PRIVACY POLICY FOR THE WEBSITE www.fotografia-eva.com
 
WHY IS THIS PRIVACY STATEMENT AVAILABLE?
 
Welcome to my website! Here you will find all information about my work as a photographer and my services. Feel free to look around, send me a message via the contact form or send me an email.
 
When you visit my website, various personal data are processed. A law that applies to me contains certain requirements in this regard. For example, I have to inform you about certain things already at the time of collecting your personal data. And that is exactly what this privacy policy is about!
 
 
WHAT IS PERSONAL DATA?
Data protection is all about personal data. This includes all information that identifies or makes identifiable a person. It does not matter who can make the connection. It is enough that it is possible. The term includes name, address, profession, e-mail address, state of health, income, marital status, telephone number and usage data such as the IP address. So you see that actually almost all data can be personal – even if it is only technical information.
 
WHEN DO WE SPEAK OF PROCESSING?
You can do a lot with personal data. This means everything from collection to deletion. It can be recorded, organized, arranged, stored, adapted, modified, read out, queried, used, disclosed, transmitted or made available. So processing actually always takes place.
 
Who is responsible for data processing on the website?
The responsible person in the sense of the data protection regulations is Eva Bayer, Calle El Toril 417, 29711 Málaga. I do not have to appoint a data protection officer. However, you are welcome to contact me directly at any time if you have questions about the processing of your personal data at my e-mail address info@fotografia-eva.com.
 
 
WHAT DATA IS PROCESSED WHEN SURFING THE WEBSITE?
When you visit the website, your computer sends data. This is the only way to establish a connection with your device. During this process, the following (personal) data is processed: Date and time of the website call, name of the subpage called, anonymized IP address, referrer URL (origin URL), operating system used, host name of the accessing computer, and product and version information of your browser. The data processing that takes place is legally permitted on the basis of legitimate interest. I would like to present myself as a photographer and show my pictures. For this purpose, a website of my own is necessary – because customers today only search for services on the Internet. The processing of the aforementioned data takes place automatically when the website is called up and is also necessary for this purpose. The usage data will be deleted after 60 days by my website host.
 
WE USE COOKIES 
The internet pages use so-called cookies in several places. They serve to make my offer more user-friendly, more effective and safer. A cookie is a piece of text information that my website places on the end device you are using via the web browser. Most of the cookies I use are so-called „session cookies“. They are automatically deleted after the end of your visit. 
 
My legitimate interest arises from the fact that we only facilitate the accessibility of the site for you with the aforementioned cookies, do not collect any tracking data and thus no interference with your privacy rights and fundamental freedoms. 
You can exclude the acceptance of cookies in your web browser. However, this may impair the functionality of the site. These cookies are only valid for the duration of your browser session and are deleted when you end your visit to our site.
 
 
I use cookies from the following third parties:
 
Cookie Consent Tool by Real Cookie Banner.
To obtain your consent I use Real Cookie Banner (https://devowl.io/de/wordpress-real-cookie-banner/), a product of devowl.io GmbH, Tannet 12, 94539 Grafling, Germany. If you give your consent, Real Cookie Banner automatically logs the following data with the operator (https://devowl.io/de/datenschutzerklaerung/):
 
– The IP number of the end user in anonymized form (the last digits are set to ‚0‘).
– Date and time of consent.
– User agent of the end user’s browser.
– The URL from which the consent was sent.
– An anonymous, random and encrypted key.
– The consent status of the end user, which serves as proof of consent.
 
 
The data stored is used to ensure that web analytics services only collect data with your consent and to document that consent, and to create and display cookie notices to end users.
 
The key and consent status are also stored in the end user’s browser in the cookie „us_cookie_notice_accepted“ so that the website can automatically read and follow the end user’s consent in all subsequent page requests and future end user sessions for up to 12 months.
 
The legal basis for processing your data is Art. 6 (1) c) and f) DSGVO, because I am required by law to be able to prove consent and my legitimate interest arises from the fact that this is the only way I can obtain necessary consent.
 
WHAT HAPPENS WHEN I CONTACT YOU?
I have included a contact form in the website, so you can write your message directly in a field and send it to me. Please enter the requested information (e.g. e-mail address, phone number). You can also send me an e-mail directly. You can find the address in several places on the website.
If a contractual relationship should develop from the inquiry by way of contract initiation or if the inquiry refers to an existing contractual relationship, the legal basis is Art. 6 para. 1 lit. b) DSGVO, since the storage of the data is necessary for the fulfillment of a pre-contractual or contractual obligation. Furthermore, I also have a legitimate interest according to Art. 6 para. 1 lit. f) DSGVO in processing the data for the purpose of communicating and responding to requests. I may therefore use the information from your contact request to contact you and send you an offer. The information you provide (especially name and email address) is necessary for me to respond to your request and for us to enter into a contract.
 
