, we collect only the personal information that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically required to show you our website and to provide stability and security (legal basis is Article 6 (1) (1) (f) GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access status/HTTP status code
- Each transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software
(1) In addition to the aforementioned data, when using our website, cookies are stored on your computer. Cookies are small text files on your hard drive that are stored in relation to your browser and through which information is transmitted to the location that sets the cookie. Cookies cannot run programs or transfer viruses onto a computer. They serve to make the internet more user-friendly and effective overall.
(2) This website uses the following types of cookies, the scope and operation of which are explained below:
- Transient cookies (see a.)
- Persistent cookies (see b.)
- Transient cookies are automatically deleted when you close the browser. These include especially the session cookies. These store a so-called session ID, with which it can assign different requests from your browser to the shared session. This way, your computer can be recognized when you return to our website. The session cookies will be deleted when you log out or close the browser.
- Persistent cookies are automatically deleted after a specified period of time, which can differ depending on the cookie. You can change the cookies in the security settings of your browser delete them at any time.
- You can configure your browser settings according to your wishes and e.g. decline the acceptance of third-party cookies or all cookies. So-called "Third Party Cookies" are cookies that have been set by a third party, consequently not by the actual website on which you are currently located. We point out that by disabling cookies, you may not be able to use all features of this website.
More features and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you use if they are of interest. To do this, you will usually need to provide other personal information that we use for the respective service and for which the aforementioned principles of data processing are valid.
(2) In part, we use external service providers to process your data. These providers were carefully selected by us and commissioned and are bound by our instructions and are regularly inspected.
(3) Furthermore, we may disclose your personal data to third parties, if action participation, raffles, contracts or similar services offered by us together with partners. More information can be found while disclosing personal data or below in the description of the offer.
(4) Insofar as our service providers or partners are based in a state outside the European Union Economic Area (EEA), we inform you about the consequences of this circumstance in the description of the offer.
Our offer is basically for adults. Persons under 18 should not submit any personal information to us without the consent of the parents or guardians.
Rights of the person concerned
(1) Revocation of consent
If the processing of the personal data is based on a given consent, you have the right to revoke the consent at any time. By revoking the consent, the legality of the processing on the basis of the consent until the revocation is not affected.
For the exercise of the right of withdrawal, you can always contact us.
(2) Right to confirmation
You have the right to ask the person in charge to confirm whether we are processing personal data linked to your person. The confirmation can be requested at any time via the contact details above.
(3) Right to information
If personal data is processed, you can always request information about this personal data and the following information:
- the processing purposes;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal information has been disclosed or is yet to be disclosed, in particular to beneficiaries in third countries or at international organizations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to rectification or erasure of your personal data or restriction of processing by the controller or right to object to this processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data is not collected by the data subject, all available information about the origin of the data;
- the existence of automated decision making including profiling according to article 22 paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved, and the implications and intended implications of such processing for the affected person.
If personal data is transmitted to a third country or to an international organization, then you have the right to be informed about appropriate warranties under Article 46 GDPR in connection with the transfer. We provide a copy of the personal data that is the subject of processing. For all other copies that you request, we can charge a reasonable fee on the basis of administrative costs. If you send the request electronically, the information needs to be provided in a common electronic format, unless otherwise stated. The right to receive a copy in accordance with paragraph 3 shall not violate the rights and freedoms of any other person affect.
(4) Right to rectification
You have the right to request promptly rectification incorrect personal data. Taking into account the purposes of processing, you have the right to completion of incomplete personal data - also by means of a supplementary statement – to desire.
(5) Right to cancellation ("right to be forgotten")
You have the right to ask the person responsible to immediately delete your personal data, and we are obliged to delete personal data immediately, if one of the following is true:
- The personal data are no longer necessary for the purposes for which they are collected or otherwise processed.
- The data subject revokes their consent to the processing referred to in Article 6 (1) (a) or 9 (2) (a) GDPR and there is a lack of other legal basis for the processing.
