The data controller responsible for the processing of your personal data when using our services within the meaning of Article 4 (7) of the GDPR is:
Data protection officer (Franziska Uhlmann): firstname.lastname@example.org
“Personal data” within the meaning of Article 4 (1) of the GDPR is: “... any information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is considered as being identifiable, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.”
We collect and process your personal data for the purpose of providing you with our services and their advanced features, continuously improving and developing them, ensuring their technical functionality and ensuring the security of our services.
You are a “creator” if you want to share your content with us within the community (community account) or if you also want to offer it for licensing (Market account).
To set up a community member account, we need:
If you register with us via a social network like Facebook, Inc. or Google, Inc., please read section 4.3 (a), since in this case we do not collect your data directly from you, but from a third party – namely the respective social network.
Market account (as Market):
For the activation of your Market account in order to offer your content for licensing, we need the following additional information:
Providing the above information about you is required. Otherwise, we cannot create the respective user account for you and cannot process any transactions for you (e.g. licensing of your content, payouts).
We use this data:
Storage time: In principle, we only store this data until the deletion of your user account. If you have sold a license to your content, your data will also be archived for the duration of the statutory retention periods (tax-related, e.g. 10 years).
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) (b) GDPR) or your consent (Art. 6 (1) (a) GDPR) as far as it is necessary and you have given it to us (e.g. for the newsletter).
If you would like to purchase licenses for the use of content available at EyeEm Market, we request you to provide the following information to create your user account and to carry out the requested transactions:
Providing this information is necessary to create the respective user account for you and to conduct transactions with you and to grant you licenses according to our License Terms.
We use this data:
Storage time: We usually store this data in our active storage only until your user account is deleted and pending transactions are completed. Following this, we will archive the data for the duration of the statutory retention periods (tax-related, e.g. 10 years).
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) (b) GDPR) or your consent (Art. 6 (1) lit.a GDPR) insofar as it is required and you have given it to us (e.g. for the newsletter).
If you have a Community Account, you can voluntarily provide additional profile information in your profile to make it more meaningful. For example, you can:
We use this data to make it visible in your profile to other users.
Storage time: As a rule, we only save this data until your user account has been deleted and pending transactions have been completed.
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) lit.b GDPR).
When you have registered as a Creator, you can upload content to EyeEm via our website or app.
When you would like to upload content to EyeEm via the app, you must first give EyeEm access to your media library (i.e. Camera Roll or Photo Albums) on your mobile device. With this permission, we will display the folders and photos available in your media library from which you can select photos and upload them to your profile (Community or Market). In addition, the "Suggestions" tab within the upload process will show you the photos that you have either already liked in your media library (“Favorites”) or edited in other photo related apps (e.g. VSCO, Snapseed, Lightroom, Instagram, Flickr, etc.) and that also have a minimum size of 4 million pixels.
With this function we want to make it possible for you to quickly find and upload suitable photos for the EyeEm Market from the abundance of content in your media library. This pre-selection takes place automatically and exclusively on your mobile device. Beyond the purpose of a preselection of your photos, we do not process or store your photos or any other data that may be contained in your photos or media library before you select a photo and start to upload it. You can revoke your consent to access your media library at any time in the privacy settings of your mobile device. Without this consent you cannot upload pictures to the app, but you can still use other functions of the app (e.g. discover pictures of selected photographers, read articles in the EyeEm magazine).
When you upload content, we also process the information contained in the metadata of such content (so- called exif data), such as the date, time and location of the shot, camera type, shutter speed, etc., as well as any additional information you provide about the content (e.g. tags, captions). We only collect and process information about the location of the photograph or recording if this information is already included in the metadata, if this information is derived from the content (e.g. for sights, landmarks) or if you add the location yourself when uploading.
We use this data to provide our services, in particular to optimize the quality and sales opportunities of your content.
Storage time: We usually store any metadata only until your user account is deleted and pending transactions are completed. When you use the “Suggested” feature we do not store any personal information. The feature runs completely on your mobile device.
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) (b) GDPR) or your consent (Art. 6 (1) lit.a GDPR), as applicable.
When you contact our support team or Data Protection Officer, we will save your email address and any other information that you provide in the context of your request.
The data will be stored and used exclusively for the processing of your respective request and any subsequent correspondence.
Storage time: The data is stored up to six (6) months after the completion of your request with us and then deleted as far as this concerns personal data.
Legal basis: The legal basis for this processing of your personal data is the fulfilment or initiation of a contract between you and us (Art. 6 (1) (b) GDPR). In case of data protection inquiries, the storage serves as proof of fulfilment of our data protection obligations (e.g. for information, correction or deletion).
When you send us inquiries via our contact form or via email, we will save:
We use this data to answer your inquiries and to contact you regarding possible cooperations or information of events.
Storage time: We store this data until six (6) months after the completion of your inquiry with us and then delete it unless you expressly agree that we may keep it longer.