The deletion of the data takes place when the purpose of the storage is no longer applicable, i.e. after answering your e-mail/contact form inquiry or when the matter related to the inquiry has been conclusively clarified. In the case of an existing contractual relationship or a contractual relationship resulting from the inquiry, the data will be deleted after expiry of the statutory retention periods.
 
HOW DOES IT WORK TO CONTACT ME VIA WHATSAPP?
I have decided to enable contact via the messenger service WhatsApp. Therefore, there is a QR code embedded on the website that you can use to contact me directly. You can scan the code with your cell phone and write directly to my mobile number. Thereby a synchronization of your data with a server of WhatsApp takes place.
 
The messenger service is provided by WhatsApp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This applies in any case if the user is located in the European Union. The responsible provider is Meta Platforms, Inc 1 Hacker Way, Menlo Park, California 94025 USA. Therefore, it is not excluded that a transfer of personal data to the USA takes place when using WhatsApp. The USA is an insecure third country in terms of data protection. There are also no suitable guarantees for data protection in the case of the use of WhatsApp. The following risks are therefore associated with the use: Personal data could possibly be passed on to others or viewed by them beyond the actual purpose.
 
There is a higher probability of incorrect data processing, as the technical and organizational measures for the protection of personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality The use of WhatsApp, the data processing that takes place and the transfer of data to the USA is based on your consent (Art. 6 para. 1 a) and Art. 49 para. 1 a) GDPR). You give this consent by scanning the code and writing your message to me. I will store the resulting chat for the duration of our cooperation. If you do not instruct me, I will of course delete your messages and personal data directly.
 
I have no influence on the scope of data processing by the provider of the messenger service and can only refer you to their privacy policy. You can find more information about data protection at Whatsapp here: https://www.whatsapp.com/legal/
 
WHAT IS THIS FACEBOOK PIXEL?
For targeted advertising and efficient measurement of my advertising campaigns, I use the so-called Facebook Pixel. This transmits the data generated while surfing the website (e.g. subpages clicked on, content and advertisements) to Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland. This transmits data to Meta Platforms, Inc 1 Hacker Way, Menlo Park, California 94025 USA. There, they are compared with the data of your Facebook account and enriched with data already available at Facebook. The Facebook Pixel ensures that you only see ads in your Facebook profile that are tailored to you. Facebook itself uses the resulting data to analyze your user behavior and the effectiveness of advertisements. Data about your visit to the website is transmitted to Facebook even if you do not have a Facebook profile or are not currently logged in there.
 
The described data processing only takes place if you have previously consented (Art. 6 para. 1 a) DS-GVO). You will be asked for a corresponding declaration when you call up the website (in electronic form). You can allow or refuse data processing via the Facebook pixel. The data transmitted to Facebook will be deleted directly after matching. I myself do not store any data during this process and cannot view it.
 
 
Although Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland is basically responsible for data processing when using Facebook services in the European Union. However, it cannot be ruled out that the data generated during use may also be transmitted to the USA. 
 
For more information on how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and how data subjects can exercise their rights against Facebook Ireland, please see Facebook Ireland’s data policy at https://www.facebook.com/about/privacy.
 
WHAT DATA IS PROCESSED BY GOOGLE ANALYTICS?
I have integrated the Google Analytics tool on the website (offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google Ireland transmits data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which I always point out. For more information on whether and what data is collected by Google through the use of these services, please see Google’s privacy policy.
 
Cookies are also set in the process. Processed are IP address, screen size, browser information, location (country), preferred language setting, subpages visited and date and time of access. 
 
The permissibility of this processing depends on your consent (Art. 6 para. 1 a) DS- GVO). You can agree to the analysis of your user behavior when accessing the website by clicking on a box or reject it. The provision of your personal data is of course voluntary. I store the results for 60 days.
 
The information generated by the cookies about your use of this website is usually transmitted to a Google LLC server in the USA and stored there. However, due to the activated IP anonymization on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. 
 
I have concluded EU standard data protection clauses with Google, with which Google proves to me that it complies with appropriate and suitable technical and organizational measures to protect your personal data.
 
HOW DOES THE GOOGLE TAG MANAGER WORK?
I use the Google Tag Manager on my website. With it, I can include code sections from different tools and manage them centrally via a user interface. Google Tag Manager can be used to manage tools from other vendors as well as Google products – so it’s very handy. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation was made on domain or cookie level, it remains for all tracking tags, insofar as these are implemented with the Google Tag Manager.
 
The legal basis for the collection and storage of data is Art. 6 para. 1 p. 1 lit. a) DSGVO. I do not store any personal data myself.
The information generated by the cookies about your use of this website is usually transmitted to a server of Google LLC in the USA and stored there. However, due to the activated IP anonymization on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. 
 
