Privacy Notice
1. Controller
The following person is responsible for CoolPhotos.de and the controller as defined in the EU General Data Protection Regulation (GDPR):

Michael Carsten
Südring 35
37079 Göttingen
Germany
Michael.Carsten@coolphotos.de
Phone (please use E-Mail for support):
+49 551 38174035
2. Visitors of the website CoolPhotos.de
Here it is explained which personal data is stored upon visiting the website CoolPhotos.de. Information about what happens when you interact with the website by entering data into input fields to send an e-card or clicking on personalized links can be found further below.

Usually by visiting the website CoolPhotos.de no personal data of yours is being stored unless you interact with the website by directly entering personal data.

Upon visiting the website CoolPhotos.de temporary statistics about the users behaviour are being generated. This dataset contains information about the used browser and device and statistical data as well as the IP address which is encrypted with a one-way encryption. Only if an automated process (in this case the IP address is not assumed to be personal data) or an attack on the website (like the attempt to insert malicious code or search for vulnerabilities) is detected, the unencrypted IP address will be stored. In the second case the IP address is stored to further defensive actions or enable legal steps.
Normally by just visiting the website no personal data is being stored since the one-way encrypted IP address can not be connected to a person. (The one-way encrypted e-mail address could only be decrypted with an out of scale computing effort since all possible IP addresses would have to be encrypted and the result would have to be compared to the stored data. On average that would be about 2 billion attempts for IPv4 and an virtually unlimited amount of attempts for IPv6.)
The processing of the IP address in unavoidable upon visiting a website since the server needs to know where to send the requested data.
In those cases in which the IP address is stored, it is based on §6 para. 1f GDPR or the IP address is assumed to be no personal data because it originated from another server which was making automated requests.
3. E-mail log and e-mail history
All e-mails send via CoolPhotos.de are logged with time of sending, e-mail address and sender for three months (in this case the sender is an e-mail address at CoolPhotos.de). The recipients e-mail address is encrypted with a one-way encryption after one week. Thus the e-mail address can not be obtained from the dataset. But the dataset can be linked to an e-mail address if said e-mail address is provided from another source.
In addition an entry in the "e-mail history" is generated when an e-mail address is used at CoolPhotos.de for the first time. In this dataset the e-mail address is stored with a one-way encryption. Thus the dataset can only be linked to an e-mail address if it is provided from another source. The dataset contains statistical data about the amount of failed and successful e-mail deliveries as well as sent and received e-cards. The e-mail history is used to The entries will be deleted automatically if they have not been accessed for 5 years. Entries which have been used rarely might get deleted earlier.
You can have your e-mail history deleted via the button "delete data" (at the very top/bottom of this page). Deleting it will result in a permanent blacklisting of the e-mail address at CoolPhotos.de.
The processing of the data is based on §6 para. 1a GDPR or §6 para. 1f GDPR. The second one applies for the e-mail log, recipients of e-cards and entries which were generated before the applicability of the GDPR. It is assumed to be in the interest of the data subject that unwanted e-mails can be prevented by the use of the e-mail history. In addition to that it is in the interest of the controller to be able to determine the time at which to delete further personal data and prevent the sending of unnecessary e-mails using this data.
4. Sending e-cards
The most important function of CoolPhotos.de is to provide users with the possibility to send e-cards to others whose e-mail address they have. The recipient of the e-cards gets an e-mail with a link by which the respective e-card can be accessed.
Sending the e-cards to an e-mail address is only possible if you enter personal data is entered and the data may be processed, stored and submitted to the recipient. The most important parts of said personal data are your name, your e-mail address as well as the name and e-mail address of the recipient. In addition to that the IP-address, time of sending and if available the user name and user number.
Furthermore all data you entered and settings you selected upon generating the e-card will be stored. In addition to the picture and elements of designs that especially concerns the e-card message.
The duration of storage depends upon what you select when generating the e-card. By default the e-cards are deleted once the have not been accessed for three months or have not yet been accessed after three months.
In addition to the aforementioned personal data, statistical data is being collected based on the selected picture, your settings and actions. That data is completely anonymized and has no connection to your personal data.
If the e-card has not been picked up by the recipient after one week and after one month, another notification will be sent to the recipient unless that option has been deactivated or the program decides for another reason not to send it (that is mainly the case if the same picture has been sent to the recipient several times on a given day).

