Thank you for visiting our websites and your interest in our company and products.

The protection of personal data is very important to us. We want to offer you comprehensive services while at the same time protecting your privacy.

Please note therefore our Privacy Policy, given below.

1. General information about the collection of personal data

picturemaxx AG ("picturemaxx") attaches great importance to the protection of your personal data. This Data Protection Statement describes how picturemaxx ("we", "us" and "our") uses and protects personal data collected at www.picturemaxx.com, www.my-picturemaxx.com, howto.picturemaxx.com and at other websites and SaaS solutions which we offer ("picturemaxx website").

Personal data are all data which might refer to you personally, including for example your form of address, name, address, e-mail address, IP address, etc. We only collect and process your personal data in compliance with the provisions of the EU General Data Protection Regulation ("GDPR") and other provisions of European and applicable national data protection law.

Personal data is only collected and used with your consent or if the processing of such data is permitted by law. The following provisions provide information about the type, scope and purpose of the collection and processing of your personal data.

In the event that we make use of the services of a processor for the purpose of providing specific functions of our services or if we use your data for advertising or analysis purposes, we will also inform you in detail in the following about the action taken. We also provide information about the stipulated criteria for and the period of storage. We also inform you about your rights with regard to every kind of data processing.

This Data Privacy Policy refers exclusively to our picturemaxx website. If links on our picturemaxx website take you to third-party websites, please find out how your data are used at such websites.

3. Explanations of the legal bases and period of storage

3.1. Legal bases of the processing of personal data

In the event that we asked for your consent for processing of your personal data Article 6 (1) sentence 1 a) GDPR is the legal basis for processing your personal data. You are entitled to withdraw any consent you have given at any time with effect for the future. 

Under Article 6 (1) sentence 1 b) GDPR, the processing of your personal data is legitimate if such processing is necessary for the performance of a contract with you or your company. This also applies to all processing operations which are relevant prior to entering into a contract.

Under Article 6 (1) sentence 1 c) GDPR, the processing of your personal data is legitimate if such processing is necessary for compliance with one of our legal obligations.

Under Article 6 (1) sentence 1 f) GDPR, the processing of your personal data is legitimate if such processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

3.2. Period of storage and erasure of data

Any personal data which we collect, process and store will be kept by us for as long as there is a specific purpose for such storage. Your data will be erased or their processing restricted as soon as the specific purpose for which they were stored no longer applies.

It is possible, however, that European regulations, applicable national laws or other rules may require us to store data which we have processed for a longer period of time. We will erase or restrict the processing of your data when these periods of storage have expired.

8. TELL A FRIEND function

We offer you our TELL A FRIEND function on the picturemaxx website. You can use this function to recommend particular pages and information on the picturemaxx website to other people who you think might be interested in our picturemaxx website. After you have clicked the TELL A FRIEND function you can send a link to the website you are recommending and its title to the recipients you have selected from your e-mail address. To do this you must enter the e-mail address of the person in your e-mail program and, if you wish, an additional personal message. We do not use, store or process either your message or your personal data in connection with the TELL A FRIEND function.

10. To what extent does picturemaxx run website analyses?

10.1. Use of cookies

Whenever you use our picturemaxx website different types of cookies are used and stored on your computer in addition to the data referred to above. Cookies are small text files which are stored on your computer or mobile device whenever you visit our picturemaxx website. These cookies send us various types of information.

We use the following types of cookie:

• Cookies are sometimes necessary for the proper functioning of our website. By setting cookies we can determine, for example, that you have visited our website.
• Cookies enable us to provide you user-friendly services which it would simply be impossible to offer without setting cookies.
• Cookies allow the information and services on our website to be optimised to meet the needs of the user. As already stated, cookies allow us to recognise you when you return to our website. This in turn enables us to make it easier for you to use our website.
• Cookies can also be used to analyse the way the website is used. It is then possible, for example, to determine how many users visit the website and what parts of the website could be improved. However, analysis of this kind does not establish any kind of connection between you and the statistics compiled on the basis of the data which are collected. We will inform you if cookies are used to analyse websites.

Cookies will be stored on your computer. You can decide whether you want to erase the cookies from your computer at any time. You can change the settings in your browser to determine yourself whether the transmission of cookies from your computer to us should be disabled, restricted or whether the cookies should be completely erased. If you disable all the cookies from our website, you may no longer be able to use all the website functions in full. 

The following list provides further information about disabling cookies or managing your cookie settings in the browser which you are using:

• Safari: http://help.apple.com/safari/mac/8.0/#/sfri11471
• Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Internet Explorer / Edge: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
• Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

You will find a list of the cookies we actually use here:

10.2. Consent Management Platform

If necessary, our picturemaxx websites obtain the necessary user consent via the Consent Management Platform Usercentrics. Usercentrics GmbH can be reached at Sendlinger Str. 7, 80331 Munich, Germany. The company's data protection regulations can be found at https://usercentrics.com/privacy-policy/
Data processing purposes are compliance with legal obligations and the storage of consent.
Collected data is device information, browser information, anonymised IP Address, opt-in and opt-out data, date and time of visit.

