Effective date: 11 March 2020
1. GENERAL INFORMATION 1
2. TYPES AND PURPOSES OF PERSONAL DATA 2
3. NON-PERSONAL (TECHNICAL) DATA 4
4. COMMERCIAL COMMUNICATION 5
5. STORAGE PERIOD 5
6. DISCLOSURE OF PERSONAL DATA 6
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA 7
8. PROTECTION OF PERSONAL DATA 7
9. YOUR RIGHTS REGARDING PERSONAL DATA 8
10. CONTACT US 8
1. GENERAL INFORMATION
In this section, we provide you with general information about the entity that is responsible for your personal data, this Policy, and the Website.
1.2 Data controller. The Website is owned and operated by Helena Brauer having a regis-tered business address at Via Ceresolo 17, 6913 Carabbia, Lugano, Switzerland, that is respon-sible for the processing of your personal data (“we”, “us”, and “our”). We act as a data con-troller with regard to your personal data collected through the Website.
1.3 About the Website. The Website is a reference website for wedding and couples pho-tography. It features our portfolio, provides information regarding our photography services, and allows you to contact us via a contact form.
• If we intend to collect other types of personal data that are not mentioned in this Policy;
• If we intend to use your personal data for purposes that are not indicated in this Policy;
• If we would like to disclose or transfer your personal data to third parties that are not speci-fied in this Policy; or
• If we significantly amend this Policy.
1.5 Children. The Website is not intended, marketed, and should not be accessed by per-sons under the age of 16. Therefore, we do not knowingly collect personal data of persons under the age of 16.
1.7 Term and termination. This Policy enters into force on the effective date indicated at the top of the Policy and remains valid until terminated or updated by us.
1.8 Amendments. The Policy may be changed from time to time to address the changes in laws, regulations, and industry standards. The amended version of the Policy will be posted on this page and, if we have your email address, we will send you a notice about all the changes implemented by us. We encourage you to review our Policy to stay informed. For significant material changes in the Policy or, where required by the applicable law, we may seek your consent. If you disagree with the changes to the Policy, you should stop using the Website.
2. TYPES AND PURPOSES OF PERSONAL DATA
We collect only a minimal amount of personal data that is necessary for ensuring your proper use of the Website. We use your personal data for specified and limited purposes. In this section, we explain what personal data we collect from you, for what purposes we use that data, and on what lawful bases we rely when processing your personal data.
2.1 We comply with data minimisation principles. Thus, we collect only a minimal amount of personal data that is necessary for your use of the Website. We process your personal data only for specified and legitimate purposes explicitly mentioned in this Policy. In short, we will use personal data only for the purposes of enabling you to use the Website, replying to your enquiries, providing you with the requested services, and conducting research about our business activities. We will not use your personal data for any purposes that are different from the purposes for which your personal data was provided.
2.2 Overview of types and purposes of your personal data. The list below provides a de-tailed description of the types of personal data that we collect, the purposes for which we use it, and the legal bases on which we rely when processing your personal data.
• When you contact us via the contact form available on the Website, we collect your (i) name, (ii) email address, (iii) wedding date, (iv) city, and (v) any infor-mation that you decide to provide in your message. We use such data to respond to your enquiries, provide you with the requested information, book and manage your appointments, and conclude a service contract with you, if you decide to use our services. The legal bases on which we rely are ‘pursuing our legitimate busi-ness interests’ (i.e., to grow and promote our business), ‘performing a contract with you’, and ‘your consent’ (for optional personal data).
• When you contact us by email, we collect your (i) name, (ii) email address, and (iii) any information that you decide to provide in your message. We use such da-ta to respond to your enquiries, provide you with the requested information, book and manage your appointments, and conclude a service contract with you, if you decide to use our services. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business), ‘performing a contract with you’, and ‘your consent’ (for optional personal data).
• When you conclude a service contract with us (whether remotely or at our premi-ses), we collect your (i) full name, (ii) address, (iii) phone number, (iv) email ad-dress, (v) address, (vi) payment information, (vii) wedding details, and (viii) any other information that you decide to provide us with. We use such personal data to conclude a contract with you and perform our contractual obligations. The legal bases on which we rely are ‘performing a contract with you’ and ‘your consent’ (for optional personal data).
