GDPR 679/2016 - Information about the protection of personal data
I-1. Information regarding the collection of personal data
In the following we inform about the collection of personal data when using our website. Personal data are all data that refer to you personally e.g. name, address, email addresses, user site navigation behaviour through cookies.
Users who have any doubts about what Data is required are encouraged to contact the Party responsible.
The party responsible pursuant to Article 4 para. 7 of the EU General Data Protection Regulation (GDPR) is Auloma Holding S.r.l., Via Mussolina 1074, 40018 San Pietro in Casale Italy, Telephone: +39 051 818285, Email: firstname.lastname@example.org, Website: www.attaphoto.com (see our site policy). Our Data protection officer can be reached at email@example.com or at our postal address with the addition "FAO Data protection officer".
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through www.attaphoto.com and guarantees to have the right to communicate or disseminate them, releasing the Party resposible from any liability towards third parties.
The use of our website functions is fundamentally possible without the processing of personal data. Please refer to the corresponding remarks below concerning the (personal) data transmitted technically to us by you. If we use contracted service providers for the individual functions of our offer or if we wish to use your data for advertising purposes, we shall inform you in detail below regarding the respective procedures. Finally, we also name the criteria of storage duration established.
I-2. Purposes and legal basis of the processing
Unless otherwise stated or specified, the purpose of our data processing activities is the pursuit of our own business purposes.
We use different legal bases for the data processing.
If you give us consent for certain processing operations of personal data, the legal basis is Article 6 I lit. a of the GDPR hereinafter also referred to as "consent".
If the processing of personal data is necessary for the initiation or performance of a contract whose (potential) contracting party is the data subject, e.g.
if you inquire about products and/or order goods with us and the data processing is necessary for the delivery of the goods, Article 6 I lit. b of the GDPR is the legal basis (hereinafter also referred to as "contract performance").
If the processing of personal data is required to fulfil a legal obligation, e.g. for the fulfilment of tax filing obligations, Article 6 I lit. c of the GDPR is the legal basis.If the processing of personal data is necessary for the protection of vital interests of the data subject or of another natural person, e.g. if a visitor to one of our plant were injured and his/her data had to be forwarded to a doctor and/or hospital, Article 6 I lit. d of the GDPR is the legal basis.
The processing of personal data may, according to Article 6 I lit. f of the GDPR, be permitted under data protection law if it is necessary for the protection of a legitimate interest of our company or a third party, insofar as the interests, fundamental rights and fundamental freedoms of the person concerned do not predominate (hereinafter also referred to as "balance of interests"). We consider the performance of our business in the interest of safeguarding the jobs of our employees and of the well being of associates as our fundamental legitimate interest. This is also covered by the legitimate interests of companies expressly described by the European legislator. Therefore, a legitimate interest can be assumed if the data subject and the company are in a customer relationship (Recital 47 sentence 2 of the GDPR) or personal data are processed for direct marketing purposes.
I-3. Your rights
You have the following rights regarding us with respect to the personal data concerning you:
Right to information.
Right to rectification or deletion.
Right to restriction of processing.
Right to object to the processing.
Right to data portability.
You also have the right to complain to us about the processing of your personal data by means of a data protection supervisory authority. Your rights are regulated in Chapter 3 of the GDPR.
I-4. Presence of an automated process for the management of payments
The payment system deicated for buyers such us consumers, can only be performed online by credit card. The payment service is provided by PayPAl Inc. and the data used for payment are acquired directly from the service provider without being in any way processed by Auloma Holding S.r.l. The operator of the payment service PayPAL Inc. in performing its service may schedule the sending of messages to the Buyer, such as emails containing invoices or notifications regarding payment.
I-5. Opposition to or revocation of the processing of your data
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation will affect the legitimacy of the processing of your personal data after you have notified us.
Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if, in particular, the processing is not required to fulfil a contract with you, which is described by us in each case in the following description of functions. In the event of such a revocation, we shall ask you to explain the reasons why we should not process your personal data as we have done. In the case of a justified objection, we will examine the situation and will either discontinue or adapt the data processing or inform you of our compelling legitimate reasons with which we continue the processing.
