Please find below our statement on the processing of personal data by our company in accordance with the legal requirements, especially with the EU General Data Protection Regulation (GDPR).
Contents:
This section of the privacy statement contains information on the scope of validity, the person responsible for data processing, the data protection officer and data security. It also begins with a list of definitions of important terms used in the data privacy statement.
Browser: Computer program used to display websites (e.g., Chrome, Firefox, Safari)
Cookies: Text files which the web server places on the user's computer by means of the browser which is used. The stored cookie information may contain both an identifier (cookie ID) for recognition purposes and content data, such as login status or information about websites visited. The browser sends the cookie information back to the web server with each new request upon subsequent repeat visits to these sites. Most browsers accept cookies automatically.
Third countries: Countries outside the European Union (EU)
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC General Data Protection Regulation
Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Services: Our offers to which this data privacy statement applies (cf. Scope of validity).
Tracking: The collection and analysis of data regarding the behaviour of visitors to our services.
Tracking technologies: Tracking can take place both via the activity logs stored on our web servers (log files) and by means of data collection from your terminal device via pixels, cookies, and similar tracking technologies.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Pixel: Pixels are also called tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is downloaded from a server on the Internet and the download is registered there. This allows the operator of the server to see if and when an email has been opened or a website has been visited. This function is usually carried out by calling up a small program (JavaScript). Certain types of information can be detected on your computer system in this way and shared, such as the content of cookies, the time and date of the visit, and a description of the page on which the tracking pixel is located.
This data privacy statement applies to the following offers:
All these offers are also collectively referred to as "services".
The following party is responsible for the processing of data in relation to the services, i.e., this is the person who determines the purposes and means of processing personal data:
Fotodom Agency
Tokmakov pereulok, 21/2
Building 3
Moscow 105066
Russia
Phone: +7 499 91830 07 or +7 499 91830 08
Email: sales@fotodom.ru
Our data protection officer can be contacted under the data given in paragraph 3, for the attention of the data privacy department or via imageprofessionals@datenschutzanfrage.de.
This section of the data privacy statement contains detailed information about the processing of personal data in the context of our services. The information is subdivided for greater clarity into certain functions in connection with our services. In case of the normal use of the services, different functions and therefore also different processing operations can be implemented consecutively or simultaneously.
The following applies to all the processing operations listed below, unless stated otherwise:
a. No obligation to provide personal data & consequences of failure to provide such data
The provision of personal data is not required by law or contract, and you are under no obligation to provide any data. We will inform you during the data entry process when personal information needs to be provided for the relevant service (e.g., by indicating 'mandatory fields'). In cases where the provision of data is required, the consequence of not providing data will be that the service in question cannot be provided. Otherwise, failure to provide data may result in our inability to provide our services in the same form and quality.
b. Consent
In various cases, you may also grant us your consent to the further processing of data (or some of the data, where applicable) in connection with the operations listed below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all the procedures and the scope of the consent and about the purposes which we pursue in these processing operations. The processing operations based on your consent are therefore not listed again here (Art. 13, subs. 4, GDPR).
c. Transfer of personal data to third countries
When we send data to third countries, i.e., countries outside the European Union, the data are then transmitted strictly in compliance with the statutory conditions of admissibility.
If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, if we do not have your consent, if the transmission is not required for the establishment, exercise or defence of legal claims, and if no other exemption applies under Art. 49 GDPR, we will only transmit your data to a third country if in possession of an adequacy decision pursuant to Art. 45 GDPR or appropriate safeguards under Art. 46 GDPR.
One of these adequacy decisions is the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the 'EU-US Privacy Shield' for the USA. The level of data protection is generally considered to be appropriate according to Art. 45 GDPR for transfers to companies which are certified under the EU-US Privacy Shield.
By concluding the EU standard data protection clauses issued by the European Commission with the receiving entity, we fulfil the requirements for verification with regard to appropriate safeguards pursuant to Article 46 (2) c) of the GDPR, as well as with regard to an adequate level of data protection in the third country. Copies of the EU standard data protection clauses are available on the website of the European Commission, available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
d. Hosting at external service providers
Our data processing work is carried out to a large extent with the involvement of hosting service providers who provide us with storage space and processing capacities at their data centres and who also process personal data on our behalf according to our instructions. It may be the case that personal data are transmitted to hosting service providers in respect of all of the functions listed below. These service providers process data either exclusively in the EU or subject to guaranteed levels of data protection which we have put in place based on the standard EU data protection clauses (cf. subsection c.).
