top of page

Data protection declaration according to GDPR   

Privacy Policy – SaWe Fotografie

Data protection is of particularly high importance for the management of SaWe Fotografie. The use of the internet pages of SaWe Fotografie is generally possible without providing any personal data. However, if a data subject wants to use special services offered by our company via the website, processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data—such as name, address, email address, telephone number, or photographs of a data subject—is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to SaWe Fotografie. With this privacy policy, our company aims to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy explains the rights of the data subjects.

As the data controller, SaWe Fotografie has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed via this website. However, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, such as by phone.

1. Definitions

The privacy policy of SaWe Fotografie is based on the terminology used by the European legislator in the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for both the public and our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy, we use the following terms, among others:

a) Personal Data
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing
Processing means any operation or set of operations performed on personal data, whether or not by automated means. This includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.

d) Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning that person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Controller or Data Controller
The controller or data controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient
A recipient is a natural or legal person, public authority, agency, or another body to whom personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not considered recipients.

Let me know if you’d like the rest of the privacy policy translated as well or want this version proofread for use on your English-language website.

j) Third Party

A third party is any natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes, by which they signify agreement to the processing of personal data relating to them, either by a statement or by a clear affirmative action.

2. Name and Address of the Controller

The controller, as defined by the General Data Protection Regulation and other applicable data protection laws in EU member states, is:

SaWe Fotografie
Owner: Sascha Werner
Adersstr. 40
42119 Wuppertal, Germany
Phone: +49 177 / 5540848
Email: info@sawe-foto.de
Website: www.sawe-foto.de

3. Cookies

The websites of SaWe Fotografie use cookies. Cookies are text files that are stored and saved on a computer system via an internet browser. Many websites and servers use cookies. A lot of cookies contain a so-called cookie ID, a unique identifier consisting of a string of characters that allows websites and servers to recognize the specific internet browser used by the individual. This makes it possible to distinguish the browser of the individual from other browsers that contain different cookies. The specific browser can thus be recognized and identified via the unique cookie ID.

By using cookies, SaWe Fotografie can provide users of this website with more user-friendly services that would not be possible without cookies.

Cookies allow us to optimize the information and offers on our website in the interest of the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make the use of our website easier. For example, a user who uses cookies does not have to enter login details every time they visit the site because this is handled by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online store: the store remembers which items a customer has placed in the virtual cart via a cookie.

The data subject can at any time prevent the setting of cookies through our website by adjusting the settings of their internet browser accordingly and thereby permanently object to the setting of cookies. Furthermore, already set cookies can be deleted at any time via the browser or other software tools. This is possible in all common internet browsers. However, if the data subject disables the use of cookies, not all features of our website may function fully.

4. Collection of General Data and Information

Each time the website of SaWe Fotografie is accessed by a data subject or an automated system, a series of general data and information is collected. This general data and information is stored in the server’s log files. The following may be collected:

  1. the browser types and versions used

  2. the operating system used by the accessing system

  3. the website from which an accessing system reaches our site (so-called referrer)

  4. the subpages visited on our website

  5. the date and time of access to the website

  6. the Internet Protocol address (IP address)

  7. the internet service provider of the accessing system

  8. other similar data and information that may be used in the event of attacks on our IT systems

When using this general data and information, SaWe Fotografie does not draw any conclusions about the data subject. Rather, this information is needed to:

  1. deliver the content of our website correctly

  2. optimize the content and advertising of our website

  3. ensure the long-term functionality of our IT systems and website technology

  4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack

These anonymously collected data and information are therefore statistically evaluated by SaWe Fotografie, with the aim of improving data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from any personal data provided by a data subject.

4.1 SSL Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries sent to us as site operators, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address bar from "http://" to "https://" and by the lock icon in your browser.

When SSL encryption is active, the data you transmit to us cannot be read by third parties.

