Persönliche Beratung
0441 18131911 Auftragsstatus

Mein Konto

Bitte wählen Sie...
Beim Abmelden werden alle nicht gespeicherten Projekte und Ihr Warenkorb aus Sicherheitsgründen gelöscht.

Privacy policy
CEWE Passport Photo App

CEWE respects your privacy. All data collected is used to fulfil your order, to use the app and to improve our services. Data protection and data security for customers and users are a high priority for CEWE. The protection of your personal data throughout our business processes is therefore of particular concern to us. In accordance with Art. 13 of the EU General Data Protection Regulation (GDPR), this privacy policy explains which data is collected in our CEWE Passport Photo App (hereinafter "App") and for what purpose, and how it is stored and protected.

We, CEWE Stiftung & Co KGaA, Meerweg 30-32, 26133 Oldenburg, Germany, as the controller within the meaning of the General Data Protection Regulation, take the protection of your personal data very seriously and comply with the statutory provisions on data protection.
This privacy policy covers all functions and ordering methods of the app offered by CEWE, including installation on the mobile device.
In order to improve our offer, special events are recorded in the applications, such as transmission errors when uploading an order or the installation of the application from an advertising campaign. The data collected in this way is pseudonymised and transferred to external service providers (Adobe System Inc., AppsFlyer Ltd.) for the purpose of statistical analysis. By installing the app, you consent to this data collection. The data collection takes place in accordance with Art. 6 para. 1 lit. f GDPR. You can revoke your consent by uninstalling the app.

In order to process your orders, we need to collect personal data. This includes, for example, biometric data as part of the passport photo, your name and your address. Your data will be used in accordance with the applicable data protection regulations solely for the purpose associated with the respective collection and to protect our own legitimate business interests. We therefore only collect data that is necessary for the smooth handling and improvement of our business processes and, above all, the processing of your order.

Our application comes into contact with our servers for various purposes. This is necessary, for example, when checking biometric features, displaying retail partner shops, requesting and updating price information or in the case of an order. Access data such as the current IP address of your access, the date and time of your visit are temporarily stored on our servers. This data is deleted after 7 days at the latest.

1. collection and processing of personal data
The CEWE Passport Photo App can essentially be divided into the following functions:

  • Taking a portrait photo
  • Verification of biometric features
  • User registration or login
  • In-app purchases

When selecting the following items, user registration/login and the purchase of an item in the app are required:

  • Purchase of a digital passport photo for storage on your smartphone
  • Purchase of a digital passport photo for storage on a smartphone and subsequent printing at a CEWE photo station
  • Purchase of a digital passport photo for transmission to official institutions, such as passport offices, driving licence offices, etc.

The personal data collected in this context is used for order processing and to simplify future use of the app. The app makes use of an AI-based assistant to guide the user while taking a biometric portrait. The caputured image is compared to the requirements for a biometric photo which allows the app to provide assistance to the user. All data comparison takes place within the app. This data is not stored on our servers.

To validate the biometric features, the biometric data of the portrait photo is compared with the legal requirements. In this context, we use a software solution from Cognitec Systems GmbH. The biometric data is compared in accordance with ISO 19794-5 and ISO 39794-5 standards. For this purpose, the captured data is transferred to our servers via secure interfaces.

The data is only stored on our servers after a successful purchase. The duration of storage (expiry date) is displayed to the customer in the app. After the expiry date, the photo will be irrevocably deleted. In addition, the customer can delete the photo from our servers in the app at any time before the expiry date and the associated automatic deletion.

2. transmission of data via the Internet
Sensitive data, such as biometric data, login, password, address data, information about your payment methods, credit card data or account data for direct debit are transmitted exclusively via encrypted connections (HTTPS / SSL) and stored on security servers. The electronic payment process is handled by a certified payment service provider.

3. note on data transfer to third countries
To ensure the high availability of our customer service, we are occasionally supported by service providers outside the scope of the EU GDPR. We have concluded contracts with the service providers in accordance with Art. 44 EU GDPR in conjunction with the EU standard contractual clauses and regularly ensure that our very high data protection requirements are also fully met.

4. contact us
You have the option of contacting us in several ways: By e-mail, by telephone, by WhatsApp or by post. When you contact us, we use the personal data that you voluntarily provide to us in this context. This is done solely for the purpose of contacting you and to be able to process your enquiry properly. When contacting us by telephone, there are no costs higher than the transmission costs according to the basic rate.

5. Use and disclosure of personal data and purpose limitation
The processing and forwarding of your data takes place on the following legal bases: Art. 6 para. 1 lit. a) EU GDPR for all processing that requires consent, Art. 6 para. 1 lit. b) EU GDPR for contract fulfilment, Art. 6 para. 1 lit. c) EU GDPR for consent management to fulfil legal obligations and Art. 6 para. 1 lit. f) EU GDPR for further processing with legitimate interest. We use the data you provide to fulfil and process your order in accordance with Art. 6 para. 1 lit. b) EU GDPR. Your data will be used in accordance with the applicable data protection regulations solely for the purpose associated with the respective collection and to safeguard our own legitimate business interests in accordance with Art. 6 para. 1 lit. f) EU GDPR, in particular the technical administration of the websites. We will only use this data for product-related surveys and marketing purposes if you have given us your prior consent in accordance with Art. 6 (1) (a) GDPR. You can revoke any consent you have given at any time with effect for the future.