e. Transmission to government authorities
We send personal information to government authorities (including law enforcement agencies) when required to fulfil a legal obligation to which we are subject (legal basis: Art. 6, subs. 1 c), GDPR) or when it is necessary for the assertion, exercise or defence of legal claims (legal basis: Art. 6, subs. 1 f), GDPR).
f. Period of storage
The time specified in the "period of storage" paragraph indicates how long we use the data for the purposes in any given case. At the end of this period, the data will no longer be processed by us but will be deleted at regular intervals, unless continued processing and storage are required by law (in particular, because it is necessary to fulfil a legal obligation or for the establishment, exercise or defence of legal claims) or unless you grant us extended consent.
g. Functioning time of cookies
The data processing described in the following sections is partially carried out with the help of cookies. The information stored in a cookie can only be accessed via the Internet by the operator of the web server that originally set the cookie. It is not possible for third parties to access access in this way. Cookies have different functional durations. Some cookies are only active during a browser session and are deleted afterwards, others function for longer periods of time, but usually shorter than one year. After the functional duration has expired, a cookie is deleted by the browser. You can manage cookies using the browser functions (mostly under "Options" or "Settings"). This allows the storage of cookies to be deactivated, made dependent on your consent in individual cases or otherwise restricted. You can also delete cookies at any time.
h. Data categories
The category names listed below are used for specific types of data in the following sections:
i. Data collection from public sources
We collect personal data from publicly available sources. Publicly accessible sources include, publicly accessible websites, all public directories available to the general public (telephone number and similar directories) and public registers, even if they may require a login (e.g. commercial registers).
We process all categories of data that are stored in publicly accessible sources. For example, this may include personal master data, address data, contact data, payment data, order data, as well as all other data categories, such as interests, preferences, affinities, and the like.
Data is collected for the purpose of fulfilling the principle of accuracy according to Art. 5(1)(d) DSGVO, if applicable, for the purpose of contract performance according to Art. 6(1)(b) DSGVO, if applicable, for the purpose of law enforcement and debt collection according to Art. 6(1)(b) and (f) DSGVO, as well as for the purpose of direct advertising that is as interest-based as possible according to Art. 6(1)(f) DSGVO in conjunction with Recital 46 DSGVO.
The passages below set out how your personal data are processed when you access our services (e.g., loading and viewing the website, opening the mobile app and navigating within the app). In addition, we use technically or legally necessary auxiliary tools that do not collect any data themselves (such as a tag manager) but only serve the security of the website, the administration, and operation of other tools, or the administration of consents granted by you (Consent Management Platform.) We would point out, in particular, that it is impossible not to send access data to external content providers (cf. subsection b.) due to the technical processes involved in transmitting information over the Internet. The third-party providers are themselves responsible for the privacy-compliant operation of the IT systems which they use. The service providers are required to decide how long the data will be stored.
a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category | Intended purposes | Legal basis | Legitimate interest, where applicable | Storage period |
---|---|---|---|---|
Access data | Establishing connection, presenting contents of the service, detecting attacks on our site due to unusual activities, fault diagnosis | Art. 6, subs. 1 f), GDPR | Proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage through interference in information systems | 4 weeks |
b. Recipients of personal data
Recipient category | Data concerned | Legal basis | Legitimate interests, where applicable |
---|---|---|---|
External content providers who provide content which is needed to display the service (e.g., images, videos, embedded postings from social networks, banner ads, fonts, update information) | Access data | Art. 6, subs. 1 f), GDPR | Proper functioning of services, (accelerated) display of content |
IT security service providers | Access data | Art. 6, subs. 1 f), GDPR | Prevention of attacks through exploitation of security gaps / vulnerabilities |
The tables below show how your personal data are processed when you subscribe to a newsletter:
a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category | Intended purposes | Legal basis | Legitimate interest, where applicable | Period of storage |
---|---|---|---|---|
Email address | Verification of the application (double opt-in procedure), sending of the newsletter | Art. 6, subs. 1 b), GDPR | Duration of newsletter subscription | |
Personal master data | Personalisation of newsletter | Art. 6, subs. 1 b), GDPR | Duration of newsletter subscription | |
Login data | Traceability of newsletter registration / confirmation / deregistration | Art. 6, subs. 1 b), f), GDPR | Proof of successful newsletter registration / confirmation / deregistration | Duration of newsletter subscription |
Newsletter user profile data | Reflection of interests in the composition of the newsletter | Art. 6, subs. 1 f), GDPR | Improvement of our service, promotional purposes | Duration of newsletter subscription |
b. Recipients of personal data
Recipient category | Data concerned | Legal basis | Legitimate interests, where applicable |
---|---|---|---|
Newsletter distribution service providers | All data listed in 2.a. | Processing on behalf of a controller (Art. 28 GDPR) |
In the following, we describe how your personal data is processed when you take advantage of offers for downloads or activate content that requires registration.
Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category | Intended purposes | Legal basis | Period of storage |
---|---|---|---|
E-mail address | Establishment of contact, checking entitlement to subscription | Art. 6, subs. 1 b), GDPR | Duration of the action/subscription entitlement |
The tables below set out how your personal data are processed in connection with an existing relationship between us and you as a customer in our online shop and in the procurement of image, video and text data.
a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category | Intended purposes | Legal basis | Legitimate interests, where applicable | Period of storage |
---|---|---|---|---|
Personal master data, address data, contact data | Customer registration, identification, age verification, establishment of contact, provision of information relevant to your interests, issue of advertisements for own services and third-party services | Art. 6, subs. 1 b), f), GDPR | Customer relationship management, marketing of our services, promotional purposes | 10 years after completion of the last purchase order |
Purchase order data | Purchase order processing, services relevant to interests | Art. 6, subs. 1 b), f), GDPR | Customer relationship management, marketing of our services, promotional purposes | 10 years after completion of the last purchase order |
Payment data | Processing of payments for the service | Art. 6, subs. 1 b), GDPR | Duration of the contractual relationship |
b. Recipients of personal data
Recipient category | Data concerned | Legal basis | Legitimate interests, where applicable |
---|---|---|---|
Payment service providers | Personal master data, address data, payment data | Art. 6, subs. 1 b), GDPR | |
Collection service providers | Personal master data, address data, payment data | Art. 6, subs. 1 b), GDPR |
We use PayPal, a service provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. By selecting payment by PayPal, we redirect you to a PayPal page. All PayPal transactions are subject to the PayPal privacy policy. PayPal and we act independently in terms of data protection.
In the following, we describe how your personal data is processed in connection with an existing application process between you and us for a position as an employee in our company:
a. Intended purpose of data processing and legal basis and, if applicable, legitimate interests, storage period
Category of data | Intended purpose | Legal basis | Possibly justified interest | Storage time |
---|---|---|---|---|
Personal master data, address data, contact data | Identification, contact, communication for contract initiation | Art. 6 para. 1 b) DSGVO | 6 months | |
Cover letter, curriculum vitae, certificates, letters of recommendation and other application documents submitted by you | Applicant selection & recruitment | Art. 6 para. 1 b) DSGVO | 6 months |
Below we describe how your personal data is processed in connection with a potential customer relationship existing between you and us:
a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category | Intended purposes | Legal basis | Legitimate interests, where applicable | Period of storage |
---|---|---|---|---|
Personal master data, address data, contact data | Customer registration, identification, establishment of contact, order processing, provision of information relevant to your interests, issue of advertisements for own services and third-party services, issue of invitations for our own events and third party events | Art. 6, subs. 1 b), f) GDPR | Customer relationship management, marketing of our services, promotional purposes | unlimited |
Purchase order data | Purchase order processing, services relevant to interests | Art. 6, subs. 1 b), f) GDPR | Customer relationship management, marketing of our services, promotional purposes | unlimited |
Payment data | Processing of payments for the service | Art. 6, subs. 1 b) GDPR | unlimited |
b. Recipients of personal data
Recipient category | Data concerned | Legal basis | Legitimate interests, where applicable |
---|---|---|---|
Payment service providers | Personal master data, address data, payment data | Art. 6, subs. 1 b) GDPR | |
Credit check service providers | Personal master data, address data | Art. 6, subs. 1 f) GDPR | Address verification, verification of solvency, avoidance of payment defaults |
Marketing service providers | Personal master data, address data, contact data | Art. 6, subs. 1 f) GDPR | Customer relationship management, marketing and promotional purposes |
Collection service providers | Personal master data, address data, payment data | Art. 6, subs. 1 b) GDPR |
seasons.agency operates its fan page on the Facebook Inc. platform, 1601 S. California Avenue, Palo Alto, CA, 94304, USA (Facebook data policy). Every message and interaction on this fan page leads to data processing, regardless of whether you have a Facebook account or not. In the case of a logged-in account, Facebook Inc. merges the information about the fan page visit with your account information and may use this to create profiles. If you do not wish to be profiled in this way, please log out before accessing our fan page.