Users are reminded that, if their Data is processed for direct marketing purposes, they may object the processing without providing any reasons. To find out if the Owner processes data for direct marketing purposes, Users can refer to the respective sections of this document.
How to claim your rights
You are entitled to object to the processing of your personal data for advertising and data analysis purposes at any time. Concerning your objection to advertising, you can contact us using the details shown in section 1.
I-6. Recipients and categories of recipients of your personal data
Information about our customers is important to us and helps us optimise the services we offer. We only pass on the information we receive to third parties in the extent described below:
Service providers outside the EU/EEA: We can not rule out that our subcontractors use other service providers in third countries. Pursuant to Article 28 para. 4 of the GDPR we obligate all service providers to adhere to adequate and appropriate guarantees in accordance with Article 44 ff. of the GDPR (transfer to third countries).
Newsletter: Only if you register on our site, we offer you the possibility to subscribe to our newsletter service through the site https://attaphoto.com. If you have registered and do not wish to receive this type of offer, you can unsubscribe at any time, e.g. at https://attaphoto.com or by sending us an e-mail at firstname.lastname@example.org. The newsletter service is optional and can be activated during the user's registration with their consent. The legal basis is Art. 6 para.1 letter a GDPR ("consent").
Legal, we hire external law firms to resolve legal disputes involving the party responsible, the user or both
Tax experts, accountants and auditors, we hire professionals from outside our organization to comply with the tax practices required by law.
Police officers, in case they request data in case of investigation
I-7. Criteria for the storage of personal data
We process personal data in accordance with the legal basis stated in this declaration and store personal data. If the data is routinely no longer required to initiate a contract or fulfilment of the contract, it shall be deleted in accordance with the respective statutory retention period.
II. Data processing for individual types of use
II-1. Collection of personal data when visiting our website
In the case of merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following information that is technically necessary for us to display our website and to ensure stability and security:
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
The amount of data transmitted
Website from which the request comes
Operating system and its interface
Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and by means of which the location which sets the cookie (here through us) receives certain information. Cookies can not run programs or transmit viruses to your computer. They serve to make the Internet offer more user friendly and effective. The legal basis of the data processing is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
When you contact us by email or by means of a contact form, the information you provide (your email address, your name and telephone number if applicable) shall be stored by us to answer your questions. We delete the data that arises in this context after the storage is no longer required, or limit the processing if there are statutory retention requirements.
If you have given your consent to receipt newsletters, the storage of the data provided by you will not be deleted until we receive your request sent to our email address email@example.com, or by sending the request via the dedicated link available in each newsletter. However, it remains possible that for reasons of updating hardware and software systems, your data provided to receive the newsletters will be deleted by us unilaterally at our sole discretion.
Should you be a customer with us and have for example questions or complaints about your order, the legal basis of the data processing is Article 6 para.1 S.1 lit. b of the GDPR ("Contract performance"). If you are not a customer of ours, the legal basis is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
This website uses the following types of cookies, the scope and operation of which are explained below:
Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser setting according to your wishes and for example decline the acceptance of third party cookies or all cookies. We inform you that you may not be able to use all features of this site.
II-4. Use of our webshop
If you wish to order in our webshop, for the conclusion of the contract it is necessary for you to provide your personal data (first and last name, address, email address, telephone number), which we need for the processing of your order. Obligatory information which is necessary for the processing of the contracts is marked separately, further details are voluntary. Voluntary data are related to holders of VAT if they want to use our webshop. We process the data provided by you to handle your order. For this purpose we can pass on your payment data to our own bank. The legal basis for this is Article 6 para.1 S.1 lit. b of the GDPR ("Contract performance").
The registration of your data creates an "account" (customer report), through which you can make further purchases, view information about past and current orders and your interaction with the site www.attaphoto.com as indicated in the following points:
Your above mentioned customer data
Overview of your completed and current orders at www.attaphoto.com with details of order number, brand, article name, profile, dimension, number, order date, delivery date, delivery status, details, etc.
