top of page
Dan Duane Black.png

Privacy Policy

 

Responsible Party
Dan Duane Photography
Einsteinstraße 131
81675 Munich

Authorized representative: Daniel Lim
Email: daniel@danduanephotography.de
Phone: 015755869730
Imprint: https://danduanephotography/datenschutz

Overview of Data Processing

Below is an overview of the types of data we process, the purposes for which we process them, and the categories of affected persons.

Types of Data Processed

  • Basic data (e.g., names, addresses)

  • Content data (e.g., entries in online forms)

  • Contact data (e.g., email, phone numbers)

  • Meta/communication data (e.g., device information, IP addresses)

  • Usage data (e.g., visited websites, interest in content, access times)

 

Categories of Affected Persons

  • Communication partners

  • Users (e.g., website visitors, users of online services)

 

Purposes of Processing

  • Direct marketing (e.g., by email or post)

  • Feedback (e.g., collecting feedback via online form)

  • Marketing

  • Contact requests and communication

 

Legal Bases for Processing

We process personal data based on the following legal bases under the GDPR. Please note that, in addition to the GDPR, national data protection regulations in your or our country of residence may apply.

  • Consent (Art. 6(1)(a) GDPR): The data subject has given consent for one or more specific purposes.

  • Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract.

  • Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless overridden by the interests or fundamental rights and freedoms of the data subject.

 

National Data Protection Laws in Germany
In addition to the GDPR, national data protection laws (e.g., the German Federal Data Protection Act—BDSG) apply. These may include special rules regarding access rights, deletion, objection, processing of special categories of personal data, and rules for employment relationships.

 

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of processing.

Measures include securing the confidentiality, integrity, and availability of data by controlling physical and electronic access, input, transfer, availability, and separation of data. We have procedures for exercising data subject rights, deleting data, and responding to data threats. We also consider data protection in the development or selection of hardware, software, and procedures according to the principle of privacy by design and by default.

SSL Encryption (https)
We use SSL encryption to protect your data transmitted via our online offering. You can recognize encrypted connections by the prefix https:// in your browser’s address bar.

Transfer of Personal Data

In the course of processing, personal data may be transmitted to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients may include IT service providers or providers of services and content integrated into the website. In such cases, we comply with legal requirements and enter into appropriate agreements to protect your data.

 

Data Processing in Third Countries

If we process data in a third country (i.e., outside the EU/EEA), or if this occurs in the context of using third-party services or disclosure/transfer of data to other persons or companies, this is only done in accordance with legal requirements.

Unless explicit consent has been given or transfer is contractually or legally required, we only process or allow data to be processed in third countries with an adequate level of data protection, contractual obligations (EU standard contractual clauses), certifications, or binding internal data protection rules.

 

Deletion of Data

We delete processed data in accordance with legal requirements as soon as consent is revoked or other permissions cease to apply (e.g., the purpose for processing no longer exists).

If data is not deleted because it is required for other legally permissible purposes, its processing is restricted to those purposes. For example, data required to be retained for commercial or tax law reasons, or for the assertion, exercise, or defense of legal claims, will not be deleted but restricted.

Our privacy notices may contain further information on retention and deletion specific to individual processing activities.

Use of Cookies

Cookies are text files containing data from visited websites or domains stored by a browser on the user’s computer. Cookies primarily store information about a user during or after their visit to an online offering.

 

Types of Cookies

  • Temporary (session) cookies: Deleted after the user leaves the website and closes the browser.

  • Permanent cookies: Remain stored after the browser is closed and can save login status or preferences.

  • First-party cookies: Set by us.

  • Third-party cookies: Set by third parties, mainly for advertising or analytics purposes.

  • Necessary cookies: Essential for website operation (e.g., logins, security).

  • Statistics, marketing, and personalization cookies: Used for analytics, marketing, or to personalize content.

 

Legal Basis
If we ask for your consent to use cookies, the legal basis is your consent. Otherwise, cookies are used based on our legitimate interests or if necessary to fulfill our contractual obligations.

Storage Duration:
Unless specified otherwise, permanent cookies may be stored for up to two years.

 

Withdrawal and Objection (Opt-Out)
You can withdraw consent or object to processing by cookie technologies at any time via your browser settings or opt-out services such as https://optout.aboutads.info and https://www.youronlinechoices.com.

 

Cookie Consent Management
We use a cookie consent management system to obtain and manage user consent for cookies. Consent is stored for up to two years.

 

Contact and Inquiry Management

When you contact us (e.g., via contact form, email, phone, or social media), we process your data as necessary to respond to your inquiry and any requested actions.

 

Legal Basis
Processing is for the performance of a contract or pre-contractual measures, or based on our legitimate interest in responding to inquiries.

 

Social Media Presences

We maintain online presences on social networks and process user data to communicate or provide information there.

Please note that user data may be processed outside the EU, which may pose risks (e.g., difficulty enforcing user rights). Data may also be used for market research and advertising purposes, including profiling and targeted ads. Cookies may be used for these purposes.

For details and opt-out options, see the privacy policies of the respective networks.

 

Facebook
We are jointly responsible with Facebook Ireland Ltd. for data collection on our Facebook page. For more information, see Facebook’s Data Policy: https://www.facebook.com/policy

Instagram
Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Privacy Policy: https://instagram.com/about/legal/privacy

 

Changes and Updates to this Privacy Policy

Please check this privacy policy regularly. We update it as necessary to reflect changes in our data processing. We will notify you if changes require your cooperation (e.g., consent) or other individual notification.

 

Rights of Data Subjects

Under the GDPR, you have the following rights:

  • Right to object: You may object at any time to processing of your personal data for reasons relating to your particular situation or for direct marketing purposes.

  • Right to withdraw consent: You may withdraw consent at any time.

  • Right of access: You have the right to request confirmation as to whether data concerning you is being processed, and to obtain information and a copy of such data.

  • Right to rectification: You have the right to request completion or correction of your data.

  • Right to erasure and restriction: You have the right to request deletion or restriction of your data under legal conditions.

  • Right to data portability: You have the right to receive your data in a structured, commonly used, and machine-readable format or to have it transmitted to another controller.

  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully.

 

Definitions

  • Personal data: Any information relating to an identified or identifiable natural person.

  • Controller: The person or entity that determines the purposes and means of processing personal data.

  • Processing: Any operation performed on personal data, whether or not by automated means (e.g., collection, storage, use, transfer, deletion).

 

bottom of page