Terms of use | Privacy policy

III. COLLECTION AND STORAGE OF PERSONAL DATA AS WELL AS TYPE AND PURPOSE OF THEIR USE

a. WHEN VISITING THE WEBSITE

When you visit our website https://www.picrights.com/ and/or picrights.global and our portal https://resolve.picrights.com/ and/or https://history.picrights.com, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without action on your part and stored until it is automatically deleted after 30 days:

• IP address of the computer requesting access,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• Identification data of the browser and operating system used (browser type/ browser version, operating system used).
• Usage data (e.g. pages visited, interest in content, access times)

This data is processed for the purpose of enabling use of the website (connection establishment), system security, technical administration of the network infrastructure, optimisation of the internet offer and convenient use of our website. The IP address is only evaluated in case of attacks on PicRights Europe GmbH’s network infrastructure and for statistical purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection.

In addition, we use cookies and analysis services when you visit our website. You will find more detailed explanations under Sections 4 and 6 of this data protection declaration.

b. WHEN SUBMITTING A CASE

If you submit a case to PicRights Europe GmbH and instruct PicRights to prosecute an infringement, you must provide the following information at the latest when submitting a case:

• Contact details (address, email address)
• Company, if available
• sales tax identification number, if available
• Bank details (IBAN/ account number, BIC/ swift code)

If additional users are created, their first and last name as well as an email address must be provided.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. We need the data for the fulfilment of the agency contract.

c. WHEN USING THE SETTLEMENT PORTAL TO PROVIDE A LICENSE

If you provide proof of a license at https://resolve.picrights.com/ and/or https://history.picrights.com, you must provide the following information truthfully:

• Your first and last name
• Contact details (address, email address)

If you have acquired the picture from a natural person, their first and last name must be indicated. Further personal information about the licensor is optional, but makes it easier to verify the validity of the license.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We need the data to verify the legitimacy of the proven license and to verify the factual and legal situation.

d. WHEN PAYING FOR PAST USAGE

If you  paid for past usage at https://resolve.picrights.com/ and/or https://history.picrights.com, you must provide the following information truthfully:

• Your first and last name
• Contact details (address, email address)
• Company, if available

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. We need the data for the fulfilment of the contract of use and the provision of contractual services.

The payment information is processed by sub-processors unzer (further information: https://www.unzer.com/en/rechtliches/) and Paypal (https://www.paypal.com/en/webapps/mpp/ua/privacy-full) on the basis of Art. 28 GDPR.

e. WHEN CONCLUDING A SETTLEMENT AGREEMENT

If you enter into a settlement at https://resolve.picrights.com/ and/or https://history.picrights.com, you must provide the following information truthfully:

• Your first and last name
• Contact details (address, email address)
• Company, if available

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. We need the data for the fulfilment of the contract of use and the provision of contractual services.

f. WHEN MAKING CONTACT

There are several ways to contact PicRights Europe GmbH.

If you have any questions, please contact us using the form provided on the https://www.picrights.com/. The name and a valid email address are required so that we know from whom the request originates and we are able to answer it. Further information can be provided voluntarily.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR on the basis of your voluntary consent or in accordance with Art. 6 para. 1 lit. b) GDPR for processing the contact enquiry and its processing. User information may be stored in a Customer Relationship Management System (“CRM System”), see Section 3.1.2, or a comparable system.

g. COOKIES

We use cookies in our online offer. These are small files that your browser creates automatically and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do no damage to your device, do not contain viruses, Trojans or other malware.

The information stored in the cookie are small bits of data or code which identify the specific device used to connect to our website. However, this does not mean we have immediate knowledge of your identity.

The use of cookies serves to make the use of our website more comfortable for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These will be deleted automatically after leaving our site.

In addition, we also use temporary cookies that are stored on your device for a specified period of time to optimize user friendliness. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for you for the purpose of optimising our offer (see Section 5). These cookies enable us to automatically recognize when you return to our site that you have already been with us. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies can prevent you from using all functions of our website.

