My Highland Photography
Our website address is: https://www.myhighlandphotography.com.
1. Privacy statement
Thank you for visiting our website. We would like to inform you that your data is handled in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
The party named in the imprint below is responsible for the data collection and processing.
Storing of the IP address
We store the IP address transmitted by your web browser for a maximum period of 30 days. We do this in order to be able to detect, limit and eliminate attacks on our web pages. In order to trace the source of such attacks, the IP address must be temporarily stored. After this period, we delete the IP address. The legal basis is Art. 6 para. 1 lit. f) GDPR.
When you visit our websites, the so-called usage data is temporarily stored as a protocol on our web servers for statistical purposes. We use one.com as our server. In addition, usage data may be used to improve the quality of our websites. The legal basis is Art. 6 para. 1 lit. f. This data set consists of:
- The page from which the file was requested
- The name of the file
- The date and time of the query
- The amount of data transferred
- The access status (file transferred or file not found)
- The description of the type of the web browser used
- The IP address of the requesting computer
Ordering of photo products
If you order a product from us, we store the following data:
- The page from which the file was requested
- The name of the file
- The date and time of the query
- The amount of data transferred
- The access status (file transferred, or file not found)
- The description of the type of the web browser used
- The IP address of the requesting computer
- The image files you transmit
- ther information provided by you, such as your e-mail address, name, address
We store this data regularly for 6 months, but we might store it for a little longer in case of an order or a complaint.
The period of 6 months is needed for an order for possible legal defence, this is required within the framework of warranty law within the consumer-friendly period of § 477 BGB (on the basis of Directive 1999/44/EC of the European Parliament and Council of 25 May 1999) and necessary to be able to review claims asserted.
A longer storage beyond this is possible for legally compelling reasons, such as accounting reasons.
Your full IP address is stored for 90 days only.
2. Data transfer to third parties
Data transfer to third parties
We transfer your data to service providers who supports us in the operation of our websites and the associated processes in accordance with Art. 28 GDPR. Our service providers are strictly bound to our instructions and are contractually bound accordingly. We use the following service providers:
We use these services to improve and monitor our website: emarsys, SalesForce, Facebook Business Manager – Facebook Custom Audience List, Google – Google Customer Match List, intelliAd, Google Analytics, Google AdSense, Google Adwords, and Youtube
We work in conjunction with the following marketing partners to carry out marketing measures: Google Adwords, Google AdSense, Google Display Network, Youtube, Bing, Facebook, as well as Afilliate Networks (Awin, Flexoffers, Cross sell, Zanox, Affilinet, Webgains, Tradetracker, Daisycon, CJ Affiliate by Conservant, Belboon, Adcell) and their respective affiliated partners.
These marketing partners checks whether or not you have reached our site by clicking on an advertising campaign item. This gives us the opportunity to develop targeted marketing strategies and ensuring an optimal advertising experience for you as a user.
For the dispatch of newsletters in mail and print form we use: TBC.
In all other respects, we use the special offers of My Highland Photography. Therefore, the following applies in the case of an order:
For the selection of an offer that is currently of regional interest to you, we will pseudonymise and encrypt the form of your address, year of birth, country, postcode, hash value of the e-mail address and your IP address to transfer to My highland Photography (MHP) (Sovendus) (Art. 6 Para.1 f GDPR). The pseudonymised hash value of the e-mail address is also used to take account of a possible objection to advertising by MHP (Art. 21 para. 3, Art. 6 para. 1 c GDPR). The IP address is used by MHP exclusively for data security purposes and as a rule, it is anonymised after seven days (Art. 6 Para.1 f GDPR).
When you click on a special offer, MHP will also receive your name, your address data, and your e-mail address in encrypted form in preparation for the personalised request for the special offer from the product provider (Art. 6 Para.1 b, f GDPR).
