Thank you for visiting our websites and your interest in our company and products.
The protection of personal data is very important to us. We want to offer you comprehensive services while at the same time protecting your privacy.
Please note therefore our Privacy Policy, given below.
Content
01. General information about the collection of personal data
02. Contact details
03. Explanations of the legal bases and period of storage
04. Your rights
05. Visits to the picturemaxx website and creating of log files
06. Registration for "my-picturemaxx"
07. Newsletter
08. TELL A FRIEND function
09. Contact form
10. Use of cookies and analysis procedures
11. Use of Google Maps
12. Social Media Links
13. Disclosure to third parties
14. Security standards
15. Changes to this statement
1. General information about the collection of personal data
picturemaxx AG ("picturemaxx") attaches great importance to the protection of your personal data. This Data Protection Statement describes how picturemaxx ("we", "us" and "our") uses and protects personal data collected at www.picturemaxx.com and at other websites and SaaS solutions which we offer ("picturemaxx website").
Personal data are all data which might refer to you personally, including for example your form of address, name, address, e-mail address, IP address, etc. We only collect and process your personal data in compliance with the provisions of the EU General Data Protection Regulation ("GDPR") and other provisions of European and applicable national data protection law.
Personal data is only collected and used with your consent or if the processing of such data is permitted by law. The following provisions provide information about the type, scope and purpose of the collection and processing of your personal data.
In the event that we make use of the services of a processor for the purpose of providing specific functions of our services or if we use your data for advertising or analysis purposes, we will also inform you in detail in the following about the action taken. We also provide information about the stipulated criteria for and the period of storage. We also inform you about your rights with regard to every kind of data processing.
This Data Privacy Policy refers exclusively to our picturemaxx website. If links on our picturemaxx website take you to third-party websites, please find out how your data are used at such websites.
Contact
2. Contact details
2.1. Name and address of the person responsible for data processing
picturemaxx is the responsible legal person for data protection within the meaning of the GDPR and under all other applicable EU data protection law ("controller"). If you have any questions, suggestions or criticisms relating to data protection regarding our website, please contact:
picturemaxx AG
Stefan-George-Ring 2
81929 Munich
Email: info@picturemaxx.com
2.2. Name and address of the data protection officer
Anyone affected (“data subject”) can contact our data protection officer directly with questions and suggestions at any time. Contact details of the data protection officer:
PROLIANCE GmbH
Leopoldstr. 21
80802 Munich
Germany
Email: datenschutzbeauftragter@datenschutzexperte.de
When contacting the Data Protection Officer, please state the company to which your enquiry relates, here "picturemaxx AG". Please, avoid including sensitive information in your request, such as a copy of an identity card etc.
3. Explanations of the legal basis and period of storage
3.1. Legal basis for the processing of personal data
In the event that we asked for your consent for processing of your personal data Article 6 (1) sentence 1 a) GDPR is the legal basis for processing your personal data. You are entitled to withdraw any consent you have given at any time with effect for the future.
Under Article 6 (1) sentence 1 b) GDPR, the processing of your personal data is legitimate if such processing is necessary for the performance of a contract with you or your company. This also applies to all processing operations which are relevant prior to entering into a contract.
Under Article 6 (1) sentence 1 c) GDPR, the processing of your personal data is legitimate if such processing is necessary for compliance with one of our legal obligations.
Under Article 6 (1) sentence 1 f) GDPR, the processing of your personal data is legitimate if such processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
3.2. Period of storage and erasure of data
Any personal data which we collect, process and store will be kept by us for as long as there is a specific purpose for such storage. Your data will be erased or their processing restricted as soon as the specific purpose for which they were stored no longer applies.
It is possible, however, that European regulations, applicable national laws or other rules may require us to store data which we have processed for a longer period of time. We will erase or restrict the processing of your data when these periods of storage have expired.
Right to object
4. Your rights
For the purposes of the GDPR you are the data subject of any of your personal data which we process. As a data subject you have the following rights with regard to picturemaxx:
4.1. Right of access by the data subject
You have the legal right to request information about whether we are processing your personal data. If this is the case, you have the right to be informed about the extent to which your personal data are being processed.
4.2. Right to rectification
You have the right to obtain from picturemaxx the rectification of inaccurate personal data concerning you and/or to have incomplete personal data completed.
4.3. Right to restriction of processing
In certain circumstances you have the right to restrict the processing of your personal data.
4.4. Right to erasure
In certain circumstances you have the right to obtain from picturemaxx the erasure of personal data concerning you without undue delay. The right to erasure does not apply if processing is necessary.
4.5. Notification obligation
If you have asserted your right to rectification, erasure or restriction to picturemaxx, picturemaxx must communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
4.6. Right to data portability
You have the right to receive, in a structured, commonly used and machine-readable form, any personal data concerning you which you have provided to picturemaxx. You also have the right in certain circumstances to transmit those data to another company without hindrance from picturemaxx to which the personal data have been provided initially.