Using "Facebook Insights", we process statistical data from our fan page such as gender, age range, location, page views, interactions and information on paid activities, reach, accounts reached, impressions and impressions per day. This is done on the basis of our legitimate interest (Art. 6, subs. 1 f) GDPR) to make posts on the page more attractive or to find the right time to publish them.
You have the right to information, deletion and correction of your data, restriction of processing, objection to processing, data portability and complaint to the supervisory authority. You can assert these rights both against Facebook Ireland Ltd. contact form and against us imageprofessionals@datenschutzanfrage.de, where we will forward your requests to them in accordance with our agreement with Facebook.
As we are jointly responsible for processing your data, we have a Page Controller Addendum with Facebook.
Calling up and every interaction on our fan page leads to data processing, regardless of whether or not you have an account with Instagram or Facebook. In the case of a logged-in account, the operators of Instagram and/or their affiliated companies may combine the information about the call to the fan page with your account information and may use this to create profiles. If you do not wish to be profiled in this way, log out before accessing our fan page.
Using "Instagram Insights", we process statistical data from our fan page such as gender, age range, location, page views, interactions and information on paid activities, reach, accounts reached, impressions and impressions per day. This is done on the basis of our legitimate interest (Art. 6, subs. 1 f) GDPR) to make posts on the page more attractive or to find the right time to publish them.
You have the right to information, deletion and correction of your data, restriction of processing, objection to processing, data portability and complaint to the supervisory authority. You can assert these rights both against Facebook Ireland Ltd. contact form and against us imageprofessionals@datenschutzanfrage.de, where we will forward your requests to them in accordance with our agreement with Facebook.
As we are jointly responsible for processing your data, we have a Page Controller Addendum with Facebook.
Below we describe how your personal data is processed by the service:
We use "FriendlyCaptcha" on our website. FriendlyCaptcha is a service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany. FriendlyCaptcha's anti-bot solution is used to check whether an entry has been made by a human or whether it has been misused by automated, machine processing. Further details can be found here: https://friendlycaptcha.com/privacy/gdpr/
a) Purpose of data processing and legal basis as well as legitimate interests, if applicable, storage period
Data category | Purpose | Legal basis | Legitimate interest pursued by us | Storage period |
---|---|---|---|---|
HTTP request header data; date/time of the request; version of the widget used; customer account ID of the website; hash value (one-way encryption) of the incoming IP address; number of requests from the (hashed) IP address per period; answer to the calculation task solved by the visitor's computer | Distinguishing whether an entry is made by a natural person for the purpose of recognising automated access. (e.g. by robots) | Art. 6, subs. 1 f) GDPR | Prevention of misuse | If personal data is stored, this data is deleted within 30 days. |
b) Recipients of personal data
Recipient category | Data concerned | Legal basis |
---|---|---|
Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany | All data mentioned in point a) of this section | Art. 28 GDPR |
In the following, we describe in which cases and how your personal data is processed with the help of tracking technologies when using our services.
What data is processed by tracking?
The tracking methods described only process personal data in pseudonymous form. A connection with a concrete, identified natural person, i.e. a combination of the data with information about the bearer of the pseudonym, does not take place.
Directly transmitted pseudonymous information such as the cookie ID or (possibly shortened) IP address is assigned further information during tracking. Typically, this is technical information about the end device used, information about usage behaviour on the Internet, interests and possibly location data.
How can you object to tracking?
The description of the tracking procedures also includes information on how you can prevent the data processing. Please note that this so-called "opt-out", i.e. the refusal of processing, is partly stored via cookies. If you use our services via a new terminal device or in a different browser, or if you have deleted the cookies set by your browser, you may have to declare your rejection again.
On what legal basis does tracking take place?
The use of tracking technologies can be based on various legal grounds, which we describe below. For which specific purpose and on the basis of which legal basis we carry out the tracking by a certain service in individual cases, we describe in the list below (see letters a) and b)).
a. Legal basis Contract, Art. 6, subs. 1 b) GDPR
If we provide services that are provided in connection with a contract, the tracking and the associated analysis of user behaviour may be carried out on the basis of the legal basis of Art. 6 subs. 1 b) GDPR
The information obtained through this tracking is necessary in order to provide optimised services in accordance with the contractual purpose and to ensure the greatest possible benefit.
b. Legal basis Legitimate Interest, Art. 6, subs. 1 f) GDPR
Another possibility is that we carry out the tracking and the associated analysis of user behaviour on the basis of the legal basis Art. 6 (1) f) GDPR, i.e. after weighing up the interests.
