We in the Captural team are delighted to be processing your images. Our main objective is to ensure your satisfaction.
1. Collecting personal data, data and communication security
Personal data includes any data that is relevant to you personally, e.g. name, address, e-mail addresses, user behaviour. We process your personal data whilst observing any applicable data protection regulations, with particular reference to the Swiss Data Protection Act and any other applicable international and national laws pertaining to the processing of personal data.
We only collect data that is legally or contractually required, or that is necessary for the conclusion and promotion of a contract or required for us to be able to render our services and process contracts. Voluntary information is marked as such. There are no negative consequences of not providing this data. However, not providing data may in some cases make communication with you difficult or delayed.
Your personal data is protected against loss and misuse at all times through appropriate technical and organisational measures. It is stored in a secure operating environment that is not accessible to the public.
Sensitive data, such as your username, password, address details and payment details, is transmitted solely via an encrypted connection. This means that communication between the app and our servers takes place via a certified encryption process.
We need to collect personal data to be able to process your order. This may, for example, include your name and address. In accordance with the respectively applicable data protection regulations, your data is only used for the purpose associated with the respective collection and to allow us to safeguard our legitimate business interests. We thus only collect data that is required for smooth processing of and for improving our business processes and, in particular, for processing your order.
The app contacts our servers for various reasons. As an example, this is necessary when requesting and updating pricing information or in case of an order. Here, access data is temporarily stored on our servers. This includes the IP address you are using for access and the date and time of your visit. This data is deleted after 30 days at the latest.
Registration is required for you to be able to fully use our app’s features, especially for ordering. Registration data is collected when you enter it and is used for the specific purpose in accordance with your consent.
We only store your personal data after the purpose for which it was collected has been fulfilled if this is necessary as per legal regulations (with particular reference to tax law).
Your images are analyzed and categorized by an algorithm for certain characteristics. This categorization serves exclusively the user-friendliness of our app. The algorithm used only runs locally on the device on which you have installed the app and does neither collect nor share any data with us or third parties.
2. Using and sharing personal data
We treat your data as confidential and do not share it with third parties. However, we reserve the right to have the data processed by service providers in Switzerland or in the EU for the purpose of processing our orders from a commercial perspective. When doing so, appropriate data protection is ensured through compliance with the data protection regulations applicable in Switzerland, the EU and the respective country, and through corresponding contractual regulation with our service providers. There are also reciprocal decisions between Switzerland and the EU on the recognition of the mutual adequacy of the respective data protection (see EU: Commission Decision on Adequacy Switzerland of 26 July 2000, (2000/518 EC) and CH: List of countries with adequate data protection).
Your order details (images, PDF documents, etc.) are kept for up to 30 days before they are permanently deleted so that we are able to process repeat orders or complaints, if any. If you use the “Audio Photo Books” function, the images you uploaded will be kept as so-called thumbnails until you request deletion of the function. The associated audio file uploaded by you will also be kept until then.
3. Controller, contact details of the data protection officer
(1) Company address
Photocolor Kreuzlingen AG
(2) The ‘controller’ is:
See (1), e-mail: email@example.com
(3) You can contact our data protection officer at:
See (1), e-mail: firstname.lastname@example.org
4. Your right of withdrawal and right to object
Your right to withdraw consent
You have the right to withdraw the consent given at any time without this affecting the legality of any previous processing. If the consent is withdrawn, we will stop the relevant data processing.
Your right to object with respect to legitimate interests
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data relating to you which was. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or if processing serves to assert, exercise or defend legal claims.
Your right to object with respect to direct marketing
You have the right to object to the processing of your personal data for the purposes of direct marketing, where the assertion of this right results in the end of processing for the purposes of direct marketing or the safeguarding of legitimate interests.
5. Third-party services
(1) Payment by credit card
We offer payment via Stripe in our app. The provider of this payment service is Stripe Payments Europe, Ltd., a private limited company organised under the laws of Ireland with company number 513174 and offices at The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland (hereinafter referred to as ‘Stripe’).
