Personal data is information that relates to an identified or identifiable person. This mainly includes information that can be used to identify you, such as your name, telephone number, address or email address. Statistical data that we collect when you visit our website, for example, and that cannot be linked to you, do not fall under the term”personal data”.
The contact person and person responsible for processing your personal data when you visit this website in accordance with the EU General Data Protection Regulation (GDPR) is PicDrop (PicDrop GmbH, Am Treptower Park 28-30, 12435 Berlin, phone: 030 – 555 74 793, e-mail email@example.com.)
2. Data processing on our website
2.1 Access to our website/access data
Every time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:
- IP address of the requesting device
- Time of the request
- Referrer URL (the previously visited page);
- Information about the browser and operating system used.
The data processing of this access data is necessary to enable the visit of the website and to guarantee the permanent functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above in order to generate statistical data on the use of our website. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
The information stored in the log files does not allow any direct conclusion to your person and will be deleted after the statistical evaluation.
2.2 Contacting us
You have several ways to contact us. In this context, we process your contact data and any other data you provide when contacting us exclusively for communication with you. The legal basis is Art. 6 para. 1 lit. b DSGVO.
2.3 Registration, payment processing
You have the opportunity to register for our product to use the full functionality of our website. We will ask you for your first and last name, your email address and your desired PicDrop address, and optionally your company name. When you sign up for one of our payment accounts, we will also ask for your billing details and address. Without this data, a registration is not possible. The legal basis for processing is Art. 6 para. 1 lit. b GDPR.
For payment transactions (payment accounts) we offer the usual online payment methods (e.g. direct debit and credit card payment). We work together with various payment service providers from whom we receive your payment data or to whom we transmit your payment data. Without these payment data and payment service providers, payment and contract processing is not possible. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
Our payment service providers are in particular:
- GoCardless Ltd, Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom (gocardless.com);
For more information about GoCardless’s processing of your personal information and your ability to opt-out, visit gocardless.com/legal/privacy/.
- Stripe Payments Europe, Ltd, The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland (stripe.com);
- PayPal (Europe) S.à.r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg (paypal.com);
2.4 Use of own cookies
For some of our services, it is necessary that we use so-called cookies. A cookie is a small text file that is stored on your device by your browser. Cookies are not used to run programs or download viruses onto your computer. The main purpose of our own cookies is rather to provide an offer tailored to your needs and to make the use of our services as time-saving as possible.
We want to enable you to use our website more comfortably and individually by using cookies (e.g. when logging in for login authentication). These services are based on our legitimate interests; the legal basis is Art. 6 Par. 1 S. 1 lit. f DSGVO.
The legal basis for the data processing described in this section is Art. 6 para. 1 sentence 1 of GDPR, based on our legitimate interest in the demand-oriented design and continuous optimization of our website.
In this section, you will also find information on the possible contradictions regarding our analysis measures by means of a so-called opt-out cookie. Please note that after deleting all cookies in your browser or later use of another browser and/or profile, an opt-out cookie must be set again.
Google will process the information obtained by the cookies in order to evaluate your use of the website, to compile reports on the website activities for the website operators and to provide further services associated with the use of the website and the Internet.
You can configure your browser to reject cookies or you can prevent the collection of data generated by cookies and related to your use of this website (including your IP address) and the processing of this data by Google by using the Browser Add-on and install it.
Alternatively to the browser add-on or if you access our website from a mobile device, please use the following opt-out link. This will prevent Google Analytics from collecting data on this website in the future (the opt-out only works in the browser and only for this domain). If you delete your cookies in this browser, you must click this link again.
Further information can be found in the Data Protection Declaration from Google.
3. Information Disclosure
The data collected by us will only be passed on if:
- You have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR;
- The disclosure pursuant to Art. 6 para. 1 sentence 1 of GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
- We are legally obliged pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR to pass on, or
- This is legally permissible and is necessary according to Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you or for the execution of pre-contractual measures which take place at your request.
Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned above, this may include data centers that store our website and databases, as well as IT service providers that maintain our system. If we pass data on to our service providers, they may use the data exclusively for the fulfillment of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organizational measures in place to protect the rights of the persons concerned and are regularly monitored by us.
4. Storage Time
In principle, we only store personal data for as long as is necessary to fulfill the services for which we have collected the data. Afterward, we delete the data immediately, unless we need the data until the end of the statutory limitation period for purposes of proof for civil law claims or due to statutory retention obligations.
5. Your rights
You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing and provide you with an overview of the data stored about you as part of the provision of information.
You have the right to have your data corrected or to have the processing of your data restricted if data stored with us is incorrect or no longer up-to-date.
You can also request the deletion of your data. If in exceptional cases, deletion is not possible due to other legal regulations, the data will be blocked so that they are only available for this legal purpose.
You also have the right to data transferability, i.e. we will send you a digital copy of the personal data provided by you on request.
To exercise your rights as described here, you may contact the above contact details at any time
After all, you have the right to complain to the data protection supervisory authority responsible for us. The responsible supervisory authority in Berlin: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany.
According to article 7, paragraph 2 GDPR, you have the right to revoke your consent to us at any time. As a result, we will not continue processing data based on this consent in the future. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
If we process your data on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 of GDPR, you have the right under Art. 21 GDPR to object to the processing of your data if there are reasons for this arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is also implemented by us without giving reasons.
If you would like to make use of your right of revocation or objection, an informal message to the above-mentioned contact data is sufficient.
6. Data integrity
We maintain current technical measures to guarantee data security, in particular, to protect your personal data from the dangers of data transmission and from third parties gaining knowledge. These are adapted to the current state of the art in each case. To secure the personal information you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.
We may update this privacy statement from time to time, for example when we adapt our website or change legal or regulatory requirements.
PicDrop – May 2018