Privacy Policy for IRIS PHOTO.ART Physical Stores
đź“… Last updated: 07.02.2025
We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, process, and store your data when you visit or make a purchase at an IRIS PHOTO.ART physical store.
1. Data Controller & Contact Information
Each IRIS PHOTO.ART store is operated by an independent franchisee, which acts as the data controller responsible for handling personal data collected at that specific location.
The responsible data controller for your store visit is listed in-store or on your purchase receipt.
đź“Ť IRIS PHOTO.ART Headquarters (Franchise Holder):
Kollektiv Lumen - Mayrl & Colin GbR
Im Rödelbach 2
34537 Bad Wildungen
Germany
📧 Email: post@irisphoto.art
If you have questions regarding data protection at a specific store, please contact the relevant store operator.
2. What Data Do We Collect?
When you visit or purchase from an IRIS PHOTO.ART store, we may collect the following data:
2.1. Personal Data Collected at Checkout
âś” Customer Information: Name, contact details (email, phone number, address)
âś” Payment Information: Payment method used (we do not store card details)
âś” Purchase Details: Items purchased, transaction ID
2.2. Image Data Processing
As part of our services, we capture and process iris photographs to create artistic images.
- These images are stored temporarily for processing.
- Once the final artwork is delivered, original iris scans are deleted.
âś” Legal Basis: Art. 6(1)(b) GDPR (contractual necessity for processing orders).
2.3. Marketing & Newsletter Data (With Consent Only)
âś” If you opt-in, we may use your email for promotional communications.
âś” You can withdraw consent at any time by unsubscribing.
âś” Legal Basis: Art. 6(1)(a) GDPR (consent).
3. How Is Your Data Used?
We process personal data exclusively for the following purposes:
âś” Order Processing: Creating and delivering your custom artwork.
âś” Payment Handling: Managing payments and issuing receipts.
âś” Customer Service: Responding to inquiries or order-related requests.
âś” Legal Compliance: Fulfilling tax and legal record-keeping obligations.
4. How Long Do We Store Your Data?
⏳ We only store personal data as long as necessary for its intended purpose:
| Data Type | Storage Duration | Legal Basis |
|---|---|---|
| Purchase records | 10 years (tax/legal obligations) | Art. 6(1)(c) GDPR |
| Original Iris photographs | Deleted after order completion | Art. 6(1)(b) GDPR |
| Contact details (marketing) | Until consent is withdrawn | Art. 6(1)(a) GDPR |
Once the retention period expires, data is permanently deleted or anonymized.
5. Who Do We Share Your Data With?
We do not sell or share your data for external marketing. However, data may be shared with:
âś” Franchise Headquarters (Kollektiv Lumen - Mayrl & Colin GbR) for quality control and customer service.
âś” Printing Partners (e.g., Whitewall GmbH) for production of your artwork.
âś” Shipping Companies (e.g., DHL, UPS) if delivery services are used.
âś” Legal Authorities if required by law.
Legal Basis: Art. 6(1)(b) GDPR (contractual necessity) & Art. 6(1)(c) GDPR (legal obligations).
6. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have the following rights:
✔ Right to Access (Art. 15 GDPR) – Request a copy of your stored data.
✔ Right to Rectification (Art. 16 GDPR) – Correct inaccurate or incomplete data.
✔ Right to Erasure (Art. 17 GDPR) – Request deletion of your data, unless legal obligations prevent it.
✔ Right to Restriction (Art. 18 GDPR) – Request processing limits in certain cases.
✔ Right to Data Portability (Art. 20 GDPR) – Request a machine-readable copy of your data.
✔ Right to Object (Art. 21 GDPR) – Object to data processing based on legitimate interests.
✔ Right to Withdraw Consent (Art. 7(3) GDPR) – Revoke marketing consent at any time.
To exercise these rights, contact post@irisphoto.art or the respective store operator.
7. Security Measures
We implement technical and organizational measures to protect your data, including:
âś” Encryption for sensitive communications.
âś” Restricted access to personal data (only authorized staff).
âś” Secure deletion of iris scans after order completion.
Despite these measures, no data transmission is 100% secure, and Customers should also take precautions when sharing personal data online or via email.
8. Changes to This Policy
We reserve the right to update this Privacy Policy to reflect legal or operational changes. The latest version will always be available in-store and on our website.
đź“… Last updated: 07.02.2025