The protection of your personal data is of utmost importance to Headshot-Media GmbH. In this privacy policy, we explain how we handle your personal information, what rights you have, and how you can exercise them. Personal data means any information relating to an identified or identifiable natural person.
Responsibility and Contact Headshot-Media GmbH, Schiessstraße 43B, 40549 Düsseldorf is responsible for data processing on this website. You can reach us by email at contact@headshot-media.com. A data protection officer is not required for our organization and has therefore not been appointed.
Basic Principles of Data Processing We process your personal data based on the European General Data Protection Regulation (GDPR). Processing occurs only when there is a legal basis, specifically: your consent (Art. 6(1)(a) GDPR), fulfillment of a contract (Art. 6(1)(b) GDPR), compliance with legal obligations (Art. 6(1)(c) GDPR), or our legitimate interests (Art. 6(1)(f) GDPR).
Data Security and Protection Measures We implement comprehensive technical and organizational measures to protect your data. These include SSL encryption for all data transmissions, access controls, authentication systems, and regular security updates. Our employees receive regular data protection training. However, please note that internet-based data transmission can have security gaps, and absolute protection against third-party access is not possible.
Technical Data Collection When you visit our website, we automatically collect technical data including your IP address, browser type and version, operating system, time of access, and referring website. This collection is necessary for website functionality and security. We store this data in server log files for 30 days, after which it is automatically deleted unless security incidents require longer retention.
Cookies and Analytics
Our website uses cookies and similar technologies to enhance functionality and user experience. Cookies are small text files stored on your device. We distinguish between essential cookies, which are necessary for website operation and stored based on our legitimate interests (Art. 6(1)(f) GDPR), and optional cookies for analytics and marketing purposes, which we only use with your consent (Art. 6(1)(a) GDPR).
Essential cookies enable basic functions like shopping cart functionality and secure login areas. These session cookies are automatically deleted when you close your browser. You can adjust your browser settings to block cookies, but this may limit website functionality.
For website analysis, we use Google Analytics with IP anonymization. This service helps us understand how visitors use our website by collecting data about:
Pages visited and interaction patterns
Time spent on pages
Technical information about devices and browsers
General usage statistics
This analysis is based on your consent, which you provide through our cookie banner. The data is stored for 12 months and then deleted. You can withdraw your consent at any time through our cookie settings.
Website Hosting and Data Transfers
Our website is hosted by Squarespace (Squarespace Ireland Ltd., Dublin, Ireland). When you visit our website, your data is processed on Squarespace's servers in the United States. Since there is no adequacy decision by the European Commission for data transfers to the USA, we have implemented appropriate safeguards through Standard Contractual Clauses. You can request a copy of these clauses by contacting us.
Please note that US authorities may access personal data under surveillance programs without effective legal remedies for EU citizens. However, we only transfer data that is technically necessary for website operation.
Communication and Contact
When you contact us through forms, email, or phone, we collect:
Your contact details
Message content
Time and date of communication
Technical data necessary for communication
We use this information to handle your inquiry and store it for 2 years after our last contact to handle follow-up questions. The legal basis is either contract performance (Art. 6(1)(b) GDPR) or our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR).
Newsletter and Marketing Communications
If you subscribe to our newsletter, we process your email address and optional name to send you information about our services and products. For existing customers, this is based on our legitimate interest in direct marketing (Art. 6(1)(f) GDPR). For new subscribers, we obtain explicit consent (Art. 6(1)(a) GDPR). Each newsletter contains an unsubscribe link for immediate opt-out.
We analyze newsletter opening rates and click behavior using pseudonymized data to improve our communications. This analysis is conducted by [Newsletter Provider Name], who processes data according to our instructions under a data processing agreement.
Orders and Payment Processing
When you make a purchase, we process data necessary for contract fulfillment:
Contact and billing information
Order details
Payment information
Communication regarding your order
This processing is necessary for contract performance (Art. 6(1)(b) GDPR) and legal obligations (Art. 6(1)(c) GDPR). We retain order data for 10 years to comply with tax and commercial law requirements.
For payment processing, we work with [Payment Provider], who receives only the necessary payment data. For credit card payments, we never store complete card numbers on our servers.
Third-Party Services and Integrations
Our website includes certain third-party services:
Font services (locally hosted)
Map services (activated only with consent)
Payment processing tools
Social media plugins (inactive by default)
These services may receive your IP address and technical browser information as technically necessary. We minimize data transfer to third parties and obtain your consent where required by law.
Storage Periods
We retain data only as long as necessary:
Contact inquiries: 2 years after last contact
Order data: 10 years (legal requirement)
Technical logs: 30 days
Newsletter subscription: until unsubscribe
Account data: until deletion plus statutory retention periods
Your Rights and Privacy Controls
Under the GDPR, you have extensive rights regarding your personal data. You can exercise these rights at any time by contacting us using the details provided above:
Right to Information: You can request information about what personal data we store about you, its origin, recipients, and the purpose of processing.
Right to Correction: If your data is incorrect or incomplete, you have the right to request immediate correction.
Right to Deletion: You can request the deletion of your personal data unless we are legally required to retain it (for example, for tax purposes).
Right to Restriction: You can request that we restrict processing your data, for example, if you contest its accuracy or if the processing is unlawful.
Right to Data Portability: You can receive your data in a structured, commonly used format or request its transfer to another controller.
Right to Object: You can object to the processing of your data for direct marketing at any time. For processing based on legitimate interests, you can object based on your particular situation.
Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time for future processing.
Complaint Rights: You have the right to lodge a complaint with a supervisory authority. The competent authority for us is [Name and contact details of the supervisory authority].
Automated Decision Making
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
Changes to this Privacy Policy
We regularly review this privacy policy to reflect changes in our practices and legal requirements. The current version is dated November 2024. When we make significant changes, we will notify you through appropriate channels and, where necessary, obtain renewed consent.
Requirement to Provide Personal Data
When using our website, certain data must be provided to use our services:
Essential data for contract fulfillment (marked with *)
Data required by law
Data necessary for website functionality
If you choose not to provide required data, we may not be able to provide certain services.
Legal Basis and Jurisdiction
This privacy policy is subject to German law and the GDPR. For users within the European Union, their national laws apply where they provide higher data protection standards.
Should individual provisions of this privacy policy become invalid, this shall not affect the validity of the remaining provisions.
Contact for Privacy Matters
For all privacy-related matters, please contact:
Headshot-Media GmbH
Schiessstrasse 43 B, 40549 Düsseldorf
Email: contact@headshot-media.com
Last Updated: January 2024