Cookies used on Picrights Domains :

Domain	Cookie key	Type	Supplier	Expiration	Description
resolve.picrights.com	ASP.NET_SessionId	HTTP	PicRights	Session	General purpose platform session cookie, used by sites written with Miscrosoft .NET based technologies. Usually used to maintain an anonymised user session by the server.
history.picrights.com	ASP.NET_SessionId	HTTP	PicRights	Session	General purpose platform session cookie, used by sites written with Miscrosoft .NET based technologies. Usually used to maintain an anonymised user session by the server.
picrights.com	1.gif	Pixel	Cookiebot	Session	Used to count the number of sessions to the website, necessary for optimizing CMP product delivery.
picrights.com	CookieConsent	HTTP	Cookiebot	1 year	Stores the user’s cookie consent state for the current domain
picrights.com	rc::a	HTML	Google	Persistent	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
picrights.com	rc::c	HTML	Google	Session	This cookie is used to distinguish between humans and bots.
picrights.com	wpEmojiSettings Supports	HTML	PicRights	Session	This cookie is part of a bundle of cookies which serve the purpose of content delivery and presentation. The cookies keep the correct state of font, blog/picture sliders, color themes and other website settings.
picrights.global	No Cookies Used

h. SHARING OF DATA

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

• you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR,
• the disclosure pursuant to Art. 6 para. 1 sentence 1 of GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
• in the event that a legal obligation exists for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR,
• this is legally permissible and is necessary for the processing of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

We share your data with the following groups of people:

Service providers, in particular payment service providers, accounting service providers and debt collection service providers, lawyers, courts, bailiffs, debtors and former creditors.

The data that may be shared :

1. Name
2. Address
3. Email

Insofar as the transfer is necessary to assert, exercise or defend legal claims or to provide our contractually owed services, PicRights Europe GmbH also transfers personal data to third countries, Art. 49 para. 1 b), c) GDPR.
In the event that this constitutes, by the country of destination, an international transfer of data in accordance with applicable data protection legislation, we will take appropriate legal steps to ensure that this is done in accordance with relevant legislation and in a manner consistent with the privacy rights of users, pursuant to section V of this Terms.

If we commission third parties with the processing of data on the basis of an order processing contract, this is done on the basis of Art. 28 GDPR.

IV. WEB ANALYSIS SERVICES

a. Tracking Tools

The tracking measures listed below and may be used by us are carried out on the basis of Art. 6 para. 1 sentence 1 f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet requirements and is continually optimised. We also use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

b. Google Analytics

Google Analytics, a web analysis service of Google Inc., (https://www.google.de/intl/de/about/) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”).

When using Google Analytics, pseudonymised user profiles are created and cookies (see point 3) are used. The information generated by the cookie about your use of this website such as

• Browser type/version,
• the operating system used,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address),
• Time of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the internet for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).

We have a legitimate interest in the analysis, optimization and economic operation of our online offer; the legal basis for the use of Google Analytics is therefore Art. 6 Para. 1 lit. f. GDPR.

We have concluded a contract with Google regarding the processing of commissioned data and fully implement the strict requirements of the German data protection authorities for the use of Google Analytics.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. Disable Google Analytics

Google Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://support.google.com/analytics/answer/7105316?hl=en). Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

c. GOOGLE RE-MARKETING SERVICES

(“Google Marketing Services”) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, (“Google”) at https://www.picrights.com/.

The Google marketing services allow us to target ads for and on our site in order to present users only with ads that potentially match their interests. For example, if a user sees ads for products he has been interested in on other websites, this is referred to as “remarketing”. For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies).

This purpose constitutes a legitimate interest of PicRights Europe GmbH (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 letter f). GDPR.

Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visits, which contents he is interested in and which offers he has clicked on, furthermore technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer. The IP address of the users is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other signatory states of the European Economic Area Agreement and only in exceptional cases completely transmitted to a Google server in the USA and shortened there. The IP address is not combined with the user’s data within other Google offers. The above information may also be linked by Google to such information from other sources. If the user then visits other websites, ads tailored to his interests can be displayed.