5. Subscription to Our Newsletter

Users have the option to subscribe to the company’s newsletter on the SaWe Fotografie website. Which personal data is transmitted to the controller when subscribing to the newsletter is determined by the input form used.

SaWe Fotografie regularly informs its customers and business partners via a newsletter about company offers. The newsletter can only be received by the data subject if (1) they have a valid email address and (2) they register to receive the newsletter. For legal reasons, a confirmation email using the double opt-in procedure is sent to the email address entered by the data subject for the first time. This confirmation email serves to verify whether the owner of the email address has authorized the receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by the internet service provider (ISP) to the device used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to trace any (potential) misuse of a data subject’s email address at a later point in time and therefore serves the legal protection of the controller.

Use of Personal Data Collected During Newsletter Registration

The personal data collected during newsletter registration is used exclusively for sending the SaWe Fotografie newsletter. Newsletter subscribers may also be informed by email if such communication is necessary for operating the newsletter service or for registration, for example in the event of changes to the newsletter offer or technical updates.
There is no transfer of personal data collected through the newsletter service to third parties.
The newsletter subscription may be canceled at any time by the data subject. Consent to the storage of personal data given for the purpose of receiving the newsletter can be revoked at any time. A corresponding link for revocation is provided in every newsletter. Additionally, users can unsubscribe directly via the website of the controller or notify the controller in another way.

6. Newsletter Tracking

The newsletters of SaWe Fotografie contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to enable log file recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns.
Using the embedded tracking pixel, SaWe Fotografie can determine whether and when an email was opened by a data subject and which links in the email were clicked.

The personal data collected through tracking pixels is stored and analyzed by the controller to optimize the newsletter and better tailor future content to the interests of the data subject.
These personal data will not be passed on to third parties.
Data subjects may revoke their separate consent given via the double opt-in process at any time. After a revocation, such data will be deleted by the controller.
Unsubscribing from the newsletter will be interpreted by SaWe Fotografie as a withdrawal of consent.

7. Contact Option via Website

Due to legal requirements, the website of SaWe Fotografie contains information that enables quick electronic contact with the company, including a general email address.
If a data subject contacts the controller by email or via a contact form, the personal data transmitted voluntarily will be automatically stored.
Such personal data transmitted on a voluntary basis will be stored for the purpose of processing the inquiry or contacting the data subject.
There is no disclosure of these personal data to third parties.

8. Comment Function in the Blog

SaWe Fotografie offers users the option to leave individual comments on specific blog posts published on the website.
A blog is a publicly accessible portal where one or more people (bloggers) publish articles or express thoughts in blog posts. These posts can usually be commented on by third parties.

If a data subject leaves a comment on the blog published on this website, the comments, the time of submission, and the pseudonym (username) chosen by the data subject are stored and published.
Additionally, the IP address assigned by the internet service provider (ISP) to the data subject is logged.
This IP address is stored for security reasons and in case the comment violates third-party rights or contains illegal content.
This storage is in the legitimate interest of the controller to be able to defend itself legally if necessary.
These personal data are not shared with third parties unless legally required or for legal defense.

9. Subscription to Comments in the Blog

Users can subscribe to follow-up comments on the blog posts of SaWe Fotografie.
If a data subject opts to subscribe to comments, the controller will send a confirmation email using the double opt-in procedure to verify ownership of the provided email address.
The subscription to comments can be canceled at any time.

9.1 Sharing Blog Posts via Social Media

We offer the option to “share” our blog posts via social networks and platforms to communicate with customers, interested users, and inform them about our services and posts.

Please note that user data may be processed outside the European Union. This may pose risks to users, such as making it more difficult to enforce user rights.
For US-based providers certified under the Privacy Shield, we note that they are committed to complying with EU data protection standards.

User data may be processed for market research and advertising purposes. For example, user profiles may be created based on behavior and interests, which are then used to display ads inside and outside the platforms.
To do this, cookies are typically stored on the users’ devices, storing user behavior and interests. Profiles may also contain data independent of the device used (especially when users are logged into the platforms).

