Privacy Policy of Ifolor GmbH

Privacy Policy of Ifolor GmbH

We, the ifolor team, are pleased that we are able to work with your images. Your happiness is our ultimate goal. Protecting your personal data throughout our entire process is especially important. This data protection declaration clarifies which data in our order software is collected for what purpose and how this is saved and protected.

1. Collection of personal data, data and communication security

Personal data is all data which make personal reference to you, such as your name, address, email addresses, user behaviour. We process your personal data with respect to the applicable data protection regulations, particularly the European General Data Protection Regulation as well as all other pertinent international and national regulations concerning the processing of personal data.
In principle, we only collect data that are legally or contractually required or necessary for conclusion of contracts or to provide services and honour our contractual obligations. Optional information is marked as such. There are no negative consequences associated with not supplying this information. However in some cases, failure to supply this may hinder/delay communication with you, for example.
Your personal data are always protected against loss and misuse with appropriate technical and organisational measures. It is stored in a secure operating environment that is not accessible to the public. In certain cases, such as when you log in or make a payment, your personal data will be transmitted in encrypted form through the so-called "Secure Socket Layer" technology (SSL). This means that the communication between your computer and our servers will take place via a certified encryption process.
In order to be able to process your order, we need to collect personal data. This includes your name and your address, for example. Your data is only used for the purpose for which it was collected and to protect our own legitimate business interests, in accordance with the relevant valid data protection regulations. We, therefore, only collect data which is used to smoothly conduct and improve our business processes and which, above all, is required for processing your order.
The order software contacts our servers for various reasons. This is necessary, for example, for requesting and updating price information or if an order is made. Access data is then temporarily saved on our servers, such as the current IP address of your access, the date and the time of your visit. This data is deleted after 30 days at the latest.

Using and sharing personal data

We handle your data confidentially as a matter of principle and do not pass this on to third parties. However, we reserve the right to handle this data for processing your orders, also using service providers in Switzerland or in EU countries. An appropriate level of data protection is guaranteed, taking Swiss, EU and other relevant countries data protection laws and relevant contractual arrangements with our service providers into account.
So that reorders or potential complaints can be processed, your order information is held for up to 30 days before it is irrevocably deleted.
The electronic payment process (excluding invoice payments) takes place using our certified payment service provider, Datatrans AG in Zurich. Your payment data is sent directly from you to our payment service provider during payment and stored with them for a time-restricted period for the purposes of processing the payment and for potential complaints or refunds.
To improve what we offer, particular events, such as cancellations of order processes, are included in our order software. The events which are recorded are pseudonymised and transferred to Webtrends Inc. and also to Webtrekk GmbH Robert-Koch-Platz 4, 10115 Berlin, Germany for a statistical analysis (see also: https://www.ifolor.com/gtc/gtc_gmbh_en). The legal basis is our legitimate interest, Art. 6 (1) point f GDPR, to provide you with a smooth order process and to make our website more user-friendly and effective overall.
The applicable Webtrekk Privacy Policy can be found at https://www.webtrekk.com/privacy-notice.html. You can deactivate the counting and transfer of events at any time.
There is also a campaign evaluation in the order software, using which we can recognise how customers were won. All campaign evaluation data is pseudonymised and statistically evaluated by Adjust GmbH. You can deactivate this at any time. Naturally, we also take the global settings on your device into account.
In order to make it easier for you to use our order software, we request access to your address book. The order software requests access to your address book so that you can simply use your personal contacts addresses as shipping addresses. This information is not used for any other purposes.
You can transfer image files to us from third-party online services such as Google Photos, not just from your own devices. You do not give us access to your log-in data for these services or to any other data on these services. The application is only granted access to the approved data and images. Images you choose to use within your project will be copied and stored within the app.
To access external third-party online services, you need to link to the respective service from within the app. The app then receives an access permission that is limited to the app and your account with the service provider. The access permission is stored in the app until you log out of the respective service in the app. Alternatively, you can usually terminate the access permission on the website of the respective third-party online service.
If you have subscribed to our newsletter, it is sent by our technical service provider, Selligent SA in Belgium, to whom we passed your data on when you registered for the newsletter. This transfer serves our legitimate interests in using an eye-catching, secure and user-friendly newsletter system. Acting on our instructions, Selligent SA uses this information for sending the newsletter and for carrying out a statistical, pseudonymised evaluation. You can unsubscribe from the newsletter at any time, either in writing or in the newsletter itself.
We also send all transaction emails (such as our order confirmation) via this technical service provider.

2. Controller, contact details of our data protection officer 

(1) ‘Controller’ pursuant to Art. 4 No. 7 of the General Data Protection Regulation (GDPR), is: 

Ifolor GmbH
Reichenaustraße 19a
78467 Konstanz
Germany

E-Mail: service@ifolor.de 

Telephone: +49 7531 807010

(2) You can contact our data protection officer at:

Data protection officer 
c/o Ifolor GmbH 
Reichenaustraße 19a
78467 Konstanz
Germany

E-Mail: dsb@ifolor.de

3. Legal bases for our data processing:

The legal bases of data processing are made up of the regulations within Art. 6 of GDPR, whereby our data processing is predominantly conducted
- on the basis of consent, Art. 6 No. 1 S. 1 lit. a GDPR
- for the fulfilment of a contract, Art. 6 No. 1 S. 1 lit. b GDPR
- for the fulfilment of legal obligations Art. 6 No. 1 lit. c. GDPR and
- for the protection of legitimate interests, Art. 6 No. 1 lit. f. GDPR.

4. Your rights as a data subject

(1) You have the following rights with respect to us regarding your personal data pursuant to GDPR: 
- The right to information, Art. 15 GDPR 
- The right to rectification, Art. 16 GDPR 
- The right to deletion (‘the right to be forgotten’), Art. 17 GDPR 
- The right to restriction of processing, Art. 18 GDPR 
- The right to data portability, Art. 20 GDPR 
- The right to object to processing, Art. 21 GDPR (also see point 5 hereafter). 

(2) In line with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or has an otherwise detrimental effect on you, insofar as the decision
- is not necessary for entering into, or the performance of, a contract between you as an affected person and us as a data controller,
- is authorised by a Union or Member State law to which we as the controller are subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests as an affected person, or
- is based on your explicit consent.

(3) If you believe that the processing of your data violates data protection regulations, you have the right to register a complaint with a supervisory authority in line with Art. 77 GDPR. The right of appeal may be exercised in particular before a supervisory authority in the Member State where you are staying, or where the suspected violation took place.

5. Your right to revocation and objection 

Your right to revocation of consent
You have to right to revoke consent that has been granted at any time without this affecting the legality of the previous processing. If the consent is revoked, we will stop the corresponding data processing.

Your right to revocation in the case of legitimate interests 
Pursuant to Art. 21 GDPR, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which are collected on the basis of Art. 6 S. 1 lit. f GDPR. We will then no longer process the personal data unless there are demonstrably compelling reasons for processing which are in need of protection and which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

Your right to revocation in the case of direct advertising 
Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data for the purpose of direct advertising, the execution of which leads to the termination of processing for the purpose of direct advertising or safeguarding legitimate interests.

04/2022