Users’ data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process, for example, the names or email addresses of users, but processes the relevant data cookie-related within pseudonymous user profiles. This means from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

One of the Google marketing services we use is the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies cannot therefore be traced through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users.

These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the AdWords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain. Google’s privacy policy for conversion tracking can be found here (https://services.google.com/sitestats/de.html).

We can also use the “Google Tag Manager” to integrate and manage Google analysis and marketing services into our website.

Further information on Google’s use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, Google’s data protection declaration can be accessed at https://www.google.com/policies/privacy

If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

d. SOCIAL NETWORKS

1. Company pages

PicRights Europe GmbH maintains company sites on various social networks and platforms in order to make contact with customers, interested parties and users and for marketing purposes. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services.

If user data is processed by the platform operators outside the EU, this can entail risks, e.g. the enforcement of user rights can be made more difficult. PicRights Europe GmbH generally only works with providers that are certified under the privacy shield. These providers undertake to comply with EU data protection standards.

The user data collected on the platforms is regularly processed for advertising and market research purposes. Thus, for example, user profiles are created on the basis of user behaviour and the resulting interests of the user. These usage profiles make it possible, for example, to place advertisements tailored to the presumed interests of the user inside and outside the platform. For this purpose, cookies are stored on the user’s computer, which provide information about the user’s behaviour and thus the user’s interests. In addition, data can also be stored in the user profiles that are independent of the devices used by the users, for example if you are a member of the relevant platforms and are logged in to them.

Pursuant to Art. 6 para. 1 lit. f. GDPR, your personal data is processed on the basis of our legitimate interests in effective communication with users or our legitimate interests in user information. If you are asked by the platform operator for consent to data processing, Art. 6 para. 1 lit. a., Art. 7 GDPR is the legal basis for processing.

Of course you can ask us for more information. Please note, however, that only the platform operator has access to your user data and can take the necessary measures and provide information, which is why it makes more sense to contact the platform operator directly.

You will find detailed information on data protection and possible objections in the information provided by the platform operators linked below.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,

Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000000TORzAAO&status=Active.

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy https://www.linkedin.com/legal/privacy-policy Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Policy/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

2. SOCIAL MEDIA PLUG-INS

We use social plug-ins from the social networks Facebook, Twitter and LinkedIn on our website on the basis of art. 6 par. 1 p. 1 lit. f GDPR on https://www.picrights.com/ to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by the respective provider. The integration of these plug-ins by us takes place in the way of the so-called two-click method around visitors of our web page in the best possible way to protect.

3. FACEBOOK

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) Social Plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). We use the “LIKE” or “PART” button. This is an offer from Facebook.
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website.

By integrating the plugins, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook account or are not currently logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plugins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook may use this information for the purposes of advertising, market research and demand-oriented design of Facebook pages. To this end, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to associate the information collected through our website with your Facebook account, you must log out of Facebook before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights and setting options for the protection of your privacy can be found in the data protection information (https://www.facebook.com/about/privacy/) of Facebook.

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). Privacy Policy: https://www.facebook.com/policy.php.

4. TWITTER

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) on our website (Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, (Twitter. You can recognize the Twitter plugins (tweet button) by the Twitter logo on our site. An overview of tweet buttons can be found here (https://about.twitter.com/resources/buttons).

When you access a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click the Twitter “tweet button” while logged into your Twitter account, you can link the contents of our pages on your Twitter profile. This allows Twitter to associate the visit of our pages with your user account. We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted or how it is used by Twitter.
If you do not want Twitter to associate your visit to our pages, please log out of your Twitter account.

Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization. For more information, please see Twitter’s privacy policy ((https://twitter.com/privacy).

5. Google Fonts

We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy:

https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

6. LinkedIn

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) on our website functions and contents of the LinkedIn service, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.

This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions.

If the users are members of the LinkedIn platform, LinkedIn can assign the call of the above contents and functions to the profiles of the users there. To prevent LinkedIn from associating your visit to our site with your LinkedIn account, you must log out of your LinkedIn account before visiting our site.

LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy. Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

7. Other services 

7.1 ReCaptcha 

On www.picrights.com we embed the function \”ReCaptcha\” of the service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com/recaptcha/ . Data processing is therefore carried out on the basis of a legitimate interest within the meaning of Art. 6 Para. 1 letter f. GDPR. Please also read our general information on cookies in section 3.

The use of Recaptcha prevents bots from entering data on our online offers. In order to verify that the website visitor is a human being, the behavior data of the user (e.g. mouse movements or queries) is evaluated in order to distinguish people from bots.

Google is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Privacy policy: https://policies.google.com/privacy

7.2 Cookiebot

On www.picrights.com we use the Cookiebot service of Cybot A/S Havnegade 39, 1058 Copenhagen, Denmark to save your cookie preference and only use cookies according to your choice. The data processing is therefore carried out on the basis of a legitimate interest within the meaning of Art. 6 Para. 1 lit. f. DSGVO. Please also read our general information on cookies in section 3.

If you consent to the use of cookies on one of our websites, the following data is automatically logged by Cybot:

 – Your IP number in anonymous form (the last three digits are set to ‘0’).

– Date and time of consent.

– User agent of your browser

– The URL from which the consent was given.

– An anonymous, random and encrypted key value.

The key and consent state is also stored in your browser in the first-party cookie “CookieConsent” so that the website can automatically read and respect the user’s consent for all subsequent page views and future user sessions for up to 12 months.

The key serves as proof of consent and to check whether the consent status stored in your browser is unchanged from the original consent to Cybot.

Cybot A/S Privacy Policy: https://www.cookiebot.com/de/privacy-policy/

8. RIGHTS OF THE PERSONS CONCERNED

You have the rights provided for in the GDPR and any other applicable legislation, inter alia:

1. to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
2. in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or complete personal data stored by us;
3. to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
4. in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
5. in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible;
6. in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future

7. To complain to a supervisory authority pursuant to Art. 77 GDPR, as further developed in section VIII of this Terms.

9. RIGHT TO OBJECT

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 letter f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

If you wish to exercise your right of revocation or objection, simply send an email to privacy@PicRights.com.

10. DATA SECURITY

1. Our website and the settlement portal meet the high requirements of the Payment Card Industry Data Security Standard (PCI) and are certified as such.
2. PicRights Europe GmbH uses technical and organizational security measures to protect your personal data managed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
3. For security reasons and to protect the transmission of confidential content, such as requests you send to PicRights Europe GmbH as the site operator, PicRights.com and/or resolve.picrights.com and/or history.picrights.com and/or picrights.global uses SSL encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
4. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

11. DURATION OF STORAGE

1. The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
2. Your data will be kept for three years after the termination of a user contract with PicRights Europe GmbH. After that time, PicRights Europe GmbH will check if your data is still needed or while there is any legitimate reason to do so.
3. Your data will be kept for three years after the prosecution of infringement at PicRights Europe GmbH. After that time, PicRights Europe GmbH will check if your data is still needed or while there is any legitimate reason to do so.
4. The personal data from the user interface of the contact form and those sent by email will be kept up to three years and which time it will be deleted.
5. Data collected by Googly Analytics when visiting the website is automatically deleted after a period of 14 months.
6. If your application for a position is rejected, the data you have submitted for application will automatically be deleted two months after notification of rejection. This does not apply if longer storage is necessary due to legal requirements (e.g. the burden of proof according to the General Equal Treatment Act) or if you have expressly agreed to longer storage in our database of interested parties.

12. CONSEQUENCES OF FAILURE TO PROVIDE DATA

There are no legal or contractual obligations for the provision of personal data to PicRights Europe GmbH. The specification of your first and last name, email address, postal address, bank details and your tax number when concluding a license, settlement, usage or agency agreement is mandatory for the conclusion and execution of the agreement with PicRights Europe GmbH. If you do not provide this data, you will not be able to use PicRights Europe GmbH’s services or conclude contracts with PicRights Europe GmbH.