If you select payment by credit card, the payment details you provide will be transmitted to Stripe.
Your data will be transmitted to Stripe. You have the option to withdraw your consent to data processing at any time. Withdrawal does not affect the effectiveness of the historical data processing processes. You can find more information about data protection at Stripe at https://stripe.com/de/privacy#translation.
(2) Using MailChimp
Our e-mail communication is processed via ‘MailChimp’, a platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Your e-mail address and other data described in this policy are stored on MailChimp servers in the USA. MailChimp uses this information to send e-mails and analyse user interaction on our behalf. Furthermore, MailChimp can use this data, as per its own information, to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for business purposes, in order to determine the countries recipients originate from. However, MailChimp does not use our newsletter recipients’ data to send messages itself, nor does it share such data with third parties. MailChimp is certified under the Swiss-US Privacy Shield data protection agreement and is therefore under obligation to comply with Swiss data protection requirements. We have also concluded a data processing agreement with MailChimp, which contains standard data protection clauses. This is a contract in which MailChimp is under obligation to protect our users’ data, to process it on our behalf in accordance with our data protection regulations, and, in particular, to not share it with third parties. For these data and services, we consider the measures taken to be an adequate data protection guarantee.
(3) Google Firebase and Firebase Cloud Messaging
Our app uses Google Firebase (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ‘Google’). Among other things, this service processes personal data. This data mainly includes ‘instance IDs’, which are provided with time stamps. These IDs are assigned to a specific user and allow various events or processes to be linked. This data does not allow us to draw any conclusions about a specific user. We do not personalise the data. We process the data collected to analyse and optimise user behaviour, e.g. by evaluating crash reports.
For Firebase Analytics, Google also uses the advertising ID of the end device. You can limit the use of the advertising ID in your mobile device settings.
For iOS: Settings > Privacy > Advertising > Limit Ad Tracking
Firebase Cloud Messaging is used to send push notifications or ‘in-app messages’ (messages that are shown in the actual app). Here, a pseudonymised push reference is assigned to the end device, which serves as the destination for the push or in-app messages. This feature can be disabled in your end device settings and can also be re-enabled at any time.
If possible, we use servers located in the EU. But we cannot rule out that data may be transmitted to the USA. Google is part of the Swiss-US Privacy Shield. In addition, any possible data processing by Google takes place on the basis of standard data protection clauses. For these data and services, we consider the measures taken to be an adequate data protection guarantee.
(4) Usage data with Mixpanel
Mixpanel enables customers to select which data to send (or not send), empowering them to make important and informed privacy decisions when conducting data analysis. Mixpanel is not an “ad-tech,” “data brokerage,” or “data enrichment” provider; we ingest and process only the data you send us and we never combine it with data from other sources.
Mixpanel does not engage in “tracking” as defined by Apple. While each Mixpanel customer is empowered to configure Mixpanel’s SDKs how they see fit, that configuration generally does not allow customers to combine their data with third-party data, and is generally not used for targeted advertising or advertising measurement purposes, or for sharing data with data brokers.
(5) Registering with ‘Sign in with Apple’
You have to use ‘Sign in with Apple’ in our app to register and sign in. Additional registration is therefore not required. ‘Sign in with Apple’ is a service from Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014.
Your Apple ID is linked to our app via this process. You have the option of providing or hiding your e-mail address. If you select ‘Provide e-mail address’, we receive the e-mail address and name linked to your Apple ID. With the ‘Hide my e-mail address’ feature, Apple allows you to register for other services like our app without you having to disclose your e-mail address. If you enable this feature when registering in our app, Apple will generate a random e-mail address with the domain ‘@privaterelay.appleid.com’. Everything sent to this address is automatically forwarded to the e-mail address linked to your Apple ID. This means that you will not receive e-mails from us if you disable e-mail forwarding. We also automatically receive an e-mail address through registration – either the one linked to the Apple ID or a random one generated by Apple.
This information is mandatory for the use of our app so that we are able to identify you.
08 Dec. 2020 – V. 1.4