Voucher offers of MHP: In order to select a currently interesting voucher offer for you, we will transmit your pseudonymised hash value of your e-mail address and your IP-address in encrypted form to MHP (Art. 6 par. 1 f GDPR). The pseudonymised hash value of your e-mail address is used to consider a possibly existing objection to receive offers from MHP (Art. 21 par.3, Art. 6 par. 1 c GDPR). The IP-address will be exclusively used for data security purposes and as a rule the same will be anonymised after seven days (Art. 6 Abs.1 f DSGVO). Furthermore, we will transmit order number, order value with currency, session ID, coupon code, and time stamp in pseudonymised form to MHP for billing purposes (Art. 6 Abs.1 f DSGVO). If you are interested in a voucher offer of MHP, while there is no objection existing to receive such offers, and if you click on the voucher banner, we will transmit your form of address, your name and your e mail address in encrypted form to MHP to prepare a voucher (Art. 6 par. 1 b, f GDPR).
Data transfer to third countries
In some cases, we transfer personal data to a third country outside the EU, however, we always ensure that an appropriate level of data protection is maintained as illustrated below:
In case of data transfer to the USA, an appropriate level of data protection follows from the corresponding participation of the service providers in the Privacy Shield Agreement (Art. 45 para. 1 GDPR).
In case of EU countries, the EU Commission has decided on an appropriate level of data protection in accordance with Art. 45 para. 1 GDPR.
We use first party and third party cookies as session and permanent cookies on our websites. The processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR and the willing to optimise or enable user guidance and adapting the presentation of our website.
The following tools set cookies on our website and collect personal data. Especially the IP address and User-ID:
Facebook Ads (to evaluate social media marketing projects, stores the data for a maximum of 2 years),
Twitter Connect (to connect to our social media accounts, stores the data for a maximum of 30 days), Instagram (link to connect to our social media accounts, stores the data until deleted manually), Pinterest (link to connect to our social media accounts, stores the data for a maximum of 30 days), Google+ platform (link to connect to our social media accounts, stores the data for a maximum of 2 years), Facebook Connect (to connect to our social media accounts, stores the data for a maximum of 5 years),
Google Analytics (only stores an anonymized IP address for web analysis, stores the data for a maximum of 2 years),
IntelliAd (for web analysis, stores the data for a maximum of 100 days),
Olark (as chat tool for support requests),
Google Certified (as a tool for customer reviews, stores the data for a maximum of 2 years), Trusted Shops (as a tool for customer reviews), eKomi (as a tool for customer reviews),
Sovendus (as an advertising partner for discounts, anonymizes the data after 7 days and deletes them after 2 years),
Rocket Fuel/Sizmek (as advertising partner),
and first party cookies (for website functionality).
You can set your browser, so that it informs you about the placement of cookies. This makes the used cookies available to you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies (opt-out). Please note that our web pages may not be displayed optimally and that some functions may no longer be technically available.
For more information, please refer to the following explanations:
4. Tracking tools
Google Analytics and IntelliAd
The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, because we have activated IP anonymisation on this website, your IP address will be shortened by Google within member states of the European Union beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the USA (an appropriate level of data protection is available according to Art. 45 para. 1 GDPR through Google’s participation in the Privacy Shield) and only shortened there. We have concluded a contract with Google Inc. (USA) for order processing in accordance with Art. 28 GDPR. Google may therefore only use all information strictly for the purpose of evaluating the use of our website for us and compiling reports on website activities.
You can object to the processing at any time. Please use one of the following options:
- You can also prevent Google from collecting the data generated by the cookies that is related to your use of the website (including your IP address), and from processing this data by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).
- You can also prevent collection by Google Analytics by clicking on the following link: Click here to object the processing of your data by Google Analytics.. This link will set the opt-out cookie to permanently prevent the collection of your data made by Google Analytics.
- To opt-out from IntelliAd, please click here: https://login.intelliad.com/optout.php
We use retargeting technologies from Adobe Media Optimizer AMO in conjunction with Google, Facebook, and Bing to offer you advertising on other websites that is tailored to your interests.
Data processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR. The functionality of these tools is explained using Google as an example and applies accordingly to all retargeting technologies.
When you visit our website, recognition features of your browser or terminal device is retrieved, your IP address is evaluated or a recognition feature is stored as a small text file (e.g. so-called third party cookie) on your device. Your usage behaviour is recorded when you visit various websites. The characteristics are designed pseudonymously. If you are logged in with your Google account, these features can be assigned directly to your profile. Google may link and store your visits to our websites with your characteristics in order to display targeted advertising on other websites. This way Google can also determine your previous visits to our website. Your device and browser are recognized by Google, when you visit a page that displays ads on Google’s behalf.
