Privacy Policy

What Are Personal Data?

Under German and European data protection law, personal data refers to any information that relates to an identified or identifiable natural person. This includes names, addresses, job titles, email addresses, health information, income, marital status, phone numbers, and usage data such as IP addresses. It does not matter who is capable of identifying the individual—if identification is theoretically possible, the data is considered personal.

What Is Considered “Processing”?

According to Article 4(2) of the EU General Data Protection Regulation (GDPR)—which is fully applicable in Germany—“processing” includes any operation involving personal data. This may include collection, organization, storage, adaptation, retrieval, consultation, use, disclosure, transmission, deletion, and more. In short, if data are handled in any way, they are being processed.

Who Is Responsible for Data Processing on This Website?

In accordance with Article 4(7) GDPR and German data protection law, the controller responsible for data processing on this website is Kim Woolf Photography, c/o Block Services, Stuttgarter Straße 106, 70736 Fellbach, Germany

If you have any questions about how your personal data are processed, feel free to contact us at hello@kimwoolf.com.

What Data Are Processed When You Visit This Website?

When you visit our website, your device automatically transmits certain data to enable the connection. The following personal data may be processed in this context:

  • date and time of access,

  • name of the accessed subpage,

  • anonymized IP address,

  • referrer URL (origin of the request),

  • operating system,

  • hostname of the accessing device,

  • browser version and product information.

This data is processed in accordance with Article 6(1)(f) GDPR (legitimate interest under German law). The purpose is to ensure the technical functionality of our website and to present our work as photographers to potential clients. Usage data are automatically deleted after 7 weeks.

Use of Cookies

We use cookies to make our website more user-friendly, efficient, and secure. Cookies are small text files stored by your browser on your device. Most of the cookies we use are “session cookies,” which are deleted automatically after your visit ends.

This data processing is based on Article 6(1)(f) GDPR. Our legitimate interest lies in improving the accessibility of our website. These cookies do not collect tracking data and do not infringe on your rights or freedoms.

You may choose to disable cookies via your browser settings. Please note, however, that doing so may limit the functionality of our website.

Third-Party Cookie: Real Cookie Banner

To manage your cookie preferences, we use Real Cookie Banner (https://devowl.io/de/wordpress-real-cookie-banner/), a product by devowl.io GmbH. When you consent to cookies, the following data are stored as specified in their privacy policy (https://devowl.io/de/datenschutzerklaerung/):

  • anonymized IP address

  • timestamp of consent

  • browser user agent

  • URL of consent

  • encrypted consent key

  • consent status

These data are necessary to document and manage your consent, in line with German and EU data protection laws. The consent key and status are also stored in a cookie named us_cookie_notice_accepted, valid for up to 12 months.

The processing is based on Article 6(1)(c) and (f) GDPR—due to our legal obligation to obtain and record consent, and our interest in doing so transparently.

What Happens When You Contact Us?

You can reach us via the contact form or by email. When doing so, you may be asked to provide your name, email address, phone number, or other information.

If your inquiry is related to the initiation or fulfillment of a contract, data processing is based on Article 6(1)(b) GDPR. Otherwise, it is based on our legitimate interest under Article 6(1)(f) GDPR to respond to inquiries and maintain customer relationships.

We will delete your data once your inquiry has been answered and the purpose for storing the data no longer applies—unless your request results in a contractual relationship. In that case, data are stored according to applicable retention periods under German law.

Contacting Us via WhatsApp

We offer the option to contact us via WhatsApp. A WhatsApp button is embedded on our website, which redirects to WhatsApp Web or the mobile app depending on your device. When using this feature, your data is synchronized with WhatsApp servers.

WhatsApp Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, is responsible for users within the EU. The parent company is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. This may involve transferring data to the U.S.

Meta is certified under the EU–US Data Privacy Framework (Article 45 GDPR), ensuring compliance with EU standards. Your consent (Article 6(1)(a) GDPR) is required to initiate a WhatsApp conversation.

We store the resulting chat data only for the duration of our communication. If you do not proceed with a booking, we delete the data immediately.