If you are a registered user at CoolPhotos.de and the function has not been deactivated, a dataset containing the date, picture, category and one-way encrypted e-mail address of the recipient will be generated. This data is mainly used to warn you upon trying to send the same picture to the same recipient in the future. This data remains stored as long as you registration exists unless you decide to delete it. It can be deleted in the members area or via "Delete Data" at the very top/bottom of this page. Additionally the name and e-mail address of the recipient will be added to your address book at CoolPhotos.de if not otherwise selected. While creating the e-card, the entered data will be stored and can be accessed for 3 days via "load draft" if the e-card is not completed and sent.

If the e-card has not been sent yet, it can be cancelled or edited at any time by using the link provided in the e-mail confirming the storage of that e-card. Via "Delete Data" (at the very top/bottom of this page) you can delete all e-cards which were sent by you or remove your e-mail address/ name and e-mail address from all e-cards. If you chose to delete them, the recipient will not have access to them anymore unless they have been archived by the recipient.

In addition, the paragraph "E-Mail History" is relevant in this case.
Since the sender of the e-card has explicitly agree with the processing of the data, the processing of the senderīs data is based on §6 para. 1a GDPR. If the e-card was generated before the applicability of the GDPR, it is based on §6 para. 1a GDPR under the assumption that the sender wanted the e-card to be available for the recipient upon creating and sending it.
The paragraph "Personal data entered by third parties" reflects the view of the recipient.
5. Comments
After creating an e-card using CoolPhotos.de you are presented with the opportunity to leave a comment. If you submit a comment, in addition to the comment itself, your name, e-mail address, data about your browser and device, the time of submission, the sent picture, the id of the created e-card and if available your username will be stored. The data is used to reply to questions which might be contained in the comment.
Aside from the text of the comment, the sent used picture, the day of sending and details about your browser and device, the data data will be deleted automatically within 14 days of the comment being read for the first time.
Until then you can delete the comment via "Delete Data" (at the very top/bottom of this page) providing that you entered your correct e-mail address upon creating the e-card.
If the comment is replied to, said reply will be stored. Details can be found in the paragraph "Communication by e-mail".
The processing of the data is based on §6 Abs. 1f GDPR assuming that it is in the interest of the data subject as well as the operator. When commenting, the data subject is explicitly informed about the fact that personal data will be stored but is not asked for confirmation since the processing of personal data was confirmed upon creating the e-card and no additional personal data is being stored.
6. Reminder service
By using the reminder service you can get reminded of yearly events like birthdays, wedding anniversary etc. by e-mail a few days before the event. That e-mail provides you with a link to directly send an e-card, access your current entries in the reminder service or edit them.
With each entry in the reminder service the following data is stored: Your name an e-mail address, type of event, date of event, a name for the recipient and if provided its e-mail address, the distance between event and sending of the reminder in days, a comment of yours about the event and if you are a registered user, your user id.
In addition to that, statistical data about how the entry came to be, the sent reminders and your interactions with the reminder link will be stored. This data is used to optimize the website, inform you in the reminder e-mail about how the entry was created and decide upon when to stop sending the reminders and delete the entries.
The data remains in storage as long as the individual entry exists. There are several possibilities how the entries get deleted:
In cases of long inactivity an e-mail might be sent to you giving you the opportunity to prevent the deletion.
The entries in the reminder service can be deleted or edited at any time by using the links in the reminder e-mails, accessing it from the members area or by clicking on "Stored Data" at the very top/bottom of this page. By using the button "Delete Data" at the very top/bottom of this page, you can delete all your entries at once.
As far as the person entering the data is concerned, the processing is based on §6 Abs. 1a GDPR since the processing is explicitly agreed to. In the case of entries that were created before the applicability of the GDPR it is based on §6 Abs. 1f GDPR. This is based on the assumption that the data subject remains interested in getting the reminders they have previously created. The item "Personal data entered by third parties" reflects the view of the other affected person.
7. Personal data entered by third parties
There are three cases in which third parties are supposed to enter your personal data at CoolPhotos.de. Via "Stored Data" at the very top/bottom of this page you can see whether or not e-cards that have been sent to you are still in storage. In the case of e-cards that are planned to be sent at a later date as well as entries in the reminder service or address book you could not see whether personal data of yours is being stored (Providing you with that information would violate the rights of the person who has entered the data).
Via "Delete Data" at the very top/bottom of this page you can have your e-mail address or name & e-mail address from the e-cards.
The sending of further e-cards as well as the storage of your personal data in the reminder service or address books can be prevented by having your e-mail address blacklisted (at the very top/bottom of this page).