11. Use of Google Maps

This website uses Google Maps API, a map service from Google Inc. ("Google"). Google can be reached at Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. This enables us to display interactive maps directly on the website and makes it easy for you to use the map functions.

When you visit the picturemaxx website Google receives the information that you have accessed the corresponding subpage of our website. The following data are also sent to Google:

• Your IP address
• The date and time of your enquiry
• The difference in time between your time zone and Greenwich Mean Time (GMT)
• The content of the request (specific page)
• Access status /HTTP status code
• The amount of data transmitted
• Website from which the request originates
• The type of browser you are using
• The operating system you are using and its user interface
• The language and version of your browser software

This is done regardless of whether Google has provided a user account for you to log in with or whether you don't have a user account. If you have logged in through Google, your data are assigned directly to your account. You must log out before visiting the picturemaxx website if you do not wish Google to identify you with your profile. Google stores your data as user profiles and uses them for advertising, market research and/or web design purposes. Such evaluations are carried out in particular (including for users who are not logged in) to provide tailored advertising. You are entitled to object to the creation of this user profile: this right must be asserted against Google directly.

It is simple to disable the Google Maps service and this then prevents data being transferred to Google: Simply disable JavaScript in your browser. However, we do point out that you will then no longer be able to use the map display function.

Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield for this purpose: https://www.privacyshield.gov/EU-US-Framework. The use of Google Maps API is legitimate under Article 6 (1) sentence 1 f) GDPR as processing is necessary for the purposes of the legitimate interests pursued by picturemaxx. We use Google Maps API to be able to offer you a map function.

More information about the purpose and scope of data collection and the processing of such data by Google is provided in Google's privacy policy. This policy also provides more information about your rights and the settings which enable you to protect your privacy: https://policies.google.com/privacy?hl=en&gl=en.

12. Social media links

12.1. Principles

We use the following simple social media links on the picturemaxx website. When you are visiting the picturemaxx website, your personal data is not automatically shared or passed on to providers of social media networks. Your data is only sent to the provider of the social media network and stored there, in case you click the link (which is placed as a button) and are already logged in or respectively you proceed the log in by entering your access data into a pop-up window which is opened by clicking the link in case you are not already logged in. You can control which data you wish to release by altering the data protection settings which are available on most social media platforms. More information about how you can change your data protection settings and how external social media sites handle your personal identifiable data is provided in the following:

12.2. Facebook

We link to Facebook ("Facebook"). Facebook is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The link is recognisable by the Facebook logo. As soon as you click the link a connection is created between your web browser and Facebook's servers. The type, scope, purposes and processing of the data by Facebook and the rights and settings options for the protection of the user's privacy are detailed in Facebook's data protection statement (https://www.facebook.com/about/privacy).

12.3. Twitter

We link to the Twitter network. ("Twitter"), a service of Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The link is recognisable by the Twitter logo. Your web browser will establish a connection to the Twitter server every you click the Twitter logo on the picturemaxx website. Details relating to the processing of your data by Twitter and your rights and setting options to protect your personal data are contained in the Twitter data protection statement (https://twitter.com/de/privacy).

12.4. LinkedIn

We link to the LinkedIn network ("LinkedIn") on the picturemaxx website. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The link is recognisable by the LinkedIn logo. Your web browser will establish a connection to the LinkedIn server when you click the link. LinkedIn's data protection statement is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn's cookie regulations are available at https://www.linkedin.com/legal/cookie-policy.

12.5. Xing

This service uses a link to the social network xing.com, which is operated by XING AG ("Xing"), Gänsemarkt 43, 20354 Hamburg, Germany. When you click on the link, your web browser connects to the Xing server. This link is recognisable by the Xing logo. The purpose and scope of data collection and further processing and use of the data by Xing as well as your rights and settings options for the protection of your privacy are detailed in the Xing data protection statement at https://privacy.xing.com/en.

12.6. Instagram

We link to the Instagram network ("Instagram"), which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA. The link is identified by the Instagram logo in the form of an "Instagram camera". If you click such an Instagram logo your browser will establish a direct connection to the Instagram servers. The purpose and scope of data collection and further processing and use of the data by Instagram as well as your rights and settings options for the protection of your privacy are detailed in the Instagram data protection statement at: https://help.instagram.com/155833707900388.

12.7. Google+

We link to Google+. Google+ is operated by the Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. The link is recognisable by the Google+ logo. If you click such a Google + logo your browser will establish a direct connection to the Google+ servers. More information about the purpose and scope of data collection and the processing of such data by Google is provided in Google's privacy policy. This policy also provides more information about your rights and the settings which enable you to protect your privacy: http://www.google.de/intl/de/policies/privacy.