- The data subject submits an objection to the processing in accordance with Article 21 (1) GDPR and there are no legitimate reasons for the processing, or the data subject submits an objection to the processing in accordance with Article 21 (2) GDPR.
- The personal data were processed unlawfully.
- The deletion of personal data is required to fulfill a legal obligation under Union law or the law of the Member States, the person responsible is subject to.
- The personal data was provided in relation to the services offered by Information Society pursuant to Article 8 (1) GDPR.
If the person responsible has made the personal data publicly available and is, under paragraph 1 obligated to their deletion, he takes into account the available technology and the implementation costs of appropriate measures, including technical measures, to inform the responsible person who processes the personal data that an affected person has requested of them to delete all links to this personal data or of their copies or has requested replicas of this personal information.
The right to deletion ("right to be forgotten") does not exist if the processing is required:
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation which complies with the processing of such data under Union or national law Member State to which the controller is subject or for the performance of task of public interest or in the exercise of official authority, which was transferred to the person responsible;
- for reasons of public interest in the field of public health as referred to in Article 9 (1) 2 letters h and i and Article 9 (3) GDPR;
- for archival purposes of public interest, scientific or historical research purposes, statistical purposes or in accordance with Article 89 (1) of the GDPR, in so far as the Paragraph 1 is likely to make it impossible to achieve the objectives of this processing makes or seriously affects them, or
- to assert, exercise or defend legal claims.
(6) Right to restriction of processing
You have the right to restrict us from processing your personal data if one of the following conditions is met:
- the accuracy of the personal data is disputed by the data subject for a period of time that allows the person responsible to verify the accuracy of the personal information,
- the processing is unlawful, and the data subject rejects the deletion of the personal data and instead demands limitation of the use of personal information;
- the person responsible for the personal data no longer requires them for the purpose of processing, however, the data subject requires them to assert, exercise or defend legal claims, or
- the person concerned objects to the processing pursuant to Article 21 (1) of the GDPR as long as it is not known whether the legitimate reasons of the person responsible over those of the person concerned outweigh.
If the processing has been restricted in accordance with the above conditions, this personal data - apart from its storage – will only be processed with the consent of the data subject or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
In order to exercise the right to limit processing, the data subject may at any time contact us by using the contact details above.
(7) Right to data portability
You have the right to have the personal data relating to you, which you provided to us, in a structured, popular and machine-readable format, and you have the right to transmit this data to another responsible person without hindrance by the person responsible, to whom the person data has been provided, as long as:
- processing on consent is in accordance with Article 6 (1) (a) or Article 9 (2) Subparagraph (a) or based on a contract pursuant to Article 6 (1) (b) GDPR; and
- the processing is done using automated procedures.
When exercising the right to data portability under paragraph 1, you have the right to transmit the personal data directly from one person responsible to another person responsible as far as technically feasible. The exercise of the right to data portability leaves the law to be deleted ("right to be forgotten"). This right does not apply to a processing which is necessary for the performance of a task that is in the public interest or in the exercise of public authority, which has been assigned to the responsible person.
(8) Right to object
You have the right, for reasons that arise from your particular situation, to object against the processing of personal data relating to you under Article 6 (1) (e) or f GDPR at any time; this also applies to profiling based on these provisions. The responsible person no longer processes the personal data, unless he can demonstrate legitimate grounds for the processing that outweigh the interests, rights and freedoms of the person concerned, or the processing is for assertion, exercise or defense of legal claims.
If personal data is processed to operate direct advertisement, you have the right to object to the processing of personal data concerning you for the purpose of such processing at any time; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing/advertisement purposes, the personal data will no longer be processed for these purposes.
Regarding the use of information services, you can, regardless of Directive 2002/58 / EC, exercise your right of objection by means of automated procedures in which technical specifications are used.
You have the right, for reasons that arise from your particular situation, to object against processing of your personal data related to scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1), unless the processing is necessary to fulfill a public interest task.
The right of objection can be exercised at any time by contacting the respective person responsible.
