In our Privacy Policy, we provide you with an overview of how we process your personal data when you use our services or visit our websites, in accordance with our information requirements and in accordance with the General Data Protection Regulation. The Privacy Policy applies regardless of whether you are a registered user, using our app (“EyeEm”) or are visiting our websites.
The data controller responsible for the processing of your personal data when using our services within the meaning of Article 4 (7) of the GDPR is:
EyeEm Mobile GmbH, Lobeckstr. 30-35, 10969 Berlin, Germany Managing Director: Olivia Mellett
www.eyeem.com [email protected]
Data protection officer: [email protected]
“Personal data” within the meaning of Article 4 (1) of the GDPR is: “... any information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is considered as being identifiable, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.”
We collect and process your personal data for the purpose of providing you with our services and their advanced features, continuously improving and developing them, ensuring their technical functionality and ensuring the security of our services.
You are a “creator” if you want to share your content with us within the community (community account) or if you also want to offer it for licensing (Market account).
Community account:
To set up a community member account, we need:
If you register with us via a social network like Facebook, Inc. or Google, Inc., please read section 4.3 (a), since in this case we do not collect your data directly from you, but from a third party – namely the respective social network.
Market account (as Market):
For the activation of your Market account in order to offer your content for licensing, we need the following additional information:
Providing the above information about you is required. Otherwise, we cannot create the respective user account for you and cannot process any transactions for you (e.g. licensing of your content, payouts).
We use this data:
Storage time: In principle, we only store this data until the deletion of your user account. If you have sold a license to your content, your data will also be archived for the duration of the statutory retention periods (tax-related, e.g. 10 years).
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) (b) GDPR) or your consent (Art. 6 (1) (a) GDPR) as far as it is necessary and you have given it to us (e.g. for the newsletter).
If you would like to purchase licenses for the use of content available at EyeEm Market, we request you to provide the following information to create your user account and to carry out the requested transactions:
Providing this information is necessary to create the respective user account for you and to conduct transactions with you and to grant you licenses according to our License Terms.
We use this data:
Storage time: We usually store this data in our active storage only until your user account is deleted and pending transactions are completed. Following this, we will archive the data for the duration of the statutory retention periods (tax-related, e.g. 10 years).
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) (b) GDPR) or your consent (Art. 6 (1) lit.a GDPR) insofar as it is required and you have given it to us (e.g. for the newsletter).
If you have a Community Account, you can voluntarily provide additional profile information in your profile to make it more meaningful. For example, you can:
We use this data to make it visible in your profile to other users.
Storage time: As a rule, we only save this data until your user account has been deleted and pending transactions have been completed.
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) lit.b GDPR).
When you have registered as a Creator, you can upload content to EyeEm via our website or app.
When you would like to upload content to EyeEm via the app, you must first give EyeEm access to your media library (i.e. Camera Roll or Photo Albums) on your mobile device. With this permission, we will display the folders and photos available in your media library from which you can select photos and upload them to your profile (Community or Market). In addition, the "Suggestions" tab within the upload process will show you the photos that you have either already liked in your media library (“Favorites”) or edited in other photo related apps (e.g. VSCO, Snapseed, Lightroom, Instagram, Flickr, etc.) and that also have a minimum size of 4 million pixels.
With this function we want to make it possible for you to quickly find and upload suitable photos for the EyeEm Market from the abundance of content in your media library. This pre-selection takes place automatically and exclusively on your mobile device. Beyond the purpose of a preselection of your photos, we do not process or store your photos or any other data that may be contained in your photos or media library before you select a photo and start to upload it. You can revoke your consent to access your media library at any time in the privacy settings of your mobile device. Without this consent you cannot upload pictures to the app, but you can still use other functions of the app (e.g. discover pictures of selected photographers, read articles in the EyeEm magazine).
When you upload content, we also process the information contained in the metadata of such content (so- called exif data), such as the date, time and location of the shot, camera type, shutter speed, etc., as well as any additional information you provide about the content (e.g. tags, captions). We only collect and process information about the location of the photograph or recording if this information is already included in the metadata, if this information is derived from the content (e.g. for sights, landmarks) or if you add the location yourself when uploading.
