HOW i SHOT THiS

Privacy Policy

Validity: December 2020

Privacy policy of the HIST.app website

The following provisions apply to the processing of personal data via our website.

1. Information on the Collection of Personal Data

(1) In the following, we inform you about the collection of personal data when using our website. Personal data means all data that relates directly to you, for example, your name, address, email addresses and (as appropriate) your user behaviour.

(2) The Data Controller pursuant to Art. 4(7) of the EU Data Protection Regulation (referred to in the following as the “GDPR”) is

The civil-law partnership Melanie Neuhäuser und Shayne Thomas GbR

as represented by Melanie Neuhäuser and Shayne Thomas

Jenaer Straße 71

91058 Erlangen

Germany

[email protected]

(otherwise see our legal notice).

(3) If you contact us by email or using a contact form, we will store and process the data that you provide in order to answer your questions. As regards our contact form, only the necessary information on your part, namely your name, email address and message, will be requested. We shall erase the data collected in this context after its storage is no longer required, or restrict the processing if statutory retention obligations, as regards tax law, for example, or if other grounds to justify further storage exist. In the latter case, however, we will separate and restrict access to the data to be stored on the basis of legal provisions after one year of storage at the latest, unless stated otherwise below. In this respect, the legal basis for the initial collection is provided for in point (a) of Art. 6(1) GDPR, while the legal basis for the further processing in the course of fulfilling our contract – or for the purpose of executing pre-contract measures required to respond to your request/enquiry – is set forth in point (b) of Art. 6(1) GDPR, or (as appropriate) continued storage is necessary for other legal reasons as stipulated in point (c) of Art. 6(1) GDPR.

(4) If we commission service providers for individual functions of our offer, or if we would like to use your data for advertising purposes, we will inform you below in detail about the respective transactions. In this respect, we will also state the criteria determined for the duration of storage.

2. Your Rights

(1) With regard to your personal data, you have the following rights towards us:

– Right of access (Art. 15 GDPR)

– Right to rectification or erasure (Art. 16, 17 GDPR)

– Right to restriction of processing (Art. 18 GDPR)

– Right not to be exclusively subject to an automated decision,

– Right to data portability (Art. 20 GDPR) and

– Right to object to the processing (Art. 21 GDPR).

(2) You also have the right to lodge a complaint with a data protection supervisory authority, should you consider our processing of your personal data to be unlawful, Art. 77 GDPR. For this purpose, you may usually consult the supervisory authority of your customary place of residence or work, or our company headquarters.

(3) Insofar as you have asserted us your right to rectification, erasure or restriction of processing as stated in paragraph 1, we will be obliged to inform all recipients to whom your personal data has been disclosed of your desired rectification or erasure of the data or the restriction of its processing, unless this should prove to be impossible or it entails a disproportionate workload. In any case, however, you are consistently entitled to be informed about these recipients, Art. 19 GDPR.

(4) To avoid any misunderstandings, we make reference to the fact that no automated decision-making takes place in accordance with Art. 22(1) and (4) GDPR.

3. Collection of Personal Data When Visiting Our Website

(1) If you only visit our website for informative purposes, i.e. if you do not register or otherwise transfer information to us, we will only collect the personal data that your browser transfers to our server. In this case, we will use a transfer process which is based on the SSL protocol (Secure Sockets Layer Protocol: TLS 1.2). If you wish to view our website, we will collect the following data, which is technically necessary to enable us to display our website and ensure its stability and security (legal basis is point (f) of Art. 6(1) GDPR):

• IP address in pseudonymised form (duration of storage, 1 month)

• date and time of the request

• time zone difference to Greenwich Mean Time (GMT)

• content of the request (specific page)

• access status/HTTP status code

• respective data volume transferred

• website from which the request originates

• browser

• operating system and its interface

• language and version of the browser software

(2) In addition to the aforementioned data, cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, as assigned accordingly by the browser that you use, which allow the entity that places the cookie (in this case, us) to then receive certain information. Cookies cannot run programmes or transmit viruses to your computer. They serve the purpose of making the internet offering more user-friendly and effective. If the use of the cookies is required in order to enable or further develop our service, the legal basis for the storage is point (f) of Art. 6(1) GDPR, moreover, your consent is obtained before their use (point (a) of Art. 6(1) GDPR).