2.3 Processing and publicity of photos. When you conclude a service contract with us, we pro-cess your photos that may feature you, your partner and other individuals (e.g., your family members and guests). Please note that the photos are processed only upon your request for the purpose of per-forming our contractual obligations. We also respect your privacy. Therefore, we will publicly display your photos on the Website, our social media accounts, or third-party galleries only if you provide us with your prior consent. You have the right to withdraw your consent at any time. The legal bases on which we rely are ‘performing a contract with you’ and ‘your consent’.
2.4 Additional data. If you participate in a focus group, contest, activity or event, request support, interact with our social media accounts, submit your feedback and reviews, or oth-erwise communicate with us, you may submit certain information about yourself. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us. We will use such personal data to reply to you, provide you with the requested services, or for pursuing our legitimate business interests (i.e., to analyse and im-prove our business). Where possible, we will de-identify your personal data.
2.5 Sensitive data. When you use the Website, we do not collect special categories of per-sonal data (“sensitive data”) from you, such as your health information, opinion about your religious and political beliefs, racial origins, membership of a professional or trade associa-tion, or information about your sexual orientation, unless you decide to provide such sensi-tive data to us, at your own sole discretion. Please note that the provision of sensitive data is optional and you may choose what sensitive data you would like to share. Your sensitive data will be kept in strict confidentiality. The legal basis on which we rely when processing sensi-tive data (if any) is ‘your consent’.
2.6 Failure to provide personal data. If you decide not to provide us with your personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Website, receive our services, or get our re-sponse.
3. NON-PERSONAL (TECHNICAL) DATA
When you use the Website, we collect some technical data about your device and visits. In this section, we inform you what non-personal data we collect from you and for what purposes we use that data.
3.1 What non-personal data do we collect? When you use the Website, we automatically collect certain technical non-personal data about your use of the Website for analytics pur-poses. Although such non-personal data allows us to analyse your use of the Website, it does not allow us to identify you as a natural person. The non-personal data collected by us in-cludes the following information:
• The type of device that you use;
• Operating system that you use;
• The browser that you use;
• Your log files;
• URL addresses that you go to from the Website;
• Your country; and
• Your other online behaviour data.
3.2 Your feedback. If you contact us, we may keep records of any questions, complaints, re-commendations, or compliments made by you and the response, if any. Where possible, we will de-identify your personal data. Please note that de-identified personal data is consid-ered to be non-personal data.
3.3 How do we use non-personal data? We will use non-personal data for the following purposes:
• To analyse what kind of users access and use the Website;
• To examine the relevance, popularity, and engagement rate of the content available on the Website;
• To investigate and help prevent security issues and abuse;
• To develop and provide additional features to the Website; and
• To personalise the Website for your specific needs.
3.4 Aggregated and de-identified data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.
4. COMMERCIAL COMMUNICATION
From time to time, you may receive promotional messages from us. In this section, we explain when you may receive them and what you can do to decline our commercial communication.
4.1 Marketing messages. To keep you updated about the latest developments related to the Website, our new services, and special offers, we may send you commercial communication, such as newsletters, promotions, and advertisements. You will receive such commercial mes-sages or be contacted by us for marketing purposes only if:
• We receive your express (“opt-in”) consent to receive commercial communication (please note that your voluntary subscription to our newsletters substitutes such consent); or
• We decide to send you commercial communication regarding our new services that are closely related to the services already used by you.
4.2 Opting-out. You can easily opt-out from receiving commercial communication at any time free of charge by clicking on the “unsubscribe” link contained in any of the marketing mes-sages sent to you or by contacting us directly.
4.3 Informational notices and service updates. From time to time (if we have your email address), we may send you important informational notices, such as service-related, tech-nical or administrative emails, information about your bookings and payments, your privacy and security, and other administrative matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of commercial communication that requires your prior consent.
5. STORAGE PERIOD
We store your personal data only if it is necessary for its specific and limited purposes. In this section, we specify the time period for which we keep your personal and non-personal data in our systems.
5.1 Retention of personal data. We will store your personal data in our systems only as long as such personal data is required for the purposes described in this Policy or you request us to delete your personal data, whichever comes first. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will immediately securely delete your personal data from our systems.
5.2 Retention of non-personal data. We retain non-personal data pertaining to you for as long as necessary for the purposes described in this Policy.