We use this data to provide our services, in particular to optimize the quality and sales opportunities of your content.
Storage time: We usually store any metadata only until your user account is deleted and pending transactions are completed. When you use the “Suggested” feature we do not store any personal information. The feature runs completely on your mobile device.
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) (b) GDPR) or your consent (Art. 6 (1) lit.a GDPR), as applicable.
When you contact our support team or Data Protection Officer, we will save your email address and any other information that you provide in the context of your request.
The data will be stored and used exclusively for the processing of your respective request and any subsequent correspondence.
Storage time: The data is stored up to six (6) months after the completion of your request with us and then deleted as far as this concerns personal data.
Legal basis: The legal basis for this processing of your personal data is the fulfilment or initiation of a contract between you and us (Art. 6 (1) (b) GDPR). In case of data protection inquiries, the storage serves as proof of fulfilment of our data protection obligations (e.g. for information, correction or deletion).
When you send us inquiries via our contact form or via email, we will save:
We use this data to answer your inquiries and to contact you regarding possible cooperations or information of events.
Storage time: We store this data until six (6) months after the completion of your inquiry with us and then delete it unless you expressly agree that we may keep it longer.
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) (b) GDPR).
When you register for our newsletters or email updates, we will save:
We use your email address to first verify your subscription (double opt-in) and then to send you the respective newsletter or community updates via email. Community updates may include community newsletters, relevant press releases, information regarding new events, competitions and brand partnerships, announcements on Missions, specific community events and feature updates.
Storage time: Your email address will be deleted as soon as you unsubscribe from the respective newsletter or community update.
Legal basis: The legal basis for this processing of your personal data is your consent (Art. 6 (1) (a) GDPR), which you provide to us with your request to receive our newsletter.
When you register for our press mailing list, we will save:
We use your email address to verify your subscription (double opt-in) and to send you press releases, event information and invitations.
Storage time: Your email address will be deleted as soon as you unsubscribe from the mailing list.
Legal basis: The legal basis for this processing of your personal data is your consent (Art. 6 (1) (a) GDPR), which you provide to us with your request to register for the mailing list.
When you provide us with a model or property release for the release of photographs or recordings of you, your private rooms, your works or other property rights to which you are entitled, we will store the personal data as stated in the respective release form, namely:
Providing this information is necessary in order to prove to third parties that you agree that the content depicting you or your property can be used commercially.
We only disclose the information to our distribution partners (by sending them the entire release document) and, if necessary, to the specific licensee. For more information, please see section 5.2.
Storage time: We store the releases as long as your content is available at EyeEm Market , in the case of a license sale of such content, we also store the respective release(s) beyond this period for the duration of possible legal claims in order to be able to prove our authorization to license the content commercially. The same applies to the third party to whom we may pass on such releases.
Legal basis: The legal basis for this processing of your personal data is the fulfilment of a contract between you and us (Art. 6 (1) (b) GDPR) or your consent (Art. 6 (1) (a) GDPR) that you expressly confirm with us in the respective release.
Log data is data that is automatically recorded when you visit our website(s) or use our app. Specifically, this is the following data:
We use this data solely for troubleshooting and quality-assurance purposes, for statistical and analytical purposes, and for monitoring system security.
When you share your location data in your device settings, we process that data to suggest locations for tagging your content and to display nearby recorded content in our discover feed.
For our service to work properly, we sometimes store small files – called cookies – on your device. This is common on most major websites.
A cookie is a small text file that leaves a web portal on your device (computer, tablet or smartphone) when you visit it. This allows the portal to “remember” certain inputs and settings (e.g., login, language, font size, and other display preferences) over a period of time, and you do not need to re-enter them each time you visit and navigate the portal.
You can control and/or delete cookies at your convenience. You can find out how to do this in the help function of the browser you are using or, for example, here: aboutcookies.org. You can delete all cookies stored on your device and set most browsers to prevent the storage of cookies, but then you may be required to make some settings manually each time you visit a page and accept the impairment of some features.
