Privacy Policy
1 General Information Regarding Data Processing
1.1 Data Controller
This website is owned and operated by Pixsy, Inc., 440 N Barranca Ave, Covina CA 91723, USA (“Pixsy”). Further processing may be conducted by EU entities of Pixsy. More contact information about Pixsy can be found in the legal notice on this website.
This Privacy Policy describes the collection and use of your personal data in the context of the usage of our website (www.pixsy.com) including all subdomains and the usage of our services including the web-based applications which are accessible after login. Separate Privacy Policies for such services may amend or change the content of the Privacy Policy and shall be read in conjunction with this declaration.
1.2 Applicable Law / Data Protection Management System
Pixsy is governed by the laws of the United States and the laws of the state of California. The EU General Data Protection Regulation (“GDPR”) only applies to European entities of Pixsy directly. A transfer from a European subsidiary to Pixsy shall take place only if the requirements of Art. 44 – 50 GDPR are fulfilled.
On a voluntary basis and without this resulting in a legal obligation Pixsy has implemented a company-wide Data Protection Management System (“DPMS”) that is based on the requirements of the GDPR in order to ensure compliance with the high data protection standards of the European Union for all customers. The DPMS applies to all Pixsy companies, some of which share responsibility for individual data processing operations. The following Privacy Policy describes the data processing according to the requirements of Art. 13 ff. GDPR.
1.3 Data Protection Officer
We have appointed an external data protection officer Data Protection Officer (“DPO”) and with regard to the implementation and maintenance of our DPMS. You can reach our appointed Data Protection Officer:
via postal mail at:
Pixsy Inc.
Attn: Data Protection Officer
440 N Barranca Ave, Covina
California, 91723, USA
or via e-mail at: dataprotection@pixsy.com (or support@pixsy.com)
1.4 Your Rights
In accordance with the statutory provisions, you as the data subject have the following rights:
- the right to access,
- the right to rectification or erasure,
- the right to restriction of processing, and
- the right to data portability.
If you have provided us with your personal data on the basis of your consent, you can withdraw the consent at any time with effect for the future.
You may object to the processing of your personal data if your personal data are processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.
To exercise these rights named above you may contact us at any time, for example by sending an email to the DPO. You also have the right to lodge a complaint with a competent supervisory authority.
1.5 Processing of Data, Purpose, and Legal Basis
The legal basis for all our processing activities is based on Art. 6 (1) GDPR. Further information on the specific legal basis for the respective processing activity shall be provided below.
1.6 Storing and Deletion of Data
We will take all reasonable steps to ensure that your personal data is processed only for the period required for the purpose of processing in each case. If the storage period is not specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law (e.g., § 257 HGB, 147 AO). Furthermore, we may store your personal data until the expiry of the statutory limitation periods (usually 3 years; in individual cases, however, up to 10 years or longer), provided that this is necessary for the assertion, exercise, or defense of legal claims.
1.7 Data Security
To protect the security of your personal data during transmission, we use technical and organizational security measures, in particular, the encryption of our website to prevent unauthorized access by third parties. The encryption via HTTPS is enforced within the framework of an HSTS header. Our security measures are continuously improved and adapted according to technological developments.
1.8 Transfer to Service Providers
We use service providers for the provision of our products and services. These service providers act according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR. If not further specified below, service providers are contracted for the following services:
- Fulfilment of our contractual obligations
- Maintenance of IT systems and related services
- Handling our customer service and managing requests
- Measuring website performance
For more information, please see our list of service providers.
1.9 Data Processing outside the EU/EEA
We use third-party service providers that are partly seated outside of the EU/EEA. The transfer of personal data from the EU/EEA to a third country (in particular the US) shall take place only if the requirements of Art. 44 – 50 GDPR are fulfilled.
1.10 No Automated Decision Making
We do not use automated decision-making including profiling when processing data on our website or web-app.
2 Data processing on our Website
2.1 Website hosting and general functionalities
Nature and purpose of data processing:
We collect data on each visit to our website (so-called server log files), which include the name of the website visited, the date and time of the visit, the data amount transferred, information on a successful call, the browser type and version, the user’s operating system, the referrer URL (the page visited before), the IP address and the requesting provider as well as the country code, language, name of the device as well as name and version of the operating system, if a mobile end device is being used. We use these server log files to ensure a trouble-free connection, usability, and functionality of our website and to evaluate the system safety and stability. We also process your IP address to ensure that connections to our web server are not malicious.
Legal basis:
When personal data (such as the IP address) are stored, the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and website security.
Recipients:
The recipient of the data is the service provider that processes the data on our behalf. The service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
2.2 Communication with us
Nature and purpose of data processing:
If you send us an email or contact us via another communication channel, your name, phone number, email address, and other information you provide are processed by us in order to work on your inquiry or to be able to contact you at a later time for follow up questions.