The processing of the data is based on §6 Abs. 1f GDPR. It is primarily in the interest of the third party who has provided the data that they are being processed. In addition to that it is assumed to be in the interest of the data subject that the third party can send e-cards to them, have their e-mail address in its address book and does not forget events like birthdays.
Furthermore the processing of the data is in the interest of the controller as it allows him to provide his services.
8. Newsletter
Currently the newsletter is only available in German.
If you decide or have decided to get the newsletter of CoolPhotos.de, you will get an e-mail with a link to an e-card several times a year. The e-card will contain news about changes at the website, information about the use of the website as well as buttons to the relevant categories for the upcoming event (e.g. Christmas e-cards) or the time period following the sending of the newsletter.
In order to send the newsletter, your e-mail address needs to be processed. In addition to that your name, time of signing up for the newsletter and the IP address which was used to do so are being stored.
Furthermore data about the accesses to the newsletter (number, last date of access, last date of sending etc.) are being stored. This data is used to decide when to temporarily or completely stop sending newsletters to you. It also decides upon the time of automatic deletion or anonymisation/one-way encryption of the data.
Each of newsletter e-cards contains a button by which the stored data can be accessed or deleted. It also allows to deactivate the entry or limit the sending to specific events.
Said option is also provided at "Stored Data" at the very top/bottom of this page.
The processing of the data is usually based on §6 Abs. 1a GDPR since the data subject has to agree to the processing before adding its e-mail address to the newsletter. If the entry was added before the applicability of the GDPR or occurred in another way (e.g. by asking the controller by e-mail to add the e-mail address to the newsletter without being asked to agree to the processing), the processing is based on §6 Abs. 1f GDPR. Assuming that the processing is in the data subjectīs interest.
9. Do not ask again
In some cases you have the option to select that you do not want to be asked a question again without having to be a registered user. E.g. not being asked again whether you want to add a birthday to the reminder service upon sending an e-card, agreement to the processing of your personal data upon sending e-cards.
If you make use of this option, this information has to be stored. A dataset with your e-mail address will be generated. The e-mail address gets protected by a one-way encryption. The dataset can be changed or deleted (uncheck all options) via "Settings" at the very top/bottom of this page.
The duration of storage is analogous to that of the "E-Mail History". Deleting the "E-Mail History" also deletes this data.
The processing of the data is based on §6 Abs. 1f GDPR in the interest of the data subject. Since the processed personal data does not go beyond that which the data subject has agreed to before, it is not asked for agreement.
10. Registration
It is possible for users of the website CoolPhotos.de to get registered. The registration offers them an extended functional range. Many of the additional functions are based on changing individual settings or accessing previously stored data (address book, overview of sent and received e-cards etc.).
If you decide to get registered, your e-mail address, a user name, a name and a password are being stored. If not otherwise selected, the password will be protected with a one-way encryption. Thus even with access to the database it is practically impossible to get your unencrypted password from it.
This data is used to enable you to log in, attribute e-cards to you and prefill your name and e-mail address upon creating a new e-card. In some cases your e-mail address will be used to contact you in regard to the website CoolPhotos.de or your registration. The most common case for this to happen is when you have entered your day of birth and have not deactivated the option to get e-cards from CoolPhotos.de for your birthday.
Additionally a dataset for each e-card you send with (picture, category, date and the one-way encrypted e-mail address of the recipient) is being stored. This is mainly used to inform you in future if you select the same picture again for a single recipient. This function can be deactivated at any time in the members area at "settings".
Furthermore, upon logging in the IP address, point in time and Country are stored. This is used to provide the user with a login log in the members area. It enables the user to recognize unauthorized access. The log data is reduced after one months. Afterwards only the amount of logins per year and country remain.
Additionally all settings which are made in combination with the registration (especially in the members area) are being stored for obvious reasons. In addition statistical data about the use of the registration (number of sent e-cards, first e-card, last e-card, last login etc.) are being stored. Those are mainly used to determine when to delete a registration.
If you have entered data like date of birth, country or zip-code, those will also be used for statistical purposes.
The aforementioned data remain in storage while the registration exists if they are not previously deleted or changed by the user. Exempted are entry in the address book which will also be removed when the owner of the relevant e-mail address blacklists the e-mail address at CoolPhotos.de.
Via "Delete Data" at the very top/bottom of this page you can delete your registration at any time. Via "Stored Data" at the very top/bottom of this page you can see which data is being stored in connection with your registration.

