With our app you can design and order photo books with your smartphone. We want to offer you maximum data protection and transparency. We and our production partners along the entire production chain handle your photos and personal data carefully and professionally at all times. The storage period of your data is limited to an absolute minimum, a "secret" use or passing on of your data for other than contractual purposes is excluded.
In the following, we would like to inform you about what data is involved, how it is processed and what rights you are entitled to. If you have any questions, you can contact our data protection officer at any time at:
Many thanks for your trust!
1. The name and contact details of the controller and the Data Protection Officer
pappzarapp Ojala & Sachsendruck GbR
℅ SPACE M, Motzstraße 5
10777 Berlin, Germany
2. Usage data
When you download the App, information is transmitted to the App Store of your choice, in particular the user name, the e-mail address, the customer number of your account, the time of the download or the individual device identification number can be processed. We have no influence on this data processing. The operator of the respective App Store is responsible.
When using our App, certain data is collected to enable the usability of the functions provided and to guarantee the security and stability of the app, Art. 6 para. 1 sentence 1 lit. f DS-GVO. This includes the IP address, the device type, the time of access and the operating system used.
3. Customer account
To be able to process and send your order, a customer account will be created for you. For this purpose, it is necessary to enter certain personal contact data, such as name, address and e-mail address. The legal basis for this is Art. 6 para. 1 S. 1 lit. b DS-GVO. All customer data will be deleted at the latest after the expiry of existing warranty obligations, except for data that we are required to retain by law (e.g. according to AO or HGB).
This legal obligation to retain data in accordance with Art. 6 para. 1 S. 1 lit. c DS-GVO applies in particular to order and payment data. Processing for other purposes is excluded. You can of course have your customer account deactivated by us at any time or correct entries yourself.
Your access to the customer account is always via an encrypted connection.
To be able to design your cardboard book with our app, it is necessary that you give the app access to your photo files. Of course, any access without your knowledge and approval is excluded.
To use our book templates and the configurator, an internet connection is required. For this purpose, the app needs the authorisation for internet access.
After you have designed your cardboard book, the selected image files including the configured product templates will be transferred via an encrypted connection.
5. Place and security of processing
To ensure the highest level of data security, the generated print data and all customer data are stored on an encrypted server here in Berlin:
- Pinguin Druck GmbH, 10405 Berlin
For the presentation of our application (product images, templates) as well as the creation of the print template, we use cloud service providers who comply with the strict requirements of the European data protection law. This is secured by corresponding contracts for order processing. The data processing takes place exclusively within the European Union:
- Amazon AWS, Availibility Zone Frankfurt am Main
- Microsoft Azure, Availibility Zone Niederlande
Both cloud service providers are certified according to the ISO/IEC 27001:2013 security standard. All connections between the app and the servers are encrypted with TLS 1.3.
6. Duration of processing
The usage data (server log files) are stored separately from all other personal data provided for 7 days and then deleted.
To ensure maximum data protection, the transmitted image files are also automatically deleted after 7 days.
The prepared print data are stored for 5 months in order to comply with our legal warranty obligations in the event of a complaint, Art. 6 Para. 1 S. 1 lit. b DS-GVO. Afterwards they will also be deleted.
Only on your device in the app we store the contents of the shopping basket for 30 days. Afterwards, this will also be deleted.
7. Order processing
As several printers work together to print your paperback, it is necessary to pass on personal data to third parties. The commissioned companies are carefully selected and are bound to data secrecy. Through appropriate contracts for order processing, we ensure that your data is deleted immediately after service provision. Processing of your data for other than contractual purposes is excluded.
- Dürmeyer Print Media GmbH, 20539 Hamburg
- SDP Sachsendruck GmbH, 08525 Plauen
8. Payment service provider PayPal PLUS
As part of the payment process, certain personal customer data collected during the ordering process will be transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
The data in question are as follows: First and last name, address, e-mail address and data related to the order, such as the contents of the shopping basket and the invoice amount. This transmission is necessary to process your order with the payment method you have chosen, in particular to confirm your identity and to ensure rapid payment processing, Art. 6 para. 1 lit. b DS-GVO.
Depending on the method of payment selected via PayPal (e.g. invoice or direct debit), PayPal may transfer personal data to credit agencies in order to carry out identity or credit checks.
9. Your rights as a data subject of data processing
9.1. Right to withdraw a declaration of consent under data protection law
If the processing of personal data is based on a granted consent, you have the right to revoke this consent at any time (Art. 7 Abs. 3 DS-GVO).
9.2. Right to information (Art. 15 DS-GVO)
You have the right to be informed about which of your personal data is processed.
9.3. Right of rectification (Art. 16 DS-GVO)
You have the right to ask us to correct your personal data if it is incorrect.
9.4. Right of cancellation (Art. 17 DS-GVO)
If personal data was collected unlawfully or is no longer necessary for the purpose for which it was collected, you have the right to request its deletion.
9.5. Right to restrict processing (Art. 18 DS-GVO)
Under certain conditions, you have the right to request that the processing be restricted.
9.6. Right to data transferability (Art. 20 DS-GVO)
You may have the right to receive your personal data in a structured, common, machine-readable format and to request its transfer to another responsible party.
9.7. Right of objection in special cases (Art. 21 DS-GVO)
If the processing is carried out in the light of a balancing of interests or in the performance of a task carried out in the public interest, you can object to this processing. The same applies if personal data are processed for the purposes of direct marketing or profiling, insofar as it is related to such direct marketing.
9.8. Right of appeal to the supervisory authority
In accordance with Art. 77 DS-GVO, you have the right to appeal to a supervisory authority if you believe that the processing of your personal data violates data protection regulations.