Legal basis:
This data is processed only on the basis of our legitimate interest to offer efficient communications channels to the public (Art. 6 (1) f. GDPR), or on the basis of initiating a or communicating under an existing business relationship (legal basis Art. 6 (1) b. GDPR).
Recipients:
The recipient of the data is the service provider that processes the data on our behalf. The service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
2.3 Recruitment and Job applications
Nature and purpose of data processing:
If you apply for a job, personal data is collected directly from you during the application process – when you apply for a specific job advertisement or submit a speculative application. In addition, we may also have received data from publicly accessible sources (e.g. professional social networks). In order to accept and evaluate your application and depending on the data provided by you, we may process the personal data provided by yourself such as:
- Name
- Contact details
- Phone number
- Date and place of birth
- Citizenship and work permit (where applicable)
- Application Photograph
- Bank account data
- Files and documents, such as diplomas and certificates, which you send us in connection with your applications
Legal basis:
The data is processed on the basis of pre-contractual measures (Art. 6 Para. 1 lit. b) GDPR) or on the basis of Art. 6 para. 1 b), Art. 88 GDPR in conjunction with Art. 26 para. 1 BDSG if you apply to our German subsidiary. We may save your application data to our pool of applicants under the condition that you have given us your consent. Legal basis is Art. 6 para 1 a) GDPR. You may withdraw your consent with effect for the future at any time.
Recipients:
Only the departments and groups of people directly involved in the recruitment process have access to the data you provide. All employees involved have been obliged to keep your data confidential. In addition, the data can be processed by the service providers (e.g. job platform). As processors, the service providers are obliged to process the data only within the scope of our instructions or – depending on the use of the service provider – as joint-controllers or data processors on our behalf.
Storage duration:
Your personal data will be deleted at the latest six months after the end of the application procedure. Anything else applies only if you have given us your express consent to store your data in our applicant pool for a possible later job offer and thus later consideration. In the event of recruitment, we will include the data provided in our personnel file.
2.4 Website Analytics
Nature and purpose of data processing:
This website uses technology based on cookies that helps us better understand how the website is used. We do this by compiling reports about activity on the website. For this purpose, your IP address is transmitted to a service provider using analysis cookies. For more information and ways to manage your consent, please see the sections below.
Legal basis:
The processing is carried out with your consent according to Art. 6 (1) a GDPR. You may revoke your consent at any time with effect for the future.
Recipients:
The recipient of the data is the service provider that processes the data on our behalf. The service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
2.5 Personalized Advertisement
Nature and purpose of data processing:
We use cookie-based technologies that help us deliver more effective and personalized advertising. This allows us to target visitors to our online offering for the display of advertising (so-called “targeted advertising”). In addition, we can track the effectiveness of our online advertising by seeing whether users were redirected to our website after clicking on such advertising (so-called “conversion tracking”). We may also use service providers to identify users who have visited our website as potential customers and recipients of advertising (so-called “retargeting”).
Legal basis:
The processing is carried out with your consent according to Art. 6 (1) a GDPR. You may revoke your consent at any time with effect for the future. For more information and ways to manage your consent, please see the sections below.
Recipients:
The recipient of the data is the service provider that processes the data on our behalf. The service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
2.6 Consent Management
Nature and purpose of data processing:
We use cookie-based technologies to manage your preferences and consent with regard to the processing activities on our websites. If a processing activity is based you can choose to not give such consent via the consent management tool.
Legal basis:
The processing is carried out with your consent according to Art. 6 (1) c GDPR in order to fulfill the legal requirements of the GDPR.
Recipients:
The recipient of the data is the service provider that processes the data on our behalf. The service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
3 Data Processing on our Social Media Pages
Nature and purpose of data processing:
We operate pages on the following social media channels:
- Facebook: facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to: https://www.facebook.com/policy.php,
- Twitter: twitter.com or mobile app by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, please also refer to: https://twitter.com/en/privacy,
- LinkedIn: linkedin.com or mobile app by LinkedIn Corporation, Legal Department – Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please refer to: https://www.linkedin.com/legal/privacy-policy
- Instagram: instagram.com or mobile app by Instagram by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to: https://help.instagram.com/519522125107875,
- When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.
The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data. On our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place. Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.
Legal basis:
Data processing takes place with your consent or for the purpose of answering your inquiry (Art. 6 (1) a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 (1) f GDPR).
Recipients:
The recipients are the service providers mentioned above which may act as joint controllers with us for the provision of certain services. For Facebook see the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum.