(9) Automated decisions on a case-by-case basis, including profiling
You have the right not to be subjected to a decision that solely relies on automated processing - including profiling - which has legal effect on you or affects you in a similar manner. This does not apply if the decision:
- is required for the conclusion or performance of a contract between the person concerned and the responsible person
- by legislation of the Union or of the Member States to which the person responsible is permissible, and that such legislation shall take appropriate measures to safeguard rights or freedoms and the legitimate interests of the data subject or
- with the expressed consent of the data subject.
The responsible person takes appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person on the part of the responsible person, of statement of the own point of view and of contestation of the decision.
This right may be exercised by the data subject at any time by contacting the respective person responsible.
(10) Right to complain to a supervisory authority
You also have, without prejudice to any other administrative or judicial remedy, the right to complain to a supervisory authority, in particular in the Member State of your residence, your place of work or the place of alleged infringement if the person concerned is of the view that the processing of personal data concerning them is contrary to this regulation.
(11) Right to effective judicial remedy
You have, without prejudice to any available administrative or extrajudicial remedy including the right to complain to a supervisory authority under Article 77 of the GDPR, the right to an effective judicial remedy, if you are of the view that the rights given to you by this regulation was violated by a non-compliance with the regulations for processing of personal data.
Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and saved there. In case of activation of IP anonymization on this website, your IP address will be previously abbreviated by Google within Member States of the European Union or in other contracting States to the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and will be shortened there. On behalf of the operator of this site, Google will use this information to evaluate your use of the website in order to submit reports about the website, to put together other activities related to website usage and internet usage and provide services to the website operator.
(2) The IP address transmitted in the context of Google Analytics by your browser will not be merged with other data by Google.
(3) You may prevent the saving of cookies by setting your browser software accordingly; however, we point out that you may not be able to fully use all the features of this website in this case. You can also prevent the capture of data generated through the cookie and related to your use of the website (including your IP address) to Google and prevent Google from processing this information by using the link below to download and install a browser add-on:https://tools.google.com/dlpage/gaoptout?hl=en.
(4) This website uses Google Analytics with the extension "_anonymizeIp ()". This will cause IP addresses to be further processed shortened, a person-relatedness can hereby be excluded. As far as the data collected about you has a personal reference, this will be excluded, and the personal data will be deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. With the statistics, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal information is transferred to the US, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Legal basis for the use of Google Analytics is Art. 6 para. 1 p.1 lit. f GDPR.
(6) Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
(7) This website also uses Google Analytics for a cross-device analysis of visitor streams which are carried out via a user ID. You can disable cross-device analysis of your usage in your customer account under "My Data“, "Personal Information".
Use of social media plugins
(1) We are currently using the following social media plug-ins: [Facebook and Twitter]. We use the so-called two- click solution. When visiting our site, initially, no personal information is send to the provider of the plug-in. You can recognize the provider of the plug-in by looking above the mark on the box above its initial letter or logo. We give you the possibility to communicate directly with the provider of the plug-in via this button. Only if you click the highlighted box and thus enable it, the plug-in provider will get the information that you visited the corresponding website of our online service. In addition, the data mentioned in § 3 of this Declaration will be sent. In the case of Facebook, according to the respective provider in Germany, the IP address is anonymized immediately after data collection. By activation of the plug-in, your personal data will be transmitted from you to the respective plug-in provider and saved there (for US American providers in the US). Because the plug-in provider's data collection is mainly via cookies, we recommend that you click on the grayed-out box above the security settings of your browser to clear all cookies.
(2) We neither have influence on the collected data and data processing operations, nor do we know the full scope of data collection, the purpose of processing, and the retention periods. Also, for the deletion of data collected by the plug-in provider there is no information available to us.
(3) The plug-in provider saves the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or tailor-made design of their website. Such an evaluation takes place in particular (also for non-logged in users) for the representation of needs-based advertising and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, however, in order to exercise this right, you need to contact the respective plug-in provider. Through these plug-ins, we offer you the opportunity to interact with social networks and other users in order to improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.