13. UP-TO-DATENESS AND AMENDMENT OF THIS DATA PROTECTION DECLARATION

1. This data protection declaration is currently valid and is effective.
2. Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can call up and print out the current data protection declaration at any time on the website under https://www.picrights.com/terms-and-conditions/.

A.INFORMATION PURSUANT TO ART. 13 GDPR FOR REGISTERED USERS

PicRights Europe GmbH (hereinafter PicRights Europe), is a company based in Switzerland with offices in the EU and is therefore obliged to inform you about the processing of your personal data in accordance with Art. 13 of the General Data Protection Regulation (GDPR). Personal data is all information relating to an identified or identifiable natural person. Data of legal entities are not subject to the scope of the GDPR.

I. IDENTITY OF THE CONTROLLER

PicRights Europe GmbH represented by the Managing Director Mr. Alfred Höfinger, Unterdorfstrasse 12, 8808 Pfäffikon SZ, Switzerland

II. CONTACT DETAILS OF THE DATA PROTECTION OFFICE

PicRights Europe GmbH
Unterdorfstrasse 12
8808 Pfäffikon SZ
Switzerland
Attention: Privacy Officer
By email: privacy@PicRights.com

III. PROCESSING PURPOSE AND LEGAL BASIS, LEGITIMATE INTEREST

The data processing takes place for the purpose of the fulfilment of the user contract and contract for the enforcement of rights between the customer and PicRights Europe GmbH. Your data will be processed in accordance with Art. 6 para. 1 lit. b GDPR.

IV. RECIPIENT

We transfer your data to the following categories of recipients, insofar as this is necessary to fulfil the contract: service providers, in particular shipping, printing and accounting service providers, banks or payment service providers, IT service providers, third-party debtors, courts, bailiffs, lawyers and cooperation partners for domestic and cross-border debt collection.

V. TRANSFER TO THIRD COUNTRIES

PicRights shares personal data within its Group or with third-parties for purposes described in this Privacy Notice, as far as the transfer is necessary for asserting, exercising or defending legal claims, PicRights Europe GmbH may also transfer personal data to third countries.

Picrights will only send personal data collected within the European Economic Area (EEA) to foreign countries in circumstances such as:

• To follow your instructions;
• To comply with a legal duty; or
• To work with our agents and advisers who we use to help run our business and services.

The specific third countries to which your personal data may be transferred will depend on the nature of our services and operations. These may include, but are not limited to, the United States, Canada, Israel and countries within the European Economic Area (EEA), or other locations where our service providers or partners maintain operations.  In the event that this constitutes, by the country of destination, an international transfer of data in accordance with applicable data protection legislation, we will make sure that it is protected in the same way as if it was being used in the EEA, using any of the safeguards provided for in the GDPR.

VI. DURATION OF STORAGE

After termination of the user contract concluded with PicRights Europe GmbH, PicRights Europe will check after three years of the termination of the contract whether or not we still need your data or whether we are opposed to deletion of legal storage obligations. The periods begin at the end of the year in which the contract was terminated.

VII. RIGHTS OF THE DATA SUBJECT

Should PicRights Europe GmbH have collected personal data from you, you have the following rights under Articles 15 to 22 GDPR if the following legal conditions are met: right to information, correction, deletion, restriction of processing and data transferability. Furthermore, according to Art. 14 para. 2 lit. c in conjunction with Art. 21 GDPR, you have a right of objection to the processing based on Art. 6 para. 1 lit. f GDPR.

