Privacy Policy - alexandraterrphotography

Why is there a Privacy Policy?
Welcome to my website! Here you will find all relevant information about my work as a photographer and the services I offer. Feel free to browse, send me a message via the contact form, or email me directly.

When visiting this website, various personal data will be processed. The applicable law, the General Data Protection Regulation (GDPR), sets specific requirements in this regard. In addition, the Telecommunications and Telemedia Data Protection Act (TTDSG) applies. For example, I am required to inform you at the time your personal data is collected. That is exactly the purpose of this privacy policy!

What is personal data?
Personal data includes all information that can identify or make a person identifiable. It does not matter who can establish the link; the mere possibility is sufficient. Examples include your name, address, profession, email address, health data, income, marital status, phone number, and usage data such as your IP address. As you can see, almost any data can be personal—even technical details.

What is meant by data processing?
Processing includes everything from collecting to deleting personal data. This means recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, transmitting, or making data available. In essence, processing occurs in nearly all cases.

Who is responsible for data processing on this website?
The data controller as defined by data protection laws is photographer Alexandra Terr. A Data Protection Officer is not required. If you have questions regarding the processing of your personal data, feel free to contact me directly at: info[at]alexandraterrphotography.com.

What data is processed when browsing the website?
When you access this website, your device automatically sends data to establish the connection. The following personal data is processed:

Date and time of access
Name of the accessed subpage
Anonymized IP address
Referrer URL
Operating system used
Hostname of the accessing computer
Product and version information of your browser

This data processing is legally permitted under Art. 6(1)(f) GDPR based on legitimate interests. As a photographer, I use the website to present my work. The processing is technically necessary and occurs automatically. Usage data is deleted after 60 days.

Cookies
This website uses cookies to improve usability, effectiveness, and security. A cookie is a text file stored in your browser on your device. Most cookies used here are “session cookies,” which are automatically deleted after your visit.
Legal basis: Art. 6(1)(f) GDPR. My legitimate interest is to ensure the site’s usability without any tracking, and therefore no interference with your fundamental rights occurs.
You may disable cookies in your browser settings. However, this may impact functionality. These cookies are valid only during your browser session and deleted afterwards.
To manage cookies and similar technologies (tracking pixels, web beacons, etc.) and related consents, I use the consent tool “Real Cookie Banner.” Details: https://devowl.io/de/rcb/datenverarbeitung/

Legal basis: Art. 6(1)(c) and (f) GDPR. My legitimate interest lies in managing cookies and consents appropriately. You are not legally obligated to provide your data. However, without it, I cannot manage your consent preferences.

Third-Party Cookies: Real Cookie Banner
To obtain your consent, I use “Real Cookie Banner” (https://devowl.io/de/wordpress-real-cookie-banner/), provided by devowl.io GmbH, Tannet 12, 94539 Grafling, Germany. Upon your consent, the following data is automatically logged:

IP address in anonymized form
Date and time of consent
Browser user agent
URL from which the consent was given
An anonymous, encrypted key
Consent status

This data ensures that analytics tools only collect data with your consent and documents that consent. The key and status are also saved in your browser (cookie: “us_cookie_notice_accepted”) for up to 12 months.

Legal basis: Art. 6(1)(c) and (f) GDPR, as I am required to provide proof of consent and have a legitimate interest in managing it efficiently.

What happens when contacting me?
You may contact me via contact form or email. Required fields (e.g., email address, phone number) must be filled. Should your inquiry relate to a contract or pre-contractual measure, Art. 6(1)(b) GDPR applies. I also have a legitimate interest under Art. 6(1)(f) GDPR to process your inquiry.

The data will be deleted once your inquiry has been answered, unless legal retention obligations apply (e.g., in the case of a resulting contractual relationship).

WhatsApp Contact
A WhatsApp button is embedded on the site to allow direct contact. Desktop users will be directed to “WhatsApp Web”; mobile users will be redirected to the app. Your data will be synchronized with WhatsApp servers.

Service provider: WhatsApp Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (EU users); Meta Platforms, Inc., Menlo Park, CA, USA. Data transfer to the USA may occur. The provider adheres to the EU-U.S. Data Privacy Framework (Art. 45 GDPR).

Use is based on your consent (Art. 6(1)(a) GDPR), which is given by scanning the QR code and messaging me. If no collaboration follows, I will delete your data.

Further information: https://www.whatsapp.com/legal/

What is Meta Pixel?
To optimize advertising and measure performance, I use Meta Pixel. This transmits data (e.g., clicked pages, viewed content, ads) to Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, and from there to Meta Platforms, Inc., USA. The data is matched with your Facebook/Instagram account and used for personalized advertising.

Meta complies with the EU-U.S. Data Privacy Framework. Data transfer is based on your consent (Art. 6(1)(a) GDPR), requested when you first visit the site. Data sent to Meta is deleted after matching. I do not store or access this data.

More info: https://www.facebook.com/about/privacy

Google Analytics
I use Google Analytics (Google Ireland Limited, Barrow Street, Dublin 4, Ireland). Data may be transferred to Google LLC, USA. Cookies are used to process: IP address, screen resolution, browser info, location (country), language preference, visited subpages, date and time.

The legal basis is your consent (Art. 6(1)(a) GDPR). You may allow or decline data collection. Data is stored for one year.

IP anonymization is active, meaning your IP is shortened within the EU. Only in rare cases is the full IP sent to the U.S. and shortened there. Google processes data on my behalf and does not merge your IP with other data.

Google also adheres to the EU-U.S. Data Privacy Framework.

Google Tag Manager
I use Google Tag Manager to manage tags on this site. It enables the integration of other tools, including third-party services. The Tag Manager does not access your data directly.

Legal basis: Art. 6(1)(a) GDPR. I do not store personal data myself.

IP anonymization is active. Only in rare cases is the full IP sent to the U.S. and anonymized there. Google acts on behalf of the site operator.

Google complies with the EU-U.S. Data Privacy Framework.

Where is the website hosted, and who has access?
The site is hosted by webhoster.de AG, Zum Haunert 22, 59519 Möhnesee, Germany. I have a data processing agreement in place with them.

Generally, I alone access personal data and contact requests. In case of a business relationship, third parties such as accountants or legal advisors may gain access.

My Instagram Page
For communication, marketing, and business presentation purposes, I operate a page on Instagram, owned by Meta Platforms, Inc., Menlo Park, CA, USA. EU-responsible entity: Meta Platforms Ireland Ltd., Dublin.

If you’re logged into Instagram and click the icon on my site, your visit can be linked to your account. To prevent this, log out of Instagram first.

Interacting (like, comment, message) will prompt a login form. After logging in, Instagram can recognize you as a user.

I do not process any further data via Instagram.

For privacy information and settings: https://help.instagram.com/519522125107875
More info: https://www.youngdata.de/

Legal basis: Art. 6(1)(f) GDPR — to enable customer contact via social media. Embedded Instagram images are shown with your consent (Art. 6(1)(a) GDPR). Meta complies with the EU-U.S. Data Privacy Framework.

What are your rights?
a. Right to object
You can object to processing based on legitimate interest (Art. 6(1)(f) GDPR) for reasons related to your specific situation. If we cannot demonstrate compelling legitimate grounds, we will cease processing. In case of direct marketing, your data will no longer be used.
b. Right of access
You have the right to request confirmation as to whether your personal data is being processed and to access said data (Art. 15 GDPR).
c. Right to rectification
You have the right to request correction