Privacy policy

The e-shop Little Fotografie the website, based in Mannheim, processes personal data provided by the customer during the fulfillment and confirmation of the General Terms and Conditions, as well as electronic orders and necessary communication for the period specified by law.

General Provisions

  1. The controller of personal data, according to the GDPR (hereinafter referred to as the "Regulation"), with its registered office in Mannheim (hereinafter referred to as the "Controller");

  2. The contact details of the Controller are as follows: Email:

  3. Personal data includes all information relating to an identified or identifiable natural person.

Source of Personal Data

  1. The Controller processes personal data provided by the customer with the customer's consent through the purchase contract and the fulfillment of the electronic order on the e-shop;

  2. The Controller processes only the customer's contact information and identification data necessary for the fulfillment of the purchase contract;

  3. The Controller processes personal data for delivery and administrative purposes, as well as necessary communication between the contractual parties during the duration specified by law. Personal data is not made public and is not transferred to other countries.

Purpose of Data Processing

The Controller processes the customer's personal data for the following purposes:

  1. Registration on the website in accordance with Chapter 4, Section 2 of the GDPR;

  2. To fulfill the electronic order submitted by the customer (name, address, email, telephone);

  3. To comply with laws and applicable regulations between the customer and the Controller in the business relationship;

  4. Personal data is necessary for the fulfillment of the purchase contract. The contract cannot be concluded without personal data.

Duration of Personal Data Storage

  1. The Controller stores personal data for the necessary period to fulfill the rights and obligations arising from the contractual relationship between the Controller and the customer, as well as for a period of three years after the conclusion of the contractual relationship;

  2. The Controller must delete all personal data after the specified data storage period has expired.

Recipients and Processors of Personal Data

Third parties processing personal data of customers are subcontractors of the Controller. The service of the subcontractor is essential for the successful fulfillment of the purchase contract and the processing of the electronic order between the Controller and the customer.

The subcontractors of the Controller are:

Webnode AG (E-shop System);

Shipping companies;

Google Analytics (Website analysis);

Customer's Rights

According to the Regulation, the customer has the right to:

  1. Access personal data;

  2. Rectify personal data;

  3. Delete personal data;

  4. Object to the processing of personal data;

  5. Data portability;

  6. Withdraw consent for the processing of personal data by sending an email to:

  7. File a complaint with the supervisory authority in case of suspected Regulation violations.

Security of Personal Data

  1. The Controller undertakes to take all technical and organizational measures to protect personal data;

  2. The Controller has taken technical precautions to protect data storage. This includes securing computer access with a password, using antivirus software, and regularly maintaining the computer.

Final Provision

  1. By placing an electronic order on the website, the customer confirms being informed of the conditions for the protection of personal data and fully accepts them;

  2. The customer accepts these rules by checking the checkbox in the purchase form;

  3. The Controller may update these rules at any time. The new updated version must be published on its website.

These rules enter into force on September 19, 2020.