Privacy Policy.

We’re happy to have you visit our website. At Arani Photography, protecting your personal data is of the highest priority. While you can use our website without providing personal information, certain services may require us to process personal data. When necessary, we will obtain your consent for such processing.

The processing of personal data, such as your name, email address, and phone number, will always comply with the General Data Protection Regulation (GDPR) and any applicable local data protection laws. This privacy policy aims to inform you about how we collect, use, and process your data, as well as the rights you have regarding your personal information.

We have implemented technical and organizational measures to ensure your data is well protected, but please be aware that no online transmission is 100% secure. If you prefer, you can contact us directly by phone to share any personal data.

1. Definitions

Our privacy policy is based on terms defined by the European legislator for the adoption of the General Data Protection Regulation (GDPR). We aim for this privacy policy to be clear and understandable for the general public, as well as our clients and business partners. To achieve this, we’ll begin by explaining some of the key terms used in this policy.

In this privacy policy, we use, among others, the following terms:

a) Personal data
Personal data refers to any information that can be related to an identified or identifiable individual (“data subject”). An identifiable individual is one who can be identified directly or indirectly, particularly by reference to identifiers such as a name, an identification number, location data, an online identifier, or factors specific to the person's identity, such as physical, physiological, genetic, mental, economic, cultural, or social aspects.

b) Data subject
The data subject is any identified or identifiable person whose personal data is processed by the entity responsible for processing.

c) Processing
Processing refers to any operation or set of operations performed on personal data, whether automated or not. This can include activities such as collecting, recording, organizing, structuring, storing, altering, retrieving, consulting, using, disclosing, transmitting, disseminating, aligning, restricting, erasing, or destroying personal data.

d) Restriction of processing
Restriction of processing means marking stored personal data to limit future processing.

e) Profiling
Profiling is any form of automated processing of personal data that evaluates certain aspects of a person, such as their work performance, economic situation, health, personal preferences, behavior, location, or movements.

f) Pseudonymisation
Pseudonymisation is the process of handling personal data in a way that it can no longer be attributed to a specific individual without additional information. This additional information is kept separate and protected with technical and organizational measures to ensure the data remains anonymous.

g) Controller
The controller is the individual or organization that determines the purposes and means of processing personal data. This entity is responsible for ensuring the data is processed in compliance with applicable data protection laws.

h) Processor
The processor is the entity that processes personal data on behalf of the controller.

i) Recipient
A recipient is a person or organization to whom personal data is disclosed, whether a third party or not. However, public authorities receiving personal data in the course of legal inquiries are not considered recipients.

j) Third party
A third party refers to any individual or entity, public authority, agency, or body other than the data subject, controller, processor, or authorized persons under the direct authority of the controller or processor.

k) Consent
Consent is a freely given, specific, informed, and unambiguous indication of the data subject's wishes. It signifies agreement to the processing of personal data, either through a statement or a clear affirmative action.

2. Name and Address of the Controller

The controller responsible for data processing in accordance with the General Data Protection Regulation (GDPR), other applicable data protection laws in the Member States of the European Union, and other related provisions is:

Arani Photography
Arash Zare and Daniela Sentesch
Hiltenspergerstr. 44, 80796 Munich, Germany

Phone: +49 162 5988 577
Email: hello@araniphotography.com
Website: www.araniphotography.com

3. Cookies

The websites of Arani Photography use cookies. Cookies are text files that are stored on a computer system via an Internet browser.

Many websites and servers use cookies. A cookie often contains a so-called cookie ID, which is a unique identifier for the cookie. This ID is a character string that allows websites and servers to assign specific browsers to a particular cookie. This enables websites and servers to differentiate between individual browsers that contain different cookies, allowing a specific browser to be recognized and identified based on its unique cookie ID.

Through the use of cookies, Arani Photography can provide users of our website with more user-friendly services, which would not be possible without the cookie settings.

For example, cookies allow us to optimize the content and offers on our website according to the user’s preferences. They help recognize returning users, making it easier for them to navigate our site. For instance, if a user does not have to repeatedly enter login credentials because the website remembers them via cookies, the user experience is improved. Another example is how cookies can remember items added to a shopping cart on an e-commerce site.

At any time, the data subject can prevent the setting of cookies by adjusting the settings of the Internet browser used. Additionally, any cookies already set can be deleted via the browser or other software programs. This is possible in all popular browsers. If the data subject disables the use of cookies, some functionalities of our website may not be fully available.

4. Collection of General Data and Information

a) When Visiting the Website
When you visit our website https://araniphotography.com, your browser automatically sends certain information to our website’s server. This information is temporarily stored in what is known as a log file. The following data is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting device

  • Date and time of access

  • Name and URL of the accessed file

  • Website from which the request originated (referrer)

  • Browser type and version, your device’s operating system, and the name of your internet service provider

We process this data for the following purposes:

  • Ensuring a smooth connection to the website

  • Ensuring convenient use of our website

  • Evaluating system security and stability

  • Other administrative purposes

The legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above. Under no circumstances do we use the collected data to draw conclusions about your identity.