4.7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Article 6 (1) sentence 1 f) GDPR. picturemaxx may then no longer process the personal data relating to you unless picturemaxx demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If the personal data relating to you are processed for the purposes of engaging in direct advertising, you have the right to object at any time to the processing of your personal data for such advertising purposes. You can inform us of such objection by contacting us as follows:
picturemaxx AG
Stefan-George-Ring 2
81929 Munich
Email: dataprotection@picturemaxx.com
4.8. Right to withdraw the consent
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legitimateness of processing based on consent before its withdrawal.
4.9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Cookies
5. Visits to the picturemaxx website and creation of log files
Our system automatically collects data and information from your computer system every time you visit our picturemaxx website. The following data are then collected:
-
Information about the type of browser you are using
-
Information about your operating system
-
Information about your internet service provider
-
Your IP address
-
The date and time of your visit to our website
-
Information about the website from which your system has reached our website
-
Information about the website which you access from our website
The data which we collect on you are stored in our system's log files. As a rule, these data are not stored with other personal data. One exception to this rule is the information collected by us about your browser settings.
The temporary storage of data and log files is legitimate under Article 6 (1) sentence 1 f) GDPR. We have a legitimate interest in collecting and temporarily storing the data referred to because temporarily storing the IP address by the system is necessary in order to deliver the website to your computer.
Data are stored in log files to ensure the functioning of the website. This information is also used to optimise our website and to warrant the security of our information technology systems. Your log files are not assessed for marketing purposes.
The data will be erased or altered in a way that prevents them being assigned to you as soon as they cease to be necessary for the purposes referred to here. Data which are stored in log files are erased after 30 days.
my-picturemaxx
6. Registration for "my-picturemaxx"
6.1. Processing by picturemaxx
In addition to downloading and installing, our "my-picturemaxx" software can only be used by registering using a form provided by us directly in "my-picturemaxx". When you register you will be required to provide certain mandatory data in addition to voluntary information; these types of data are identified separately. Such data includes but is not limited to
-
Your user name
-
Your name
-
Your address
-
Your country of origin or that of your company
-
Your e-mail address
-
Your password
We use, store, and process this data because this is necessary in order to establish, define the contents of, or amend the contractual relationship between you and picturemaxx as well as for claiming and settling the relevant services.
If we provide you with “my-picturemaxx” as part of a free of charge or paid test phase, we process the aforementioned data, as this is necessary for the accurate assignment of the test access and for the implementation of the established usage relationship. In addi-tion, we have a legitimate interest in promoting the sales of “my-picturemaxx” and in preventing repeated use of test phases instead of fee-based services.
The legal basis for the aforementioned data processing in “my-picturemaxx” is article 6(1)(1)(b) and (f) GDPR.
We delete your data insofar as it is no longer required for the stated purpose and no contractual or legal retention periods exist.
6.2. Disclosure to third parties
If you permit links to be made to administrators or customers via "my-picturemaxx", your user name, your first and family name, your address (including country) and your e-mail address are being displayed to this group of people for administrative purposes and for settlement in a separate protected area of "my-picturemaxx".
Only if you operate "my-picturemaxx" on your own account or you are an administrator/main contact person in your own company/organisational unit your first and your family name, your position and the e-mail address and contact data of your company/organisational unit are passed on to the partner making an offer via "my-picturemaxx" ("media provider") for the purpose of entering into a contract and agreeing the use of the researched media material. Directly after your registration we will send your data to our media providers in order to introduce you to them. For the transmission to third parties, we will ask for your prior consent. You can withdraw your consent at any time - with effect for the future. After your registration we only will forward your data exclusively to our media-providers for contract processing purposes.
Please note that some of our media providers are located in unsecure third countries (e.g. the USA and - in the case of an unregulated Brexit - in the UK, and others). By registering, you confirm that you are in agreement with this.
The processing of data as stated in “my-picturemaxx” includes Article 6(1)(1)(a), (b) and (f) GDPR and Article 49(1)(1)(a) GDPR. You can revoke your consent at any time; in this case, we will process your data only insofar as there is a legal basis for this.
The processing described above serves primarily to execute the contract. Despite, the picturemaxx-network lives from the fact that the individual participants communicate with each other and learn about the existence of new members, so that picturemaxx also has a legitimate interest in data processing in cases where you have not given your consent.
We erase your data as soon as they are no longer needed for this purpose and if they are not subject to contractual or legal retention periods.
Newsletter
7. Newsletter
7.1. Sending of Newsletters
You can subscribe to a free newsletter on the picturemaxx website. With your consent you will be informed via the newsletter about the latest picturemaxx-software, services and changes to existing products. The data which you enter when subscribing to the newsletter are transmitted to us. These data are usually:
-
Your e-mail address
-
Your name
-
The name of your company
-
Your country or that of your company
-
Any other data you provide voluntarily
We need your e-mail address in order to send you the newsletter and to identify and check that you have given your consent. The information about your country is used to send you the newsletter in the appropriate language. The other information you provide is given voluntarily.