4 Data Processing on my.pixsy.com (web-app)
4.1 Sign-up to Pixsy customer platform
Nature and purpose of data processing:
If you sign up and register to our services under my.pixsy.com you are providing Pixsy with personal information such as:
- Name, address, e-mail, phone, website
- Date of birth
- Bio, career, and profile information
- Photo information
- Tax & payment information (bank or credit card)
- Signatures & settlement agreements
- Documents and files
- Information in connection with an account sign-in facility (e.g., log-in and password details)
- Communications sent by you (e.g., via post, e-mail, or website communication forms)
Pixsy processes this data to fulfil its contractual obligations, in particular, to handle cases, scan for image matches, register images at copyright offices, and perform the services as further specified in our Terms of Use.
Legal basis:
The legal basis for this processing activity is Art. 6 (1) b GDPR (‘performance of the contract).
Recipients:
The recipients are the service providers processing the data on our behalf.
4.2 Uploading your images
Nature and purpose of data processing:
Pixsy enables you to directly import pictures from your computer or from third-party sources (e.g. Flickr, SmugMug, Tumblr, Photodeck, Instagram, Google Drive, Dropbox, etc.).
In this context personal information such as:
- Image title, filenames, date of file creation
- Date and location of creation
- Metadata, EXIF data, tags, and categories
will be processed by Pixsy to perform the contractual products and services as described above. Pixsy will not use any connected APIs (Google Workplace, etc) to develop, improve, or train generalized AI and/or ML models.
Legal basis:
The legal basis for this processing activity is Art. 6 (1) b GDPR (‘performance of the contract’).
Recipients:
The recipients are the service providers processing the data on our behalf.
Retention period:
Your data is stored until you delete it manually using the delete function on our platform or delete your Pixsy account.
4.3 Image users, license purchasers, and potential infringers
Nature and purpose of data processing:
As part of our services, we enforce the intellectual property rights of our customers as their agent. If you are an image user (and seek to purchase an image license), copyright infringer, or potential infringer (or if we have reasonable grounds to assume that you are an infringer) of the intellectual property rights of our customers, we may collect and process personal data in this regard, including:
- Business information
- Name, address, e-mail, phone, website, social media account details
- Image use/infringement information
- Director and employee names
This data is collected from publicly available sources or provided by our customers.
Legal basis:
The legal basis for this processing activity is Art. 6 (1) f GDPR (‘legitimate interest’) or Art. 6 (1) b GDPR (‘contract performance’).
Recipients:
The recipients are the service providers processing the data on our behalf.
4.4 Analytics of user account
Nature and purpose of data processing:
This website uses technology based on cookies that helps us better understand how the website is used. We do this by compiling reports about activity on the website. For this purpose, your IP address is transmitted to a service provider using analysis cookies. For more information and ways to manage your consent, please see the sections below.
Legal basis:
The processing is carried out with your consent according to Art. 6 (1) a GDPR during the sign-up process. You may revoke your consent at any time with effect for the future.
Recipients:
The recipient of the data is the service provider that processes the data on our behalf. The service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
4.5 Pixsy Case Portal and License Payments
Nature and purpose of data processing:
Within the Pixsy Case Portal information about the copyright infringement case is collected and gathered. This contains information about your case, the case number, the payment status, the copyright owner, the copyright owner’s location, the title of the image and the date of creation as well as information about the published location, the respective URLs, the license fee, license duration, attachments such as the evidence report, the invoice, the client agent confirmation, the W9 tax form, the screenshot, the unauthorized use letter. Within the case portal, your payment information is collected in order to process the license payments. Further information can be found in the terms and conditions and the image licensing agreement.
Legal basis:
The legal basis for the processing is the legitimate interest of Pixsy customers to enforce their copyrights via Pixsy Art. 6 (1) f GDPR.
Recipients:
The information is received by the Pixsy customer the payment information is processed by sub-processors Stripe (further information: https://stripe.com/privacy) and Paypal (https://www.paypal.com/en/webapps/mpp/ua/privacy-full) on the basis of Art. 28 GDPR.
5 Cookies and Service Providers
Our website uses cookies to provide our services described above. Cookies serve the purpose of making our service more user-friendly, more effective, safer, and provide additional functionalities. Cookies are small text files which are stored on your device and in your browser.
Most of the cookies we use are so-called session cookies. After the end of the session, these cookies will be deleted automatically. The session cookies are used in order to associate successive page requests with the individual users who access our website. Other cookies will be stored on your device until you delete them. These cookies enable us to recognize your browser during your next visit.
You can adjust your browser to notify you before you receive a cookie or to decide to accept cookies on a case-by-case basis, to exclude all incoming cookies completely or partly, and to activate the deletion of cookies automatically when the browser is closed.
You may manage many online advertisement cookies provided by companies via the American web pagehttp://www.aboutads.info/choices/ or the web page of the European Union http://www.youronlinechoices.com/uk/your-ad-choices/. We would like to inform you that the usage and convenience of our services using any cookies may be limited.