Please refer to WhatsApp’s privacy policy for further details: https://www.whatsapp.com/legal/

Use of the Meta Pixel

To optimize our advertising on Facebook and Instagram, we use the Meta Pixel. This tool collects website usage data (e.g., page views, interactions) and transmits it to Facebook Ireland Ltd., which then forwards it to Meta Platforms, Inc. in the U.S. The data is matched to your Meta profile, even if you’re not logged in or don’t have an account.

Meta uses the data for analytics and to deliver targeted advertising. We do not store or access this data ourselves. Consent is required for this processing (Article 6(1)(a) GDPR) and is obtained via the cookie banner.

Meta is certified under the EU–US Data Privacy Framework.

Further details: https://www.facebook.com/about/privacy

Google Analytics

We use Google Analytics, provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. This may involve data transfers to Google LLC, USA.

Cookies collect the following data:

  • IP address (anonymized)

  • screen resolution

  • browser and system details

  • country and language preferences

  • visited pages

  • access times

Processing is based on your consent (Article 6(1)(a) GDPR), which you may give or decline via the cookie banner. We retain analytics results for 12 months.

Due to IP anonymization, your full IP address is rarely transferred to the U.S. Instead, it is truncated within the EU or EEA. Google processes this data on our behalf and does not merge it with other Google data.

Google is certified under the EU–US Data Privacy Framework.

Google Tag Manager

We use Google Tag Manager to implement and manage scripts and tools on our website. The Tag Manager itself does not process personal data but may trigger tags that do.

Processing is based on your consent (Article 6(1)(a) GDPR). We do not store or access any personal data through this tool.

The tool is operated by Google, which is certified under the EU–US Data Privacy Framework.

Hosting and Data Access

Our website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp, Germany. We have entered into a legally binding data processing agreement (Auftragsverarbeitungsvertrag) with the provider. More information is available at: https://www.mittwald.de/datenschutz

Only we have access to personal data processed through the website and related contact requests.

Contract Execution and Invoicing

If you enter into a contract with us, we store the data you provide (such as name, address, email) for the purpose of contract performance and invoicing.

If your data was previously submitted for another purpose, we may reuse it for billing. Where required for legal or financial compliance, data may be shared with tax consultants, attorneys, banks, or tax authorities. This processing is based on Article 6(1)(c) GDPR. Data will be deleted after the legally prescribed retention periods expire.

Our Instagram Page

We use Instagram to share updates and promote our services. This service is operated by Meta Platforms Ireland Ltd.(EU) and Meta Platforms, Inc. (USA).

If you visit our Instagram page while logged in, Instagram may associate the visit with your profile. To avoid this, log out before clicking the Instagram icon.

If you interact with our profile (e.g., like, comment, message), data will be processed by Instagram. See their privacy policy: https://help.instagram.com/519522125107875/?maybe_redirect_pol=0

We do not store or process personal data via Instagram independently. For general tips on privacy settings in social media, visit: youngdata.de

Use of our Instagram fan page is based on Article 6(1)(f) GDPR. Embedded Instagram content is shown only with your consent (Article 6(1)(a) GDPR).

What Are Your Rights?

Under the GDPR and applicable German law, you have the following rights:

a. Right to Object
If we process your data under Article 6(1)(f) GDPR, you may object at any time based on your personal circumstances. We will stop processing unless we can demonstrate compelling legitimate grounds.

b. Right of Access (Art. 15 GDPR)
You may request confirmation as to whether we process your personal data and receive information about such processing.

c. Right to Rectification (Art. 16 GDPR)
You may request correction or completion of inaccurate or incomplete personal data.

d. Right to Erasure (Art. 17 GDPR)
You may request the immediate deletion of your data under the conditions defined in the GDPR.

e. Right to Restrict Processing (Art. 18 GDPR)
You may request restrictions on how your data is processed.

f. Right to Data Portability (Art. 20 GDPR)
You may request that we transfer your personal data to another controller in a machine-readable format, where technically feasible.

g. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority:

State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Germany
+49 211 38424-0
+49 211 38424-10
poststelle@ldi.nrw.de