The processing of user data is based on our legitimate interest in effective user communication under Art. 6(1)(f) GDPR.
If the platform providers require users to give consent (e.g., by checking a box or clicking a button), the legal basis is Art. 6(1)(a) and Art. 7 GDPR.

For detailed information on each platform’s data processing and opt-out options, please refer to the following links:

  • Facebook (Facebook Ireland Ltd., Dublin, Ireland): Privacy Policy, Opt-Out, Your Online Choices, Privacy Shield

  • Google / YouTube (Google LLC, USA): Privacy Policy, Opt-Out, Privacy Shield

  • Instagram (Instagram Inc., USA): Privacy Policy / Opt-Out

  • Twitter (Twitter Inc., USA): Privacy Policy, Opt-Out, Privacy Shield

  • Pinterest (Pinterest Inc., USA): Privacy Policy / Opt-Out

  • LinkedIn (LinkedIn Ireland): Privacy Policy, Opt-Out, Privacy Shield

For data subject requests or exercising user rights, please contact the respective providers directly, as they have access to the data.
If you need assistance, feel free to contact us.

10. Routine Deletion and Blocking of Personal Data

The controller processes and stores personal data only for the time necessary to achieve the purpose of storage or as required by European regulations or other applicable laws.

Once the storage purpose no longer applies or a legally mandated retention period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

11. Rights of the Data Subject

a) Right to Confirmation
Every data subject has the right to obtain confirmation from the controller as to whether personal data concerning them is being processed.
If a data subject wishes to exercise this right, they can contact our data protection officer or another staff member of the controller at any time.

b) Right of Access
Every data subject has the right to obtain free information at any time about the personal data stored about them, along with a copy of this information. Furthermore, the data subject has the right to access the following information:

  • The purposes of processing

  • The categories of personal data being processed

  • b) Right of Access (continued)

  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations

  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

  • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing

  • The right to lodge a complaint with a supervisory authority

  • Where the personal data are not collected from the data subject: any available information as to their source

  • The existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) GDPR and—at least in those cases—meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

  • If a data subject wishes to exercise this right of access, they may contact our data protection officer or any other employee of the controller at any time.c) c)Right to Rectification

  • Every data subject has the right to request the immediate rectification of inaccurate personal data concerning them. Considering the purposes of the processing, the data subject also has the right to request the completion of incomplete personal data — including by means of providing a supplementary statement.

  • d) Right to Erasure ("Right to be Forgotten")

  • Every data subject has the right to request the erasure of personal data concerning them without undue delay, provided one of the following reasons applies and processing is not required:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed

  • The data subject withdraws consent and there is no other legal ground for the processing

  • The data subject objects to the processing under Article 21(1) or (2) GDPR, and there are no overriding legitimate grounds for the processing

  • The personal data have been unlawfully processed

  • The personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject

  • The personal data were collected in relation to the offer of information society services referred to in Article 8(1) GDPR

  • Where one of the above applies and the data subject wishes to request the erasure of personal data stored by SaWe Fotografie, they may contact our data protection officer or any employee of the controller. The request will be fulfilled immediately.

  • e) Right to Restriction of Processing

  • Every data subject has the right to request the restriction of processing under the following conditions:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy

  • The processing is unlawful, and the data subject opposes the erasure and instead requests restriction of use

  • The controller no longer needs the personal data for processing purposes, but they are required by the data subject for the establishment, exercise, or defense of legal claims

  • The data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject

  • If one of the above conditions is met, the data subject can contact the controller at any time to request restriction.

  • f) Right to Data Portability

  • Every data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance, where technically feasible and where processing is based on consent or a contract.

