shipping by DHL

Privacy Policy


HEJPIX Privacy Policy

Version: 04/2022


We take the protection of your personal data very seriously. We will explain in the following how we handle and protect your personal data in our services.

Personal data are details about personal or factual circumstances of an identified or identifiable natural person (data object). Besides your name and address, this also includes your telephone number, your email address, your photos and other information attributable to your person. 

This privacy policy applies to the web service and to HEJPIX apps for mobile devices (referred to in the following as "Services"). 


1. Controller 

The controller for the collection, processing and use of the personal data in the meaning of the General Date Protection Regulation (hereafter "GDPR") and other relevant data protection laws is HEJPIX GmbH & Co. KG, Corneliusstraße 27, 80469 Munich, Germany (hereafter "HEJPIX" or "We"). 


2. Protective measures for data security

We take state-of-the-art technical and organisational measures to guarantee the security of the personal data about you that we store. Your data are protected conscientiously against loss, destruction, falsification, manipulation and unauthorised access. We make it obligatory for our employees to maintain confidentiality and comply with the provisions of the data protection regulations.


3. Processing of personal data

We will inform you in the following of the individual processing stages that may apply to your personal data, including details concerning the purpose and legal ground:


3.1 Registration and creation of a customer account

We require from you the following personal information so that you can register for access to our Services:

•    Email address

•    Password – if necessary

We also store your personal user data (user name/password) during registration. The provision of additional personal data (address, interests, photo uploads, texts etc.) in order to complete your user profile is voluntary. 

The purpose is to enable your use of the Service and the features provided on your account. We will not sell or otherwise market the personal data we store about you to third parties. 

The legal ground for the aforementioned processing is fulfilment of a contract (Article 6 (I b.) GDPR). Processing of the aforementioned data is necessary in order to fulfil this contract concluded with you.


3.2 Orders and delivery of personalised photo products and other goods

We, our logistics partners and payment services providers process the necessary data within the framework of your orders of products: 

•       First name and last name

•       Address

•       Email address

•       Telephone number (if provided)

•       Date of birth (if provided)

•       Bank details or other payment information

•       Order history

The purpose is the fulfilment of your order and the management of the current and previous orders you placed on your account.

The legal ground for the aforementioned processing is fulfilment of a contract (Article 6 (I b.) GDPR). Processing of the aforementioned data is necessary in order to fulfil this contract concluded with you.


3.3 Newsletter, product endorsements by email, other information on offerings and advertising 

We send newsletters, emails and other electronic notifications with promotional information (referred to in the following as "Newsletter") only with the consent of the recipient or legal consent. 

To sign up for the newsletter, it is sufficient if you provide your email address. You have the option to provide your first and last name as well. These details are used only for personalising the newsletter. The registration for our newsletter takes place in a so-called double opt-in process. This means that you will receive an email after registration asking you to confirm your registration. This confirmation is necessary so no one can log-in using a different email address. The newsletter registrations are logged to have proof of the registration process according to the legal requirements. 

You are entitled to opt out at any time if you do not want to receive any more newsletters. You will not incur any costs beyond your own Internet plan if you wish to opt out. In this regard, you are only required to send us notification by email. Of course you will find an unsubscribe link at the end of every newsletter.

The legal ground for sending a newsletter to which you have subscribed is the fulfilment of a contractual relationship according to Article 6 (I b) GDPR.

Moreover, we are permitted to process your personal data provided within the framework of your order or other use of our Services for the purpose of sending you product endorsements or for other promotional purposes (e.g. to send you emails with information on offerings that are similar to previous orders and that may therefore be of interest you, as well as to send you postal advertising, within the scope of the provisions set out in Section 7 (III) Unfair Competition Act (UWG)), although we will do so within the narrow restrictions of the relevant laws on advertising and data protection. 

The legal ground in this regard is the assertion of our justified interests within the framework of the statutory provisions according to Article 6 (I f) GDPR. You are entitled at any time to object to the future processing of your personal data set out in these statutory requirements according to Article 21 GDPR. The objection can be raised especially against processing the data for direct promotional purposes.


4. Processing of non-personal, anonymised, pseudonymised data / cookies / Analytics / tracking


4.1 Log files

Our server collects information about your session in so-called logs when you use our Web Service or apps. Depending on the Service, the following data may be collected:

•    IP address

•    Browser type and version

•    Operating system used

•    Website from which you accessed our Service

•    Individual pages you accessed on our Service

•    Transferred data volume

•    Date and time of the access

We will only analyse these data for statistical purposes in order to improve our online presence for you. We do not associate these data with personal data.


