This privacy policy informs you of how we treat your personal data.

Your trust is of the utmost importance to us. Therefore, we are committed to protecting any personal data that is collected and processed when you interact with us online or via mail. In doing so, we comply with the legal provisions of the Swiss Federal Act on Data Protection (FADP), the Swiss Ordinance to the Federal Act on Data Protection (OFADP), the Swiss Telecommunications Act (TCA) and other applicable data protection provisions under Swiss or EU law, in particular, the General Data Protection Regulation (GDPR).

1. Scope and purpose of the collection, processing and use of personal data

1.1 When you visit our website

When you visit our website, our host Kinsta temporarily stores data about your access in a log file. The following technical data is recorded, without your intervention, and stored until automatic deletion after no later than six months:

  • the date and time of access;
  • the IP address of the requested computer;
  • the name and URL of the requested file;
  • the status code;
  • the transmission protocol you used;
  • the server port number that is configured for the service;
  • the type and version of the browser you use;
  • the internet service provider you use;
  • the operating system you use;
  • the referrer URL, i.e. the previously visited page;
  • the host header name, if any;
  • the number of bytes sent by the server, as well as the number of bytes received and processed by the server, and;
  • the length of time that the action took, in milliseconds.

This data is collected and processed to allow you to use our site (establishing a connection), ensuring system security and stability in the long term and allowing our website to be optimised, as well as for internal statistical purposes. To process the data for these purposes, we rely on our legitimate interests.

The IP address is evaluated for clarification and defence purposes only in the event of an attack on the website’s network infrastructure or in case of a suspicion of unauthorised or abusive use of the website. It may further be used for identification purposes in criminal proceedings and the context of civil and criminal proceedings against the concerned individual, as necessary and required. To process the data for these purposes we rely on our legitimate interests.

Lastly, when you visit our website, we use cookies. Please see Sections 2 “Cookies” and 3 “Tracking Tools” for further details.

1.2 When you use our contact form or mail us

If you contact us by using our contact form or e-mail, we collect the following information from you:

  • Your name
  • Your e-mail address
  • The subject
  • Your message

We use this data solely to respond to you and retain e-mail addresses received as part of an enquiry only as long as the enquiry remains open.

By submitting your data through our contact form, you consent to the use of that information as set out above.

1.3 When you subscribe to our newsletter

You can subscribe to our newsletter through our website. Subscribing, however, requires registration and you will need to provide:

  • Your name
  • Your e-mail address

We only use this information for sending our newsletter until you withdraw your consent. You may withdraw your consent and unsubscribe from our newsletter at any time either by contacting us or by unsubscribing through the unsubscribe link at the end of the newsletter.

By subscribing to our newsletter, you consent to the use of that information as set out above.

1.4 In case you buy a print or licence

When you purchase a print or a licence, we collect the following information during checkout:

  • Your first name and last name.
  • Optionally your company name.
  • Your address: country, street address, postcode/zip and town/city.
  • An alternative address for shipping: country, street address, postcode/zip and town/city (optional).
  • Your phone number.
  • Your e-mail address.
  • Any order notes you might like to add (optional).
  • Your payment information: card number, expiry date and card code (CVC)

We solely use this information to fulfil your order and delete the data after the warranty periods and statutory retention periods have expired.

We use Stripe as our gateway for credit card payments. Stripe is a global online payment processor that is trusted by thousands of businesses across the globe. It uses the most stringent security standards.

By purchasing a print or licence, you consent to the use of the information provided as set out above.

1.4 When you create a user account

When you order a print or licence, you have the option to create a user account on our website. A user account is convenient when you think you might buy from us more often since you will not have to specify address and payment information again the next time you make a purchase.

When you create a user account, we ask you to specify a user name and the password. Subsequently, we store the following information in your account:

  • Your first name and last name.
  • Optionally your company name.
  • Your address: country, street address, postcode/zip and town/city.
  • An optional alternative address for shipping: country, street address, postcode/zip and town/city.
  • Your phone number.
  • Your e-mail address.
  • Your payment information: card number and expiry date

You can have us delete a user account at any time. Just contact us with a request to do so, and we will then delete your stored personal information immediately or as soon as we can after fulfilling any pending orders. You can see an overview of personal data stored by visiting the My Account section.

2. Cookies

When you access our website, we collect information using cookies and tracking.

Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website. Cookies neither damage the hard disk of your computer nor do they transmit your data to us.

We only use session cookies to help us make your visit on our website more comfortable, more pleasant and more meaningful. These session cookies are deleted after you close your browser. They are used, for example, to enable you to use the shopping cart function across several pages.

Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a warning message will always appear when a new cookie arrives.

Please note that deactivating cookies may prevent you from using all the features of our websites.

3. Tracking tools

To allow us to improve the usability and performance or our website, we use the web analysis service of Google Analytics. In this context, pseudonymised usage profiles are created, and small text files (“cookies”) are stored on your computer. The information generated by the cookie about the use of this website by visitors is transmitted to a server at Google Inc., a subsidiary of Alphabet Inc., in the US and stored there. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

We enabled IP anonymization on this website (anonymizeIp). IP anonymisation means that the IP address transmitted is truncated before sending analytics data within EU member states or other states that are a party to the agreement on the European Economic Area and Switzerland.

Google Inc. has submitted to the Privacy Shield Agreement concluded between the European Union and the US and certified itself. As a result, Google undertakes to comply with the standards and regulations of European data protection law. Further information is available on the following info page.