In addition, we use cookies and analytics tools when you visit our website. Further details can be found in sections 4 and 5 of this privacy policy.

b) When Using Our Contact Form
If you have any questions, we offer you the opportunity to contact us via a form provided on the website. Providing a valid email address is required so that we know who the inquiry is from and can respond accordingly. Any additional information you provide is voluntary.

The data processing for the purpose of contacting us is based on your voluntarily given consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. The personal data collected for the use of the contact form will be automatically deleted once your inquiry has been processed.

c) When Entering into a Contract
When entering into a contract with us, we collect the following data:

  • Name

  • Home address

  • Billing address (if applicable)

  • Email address

Optional Information:

  • Phone number (if voluntarily provided)

The data collection for the purpose of contract fulfillment is carried out based on Art. 6 (1) sentence 1 lit. b GDPR on a legal basis. This data is stored as long as necessary to fulfill contractual obligations or as legally required. If you have voluntarily provided your phone number, this data is processed based on your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR and will be deleted upon withdrawal of your consent.

5. Disclosure of Data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal data with third parties if:

  • You have given your explicit consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR;

  • The disclosure is necessary for the establishment, exercise, or defense of legal claims in accordance with Art. 6 (1) sentence 1 lit. f GDPR, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data;

  • There is a legal obligation for the disclosure in accordance with Art. 6 (1) sentence 1 lit. c GDPR; or

  • The disclosure is legally permissible and required for the performance of a contractual relationship with you in accordance with Art. 6 (1) sentence 1 lit. b GDPR.

6. Routine Erasure and Blocking of Personal Data

We, as the data controller, will process and store the personal data of the data subject only for as long as necessary to achieve the purpose for which the data was collected, or as long as permitted by applicable laws or regulations.

Once the purpose for storage is no longer applicable, or if a storage period prescribed by law expires, the personal data will be routinely blocked or erased in compliance with legal requirements.

7. Rights of the data subject

This section outlines the rights of the data subject under the General Data Protection Regulation (GDPR). Here’s a summary of the key rights:

  1. Article 15 – Right of Access

    • This gives individuals the right to access their personal data, including information about how it's being processed, the purpose of the processing, and how long the data will be stored.

  2. Article 16 – Right to Rectification

    • This allows individuals to request correction or completion of their personal data if it's inaccurate or incomplete.

  3. Article 17 – Right to Erasure (Right to be Forgotten)

    • This gives individuals the right to have their personal data erased under certain conditions, such as when it's no longer needed for the purpose it was collected.

  4. Article 18 – Right to Restriction of Processing

    • This allows individuals to request the restriction of processing of their personal data in certain situations, for example, when the accuracy of the data is contested.

  5. Article 20 – Right to Data Portability

    • This allows individuals to request their data in a structured, commonly used, and machine-readable format, and to transfer it to another controller.

  6. Article 21 – Right to Object

    • This allows individuals to object to the processing of their personal data, including for direct marketing purposes.

  7. Article 22 – Automated individual decision-making, including profiling

    • This gives individuals the right to object to decisions based solely on automated processing, including profiling, that significantly affects them.

Additionally, if Facebook integration or other third-party features are involved, it’s also important to reference the appropriate articles on consent (Article 6) and legitimate interests (Article 7), since these might affect how user data is collected and used.

8. Analysis Tools

a) Tracking Tools

The tracking measures listed below, which we use, are carried out based on Art. 6 (1) sentence 1 lit. f GDPR. With the tracking measures employed, we aim to ensure the website is tailored to user needs and continuously optimized. Additionally, we use these tracking measures to statistically capture the use of our website and evaluate the data for optimizing our offerings for you. These interests are considered legitimate within the meaning of the aforementioned provision.

The specific purposes of data processing and data categories can be found in the respective tracking tools.

i) Google Analytics

To design our pages according to demand and to continuously optimize them, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). In this context, pseudonymized usage profiles are created, and cookies (see section 4) are used. The information generated by the cookie about your use of this website, such as:

  • Browser type/version,

  • Operating system used,

  • Referrer URL (the previously visited page),

  • Hostname of the accessing computer (IP address),

  • Time of the server request,

is transferred to a Google server in the USA and stored there. The information is used to evaluate website usage, generate reports about website activities, and provide further services related to internet usage and market research, as well as to tailor the website accordingly. This information may also be passed to third parties if required by law or if third parties process these data on behalf of Google. In no case will your IP address be combined with other data from Google. The IP addresses are anonymized, making it impossible to trace them (IP masking).

You can prevent the installation of cookies by adjusting the settings in your browser software; however, please note that in this case, not all features of this website may be fully usable.