We use the double opt-in procedure to subscribe to our newsletter. This means that, after you have subscribed, we will send an e-mail to the e-mail address given by you asking you to confirm that you wish to receive the newsletter. If you do not confirm your subscription within 24 hours, your information will be blocked and automatically erased after one month. After receiving your confirmation, we store your e-mail address and other data for the purpose of sending the newsletter. This processing is legitimate under Article 6 (1) sentence 1 a) GDPR.
We also store your IP addresses and the time of your subscription and confirmation. The purpose of this procedure is to demonstrate that you have subscribed and to clarify any possible misuse of your personal data. This processing is legitimate under Article 6 (1) sentence 1 f) GDPR.
We erase your data as soon as you or we have ended the subscription for the newsletter. You can cancel the newsletter subscription at any time by withdrawing your consent with effect for the future. There is a link in every newsletter sent to you which you can click to automatically unsubscribe. Alternatively, you can send an e-mail to info@picturemaxx.com or a message to the controller referred to above in this Data Protection Statement.
7.2. Disclosure to third party
Our newsletter is either sent by picturemaxx directly or by one of our service providers (“service provider”): a) Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. b) CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany.
The service provider stores the data entered by you for picturemaxx for the purpose of sending the newsletter. We use the services of the service provider as an order proces-sor.
The services provided by the Germany-based service provider are subject to the GDPR and the stringent requirements of the order processing agreement made with it. Your data are only sent to third parties by the service provider in compliance with the legal requirements of the GDPR.
Under Article 6 (1) sentence 1 f) GDPR, it is legitimate for us to pass on your data (name and e-mail address) to the service provider as we use the service provider’s software to send the picturemaxx newsletter.
We will erase your data as soon as we do not need it anymore for its purposes. You will find more information about data protection at the service provider’s website:
a) https://www.newsletter2go.co.uk/data-protection/ , b) https://www.cleverreach.com/en/privacy-policy/
8. TELL A FRIEND function
We offer you our TELL A FRIEND function on the picturemaxx website. You can use this function to recommend particular pages and information on the picturemaxx website to other people who you think might be interested in our picturemaxx website. After you have clicked the TELL A FRIEND function you can send a link to the website you are recommending and its title to the recipients you have selected from your e-mail address. To do this you must enter the e-mail address of the person in your e-mail program and, if you wish, an additional personal message. We do not use, store or process either your message or your personal data in connection with the TELL A FRIEND function.
Forms
9. Contact form
9.1. Processing by picturemaxx Germany
You can make contact with us by electronic means using the contact form on our website. If you wish to contact us in this way, the data which you enter will be sent to us and stored. This applies to the following data in particular:
-
Your form of address
-
Your full name
-
Your e-mail address
-
Your telephone number (optional)
-
Your company
-
Your country of origin or that of your company
-
The subject of your enquiry
-
The type of enquiry
-
The question and reason for your enquiry
The processing of this data is legitimate under Article 6 (1) sentence 1 a), b) or f) GDPR. We only process any personal data which you enter to deal with your request, which is in our interest. This may involve the initiation of a contract. The data are erased as soon as they are no longer required for the purpose for which they have been collected and provided that they are not subject to any legal or contractual archiving obligations. The conversation has come to an end when it is apparent from the circumstances that the matter being discussed has been finally clarified.
If we have obtained your consent and your data are processed by us for marketing purposes, the following applies: You can withdraw your consent to picturemaxx for the processing or any other use of your personal data at any time with effect for the future. In this case, the conversation cannot be continued. All personal data which are stored when contact is made are then erased if they are not required to be retained by law and if no other legal grounds for processing the data exist.
The following data are also stored at the time you send your message:
-
Your IP address
-
The date and time at which you have made contact
These additional personal data processed during the transmission operation are used to prevent the contact form from being misused and to ensure the security of our information technology systems. Other personal data collected during transmission will be erased after a period of 30 days at the latest. The data are used exclusively to process the conversation. The processing of this data is legitimate under Article 6 (1) b) or f) GDPR.
9.2. Transmission to affiliated international offices
In certain circumstances the data entered by you may be passed on to the picturemaxx international offices, if the thematic and regional content of your enquiry relates to the relevant office (order processing). In this case also picturemaxx remains your first point of contact and you can continue to assert your rights against picturemaxx.
In some circumstances, picturemaxx may transfer the data to countries outside the European Economic Area (EEA), for example to the USA. This is just the case, if picturemaxx employees abroad are the right picturemaxx contact partners to answer your request. picturemaxx will, however, take the necessary steps to ensure that an appropriate level of data protection is maintained. If picturemaxx sends your data to the United States, for example, additional measures are taken, such as concluding EU-compliant data transmission agreements with the data importer, if this is necessary.