On our website we use the following cookies:
With your explicit consent (in the cookies banner displayed on our website) we use the following cookies:
The cookies are not used for any purposes other than those mentioned above. After having given your consent you can opt-out of each cookie category (except strictly necessary cookies) in the “cookie settings” of your account. The cookie customization settings are provided by the service provider OneTrust.
(iv) Cookies and similar third-party technologies
In addition to our own cookies, we also use third-party cookies and similar technologies (such as counting pixels) to provide our services, including troubleshooting, quality assurance, system-security monitoring, statistics and analytics, and a user-friendly design of our offerings (e.g. location-based photo contests), to measure efficiency and for optimization of advertisements we provide with other providers. As the providers and other technologies used may change, you should periodically review our Privacy Policy for updates.
Provision of our services
- Google Analytics
On our website we use Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses cookies which are text files placed on your computer to help analyze how users use our website(s). The information generated by the cookies is regularly transmitted to a Google server in the US and stored there. However, since IP anonymization is enabled on our website, Google will abbreviate the IP address of users within the EU Member States or within other parties to the Agreement on the European Economic Area prior to transmission to Google. Only in exceptional cases the full IP address will be sent to a Google server in the US and abbreviated there. Google processes this information on our behalf to analyze the use of the website by the user, to provide reports on the activities on the website and to provide other services in connection with the use of the website for EyeEm. As part of the services provided by Google Analytics, the IP address transmitted by the user’s browser will not be merged with other data collected by Google.
You may prevent the collection of cookie-generated data about your use of the website (including IP address) and its processing by Google by downloading and installing the following browser plug-in via the link below: http://tools.google.com/dlpage/gaoptout?hl=de
- Amplitude
Within our app, we use the analysis services of Amplitude Inc. to collect certain data about the use of the app. The data collected includes your country of origin (including city and region) from which you registered and use the app, the language you use on your device, information about your device (model, operating system and version, mobile operator, device ID) and information about your usage (total duration in hours; date and time of last access to the app) and use of the various functions in the app (upload, discover, missions, etc.). The data obtained in this way is regularly transmitted to a server of Amplitude in the US. The data is stored and analyzed there and then transmitted to EyeEm. This service enables us to better understand the behavior of our app users and make the EyeEm Community and EyeEm Market more user- friendly and attractive. Amplitude is certified under the Privacy Shield Agreement and thus offers a guarantee that the European level of data protection is maintained (www.privacyshield.gov/participant?id=a2zt000000001XZAAY&status=Active). To find out more about how Amplitude uses information for analytical purposes can be found in the Amplitude Privacy Policy: https://amplitude.com/privacy.
- Crashlytics Firebase
We have integrated the analysis service Crashlytics, a service of Google Inc. into our app. Crashlytics collects information for us on how and under what circumstances the app crashes. The service therefore searches for crashes of the app, analyzes the collected data and provides us with reports. The collected data includes the device type, the version of the operating system and certain data on the hardware of your mobile device and the time of the crash, as well as your user ID and device ID. This information indicates how the app was working at the time of the crash. Crashlytics does not receive information that can identify you as a person. You can find out more about how Crashlytics works at: https://firebase.google.com/products/crashlytics
- Hotjar
If you have given your consent to cookies, we use Hotjar, a service of Hotjar Ltd., Malta (Europe) in order to better understand our users' needs and to optimize our service and users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don't like, etc.). This enables us to build and maintain our service by means of user feedback. Hotjar uses cookies and other technologies to collect data on our users' behavior and their devices (in particular the IP address of the device (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s Privacy Policy at https://www.hotjar.com/legal/policies/privacy/.
Advertising
We use so-called AdServers and their tracking tools to measure, optimize, and track clicks on our ads which we position on other sites. This process is used to evaluate the effectiveness of ads for statistical and market research purposes and may help optimize future advertising efforts. If you submit personal data via an ad-form (e.g. your name and email address), such information will be transferred to EyeEm and stored in Hubspot, a service used for client management. If you are already registered with EyeEm (Buyer Account), your user ID will be linked to the data collected in an ad-form.
In all other cases, we only receive statistical pseudonymous data without reference to a specific person. Such data is stored in a cookie. In connection with the display of ads, third-party servers are necessarily contacted directly when using EyeEm. The third-party providers themselves are responsible for the privacy- compliant operation of the IT systems they use and the storage duration.