(3) Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained as follows:

• Transient cookies (see b)

• Persistent cookies (see c).

A precise description of the cookies we use is available here.

b) Transient cookies are erased automatically when you close your browser. These include, in particular, session cookies. These store what is referred to as the “session ID”, by which various requests from your browser can be assigned to the shared session. This will allow your computer to be recognised if you return to our website. Session cookies are erased as soon as you log out or close your browser.

c) Persistent cookies are automatically erased after a set period of time, which may differ depending on the cookie. You can erase the cookies in the security settings of your browser at any time. Unless stated otherwise in the following provisions or our cookie overview page, persistent cookies will be erased after 180 days at the latest.

d) You can configure your browser setting according to your requirements and can, for example, decline the acceptance of third-party cookies or any cookies at all. However, we draw your attention to the fact that you may be unable to use all the functions of this website in this case.

4. More Functions and Offers of our Website

(1) Besides the merely informational use of our website, we offer different services which you can use if you are interested. To do so, you usually have to provide more personal data that we use to render the relevant service and to which the data processing principles specified above apply.

(2) To process your data, we sometimes make use of external service providers. These service providers have been carefully selected and commissioned by us, are bound by our instructions, and are checked at regular intervals.

(3) Apart from that, we may forward your personal data to third parties if we jointly offer contract conclusions or similar services together with partners. More detailed information is provided when you provide your personal data, or in the description of the offer. In hosting our website, we work with the company SiteGround Spain S.L., Calle de Serrano 1, 5, 28001 Madrid, Spain (referred to in the following as “HOSTINGPARTNER”) whose servers that we use are also based in the European Union. For its part, HOSTINGPARTNER works with the following subcontractor: SiteGround Italia Srl., Via Agnello 8, 20121 Milan, Italy. Softlayer Dutch Holdings B.V, 1096 BK Amsterdam, Netherlands.

(4) If our service providers or partners have their registered office in a state outside the European Economic Area (EEA), we shall inform you of the respective consequences in the description of the offer.

5. Objection to processing or withdrawal regarding the processing of your data

(1) If, in the individual case, you have provided consent to the processing of your data, you can withdraw this at any time under the contact data stated above under Section 1 paragraph 2 and/or in the legal notice. Such a withdrawal affects the legitimacy of the processing of your personal data after it has been declared.

(2) Where we justify the processing of your personal data on the basis of a weighing of interests, you may submit an objection to the processing. This is particularly relevant to cases in which the processing is not necessary for fulfilling a contract with you, which we will clarify in each case in the following description of the functions. When exercising such an objection, we ask you to provide the reasons as to why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adapt the data processing, or provide you with our compelling grounds for protection, on the basis of which we will continue with the processing.

(3) It goes without saying that you can object to a possible processing of your personal data for the purposes of advertising and data analysis at any time. You can notify us of your objection to the processing of your personal data for advertising purposes with the contact data stated above under Section 1 paragraph 2 and/or in the legal notice.

6. Use of the restricted area of our website

(1) Insofar as you would like to use the restricted area of our website, it is necessary for you to register, providing your email address, a self-chosen password and your freely-chosen user name. There is no requirement for you to use your actual name; the use of a pseudonym is also possible. We use the double-opt-in procedure for the registration, which means your registration is only complete when you have already confirmed your registration in a confirmation email sent to you for this purpose by clicking on the link contained in the email. If you fail to provide your confirmation within 72 hours, your registration will be automatically erased from our database. The provision of the aforementioned data is compulsory, you are free to provide all of the further information voluntarily through the use of our portal.

(2) If you use our portal, we store your data required for the fulfilment of the contract, including information on the method of payment, until you finally erase your access. We will also store the voluntary data that you provide for the duration of your use of the portal, unless you erase it first. You can manage and change all of your details in the restricted area for customers. The legal basis is point (f) of Article 6(1) GDPR.