  • g) Right to Object

  • Every data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them that is based on Article 6(1)(e) or (f) GDPR.
    SaWe Fotografie shall no longer process the personal data unless compelling legitimate grounds override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

  • If SaWe Fotografie processes personal data for direct marketing purposes, the data subject shall have the right to object at any time. If an objection is made, the data will no longer be processed for such purposes.

  • h) Automated Individual Decision-Making, Including Profiling

  • Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them, unless the decision:

  • Is necessary for entering into, or performance of, a contract

  • Is authorized by Union or Member State law

  • Is based on the data subject’s explicit consent

  • SaWe Fotografie does not use automated decision-making or profiling.

  • i) Right to Withdraw Consent

  • Every data subject has the right to withdraw consent to the processing of their personal data at any time.

  • 12. Legal Basis for Processing

  • Art. 6(1)(a) GDPR serves as the legal basis for processing where consent is obtained for a specific purpose.
    If the processing of personal data is necessary for the performance of a contract, such as for delivery of goods or providing a service, it is based on Art. 6(1)(b) GDPR.
    If our company is subject to a legal obligation requiring processing (e.g., tax duties), Art. 6(1)(c) applies.
    Processing to protect vital interests of the data subject or another person is based on Art. 6(1)(d).
    Processing necessary for the legitimate interests of our company or a third party, unless overridden by the interests or rights of the data subject, is based on Art. 6(1)(f) GDPR.

  • 13. Legitimate Interests in Processing

  • Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is conducting our business for the well-being of all our employees and shareholders.

  • 14. Duration of Data Storage

  • The criteria for determining the duration of personal data storage is the respective statutory retention period. After expiration of that period, the relevant data is routinely deleted, provided it is no longer required for contract fulfillment or initiation.

  • 15. Provision of Personal Data as a Legal or Contractual Requirement

  • Providing personal data may be legally required (e.g., tax regulations) or may result from contractual provisions (e.g., information required for contract conclusion).
    In some cases, a data subject may be required to provide us with personal data, which we must subsequently process. Refusal to provide this data may prevent the conclusion of a contract.

  • Before personal data is provided, the data subject may contact us for clarification on whether provision is legally or contractually required and what consequences non-provision would entail.

  • 16. Existence of Automated Decision-Making

  • As a responsible company, we do not use automated decision-making or profiling.

Recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations

Where possible, the intended duration for which the personal data will be stored or, if this is not possible, the criteria used to determine that duration

The existence of the right to request rectification or erasure of personal data concerning the data subject, or restriction of processing by the controller, or to object to such processing

The existence of a right to lodge a complaint with a supervisory authority

Where the personal data are not collected from the data subject: any available information as to their source

The existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) GDPR, and — at least in those cases — meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to be informed whether personal data has been transferred to a third country or to an international organization. Where this is the case, the data subject also has the right to be informed about the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right of access, they may contact our data protection officer or any other employee of the controller at any time.

c) Right to Rectification

Every data subject affected by the processing of personal data has the right granted by the European legislator to request the immediate rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject also has the right to request the completion of incomplete personal data — including by means of a supplementary statement.

If a data subject wishes to exercise this right to rectification, they may contact our data protection officer or any other employee of the controller at any time.

d) Right to Erasure (Right to Be Forgotten)

Every data subject affected by the processing of personal data has the right granted by the European legislator to request from the controller the erasure of personal data concerning them without undue delay, where one of the following grounds applies and as long as the processing is not necessary:

  • The personal data were collected or otherwise processed for purposes for which they are no longer necessary.

  • The data subject withdraws the consent on which the processing was based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.

  • The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.

  • The personal data have been unlawfully processed.

  • The erasure of personal data is required for compliance with a legal obligation under Union or Member State law to which the controller is subject.

  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If one of the above reasons applies and a data subject wishes to request the deletion of personal data stored by SaWe Fotografie, they may contact our data protection officer or any other employee of the controller at any time. The data protection officer of SaWe Fotografie or another employee will ensure that the erasure request is complied with promptly.