Payment
In order to process payments, we pass on the necessary payment and order data to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the payment service selected by you in the ordering process.

Transfer of data to third parties
Personal data will only be transferred to government agencies within the framework of mandatory legal provisions or if you have selected the transfer to government agencies for the digital processing of biometric passport photos. Your data will only be passed on to private third parties if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we will pass on your data to third parties if this is necessary for the use of the website and contract processing (including outside the website), namely the processing of your orders. Our employees are obliged by us to maintain confidentiality and to comply with the relevant data protection regulations.

Consent for newsletter
In order to provide you with interesting information on the subject of passport photos, we offer you the opportunity to register for our newsletter. When registering for the newsletter, your data (such as email address, first name, surname, title, interests) will be used for our own advertising purposes on the basis of Art. 6 para. 1 lit. a) EU GDPR. For this purpose, we use the products of Salesforce.com Germany GmbH and transfer the data to them. Use by third parties is excluded. Unsubscribing from the newsletter is possible at any time and can be done via a link provided for this purpose in the newsletter, via your customer account or via customer service.

Product recommendations
We will send you further information and product recommendations based on your order. The legal basis for this is our legitimate interest in accordance with Art. 6 I f) in conjunction with Section 7 (3) UWG. For this purpose, we use the products of Salesforce.com Germany GmbH and transfer the data to them. The data is used there exclusively by us for the purpose of sending product recommendations; use by third parties is excluded. You can object to this transmission at any time.

Postal advertising
If we receive your address in connection with the sale of our goods or services and you have not objected to this, we reserve the right to regularly send you offers for similar products to those you have already purchased from our range by post. This serves to protect our interests in advertising to our customers. You can object to the use of your address at any time by sending a message to the contact option described here.

6. collection of anonymous user data
In our app, data is collected and stored for marketing and optimisation purposes using app analysis technologies from Adobe Systems Inc. on the basis of Art. 6 para. 1 lit. a) and Art. 6 para. 1 lit. f) EU GDPR, from which user profiles are created using pseudonyms. These user profiles are used to analyse visitor behaviour and are evaluated in order to improve and tailor our offering. The pseudonymised user profiles are not merged with personal data about the bearer of the pseudonym without the express consent of the person concerned, which must be given separately. Further information about the individual marketing and analysis cookies can be found here. Further information on terms of use and data protection can be found here: Adobe Systems Inc.: https://www.adobe.com/de/privacy/policy.html Appsflyer Inc.: https://www.appsflyer.com/de/legal/privacy-policy/ To make it easier for you to use our ordering software, we request access to location information, for example. This information is not used for purposes other than those listed below. This data is neither stored nor statistically analysed by us. Location information is used in the ordering software to present a suitable preselection for location-dependent offers, such as the selection of a shop in your neighbourhood.

7. security measures
CEWE uses extensive technical and operational security measures to protect your personal data managed by us against misuse, accidental or intentional manipulation or against access by unauthorised persons. Our security procedures are continuously improved in line with technological developments.

8. rights of data subjects
When processing your personal data, the EU General Data Protection Regulation grants you certain rights:
a. Right of access (Art. 15 EU GDPR):
You have the right to request confirmation as to whether personal data concerning you is being processed. If this is the case, you have a right of access to this personal data and to the information listed in detail in Art. 15 EU GDPR.
b. Right to rectification (Art. 16 EU GDPR):
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed.
c. Right to erasure (Art. 17 EU GDPR):
You also have the right to demand that personal data concerning you be erased immediately if one of the reasons listed in detail in Art. 17 EU GDPR applies, e.g. if the data is no longer required for the purposes pursued.
d. Right to information (Art. 19 EU GDPR):
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.
e. Right to restriction of processing (Art. 18 EU GDPR):
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 EU GDPR is met, e.g. if you have objected to processing, for the duration of any review.
f. Right to data portability (Art. 20 EU GDPR):
In certain cases, which are listed in detail in Art. 20 EU GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.
g. Withdrawal of consent (Art. 7 para. 3 EU GDPR):
You have the right to withdraw your consent at any time. This means that we will not continue the data processing that we previously carried out on the basis of your consent. Your revocation does not affect the legality of the data processing that has already taken place.
h. Right to lodge a complaint with a supervisory authority (Art. 77 EU GDPR):
In accordance with Art. 77 EU GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of the data concerning you violates data protection regulations. The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
i. Right to object (Art. 21 EU GDPR):
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e) or Art. 6 para. 1 lit. f) EU GDPR, in accordance with Art. 21 para. 2 EU GDPR. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

9. data protection officers (here we must refer to the data protection officers in the federal states)
If you have any questions about data protection at CEWE, please contact us:

CEWE Foundation & Co. KGaA
Data protection
Meerweg 30-32
26133 Oldenburg
Phone: +49 (0)441 404299
(datenschutz@cewe-group.de)
Mrs Elwira Wall

Oldenburg, August 2024