Name and contact data of the controller and the company data protection officer
di support GmbH (hereinafter di support)
Düsseldorfer Str. 13
The company data protection officer of di support can be contacted at the above address, Att. Data protection department, or at firstname.lastname@example.org.
2. Processing and storage duration of personal data as well as the type and purpose of their use
(1) Order process
If you order photo work using instant printing, you do not need to provide any personal data.
In the sense of the GDPR, however, photos are already personal data.
The personal data required for the ordering process are processed on the basis of Art. 6 Para. 1 lit. b) GDPR to carry out the contractual relationship with you. Vertragsverhältnisses mit Ihnen verarbeitet.
(2) General data processing processes
The PrintCube app uses the third-party services listed below, which may collect information that identifies you:
• Google Play services, Google Analytics, Firebase – service of Google Inc. (“Google”),
• Facebook, Facebook Analytics – service of Facebook Inc. (“Facebook”),
• Apple App Analytics – Service from Apple Inc. (“Apple”).
With the above mentioned analysis tools we can retrieve reports about activities in the app and errors occurring in it, so we are able to:
• better adapt the service to the needs of the customer,
• create individual advertisements for interested users and people similar to app users,
• the conversion of advertisements.
(b) Legal basis for tracking
The above tracking technologies are used on the basis of our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. Our interests are justified in the sense of the aforementioned regulation and result from the purposes of data processing listed above.
(3) Storage period
If the images are printed immediately, the image files will be deleted immediately after the order is completed. If photo work is ordered for collection by scanning an order code, the image data you have transmitted will be automatically deleted after a period of 2 days after transmission, provided that printing has not been started by then by scanning the order code.
For other photo work, the image data you have transmitted will be deleted after a period of no more than 30 days after the order has been fulfilled. If there should have been problems with your order, the order can be processed again within this period without any major inconvenience. All other contract data are stored until the statutory (in particular tax law) regulations expire.
3. Customer rights
You have the right:
• in accordance with Article 7 para. 3 of the GDPR, to revoke the consent you have given us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future;
• in accordance with Article 15 of the GDPR, to request information about your personal data processed by us. In particular, you can request information about the purpose of processing, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the planned duration of storage, the existence of a right to correction, erasure, restriction of processing or objection, existence of the right to complain, the origin of your data insofar as they were not collected by us, as well as the existence of automated decision making including profiling and if required, meaningful information relating to the details of this;
• in accordance with Article 16 of GDPR, to request immediate correction of incorrect data or the completion of your personal data which we have stored;
• in accordance with Article 18 of the GDPR, you may request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it or you have objected to the processing in accordance with Article 21 GDPR;
• in accordance with Article the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it; we no longer need the data, but you need them to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR;
• in accordance with Article 20 GDPR, to receive the personal data you made available to us in a structured, common and machine-readable format, or to request it is sent to another responsible person;
• in accordance with Article 77 of the GDPR, to lodge a complaint to a supervisory authority. As a general rule, you can contact the supervisory authority located at your usual place of residence or work, or the authority that governs our company headquarters.
4. Right to object
Insofar as your personal data are processed based on legitimate interests pursuant to Article 6 para. 1 S. 1 lit. f of the GDPR, you have the right pursuant to Article 21 of the GDPR to object to the processing of your personal data with future effect, provided that there are grounds that relate to your particular situation or where you are objecting to direct marketing. In the latter case, you have a general right to objection, which we will implement without you needing to specify a particular situation. If you would like to exercise your right of objection, an email to email@example.com is sufficient.
Möchten Sie von Ihrem Widerspruchsrecht Gebrauch machen, genügt eine E-Mail an firstname.lastname@example.org.’)
5. Data security
All personal data transmitted by you shall be encrypted using the generally accepted and secure standard TLS (Transport Layer Security). In addition, we use appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved to meet state-of-the-art requirements.
This data protection declaration is currently valid and was last updated in April 2018. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to change this data protection declaration. You can call up the current data protection declaration at any time under your app profile.