Where SaWe Fotografie has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, SaWe Fotografie, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the published personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, insofar as processing is not required. The data protection officer of SaWe Fotografie or another employee will arrange the necessary measures in individual cases.

e) Right to Restriction of Processing

Every data subject affected by the processing of personal data has the right granted by the European legislator to request the restriction of processing where one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

  • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.

  • The controller no longer needs the personal data for the purposes of the processing, but the data are required by the data subject for the establishment, exercise, or defense of legal claims.

  • The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by SaWe Fotografie, they may contact our data protection officer or any other employee of the controller at any time. The data protection officer of SaWe Fotografie or another employee will arrange for the restriction of processing.

f) Right to Data Portability

Every data subject affected by the processing of personal data has the right granted by the European legislator to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data were provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In exercising their right to data portability pursuant to Article 20(1) GDPR, the data subject also has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject may contact the data protection officer appointed by SaWe Fotografie or any other employee at any time.

  • g) Right to Object

  • Every data subject has the right, granted by the European legislator, to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

  • If a data subject objects, SaWe Fotografie will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

  • If SaWe Fotografie processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, SaWe Fotografie will no longer process the personal data for these purposes.

  • Additionally, the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

  • To exercise the right to object, the data subject may contact the data protection officer of SaWe Fotografie or any employee of the controller. The data subject is also free to exercise their right to object using automated means involving technical specifications, in the context of the use of information society services, notwithstanding Directive 2002/58/EC.

  • h) Automated Individual Decision-Making, Including Profiling

  • Every data subject has the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or similarly significantly affects them, unless the decision:

  • Is necessary for entering into or performance of a contract between the data subject and the controller,

  • Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or

  • Is based on the data subject’s explicit consent.

  • If the decision:

  • is necessary for the conclusion or performance of a contract, or

  • is based on the data subject’s explicit consent,

  • SaWe Fotografie will implement suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.

  • To assert rights relating to automated decisions, the data subject may contact the data protection officer or another employee at any time.

  • i) Right to Withdraw Consent

  • Every data subject has the right to withdraw consent to the processing of their personal data at any time.

  • To exercise the right to withdraw consent, the data subject may contact the data protection officer or any employee of SaWe Fotografie at any time.

  • 12. Data Protection Provisions Regarding the Use of Facebook

  • The controller has integrated components of the company Facebook on this website. Facebook is a social networking service.

  • A social network is an online community that typically allows users to communicate and interact with each other in a virtual space. It may serve as a platform for opinion sharing and experience exchange, or it may allow users to provide personal or business-related information. Facebook allows users to create private profiles, upload photos, and connect via friend requests.

  • The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For individuals living outside the USA or Canada, the controller responsible for data processing is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

  • With every visit to one of the individual pages of this website that is operated by the controller and on which a Facebook component (Facebook plugin) has been integrated, the internet browser on the data subject’s computer system is automatically prompted by the Facebook component to download a display of the corresponding Facebook component from Facebook. An overview of all Facebook plugins can be accessed at:
    https://developers.facebook.com/docs/plugins/?locale=de_DE

  • During this technical process, Facebook is informed about which specific subpage of our website was visited by the data subject.

  • If the data subject is logged in to Facebook at the same time, Facebook detects with each visit to our website — and for the entire duration of the stay — which specific subpage of our website the data subject visits. This information is collected by the Facebook component and associated by Facebook with the data subject’s Facebook account. If the data subject clicks on one of the Facebook buttons integrated into our website, such as the “Like” button, or if the data subject submits a comment, Facebook assigns this information to the data subject’s personal Facebook account and stores this personal data.

  • Facebook receives information via the Facebook component that the data subject has visited our website, provided the data subject is logged in to Facebook at the time of the visit — regardless of whether they click on the Facebook component or not. If such a transmission of information to Facebook is not desired by the data subject, they can prevent the transmission by logging out of their Facebook account before visiting our website.