By sending off the contact form you declare that you agree to transmission of the data entered in the contact form to regional picturemaxx offices abroad (for example USA), if the thematic and regional content of your enquiry relates to the relevant international office. You may withdraw your consent from picturemaxx at any time with effect for the future.
The transmission of your data is legitimate under Article 6 (1) sentence 1 a) b) and f) GDPR. If your request is related to a foreign picturemaxx office, picturemaxx has an interest in contacting the employees in the foreign offices in order to be able to process your request. We erase your data as soon as they are no longer needed to achieve their intended purpose and if they are not subject to contractual or legal retention periods.
10. Use of cookies and analysis procedures
10.1. Use of cookies and similar technologies
In addition to the data mentioned above, various types of cookies are used and stored on your computer when you use our picturemaxx website.
Cookies are small text files that are stored on your computer or mobile device when you visit our website. Various types of information are provided to us by cookies placed on your devices.
In addition to cookies, some services use so-called “localStorage entries”. A localStorage entry is functionally similar to a cookie. The difference is that localStorage stores information in your browser’s cache. Insofar as services on our website use localStorage, we expressly point this out in this privacy policy.
In addition, some services also use so-called “tracking pixels”.
Some services use so-called “device and browser fingerprinting”. That involves attempting to identify website visitors based on specific settings of the respective browser / the device used to access the website.
Insofar as we obtain consent to the storage of that information in your end device, § 25 par. 1 of the German Telecommunications Act (Telekommunikationsgesetz – TDDDSG) is the relevant legal basis for that purpose. The same applies if the information already stored in your end device is accessed.
If the sole purpose of the storage or the access is to carry out the transfer of a message via a public telecommunications network, the legal basis is § 25 par. 2 No. 1 TDDDSG.
If the storage or the access are absolutely necessary for us to be able to provide a service explicitly desired by you, § 25 par. 2 No. 2 TDDDSG is the relevant legal basis.
Below we inform you about relevant legal bases in specific cases. The subsequent processing of personal data is underpinned by one of the legal bases under the GDPR specified in section 3.1.
On our digital investor portal we install the types of cookies specified below.
Strictly necessary cookies
For proper operation of our website and display of content, certain cookies are technically essential for us to display our website to you at all. These “strictly necessary cookies” cannot be deselected because our website cannot be offered without them.
Cookies and similar technologies for statistics and external content
We use cookies to record the use of our website statistically. You do not have to select these cookies.
Cookies and similar technologies from external services are used to expand and optimize the functionality of our website and to make it more convenient for you to use. You do not have to accept the cookies and similar technologies used for this purpose, but if you do not, you will be unable to use the extended functions. You can also adjust the cookie settings in your browser. However, this could limit the functionality of our site. The same applies to localStorage entries, which you can delete from your browser cache.
10.2. Objection / Revocation of consent
Cookies are stored on your computer. You can decide to delete the cookies from your computer at any time. Through the settings in your browser, you can determine yourself whether the transmission of information by cookies from your computer to us should be disabled, restricted or the cookies should even be deleted completely. If you disable all cookies for our website, it may no longer be possible to use all the functions of the website to their full extent. In addition, you have the option to adjust your cookie settings directly on our website: if you have given your consent to cookies and other technologies, you can revoke this at any time on our Consent Management Platform by switching the corresponding button to “Off”.
10.3. Consent Management Platform - Usercentrics
We use the Usercentrics consent management platform on our website to control cookies and in order to fulfil our documentation obligations under data protection laws with regard to consent to cookies. Our use of Usercentrics serves the purpose of obtaining effective consents. Usercentrics may only access the data within the limits of our instructions (contract processing).
Processing company: Usercentrics GmbH, Sendlinger Straße 7, 9099 Munich, Germany
Purposes of the data processing:
-
Compliance with statutory obligations
-
Storage of the consent
Technology employed:
-
Local storage
-
Cookies
Collected data:
-
Browser information
-
Opt-in and opt-out data
-
Request URLs of the website
-
Site path of the website
-
Geographical location
-
Date and time of the visit
-
Device information
Legal basis: § 25 par. 2 TDDDSG, Article 6(1) point c) GDPR
Location of the processing: The European Union (the consent database is located in Belgium)
Retention period: The consent data (consent and revocation of the consent) is stored for three years. The data is then immediately deleted or, on request, passed on to the responsible person in the form of a data export.
Forwarding to third countries: This service may forward the recorded data to another country. Please note that this service may forward data outside the European Union and the European Economic Area (see list below). An adequate level of data protection is ensured through standard contractual clauses / an appropriate adequacy decision.
-
The United States of America
Data recipients:
-
Usercentrics GmbH
-
Alphabet Inc.
-
Auth0 Inc.