In addition, the paragraph "E-Mail History" is relevant in this case.
The processing of the data is based on §6 Abs. 1a GDPR since the data subject has to agree to the processing during the process of registration. If the registration was made before the applicability of the GDPR and the data subject has not been asked for agreement to the processing of the data again, the processing is based on §6 Abs. 1f GDPR under the assumption that it is in the interest of the data subject.
11. Premium membership
If you decide to become a premium member or have so decided in the past, usually additional personal data has to be processed (place of residence and payment details). Those are mainly used to comply with VAT regulations and to link incoming payments to an account (if the given reason of payment is inaccurate). The data will remain in storage at least as long as the premium membership exists. Due to record retention periods it may be necessary to keep the data for 10 years after the time of the last payment. If the payment`s country of origin is not the same as the place of residence, the data from the login log (see registration) can be used to determine the applicable country for VAT.
In addition to the aforementioned personal data you have the option to store additional personal data like own pictures. That data can be deleted by you at any time in the members area.
The processing of the data is based on §6 para. 1a GDPR and §6 para. 1c GDPR. If the duration of storage is longer than the legally required time, it is based on §6 para. 1f GDPR. In that case it is assumed to be in the interest of the data subject, who remains to be a premium member, that future payments can be easily attributed to it.
12. Cookies
Cookies are small files stored by the userīs browser on a userīs computer. Using cookies a website can store data on a userīs computer which can be accessed within the current session or upon a later visit to the website. There are temporary cookies which are only accessible during a single browser session and those that are stored for a longer time. The usage of cookies can usually be restricted in the browserīs settings. Third-Party-Cookies are especially critical since the can be used to track a userīs behaviour over several websites.
No Third-Party-Cookies are being used on CoolPhotos.de. Temporary cookies are in use once a registered user has logged in in order to allow that user to stay logged in until the browser session is terminated or the logout button is clicked. In addition to that a permanent cookie is used if the user deactivates the sexy content of the website. This cookie does not contain any personal data but the information that the content is to be hidden.
A permanent cookie containing personal data will only be used if a registered user decides to remain logged in for later visits (automatic login). This has only the purpose to enable the automatic login upon the next visit to the website.
Cookies are either used upon request by the user or in the userīs direct interest.
The processing of the data is based on §6 para. 1a GDPR or §6 para. 1f GDPR in the interest of the data subject.
13. Communication by e-mail
If you communicate by e-mail with the controller, those e-mails and possible replies will be stored. The duration of storage depends upon the content, the question whether a reply was send and your relation to the controller.
E-mails that are replied to automatically are usually deleted within one month. Individual replies to questions raised by registered users of the website and the original questions usually remain stored while the registration remains. E-mails concerning the right to use some of the pictures of the website for non private purposes usually remain in storage indefinitely.
In most other cases the duration of storage is between one month and two years.
The processing of the data is based on §6 para. 1f GDPR. The processing is assumed to be in the interest of the data subject as well as the controller in order to enable communication and help with further cases of communication. In some cases the processing can be based on §6 para. 1b GDPR or §6 para. 1c GDPR.
14. Social networks
If you use social media to communicate with CoolPhotos.de/the controller, it has to be assumed that those services will process the submitted personal data. The extend to which that happens, duration and location of storage, and possible use for their purposes can not be influenced by the controller.
It might not be possible to delete possible data thus submitted to the social media service now or in the future.
You are strongly advised not to submit personal data you want to protect via social media. Further details can be found in the privacy policies of the individual services.
15. Location and transmission of data
The controller is storing all of his data in Germany. When visiting the website CoolPhotos.de all data is transmitted via encrypted connections.
Due to the nature of the internet it is not possible to ensure that the data transmitted to the user does not leave the physical location of the EU, even if the visitor physically is in the EU. That also applies if there is a direct physical connection between the locations.