Below you will find more information about the conversion tools.
Google Conversion Tool: This website also uses Google Conversion tool for pseudonymous internal analysis of the effectiveness of ads placed. If you access our website from another website by clicking on one of our advertisements (text ads, banners) placed there, a cookie will be stored in your browser program by an advertising banner there. If the banner is an advertising campaign commissioned by Google, Google will set a corresponding cookie when the banner is clicked. Neither we nor our conversion partner can see other websites that you have visited. We do not collect or receive any information that personally identifies you. The information collected through conversion tracking is used solely to compile statistics on the success and in the use of our campaigns. These cookies expire after 30 days. The legal basis for the usage of cookie technology is Art. 6 Para. 1 f) GDPR. If you do not wish to participate in this analysis, you can deactivate the setting of cookies via browser settings or by going here: http://optout.networkadvertising.org/?C=1#!/
The information that you as an anonymous page visitor access our website via a Picanova advertising banner is read from your cookie and processed anonymously by us and our respective conversion partner (e.g. Google). Personal data about you will not be passed on.
Bing Conversion Tool: This website also uses the Bing Conversion Tracking analysis service of Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399) to measure the success of other switched advertising measures. Microsoft sets a cookie on your computer when you access our website via a Pivanova ad from the Microsoft advertising network. These cookies expire after 30 days and are not used for personal identification. Using Bing Conversion Tracking, we and Microsoft can see that someone clicked on our ad within the Microsoft advertising network and was directed to our site. However, we cannot see which other websites you visited. The information collected with Bing Conversion Tracking is used solely to compile statistics on the success and use of our advertising campaigns. However, we do not collect or receive any information that personally identifies users. The legal basis for this use of cookie technology is Art. 6 Para. 1 f) GDPR.
If you do not wish to participate in Bing Conversion Tracking, you can also reject the setting of the cookie required for this – for example, by using a browser option that generally deactivates the automatic setting of cookies. To do so, simply click on the following link here:
and confirm your objection on pages to be reached via this link. Further information and setting options for advertising measures by Microsoft can be found here:
The information that you, as an anonymous page visitor, access our website via our advertising banner is read from your cookie and processed anonymously by us and Microsoft. However, personal data about you will not be passed on.
We may include keywords on our websites that contains statements about the content of the website, such as products offered. We use Google Tag Manager, Visual Website Optimizer (VWO) and Adobe Media Optimizer (AMO), Google Adwords. The following example of Google explains how it works. Google receives these keywords which contain neither personal nor sensitive information. When you visit a page with specific product keywords, Google stores and assigns them to your pseudonyms. This link enables Google to determine whether or not any of our advertisements is shown to you.
As soon as you use the same browser program to visit other websites on the Internet whose operators have integrated advertising spaces of the Google Display advertising network, the information from the cookie is automatically read out by this website operator and displayed in the advertising banner for displaying presumably interesting contents for you. This information is not stored by the other site operators beyond this temporary anonymous evaluation.
Facebook Conversion Technology: We use the “Facebook Remarketing” service on our website. The Facebook remarketing technology allows users who have visited our website to be addressed again through targeted advertising on Facebook websites. However, we do not collect or receive information about which Facebook users actually receive targeted advertising. We are not able to identify individual users here either. The legal basis for this data processing is Art. 6 para. 1 f) GDPR. To do so, simply click on the following link https://www.facebook.com/policies/cookies/ and confirm your objection on the page to be reached via this link.
For more information about the purposes and scope of Facebook’s collection and processing of your personal data, as well as the setting options to protect your privacy on Facebook, please see the Facebook Data Policy. You can opt-out through the Digital Advertising Alliance in the United States, the Digital Advertising Alliance in Canada, the European Interactive Digital Advertising Alliance in Europe, or your device settings so that you do not see interest based online ads from Facebook and other participating companies.