Privacy policy of the processing company: You can find further information on data protection at Usercentrics at: https://usercentrics.com/privacy-policy/
10.4. Wix homepage builder
We use the web host and homepage builder tool “Wix” provided by Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel (website: https://www.wix.com; privacy policy: https://www.wix.com/about/privacy ). That service installs cookies which are necessary for the correct operation of the website. In detail, the purposes are as follows: Security considerations and combating of fraud, login management, system monitoring/troubleshooting, cookie consent management, measurement of system performance, lan-guage settings. You can find more information on the cookies used by Wix at https://support.wix.com/en/article/cookies-and-your-wix-site .
The legal basis for the use of Wix is § 25 par. 2 No. 2 TDDDSG and Article 6(1) point f) GDPR.
As a rule, the data is only stored in the EU or in a country with an adequate level of data protection as established by the European Commission. If a data transfer to a third state occurs, it is secured through suitable guarantees (e.g. standard data protection clauses in accordance with Article 46(2) point c) GDPR). Data transfers to the USA to Wix.com Inc. and its affiliates, including DeviantArt Inc., are secured through the adequacy decision of the European Commission on the basis of the EU-U.S. Data Privacy Framework in accordance with Article 45(3) GDPR. The US companies are certified accordingly under the Framework.
You can find more information on data protection at Wix at https://www.wix.com/about/privacy .
10.5. HubSpot
HubSpot is a service that we use for customer management (CRM service). That service supports us with regard to marketing, distribution and after-sales service (e.g. through the management of customer enquiries submitted via different channels). In particular, if you enter data into the contact forms on our website, that data will be transferred to HubSpot.
The service also enables analysis of the use of our online service and provides a live chat function.
HubSpot may only access the data within the limits of our instructions (contract processing). You can access the contract data processing agreement here: https://legal.hubspot.com/de/dpa.
HubSpot also uses the data to improve and further develop its own products and services.
Processing company: HubSpot Inc., Two Canal Park, Cambridge, MA 02141, USA
Purposes of the data processing: Customer management; marketing; preparation of statistics and analyses; improvement of our service.
Technology employed: Cookies
Collected data:
-
Name
-
Contact details (e.g. e-mail, telephone numbers)
-
Form entries
-
Communications data (e.g. entries into the live chat tool)
-
Aggregated usage data
-
Device information (browser type, device identification, device model, operating system of the device)
-
Accessed files and pages
-
Geographical location
-
Internet service provider
-
IP address (pseudonymised)
-
Duration of the site visit
-
Referrer URL
-
Time of the access
Legal basis: Legitimate interests (Article 6(1) point f) GDPR); the performance of a contract and precontractual enquiries (Article 6(1) point b) GDPR). Insofar as we obtain your consent: § 25 par. 1 TDDDSG, Article 6(1) point a) GDPR.
Location of the processing: Worldwide
Retention period: The data is deleted as soon as it is no longer required for the purposes of the processing. Maximum retention period for the cookies: 13 months.
Revocation: You may withdraw your consent at any time with effect for the future by deselecting the unnecessary cookies in your cookie settings.
The legality of the data processing that has occurred on the basis of the consent up to the time of the revocation shall not be affected by it.
Forwarding to third countries: The United States of America. Data transmission to other third countries worldwide is possible.
HubSpot is certified under the EU-U.S. Data Privacy Framework. The data transmission to the United States of America therefore occurs on the basis of the relevant adequacy decision of the European Commission in accordance with Article 45(3) GDPR. We have also concluded standard contractual clauses with HubSpot in order to ensure a European level of data protection.
Data recipients:
-
You can access the list of sub-processors here: https://legal.hubspot.com/sub-processors-page
-
HubSpot partners, see the information in the HubSpot privacy policy (section 3.b) https://legal.hubspot.com/de/privacy-policy
Privacy policy of the processing company: You can find information on data protection at HubSpot at: https://legal.hubspot.com/de/privacy-policy
Cookies: You can check the cookies used here: https://knowledge.hubspot.com/de/privacy-and-consent/what-cookies-does-hubspot-set-in-a-visitor-s-browser
11. Use of Google Maps
This website uses Google Maps API, a map service operated by Google Inc., (“Google”). Google can be contacted at Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. That service enables us to display interactive maps to you directly in the website and enables you to con-veniently use the maps function.
If you visit the picturemaxx website, Google is informed that you have accessed the relevant subpage of our website. The following data is also passed on to Google:
-
Your IP address;
-
The date and time of the enquiry;
-
The content of the request (specific page);
-
Data on your location;
-
Access status/HTTP status code
-
Website from which the request originated;
-
Your browser type;
-
Your operating system and its interface
-
The language setting and version of the browser software.
This occurs irrespective of whether Google provides a user account via which you are logged in or if there is no existing user account. If you are logged into Google, your data will be directly ascribed to your account. If you do not want such ascription to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or needs-based design of its website. Such utilisation occurs, in particular (even for users who are not logged in), for the provision of needs-based, customer-oriented advertising and in order to inform other users of the Google network about your activities on our website. You are entitled to a right of objection to the creation of these user profiles; in order to exercise that right you must contact Google directly.
