13. Disclosure to third parties
13.1. Principles
We will only pass on your personal data – and will inform you appropriately – in compliance with the applicable data protection laws to service providers, business partners, affiliated undertakings and other third parties.
We may disclose personal data to service providers working on our behalf and require them to perform services in our name (order processing). These service providers may be affiliated undertakings of picturemaxx or external service providers. In this context we comply with stringent national and European data protection regulations. These service providers are bound by our instructions and are subject to stringent contractual limitations on the processing of personal data. Accordingly, data may only be processed if this is necessary for the performance of services in our name or in order to comply with legal requirements. We stipulate precisely and in advance the rights and obligations of our service providers in relation to personal data.
We may disclose personal data to a third party if we are required to do so by law or in legal proceedings or in order to supply and manage our products and services. We may also be required to provide information to law enforcement agencies or other public authorities. We are also authorised to release data if such disclosure of information is necessary for the purposes of collaboration and thus of providing picturemaxx services to you or if you declare your consent to such disclosure. Disclosure can also rarely be avoided in the course of tax audits.
13.2. Server housing
Our website and thus also your data are housed on picturemaxx’s servers with QSC AG ("QSC"), Mathias-Brüggen-Str. 55, 50829 Cologne in Munich, Germany. QSC may only access the servers or respectively the data on the servers in accordance with our instructions (order processing). QSC also adopts stringent technical measures to protect your personal data. Your data are held exclusively on picturemaxx servers in Germany and QSC has only access to those servers in a case of emergency and only in line with our instructions.
The processing of your data is legitimate under Article 6 (1) sentence 1 f) GDPR. The purpose of processing data is that QSC provides the premises and infrastructure to run the picturemaxx servers. More information about data protection and the period for which your data etc. are stored by QSC is available at: https://www.qsc.de/de/datenschutz/
13.3. Amazon
For the provision of cloud infrastructure services, picturemaxx uses the services of Amazon Web Services Inc. ("Amazon"), 410 Terry Avenue North, Seattle WA 98109, United States. Amazon may only use the data in accordance with our instructions (order processing). Amazon also adopts stringent technical measures to protect your personal data. Amazon does not pass on your personal data to third parties unless this is necessary in order to perform the agreed services or if Amazon is required to do so by law or to comply with a valid and mandatory instruction issued by a government or regulatory authority. The data provided for this purpose are kept to a minimum. In some circumstances, Amazon may also store the information in countries outside the EEA. Amazon will, however, take the necessary steps to ensure that an appropriate level of data protection is maintained. If Amazon sends your data to the United States, for example, additional measures are taken, such as concluding EU-compliant data transmission agreements with the data importer if this is necessary. Amazon participates in the EU-US Privacy Shield Framework.
The processing of your data is legitimate under Article 6 (1) sentence 1 f) GDPR. The purpose of processing data is that Amazon does to store picturemaxx’s data on Amazon servers.
The duration of the data storage depends on the legal storage obligations.
More information from Amazon about data protection is available at:
https://aws.amazon.com/compliance/eu-data-protection/?nc1=h_ls.
13.4. Salesforce
picturemaxx stores and uses the data you provide on the website in systems of salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany ("Salesforce") for the purposes of customer relationship management ("CRM"). Salesforce may only access the data in accordance with our instructions (order processing). Salesforce also takes strict technical measures to protect your personal information. Salesforce will not disclose your personal data to third parties unless such disclosure is necessary to complete the agreed services or Salesforce must do so in order to comply with the law or a valid and binding directive from a government or supervisory authority. The data transmitted for this purpose is limited to the necessary minimum. The legal basis for the processing of your data is Article 6 (1) sentence 1 f) GDPR. The purpose of data processing is for Salesforce to help us with CRM. The duration of the data storage depends on the legal storage obligations.
For more information about Salesforce's privacy practices, please visit: https://www.salesforce.com/uk/company/privacy/
13.5. Other service providers
Other picturemaxx service providers that are recipients of personal data are our freelancers, who support us in the following areas:
- Customer support
- Administration
- Development
- Programming
- CRM
These service providers are also obliged within the framework of order processing agreements in accordance with Section 14.1.
The legal basis for the processing of your data is Article 6 (1) sentence 1 f) GDPR. The duration of the data storage depends on the legal storage obligations.