The Facebook Conversion Pixel lets Facebook and us know that someone clicked on our Facebook ad and was directed to our page. The information generated by the cookie and/or the graphics about your use of this website is transferred to a Facebook server in the USA and stored there. Facebook uses the information obtained this way to evaluate your usage behaviour with respect to Facebook ads. Facebook may also transfer this information to third parties when required to do so by law, or when such third parties process the information on Facebook’s behalf. Facebook does not associate your IP address with other data stored by Facebook.
Cross Device Remarketing
Google can technically link the pseudonymous features of e.g. your end devices such as tablet, smartphone and email inbox (cross device marketing). It is a prerequisite that you have agreed to this data processing with Google in the past. This enables Google to carry out targeted advertising campaigns on different end devices. We use this to evaluate our marketing strategies. The legal basis is Art 6 Para. 1 lit. f GDPR.
Your data will be transmitted to Google and stored in the USA. According to Art. 45 para. 1 GDPR, Google’s participation in the Privacy Shield provides an adequate level of data protection. We have worked with Google Inc. (USA) and concluded a contract for order processing in accordance with Art. 28 GDPR. Google may therefore only use all the information strictly for the purpose of evaluating the use of our website for us and compiling reports on website activities.
You can object to this according to Art. 21 GDPR at any time. Please click on the following link: https://support.google.com/ads/answer/7395996?hl=en
6. Marketing tools
To customize our website, we use Visual Website Optimizer VWO, Adobe Media Optimizer AMO and Google Tag Manager, Google Attribution.
Google Tag Manager manages tags (code elements on the site) that measure traffic, visitor’s behaviour, and the impact of online advertising and social channels. It also uses remarketing and targeting processes, in addition to testing and optimizing the website.
Google Attribution offers us the possibility to evaluate the data of Google Analytics and Google Adwords bundled in one tool.
For further information see point 3ff.
7. Google Image Tagging
Following the ordering process, the transmitted image file is automatically analyzed in reduced graphic resolution by the service “Google Image Tagging”. Here, the image file is evaluated anonymously and provided with so-called generic “tags” depending on the respective motif (for example: family, wedding, pet, architecture …).
Through this image analysis, the interests of our customers are evaluated and provided with keywords (so-called “tags”). These abstracted “tags” are used exclusively for internal company purposes, as well as to enable interest-specific direct marketing measures (such as topic-related e-mail newsletters) on current offers for our products by us.
You have the opportunity to decide against this analysis. Just click here then your picture will not be analyzed.
8. Social Media Plugins
For data protection reasons, we do not integrate social plug-ins directly into our website. When you visit our pages, no data is transmitted to social media services such as Facebook, Instagram, Twitter, XING or Google+. Profiling by third parties is thus, excluded. The integration of pages only serves the purpose of forwarding to our accounts.
You can still share selected pages with one click on Facebook, Twitter, Pinterest or Google+ buttons and also see how often they have been shared in the past.
9. Explanation of safety measures
In order to protect your data from unwanted access as comprehensively as possible, we take technical and organizational measures. We use an encryption method on our pages. Your information is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line starts with https://
10. User rights
Your rights as a user
When processing your personal data, the GDPR grants you as a website user certain rights:
- Right to information (Art. 15 GDPR):
- You have the right to request confirmation as to whether personal data concerning you is processed; if this is the case, you have a right of access to this personal data and to the information specified in Article 15 of the GDPR.
- Right to correction and deletion (Articles 16 and 17 GDPR):
- You have the right to immediately request the correction of incorrect personal data concerning you and if necessary, the completion of incomplete personal data.
- Users also have the right to request that personal data concerning them be deleted immediately if one of the reasons specified in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.
- Right to restrict data processing (Article 18 GDPR):
- You have the right to request a restriction on processing, if one of the conditions set out in Article 18 GDPR is met, e.g. if you have lodged an objection to processing, for the duration of any examination.
- Right to data transferability (Art. 20 GDPR):
- In certain cases, which are detailed in Article 20 GDPR, you have the right to receive personal data concerning you in a structured, common and machine-readable format or to request the transmission of this data to a third party.
- Right of objection (Art. 21 GDPR):
- If the data is collected on the basis of Art. 6 para. 1 lit. f) (data processing to protect legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data, unless there are demonstrably compelling reasons worthy of protection for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
- Right of appeal to a supervising authority
- According to Art. 77 GDPR, you have the right of appeal to a regulatory authority if you believe that the processing of data concerning you violates data protection regulations. The right of appeal may be exercised before a supervisory authority in the member state where you are staying, working or suspected your rights are infringed.