With regard to this processing, our cooperation with Google occurs on the basis of a joint controller agreement in accordance with Article 26 GDPR. You can find that agreement via the following link: https://privacy.google.com/intl/de/businesses/mapscontrollerterms/
You have the possibility of easily deactivating the Google Maps service and thus preventing the data transfer to Google: For that purpose, deactivate JavaScript in your browser. However, please note that, if you do so, you will not be able to use the map display function.
Data transfer to the USA and other third countries may occur. Google and its affiliates are certified in accordance with the EU-U.S. Data Privacy Framework. The data transmission to the United States of America therefore occurs on the basis of the relevant adequacy decision of the European Commission in accordance with Article 45(3) GDPR. We have also concluded standard contractual clauses with Google in order to ensure a European level of data protection.
We use Google Maps API so that we can offer you a maps function. This is justified under § 25 par. 1 TDDDSG and Article 6(1) point a) GDPR insofar as you have granted us consent in advance. You may withdraw that consent at any time with effect for the future as described above in section 10.2. If you do so, you will no longer to be able to use the Google Maps service.
You can obtain further information on the purpose and scope of the data collection and processing thereof by Google in Google’s privacy policy. There you will also find further information on your rights in this respect and setting options for the protection of your privacy: https://policies.google.com/privacy?hl=en
12. Social Media Links
12.1. General Information
On the picturemaxx website we use the simple social media links described below. In this connection a simple link is provided on the respective website of the social networks. As a result, when you visit the picturemaxx website there is no automatic exchange and no forwarding of personal data to the respec-tive providers of the social media networks. Data is only processed, exclusively by the respective net-works themselves, if you click on the respective link, whereupon a pop-up opens, and then enter your access data of the social network, or if you are already logged in.
You can control which data you release in the networks via the privacy settings available on most social media platforms. Below you can find further information on how to adjust your privacy settings and how external social media sites handle your personally identifiable data:
12.2. Facebook (Meta)
We maintain a corporate profile with Facebook. The (joint) data controller under data protection law for that service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. For persons residing in the USA or Canada it is Meta Platforms, Inc. 1601 Willow Rd. Menlo Park, CA 94025 (“Facebook”).
Facebook may share your information internally, within the Facebook corporate group (transfer to Facebook in the USA) or with third parties. Information collected in the EEA may thus be transferred, for the purposes described in this privacy policy, to countries outside the EEA, for example. According to its own information, Facebook uses standard contractual clauses approved by the European Com-mission. It also implements other measures in accordance with EU laws and obtains your consent to legitimise data transmissions from the EEA to the USA and other countries. Meta Platforms, Inc. is also certified according to the EU-U.S. Data Privacy Framework. The data transmission to the United States of America therefore occurs on the basis of the relevant adequacy decision of the European Commis-sion in accordance with Article 45(3) GDPR.
Facebook transmits to us, as the fan page operator, anonymised statistics and insights (“insights data”). You can find out exactly what insights data is transmitted to us by Facebook here, in the agreement concluded with Facebook (Controller Addendum): https://de-de.facebook.com/legal/terms/page_controller_addendum.
You can find details on the type, scope and purposes of the collection and processing of the data by Facebook and the user’s rights and setting options for the protection of their privacy in Facebook’s privacy policy (https://www.facebook.com/about/privacy.
12.3. X (formerly Twitter)
We use the short messaging service X, formerly Twitter. The data controller under data protection law is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. For persons residing within the USA or Canada it is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”). According to Twitter’s information, the recorded data is also transferred to the USA and other third countries. Twitter itself also uses analysis tools of other companies, e.g. Google Analytics.
According to Twitter’s own information, Twitter uses standard contractual clauses approved by the European Commission. It also implements other measures in accordance with EU laws to legitimise data transmissions from the EEA to the USA and other countries.
https://twitter.com/de/privacy
12.4. LinkedIn
We maintain a corporate profile with LinkedIn. The data controller under data protection law is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For persons residing within the USA or Canada it is LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085 USA (“LinkedIn”). According to LinkedIn’s information, the recorded data is also transferred to the USA and other third countries. LinkedIn uses advertising cookies. LinkedIn itself also uses analysis tools of other companies, e.g. Google Analytics.
According to LinkedIn’s own information, LinkedIn uses standard contractual clauses approved by the European Commission. It also implements other measures in accordance with EU laws to legitimise data transmissions from the EEA to the USA and other countries.
You can find details in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy. You can find the cookie guidelines here: https://de.linkedin.com/legal/cookie-policy
12.5 Xing
We maintain a corporate profile with XING. The data controller under data protection law is New Work SEA, Am Strandkai 1, 20457 Hamburg, Germany (“XING”). According to XING’s information, the rec-orded data is also transferred to third countries. XING uses advertising cookies. XING itself also uses analysis tools of other companies, e.g. Google Analytics.