4.2 Cookies

Our Services use cookies that enable us to identify you during your session on our Web Service. A cookie is placed on your computer. The cookie expires automatically at the end of your session. These cookies do not hold any personal data and will not be associated with personal data.


4.3 Use of Facebook social plugins

Our website uses social plug-ins ("plug-ins") of the social network, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States ("Facebook"). The plug-ins can be seen on one of the Facebook logos (white "f" on a blue tile or a "thumbs up" sign) or are labelled with the additional text "Facebook Social Plugin". 

When you access a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transferred from Facebook directly to your browser, which then embeds it into the website. We therefore do not have any influence on the volume of data that Facebook collects using this plugin and are therefore providing you with information to the best of our knowledge:

By embedding the plugin, Facebook obtains information that you accessed the corresponding page on our website. If you are logged into Facebook, Facebook can associate the visit with your Facebook account. If you interact with the plugins, for example by pressing the Like button or writing a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there. If you are not a member of Facebook, it is still possible that Facebook may obtain your IP address and store it.

Please refer to Facebook's privacy policy for the purpose and scope of data collection and further processing and use of data by Facebook, as well as your rights in this regard and settings options for protecting your privacy:

If you are a Facebook member and do not wish that Facebook collects information about you via our website and associates it with your data already stored by Facebook, you must log out of Facebook before visiting our website.

It is also possible to block Facebook social plugins by using add-ons for your browser, for example the "Facebook Blocker".


4.4 Use of Google Analytics

Our website uses Google Analytics, a web analysis service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“) – with the "User-ID" function for all computers and mobile devices with which our Services are accessed – in order to collect local and global, pseudonymised use analyses that are intended to improve our Services. 


4.4.1 Google Analytics for the website / mobile website

Google Analytics uses cookies, which are text files that are placed on your computer and which allow Google to analyse your use of the website. The information collected by the cookie on your use of this website (including your IP address) is sent to a Google server in the USA and stored there. Please note that the code snippet "anonymizeIP" has been added to Google Analytics on this website to guarantee anonymised registration of IP addresses (so-called IP masking). We have therefore ensured that Google merely collects a truncated form of your IP address that guarantees anonymity and does not permit any conclusions on your identity. Where the IP anonymisation is enabled on this website, your IP address will, however, be previously abbreviated by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area. Only in exceptional cases is your full IP address transmitted to a Google server in the USA and truncated there. Google will use this information to evaluate your use of the website, to compile reports on website activities for the website operator and to provide other services associated with use of the website and the Internet. The IP address transmitted from your browser by Google Analytics is not associated with any other Google data. Google will only transfer these data to third parties based on statutory regulations or within the scope of contract processing. On no accounts will Google associate your data with other data collected by Google.

By using this website, you provide your consent to the processing of data collected by Google about you in the previously described manner and for the previously stated purpose. 

You can prevent the cookie storage by a corresponding setting in your browser software; however, we would like to point out that in this case you might not be able to use all functionalities of this website. In addition, you may prevent the transmission of the data created by the cookie relating to your use of this website (including your IP address) to Google, and the processing of these data by Google, by downloading and installing the browser plug-in available at the following link: Where you are using a mobile device browser to access our website, you may install an opt-out cookie to prevent data collection. Click here to enable this opt-out cookie. For more information about Google Analytics and data protection, visit or


4.4.2 Google Analytics for mobile apps

When you download, install and use the apps on your mobile device, Google Analytics will collect data on your use, including the device model, geographic information (if configured on the device), the installed operating system (iOS, Android) and aggregate data on the use of the app. An identification code enables distinction between individual uses, but does not permit conclusions on the person of the user. In particular, the user's login details will not be stored. We use the analyses produced on this basis to improve our services, to develop new features and to optimise them to suit the needs of our users. The mobile data and the identification code collected by Google Analytics will not be associated with any other Google data. Google warrants that it will not associate your data with other data collected by Google. You can select an appropriate options in the app settings on your mobile device to opt out of data collection. When using a mobile device by Apple (iOS operating system), you can select the opt-out for your user account in the general settings of the app. When using a mobile device with an Android operating system, you can select the opt-out in the profile section of the app. However, we would like to point out that if you do so, you may not be able to use all functions of the apps to their full extent.