11. Contact Data Protection Officer
Contact details of the data protection officer
Our company data protection officer will be happy to provide you with information or suggestions on the subject of data protection:
E-mail: [email protected]
For questions regarding data protection, in particular regarding the assertion of rights of persons affected, please primarily contact the data protection e-mail address stated in the imprint.
On our website we offer you the possibility to subscribe to our newsletter independently of ordering photo products. For this we need to store your e-mail address and your name. If you have given us separate consent for us to inform you by e-mail about our own products and services, they will be processed in accordance with Art. 6 para. 1 lit. a) GDPR. Your consent can be revoked at any time (e.g. via the link to cancel the newsletter, which you will find in every newsletter e-mail), without this affecting the legality of the previous processing. If the consent is revoked, we will stop the corresponding data processing. Data processing is legal until revoked.
In addition, we send newsletters to our customers within the legally permissible scope; you can also object to this by clicking on the link in such a newsletter e-mail (opt-out).
We use the mailing service. This stores information about you for this purpose. You can see which data is involved in detail at
13. Print Mailings
In all other respects, we use the address data given by you with an order to the postal advertisement within the scope of the legal limits. You can object to this advertising at any time.
14. Restricted Area
If you want to create a personal login, you have to register first. We collect the following data: Title, surname, first name, e-mail address, street, postcode, city, country, telephone number (voluntary information), password on the basis of Art. 6 para. 1 lit. b) GDPR. We use the data that you submit to us during registration or during your enquiries to create a profile for you so that you can place an order more easily. You can change or delete your profile at any time within the account. The data will then be automatically removed from our system. If there are no retention periods or, if the data is not required in individual cases (for example in the case of open debts for the collection of claims)
15. Online shop
We store and use your personal data that you send to us in the course of an order processing in accordance with Art. 6 Para. 1 letter b) GDPR exclusively for processing your orders, e-mail address, name, address, transmitted image files, IP address. In particular, we use your e-mail address for notifications about the status of your order, as well as for the legally permitted newsletter dispatch, which you can unsubscribe at any time (see point 11). We use your image files exclusively for the execution of the order, as well as for internal marketing analysis. As a rule, your image files are deleted after 6 months, see also section 1, Ordering photo products.
16. Offline client
If an offline tool is available for download on our website, you can download it by clicking the download button. This allows you to personalize a photo book with your images offline and then order it online.
17. Online applications
We process your personal data in accordance with the applicable data protection regulations on the basis of § 26 BDSG. We process the data that you give us in the context of your online application exclusively for the purpose of applicant selection. Data will not be processed for any other purpose.
You yourself determine the scope of the data that you would like to submit to us as part of your online application. Online applications are transmitted electronically to our personnel department where they are processed as quickly as possible. Transmission is encrypted. As a rule, applications are forwarded to the heads of the relevant specialist departments in our company. Beyond that, your data will not be passed on. Your information will be treated with confidentiality in our company. If your application is unsuccessful, your documents will be deleted after 6 months.
In the event that we may also consider your application in other or future job advertisements, please include a note to this effect on your application. We will then process your data on the basis of Art. 6 Par. 1 lit. a) GDPR.
18. Facebook company page
We operate an official Facebook page under the URL https://www.facebook.com/myhighlandphotography/ . We do not collect, store or process personal data of our users on this site at any time. Furthermore, no other data processing is carried out or initiated by us. The data you enter on our Facebook page, such as comments, videos or pictures, will never be used or processed by us for any other purpose.
19. Links to other websites
In addition, you will find links to other websites on our site. As soon as you have reached this website via such a link, recognizable by the changed URL, we are no longer responsible within the meaning of the GDPR.
For customer support we use the chat tool Olark.
When you use the Olark chat tool, Olark stores data. You can see which data Olark stores in detail at https://www.olark.com/privacy-policy.
21. Storage time
For more information on the duration of storage, see section 3. Unless more detailed information is given there, the data will be stored as soon as it is no longer required.