According to XING’s own information, XING uses standard contractual clauses approved by the Euro-pean Commission. It also implements other measures in accordance with EU laws to legitimise data transmissions from the EEA to other countries.
You can find details in XING’s privacy policy: https://privacy.xing.com/en
12.6. Instagram
We maintain a corporate profile with Instagram. The data controller under data protection law is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”). The information provided with respect to Facebook applies accordingly to Instagram.
You can find out exactly what data is transmitted to us by Instagram here: https://m.facebook.com/legal/terms
You can find details on the type, scope and purposes of the collection and processing of the data by Instagram and the user’s rights and setting options for the protection of their privacy here: https://help.instagram.com/519522125107875
.
12.6. Instagram
We maintain a corporate profile with TikTok. The data controllers under data protection law are TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP (“TikTok”). They are joint controllers. We use TikTok to respond to contact enquiries and for communication and marketing.
You can find details on the data which is recorded when you access TikTok, the scope and purposes of the processing and the user’s rights and setting options for the protection of their privacy in TikTok’s privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de.
According to its own information, TikTok stores the data on servers in the USA, Malaysia and Singapore. Furthermore, companies in the TikTok corporate group can also access the data from other third countries. According to its own information, TikTok guarantees an adequate level of data protection through the conclusion of standard contractual clauses, see https://www.tiktok.com/legal/page/eea/transferee-countries/de.
13. Disclosure to third parties
13.1. Principles
We will only pass on your personal data – and will inform you appropriately – in compliance with the applicable data protection laws to service providers, business partners, affiliated undertakings and other third parties.
We may disclose personal data to service providers working on our behalf and require them to perform services in our name (order processing). These service providers may be affiliated undertakings of picturemaxx or external service providers. In this context we comply with stringent national and European data protection regulations. These service providers are bound by our instructions and are subject to stringent contractual limitations on the processing of personal data. Accordingly, data may only be processed if this is necessary for the performance of services in our name or in order to comply with legal requirements. We stipulate precisely and in advance the rights and obligations of our service providers in relation to personal data.
We may disclose personal data to a third party if we are required to do so by law or in legal proceedings or in order to supply and manage our products and services. We may also be required to provide information to law enforcement agencies or other public authorities. We are also authorised to release data if such disclosure of information is necessary for the purposes of collaboration and thus of providing picturemaxx services to you or if you declare your consent to such disclosure. Disclosure can also rarely be avoided in the course of tax audits.
13.2. Hosting
Our picturemaxx website and therefore also all personal data that arises in connection with the use of our website is hosted on servers of our hosting provider Wix. Wix is operated by Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel (website: https://de.wix.com/; privacy policy: https://de.wix.com/about/privacy). The hosting provided by Wix includes infrastructure and platform services, memory space and database services, as well as security and technical maintenance services. Wix is only permitted to process the personal data which is stored on the servers in accordance with our instructions (contract processing). Wix also implements rigorous technical measures in order to protect your personal data. As a rule, the data is only stored in the EU or in a country with an adequate level of data protection as established by the European Commission. If a data transfer to a third state occurs, it is secured through suitable guarantees (adequacy decision, standard data protection clauses).
The legal basis for the processing of your data is Article 6(1) sentence 1 point f) GDPR. The purpose of the data processing is the provision by Wix of the hosting service for our website. You can find further information on data protection at Wix at https://de.wix.com/about/privacy.
13.3. Amazon
For the provision of cloud infrastructure services, picturemaxx uses the service provided by Amazon Web Services EMEA SARL, Luxembourg (see: https://aws.amazon.com/de/legal/aws-emea#1). Amazon may only access the data within the limits of our instructions (contract processing). Amazon also implements rigorous technical measures in order to protect your personal data. Amazon does not pass your personal data on to third parties unless such forwarding is necessary for the purpose of handling the agreed services or Amazon must do so in order to comply with the law or a valid and mandatory order of a governmental or regulatory authority. The data transmitted for that purpose is limited to the necessary minimum.
We have commissioned Amazon to store the data on servers within the EU / EEA. Amazon may also store the data outside the EEA. If data is transferred outside the EU/EEA, an adequate level of data protection is ensured through suitable guarantees. Amazon.com, Inc. is certified under the EU-U.S. Data Privacy Framework. The data transmission to the United States of America therefore occurs on the basis of the relevant adequacy decision of the European Commission in accordance with Article 45(3) GDPR. We have also concluded with Amazon standard data protection clauses of the European Commission in accordance with Article 46(2) point c) GDPR.
The legal basis for the processing of your data is Article 6(1) sentence 1 point f) GDPR. The purpose of the data processing is for Amazon to provide us with the possibility of storing data on Amazon servers.
We store the data no longer than the period necessary / legally prescribed for the achievement of the purposes of the processing.
You can find further information on data protection at Amazon at:
https://aws.amazon.com/de/compliance/gdpr-center/.