Essential features of the website are based on the sending of e-mails to the user and to other persons in the userīs name.
Upon sending these e-mails the controller can not control from which country those e-mails will be accessed, in which country the recipientīs e-mail provider or the recipient himself stores those e-mails, or on which way those e-mails travel through the internet.
16. Processors
In order to provide the website CoolPhotos.de, the necessary server is run by a processor according to §28 GDPR. For technical reasons the processor has access to the databases and directories in which the personal data is being stored.
The processor is liable under a contract not to pursue any goals of its own with the personal data stored on the server and to follow the privacy terms. The location of the server and the place of business of the processor is in Germany.
17. Your rights: Right of access
According to §15 GDPR you have the right to know whether the controller is processing personal data of you and which data is being proccessed for which purposes. (For details see §15 GDPR.)
Via the button "Stored Data" at he very top/bottom of this page you can exercise that right.
18. Your rights: Right to rectification
According to §16 GDPR you have the right to have your personal data rectified or completed.
In most cases this concerns the personal data connected with a registration at CoolPhotos.de. This data can be changed in the members area at "Settings" -> "Personal Data".
19. Your rights: Right to erasure
According to §17 GDPR you have the right to erasure of you personal data if the requirements stated in §17 para. 1 GDPR are met. §17 para. 3 GDPR states some limits to that right. The exact details can be found in §17 GDPR.
In most cases you can delete your personal data via the button "Delete Data" at he very top/bottom of this page. Via "Blacklist E-Mail-Address" you can prevent any further or future use of your e-mail address.
20. Your rights: Right to restriction of processing
According to §18 GDPR you have the right to request the restriction of processing of your personal data in the following cases: a) the accuracy of the personal data is contested by you and the controller still has to verify it; b) the processing is unlawful and you are opposing the erasure of the data; c) the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; d) you have objected to the processing based on §21 GDPR and the verification whether the legitimate grounds of the controller override those of the data subject is still pending. The exact details and consequences of a restriction of processing can be found in §18 GDPR.
21. Your rights: Right to data portability
According to §20 GDPR you have the right to data portability if the rights and freedoms of other persons are not impaired.
The possibility to export the address book can be found in the members area at "address book"->"export". The option to export entries from the reminder service can be reached at the reminder service via "Export Data" (the reminder service can be reached by the members area or "Stored Data" at the very top/bottom of this page).
22. Your rights: Right to object
According to §21 GDPR you have the right to object the use of your personal data at any time if the usage by the controller is based on §6 para. 1f GDPR. That usually concerns those cases in which you have not directly agreed to the usage and the data is not needed for a contract or legal reasons.
You also have the right to object to the use of the data for direct marketing purposes.
Via the buttons "Delete Data" and "Blacklist E-Mail-Address" at the very top/bottom of this page you can prevent any further or future use of your e-mail address and delete most of the personal data that might be stored.
23. Your rights: Right of withdrawal
You have the right to withdraw any previously given permission to use you personal data.

In most cases you can delete you personal data via the button "Delete Data" at the very top/bottom of this page.
24. Your rights: Right to lodge a complaint with a supervisory authority
If you believe the use of your personal data to violate the GDPR you have the right to lodge a complaint with a supervisory authority according to §77 GDPR.