Google Analytics provides us with the following information:

  • the navigation path that you follow on the website;
  • the length of stay on the website or webpage;
  • the country, region, or city from which the access is made;
  • the device, browser type and version used, and;
  • the returning or new user.

This information may also be transferred to third parties if required by law or if the third parties are contracted for processing the data. Under the terms of Google Inc., under no circumstances will the IP address be used in connection with other data relating to the user.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website.

Users can prevent Google’s collection of the data generated by the cookie that relates to a visitor’s use of the website (including their IP address) and Google’s processing of this data by downloading and installing a browser plugin available.

Get the plugin!

4. Links to social media

On www.niophoto.com, we incorporated links to our social media profiles on the following social networks:

  • LinkedIn
  • Facebook
  • Instagram
  • Twitter

If you click on the relevant social network icons, it automatically redirects you to our profile on the applicable social network. To use the functions of the relevant network there, you must partially log in to your user account for the relevant network.

When you open a link to one of our social media profiles, a direct connection is established between your browser and the server of the relevant social network. This gives the network the information that you have visited our website with your IP address and accessed the link. When accessing a link to a network while logged in to your account on the relevant network, the contents of our page may be linked to your profile in the network. This means that the network can link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. An assignment takes place in any case if you log into the network after clicking on the link.

For more information about the purpose and scope of the data collection and further data processing by the above social media networks and your respective rights and data protection options, please see their respective privacy policies.

5. Disclosure of data to third parties

In principle, we only use your data within our company. We will only transfer your data to third parties if this is necessary:

  • for the use of this website;
  • to fulfil fine art print purchases;
  • for sending of newsletters that you subscribed to;
  • for the analysis of how you use this website;
  • to fulfil your fine art print or licence purchase;
  • if there is a legal obligation to do so, or;
  • if it is necessary for the enforcement of our rights, in particular to assert claims arising out of a contractual relationship.

The use of the data transferred for these purposes is strictly limited to the stated purposes.

6. Transmission of personal data abroad

We may transfer your data to third parties (contracted service providers) located abroad for the data processing described in this data privacy policy.

Any such third-party companies are obliged to protect the privacy of individuals to the same extent as we do. If the level of data protection in a country does not correspond to the Swiss or European level, we shall ensure by contract that the protection of your personal data corresponds at all times to that in Switzerland or the EU.

Certain third-party service providers mentioned in this privacy policy have their registered office in the US (see Section 3 “Tracking Tools”). Further explanations on the data that may be transferred to the US can be found under Section 3 “Tracking Tools”, and Section 7 “Note on data transfers to the US”.

7. Note on data transfers to the USA

For the sake of completeness, we note that, as part of US legislation, US authorities can take surveillance measures, under which the general storage of all data sent from the European Union to the US is possible. This takes place without distinction, limitation or exception, based on the objective pursued and without objective criteria that would allow it to limit access by US authorities to personal data and its subsequent use to specific, strictly limited purposes that justify access to this data.

Furthermore, we want to point out that there are no legal remedies available in the USA for the data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain their correction or deletion. There is no adequate legal protection against general access rights of US authorities. We explicitly draw attention to this legal and factual situation to the data subject so that he or she may make an informed decision as to the consent to the use of his or her data.

For individuals residing in EU Member States, please note that, for the European Union, the US does not have sufficient data protection levels due, among other things, to the issues mentioned in this Section. To the extent that we have explained in this privacy policy that recipients of data (such as Google) are located in the US, we will ensure, either by way of a contract or by requiring certifications from the companies at issue under the EU-US -Privacy Shield or the Swiss-US -Privacy Shield, that our partners adequately protect your data.

8. Right to information, deletion and correction

You have the right to obtain information on the personal data that we store about you on request at any time.

Also, you have the right to ask us to correct inaccurate data and to ask us to delete your data, as long as there is no legal retention duty that requires us or legal basis that allows us to process such data further.

We note that in the case of deletion of your data, the full use of our website may no longer be possible or not possible to the full extent.

You can withdraw your consent to specific data processing at any time with effect for the future.

If GDPR applies to your relationship with us, you also have the right to demand the release of the data you have given us (right to data portability). On request, we will also forward the data to a third party of your choice. You have the right to receive the data in a common file format.

For the purposes mentioned above, just get in touch. We may, at our discretion, require proof of identity to process your request.

This does not affect your right to complain to a data protection authority at any time.

9. Data retention

Unless explicitly stated, we only store personal data for as long as necessary to fulfil the purposes for which we collected it. Please note that legal retention periods may apply for specific data, for example, in tax or commercial law. We must store such data until the end of the retention period. We block any such data in our system and use them exclusively to comply with our legal obligations.

10. Data security

We are committed to ensuring that your personal information is secure, and we take all technical and organisational security measures that we deem appropriate to protect your stored data against manipulation, loss, or unauthorised third party access and use. We adapt our security measures continually to technological developments.

Your data, as well as all payment transactions, are encrypted and processed over a secure SSL connection.

We use Stripe as our gateway for credit card payments. Stripe is a global online payment processor that is trusted by thousands of businesses across the globe. It uses the most stringent security standards.

We also take internal data privacy very seriously. Our employees and the service providers that we retain are required to maintain secrecy and to comply with applicable data protection legislation. Besides that, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

Furthermore, we can not guarantee that our website will be available at all times. We cannot rule out disruptions, interruptions or failures. The servers we use are regularly and carefully backed up.

11. Contact

If you have any questions or concerns regarding data protection, if you want to receive information or if you would like to request the deletion of your data, please contact us using the contact form on this website.

Contact us

Last update: January 9th, 2023