Data protection

Responsible Persons

Responsible for processing personal data on this website (“FiestaPics”) is Imagify OG(brand name “FiestaPics”). You can reach us at Fuchsienweg 31/6, 1220 Vienna. If you have any questions about data protection, you can contact us by telephone at +43 13480777 as well as via e-mail to info@fiestapics.at contact us.

General information on data processing

We take the protection of your personal data very seriously. When you visit this website or use our services, we collect various personal data. Personal data is any information with which you can be personally identified (e.g. name, email address, IP address). We process this data confidentially and in accordance with legal data protection regulations (in particular GDPR) and this privacy policy.

Purposes and scope of data processing: In principle, we only collect and use personal data to the extent necessary to provide a functional website, our content and services — for example to deliver the website to your device, to process inquiries or to improve our offering. Which data is processed in detail and for which purposes is explained below for the respective processing processes (e.g. contact form, web analysis).

No unauthorised transfer: Your personal data will only be transferred to third parties if you have given your express consent, if this is necessary to fulfill a legal obligation, or if we have a legitimate interest in sharing it (and your legitimate interest does not prevail). Service providers that we use to provide the website or for individual functions (e.g. hosting, analysis services) process data only on our behalf on the basis of a Order processing contract in accordance with Art. 28 GDPR.

Data security: We protect your data through appropriate technical and organizational measures. This website uses, for example, a SSL/TLS encryption for the secure transfer of confidential content (recognizable by “https://” and the lock icon in the browser line). Please note, however, that data transmission over the Internet (e.g. when communicating by e-mail) may have security gaps; complete protection against access by third parties is not possible.

Hosting and server log files

Each time you visit our website, our hosting provider information that your browser automatically transmits. These are stored in so-called server log files. The logged data includes, for example:

  • Page visited: The URL of our website accessed
  • Date and time: Time the page was accessed
  • Browser and device: Browser type/version and operating system used
  • referrer: the previously visited page (referrer URL)
  • Host name and IP address: of the accessing computer (in anonymized form, if possible)

This log data is processed to ensure the functionality and security of the website and, if necessary, to analyze technical problems. This data is not combined with other data sources. Storage period: The server log files are usually used for two weeks saved and then automatically deleted. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 lit. f DSGVO) to ensure the secure and stable operation of our website. In exceptional cases (e.g. in case of illegal access), we reserve the right to view log data for a longer period of time if this is necessary to preserve evidence.

Contact form

If you have access to our contact form If you contact us, the data you have entered will be transmitted to us and stored. As a rule, we collect the following information:

  • Personal data: First name, last name (required fields)
  • company details: Company name (if provided)
  • contact information: Email address and phone number (mandatory fields to contact us)
  • Event details: Planned date of the event, event location and desired product (photo box, magic mirror, 360° video booth, photo mosaic wall, etc.)
  • message: Free text message with your request or special wishes (optional)

This data is used exclusively for the purpose of Processing your request and to Preparation of offers used for your event. We use the information to get in touch with you, clarify details and provide you with a suitable offer for our photo products. Without this data, we would not be able to process your request.

The data entered in the contact form is processed based on Art. 6 para. 1 lit. b DSGVO(to implement pre-contractual measures). If no contractual relationship is established, we will still treat your information confidentially and only use it for communication in connection with your request. Storage period: Your contact details will be deleted as soon as your request has been fully processed and there is no longer a legal storage obligation (for example when placing an order later). You can also request the deletion of the data you have provided via the contact form at any time; we will comply with this immediately, provided that there are no legal storage obligations to the contrary.

Using Google Analytics and Google Ads

We use company services on our website Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to analyze and optimize our online offering and for advertising purposes. Specifically, we use Google Analytics (analysis tool) and Google Ads (online advertising program with conversion tracking and, if applicable, remarketing). Below, we explain how these services use data and how you can object to this.

Google Analytics

Our website uses Google Analytics, a web analysis service from Google. Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your website usage (e.g. pages viewed, interaction behavior, approximate geographical origin) is usually transferred to a Google server and stored there. In doing so comes IP anonymization for use: Your IP address is used within the EU/EEA with The storage is automatically shortened so that no direct personal reference can be made anymore. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there.

Google evaluates the information collected on our behalf in order to compile reports on website activity and to provide further services relating to website usage. Google Analytics tells us, for example, which pages are particularly popular or how long visitors stay on our site. These statistics help us to improve our offer and make it more user-friendly. Google Analytics stores, among other things, the following data about website visitors: pages and sub-pages visited, time spent, browser and device type used, language setting, origin of the visitor (via which page or advertisement you came to us) and technical data (such as screen resolution). Google Analytics receives personal identification data such as your name or contact information not, and we don't combine analytics data with other data sources.

