Privacy Policy (Datenschutzerklärung)

Last Updated: June 2026

Protecting your personal data is of the utmost importance to us. This Privacy Policy explains how Thomas Eisl Photography ("we", "us", "our") collects, processes, and stores your personal data when you visit thomaseisl.photography, use our services, or purchase digital and physical products from our online shop.

All data processing operations are executed in strict compliance with the General Data Protection Regulation (GDPR / DSGVO) and the Austrian Telecommunications Act (TKG 2021).

1. Data Controller (Verantwortlicher)

The entity responsible for data processing on this website is:

• Name: Thomas Eisl

• Address: Thomas Eisl, Friedmanngasse 1a, 1160 Vienna, Austria

• Email: contact@thomaseisl.photography

2. Core Legal Bases for Data Processing

Under Article 6(1) GDPR, we only process your personal data if at least one of the following legal conditions is met:

• Consent (Art. 6(1)(a) GDPR): You have given us explicit consent to process your data for a specific purpose (e.g., subscribing to a newsletter or setting marketing cookies).

• Performance of a Contract (Art. 6(1)(b) GDPR): Processing is necessary to fulfill a contract with you (e.g., processing a shop order or delivering a digital download).

• Legal Obligation (Art. 6(1)(c) GDPR): Processing is required by law (e.g., maintaining financial records under the Austrian Federal Tax Code / Bundesabgabenordnung).

• Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary to protect our legitimate business interests, provided your rights do not override them (e.g., ensuring website security, defending against fraud).

3. Data Collection & Processing Scenarios

3.1 Website Hosting & Server Logs

• Data Categories Collected: IP address, browser type, referrer URL, date/time stamp

• Legal Basis (GDPR): Art. 6(1)(f)

• Retention Period: 7 years

3.2 Shop Checkout & Account Creation

• Data Categories Collected: Full name, billing address, country, email address

• Legal Basis (GDPR): Art. 6(1)(B)

• Retention Period: 7 years as required by Austrian tax law (§ 132 BAO)

3.3 Digital Download Delivery

• Data Categories Collected: Email addresses, download timestamps, IP address, download attempt frequency

• Legal Basis (GDPR): Art. 6(1)(b) & Art. 6(1)(f) (Fraud prevention & licence control)

• Retention Period: Duration of customer account access or license validity.

3.4. Third-Party Payment Processing

To process payments securely, our online shop integrates specialized external payment service providers. We do not store or clear your credit card details or bank account numbers. Your financial details are securely transmitted directly to the respective payment processor.

• Stripe: Processed by Stripe Payments Europe Ltd., Ireland. Data is processed to complete payments under Art. 6(1)(b) GDPR. Link to Stripe Privacy Policy

• PayPal: Processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg. Link to PayPal Privacy Policy

4. Cookies, Tracking, & Consent Management

4.1. Necessary Technical Cookies

Our webshop utilizes strictly necessary cookies to execute core functionalities, such as preserving items in your shopping cart or maintaining your session state across checkout steps. These are processed under Art. 6(1)(f) GDPR and do not require user consent.

4.2. Analytical & Performance Cookies

If you grant explicit consent via our cookie selection banner (Art. 6(1)(a) GDPR / § 165 TKG 2021), we may use privacy-compliant analytical scripts to track traffic flows and store content metrics.

Revocation of Consent: You can reopen your cookie settings and alter or withdraw your consent at any time.

5. Data Transmissions to Third Countries (Outside the EEA)

If we utilize digital infrastructure tools or external components run by providers based outside the European Economic Area (EEA)—such as cloud environments or distribution servers in the United States—we ensure a legally valid transfer mechanism is active. This includes checking for an active EU-U.S. Data Privacy Framework certification or utilizing approved EU Standard Contractual Clauses (SCCs).

6. Your Rights as a Data Subject

Under the GDPR, you have the following irrevocable rights regarding your personal data:

• Right of Access (Art. 15 GDPR): The right to request copies of your personal data held by us.

• Right to Rectification (Art. 16 GDPR): The right to correct inaccurate or incomplete data.

• Right to Erasure (Art. 17 GDPR): The right to request data deletion, provided it does not conflict with statutory preservation laws (like the Austrian BAO).

• Right to Restriction (Art. 18 GDPR): The right to limit how we process your data.

• Right to Data Portability (Art. 20 GDPR): The right to receive your data in a structured, machine-readable format.

• Right to Object (Art. 21 GDPR): The right to object to data processing based on legitimate interests or direct marketing.

To exercise any of these rights, contact us directly at: contact@thomaseisl.photography

7. Right to Lodge a Complaint with the Supervisory Authority

If you believe that the processing of your data violates European or Austrian data protection laws, you have the right to lodge a formal complaint with the competent national regulatory body:

Austrian Data Protection Authority (Österreichische Datenschutzbehörde - DSB)

• Address: Barichgasse 40-42, 1030 Vienna, Austria

• Email:dsb@dsb.gv.at

• Website:www.dsb.gv.at