I have concluded EU standard data protection clauses with Google, with which Google proves to me that it complies with appropriate and suitable technical and organizational measures to protect your personal data.
 
WHY DO I USE GOOGLE FONTS?
I have integrated external fonts on the website via the Google Fonts service. The fonts, which can be accessed via the Internet, are used for an appealing presentation of the website. Through the integration, information about the usage (e.g. date and time of the call, IP address, etc.) is transmitted to Google servers. Google Fonts is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected is used by Google for the purposes of advertising, market research, and needs-based design.
 
This may also involve a link to your Google user account, provided you are logged in there. If you deactivate or block Java script in your browser settings, you can prevent Google Fonts from running. You can find further information on data processing and notes on data protection when integrating Google Fonts directly at Google.
 
The processing that takes place is permissible on the basis of legitimate interest (Art. 6 (1) f) DS-GVO). I want to ensure that the content of the website is legible and displayed correctly. The use of different fonts is important in this regard. When calling up the website, Google Fonts is active. Deactivating Google Fonts will result in other fonts being displayed to you.
 
I do not store any personal data myself. If necessary, data may be transferred to the USA. This is generally permissible under the conditions of Art. 46 DS-GVO and on the basis of the standard contractual clauses effectively included in the contractual relationship with Google. These have been approved by the European Commission and guarantee adequate protection of your personal data outside the EU and the EEA. You can find more information about this directly at Google.
 
WHERE IS THE WEBSITE HOSTED AND WHO HAS ACCESS?
My website is hosted in a data center. This belongs to the website www.webhoster.com. I have concluded an order processing contract with the operator of the data center and have obliged him to comply with certain data protection requirements. 
 
In addition, the website is maintained by a service provider who may see personal data during maintenance. This is Plesk in collaboration with WordPress. Here, too, I have concluded an order processing contract.
 
Otherwise, basically only I have access to the personal data processed via the website and incoming requests. However, if we conclude a contract and documents relevant to tax law are created, knowledge by other persons is not excluded. In particular, this may involve a tax advisor or lawyer.
 
MY INSTAGRAM PAGE
For the purpose of exchange with you as well as for the purpose of advertising new services as well as for general information about my company, I operate a page on the platform „Instagram“. This service is offered on the technical platform and by means of the services of Meta Platforms, Inc 1 Hacker Way, Menlo Park, California 94025 USA (hereinafter „Instagram“).
 
The data controller for individuals living outside the United States is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you access the page via our website using the Instagram icon and are logged into your Instagram account at the same time, Instagram can directly assign the visit to our website to your Instagram account.
 
If you do not want Instagram to associate your data with your account, you must log out of Instagram before visiting my website.
When you access interactive features of the site (liking, commenting, sharing, messaging, etc.), an Instagram login screen appears. After any login, you will again be recognizable to Instagram as a specific user. Information on how you can manage or delete existing information can be found in the Instagram data policy at https://help.instagram.com/519522125107875/?maybe_redirect_pol=0.
I, as the operator of my Instagram page, do not collect and process any data beyond that. For more information about Instagram and other social networks and how you can protect your data within the framework of the privacy settings, see, for example, youngdata.de.
 
The legal basis for the use of the Instagram fan page is Art. 6 para. 1 lit. f) DSGVO. My legitimate interest is based on the fact that I enable customers to have a direct exchange with my company via this social media service, also for complaints. The embedded images from Instagram are displayed on the basis of your express consent pursuant to Art. 6 para. 1 p. 1 lit. a) DSGVO. 
 
WHAT RIGHTS DO YOU HAVE?
When it comes to data protection, you have quite a few rights. In the GDPR, there are some articles that only deal with this. Here you have an overview of your rights:
 
a. Right of objection
If we process your data to protect legitimate interests (Art. 6(1)(f) DSGVO), you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. 
In the event of an objection to data processing for the purpose of direct marketing, processing for this purpose will no longer take place.
 
b. Right to information
You have the right to request confirmation from us as to whether we are processing personal data relating to you and, if so, a right of access to the personal data and related information in accordance with Article 15 of the GDPR.
 
c. Right to rectification
You have the right to request that we correct or complete any inaccurate or incomplete personal data concerning you without undue delay in accordance with Article 16 DSGVO.
 
d. Right to deletion
You have the right to request that we delete personal data concerning you without delay and we are obliged to delete it without delay if one of the reasons stated in Art. 17 DSGVO applies.
 
e. Right to restriction of processing
You have the right to demand that we restrict personal data concerning you if one of the conditions set out in Art. 18 DSGVO applies. 
 
f. Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and have the right to request that we transfer the data to another controller, insofar as this is technically feasible.
 
You have the right to complain to a data protection supervisory authority at any time.