Gerald Kapounek — Portraitfotografie und Fotoworkshops

Legal

Privacy

Declaration on the duty to inform (privacy policy)

I take data protection very seriously! I therefore process your data exclusively on the basis of the statutory provisions (GDPR, Austrian Telecommunications Act 2003). In this privacy information I inform you about the most important aspects of data processing within the scope of my website.

Contact with me

If you contact me via the form on the website or by email, the data you provide will be stored by me for the purpose of processing your enquiry and in case of follow-up questions. I do not pass on this data without your consent! The personal data you enter here are your “name” and, where applicable, your email address, insofar as this allows identification.

Use of cookies

Cookies are small text files or other types of storage records that store information on end devices and read information from end devices — for example, to save the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed, or functions of an online offering that have been used. Cookies can also be used for various purposes, e.g. for the functionality, security and convenience of online offerings as well as for creating analyses of visitor flows.

I use cookies only in accordance with the statutory provisions. I therefore obtain your prior consent, unless this is not required by law. Consent is in particular not necessary if the storing and reading of the information, including cookies, is strictly necessary in order to provide a telemedia service expressly requested by you (i.e. my online offering). The revocable consent is clearly communicated and contains the information on the respective use of cookies.

The data protection legal basis on which I process your personal data with the help of cookies depends on how you responded to the request for consent to the use of cookies. If you have consented, the legal basis for processing your data is the consent declared. Otherwise, the data processed with the help of cookies is processed on the basis of my legitimate interests (e.g. in the commercial operation of my online offering and the improvement of its usability), or, where this is done within the framework of fulfilling my contractual obligations, and where the use of cookies is necessary in order to fulfil my contractual obligations.

With regard to the storage period, the following types of cookies are distinguished:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after you leave my online offering and close your end device (e.g. browser or mobile application).

Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved, or preferred content can be displayed directly when you visit my website again. Likewise, the data collected with the help of cookies can be used to measure reach. Unless I provide explicit information on the type and storage period of cookies (e.g. in the context of obtaining consent), you should assume that cookies are permanent and that the storage period can be up to two years.

You can revoke the consent you have given at any time and also object to the processing in accordance with the statutory requirements under Art. 21 GDPR. You can also declare your objection via your browser settings, e.g. by deactivating the use of cookies (although this may also limit the functionality of my online services). An objection to the use of cookies for online marketing purposes can also be declared on the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Collection of access data and log files

Access to my online offering is logged in the form of so-called “server log files”. The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the operating system you use, the referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used, on the one hand, for security purposes, e.g. to avoid overloading the servers (in particular in the case of abusive attacks, so-called DDoS attacks), and, on the other hand, to ensure the utilisation of the servers and their stability; legal bases: legitimate interests (Art. 6(1)(1)(f) GDPR); deletion of data: log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Web analysis, monitoring and optimisation

Web analysis (also referred to as “reach measurement”) serves to evaluate the visitor flows of my online offering and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis I can, for example, identify at what time my online offering or its functions or content are used most frequently, or which invite repeated use. I can likewise understand which areas are in need of optimisation.

In addition to web analysis, I may also use testing procedures, e.g. to test and optimise different versions of my online offering or its components.

Unless otherwise stated below, profiles — i.e. data combined for a usage process — may be created for these purposes, and information may be stored in a browser or on an end device and read from it. The information collected includes in particular the web pages visited and the elements used there, as well as technical information such as the browser used, the computer system used and information on times of use. Insofar as you have agreed to the collection of your location data vis-à-vis me or the providers of the services I use, location data may also be processed.

The accessing IP addresses are likewise stored. However, I use an IP masking procedure for pseudonymisation by shortening the IP address. Generally, no clear data (such as email addresses or names) is stored within the scope of web analysis, A/B testing and optimisation, but rather pseudonyms. This means that neither I nor the providers of the software used know your actual identity, but only the information stored in their profiles for the purposes of the respective procedures.

Types of data processed: usage data (e.g. web pages visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Persons affected: users (e.g. website visitors, users of online services).

Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g. interest-/behaviour-related profiling, use of cookies); provision of my online offering and user-friendliness.

Security measures: IP masking (pseudonymisation of the IP address).

Legal bases: consent (Art. 6(1)(1)(a) GDPR).

Further information on processing operations, procedures and services:

Google Analytics: web analysis, reach measurement as well as measurement of user flows; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; legal bases: consent (Art. 6(1)(1)(a) GDPR); website: https://marketingplatform.google.com/intl/de/about/analytics/; privacy policy: https://policies.google.com/privacy; data processing agreement: https://business.safety.google/adsprocessorterms; standard contractual clauses (ensuring a level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; opt-out option: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated; further information: https://privacy.google.com/businesses/adsservices (types of processing and of the data processed).

Presence on social networks (social media)

I maintain online presences within social networks and, within this framework, process user data in order to communicate with the users active there or to offer information about myself.

I would like to point out that data may be processed outside the area of the European Union in the process. This may result in risks for you, because, for example, the enforcement of your rights could be made more difficult.

Furthermore, your data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created on the basis of your usage behaviour and the resulting interests. The usage profiles can in turn be used, for example, to place advertisements within and outside the social networks that presumably correspond to your interests. For these purposes, cookies are generally stored on your computer, in which your usage behaviour and your presumed interests are stored. Furthermore, data may also be stored in the usage profiles independently of the devices you use (in particular if you are a member of the respective platforms and are logged in to them).

For a detailed presentation of the respective forms of processing and the options to object (opt-out), I refer to the privacy policies and information of the operators of the respective networks. In the case of requests for information and the assertion of data subject rights, I also point out that these can be asserted most effectively with the providers. Only the providers each have access to your data and can directly take appropriate measures and provide information. Should you nevertheless need help, you can contact me.

Types of data processed: contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. web pages visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Persons affected: users (e.g. website visitors, users of online services).

Purposes of processing: contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.

Legal bases: legitimate interests (Art. 6(1)(1)(f) GDPR).

Further information on processing operations, procedures and services:

Instagram: social network; service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal bases: legitimate interests (Art. 6(1)(1)(f) GDPR); website: https://www.instagram.com; privacy policy: https://instagram.com/about/legal/privacy.

Facebook pages: profiles within the social network Facebook – together with Meta Platforms Ireland Limited, I am responsible for the collection (but not the further processing) of your data on my Facebook page (so-called “fan page”). This data includes information about the types of content you view or interact with, or the actions you take (see under “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices you use (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information in order to provide analytics services, so-called “page insights”, for page operators, so that they gain insights into how people interact with their pages and with the content connected to them. I have concluded a special agreement with Facebook (“Information about Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, direct requests for information or deletion directly to Facebook). Your rights (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal bases: legitimate interests (Art. 6(1)(1)(f) GDPR); website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; standard contractual clauses (ensuring a level of data protection when processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; further information: joint controllership agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint responsibility is limited to the collection by and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).

Your rights

You are generally entitled to the rights of information, rectification, erasure, restriction, data portability, revocation and objection. If you believe that the processing of your data violates data protection law or that your data protection claims have otherwise been infringed in any way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority.

Answering data protection enquiries

I ask you to send your enquiry to me in writing or by email with a copy of your ID enclosed. I will then process your enquiry in accordance with the statutory provisions. You can reach me at the following contact details:

Gerald Kapounek
Lichtenauergasse 11/20
1020 Vienna
Phone +43 (664) 2304505
Email: gerald@kapounek.photo

Changes to this privacy information

I reserve the right to adapt the privacy policy as required. Current status: 11 August 2022

Note: This privacy policy was created on the basis of the document https://rsv-fotografen.at/wp-content/uploads/2018/09/33.-Informationsschreiben-Website.pdf of the Legal Protection Association of Austrian Photographers (Rechtsschutzverband der Fotografen Österreichs) as well as on the basis of the document https://www.wko.at/branchen/information-consulting/unternehmensberatung-buchhaltung-informationstechnologie/it-dienstleistung/musterformular-datenschutzerklaerung.docx of the Austrian Federal Economic Chamber.