Furthermore, you can prevent the collection of the data generated by the cookie related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

Alternatively, especially for mobile browsers, you can prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set, preventing future collection of your data when visiting this website. The opt-out cookie is valid only in this browser and only for our website and will be stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.

For further information on data protection related to Google Analytics, please refer to the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=en). Google is certified under the Privacy Shield Agreement, offering a guarantee to comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

ii) Google AdWords Conversion Tracking

To statistically capture the usage of our website and evaluate it for optimizing the website for you, we also use Google Conversion Tracking. With this, a cookie (see section 4) is placed on your computer by Google AdWords when you arrive at our website through a Google ad. These cookies expire after 30 days and are not used for personal identification. If the user visits specific pages of the website and the cookie has not expired, Google and the client can identify that the user clicked on the ad and was redirected to that page.

9. Social Media Plug-ins

We use social media plug-ins from Facebook, Twitter, and Instagram on our website, based on Art. 6(1) Sentence 1 lit. f DSGVO, in order to make ourselves better known through them. The underlying promotional purpose is considered a legitimate interest under the GDPR. The responsibility for ensuring the data protection-compliant operation of these services lies with the respective providers. The integration of these plug-ins by us is carried out using the so-called two-click method to best protect visitors to our website.

a) Facebook

We use social media plug-ins from Facebook on our website to make their use more personal. We use the "LIKE" or "SHARE" button for this purpose. This is an offering by Facebook.

When you visit a page of our website that contains such a plug-in, your browser establishes a direct connection with Facebook's servers. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the website.

Through the integration of the plug-ins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly associate the visit to our website with your Facebook account. If you interact with the plug-ins, for example by clicking the "LIKE" or "SHARE" button, the corresponding information will also be transmitted directly to a Facebook server and stored there. The information will also be published on Facebook and displayed to your Facebook friends.

Facebook may use this information for advertising, market research, and for the customization of Facebook pages. For this purpose, Facebook creates usage, interest, and relationship profiles to evaluate your use of our website in relation to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website, and to provide further services related to the use of Facebook.

If you do not want Facebook to associate the data collected via our website with your Facebook account, you must log out of Facebook before visiting our website.

For the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your related rights and settings options to protect your privacy, please refer to Facebook's privacy policy (https://www.facebook.com/about/privacy/).

b) Instagram

We also use social media plug-ins ("plug-ins") from Instagram on our website, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").

The plug-ins are marked with an Instagram logo, for example, in the form of an "Instagram camera."

When you visit a page of our website that contains such a plug-in, your browser establishes a direct connection with Instagram's servers. The content of the plug-in is transmitted directly from Instagram to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not logged in to Instagram.

This information (including your IP address) is transmitted directly from your browser to a server in the USA and stored there. If you are logged in to Instagram, Instagram can immediately associate the visit to our website with your Instagram account. If you interact with the plug-ins, for example by clicking the "Instagram" button, this information will also be transmitted directly to an Instagram server and stored there.

The information will also be published on your Instagram account and displayed to your contacts.

If you do not want Instagram to associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website.

For further information, refer to Instagram's privacy policy (https://help.instagram.com/155833707900388).

c) Pinterest

Use of Pinterest Plug-ins

We use plug-ins from the social network Pinterest on these websites, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA ("Pinterest").

The various logos that include the plug-in (e.g., the “Pin-it” button or the “P” button) can be viewed at the following link: http://business.pinterest.com/pin-it-button/.

When you visit a corresponding page on our website that contains such a plug-in, a connection is established between your computer and Pinterest's servers, and the plug-in is displayed on the website by notifying your browser. Your IP address and the information about which of our pages you visited are transmitted to Pinterest's server in the USA. This applies regardless of whether you are registered or logged into Pinterest. Data is also transmitted to Pinterest even for non-registered or non-logged-in users.

If you are a member of Pinterest and logged into your Pinterest account at the time you use the plug-in, the collected information about your website visit will be linked to your Pinterest account and made known to other users. If you interact with the various Pinterest plug-ins, the corresponding information about you will be collected and transmitted to Pinterest and stored.

If you do not want Pinterest to link the information with your Pinterest account data, you must log out of Pinterest before visiting our website.

Further information on the collection and use of data by Pinterest can be found at http://de.about.pinterest.com/privacy/.

10. Right to Object

If your personal data is processed based on legitimate interests pursuant to Art. 6(1) Sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without the need to provide a specific reason.

11. Data Security

We use the widely used SSL (Secure Socket Layer) protocol in combination with the highest encryption level supported by your browser during your visit to the website. Typically, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognize whether a page on our website is transmitted securely by the closed key or padlock symbol in the lower status bar of your browser.

In addition, we employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

12. Currency and Changes to this Privacy Policy

This privacy policy complies with the requirements of the General Data Protection Regulation (GDPR) that has been in effect since May 2018, as well as the Federal Data Protection Act (new). It is continuously updated.