Privacy Policy
May 20, 2025
PRIVACY POLICY
We take the protection of your personal data very seriously when collecting, processing, and using it during your visit to our website and want you to know when we collect which data and how we use it. We have taken technical and organizational measures to ensure that the regulations on data protection are observed both by us and by any service providers.
This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our website and its associated web pages, functions, and content, as well as our external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
Controller
The controller responsible for the collection, processing, and use of your personal data within the meaning of Art. 4 No. 7 GDPR is
public imaging GmbH
Goldbekhöfe
Moorfuhrtweg 11
22301 Hamburg
Tel.: +49 (0)40 40 19 99- 0
E-mail: info@publicimaging.de
Name and Address of the Data Protection Officer
The data protection officer of the controller is:
Attorney at law
Michael H. Heng
Am Kaiserkai 69
20457 Hamburg
dsb@advocatus.de
Every data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
Types of Processed Data
Inventory data (e.g., your name, address)
Contact details (e.g., your e-mail address, telephone number)
Content data (e.g., your text entries on our site, photographs, videos you upload)
Usage data (e.g., the subpages you visit, access times)
Meta/communication data (e.g., device information, IP addresses)
Categories of Data Subjects
Visitors and users of the online offer (hereinafter: "users"), customers, interested parties, business partners.
Purpose of Processing
Provision of the online offer, its functions, and content
Answering contact inquiries and communicating with users
Security measures
Range measurement/Marketing
Terms Used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4 Paragraph 1 GDPR).
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 Paragraph 2 GDPR).
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements (Art. 4 Paragraph 4 GDPR).
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person (Art. 4 Paragraph 5 GDPR).
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4 Paragraph 7 GDPR).
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Art. 4 Paragraph 8 GDPR).
Relevant Legal Bases
Art. 13 GDPR determines that we must inform you of the legal bases of our data processing. Unless the legal basis is explicitly stated in the subsequent privacy policy, the following applies:
The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR.
The legal basis for processing for the performance of our services, implementation of contractual measures, and responding to inquiries is Art. 6 Para. 1 lit. b GDPR.
The legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR.
The legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f GDPR.
The legal basis in the event that vital interests of the data subject or another natural person require the processing of personal data is Art. 6 Para. 1 lit. d GDPR.
Security Measures
To protect your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we continuously adapt to the state of the art.
The measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical access to the data.
We have established procedures to ensure the exercise of data subject rights, erasure of data, and response to data risks.
Furthermore, we take the protection of personal data into account through technology design (privacy by design) and through privacy-friendly default settings (privacy by default), Art. 25 GDPR.
Your personal data is transmitted encrypted with us. This applies to all communication conducted via our website. We use the SSL (Secure Socket Layer) coding system. However, we point out that data transmission over the Internet, e.g., when communicating via e-mail, can have security gaps.
Cooperation with Processors and Third Parties
If, in the course of our processing, we disclose data to processors or third parties, transmit it to them, or otherwise grant them access to the data, this is done exclusively on the basis of legal permission, e.g., if you have consented, Art. 6 Para. 1 lit. a GDPR, the transmission to third parties is necessary for the performance of a contract according to Art. 6 Para. 1 lit. b GDPR, a legal obligation provides for this, Art. 6 Para. 1 lit. c GDPR, or on the basis of our legitimate interests, Art. 6 Para. 1 lit. f GDPR.
In the case of processors, disclosure takes place on the basis of the data processing agreement concluded with the processor in accordance with Art. 28 GDPR.
Transmission to Third Countries
A transfer of data to a third country, e.g., when using the services of third parties, only takes place if it happens to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests according to the aforementioned legal bases. Subject to other legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met (e.g., on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses")).
Rights of the Data Subjects
Right to confirmation and access: According to Art. 15 GDPR, you have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed. If this is the case, you have the right to request free information from us about the personal data stored about you, along with a copy of this data.
Right to rectification: According to Art. 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.
Right to erasure: According to Art. 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay.
Right to restriction of processing: Under the conditions of Art. 18 GDPR, you have the right to obtain restriction of processing of the personal data.
Right to data portability: According to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller, as far as technically feasible.
