Privacy Policy of Ifolor GmbH

We in the ifolor team are delighted to be processing your images. Your satisfaction is our number one goal.
We have set out our data protection principles below to assure you that we handle your images and personal data properly. We explain what personal data (information about specific or identifiable persons) we collect when you visit our websites and when ordering and how this data is used and processed. We also explain how we use cookies.   


1. Collecting personal data, data and communication security

Personal data includes any data that is relevant to you personally, e.g. name, address, e-mail addresses, user behaviour. We process your personal data while observing any applicable data protection regulations, with particular reference to the European Union’s General Data Protection Regulation and any other applicable international and national laws pertaining to the processing of personal data. We only collect data that is legally or contractually required, or that is necessary for the conclusion of a contract or required for us to be able to render our services and process contracts. Voluntary information is marked as such. There are no negative consequences of not providing this data. However, not providing data may in some cases make communication with you difficult or delayed.

Your personal data is protected against loss and misuse at all times through appropriate technical and organisational measures. It is stored in a secure operating environment that is not accessible to the public. In certain cases, for example during the login and payment process, your personal data is encrypted during transmission by what is known as Secure Socket Layer (SSL) technology. This means that communication between your computer and our servers takes place via a certified encryption process.


2. Controller, data protection officer’s contact details

(1) The ‘controller’ in accordance with Article 4 (7) of the GDPR is:
Ifolor GmbH
Reichenaustrasse 19a
78467 Konstanz
Germany 

(2) You can contact our data protection officer at:
Beauftragter für den Datenschutz/Data Protection Officer
c/o Ifolor GmbH
Reichenaustrasse 19a
78467 Konstanz
Germany
E-mail: dsb@ifolor.de


3. Legal bases for our data processing:

The legal bases of data processing are based on the provision of Article 6 of the GDPR, where our data processing is mainly carried out:
  • on the basis of your consent, Article 6 (1) (a) of the GDPR;
  • to fulfil a contract, Article 6 (1) (1) (b) of the GDPR;
  • to meet a legal obligation, Article 6 (1) (c) of the GDPR; or
  • to safeguard legitimate interests, Article 6 (1) (f) of the GDPR.


4. Your rights as a data subject

(1) In accordance with the GDPR, you may assert the following rights against us with respect to your personal data:
  • right of access, Article 15 of the GDPR;
  • right to rectification, Article 16 of the GDPR;
  • right to erasure/‘right to be forgotten’, Article 17 of the GDPR;
  • right to restriction of processing, Article 18 of the GDPR;
  • right to data portability, Article 20 of the GDPR; and
  • right to object against processing, Article 21 of the GDPR (also see point 5 below in this regard).

(2) In accordance with Article 22 of the GDPR, you also have the right to not be subjected to a decision based solely on automated processing – including profiling – that has legal bearing on you or that significantly affects you in a similar manner if the decision:
  • is not necessary for entering into, or for the performance of, a contract between you as the data subject and us as the controller;
  • is permitted by Union or Member State law which the controller is subject to and which also defines suitable measures to safeguard your rights and freedoms and legitimate interests as the data subject; or 
  • is based on your explicit consent.

(3) You have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR if you are of the opinion that the processing of data relating to you breaches data protection regulations. The right to lodge a complaint may be exercised in particular before a supervisory authority in the Member State in which you are staying or working, or in which the alleged breach took place.


5. Your right of withdrawal and right to object

(1) Your right to withdraw consent 
You have the right to withdraw the consent you have given at any time without this affecting the legality of any previous processing. If consent is withdrawn, we will stop the relevant data processing.

(2) Your right to object with respect to legitimate interests
In accordance with Article 21 of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data relating to you which was collected on the basis of Article 6 (1) (f) of the GDPR. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or if processing serves to assert, exercise or defend legal claims.

(3) Your right to object with respect to direct marketing
In accordance with Article 21 of the GDPR, you have the right to object to the processing of your personal data for the purposes of direct marketing, where the assertion of this right results in the end of processing for the purposes of direct marketing or the safeguarding of legitimate interests.


6. Collection of personal data

When you visit our website, our web servers temporarily store data relating to your access as well as data used to ensure the functionality of our user interfaces and to process your request. This relates to your computer’s connection data (IP address), the subpages that you visit on our site, the date and duration of your visit, recognition of the type of device used, the operating system used and the browser and the website or the starting point from which you have visited us. In addition, we only process data that you provide to us yourself when you register, order something or make a request to us, as well as images and further information you provide, to process your orders. This data collection is not subject to any legal registration obligation. We only collect and process such data insofar as this is used to professionally process your order and maintain the customer relationship. In addition, we process anonymised information about how visitors use our user interfaces; this helps us to improve our offering and the functions of our websites and to adapt them to your needs.


7. Using and sharing personal data

We treat your data as confidential and do not share it with third parties. However, we reserve the right to have the data processed by service providers in Switzerland or in the EU for the purpose of processing our orders from a commercial perspective. When doing so, appropriate data protection is ensured through compliance with the data protection regulations applicable in Switzerland, the EU and the respective country, and through a corresponding contractual regulation with our service providers.

Your order details are kept for up to 30 days before they are permanently deleted so that we are able to process repeat orders or any complaints.