VIII. COMPLAINTS TO THE SUPERVISORY AUTHORITY AND RIGHT TO LODGE A COMPLAINT

Under Article 77 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful, such authorities can be but not limited to :

www.privacy.gov.au – Website of the Australian federal privacy commissioner.
www.privacycommission.be – Website of the Belgian data protection agency.
www.cpdp.bg – Website of the Bulgarian data protection authority.
www.priv.gc.ca – Website of the Privacy Commissioner of Canada.
www.azop.hr – Website of the Croatian personal data protection agency.
www.uoou.cz – Website of the Czech office for personal data protection.
www.aki.ee – Website of the Estonian data protection agency.
www.cnil.fr – Website of the French data protection agency.
www.dataprotection.ie – Website of the data protection commissioner of the Republic of Ireland.
www.garanteprivacy.it – Website of the Italian data protection agency.
www.dvi.gov.lv – Website of the Latvian data protection agency.
www.ada.lt – Website of the Lithuanian data protection agency.
www.dataprotection.gov.mt – Website of data protection commission of the republic of Malta.
www.giodo.gov.pl – Website of the Polish Inspector General for the Protection of Personal Data.
www.dataprotection.ro – Website of the Romanian national authority for the supervision of personal data processing.
www.dataprotection.gov.sk – Website of the Slovakian data protection authority.
www.ip-rs.si – Website of the Slovenian information commissioner.
www.agpd.es – Website of the Spanish data protection agency.
www.ico.gov.uk – Website of the British Information Commissioner.

IX. OBLIGATION TO PROVIDE PERSONAL DATA

The personal data processed by us is necessary for the fulfilment of the contract, in particular for the enforcement of claims and for invoicing. There is no contractual or legal obligation to provide the data. Without the personal data, however, the execution of the contract will not be possible.

INFORMATION PURSUANT TO ART. 13, 14 GDPR FOR IMAGE USERS

PicRights Europe GmbH (hereinafter PicRights Europe), as a company with offices and branches in the EU, is obliged to inform you about the processing of your personal data in accordance with Art. 14 of the General Data Protection Regulation (GDPR). Personal data is all information relating to an identified or identifiable natural person. Data of legal entities are not subject to the scope of the GDPR.

X. IDENTITY OF THE CONTROLLER

PicRights Europe GmbH represented by the Managing Director Mr. Alfred Höfinger, Unterdorfstrasse 12, 8808 Pfäffikon SZ, Switzerland

Contact details of the data protection officer

PicRights Europe GmbH
Unterdorfstrasse 12
8808 Pfäffikon SZ
Switzerland
Attention: Privacy Officer
By email: privacy@PicRights.com

XI. PROCESSING PURPOSE AND LEGAL BASIS, LEGITIMATE INTEREST

The data is processed for the purpose of clarifying the legal situation (authorisation request), offering a subsequent license or for legal prosecution and receivables management. According to Art. 6 Para. 1 lit. f GDPR, the processing of your data is necessary to protect our legitimate interests or those of a third party and to verify the existence and if necessary the enforcement of a legal claim for damages. This constitutes PicRights Europe GmbH’s legitimate interest.

XII. DATA CATEGORIES AND DATA ORIGIN

We process the following categories of data: master data, communication data, receivable data and, where applicable, payment information. We collect the data via freely accessible sources, i.e. from the website where we have established a possible infringement of copyright law, from the WhoIs data of the aforementioned website, yellow pages, commercial registers etc. In some instances the data is provided to us by our clients.

XIII. RECIPIENT

Within the scope of the post-licensing process or the enforcement of claims for damages, PicRights Europe GmbH may transfer your data to our clients and, if necessary, the following categories of recipients, insofar as this is necessary for the enforcement of claims: credit agencies, service providers, in particular shipping and collection service providers, third-party debtors, residents’ registration offices, courts, bailiffs, lawyers.

XIV. DURATION OF STORAGE

Your data will be kept for three years after the acquisition of a subsequent license, payment for past usage, payment of damages or other termination of the case at PicRights Europe GmbH. After that time, PicRights will check if your data is still needed or whether or not there is any legitimate reason to do so.

XV. RIGHTS OF THE DATA SUBJECT

If PicRights has collected personal data from you, you have the following rights under Articles 15 to 22 GDPR if the legal conditions are met: right to information, correction, deletion, restriction of processing and data transferability. Furthermore, according to Art. 14 para. 2 lit. c in conjunction with Art. 21 GDPR, you have a right of objection to the processing based on Art. 6 para. 1 lit. f GDPR.

Date of Data Privacy Statement
March 2024