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) (b) GDPR).
When you register for our newsletters or email updates, we will save:
We use your email address to first verify your subscription (double opt-in) and then to send you the respective newsletter or community updates via email. Community updates may include community newsletters, relevant press releases, information regarding new events, competitions and brand partnerships, announcements on Missions, specific community events and feature updates.
Storage time: Your email address will be deleted as soon as you unsubscribe from the respective newsletter or community update.
Legal basis: The legal basis for this processing of your personal data is your consent (Art. 6 (1) (a) GDPR), which you provide to us with your request to receive our newsletter.
When you register for our press mailing list, we will save:
We use your email address to verify your subscription (double opt-in) and to send you press releases, event information and invitations.
Storage time: Your email address will be deleted as soon as you unsubscribe from the mailing list.
Legal basis: The legal basis for this processing of your personal data is your consent (Art. 6 (1) (a) GDPR), which you provide to us with your request to register for the mailing list.
When you provide us with a model or property release for the release of photographs or recordings of you, your private rooms, your works or other property rights to which you are entitled, we will store the personal data as stated in the respective release form, namely:
Providing this information is necessary in order to prove to third parties that you agree that the content depicting you or your property can be used commercially.
We only disclose the information to our distribution partners (by sending them the entire release document) and, if necessary, to the specific licensee. For more information, please see section 5.2.
Storage time: We store the releases as long as your content is available at EyeEm Market , in the case of a license sale of such content, we also store the respective release(s) beyond this period for the duration of possible legal claims in order to be able to prove our authorization to license the content commercially. The same applies to the third party to whom we may pass on such releases.
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) (b) GDPR) or your consent (Art. 6 (1) (a) GDPR) that you expressly confirm with us in the respective release.
Log data is data that is automatically recorded when you visit our website(s) or use our app. Specifically, this is the following data:
We use this data solely for troubleshooting and quality-assurance purposes, for statistical and analytical purposes, and for monitoring system security.
When you share your location data in your device settings, we process that data to suggest locations for tagging your content and to display nearby recorded content in our discover feed.
For our service to work properly, we sometimes store small files – called cookies – on your device. This is common on most major websites.
A cookie is a small text file that leaves a web portal on your device (computer, tablet or smartphone) when you visit it. This allows the portal to “remember” certain inputs and settings (e.g., login, language, font size, and other display preferences) over a period of time, and you do not need to re-enter them each time you visit and navigate the portal.
You can control and/or delete cookies at your convenience. You can find out how to do this in the help function of the browser you are using or, for example, here: aboutcookies.org. You can delete all cookies stored on your device and set most browsers to prevent the storage of cookies, but then you may be required to make some settings manually each time you visit a page and accept the impairment of some features.
On our website we use the following cookies:
With your explicit consent (in the cookies banner displayed on our website) we use the following cookies:
The cookies are not used for any purposes other than those mentioned above. After having given your consent you can opt-out of each cookie category (except strictly necessary cookies) in the “cookie settings” of your account. The cookie customization settings are provided by the service provider OneTrust.
(iv) Cookies and similar third-party technologies
Provision of our services
- Google Analytics
You may prevent the collection of cookie-generated data about your use of the website (including IP address) and its processing by Google by downloading and installing the following browser plug-in via the link below: http://tools.google.com/dlpage/gaoptout?hl=de
- Crashlytics Firebase
We have integrated the analysis service Crashlytics, a service of Google Inc. into our app. Crashlytics collects information for us on how and under what circumstances the app crashes. The service therefore searches for crashes of the app, analyzes the collected data and provides us with reports. The collected data includes the device type, the version of the operating system and certain data on the hardware of your mobile device and the time of the crash, as well as your user ID and device ID. This information indicates how the app was working at the time of the crash. Crashlytics does not receive information that can identify you as a person. You can find out more about how Crashlytics works at: https://firebase.google.com/products/crashlytics
We use so-called AdServers and their tracking tools to measure, optimize, and track clicks on our ads which we position on other sites. This process is used to evaluate the effectiveness of ads for statistical and market research purposes and may help optimize future advertising efforts. If you submit personal data via an ad-form (e.g. your name and email address), such information will be transferred to EyeEm and stored in Hubspot, a service used for client management. If you are already registered with EyeEm (Buyer Account), your user ID will be linked to the data collected in an ad-form.
In all other cases, we only receive statistical pseudonymous data without reference to a specific person. Such data is stored in a cookie. In connection with the display of ads, third-party servers are necessarily contacted directly when using EyeEm. The third-party providers themselves are responsible for the privacy- compliant operation of the IT systems they use and the storage duration.