Here you will find more information about the tracking pixels we use and their data processing:
- Facebook Pixel
We use the "conversion pixel" of Facebook Inc. By calling this pixel from your browser, Facebook can then determine whether a Facebook ad was successful. In particular, if you are registered with Facebook, we refer you to their privacy information at https://www.facebook.com/about/privacy/. To change your consent please go to www.facebook.com/settings?tab=ads - LinkedIn
Our website uses features of the LinkedIn network provided by LinkedIn Corporation. When some selected pages containing LinkedIn features are accessed, a connection is established to LinkedIn servers. LinkedIn will be notified that you have visited our website using your IP address. If you click on our LinkedIn advertising and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our website with your user account. We have no knowledge of the content of the transmitted data or its use by LinkedIn. Further information can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy. You can adjust the settings for advertising tracking at this link: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest
We use "Twitter pixels", a service provided by Twitter Inc. In particular, the Twitter pixel allows us to track users' actions after they have seen or clicked on a Twitter ad. The collected data is stored and processed by Twitter in accordance with the Twitter Privacy Policy: https://twitter.com/privacy. We have no influence on the extent and further use of data collected through the use of Twitter pixels by Twitter. You can change your privacy settings and permissions on Twitter in your account settings at: https://twitter.com/account/settings.
- Hubspot
We make use of a number of Hubspot Inc. services which make use of cookies for the provision of their services. Whilst these cookies are typically used to manage performance of the Hubspot services we use and do not include any personal information, it is possible that visits to our website, where we have your contact details, in the Hubspot CRM can be associated to you and therefore linked within our CRM record against your contact record. You can find out about what cookies Hubspot may place on your device here: https://knowledge.hubspot.com/articles/KCS_Article/Reports/What-cookies-does-HubSpot-set-in-a-visitor- s-browser.
- Google Ads
We use Google Ads functions of Google Inc. to target our online advertising on the Internet. Google uses cookies and/or device identifiers to deliver ads based on previous visits to the site or app. You could disable Google's use of cookies or device IDs in your advertising preferences. Link to opt-out: https://adssettings.google.com/authenticated
- Floodlight
Our online service uses the Floodlight service, a conversion tracking system from Google Inc. For more information about Google Floodlight, please visit: www.support.google.com. You can install the plug-in offered at https://www.google.com/settings/u/0/ads/plugin?hl=en to object to the analysis of the data described above with effect for the future.
- Google Tag Manager
Our website uses the Google Tag Manager for the purpose of controlling the above-mentioned tracking tools and thus enabling personalised, interest- and location-related online advertising. Here is the link to opt-out: https://adssettings.google.com/authenticated.
- Quantcast
We make use of the Quantcast pixel tags to collect demographic information from our audience (including age, gender, family, location, income, education and occupation) to enable statistical and market research purposes and interest-based advertising.". The data collected by Quantcast is pseudonymous and does not contain any direct identifiable information (see Quantcast privacy policy here: https://www.quantcast.com/privacy/).
When you register with us through Facebook, Inc. or Google, Inc., we will receive the authentication information required for your registration, i.e.:
We use all of this information only to the same extent as the data that you provide when registering through our app or website.
If you log in via the app, the data transmitted to us will also be used to help you find your Facebook / Google+ friends or be found by them, as long as they have also linked their account to the respective services.
We will only disclose your personal information to third parties (including processors, i.e. third parties who process data for us on our behalf) if the transfer is necessary to fulfill our contractual obligations to you, if we are otherwise legally entitled or obliged to disclose it, or if you have given us consent to do so. In order to provide our services, selected personal information may be shared with certain departments within our company. This includes employees from the accounting, legal, product management, marketing and IT departments. In certain cases, we also use external service providers who are commissioned by us to process data for us in accordance with instructions (see below).
To the extent that your information is disclosed to third parties which are not located in an EEA country, we will ensure that the recipient has an adequate level of data protection, that adequate confidentiality provisions in the applicable contracts are maintained, that the standard contractual clauses for the transfer of personal information to processors issued by the European Commission are complied with, or that we obtain your consent.