(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider’s service, your data collected from us will become directly associated with your existing account with the plug-in provider. If you press the activated button and e.g. link the page, the plug-in provider also stores this information in your user account and shares it with yours contacts publicly. We recommend that you regularly log off from your social network, but especially before activating the button, as this prevents an assignment to your profile at plug-in provider’s service.
(5) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the following privacy statements of these providers. There, you can also get more information about your rights and settings options for the protection of your privacy.
(6) Addresses of the respective plug-in providers and URL to their privacy notices:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php; further information about the data collection: https://www.facebook.com/help/186325668085084, https://www.facebook.com/about/privacy/your-info-on-other#applications, as well as https://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US privacy shield,https://www.privacyshield.gov/EU-US-Framework.
- Twitter, Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is subject to the EU-US Privacy Shield,https://www.privacyshield.gov/EU-US-Framework.
Use of the Facebook pixel and the Twitter pixel
(1) With your consent, you can subscribe to our newsletter, which will inform you about our current interesting offers. The advertised goods and services can be found in the Declaration of consent.
(2) To register for our newsletter, we use the so-called double opt-in procedure. It means that after your registration, we will send you an e-mail to the given e-mail address, in which we will ask you to confirm that you wish to receive the newsletter. If your confirmation doesn’t take place within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. Purpose of this procedure is to prove your registration and, if need be, to clear up a possible abuse of your personal data.
(3) The only requirement for sending the newsletter is your e-mail address. The indication of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we save your email address for the purpose of sending the newsletter. Legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe. You can declare the cancellation by clicking on the link provided link in each newsletter e-mail, via e-mail. mail to firstname.lastname@example.org or by sending a message to the contact details provided in the imprint.
(5) We point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent include so-called web beacons or tracking pixels, which display one-pixel image files stored on our website. For the evaluations, we link the data mentioned above and the web beacons to your e-mail address and an individual ID. The data will be collected exclusively pseudonymized, so the IDs will not match your other personal information, a direct association to your person is excluded. You can object this tracking anytime by clicking on the separate link provided in each e-mail or via informing us in another way. The information will be stored as long as you are subscribed to the newsletter. After logging out, we store the data purely statistically and anonymously.
(6) We use an external service provider for sending newsletters. With the service provider was A separate order processing is closed to protect your personal information guarantee. Currently we work together with the following service provider:
The Rocket Science Group LLC d/b/a MailChimp
675 Ponce De Leon Ave NE, Suite 5000
Atlanta, Georgia 30308
Tel.: +1 404 806-5843
The following data is transmitted to MailChimp:
- e-mail address
- IP address
MailChimp or the parent company The Rocket Science Group LLC is certified as part of the US-EU Privacy Shield Agreement, thereby ensuring that the European level of data protection is adhered to. The current status of the certification can be checked under the following link:
Use and use of Google Fonts
Use of our paid PESDK Dashboard
(1) If you want to order on our website, it is necessary for the contract that you provide your personal information, which we need for the processing of your order. Information necessarily required for the processing of the contracts is marked separately, other information is optional. The information provided by you is used for the processing of your order. For this, we can pass on your payment details to our bank. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. You can voluntarily create a customer account, through which we can save your data for later purchases. At the creation of an account under "My Account", the data you provide will be stored precariously. All additional data, including your user account, can always be deleted in the customer area.
(2) We are required by commercial and tax law, to save your address-, payment- and order-data for a period of ten years. However, we restrict processing after two years, meaning your data will only be used to comply with legal obligations.
(3) To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.
(4) Upon completion of the order, we collect the following data: name, email, country and address via the credit card billing service Stripe. We do not store any data on our server.
Use of external payment service providers
(1) We offer several payment methods for the use of the web shop and we use different payment service providers. Depending on which payment method you choose, different data is transmitted to the respective payment service provider. The legal basis for the Transmission is Art. 6 para. 1 p. 1 lit. a GDPR. Below we list our payment service providers:
As soon as the customer logs in or registers with us, the customer's data will be send to our backend temporarily. These information are the company name, the e-mail address, the subscription ID and the payment. There is a direct exchange with the Third Party Stripe (see part about it above). At the request of the customer we delete the data of the customer immediately.