Privacy Policy

‍Privacy Policy
‍Last updated: April 2026

1. Data Controller
‍Controller within the meaning of Art. 4(7) GDPR:
‍
Capture Core Moments UG (haftungsbeschränkt)
Cosimastraße 12
81925 Munich
Germany
Email: info@capturecoremoments.com
Website: www.capturecoremoments.com
‍
‍2. Contact for Data Protection Matters
If you have any questions regarding data protection or the processing of your personal data, you may contact us at: info@capturecoremoments.com
‍
‍3. Overview of This Privacy Policy
This Privacy Policy informs you about the nature, scope, and purposes of the processing of personal data within our online offering, including our website, platform, event galleries, QR-code upload pages, and all related services (hereinafter collectively referred to as the “Platform”). Some data is provided by you (e.g. registration, purchases, uploads). Other data is collected automatically (e.g. technical data such as IP address, browser, timestamps).
We process personal data in accordance with: the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable European and national data protection laws.
You have the right to access, correct, delete, restrict, or transfer your data, as well as the right to withdraw consent and lodge a complaint with a supervisory authority at any time.
‍
4. Categories of Personal Data Processed
Depending on your interaction with our Platform, we process the following categories of personal data:
4.1 Account and Registration Data: Name, E-mail address, encrypted password.
4.2 Contact and Communication Data: Email address, messages sent to our support team.
4.3 Payment and Billing Data: Payment status and transaction identifiers, Invoice data. Payment processing is handled exclusively by external payment providers (e.g., Stripe); we do not store credit card details.
4.4 Usage and Technical Data: IP address, date and time of access, browser type, and operating system, referrer URL, log files and security-related data.
4.5 Content and Event Data: Photos and videos, text messages (digital guestbook), voice/audio messages, event names, dates, albums, and settings.
4.6 Communication Data: Correspondence with our support team.
4.7 Shipping and order data (printed products): When ordering printed products (e.g., photo books, QR-code mini or table cards): Name, shipping address, order details, and email address for order communication.
‍
5. Legal Bases for Processing
We process personal data on the basis of the following legal grounds pursuant to Art. 6 GDPR:
‍- Art. 6(1)(a) GDPR – Consent: Where you have given explicit consent (e.g., cookies, analytics).
- Art. 6(1)(b) GDPR – Contractual Performance: For the provision of our Platform, event galleries, digital services, printed products, and shipping.
- Art. 6(1)(c) GDPR – Legal Obligation: For compliance with statutory obligations (e.g., tax and accounting laws).
- Art. 6(1)(f) GDPR – Legitimate Interests: For ensuring security, stability, and improvement of our Platform, provided your interests or fundamental rights do not override these interests.

6. Purposes of Data Processing
We process personal data for the following purposes:
-Provision and operation of the Platform
-User registration and account management
-Creation and management of event galleries
-Storage and display of uploaded content
-Processing payments and issuing invoices
-Production and shipping of printed products
-Communication with users and support requests
-Platform security and fraud prevention
-Technical administration and optimization
-Improving user experience
-Compliance with legal obligations.
‍
7. Storage Location and Retention
7.1 Storage Location: Personal data is stored on secure servers within the European Union. We use Amazon Web Services (AWS) with data centers located in the EU (Frankfurt, Germany).
7.2 Retention Periods: Personal data is retained only for as long as necessary for the respective purpose:
Account data: for the duration of the contractual relationship and thereafter in accordance with statutory retention periods.
Event content (photos, videos, messages): according to the selected package duration
Billing and invoice data: up to 10 years (statutory retention requirements)
Log and security data: generally up to 90 days
7.3 Automatic Deletion: User-generated content is automatically deleted after the applicable storage period expires, unless legal retention obligations require longer storage.
‍
8. Third-Party Service Providers
We use carefully selected service providers who process personal data on our behalf and exclusively according to our instructions under data processing agreements pursuant to Art. 28 GDPR.
8. Data may be transferred outside the EU. Appropriate safeguards such as Standard Contractual Clauses and, where applicable, participation in the EU-US Data Privacy Framework are used. Privacy Policy: https://policies.google.com/privacy
‍8.2 Stripe Inc.: Payment processing and invoicing. Stripe processes payment data independently and may also use data for fraud prevention. We do not store payment card data. Privacy Policy: https://stripe.com/privacy
‍8.3 Amazon Web Services (AWS): Cloud infrastructure and storage (EU region). Privacy Policy: https://aws.amazon.com/privacy/
‍8.4 Zoho Mail: Transactional and support-related email communication. Personal data such as email addresses and message content may be processed on Zoho servers, including outside the EU. Appropriate safeguards such as Standard Contractual Clauses are in place. Privacy Policy: https://www.zoho.com/privacy.html
‍8.5 Cloudprinter: Production and shipping of printed products (e.g. photo books, cards). Cloudprinter processes personal data such as name and shipping address solely for order fulfilment. Privacy Policy: https://www.cloudprinter.com/privacy-policy
‍
‍9. Cookies and Analytics
9.1 Essential Cookies: We use technically necessary cookies required for authentication, security, and operation of the Platform. These are based on our legitimate interest (Art. 6(1)(f) GDPR).
9.2 Analytics: We use analytics tools (e.g. Google Analytics) only after your explicit consent. IP anonymization is enabled where applicable.
9.3 Cookie Consent: We use a consent management tool to obtain, document, and manage your consent to the use of cookies and similar technologies in compliance with applicable law (Art. 6(1)(c) GDPR and § 25 TDDDG).
‍
10. Guest Uploads and Event Galleries
Our Platform allows guests to upload photos, videos, and messages via QR code or direct link. The event organizer (our customer) is the data controller for the content. We act as the data controller for the technical operation of the platform, including storage, security, and availability of uploaded content. Processed guest data may include:
-Uploaded media and messages
-Optional name (if provided)
-IP address and timestamp for security purposes
Guests may request access to or deletion of their uploaded content via the event organizer or by contacting us at info@capturecoremoments.com.
‍
11. Automated Decision-Making
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

12. Data Security
We implement appropriate technical and organizational measures, including:
-Encryption in transit (TLS/SSL)
-Encryption at rest
-Access controls and authentication mechanisms
-Regular security updates and backups.
‍
13. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have the following rights:
9.1 Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed and to access this data.
9.2 Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data and the completion of incomplete data.
9.3 Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data ("right to be forgotten") under certain circumstances.
9.4 Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data under certain circumstances.
9.5 Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
9.6 Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests.
9.7 Right to withdraw consent at any time (Art. 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw your consent at any time.
9.8 Right to Lodge a Complaint: You also have the right to lodge a complaint with a supervisory authority.

‍Competent authority (Germany):
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
www.lda.bayern.de
‍
‍14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page. The current version is always available on our website.

We encourage you to review this Privacy Policy periodically for any changes.

15. Contact
If you have any questions regarding this Privacy Policy or our data processing practices, please contact us:
info@capturecoremoments.com
‍