Right to withdraw consent: According to Art. 7 Para. 3 GDPR, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
Right to object: In accordance with Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on Art. 6 Para. 1 lit. e or f GDPR.
You can assert the aforementioned rights at any time against the controller mentioned above or the data protection officer mentioned above.
Right to lodge a complaint with a supervisory authority: According to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
Erasure of Data
Unless otherwise expressly stated, the data stored by us will be erased in accordance with Art. 17 GDPR as soon as they are no longer required for their intended purpose and the erasure does not conflict with statutory storage obligations.
If the data are not erased because they are required for other and legally permissible purposes, their processing will be restricted in accordance with Art. 18 GDPR, i.e., the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons. According to statutory requirements in Germany, storage takes place in particular for 10 years pursuant to §§ 147 Para. 1 Nos. 1, 4, and 4a, Para. 3 AO, 257 Para. 1 Nos. 1 and 4, Para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years pursuant to §§ 147 Para. 1 Nos. 2, 3, and 5, Para. 3 AO, 257 Para. 1 Nos. 2 and 3, Para. 4 HGB (commercial letters).
Operation of and Access to the Website
The hosting services we use from our hosting provider serve the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, as well as technical maintenance services, which we use for the purpose of operating the website.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties, and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 sentence 1 f) GDPR in conjunction with Art. 28 GDPR.
We or our hosting provider also process access data. These include:
Name and URL of the retrieved file
Date and time of retrieval
Amount of data transferred
Notification of successful retrieval (HTTP response code)
Browser type and browser version
Operating system
Referrer URL (i.e. the previously visited page)
Websites accessed by the user's system via our website
Internet service provider of the user
IP address and the requesting provider
We use this log data without allocation to your person or other profiling for statistical evaluations for the purpose of operation, security, and optimization of our online offer, but also for anonymized recording of the number of visitors to our website, as well as the extent and nature of use of our website and services, and likewise for billing purposes to measure the number of "clicks" received from cooperation partners. Based on this information, we can provide personalized and location-based content, analyze traffic, troubleshoot and fix errors, and improve our services.
This is also our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR.
We reserve the right to check the log data subsequently if there is a justified suspicion of unlawful use based on concrete evidence. We store IP addresses in the log files for a limited period if this is necessary for security purposes or required for the provision of services or the billing of a service, e.g., if you use one of our offers. After canceling the ordering process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website.
Cookies
We use so-called session cookies on our pages to optimize our online offer. A session cookie is a small text file that is sent by the respective servers when visiting a website and temporarily stored on your hard drive. This file as such contains a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. These cookies are deleted after you close your browser.
Our legitimate interest in using cookies in accordance with Art. 6 Para. 1 sentence 1 f) GDPR is to make our website more user-friendly, more effective, and safer, as well as easier for you to use.
When the cookie is activated, it is assigned an identification number, and an assignment of your personal data to this identification number is not performed. Your name, your IP address, or similar data that would allow the cookie to be assigned to you are not inserted into the cookie. On the basis of cookie technology, we only receive pseudonymized information, for example, about which pages were visited.
You can set your browser in such a way that you are informed about the setting of cookies in advance and can decide in individual cases whether to exclude the acceptance of cookies for certain cases or in general, or to completely prevent cookies. Stored cookies can be deleted in the system settings of the browser. This may limit the functionality of the website.
Contacting Us
When contacting us (e.g., by e-mail, telephone, or via social media), the user's details are processed to handle the contact inquiry and its processing in accordance with Art. 6 Para. 1 lit. b) GDPR. Answering your inquiry is also our legitimate interest in processing your transmitted data
in accordance with Art. 6 Para. 1 lit. f) GDPR.
We delete the inquiries if they are no longer required. We check the necessity regularly, at least every two years. Furthermore, statutory archiving obligations apply.
Online Presences in Social Networks
Our company maintains online presences within various social networks to communicate with our customers, interested parties, and other users there and to inform them about our offers and services.
In this context, we point out that data may also be processed outside the EU, in particular in the USA. We explicitly point out in this respect that processing in the USA may make it more difficult for you to enforce your rights as a user.