Objection option: Google Analytics is used only with your consent (Art. 6 para. 1 lit. a GDPR). You can decide whether to allow Google Analytics via our cookie consent banner. If you do not agree, Google Analytics will remain deactivated. Even after you have given your consent, you can withdraw it at any time: either use our cookie settings (cookie consent tool) and deactivate the “Analysis” category, or install the official Browser add-on to disable Google Analyticsfiestapics.at. The add-on is available from Google for the most popular browsers and prevents Google Analytics from collecting data from your browser. Alternatively, you can prevent cookies from being stored in your browser settings; however, this may restrict the functionality of our website.

Data transfer to the USA: As part of analytics services, Google may transfer data to USA transfers and stores there. Google is under the EU-U.S. Data Privacy Framework certifiedlinkedin.com, which is intended to ensure an appropriate level of data protection. We also have corresponding Google standard contractual clauses completed to ensure the protection of your data when transferred to third countries. However, we would like to point out that when personal data is transferred to the USA risks (e.g. access by US authorities) cannot be completely ruled out. We will only transfer your analytics data if you have given your consent. For more information about data protection at Google, please see the Google Privacy Policy and the Google Analytics Terms of Use.

Google Ads (conversion tracking and remarketing)

We also use Google Ads, an online advertising program from Google, including so-called conversion tracking. If you have reached our website via a Google ad (Google Ads), Google Ads places a cookie on your device (_gcl_aw or similar). This cookie allows us to recognize whether a visitor has come to our site via a Google ad and has possibly carried out a desired action (e.g. sending the contact form). Conversion tracking In other words, it helps us measure how effective our ads are. We only receive statistical evaluations from Google (number of requests via ads, etc.), but no information with which we could personally identify users.

In addition to conversion tracking, we may use Google Ads Remarketing. A pseudonymous identification feature (cookie ID) is used to target you based on your visit to our website in a target group for interest-based advertising to save. This enables us to display advertisements about our products to you later on Google itself or on websites in the Google advertising network if you are interested in our offer. Here, too, no direct personal data such as names is stored — only your browser is recognized via the cookie ID.

Google Ads and associated cookies are used only with your consent (Art. 6 para. 1 lit. a GDPR). With our cookie consent tool, you can control whether marketing cookies such as those from Google Ads can be set. If you do not want to receive personalized advertising, you can refuse consent or withdraw it at any time. In addition, Google itself offers the option to deactivate personalized advertising: To do this, visit the Google ad settings and make the appropriate settings there.

Note on data processing by Google: By integrating Google Ads and Analytics, Google may be able to process data about your use of this website (including transmission of IP addresses for technical reasons). Google can use this information for its own purposes, over which we have no influence. For more details on Google's use of data as part of advertising services, please see the Google Privacy Policy. Once again, we would like to point out that these services will only be activated if you give us your consent to do so.

Embedding YouTube videos

We have on our website YouTube videos integrated to provide you with multimedia content about our offerings. YouTube is a video portal of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) When you visit a page on our website on which a YouTube video is embedded, a connection to the YouTube servers is established. In doing so, certain data is transmitted to YouTube/Google, in particular:

  • IP address and device information: YouTube receives your IP address, browser data and can recognize that our website was visited via this IP.
  • Page accessed: YouTube receives information about which specific page you have visited with us (because the video is embedded there).
  • Cookies from YouTube: YouTube may use cookies to analyze your user behavior. If you are logged into your YouTube/Google account when you visit the site, YouTube can assign your surfing behavior directly to your personal profile. Even without logging in, YouTube can create a user profile using cookies and device-related identifiers.

Where possible, we use the privacy-friendly embedding option (”extended data protection mode“), which means that YouTube only sets cookies when you actively play the video. However, even calling up the page with the preview image of the video can result in a data transfer to Google (the connection to YouTube must be established to display the preview image). Data protection risks: Please note that by using YouTube, data is transferred to the USA can take place and Google can receive personal data in the process. We have no influence on this data processing by YouTube/Google.

legal basis: YouTube videos are integrated in order to be able to display external video content to you — this represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. However, we load the YouTube videos only with your consent in accordance with Art. 6 para. 1 lit. a GDPR, as external media can set cookies. When you first access our consent tool, you can choose whether you want to load videos from third-party platforms. If you don't give consent, the YouTube video won't load automatically. You can change your decision at any time via cookie settings.

For more information about YouTube's privacy policy, please see Google's privacy policy. Among other things, it explains what data Google collects and what it is used for.

Cookies and consent tool

Our website uses cookiesto provide specific features and improve your user experience. Cookies are small text files that your browser stores on your device. We use both technically necessary cookies (e.g. to save your cookie settings or to enable the use of the site) and — only with your consent — optional cookies per Analytical and marketing purposes one (for example for Google Analytics and Google Ads, as described above).