  • The data policy published by Facebook, available at
    https://de-de.facebook.com/about/privacy/,
    provides information on the collection, processing, and use of personal data by Facebook. It also explains the privacy settings Facebook offers to protect the data subject’s privacy. Various applications are also available that can be used to prevent the transmission of data to Facebook.

Facebook

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the time of accessing our website—regardless of whether the person clicks on the Facebook component or not. If the data subject does not wish for this information to be transmitted to Facebook, they can prevent such transmission by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains the privacy settings Facebook offers to protect the data subject’s privacy. In addition, there are various applications available that make it possible to block the transmission of data to Facebook. The data subject can use such applications to prevent the transfer of information to Facebook.

13. Privacy Policy on the Use and Application of Google Remarketing

The controller has integrated Google Remarketing services on this website. Google Remarketing is a feature of Google Ads that enables a business to display advertisements to internet users who have previously visited the website of the controller. The integration of Google Remarketing therefore allows a business to create user-related advertising and thus to display interest-relevant advertisements to the internet user.

The operating company of the Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of Google Remarketing is the display of interest-relevant advertising. Google Remarketing allows us to display advertisements via the Google advertising network or to have them shown on other websites that are tailored to the individual needs and interests of internet users.

Google Remarketing sets a cookie on the information technology system of the data subject. By setting the cookie, Google is able to recognize a visitor to our website when they later visit websites that are also members of the Google advertising network. Each time a website on which the Google Remarketing service has been integrated is accessed, the data subject’s internet browser automatically identifies itself to Google. As part of this technical process, Google gains knowledge of personal data, such as the user's IP address or browsing behavior, which Google uses, among other things, for displaying interest-relevant advertising.

The cookie is used to store personal information, such as the web pages visited by the data subject. Each time our web pages are visited, personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States. Google may pass this personal data collected through the technical procedure to third parties.

The data subject can prevent the setting of cookies by our website at any time, as described above, by means of a corresponding setting in the internet browser used and thereby permanently object to the setting of cookies. Such a setting in the internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Google can be deleted at any time via a web browser or other software programs.

Furthermore, the data subject has the possibility to object to interest-based advertising by Google. To do so, the data subject must access the link https://adssettings.google.com/authenticated from each of the internet browsers they use and configure the desired settings.

More information and the applicable privacy policy of Google can be retrieved at https://policies.google.com/privacy.

13. Privacy Policy Regarding the Use of Google Remarketing

The data controller has integrated Google Remarketing services on this website. Google Remarketing is a feature of Google AdWords that enables a company to display advertisements to Internet users who have previously visited the company’s website. The integration of Google Remarketing allows a company to create user-targeted advertising and display interest-based ads to users accordingly.

The operating company of Google Remarketing services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is the display of interest-based advertising. Google Remarketing enables us to display ads within the Google advertising network or on other websites that are tailored to the individual needs and interests of users.

Google Remarketing sets a cookie on the IT system of the person concerned. What cookies are has been explained above. By placing the cookie, Google is enabled to recognize a visitor to our website when they later visit other websites that are also part of the Google advertising network. With each visit to a website on which Google Remarketing has been integrated, the Internet browser of the data subject automatically identifies itself to Google. As part of this technical process, Google gains knowledge of personal data, such as the user’s IP address or browsing behavior, which Google uses, among other things, to display interest-based advertising.

Personal information such as the websites visited by the data subject is stored via the cookie. Each time our website is visited, personal data—including the IP address of the Internet connection used by the data subject—is transmitted to Google in the United States of America. This personal data is stored by Google in the United States. Google may share this personal data collected via this technical process with third parties.

The data subject may prevent the setting of cookies by our website at any time by adjusting the settings of the Internet browser used, as explained above, and thus permanently object to the setting of cookies. Such a browser setting would also prevent Google from setting a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics may be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the person must access the link www.google.de/settings/ads from each Internet browser they use and set their desired preferences.