(3) To restrict unauthorised third-party access to your personal data, in particular financial data, the connection is encrypted via TLS technology.

7. Use of the payment service provider PayPal

(1) On this website, we offer you the possibility to make payments using PayPal. In this respect, if you select “PayPal” as your method of payment, after you provide your express consent, we will transfer your data appertaining to the purchase agreement and the processing of the payment to PayPal (Europe) S.à r.l. et Cie S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (referred to below as “PayPal”).

(2) The following data will be transferred: Your name, email address, the package that you have booked, the associated costs, the number and time of the order and the billing address.

(3) In individual cases, PayPal may forward your data to third parties for the processing of the payment; please refer to the information in the privacy policy of PayPal under the following link: https:// www.paypal.com/de/webapps/mpp/ua/privacy-full.

(4) Please see the privacy policy of the provider for further information on purpose and scope of data collection and processing thereof by PayPal. You will also find further information there concerning your rights regarding this matter https://www.paypal.com/de/webapps/mpp/ua/ privacy-full.

8. Newsletter

(1) You can consent to subscribe to our newsletter, which provides you with information about our interesting current offers. The advertised goods services are referred to in the declaration of consent.

(2) We use the double opt-in procedure for the subscription to our newsletter. This means that after your registration, we will send an email to the specified email address, in which we ask you to confirm that you want to receive the newsletter. If you fail to confirm subscription within 24 hours, your data will be blocked and automatically erased after a month. Furthermore, we will always store the IP addresses used and the time of the registration and confirmation. This serves as a means of proof of your subscription and, if applicable, to solve any potential misuse of your personal data.

(3) The mandatory information for sending the newsletter is your email address. After your confirmation, we will store your email address for the purpose of sending the newsletter. The legal basis is point (a) of Art. 6(1) GDPR.

(4) You may withdraw your consent to the transmission of the newsletter and unsubscribe at any time. You can submit your withdrawal by clicking on the link provided in each newsletter email, by sending an email to [email protected], or by sending a message to the contact details specified in the legal notice.

9. Embedding of Instagram plugins

(1) We have integrated photographs in our online offering via Instagram plugins, which are saved at https://www.Instagram.com and can be downloaded directly from our website. Insofar as it is operated in the EU, Instagram is a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (referred to in the following as “Facebook”).

(2) By visiting our website and after providing your express consent to the integration of the Instagram feed, Facebook receives notification that you visited the corresponding sub-page on our website. Additionally and at a minimum, the data referred to under Section 3 of this Privacy Policy will also be transferred, with respect to which we do not know the precise extent of the collection and processing of the data by Facebook. This takes place regardless of whether Facebook provides a user account that you have logged into, or whether you have no user account. If you are logged into Google, your data will be directly linked to your account. If you do not want Facebook to link data to your profile, you must log out before clicking on the button. Facebook will save your data as user profile and use it for the purposes of advertising, market research and/or the needs-oriented design of its website. The particular objectives of such analysis (even in case of users who are not logged in) are the provision of appropriate advertisement and informing other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles, which must be exercised towards Facebook.

(3) Please refer to the privacy policy for further information on the purpose and extent of the collection of data and its processing by Facebook. There, you will also find further information on your rights and the settings options to protect your privacy: https:// help.instagram.com/519522125107875. Google also processes personal data in the USA and has agreed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

10. Embedding of Google Maps

(1) We use the services of Google Maps on this website, as provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (referred to below as “Google”). This allows us to provide you with an interactive map directly on this website and it makes using the map feature more convenient for you.