Costs of your order, billing address, delivery address, order history, information regarding scheduling and status, etc.
When you create an account, the data you enter is saved on our servers and can be deleted by notifying us at the following email address: firstname.lastname@example.org. The legal basis for the use is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
Your personal data will not be processed or transferred to third parties for targeted commercial or technical information.
Due to trade and tax regulations, we are obligated to save your address, payment and order data for a period of ten years. However, we impose restrictions on processing, i.e. Your data shall only be used to comply with legal obligations.
The ordering process is encrypted to prevent unauthorised access to your personal data by third parties, especially financial data.
II-5. Use of social media
We currently use the following social media plug-ins: Facebook, Google+, Twitter, Instagram, YouTube, Flickr. We use the so-called two click solution. That means, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in is recognised by the respective logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, will the plug-in provider receive the information that you have accessed the corresponding website of our online service. In addition, the data specified in this policy shall be transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, personal data is transmitted by you to the respective plug-in provider and stored there (with US providers in the USA). As the plug-in provider carries out the data collection in particular by means of cookies, we recommend that you delete all cookies before clicking on the greyed-out box by means of the security settings of your browser.
We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, or the retention periods. We also have no information regarding the deletion of the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses them for purposes of advertising, market research and/or needs based design of the website. Such an evaluation is performed in particular (also for non-logged in users) for the display of needs based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. By means of the plug-ins we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, your data collected by us shall be assigned directly to your existing account with the plug-in provider. If you press the activated button and for example, if you link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent you from being mapped to your profile with the plug-in provider.
For more information on the purpose and extent of data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers shown below. There you will also find further information about your rights and the configuration options for the protection of your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information about the data collection:http://www.facebook.com/about/privacy/your-info-on-other#applications e http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/welcome
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://policies.google.com/technologies/partner-sites Google has submitted itself to the EU-US Privacy Shield,https://www.privacyshield.gov/welcome
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/it/privacy Twitter has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/welcome
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, a subsidiary of Facebook Inc.. Privacy information: https://help.instagram.com/155833707900388
YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google LLC. Information on privacy and compliance with the EU-US Privacy Shield: https://policies.google.com/privacy?hl=it&gl=it
III. Web Analysis
III-1. Use of Google Analytics
Our web sites www.auloma.com and www.attaphoto.com use Google Analytics, a web analytics service provided by Google Inc. (Google). Google Analytics uses what are known as ‘cookies' which are text files that are stored on your computer that facilitate the analysis of how you use our websites. The information generated by the cookie on how you use our website is usually transferred to a Google server in the USA and stored there. In our web sites the IP anonymisation is enabled ever, your IP address will be truncated by Google if it is located within the member states of the European Union or other parties to the agreement on the European Economic Area. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator.The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.You can prevent cookies being stored on your computer by selecting the appropriate settings in your browser. If you do so, however, you may not be able to use all the features of this website to their full extent. In addition, you can prevent Google from collecting the data on your use of the website (including your IP address) generated by the cookie, and also prevent the processing of this data by Google by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en Our web sites recording the IP address anonimyzed. As a result, IP addresses are processed shortened, which therefore excludes any personal reference. We use Google Analytics to analyse and regularly improve the use of our website. With the statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the US, Google has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Legal basis for the use of Google Analytics is Article 6 para.1 S.1 lit. f of the GDPR.Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: https://www.google.com/analytics/terms/us.html
IV-1. Location of the gathered personal data
The data are treating among Party responsable offices and in all other place where further involved parts are placed. To get more informations, please contact the Party responsable.The User personal data could be trasfered to a third country different than the country where the user is placed. To get more informations about the data tratment place, the user can refer the part "I-General" of this document.The user own the right to obtain informations about the legal basis concern data transfer outside the European Union or to another intenational organizzation of pubblic international right or estblished by two or more countries such as UN, as well as about the safety measure adopted by Party responsable to safe the data.In case happen one of the data transfer described above, the User can refers at the sections of this document or ask to Party responsable further informations and contact him through the address indicated above.