13.4. GoToWebinar
In order to carry out our webinars we use the cloud-based application “GoToWebinar”, a service of GoTo Technologies Ireland Unlimited Company, The Reflector 10, Hanover Quay, Dublin 2, D02R573 (“GoTo”). We have concluded a contract processing agreement with GoTo. We have also concluded so-called standard contractual clauses with GoTo in which GoTo undertakes to process the user data only in accordance with our instructions and to comply with the EU level of data protection.
GoTo processes personal data of participants, where applicable for anonymised statistics. You can find details on the type, scope and purposes of the collection and processing of the data by GoTo and the user’s rights and setting options for the protection of their privacy in GoTo’s privacy policy: https://www.goto.com/de/company/legal/privacy/international.
Purpose of the processing:
GoToWebinar acts as a communication solution for the webinars that we hold.
Types of data:
For registration for our webinars we use GoToWebinar’s registration function. Upon registration the following data is collected from you:
-
Your name;
-
Your e-mail address;
-
Your function and position (optional);
-
Company (optional).
The further data processed by GoTo in connection with webinars is detailed below. Note: We have no direct influence on the collection and processing of that data by GoTo,
for example the duration of the session, the connections created, the hardware, equipment and devices used, IP addresses, location, language settings, the operating system used, unique device identifiers and other diagnostic data.
According to it’s own information, GoTo processes that data for the following purposes: To provide, operate and improve the services. The recorded location-related data is processed for the purpose of the provision, operation and support of the service as well as for the purpose of preventing fraud and monitoring security. Users may deactivate the transfer of location data on mobile devices at any time by deactivating the location data services on their device via the settings menu.
GoTo also uses cookies and similar technologies in order to analyse and improve the use of its services.
You can find further information on possible types of data processed by GoTo at https://www.goto.com/de/company/legal/privacy/international.
Further data processing during webinars:
In order to participate in a webinar you can either log in to GoToWebinar as a guest or register. If you are a registered user of GoToWebinar, GoTo is the sole controller with regard to the registration data.
If you log in as a guest, for us and the participants in the respective webinar only the data that you provide in the course of logging in as a guest (i.e. at least your user name) is visible. If you participate via chat, audio or video, we also record your content in that context. That data is visible for other participants in the webinar.
We have configured GoToWebinar such that the audio and video of the participants is deactivated as a standard setting. You may activate audio and video yourself if you wish.
Legal bases:
As a rule, the processing of your data by us as the controller for the purpose of carrying out webinars occurs on the basis of Article 6(1) point f) GDPR. Our legitimate interests lie in effectively carrying out webinars for interested, voluntary participants.
Location of the data processing:
Upon the use of GoToWebinar, data may be transmitted worldwide to and by associated and non-associated service providers of GoTo and/or be accessible for them. You can find the relevant lists here:
https://www.goto.com/-/media/PDFs/trust%20-%20resource%20center/goto-affiliates-list-pdf
Thus processing of the personal data also occurs in a third country. We have concluded so-called EU standard contractual clauses with GoTo, which are intended to guarantee an adequate level of protection according to EU standards.
Data recipients:
We will generally only pass on your personal data to service providers, business partners and other third parties within the limits of the applicable data protection laws, and will inform you about that in accordance with the statutory requirements.
As a service provider, GoTo is given access to the processed data (unless it is end-to-end encrypted). We have concluded a contract data processing agreement with GoTo in accordance with Article 28 GDPR. Some data is also processed by GoTo independently for its own purposes. Those purposes are detailed in GoTo’s privacy policy : https://www.goto.com/de/company/legal/privacy/international
Data storage period:
As a rule, the personal data collected, processed and stored by us is only stored as long as required for the specific purpose of the storage. Once the purpose of the storage no longer pertains, your data will be deleted / its processing limited.
However, it may also be the case that European regulations, applicable national laws or other regulations require longer storage of the data processed by us. Once those storage periods end, we erase your data or limit the processing thereof.
13.5. Other service providers
Other picturemaxx service providers that are recipients of personal data are our freelancers, who support us in the following areas:
-
Customer support
-
Administration
-
Development
-
Programming
-
CRM
These service providers are also obliged within the framework of order processing agreements in accordance with Section 13.1.
The legal basis for the processing of your data is Article 6 (1) sentence 1 f) GDPR. The duration of the data storage depends on the legal storage obligations.
14. Security standards
picturemaxx has implemented appropriate physical, technical and administrative security standards to protect personal data against loss, misuse, modification or destruction. Our service providers and associated undertakings are contractually committed to safeguarding the confidentiality of personal data. They are also prohibited from using data for purposes not approved by us.
15. Changes to this statement
We may update this Data Protection Statement from time to time. We therefore recommend that you regularly read this Data Protection Statement to ensure that you are familiar with our data protection practice. This Data Protection Statement was last updated on March 10, 2024.