Our website uses the following cookie technologies:
5.1 Website Analytics
5.1.1 GOOGLE ANALYTICS
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. (“Google”). Google Analytics uses cookies to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in Ireland and stored there. In principle, IP addresses on our website are automatically anonymized by Google by means of shortening. Only in exceptional cases are IP addresses transmitted to Google servers in the USA and anonymized there by means of shortening. In this case the data is transferred based on standard contractual clauses. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add-On
5.1.2. HUBSPOT
Our website uses Hubspot a web service of HubSpot, Inc. 25 First Street, Cambridge, MA 02141 USA. Hubspot analyses website visitor’s behavior in order to optimize our website performance and to administrate our customer database. If you provide us with information via our web forms (e.g. Name and e-mail address) this data is saved at the Hubspot server and is connected with your user profile. This enables us to track your user behavior (e.g., clicks on the website, sites visited, e-mails received and clicks in e-mails). You can assert your rights with regard to these tracking activities (e.g. object to data processing or deletion of personal data collected by Hubspot). You can prevent the described website tracking in your browser settings.
5.1.3 FACEBOOK INSIGHTS
We use the Page Insights function to process statistical data from users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum).
This involves the processing of data in the form of so-called ‘page insights’, which are described in more detail at: https://www.facebook.com/legal/terms/information_about_page_insights_data.
Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared, or clicked when and how often. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e., we cannot establish any reference to the individual person.
Information on these page insights and data processing can be found, for example, in Facebook’s data protection statement at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.
Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/
As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at: https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings. Facebook also provides opportunities to contact or exercise rights at: https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.
5.2 Facebook Connect
We use Facebook Connect, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Connect is a single sign-on application which allows users to login to third-party services with their Facebook account. The Facebook API allows us to retrieve certain user information from your Facebook account profile to facilitate the registration process. The amount and extent of data sharing depends on your Facebook Privacy settings and may involve name, profile picture, e-mail address, gender, location, birthday, other information made public on Facebook.
5.3 Adobe Fonts (Typekit)
Our website uses Adobe fonts (Typekit) a web service of Adobe Systems Software Ireland Limited (Adobe Ireland), 4-6, Riverwalk Drive, Citywest Business Campus, Cooldown Commons, Dublin 24, D24 DCW0, Ireland. Adobe may collect information about how fonts are used with those applications, such as the font used, when a document using the font is opened, and when a font is applied to a document. Adobe Fonts does not collect the content of documents using the fonts. Adobe uses the information collected from websites using Adobe Fonts to provide the Adobe Fonts service and diagnose delivery or download problems.
5.5 Personalized Advertisement
5.5.1 FACEBOOK AD CONVERSION TRACKING
This website uses the so-called “Facebook Pixel” operated by Facebook Ireland Ltd (“Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland if you are an EU resident or operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA if you are not residing in the EU, is used.
With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. We can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”). Your data may be transferred to third countries, such as the US, based on standard contractual clauses.
You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To set which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising. The settings are platform-independent, which means that they are applied to all devices, such as desktop computers or mobile devices. You can also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative and additionally via the US website http://www.aboutads.info or the European website http://www.youronlinechoices.com
5.5.2 Google Remarketing
This website uses remarketing functions of Google Ltd, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. These functions enable us to present the website visitor with interest-based advertising within Google’s advertising network. For this purpose, a cookie is stored on the visitor’s computer. The character string contained therein is used to recognize a visitor when he or she visits websites that are part of the Google advertising network. There, the visitor may be shown advertising that relates to content previously accessed on websites that use Google Remarketing. Google uses the so-called “DoubleClick” cookie for this purpose, among others. The DoubleClick cookie is only used for the remarketing function.
According to Google, the remarketing function does not collect any personal data. If you nevertheless do not wish to use the “interest-based advertising” function by Google, you can deactivate it in principle in the settings at http://www.google.com/settings/ads. Alternatively, you can also configure your browser so that it does not accept cookies or only accepts certain cookies. Please note that this may restrict the functionality and convenience of websites. You can also deactivate the use of cookies for interest-based advertising via the advertising network initiative. To do so, follow the instructions at: http://www.networkadvertising.org/managing/opt_out.asp.
5.5.3 LinkedIn Analytics and Ads
We use the conversion tracking technology and the retargeting function of the LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA, on our website.
With the help of this technology, visitors to this website can be served personalized ads on LinkedIn. Furthermore, the possibility arises to create anonymous reports on the performance of the advertisements as well as information on website interaction. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. Your data may be transferred to third countries based on standard contractual clauses.
In the Privacy Policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy you will find more information on data collection and data use, as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate the data collection at any time using the following link: https://www.linkedin.com/psettings/enhanced-advertising
6 Changes to our Privacy Statement
We reserve the right to adapt this Privacy Statement so that it always complies with the current legal requirements or to implement changes to our services in the Privacy Statement, e.g., when introducing new services. The current data protection declaration applies to every visit to the website.