privacy police

Privacy Policy (GDPR)


1. Controller
Sven Kristiansen
SVENSONPHOTO
Brummerredder 36
22457 Hamburg
Germany
E-mail: mail@svensonphoto.com
This website and the related online shop are operated by the controller named above.
 
2. What Data We Process
We may process the following categories of personal data:

• Contact data – name, address, e-mail, phone number

• Contract & payment data – orders, invoices, payment status

• Usage data – pages visited, clicks, session duration

• Technical data – IP address, browser, device, operating system, log files

• Content data – information you enter into forms (e.g. contact form, order form)
   

3. Purposes and Legal Bases
We process your data for the following purposes and on the following legal bases:

• Website operation and security

  • Providing and displaying the website

  • Ensuring stability and security (e.g. server log files)

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

• Shop, orders & payment

  • Processing orders, shipping, billing

  • Customer communication relating to orders

  • Legal basis: Art. 6(1)(b) GDPR (contract and pre-contractual measures)

• Contact and inquiries

  • Answering messages via contact form, e-mail, phone, or social media

  • Legal basis: Art. 6(1)(b) or (f) GDPR

• Analytics & marketing (optional)

  • Measuring reach and improving the website

  • Online marketing (e.g. Google Analytics / Google Ads)

  • Legal basis: Art. 6(1)(a) GDPR (consent)

• Legal obligations

  • Tax and commercial retention duties

  • Legal basis: Art. 6(1)(c) GDPR
     

4. Cookies and Consent (Wix & Third-Party Tools)
This website uses cookies and similar technologies.

• Essential cookies
  Required for the basic operation of the website and shop (e.g. session cookies, security).
  These are used on the basis of Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(b) GDPR (contract).

• Analytics / marketing cookies
  Used only if you give consent via the cookie banner (e.g. Google Analytics, Google Ads, other marketing tools).
  Legal basis: Art. 6(1)(a) GDPR.

You can manage your preferences at any time via the cookie banner / cookie settings or in your browser.
If you block cookies, some functions of the website or shop may not work properly.
If a cookie consent tool (e.g. Borlabs or Wix Cookie Banner) is used, your consent decision will be stored (e.g. in a cookie) so that we can prove your consent in accordance with legal requirements.
5. Hosting and Server Log Files
This website is hosted by an external service provider. When you visit the site, the following data may be automatically stored in server log files:

• IP address

• Date and time of the request

• URL accessed

• Referrer URL (previous page)

• Browser type and version

• Operating system

• Amount of data transferred

• Access status (success/error)

This processing is necessary to operate the website securely and efficiently.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation of the website).

6. Contact Form and E-Mail
If you contact us via the contact form or by e-mail, we process your information to handle the request. This includes in particular:

• Name

• E-mail address

• Message content

• If applicable, further data you provide voluntarily

Legal basis:

• Art. 6(1)(b) GDPR (pre-contractual communication / contract)

• Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries)
   

7. Shop, Orders and Payments
When you place an order in the shop, we process:

• Contact and address data

• Order details (products, quantity, price)

• Payment and invoice data

• Communication related to your order

Purposes:

• Processing and fulfilling your order

• Shipping and customer service

• Invoicing and accounting

• Compliance with legal retention periods

Legal basis: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(c) GDPR (legal obligations).
Payment processing may be carried out via external payment service providers (e.g. credit card, PayPal, etc.).
The respective provider’s own privacy policy applies in addition.

8. Online Marketing and Analytics (e.g. Google)
If activated on this website and only with your consent, the following tools may be used:
Google Analytics
Web analytics service by Google Ireland Limited.
We use Google Analytics to analyze how visitors use our website, in order to improve content and usability. IP addresses are usually anonymized (IP masking).
Google Ads / Conversion Tracking
We may use Google Ads to display advertisements and measure how successful they are (conversion tracking).
Legal basis for both: Art. 6(1)(a) GDPR (consent via cookie banner).
You can withdraw your consent at any time via the cookie settings.
Data may be transferred to the USA. In this case, appropriate safeguards (e.g. Standard Contractual Clauses) are used.
For detailed information, please refer to Google’s own privacy policy.

9. Social Media and External Platforms
We maintain pages/profiles on external platforms, such as:

• Instagram

• Facebook

• YouTube

When you visit these pages, the platform operators and we may process your data (e.g. profile information, interactions, statistics / “Insights”). The platforms may use the data for their own purposes (e.g. advertising, market research).
Data may also be processed outside the EU/EEA.
The privacy policies of the respective platforms apply.
If you assert data subject rights (e.g. access, deletion), it is often most effective to contact the platform provider directly, since they have direct access to your data.

10. Embedded Content and Fonts
We may embed content from third-party providers, e.g.:

• Videos (e.g. YouTube)

• Maps

• Fonts (e.g. Google Fonts)

• Social media content

To deliver this content, your IP address must be processed by the respective provider.
Depending on the service, cookies and other technologies may also be used.
Legal basis:

• Art. 6(1)(f) GDPR (legitimate interest in an attractive, functional website), or

• Art. 6(1)(a) GDPR (consent, if obtained via cookie banner)

Where possible, we use locally hosted fonts and privacy-friendly settings.

11. Data Recipients and Third Countries
We only share data with third parties if:

• it is necessary for contract fulfilment (e.g. shipping companies, payment providers),

• it is legally required,

• we have a legitimate interest, or

• you have given consent.

If data is transferred outside the EU/EEA, this is done either:

• on the basis of an adequacy decision,

• subject to Standard Contractual Clauses, or

• with your explicit consent.
   

12. Retention Period
We store your personal data only as long as necessary for the corresponding purpose.
Examples:

• Contract and invoice data: according to German tax law usually 10 years

• General correspondence: usually up to 6 years (commercial law)

• Server log files: usually a few weeks to a few months (for security)

After expiry of the retention periods, data will be deleted or restricted (blocked).

13. Your Rights (Data Subject Rights)
You have the following rights under the GDPR:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object to processing based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR)

• Right to withdraw consent at any time (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
For Hamburg, this is for example:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit.

14. How to Exercise Your Rights
To exercise your rights, please contact:
Sven Kristiansen
E-mail: mail@svensonphoto.com
We will handle your request in accordance with the legal requirements.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time, for example if we change our services or if legal requirements change. The current version is always available on this page.


Last updated November 2025