Other users of our services, whether registered or not, or those accessing the content uploaded to EyeEm through a so-called API (Application Programming Interface), may be shown any information displayed on your public EyeEm profile (not your email address).
We will pass your names and/or usernames for the purpose of naming and identifying the copyright owner, to all who acquire use licenses for your content as well as our partners who market your content abroad. At the latest at their request, they also receive model releases and property releases for the purpose of proving the consent of the persons depicted or the persons entitled to the objects depicted. You agree with this transfer of data if you send us the respective model release or property release.
We also share your information with companies whose services we use to provide our services and manage our business affairs. In particular, the following services are provided to us by contractors we use: Payment services, hosting services, newsletter delivery, maintenance and support, web/app analysis, fraud monitoring and prevention, marketing services, CRM services, customer service management services, geodata transformation into actual locations, etc. Such service providers will be contractually obliged by us to process your data in accordance with the strict guidelines of the GDPR and may not use your data for any other purpose. Data will be disclosed in accordance with Art. 28 (1) GDPR or, alternatively, in accordance with our legitimate interest in the economic and technical benefits of using specialist processors, Art. 6 (1) lit. f GDPR.
Insofar as we are legally obliged to do so or this is permitted under data protection law, we transmit personal data to authorities such as the police or the public prosecutor's office (Art. 6 (1) lit. c GDPR). This data is disclosed on the basis of our legitimate interest in combating misuse, prosecuting criminal offences (e.g. credit card fraud) and securing, asserting and enforcing claims, provided that your rights and interests in the protection of your personal data do not predominate, Art. 6 (1) lit. f GDPR.
We may share your personal information with our affiliates (EyeEm Group GmbH, EyeEm Inc.) if necessary to provide our services.
We may disclose and transfer data collected, processed and stored under this Privacy Policy in the course of a sale, merger or change of control. As part of a due diligence, we will only disclose and transfer anonymous data in a virtual space without any personal reference. In the event of legal succession, the acquiring company has the right to use your data in accordance with this Privacy Policy in order to fulfil its legal obligations as legal successor.
In addition to the ability to exercise control over your personal information and other data by changing your information and settings in your user account and, if necessary, creating links to third-party applications such as Facebook or Google, allowing or blocking cookies, or making do-not-track settings in your browser, you have the following legally protected rights. We offer you communications and measures in this respect in principle free of charge. However, in the case of manifestly unfounded or excessive requests, especially in the case of frequent repetition, we may levy a fee or refuse to act.
You have the right at any time to request information about what personal data we process about you and to demand correction, deletion and/or restriction of your personal data stored by us. For your security, we will ask you to verify your details in the event of such a request or change. Please send us a message at: [email protected].
If the data processing by us is based on your consent, you can revoke this consent at any time. To revoke your consent, please send us a message at: [email protected].
If applicable, you have the right to demand that we provide you with your personal data in a structured, common and machine-readable format, provided that the data processing is based on your consent or a contract between us or is carried out by automated means. However, this does not apply if the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the data controller. Furthermore, you have the right to have the personal data transferred directly from one responsible person to another responsible person, as far as this is technically feasible and as long as the rights and freedoms of other persons are not affected.
You also have the right to lodge a complaint about us with our regulatory authority.
We have made technical and organizational arrangements to secure the website, mobile applications and other systems against loss, destruction, access, modification or disclosure of your personal data. Access to your profile is only possible after entering a password. You should always treat access information confidentially and close the browser window as soon as the connection with EyeEm is finished.
We occasionally change and update our Privacy Policy to adapt it to changing requirements. If we make any material changes, we will notify you in advance by email or through our services (e.g. in-app news item) so that you can review the changes before they come into force. In the event of other updates or changes, we will publish the amended Privacy Policy without a separate notice on our website. Accordingly, you should periodically visit our Privacy Policy to ensure that you know the current regulations. If you do not agree with the changes, you should not use our services and delete your account if you have one. If you use our services after the effective date of our amended or updated Privacy Policy, the processing of your personal data is automatically subject to our updated Privacy Policy.
December 2022