top of page

Privacy Policy

This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within the framework of our services, as well as within our online offering and the associated websites, functions, and content, including external online presences such as our social media profiles (hereinafter collectively referred to as "online offering"). For the terminology used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Sabrina Einig
Wiggermannstraße 8
46236 Bottrop

Email: info@sabrinaeinig-fotografie.de
Website: https://en.sabrinaeinig-photography.com/impressum
No VAT charged according to § 19 UStG

Types of Data Processed

  • Basic data (e.g., personal details such as names or addresses)

  • Contact data (e.g., email addresses, phone numbers)

  • Content data (e.g., text entries, photographs, videos)

  • Usage data (e.g., websites visited, interest in content, access times)

  • Meta/communication data (e.g., device information, IP addresses)

Categories of Data Subjects

Visitors and users of the online offering (hereinafter collectively referred to as "users").

Purpose of Processing

  • To provide the online offering, its functions, and content

  • To respond to contact inquiries and communicate with users

  • To ensure security measures

  • To conduct reach measurement and marketing activities

Definitions

Personal Data: Any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific factors relating to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means. This includes collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, transmitting, disseminating, aligning, combining, restricting, erasing, or destroying data.

Pseudonymization: Processing personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the data is not attributed to an identified or identifiable natural person.

Profiling: Any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Legal Bases for Processing

In accordance with Article 13 GDPR, we inform you of the legal bases of our data processing. For users in the scope of the GDPR (EU and EEA), unless specified otherwise, the following applies:

  • The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR.

  • The legal basis for processing to perform our services and execute contractual measures, as well as respond to inquiries, is Article 6(1)(b) GDPR.

  • The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR.

  • If vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1)(d) GDPR applies.

  • The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority is Article 6(1)(e) GDPR.

  • The legal basis for processing necessary to protect our legitimate interests is Article 6(1)(f) GDPR.

Data processing for purposes other than those for which they were collected is determined in accordance with Article 6(4) GDPR. The processing of special categories of data (as per Article 9(1) GDPR) is based on Article 9(2) GDPR.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with the legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing.

Our measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and logical access to data and the systems managing it. Furthermore, we have procedures in place to safeguard data subject rights, delete data, and respond to threats to data security.

Rights of Data Subjects

You have the right to request confirmation of whether data concerning you is being processed, to access that data, and to obtain further information as well as a copy of the data in accordance with legal requirements.

You have the right to correct or complete inaccurate data concerning you.

You have the right to request that data concerning you be erased or its processing restricted, in accordance with legal requirements.

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller.

You have the right to lodge a complaint with a supervisory authority.

Right to Withdraw Consent

You have the right to withdraw any consent you have given us, with future effect.

Objection to Processing

You may object to the processing of your personal data at any time for reasons arising from your particular situation, provided the processing is based on Article 6(1)(e) or (f) GDPR.

If your personal data is processed for direct marketing purposes, you may object at any time to such processing, including profiling related to direct marketing.

Deletion of Data

Data processed by us will be deleted or its processing restricted in accordance with legal requirements. Unless explicitly stated in this privacy policy, stored data will be deleted as soon as it is no longer required for its intended purpose, and its deletion does not conflict with statutory retention requirements.

If data cannot be deleted because it is required for other legally permissible purposes, its processing will be restricted. In this case, the data will be blocked and not processed for other purposes.

bottom of page