+49 7841 627 44 00

info@pxlshare.com

Achern, Germany

GET STARTED
LOGIN

Privacy Policy

Last updated:

We, SynthScript, Owner: Christoph Kretschmer, Hornisgrindestraße 9, 77855 Achern, Germany (“we” or “us”), operate the website
https://www.pxlshare.com and take the protection of your personal data very seriously.
Below, we transparently explain which data we process, when, why, and on what legal basis — and which rights you have.

I. Data Controller

SynthScript, Owner: Christoph Kretschmer
Hornisgrindestraße 9, 77855 Achern, Germany
Email: contact@pxlshare.com
Website: https://www.pxlshare.com

Note: There is currently no obligation to appoint a data protection officer. If this changes, we will publish the contact details here.

II. Principles of Data Processing

Personal data means any information relating to an identified or identifiable natural person (e.g., name, address, email, IP address, user behavior).

1) Scope and Purposes

We process personal data only insofar as necessary for providing a functional website, fulfilling contractual services, complying with legal obligations, or protecting legitimate interests.
Data subjects particularly include customers, prospects, business partners, and website visitors.

Typical purposes include, among others: administration, customer support, billing/accounting, ensuring system security and stability, archiving, contract performance, and optimizing our services.

2) Legal Bases

  • Art. 6(1)(a) GDPR (consent)
  • Art. 6(1)(b) GDPR (contract / pre-contractual measures)
  • Art. 6(1)(c) GDPR (legal obligation)
  • Art. 6(1)(d) GDPR (vital interests)
  • Art. 6(1)(f) GDPR (legitimate interests, e.g., IT security, service optimization)

3) Storage Period and Deletion

We delete or block personal data as soon as the purpose ceases to apply. Longer storage occurs only if EU/DE statutory retention duties require it. After such periods expire, data will be deleted unless it is still required for contract performance or legal defense.

4) Technical and Organizational Measures (TOM)

We implement appropriate technical and organizational measures to protect your data (including encryption, access restrictions, role/rights management, and logging). Our safeguards are continuously adapted to the state of the art.

5) Transfers to Third Countries (e.g., USA)

If we use services outside the EU/EEA, we ensure adequate safeguards (particularly EU Standard Contractual Clauses, Art. 46 GDPR). Processing in third countries occurs only if necessary for contract performance, based on your consent, due to legal obligations, or on the basis of legitimate interests.

III. Website Provision & Log Files

When our pages are accessed, our hosting system automatically collects the following information:

  • Browser type/version including add-ons, operating system, language
  • Protocols used, Internet service provider
  • IP address, date/time of access
  • Pages/files accessed, referrer URL, amount of data transferred
  • Device (including display resolution), session duration/time on site, visitor source

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stability, security, display optimization, and operation of the website).

Storage period: Log files are generally stored for a maximum of 7 days and then deleted or anonymized.

The collection is required for secure operation; an objection is not possible in this respect.

IV. Cookies

1) Use

We use technically necessary cookies (session/persistent cookies) and — with your consent — analytics/marketing cookies.
Cookies are small text files stored on your device that make your browser recognizable.

2) Legal Basis

  • Technically necessary cookies: Art. 6(1)(f) GDPR.
  • Analytics/marketing cookies: Art. 6(1)(a) GDPR (consent via the consent banner).

3) Control & Withdrawal

You can delete/block cookies in your browser settings. Through the consent banner you can grant/withdraw consent. You can also withdraw consent by contacting us at the address above.

V. Processing When Using PxlShare.com

1) Registration & Account Management (Photographers/Businesses)

Required data: first name, email, phone, billing address (for paid use), VAT ID (where applicable), IBAN (settlement with end customers),
and any API keys (e.g., PayPal) for payment processing.

Optional data: digital business card/links (website, social media).

Purpose / Legal basis: account creation, contract performance, and support (Art. 6(1)(b) GDPR); legal obligations (e.g., tax law, Art. 6(1)(c) GDPR).
API keys are used exclusively for payment processing and stored securely. We do not store credit card data ourselves.

2) End-Customer Data of Our Customers (Galleries, Orders)

Our customers (e.g., photographers) provide galleries. End customers can view images, download them, create favorites, order print products, provide shipping addresses, and pay via PayPal/bank transfer.

Important: We process this data on behalf of our customers as a processor (Art. 28 GDPR). The controller within the meaning of the GDPR is the respective customer. A Data Processing Agreement (DPA) is concluded with all registered customers.