5.3 Retention as required by law. Please note that, in some cases, we may be obliged by law to store your personal data for certain period of time (e.g., for accountancy purposes). In such cases, we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
6. DISCLOSURE OF PERSONAL DATA
We may need to cooperate with external service providers and share some personal data with them. In this section, you can find information about third parties that have access to your per-sonal data and the instances when we make data transfers.
6.1 Do we disclose your personal data? If necessary, we disclose your personal data to the service providers with whom we cooperate or who provide services on our behalf (our data processors). For example, we may share your personal and non-personal data with entities that provide certain technical support services to us, such as business analytics, advertising, and email distribution services, or if you explicitly request us to disclose the personal data. We do not sell your personal data to third parties.
6.2 When do we disclose your personal data? The disclosure of your personal data is lim-ited to the situations when such data is required for the following purposes:
• Ensuring the proper operation of the Website;
• Ensuring the delivery of services requested by you;
• Providing you with the requested information;
• Pursuing our legitimate business interests;
• Enforcing our rights, preventing fraud, and security purposes;
• Carrying out our contractual obligations;
• Law enforcement purposes; or
• If you provide your prior consent to such a disclosure.
6.3 With what data processors do we share your personal data? We will share your per-sonal data only with the data processors that agree to ensure an adequate level of protection of personal data that is consistent with this Policy and the applicable data protection laws. The data processors that will have access to your personal data are:
• Our hosting and cloud storage service provider Wix (https://www.wix.com) loca-ted in Israel;
• Our marketing and analytics service provider Google Analytics https://analytics.google.com) located in the US;
• Our payment service provider PayPal (https://www.paypal.com) located in the US;
• Our newsletter and email service provider MailChimp (https://mailchimp.com) located in the US;
• Our email service provider Wix (https://www.wix.com) located in Israel;
• Our graphic design software provider Canva (https://www.canva.com) located in Australia; and
• Our photo gallery service providers MyWed (https://mywed.com) located in Rus-sia, Wedding.pl (https://wedding.pl) located in Poland, and Matrimonio (https://www.matrimonio.com) located in Spain.
6.4 Sharing of non-personal data. Your non-personal data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving the Website, responding to lawful requests from public authorities or developing new services.
6.5 Legal requests. If we receive a request from a public authority, we will disclose infor-mation about the users of the Website to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
6.6 Successors. In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Policy.
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
Your personal data may be transferred outside the country where you reside. In this section, we explain when we transfer personal data abroad and what safeguards we implement to ensure that your personal is properly protected.
Some of our data processors listed in section 6 of this Policy are located outside the country in which you reside. For example, if you reside in a country belonging to the European Eco-nomic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data (e.g., the recipient is a Privacy-Shield certified entity) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data pro-cessing agreement based pre-approved standard contractual clauses).
8. PROTECTION OF PERSONAL DATA
We put our best efforts to keep your personal data safe and secure. In this section, we inform you about our technical measures that help us to protect your personal data.
8.1 Our security measures. We implement organisational and technical information securi-ty measures to protect your personal data from loss, misuse, unauthorised access, and dis-closure. The security measures taken by us include secured networks, strong passwords, en-cryption, limited access to your personal data by our staff, and anonymisation of personal data (when possible). In order to ensure the security of your personal data, we kindly ask you to use the Website through a secure network only.
8.2 Handling security breaches. Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mit-igate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
9. YOUR RIGHTS REGARDING PERSONAL DATA
You have the right to control how we process your personal data. Below, we list the rights that you can exercise with regard to your personal data and explain how you can exercise those rights.
9.1 What rights do you have? Subject to any exemptions provided by law, you may ask us to:
• Get a copy of your personal data that we store;
• Get a list of purposes for which your personal data is processed;
• Rectify inaccurate personal data;
• Move your personal data to another processor;
• Delete your personal data from our systems;
• Object and restrict processing of your personal data;
• Withdraw your consent, if you have provided one; or
• Process your complaint regarding your personal data.
9.2 How to exercise your rights? Please contact us by email at firstname.lastname@example.org and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks.
9.3 How to launch a complaint? If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
10. CONTACT US
You can contact us at any time to receive further clarifications. Our contact details are specified below.
Please feel free to contact us if you have any questions about this Policy, our privacy and se-curity practices, or if you would like to exercise your rights listed in section 9 of the Policy.
Postal address for communication: Helena Brauer, Lugano, Switzerland
Phone number: +48 513166663