In the following we inform about the collection of personal data when using our website. Personal data are all data that refer to you personally e.g. name, address, email addresses, user site navigation behaviour through cookies.
Users who have any doubts about what Data is required are encouraged to contact the Party responsible.
The party responsible pursuant to Article 4 para. 7 of the EU General Data Protection Regulation (GDPR) is Auloma Holding S.r.l., Via Mussolina 1074, 40018 San Pietro in Casale Italy, Telephone: +39 051 818285, Email: firstname.lastname@example.org, Website: www.auloma.com (see our site policy). Our Data protection officer can be reached at email@example.com or at our postal address with the addition "FAO Data protection officer".
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through www.auloma.com and/or www.attaphoto.com and guarantees to have the right to communicate or disseminate them, releasing the Party resposible from any liability towards third parties.
The use of our website functions is fundamentally possible without the processing of personal data. Please refer to the corresponding remarks below concerning the (personal) data transmitted technically to us by you. If we use contracted service providers for the individual functions of our offer or if we wish to use your data for advertising purposes, we shall inform you in detail below regarding the respective procedures. Finally, we also name the criteria of storage duration established.
We use different legal bases for the data processing.
- If you give us consent for certain processing operations of personal data, the legal basis is Article 6 I lit. a of the GDPR hereinafter also referred to as "consent".
- If the processing of personal data is necessary for the initiation or performance of a contract whose (potential) contracting party is the data subject, e.g. if you inquire about products and/or order goods with us and the data processing is necessary for the delivery of the goods, Article 6 I lit. b of the GDPR is the legal basis (hereinafter also referred to as "contract performance").
- If the processing of personal data is required to fulfil a legal obligation, e.g. for the fulfilment of tax filing obligations, Article 6 I lit. c of the GDPR is the legal basis.
- If the processing of personal data is necessary for the protection of vital interests of the data subject or of another natural person, e.g. if a visitor to one of our plant were injured and his/her data had to be forwarded to a doctor and/or hospital, Article 6 I lit. d of the GDPR is the legal basis.
- The processing of personal data may, according to Article 6 I lit. f of the GDPR, be permitted under data protection law if it is necessary for the protection of a legitimate interest of our company or a third party, insofar as the interests, fundamental rights and fundamental freedoms of the person concerned do not predominate (hereinafter also referred to as "balance of interests"). We consider the performance of our business in the interest of safeguarding the jobs of our employees and of the well being of associates as our fundamental legitimate interest. This is also covered by the legitimate interests of companies expressly described by the European legislator. Therefore, a legitimate interest can be assumed if the data subject and the company are in a customer relationship (Recital 47 sentence 2 of the GDPR) or personal data are processed for direct marketing purposes.
- Right to information
- Right to rectification or deletion
- Right to restriction of processing
- Right to object to the processing
- Right to data portability
You also have the right to complain to us about the processing of your personal data by means of a data protection supervisory authority. Your rights are regulated in Chapter 3 of the GDPR.
The payment system deicated for buyers such us consumers, can only be performed online by credit card. The payment service is provided by PayPAl Inc. and the data used for payment are acquired directly from the service provider without being in any way processed by Auloma Holding S.r.l. The operator of the payment service PayPAL Inc. in performing its service may schedule the sending of messages to the Buyer, such as emails containing invoices or notifications regarding payment.
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation will affect the legitimacy of the processing of your personal data after you have notified us.
Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if, in particular, the processing is not required to fulfil a contract with you, which is described by us in each case in the following description of functions. In the event of such a revocation, we shall ask you to explain the reasons why we should not process your personal data as we have done. In the case of a justified objection, we will examine the situation and will either discontinue or adapt the data processing or inform you of our compelling legitimate reasons with which we continue the processing.
Users are reminded that, if their Data is processed for direct marketing purposes, they may object the processing without providing any reasons. To find out if the Owner processes data for direct marketing purposes, Users can refer to the respective sections of this document.