Further information and Google's applicable privacy policy can be accessed at:
https://www.google.de/intl/de/policies/privacy/

14. Privacy Policy Regarding the Use of Google AdWords

The data controller has integrated Google AdWords on this website. Google AdWords is an online advertising service that allows advertisers to display ads both in Google’s search engine results and across the Google advertising network. Google AdWords enables advertisers to pre-define specific keywords that will trigger the display of ads in Google’s search results only when the user performs a keyword-relevant search. Within the Google advertising network, the ads are distributed to relevant websites using an automatic algorithm that takes the previously defined keywords into account.

The operating company of Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website by displaying interest-based advertising on third-party websites and within the search engine results of Google, and by showing third-party advertising on our own website.

If a data subject arrives at our website via a Google ad, Google places a so-called conversion cookie on the data subject’s IT system. What cookies are has already been explained above. A conversion cookie expires after thirty days and is not used to identify the individual. Through the conversion cookie, it is possible to track whether certain sub-pages, such as the shopping cart of an online shop, have been accessed on our website—provided the cookie has not yet expired. This allows both us and Google to determine whether a person who arrived via an AdWords ad completed a purchase or abandoned it.

The data and information collected via the conversion cookie are used by Google to create visit statistics for our website. These statistics help us determine the total number of users referred to us via AdWords ads, assess the effectiveness of our ads, and optimize future AdWords campaigns. Neither our company nor other AdWords advertisers receive any information from Google that could identify the user.

Personal information, such as the websites visited by the data subject, is stored through the conversion cookie. Each time our website is visited, personal data—including the IP address of the Internet connection used by the data subject—is transmitted to Google in the United States of America. This personal data is stored by Google in the United States and may be shared with third parties.

The data subject may prevent the setting of cookies by our website at any time by adjusting the settings of the browser used and thus permanently object to the use of cookies. Such a setting would also prevent Google from placing a conversion cookie on the user's system. Additionally, a cookie already set by Google AdWords can be deleted at any time via the browser or other software programs.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do so, the person must access the link www.google.de/settings/ads from each browser they use and make the appropriate settings there.

Further information and Google's privacy policy can be accessed at:
https://www.google.de/intl/de/policies/privacy/

14.1 Google Analytics

This website uses features of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files stored on your computer that allow analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

The storage of Google Analytics cookies is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both their website and advertising.

IP Anonymization

We have activated the IP anonymization feature on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and Internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

15. Privacy Policy Regarding the Use of Instagram

The data controller has integrated components of the Instagram service on this website. Instagram is a platform that qualifies as an audiovisual service and allows users to share photos and videos, as well as distribute such content across other social networks.

The operating company of Instagram’s services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Every time one of the individual pages of this website, which is operated by the data controller and on which an Instagram component (Instagram button) has been integrated, is accessed, the web browser on the information technology system of the data subject is automatically instructed by the respective Instagram component to download a representation of the corresponding Instagram component from Instagram. Through this technical process, Instagram gains knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is simultaneously logged into Instagram, Instagram recognizes with every visit to our website by the data subject—and for the entire duration of the respective stay on our website—which specific subpage the data subject visits. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information transmitted in this context are assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.

Instagram is always informed via the Instagram component that the data subject has visited our website if the data subject is logged into Instagram at the time of the visit; this happens regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this transmission of information to Instagram, they can prevent it by logging out of their Instagram account before visiting our website.

Further information and Instagram’s applicable data protection provisions can be accessed at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

16. Data Protection Provisions on the Use of YouTube

The data controller has integrated YouTube components on this website. YouTube is an online video platform that allows video publishers to upload video clips for free and other users to watch, rate, and comment on them also for free. YouTube allows publishing all kinds of videos, so entire movies and TV shows, as well as music videos, trailers, or user-generated videos, can be accessed via the portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Every time one of the individual pages of this website, operated by the data controller and containing a YouTube component (YouTube video), is accessed, the web browser on the information technology system of the data subject is automatically instructed by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/de/. Through this technical process, YouTube and Google gain knowledge of which specific subpage of our website the data subject visits.

