Privacy Policy

We are delighted about your interest in our website. The protection of your personal data is very important to us. Below, we inform you in detail about the handling of your data in accordance with Art. 13, 14 of the General Data Protection Regulation (GDPR).

1. Controller for Data Processing

Abdelmajid Danadi

Mittelstraße 53

40721 Hilden

Germany

Email: info@portraitplatform.com

Phone: +49 162 9129893

2. General Information on Data Processing

2.1 Scope of Processing Personal Data

We generally process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users regularly takes place only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2.2 Legal Basis for Processing Personal Data

Insofar as we obtain consent from the data subject for processing operations of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

For the processing of personal data necessary for the performance of a contract, Art. 6 para. 1 lit. b GDPR serves as the legal basis.

If processing of personal data is necessary for compliance with a legal obligation, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

2.3 Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject.

3. Provision of the Website and Creation of Log Files

3.1 Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited page)
  • Host name of the accessing computer
  • IP address (anonymized after 7 days)
  • Time of the server request

The data is stored in the log files of our system. This data is not stored together with other personal data of the user.

3.2 Legal Basis

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3.3 Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. Storage in log files is carried out to ensure the functionality of the website and to optimize the website and to ensure the security of our information technology systems.

3.4 Storage Duration

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of collecting data for providing the website, this is the case when the respective session has ended. IP addresses are anonymized after 7 days. Log files are deleted after a maximum of 30 days.

4. Use of Cookies

4.1 Description and Scope of Data Processing

Our website uses only technically necessary cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. We use the following cookies:

  • Session Cookie (XSRF-TOKEN, laravel_session): To maintain the session and protect against CSRF attacks. Deleted after the browser session ends.
  • Locale Cookie: Stores your language selection (German/English). Validity: 1 year.

4.2 Legal Basis

The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the technical functionality of the website and the improvement of user-friendliness.

4.3 Purpose of Data Processing

Technically necessary cookies enable us to make our website more user-friendly and are required for the provision of certain functions (e.g. login, language selection, shopping cart function).

4.4 Objection and Removal Option

You can set your browser so that you are informed about the setting of cookies and only allow cookies on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of our website may be limited.

5. Web Analytics (Matomo)

We use the open-source software Matomo on this website for reach measurement and statistical analysis of usage (e.g. pages visited, time on site, referrer, technical information such as browser type). The analysis helps us improve our offering and make it more user-friendly.

Matomo is self-hosted by us (installation under a domain separate from portraitplatform.com); this is not typical third-party US cloud tracking. Usage data processed by Matomo is processed on the servers where our Matomo installation runs.

We configure the tracker so that no Matomo tracking cookies are used; storage and analysis take account of anonymization options configurable in Matomo (e.g. IP anonymization).

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in statistical analysis of usage to optimize our website).

Objection / opt-out: You may object to processing by Matomo. Matomo provides an opt-out function: Matomo opt-out (English). After opting out, a cookie is set to store your objection (technically necessary to honour your choice).

6. Registration and User Account

6.1 Description and Scope of Data Processing

On our website, we offer users the opportunity to register by providing personal data. The following data is transmitted to us:

  • Name
  • Email address
  • Password (encrypted)
  • Time of registration

The data is used exclusively for providing the user account. After successful registration, you will receive a confirmation email.

6.2 Legal Basis

The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. If registration serves the performance of a contract, an additional legal basis is Art. 6 para. 1 lit. b GDPR.

6.3 Purpose of Data Processing

Registration is required to offer certain content and services on our website, in particular the download of portraits after purchasing an Access Pass.

6.4 Storage Duration

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This is the case when you delete your user account or request deletion. Storage may also take place if this is necessary for compliance with legal retention periods.

7. Payment Service Providers

We integrate payment services from third-party companies on our website. When you make a purchase with us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contractual and data protection provisions of the respective providers apply.

The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract processing) as well as in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR).

7.1 Stripe

Provider: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland

Processed Data: Transaction data (payment method, amount, date), name, email address, IP address, technical device data for fraud prevention.

Data Transfer to Third Countries: Data processed via Stripe may also be processed outside the EU/EEA (e.g. USA). As a basis for data transfer, Stripe uses standard contractual clauses of the EU Commission (Art. 46 para. 2 lit. c GDPR, Decision (EU) 2021/914).

Further Information:
Privacy Policy: https://stripe.com/privacy
Standard Contractual Clauses: https://stripe.com/privacy-center/legal#data-transfers

7.2 PayPal

Provider: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

Processed Data: Transaction data, email address, billing data. Your payment data stored with PayPal is used for payment processing. We only receive payment confirmation.

Data Transfer to Third Countries: Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Further Information:
Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full
Standard Contractual Clauses: https://www.paypal.com/webapps/mpp/ua/pocpsa-full

8. Email Contact

When you contact us by email, the data you provide (your email address, possibly your name and telephone number) will be stored by us in order to answer your questions.

Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in answering your inquiry).

Storage Duration: The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected or if you request deletion.

9. Rights of the Data Subject

If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

9.1 Right of Access (Art. 15 GDPR)

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing takes place, you can request further information about the processing from the controller.

9.2 Right to Rectification (Art. 16 GDPR)

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is inaccurate or incomplete.

9.3 Right to Erasure (Art. 17 GDPR)

You can request that the controller delete personal data concerning you without undue delay, provided that one of the legal grounds applies and the processing is not necessary.

9.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing from the controller if one of the legal conditions is met.

9.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format.

9.6 Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR.

9.7 Right to Withdraw Consent (Art. 7 para. 3 GDPR)

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9.8 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Competent Supervisory Authority for North Rhine-Westphalia:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestraße 2-4

40213 Düsseldorf

Website: www.ldi.nrw.de

10. Changes to the Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

Last updated: April 2026