When you visit our website for the first time, a notice (“cookie banner”) appears asking for your consent to the use of certain cookies. This consent banner is created using a cookie consent tool called “Flowappz” provided. The tool allows you to choose which cookie categories you want to allow: Necessary Cookies are always set because otherwise the website would not function properly while analysis and marketing By default, cookies remain blocked until you actively agree. Your selection is saved in a cookie so that the banner does not reappear every time you visit it and we can take your settings into account.

Cookie consent tool (flowappz): The consent tool we use Flowappz Saves your cookie usage preferences. This sets a necessary cookie on your device, which documents which options you have chosen (consent or rejection of certain cookie categories). This cookie does not contain any personal information other than an anonymous identifier for your consent and has a limited runtime (usually a few months to a year). The consent tool itself acts as a contract processor for us and ensures compliance with the GDPR requirements for cookie management.

Withdrawal and cookie management: You can change your cookie settings at any time or withdraw any consent you have already given. To do this, use the appropriate link or button on our website (e.g. “Cookie Settings” or “Cookie Preferences”) to call up the settings banner again. Alternatively, you can delete or block cookies that have already been set in your browser. Please note that if you reject cookies, not all functions of our website may be fully usable — in particular, we will not be able to analyse your visit or offer personalized content without appropriate consent.

We have already summarized further general information about cookies (e.g. types of cookies and how they work) for you in the previous sections and in our consent banner. Details of the individual cookies (name, purpose, storage period) can also be viewed in the consent tool.

Legal basis for processing

We only process personal data within the framework of legal admissibility provisions. This means that data processing only takes place if at least one of the following Legal grounds under Article 6 (1) GDPRThe relevant is:

  • Consent (Art. 6 para. 1 lit. a GDPR): If you give us voluntary consent to process certain data, e.g. by confirming the cookie banner for analytics/marketing or by submitting the contact form (which may imply consent to process the data entered). In this case, we process the data exclusively for the purposes stated in the consent. You can withdraw your consent at any time with effect for the future (see also Users' rights below).
  • Contract fulfilment or pre-contractual measures (Art. 6 para. 1 lit. b GDPR): If the processing of your data is necessary to fulfill a contract to which you are a party or to carry out pre-contractual measures. For example, we process the data provided in the contact form in order to prepare an offer at your request and, if necessary, to initiate or conclude a contract (rental of our photo boxes/services). In the event of a booking, further required data (e.g. billing data) will also be processed on this basis.
  • Legal obligation (Art. 6 para. 1 lit. c GDPR): In some cases, we are required by law to process or store certain data. For example, we must comply with tax and commercial retention periods (such as invoices 7 years storage in accordance with Austrian law). If processing is necessary to fulfill a legal obligation that applies to us, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
  • Legitimate interest (Art. 6 para. 1 lit. f GDPR): Insofar as processing is necessary to protect our legitimate interests or that of a third party and is not overridden by the interests or fundamental rights of the data subject. There is, for example, a legitimate interest in the secure operation and administration of the website (see server log files), in answering customer inquiries or in the statistical analysis of site usage (insofar as this would be legally permitted without consent, for example in anonymized form). When we rely on legitimate interests, we always balance your legitimate interests in keeping your data confidential against our interest.

Storage period

We only store personal data for as long as is necessary for the respective purpose or we are required by law to store it. The specific deletion periods may vary depending on the type of data and processing purposes:

  • Contact requests: We keep data that you provide to us as part of an enquiry (via contact form or e-mail) until your request has been fully answered or resolved. As soon as your request has been finally processed and there are no further requirements, the data will be deleted. If a contractual relationship results from the request, the data can be transferred to our customer administration and stored for a longer period of time (see contract data below).
  • Contract and business data: If you rent our photo products or make use of another contractual service, we process your data for the execution of the contract and store it for the duration of the contractual relationship. After the end of the contract, this data will be deleted as soon as knowledge of it is no longer required to fulfill the contract. Billing and accounting-related information (invoices, payment details, etc.) are processed in accordance with the statutory Retention requirements (e.g. tax law 7 yearsin Austria) archived. However, during this period, the data will be blocked for other purposes.
  • Server log files: As mentioned above, technical log data about website access is usually used for two weeks held and then automatically deleted. Longer storage only takes place exceptionally for safety-relevant incidents, as long as they are required for clarification.
  • cookies: Cookies each have an individual storage period. Session cookies (for necessary functions) usually only persist until you close your browser. Cookies that store your consent preferences (consent cookies) can have a longer duration (e.g. 6—12 months) so that you don't have to make a new decision every time you visit. Analytical and advertising cookies from third-party providers (Google) have predefined runtimes (e.g. Google Analytics cookie _ga 2 years, Google Ads conversion cookie approx. 30 days), which are defined by Google. However, you can delete cookies from your device yourself at any time (see section Cookies and consent tool above for clues).
  • Google Analytics data: Data collected via Google Analytics is stored on Google servers. We have configured the storage period for usage data in Google Analytics so that anonymizes or aggregates and are deleted after a fixed period of time (usually 14 months for user and event data, unless no longer required for trend analyses). Google may be able to keep aggregated statistical data without personal reference for a longer period of time. Please note that we have only limited influence on Google's exact deletion mechanisms; details can be found in the Google privacy information.