13. Disclosure to third parties

13.1. Principles

We will only pass on your personal data – and will inform you appropriately – in compliance with the applicable data protection laws to service providers, business partners, affiliated undertakings and other third parties.

We may disclose personal data to service providers working on our behalf and require them to perform services in our name (order processing). These service providers may be affiliated undertakings of picturemaxx or external service providers. In this context we comply with stringent national and European data protection regulations. These service providers are bound by our instructions and are subject to stringent contractual limitations on the processing of personal data. Accordingly, data may only be processed if this is necessary for the performance of services in our name or in order to comply with legal requirements. We stipulate precisely and in advance the rights and obligations of our service providers in relation to personal data.

We may disclose personal data to a third party if we are required to do so by law or in legal proceedings or in order to supply and manage our products and services. We may also be required to provide information to law enforcement agencies or other public authorities. We are also authorised to release data if such disclosure of information is necessary for the purposes of collaboration and thus of providing picturemaxx services to you or if you declare your consent to such disclosure. Disclosure can also rarely be avoided in the course of tax audits.

13.2. Server housing

Our website and thus also your data are housed on picturemaxx’s servers with QSC AG ("QSC"), Mathias-Brüggen-Str. 55, 50829 Cologne in Munich, Germany. QSC may only access the servers or respectively the data on the servers in accordance with our instructions (order processing). QSC also adopts stringent technical measures to protect your personal data. Your data are held exclusively on picturemaxx servers in Germany and QSC has only access to those servers in a case of emergency and only in line with our instructions.

The processing of your data is legitimate under Article 6 (1) sentence 1 f) GDPR. The purpose of processing data is that QSC provides the premises and infrastructure to run the picturemaxx servers. More information about data protection and the period for which your data etc. are stored by QSC is available at: https://www.qsc.de/de/datenschutz/

13.3. Amazon

For the provision of cloud infrastructure services, picturemaxx uses the services of Amazon Web Services Inc. ("Amazon"), 410 Terry Avenue North, Seattle WA 98109, United States. Amazon may only use the data in accordance with our instructions (order processing). Amazon also adopts stringent technical measures to protect your personal data. Amazon does not pass on your personal data to third parties unless this is necessary in order to perform the agreed services or if Amazon is required to do so by law or to comply with a valid and mandatory instruction issued by a government or regulatory authority. The data provided for this purpose are kept to a minimum. In some circumstances, Amazon may also store the information in countries outside the EEA. Amazon will, however, take the necessary steps to ensure that an appropriate level of data protection is maintained. If Amazon sends your data to the United States, for example, additional measures are taken, such as concluding EU-compliant data transmission agreements with the data importer if this is necessary. Amazon participates in the EU-US Privacy Shield Framework.

The processing of your data is legitimate under Article 6 (1) sentence 1 f) GDPR. The purpose of processing data is that Amazon does to store picturemaxx’s data on Amazon servers.

The duration of the data storage depends on the legal storage obligations.

More information from Amazon about data protection is available at:
https://aws.amazon.com/compliance/eu-data-protection/?nc1=h_ls.

13.4. Salesforce

picturemaxx stores and uses the data you provide on the website in systems of salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany ("Salesforce") for the purposes of customer relationship management ("CRM"). Salesforce may only access the data in accordance with our instructions (order processing). Salesforce also takes strict technical measures to protect your personal information. Salesforce will not disclose your personal data to third parties unless such disclosure is necessary to complete the agreed services or Salesforce must do so in order to comply with the law or a valid and binding directive from a government or supervisory authority. The data transmitted for this purpose is limited to the necessary minimum. The legal basis for the processing of your data is Article 6 (1) sentence 1 f) GDPR. The purpose of data processing is for Salesforce to help us with CRM. The duration of the data storage depends on the legal storage obligations.

For more information about Salesforce's privacy practices, please visit: https://www.salesforce.com/uk/company/privacy/

13.5. Other service providers

Other picturemaxx service providers that are recipients of personal data are our freelancers, who support us in the following areas:

• Customer support
• Administration
• Development
• Programming
• CRM

These service providers are also obliged within the framework of order processing agreements in accordance with Section 14.1.

The legal basis for the processing of your data is Article 6 (1) sentence 1 f) GDPR. The duration of the data storage depends on the legal storage obligations.

14. Security standards

picturemaxx has implemented appropriate physical, technical and administrative security standards to protect personal data against loss, misuse, modification or destruction. Our service providers and associated undertakings are contractually committed to safeguarding the confidentiality of personal data. They are also prohibited from using data for purposes not approved by us.

15.  Changes to this statement

We may update this Data Protection Statement from time to time. We therefore recommend that you regularly read this Data Protection Statement to ensure that you are familiar with our data protection practice. This Data Protection Statement was last updated on April 4, 2019.