(2) By visiting this website, Google is notified that you have accessed the corresponding sub-page of our website. Additionally and at a minimum, the data referred to under Section 3 of this Privacy Policy will also be transferred, with respect to which we do not know the precise extent of the collection and processing of the data by Google. This transmission is independent of whether Google provides a user account that you have logged into or whether you have no user account. We have no influence on the data collected and the data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing or the storage periods. We do not have any information regarding the erasure of the data collected by Google. If you are logged into Google, your data will be directly linked to your account. If you do not wish for Google to link data to your profile, you have to log out before clicking on the button. Google will store your data as a user profile and utilise it for the purposes of advertising, market research and/or the needs-oriented design of its website. The particular objectives of such analysis (even in case of users who are not logged in) are the provision of appropriate advertisement and informing other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles, which must be exercised towards Google.

(3) Please see the privacy policy of the provider for further information on purpose and scope of the data collection and its processing by Google. There, you will also find further information on your rights and the settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes personal data in the USA and has agreed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

11. Use of Google Analytics

(1) This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, i.e. text files that are stored on your computer and allow for an analysis of your use of the website. The information generated by the cookies concerning your use of this website is usually transmitted to a Google server in the USA and is stored there. In the event that IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activities and to provide other services relating to the use of the website and the internet to the website operator.

(2) The (anonymised) IP address transmitted by your browser in connection with Google Analytics will not be merged with any other data from Google.

(3) A precise description of the cookies used in the scope of the use of Google Analytics is provided here. You can prevent the storage of such cookies by changing the settings of your browser software accordingly; however, please note that, in this case, you may not be able to make full use of all the functions of this website. In addition, you can prevent the collection of the data created by the cookie and relating to your use of the website (incl. your IP address) as well as the processing of such data by Google by downloading and installing the browser plug-in which is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. If you click on the following, what is known as the “opt-out cookie” will also be set:

Google Analytics deaktivieren

In this case, Google Analytics will no longer collect any data regarding your visit. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent Universal Analytics (regardless of this website) from collecting data across multiple devices (on all third-party sites), you are also required to download the opt-out cookie on all systems that are in use.

(4) This website uses Google Analytics with the “_anonymizeIp()” extension. In this way, IP addresses are processed further in shortened form, making it impossible to link them to a particular individual. If the data collected concerning your person contains a personal reference, this will be excluded immediately, and the personal data will be erased immediately.

(5) We use Google Analytics to analyse and make regular improvements to the use of our website. Through the statistics we gain, we can improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data are transferred to the USA, Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is point (f) of Article 6(1) GDPR.

(6) Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Conditions of use: http://www.- google.com/analytics/terms/de.html, overview regarding data protection: http://www.google.com/intl/ de/analytics/learn/privacy.html, and the privacy policy: http://www.google.de/intl/de/ policies/privacy.

(7) This website also uses Google Analytics for an overall device analysis of visitors, which is carried out via a user ID. You can deactivate the overall device analysis in your Google user account under “my data”, “personal data”. (8) As a precautionary measure, we have also concluded a contract data processing agreement with Google – although no IP will be transmitted to Google thanks to the anonymizeIP function.

12. Use of the payment service provider Stripe

(1) On this website we offer payment methods via the payment service provider Stripe.  Currently, these are credit card payments via Maestro / Mastercard, American Express and Visa. Therefore, if you choose a payment method of the payment service provider Stripe, after you gave your express consent, your data will be transmitted to Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA (hereinafter referred to

as “Stripe”). The transfer of your data for payment processing is for the purpose of payment processing with Stripe as well as fraud prevention by Stripe. Stripe is responsible for the processing of your data there.

(2) In particular, the following data shall be transmitted: Your name, email address, payment method as well as payment details (i. e. payment card details, amount, date of payment), billing and / or shipping address as well as your transaction history (to authentication).

(3) Your data may be passed on to third parties by Stripe in individual cases for the purpose of processing payment as well as for fraud prevention. Please refer to the privacy policy of Stripe under the link https://stripe.com/de/privacy

(4) Please see the privacy policy of the provider for further information on purpose and scope of data collection and processing thereof by Stripe. There you will also receive further information on your rights in this regard https://stripe.com/de/privacy

13. Links to external websites

Insofar as links are provided to websites from other service providers, this privacy policy does not apply to their contents. The data that the operators of such websites may collect is beyond our sphere of our knowledge and influence. Information is available in the privacy policy information of the respective website.