If the purpose of processing no longer applies and there is no longer a legal storage obligation, the corresponding data will be deleted or anonymized routinely and in accordance with legal requirements. In cases where deletion is not immediately possible from a technical or organizational point of view, we block the data for further processing.

Users' rights

As a person affected by data processing, you have various rights about which we would like to inform you about here. You can exercise these rights informally at any time using the contact details provided above:

  • Right to information (Art. 15 GDPR): You have the right to obtain information about which personal data we have stored about you. On request, we will be happy to inform you about the data we process about you as well as further information in accordance with Article 15 GDPR (processing purposes, recipients, storage period, etc.).
  • Right to rectification (Art. 16 GDPR): Should we process incorrect or incomplete personal data from you, you can immediately request that this data be corrected or completed.
  • Right to deletion (Art. 17 GDPR): You can require us to delete your personal data under the conditions of Article 17 GDPR. This “right to be forgotten” applies, for example, when the data is no longer necessary for the purposes for which it was collected, you withdraw your consent and there is no other legal basis, or if we process it unlawfully. Please note that certain data may not be deleted immediately if there are legal storage obligations or other overriding rights conflict with this. In such a case, we restrict processing (blocking) instead of completely deleting the data.
  • Right to restrict processing (Art. 18 GDPR): You have the right to request that the processing of your data be restricted. This means that we are not allowed to process your data — apart from storage — as long as the request for restriction is reviewed. This is the case, for example, if you dispute the accuracy of your data (for the duration of the review) or if, in the case of a request for deletion, you want the data not to be deleted but only processed to a limited extent.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the data that you have provided to us in a common, machine-readable format (e.g. CSV). On request — as far as technically feasible — we can also transfer this data directly to another person responsible. However, this right only applies to data that has been processed automatically on the basis of your consent or a contract.
  • Right of objection (Art. 21 GDPR): At any time, you have the right for reasons arising from your particular situationto object to the processing of your personal data, provided that we process it on the basis of a legitimate interest (Art. 6 para. 1 lit. f DSGVO). If you file an objection, we will no longer process your data on this basis, unless we can prove compelling legitimate reasons that outweigh your interests. Objection to direct marketing: If we should use your personal data for direct marketing (e.g. if we send you newsletters or advertising; currently we only do this with express consent), you can object to this use at any time. In the event of your objection, we will collect your data Stop using it for direct advertising purposes.
  • Right to withdraw consent (Article 7 (3) GDPR): If we process your data based on your consent, you have the right to withdraw that consent at any time. The revocation means that we will no longer continue the relevant data processing in the future. The lawfulness of the processing that has already been carried out up to the time of revocation remains unaffected. For example, you can change cookie consents granted via our cookie tool or inform us informally if you no longer wish to process your data sent via the contact form.

We will do our best to respond to your concerns immediately and within the legal framework (within 1 month at the latest). To exercise your rights, you can contact us at any time using the contact details provided. We may need to request additional information from you to confirm your identity — this is to protect your data from unauthorised access to third parties.

Right to lodge a complaint with the data protection authority

If you believe that the processing of your personal data by us violates the GDPR or other data protection laws, you are entitled to Right to complain In the case of a supervisory authority too. To do so, you can contact the data protection authority responsible for your place of residence or place of work, or our lead supervisory authority in Austria.

Responsible in Austria is Austrian data protection authority:
Barichgasse 40-42, 1030 Wien, Austria
Telephone: +43 1 52 152-0
email: dsb@dsb.gv.at
Website: www.dsb.gv.at

The data protection authority will review your concern. However, if you have any questions or problems, we would appreciate it if you would first contact us directly so that we can resolve any ambiguities directly.

Timeliness and amendment of this privacy policy

This privacy policy is currently valid and has the status Abril 2025. We regularly review the content of this statement and adapt it as soon as changes in data processing or the legal situation make this necessary. The latest version of the privacy policy can be viewed at any time on our website at www.fiestapics.at/privacy be retrieved. Changes will be effective as soon as we publish the revised privacy statement on our website. We therefore recommend that you review this statement from time to time to stay informed about the protection of your data.