Storage period: Inactive end-customer accounts may be deleted after 24 months of inactivity following prior notice. When customer accounts are deleted, we generally remove associated end-customer data within 30 days.

3) Hosting of the Online Gallery

Online galleries are provided, among others, via IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany), e.g., under subdomains such as apps.pxlshare.com.
Further information: https://www.ionos.de/datenschutzerklaerung

4) Orders, Printing & Shipping

For orders via PxlShare.com, we process the data required for this purpose (name, address, order details) and transmit them to partner print companies for fulfillment.

Legal basis: Art. 6(1)(b) GDPR (contract performance). Order data are stored in accordance with statutory retention periods (see below).

5) Legal Bases & Retention

  • Contract/processing: Art. 6(1)(b) GDPR
  • Legitimate interests (operation/optimization/security): Art. 6(1)(f) GDPR
  • Legal obligations (tax/commercial): Art. 6(1)(c) GDPR

Retention: invoice/order data at least 10 years (§ 147 AO, § 257 HGB).

VI. Disclosure to Service Providers (Third Parties)

We use carefully selected service providers. Unless otherwise noted, processing is based on Art. 28 GDPR (processing under a data processing agreement) — with appropriate safeguards for third-country transfers.

1) Cloud & Server Services

2) Payment Services

3) Analytics & Tracking

4) Administration/Support & Other Services

VII. Newsletter (Brevo)

With your consent, you may subscribe to our newsletter (double opt-in). The only required field is your email address; first name is optional (for personalization).
Delivery and analytics are provided by Brevo (Sendinblue GmbH, Berlin) as our processor.

Data collected: technical usage data (e.g., IP address, device/browser, opens/clicks, region) to secure systems, prevent abuse, and optimize the newsletter.

Legal bases: Art. 6(1)(a) GDPR, Art. 7 GDPR in conjunction with §7(3) UWG; certain analytics based on Art. 6(1)(f) GDPR (legitimate interest).

Data locations: EU (particularly Germany).

Unsubscribe: at any time via the link in every email or by contacting us.

More information: https://www.brevo.com/de/features/data-security/

VIII. Hosting

Our website is operated by an external provider: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.

Scope: infrastructure/platform, computing power, storage, databases, security, and maintenance services.

Data categories processed: master/account, contact, content, contract, usage/movement, and meta/communication data (e.g., IP, browser).

Legal basis: Art. 6(1)(f) GDPR (secure/efficient provision); a data processing agreement pursuant to Art. 28 GDPR exists.

Data transfers: storage/processing exclusively within the EU.

IONOS privacy: https://www.ionos.de/datenschutzerklaerung

IX. TLS Encryption

Our website uses HTTPS/TLS. You can recognize an encrypted connection by the lock symbol and by “https://” in the address bar. This protects transmitted data from unauthorized reading.

X. Your Rights

You have the following rights under the GDPR:

  1. Withdrawal of consent (Art. 7(3) GDPR) — effective for the future.
  2. Access (Art. 15 GDPR) — to information about processed data/categories, purposes, recipients, storage duration, origin, and the existence of automated decisions, etc.
  3. Rectification (Art. 16 GDPR) — of inaccurate/incomplete data.
  4. Erasure (Art. 17 GDPR) — where no statutory duties/opposing rights prevail.
  5. Restriction (Art. 18 GDPR) — under the conditions stated therein.
  6. Objection (Art. 21 GDPR) — to processing based on Art. 6(1)(e)/(f) GDPR; this also applies to direct marketing.
  7. Data portability (Art. 20 GDPR) — in a structured, commonly used, machine-readable format or transfer to third parties.

Contact for data subjects’ rights:
Email: support@pxlshare.com
Mail: SynthScript, Owner: Christoph Kretschmer, Hornisgrindestraße 9, 77855 Achern, Germany

Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority, in particular in your place of residence or work or at the place of the alleged infringement (Art. 77 GDPR). A list of authorities is available here:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

XI. Automated Decisions / Profiling

We do not use automated individual decision-making or profiling.

XII. Changes to This Privacy Policy

We adapt this policy when legal, technical, or organizational changes require it. We will inform you appropriately about significant changes (e.g., a notice on the website).
The current version is available at https://www.pxlshare.com/privacy-policy.

Provider: SynthScript, Owner: Christoph Kretschmer — Hornisgrindestraße 9, 77855 Achern, Germany