If the data subject is simultaneously logged into YouTube, YouTube recognizes with the access to a subpage containing a YouTube video which specific subpage of our website the data subject visits. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google are always informed via the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the time of the visit; this happens regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want such transmission of information to YouTube and Google, they can prevent it by logging out of their YouTube account before visiting our website.

The data protection provisions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing, and use of personal data by YouTube and Google.

17. Google Maps Plugin

We use a plugin from the internet service Google Maps on our website. Google Maps is operated by Google Inc., based in the USA, CA 94043, 1600 Amphitheatre Parkway, Mountain View. By using Google Maps on our website, information about the use of this website and your IP address is transmitted to a Google server in the USA and stored there. We do not know the exact content of the transmitted data nor its use by Google. Google denies in this context a connection of the data with information from other Google services and the collection of personal data. However, Google can transmit the information to third parties. If you disable JavaScript in your browser, you prevent Google Maps from running, but then you cannot use the map display on our website. By using our website, you consent to the described collection and processing of information by Google Inc. More details about the data protection provisions and terms of use for Google Maps can be found here: https://www.google.com/intl/de_de/help/terms_maps.html.

18. Twitter

Within our online offering, functions and content from the service Twitter, provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be integrated. These may include content such as images, videos, or texts and buttons with which users can express their approval of the content, subscribe to the authors of the content or our posts. If users are members of the Twitter platform, Twitter can assign the call of the above content and functions to the users' profiles there. Twitter is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.

19. Legal Basis for Processing

Article 6(1)(a) GDPR serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If processing personal data is necessary for the performance of a contract to which the data subject is a party, such as for delivering goods or providing other services, processing is based on Article 6(1)(b) GDPR. The same applies to processing required to carry out pre-contractual measures, e.g., inquiries about our products or services. If we are subject to a legal obligation requiring the processing of personal data, e.g., for fulfilling tax obligations, processing is based on Article 6(1)(c) GDPR. In rare cases, processing may be necessary to protect vital interests of the data subject or another natural person, e.g., if a visitor to our business is injured and their name, age, health insurance data, or other vital information must be passed to a doctor, hospital, or third parties. This would be based on Article 6(1)(d) GDPR. Finally, processing can be based on Article 6(1)(f) GDPR if it is necessary for legitimate interests pursued by us or a third party, provided the interests, fundamental rights, and freedoms of the data subject do not override them. Such processing is permitted because the European legislator specifically mentioned it, considering a legitimate interest could exist if the data subject is a customer of the controller (Recital 47 sentence 2 GDPR).

21. Legitimate Interests Pursued by the Controller or a Third Party

If processing is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activity in favor of the well-being of all our employees and shareholders.

20. Duration of Storage of Personal Data

The criterion for the duration of storing personal data is the respective statutory retention period. After this period expires, the corresponding data is routinely deleted unless it is still required for contract fulfillment or contract initiation.

21. Legal or Contractual Requirements for Providing Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Provision

We inform you that the provision of personal data is partly legally required (e.g., tax regulations) or may also arise from contractual arrangements (e.g., information about the contractual partner). Sometimes it is necessary for the conclusion of a contract that the data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would result in the contract not being concluded with the data subject. Before providing personal data, the data subject should contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for contract conclusion, whether there is an obligation to provide personal data, and what consequences would arise from non-provision.

24. Existence of Automated Decision-Making

As a responsible company, we refrain from automated decision-making or profiling.

Date: 01/2022

Download privacy policy as PDF: Click here

Link to our currently valid TfP contracts

Link to the privacy page specifically for Facebook: (click here)

Home | Imprint | Terms and Conditions | Privacy Policy | Accessibility

© 2025 All Rights Reserved

bottom of page