4.5 Statistical collection and analyses for newsletters

The newsletter contains a so-called "web-beacon", i.e. a pixel-sized file that is retrieved when the newsletter is opened from the newsletter server. During this retrieval, technical information is collected, for instance about your browser, your operating system or the time of retrieval. The statistical survey also includes information about whether the newsletters are opened, when they are opened and which links are clicked. This anonymised information is used to technically improve the services based on the technical data or the target groups and their reading behaviour according to their retrieval locations (which can be determined using the IP address) or the access times.


5. Recipient, transmission to a third country

Personal data is sent to the following recipients, i.e. recipient categories, during your use of our Services, depending on which functions or Services you access. You will be informed if the data is transmitted to a third country outside the EU or the EEA:

Recipient, recipient category

Outside the EU/EEA?




Rocket Science Group, LLC


Mailchimp newsletter circulation

MailChimp is US-EU "Privacy Shield"-certified and is hence obliged to meet the EU data privacy requirements. Moreover, we have concluded a "Data Processing Agreement" with MailChimp under which it is required to protect the data of our users, to process the data only on our behalf and in particular to refrain from sharing the data with third parties. 

Fulfilment and logistics service provider


Production, packaging and shipping of the ordered products



Personal data is transmitted to government agencies and authorities only on the basis of mandatory legal provisions.


6. Withdrawal of consent

Where we use the data for a purpose that requires your consent according to statutory provisions, we will always ask for your explicit consent and keep records of your consent.

You are entitled to withdraw your consent at any time.

You are merely required to send us notification in order to withdraw your consent. Withdrawal of consent does not affect the legality of data processing that was carried out based on the consent that you had previously provided.


7. Duration of storage

We adhere to the principles of data avoidance and data economy. We only store personal data for the time that is necessary to provide the services you have requested or ordered and only for the intended purpose; in most cases this will be for the duration of the contractual relationship with you or the period in which we have your consent to do so.

We will block, delete or anonymise your data after the end of the reason for its processing, in the event of expiry/cancellation of a contractual relationship or if you withdraw your consent, provided continued storage is not mandated by other obligations (e.g. according to storage requirement regulations of the German Commercial Code (HGB).


8. Obligation to provide personal data

You are required to provide us with the necessary personal data in order to access the performance/service you have selected (refer to the description of the respective Services above).

The provision of additional data that is not absolutely essential to conclude the relevant contract or to provide the performance/service you have requested is voluntary.

Any refusal to provide the data required to conclude the contract or to provide the performance/service you have requested may make it impossible for us to provide the contractual performance/service requested or to provide it according to the contract.


9. Rights of the data subject / Right to complain to the supervisory authority

In the following, we will inform you of your legal rights in regard to the personal data we store about you. 

You have the right to:

·       Information whether personal data relating to you is processed and, if this is the case, information on the purpose of the processing and the categories of personal data that are processed, as well as on the recipients/categories of recipients, the planned duration of storage for your personal data, the existence of an automated decision-making process and the existence of a right to rectification, erasure or restriction of processing, and the existence of a right to complain to a supervisory authority (Art. 15 GDPR);

·       Rectification of incorrect or incomplete personal data referring to you (Art. 16 GDPR);

·       Immediate erasure of the personal data referring to you if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; if you have withdrawn consent on which the processing is based and where there is no other legal ground for the processing; if you have objected to the processing; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject and none of the reasons for continued processing/storage according to Art. 17 (3) GDPR are relevant (Art. 17 GDPR);

·       Restriction in processing (Art. 18 GDPR) if the accuracy of the personal data is contested, for a period enabling us to verify the accuracy of the personal data; or the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or if you have objected to processing pending the verification whether the legitimate grounds of HEJPIX override your grounds (Art. 18 GDPR);

·       Receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us, provided the processing of your personal data is based on your consent or a contract and the processing takes place by means of automated methods (Art. 20 GDPR).

Moreover, we instruct that in accordance with Art. 77 (I) GDPR and without prejudice to other legal remedies under administrative law or in court proceedings, you have the right to object to a supervisory authority, especially in the Member State in which you have your habitual place of residence, your place of employment or at the location of the alleged violation, if you believe that the processing of personal data relating to you is taking place unlawfully.


10. Non-existence of automated decision-making

Please be aware that in the use of our Services and the request of our performances/services, you will not be subject to decisions that are made exclusively by automated processing – including profiling – that might have legal implications for you or similarly restrict you in a significant way.