How to claim your rights
You are entitled to object to the processing of your personal data for advertising and data analysis purposes at any time. Concerning your objection to advertising, you can contact us using the details shown in section 1.
- Service providers outside the EU/EEA: We can not rule out that our subcontractors use other service providers in third countries. Pursuant to Article 28 para. 4 of the GDPR we obligate all service providers to adhere to adequate and appropriate guarantees in accordance with Article 44 ff. of the GDPR (transfer to third countries).
- Newsletter: Only if you register on our site, we offer you the possibility to subscribe to our newsletter service through the site https://attaphoto.com/shop/index.php. If you have registered and do not wish to receive this type of offer, you can unsubscribe at any time, e.g. at https://attaphoto.com/shop/index.php or by sending us an e-mail at firstname.lastname@example.org. The newsletter service is optional and can be activated during the user's registration with their consent. The legal basis is Art. 6 para.1 letter a GDPR ("consent").
- Legal, we hire external law firms to resolve legal disputes involving the party responsible, the user or both
- Tax experts, accountants and auditors, we hire professionals from outside our organization to comply with the tax practices required by law.
- hosting provider
- Police officers, in case they request data in case of investigation
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- The amount of data transmitted
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and by means of which the location which sets the cookie (here through us) receives certain information. Cookies can not run programs or transmit viruses to your computer. They serve to make the Internet offer more user friendly and effective. The legal basis of the data processing is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
If you have given your consent to receipt newsletters, the storage of the data provided by you will not be deleted until we receive your request sent to our email address email@example.com, or by sending the request via the dedicated link available in each newsletter. However, it remains possible that for reasons of updating hardware and software systems, your data provided to receive the newsletters will be deleted by us unilaterally at our sole discretion.
Should you be a customer with us and have for example questions or complaints about your order, the legal basis of the data processing is Article 6 para.1 S.1 lit. b of the GDPR ("Contract performance"). If you are not a customer of ours, the legal basis is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
- Transient cookies
- Persistent cookies
Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser setting according to your wishes and for example decline the acceptance of third party cookies or all cookies. We inform you that you may not be able to use all features of this site.
The registration of your data creates an "account" (customer report), through which you can make further purchases, view information about past and current orders and your interaction with the site www.attaphoto.com as indicated in the following points:
- Your above mentioned customer data
- Overview of your completed and current orders at www.attaphoto.com with details of order number, brand, article name, profile, dimension, number, order date, delivery date, delivery status, details, etc.
- Costs of your order, billing address, delivery address, order history, information regarding scheduling and status, etc.
- When you create an account, the data you enter is saved on our servers and can be deleted by notifying us at the following email address: firstname.lastname@example.org. The legal basis for the use is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
- Your personal data will not be processed or transferred to third parties for targeted commercial or technical information.
- Due to trade and tax regulations, we are obligated to save your address, payment and order data for a period of ten years. However, we impose restrictions on processing, i.e. Your data shall only be used to comply with legal obligations.
- The ordering process is encrypted to prevent unauthorised access to your personal data by third parties, especially financial data.
We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, or the retention periods. We also have no information regarding the deletion of the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses them for purposes of advertising, market research and/or needs based design of the website. Such an evaluation is performed in particular (also for non-logged in users) for the display of needs based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. By means of the plug-ins we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, your data collected by us shall be assigned directly to your existing account with the plug-in provider. If you press the activated button and for example, if you link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent you from being mapped to your profile with the plug-in provider.
For more information on the purpose and extent of data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers shown below. There you will also find further information about your rights and the configuration options for the protection of your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php; further information about the data collection:https://www.facebook.com/full_data_use_policy Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/welcome
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/en/privacy Twitter has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/welcome
- Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, a subsidiary of Facebook Inc.. Privacy information: https://help.instagram.com/155833707900388
- YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google LLC. Information on privacy and compliance with the EU-US Privacy Shield: https://policies.google.com/privacy?hl=en