14. Use of social media links

(1) We currently use links to the following social media sites: Facebook, Instagram, LinkedIN, Pinterest, TikTok, Vimeo, and YouTube. These are just links and not plugins, however. This means that when you visit our website, no personal data will initially be forwarded to the providers of the social media sites. You can identify the provider of the social media sites by the tag on the box and through its initial letter or the logo. We give you the opportunity to visit the third party sites directly by clicking on the button. Only when you click on the link, however, will the provider of the social media site receive the notification that you have visited the corresponding website of our online offering. The data stated in section 3 of this Privacy Policy will also be transferred. According to the details of the providers in Germany, on Facebook, the IP address is anonymised immediately subsequent to the collection. When you visit the social media sites, personal data may then be transferred from you to the provider and stored there (also in the USA). As the provider of the social media site collects data with the use of cookies in particular, we recommend that you erase all cookies before clicking on the link using the security settings in your browser.

(2) We have no influence on the data collected or the data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing or the storage periods. We do not have any information about the erasure of the collected data by the providers of social media sites.

(3) The provider of the social media site will store the data collected about you as a user profile and use such data for the purposes of advertising, market research and/or the needs-based design of their website. The key objectives of this analysis (even in the case of users who are not logged in) are the provision of appropriate advertising and informing other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you are required to contact the provider of the social media site. Through social media sites, the provider also offers you the opportunity to interact with us and other users in social networks, so that we can improve our offer and make it more interesting to you as a user. The legal basis for the use of our social media profile is point (f) of Article 6(1) GDPR.

(4) The transfer of data takes place regardless of whether you have an account with the provider of the social media site and are logged in there. If you are logged in at the provider of the social media site, your data that we collect will be assigned directly to your account with the provider of the social media site. We recommend that you generally log out after using a social network, but particularly before activating a button or link. In this way, you can prevent your profile from being assigned to the provider of the social media site.

(5) For further information on the purpose and scope of the collection and the processing of the data by the provider of the social media site, please visit the respective privacy policies of the providers, as stated below. There, you will also find further information about your rights and the settings options to protect your privacy.

(6) Address of the respective provider of the social media site and URL, with the privacy policy information:

-Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http:// www.facebook.com/policy.php; further information on the collection of data: http:// www.facebook.com/help/186325668085084, http://www.facebook.com/about/ privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo . Facebook has agreed to comply with the EU-US Privacy Shield, https:// www.privacyshield.gov/ EU-US Framework

15. Use of Facebook pixels (Facebook Custom Audiences)

(1) The website also uses what is referred to as the “Facebook pixel” as a remarketing function of Facebook Inc. (“Facebook”). This enables users of the website to be shown interest-related advertising (“Facebook ads”) when they visit the social network Facebook or other websites which also use this procedure. In doing so, we pursue the interest of displaying advertising to you that is of interest in order to make our website more interesting for you. On the basis of the Facebook pixels used, we can also evaluate the impact of the Facebook ads, i.e. in particular, whether a user visits our website after clicking on our Facebook ads.

(2) Through the Facebook pixel used, your browser automatically establishes a direct connection with the server of Facebook. We do not have any influence on the extent or the further use of data that are collected by Facebook through the use of this tool, and therefore inform you of our level of knowledge accordingly: through the integration of the Facebook pixel, Facebook is informed that you have accessed the corresponding website of our website or clicked on one of our ads. If you are registered in a service of Facebook, Facebook can assign this visit to your account. Even if you are not registered with Facebook and/or are not logged in, it is possible that the provider may gain knowledge of and store your IP address and other identifiers.

(3) The deactivation of the Facebook pixel is possible here: https://www.facebook.com/ off_facebook_activity/, and for users who are logged in, at: https://www.facebook.com/ settings/?tab=ads#_.

(4) The legal basis for the processing of your data is sentence 1 of point (f) of Art. 6(1) , GDPR. Further information on the data processing by Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA is available at http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084 http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

Validity: December 2020

Login to your account