The data of visitors to our online presences are usually processed for market research and advertising purposes, and usage profiles are created from this, which are used to place advertisements both within and outside social networks that correspond to the presumed interest of the user. For this purpose, cookies containing information about the usage behavior and interests of the respective user are usually stored on the user's computer. If the user is also logged into the social network itself, it may also be that further data is stored in the respective usage profiles.
The processing of the personal data of the users is based on our legitimate interests in effective information of and communication with users in accordance with Art. 6 Para. 1 lit. f. GDPR.
For a detailed description of the respective processing operations and the possibilities to object (opt-out), we refer to the privacy policies of the respective social networks.
Inquiries for information and your user rights can be asserted most effectively directly with the provider of the social network. Only they have access to the data of their users and can take appropriate measures and provide information directly. Of course, you can also contact us if you need help.
The types of data processed in the online presences are contact details, such as e-mail address or telephone numbers, content data, such as your entries in online forms, usage data, such as access times or visited subpages, or ultimately also meta- or communication data, such as device information and IP addresses. Affected persons are you as a user of the social network. Purposes of processing the data are the possibility of contacting us, e.g., via contact inquiries and feedback, as well as marketing.
Online Presence on Facebook
We are joint controllers with Facebook Ireland Ltd. regarding the collection of data of visitors to our Facebook Fanpage, but not regarding the further processing of the data. This data includes information about what the user looks at, who they interact with, whether and what they comment on, in addition to device information such as IP addresses, browser type, operating system, cookies, and language settings. More detailed information can be found in the Facebook Data Policy at https://www.facebook.com/policy.
Facebook also uses analysis tools, so-called Page Insights, which they make available to the page operator to obtain insights about the visitors of the Facebook pages, e.g., how the user handles and interacts with the information contained on the page. We have entered into a special agreement with Facebook for this (see under https://www.facebook.com/legal/terms/page_controller_addendum), which precisely regulates which security measures Facebook must observe and which obligations Facebook must comply with in terms of data subject rights (especially access requests and erasure notices). The rights of users are not restricted by this. Further information can be found under https://www.facebook.com/legal/terms/information_about_page_insights_data.
The contact details of the social network Facebook are: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, the parent company is Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA. The website of the social network can be found at https://www.facebook.com, its privacy policy at https://www.facebook.com/about/privacy. An objection option (opt-out) as well as other settings for advertisements can be found at https://www.facebook.com/adpreferences/ad_settings, with a login to Facebook being required here.
Online Presence on LinkedIn
The contact details of the social network LinkedIn are: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The website of the social network can be found at https://www.linkedin.com, its privacy policy at https://www.linkedin.com/legal/privacy-policy. An objection option (opt-out) can be found at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Online Presence on Twitter
The contact details of the social network Twitter are: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, the parent company is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; The website of the social network can be found at https://www.twitter.com, its privacy policy at https://twitter.com/de/privacy and the privacy settings at https://twitter.com/settings/privacy_and_safety, with a login to Twitter being required here.
Online Presence on XING
The contact details of the social network XING are: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. The website of the social network can be found at: https://www.xing.de, its privacy policy at https://privacy.xing.com/de/datenschutzerklaerung.
Google Analytics and Google Tag Manager
We use Google Analytics, a web-analysis service of Google LLC ("Google"), via the Google Tag Manager on the basis of our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR). Cookies are not set by this. However, information about the use of the online offer by users is usually transmitted to a Google server in the USA and stored there. This involves access data, such as the browser type and browser version you use, the operating system, the country from which the page was accessed, any referrer URL, the number of views, and the date and time of retrieval.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer, and to provide us with further services related to the use of this online offer and internet usage. Pseudonymous usage profiles of users can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; users can furthermore prevent the collection of the data generated by the cookie and related to their use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
No profiles are created with the Tag Manager and likewise no cookies are stored. Google only receives the user's IP address to run the Tag Manager.
The service provider of both services is Google Ireland Limited, Gordon House, Barrow Street, Dublin4, Ireland, belonging to the parent company, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; the website can be found at https://marketingplatform.google.com/intl/de/about/analytics/, the privacy policy at https://policies.google.com/privacy.
Status of the Privacy Policy: 23.08.2021.
Do you have something to say?
We know where it will be heard.