In order to provide attractive services as efficiently as possible, we pursue the legitimate interest of analysing information obtained through tracking about user behaviour on our services.
Tracking based on the legal basis of Art. 6 (1) f) GDPR can help us in particular,
However, we do not pursue any purposes on this basis for which the behaviour of data subjects on the Internet must be made traceable or user profiles created.
c. Legal basis consent, Art. 6 subs. 1 a) GDPR
Finally, it can be considered that we carry out tracking on the basis of your consent (Art. 6 subs. 1 a) GDPR).
Consent is voluntary. It is given, for example, by clicking on the "OK" button on our services after a corresponding notice has been displayed.
"OK" button on our services. You can revoke this consent at any time.
d. Tracking technologies used
Name of service | Mode of operation | Option of preventing processing (opt-out) | Data transfer to third country? | Adequacy decision, where applicable (Art. 45 GDPR) |
---|---|---|---|---|
Google Analytics | Provider Google Analytics is a Service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Purpose of the Tracking We use Google Analytics to collect information regarding user behaveior in order to improve the user-friendliness of this website. Processing of personal data The IP-Address is processed. We use Google Analytics including the functions of Universal Analytics. Universal Analytics allows us to analyze the activities on our services across devices (e.g. for access via laptop and later via a tablet). This is made possible by the pseudonymous assignment of a user ID. We have also added the code "anonymizeIP" to our Google Analytics services. This guarantees the masking (shortening of the last eight digits) of your IP address, so that all data is collected anonymously. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Storage Period The transmitted data are deleted after 26 months. Data whose retention period has been reached is automatically deleted once a month. Legal Basis Legitimate interest |
You can object the processing of your personal data by Google by downloading and installing the browser plug-in available under the following Link: http://tools.google.com/dlpage/gaoptout. You can furthermore prevent Google Analytics from collecting data, especially when using browsers on mobile evices, by clicking this link. Please be aware that the website at www.seasons.agency and our Corporate Blog at https://www.imageprofessionals.com/en/blog are technically separated and that your opt-out will only work for the appropriate device where it’s offered. |
Yes, USA | Commission Decision (EU) 2016/1250 of 12.07.2016 on the so-called "EU-US Data Protection Shield" ("Privacy Shield") |
This website may contain add-ons (plugins) from social networks such as Facebook, instagram, YouTube, Pinterest, XING and LinkedIn. When you call up a page from our services that contains such a plugin, your browser establishes a direct connection to the servers of the respective provider. The content of the plugin is transmitted directly to your browser by the provider and integrated into the page. Through this integration, the provider receives the information that your browser has accessed the corresponding page, even if you do not have a profile with this provider or are not currently logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the provider (usually in the USA) and stored there. If you are logged in to the provider, they can directly assign your visit to our website to your profile. If you interact with the plugins, for example by clicking a button or posting a comment, this information is also transmitted directly to a server of the provider and stored there. The respective provider may publish this information on your profile or show it to your contacts.
If you do not want the providers to directly assign the data collected via our website to your profile in the respective social network, you must log out of the respective network before visiting our website.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing with future effect, which includes profiling to the extent that it is related to such direct marketing.
You also have the right, at any time with future effect and for reasons relating to your particular situation, to object to the processing of personal data concerning you which is based on Art. 6, subs. 1 e) or f), GDPR, including profiling based on these provisions.
You can exercise the right to object free of charge. In order to process your request more quickly, please contact us at imageprofessionals@datenschutzanfrage.de.
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the other information listed in Art. 15 GDPR.
You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You have the right to obtain from us the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17, subs. 1, GDPR is applicable and the processing operations are not required for one of the purposes approved in Art. 17, subs. 3, GDPR.
You are entitled to obtain from us the restriction of the processing of personal data if one of the conditions laid down in Art. 18, subs. 1 a) to d), GDPR is met.
Under the conditions set out in Art. 20, subs. 1, GDPR, you have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance on our part. In exercising your right to data portability, you have the right to have the personal data transmitted directly by us to another controller where technically feasible.
If the processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is:
Date of Data Privacy Statement
May 2022