The electronic payment process is carried out via the provider Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, the Netherlands (hereinafter referred to as ‘Mollie’). We use Mollie to integrate various payment methods into our website. For details, please refer to Mollie’s privacy policy: https://www.mollie.com/privacy. When paying, your payment data will be exchanged directly between you and our payment service provider and will be stored exclusively with them for a limited period of time, for the purpose of payment processing and for any complaints or credits.

If you have subscribed to our newsletter, it will be sent via the technical service provider Selligent SA in Belgium, to which we transfer the data you provided when registering for the newsletter. This transfer serves our legitimate interest in the use of an advertising-effective, secure and user-friendly newsletter system. Selligent SA uses this information to send e-mails and for the static, pseudonymised analysis of the newsletter on our behalf. You can unsubscribe from the newsletter at any time in writing or directly in the newsletter. We also send all transaction e-mails (such as our order confirmation) via this technical service provider.


8. Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If ‘disable’ has been selected at a domain or cookie level, this will remain in place for all tracking tags that are used via Google Tag Manager.


9. Usage-based online advertising

We would like to provide you with comprehensive information on the topic of ‘usage-based online advertising’. Our website or the website which you just came from collects and processes your usage behaviour anonymously. As a result, you benefit as a user by receiving advertising that is more suited to your areas of interest and by delivering less randomly scattered advertising overall. A cookie is saved on your computer to track your usage behaviour.

Information about your activities on this website (e.g. surfing behaviour, website subpages visited) is collected. All usage data is stored using a pseudonym, meaning personal identification is fundamentally impossible. We use the following tools to collect data to provide usage-based online advertising:

Google Ads Remarketing
We use the remarketing function within the Google Ads service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We can use the remarketing function to show users of our website who are on other websites within the Google advertising network (in Google search or on YouTube, ‘Google Ads’ or on other websites) advertisements based on their interests. We analyse how users interact on our website for this purpose – to determine which offerings the user has shown an interest in, for example – to be able to display targeted advertising to users on other pages even after their visit to our website. For this purpose, Google stores a number in the browsers of users who visit certain Google services or websites in the Google Display Network. This number, known as a ‘cookie’, is used to track these users’ visits. This number is used to uniquely identify a web browser on a specific device and not to identify a person; personal data is not stored.
You can prevent your participation in this tracking process in various ways:
a) by changing your browser settings accordingly – in particular, disabling third-party cookies means that you will not receive any advertisements from third parties;
b) by installing the plug-in provided by Google via the following link: https://www.google.com/settings/ads/plugin;
c) by disabling interest-based advertisements for providers that are part of the self-regulation campaign ‘About Ads’ via the following link: https://www.aboutads.info/choices, where this setting is deleted if you delete your cookies;
d) by permanently disabling ads in your Firefox or Google Chrome browsers via the following link: https://www.google.com/settings/ads/plugin; and
e) by using the corresponding settings. In this case, please note that you may be unable to fully use all of this website’s functions.

Further information on data protection at Google can be found here: https://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/en.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org/.


10. Cookies

We strive to make our website as user-friendly and efficient as possible. We use cookies for this purpose. You can decide for yourself whether or not our software can save cookies on your computer. You can change your browser settings so that cookies are not accepted, or are only accepted from certain websites, or are only accepted after you have been notified. Please note, however, that the use of certain functions of our website may be restricted or prevented if you reject cookies from the website. For easier use, we recommend a browser setting that accepts our cookies. You can find more information about cookies and available settings here.

Cookie consent with Usercentrics
Our website uses the Usercentrics cookie consent technology to obtain your consent to save certain cookies on your device and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany. When you access our website, the following personal data is transferred to Usercentrics:
  • Your consent or the withdrawal of your consent
  • Your IP address
  • Information about your browser
  • Information about your device
  • Time of your visit to the website

Furthermore, Usercentrics saves a cookie in your browser to be able to assign consent that has been granted or withdrawn. The data collected in this way will be stored until you ask us to delete it, the Usercentrics cookie itself is deleted or the purpose for data storage no longer applies. Mandatory statutory retention requirements remain unaffected. Usercentrics is used to obtain the legally required consent to use cookies. The legal basis for this is Article 6 (1) (c) of the GDPR.


11. Customer account

We give you the option of creating a customer account on our website. We use the Azure Active Directory B2C cloud service provided by Microsoft Ireland Operation Limited, 70 Sir Rogerson’s Quay, Dublin 2, Ireland (‘Microsoft’) to provide a straightforward single sign-on solution. In this context, Microsoft saves a cookie to ensure that you are recognised. Details regarding data processing by Microsoft can be found in Microsoft’s general privacy policy, available at https://privacy.microsoft.com/en-us. Microsoft is a subsidiary of Microsoft Corporation in the United States. In this respect, it cannot be ruled out that your data may be transmitted to a data centre in the USA. This transmission is secured by the EU Commission’s standard contractual clauses. We rely on Article 6 (1) (f) of the GDPR, i.e. our legitimate interest in providing you with an easy way to sign into our website, for the use of services such as Azure Active Directory B2C and the associated processing by the provider for its own limited purposes.

01/2023