Here you will find more information about the tracking pixels we use and their data processing:
- Facebook Pixel
We use the "conversion pixel" of Facebook Inc. By calling this pixel from your browser, Facebook can then determine whether a Facebook ad was successful. In particular, if you are registered with Facebook, we refer you to their privacy information at https://www.facebook.com/about/privacy/. To change your consent please go to www.facebook.com/settings?tab=ads - LinkedIn
- Google Ads
Our online service uses the Floodlight service, a conversion tracking system from Google Inc. For more information about Google Floodlight, please visit: www.support.google.com. You can install the plug-in offered at https://www.google.com/settings/u/0/ads/plugin?hl=en to object to the analysis of the data described above with effect for the future.
- Google Tag Manager
Our website uses the Google Tag Manager for the purpose of controlling the above-mentioned tracking tools and thus enabling personalised, interest- and location-related online advertising. Here is the link to opt-out: https://adssettings.google.com/authenticated.
When you register with us through Facebook, Inc. or Google, Inc., we will receive the authentication information required for your registration, i.e.:
We use all of this information only to the same extent as the data that you provide when registering through our app or website.
If you log in via the app, the data transmitted to us will also be used to help you find your Facebook / Google+ friends or be found by them, as long as they have also linked their account to the respective services.
We will only disclose your personal information to third parties (including processors, i.e. third parties who process data for us on our behalf) if the transfer is necessary to fulfill our contractual obligations to you, if we are otherwise legally entitled or obliged to disclose it, or if you have given us consent to do so. In order to provide our services, selected personal information may be shared with certain departments within our company. This includes employees from the accounting, legal, product management, marketing and IT departments. In certain cases, we also use external service providers who are commissioned by us to process data for us in accordance with instructions (see below).
To the extent that your information is disclosed to third parties which are not located in an EEA country, we will ensure that the recipient has an adequate level of data protection, that adequate confidentiality provisions in the applicable contracts are maintained, that the standard contractual clauses for the transfer of personal information to processors issued by the European Commission are complied with, or that we obtain your consent.
Other users of our services, whether registered or not, or those accessing the content uploaded to EyeEm through a so-called API (Application Programming Interface), may be shown any information displayed on your public EyeEm profile (not your email address).
We will pass your names and/or usernames for the purpose of naming and identifying the copyright owner, to all who acquire use licenses for your content as well as our partners who market your content abroad. At the latest at their request, they also receive model releases and property releases for the purpose of proving the consent of the persons depicted or the persons entitled to the objects depicted. You agree with this transfer of data if you send us the respective model release or property release.
We also share your information with companies whose services we use to provide our services and manage our business affairs. In particular, the following services are provided to us by contractors we use: Payment services, hosting services, newsletter delivery, maintenance and support, web/app analysis, fraud monitoring and prevention, marketing services, CRM services, customer service management services, geodata transformation into actual locations, etc. Such service providers will be contractually obliged by us to process your data in accordance with the strict guidelines of the GDPR and may not use your data for any other purpose. Data will be disclosed in accordance with Art. 28 (1) GDPR or, alternatively, in accordance with our legitimate interest in the economic and technical benefits of using specialist processors, Art. 6 (1) lit. f GDPR.
Insofar as we are legally obliged to do so or this is permitted under data protection law, we transmit personal data to authorities such as the police or the public prosecutor's office (Art. 6 (1) lit. c GDPR). This data is disclosed on the basis of our legitimate interest in combating misuse, prosecuting criminal offences (e.g. credit card fraud) and securing, asserting and enforcing claims, provided that your rights and interests in the protection of your personal data do not predominate, Art. 6 (1) lit. f GDPR.
We may share your personal information with our affiliates (EyeEm Group GmbH, EyeEm Inc.) if necessary to provide our services.
In addition to the ability to exercise control over your personal information and other data by changing your information and settings in your user account and, if necessary, creating links to third-party applications such as Facebook or Google, allowing or blocking cookies, or making do-not-track settings in your browser, you have the following legally protected rights. We offer you communications and measures in this respect in principle free of charge. However, in the case of manifestly unfounded or excessive requests, especially in the case of frequent repetition, we may levy a fee or refuse to act.
You have the right at any time to request information about what personal data we process about you and to demand correction, deletion and/or restriction of your personal data stored by us. For your security, we will ask you to verify your details in the event of such a request or change. Please send us a message at: email@example.com.
If the data processing by us is based on your consent, you can revoke this consent at any time. To revoke your consent, please send us a message at: firstname.lastname@example.org.
If applicable, you have the right to demand that we provide you with your personal data in a structured, common and machine-readable format, provided that the data processing is based on your consent or a contract between us or is carried out by automated means. However, this does not apply if the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the data controller. Furthermore, you have the right to have the personal data transferred directly from one responsible person to another responsible person, as far as this is technically feasible and as long as the rights and freedoms of other persons are not affected.
You also have the right to lodge a complaint about us with our regulatory authority.
We have made technical and organizational arrangements to secure the website, mobile applications and other systems against loss, destruction, access, modification or disclosure of your personal data. Access to your profile is only possible after entering a password. You should always treat access information confidentially and close the browser window as soon as the connection with EyeEm is finished.
10 July 2020