Privacy Policy

Who I am

Enrique Manzano Images
Käthe-Dorsch-Gasse 17
1140 Vienna
Austria
E-Mail: office@manzanoimages.com
Website: https://www.manzanoimages.com

What personal data I collect and why I collect it

Contact form

I offer the possibility to use a contact form on my website to easily get in touch with me. If you use the contact form the following information will be asked for:

  • Name
  • Email
  • Subject
  • Comment or Message

The moment you click the submit button underneath the form the mentioned information will be transmitted and formatted into an email which will be send to me automatically. Alternatively, contact via the provided email address is possible. In this case, the user’s personal data transmitted by email will be stored the same way in my inbox of my web hosts mail system. There is no disclosure of this data to third parties. The data is used exclusively for processing the conversation.

Underneath the contact form I refer to this privacy statement and ask for your consent to the following statement:

I consent to having Manzano Images store my submitted information so he can respond to my comment or message.

Analytics / Statistics

This website is using Matomo, an Open Source, self-hosted software for collecting anonymous and unidentifiable usage statistics for this website. Self-hosted means that no data is sent to third parties (as it would be the case, for example, when using Google Analytics) and therefore does not leave the European Union.

The data is used to analyse the behaviour of the website visitors to identify potential pitfalls like not found pages, search engine indexing issues and to find out which contents are the most appreciated. Once the data (number of visitors reaching not found pages, viewing only one page…) is processed, Matomo is generating reports for website owners to take action, for example changing the layout of the pages, publishing some fresh content… etc.

Matomo is processing the following data:

  • First Party Cookies
    • _pk_id: Expires after 12 months (used to store a few details about the user such as a random unique visitor ID which cannot be used to identify a particular visitor)
    • _pk_ref: Expires after 6 months (used to store the attribution information, the referrer initially used to visit the website)
    • _pk_ses: Expires after 30 minutes (short lived cookie used to temporarily store anonymous data for the visit e.g. pages viewed by the same user)
    • _pk_testcookie: Created and should be then directly deleted (used to check whether the visitor’s browser supports cookies)
    • MATOMO_SESSID: The opt-out feature creates this temporary cookie (it is called a nonce and helps prevent CSRF security issues).
    • piwik_ignore: When you exclude yourself from being tracked using the opt-out feature, Matomo will create this cookie. Please note that it does not contain personal information or any ID and the cookie value is the same for all visitors. It will expire after 2 years to save your choice for future visits (if you don’t delete your cookies in your browser in the meantime).
  • Location of the User – country, region, city, internet service provider (generated using the full IP-address for statistical purposes before the anonymisation mask is applied.) The free IP to City Lite database as well as the free IP to ASN Lite database are in use. Both offer a reduced coverage and accuracy only. Licensed under a Creative Commons Attribution 4.0 International License by DB-IP.
  • Anonymised IP-address by removing the last 2 bytes (e.g. 198.51.xxx.xxx) making it impossible to identify a particular visitor via the IP address
  • Date and time
  • Title of the page being viewed
  • URL of the page being viewed
  • URL of the page that was viewed prior to the current page (if the page allows it)
  • Screen resolution
  • Time in local timezone
  • Files that were clicked and downloaded
  • Link clicks to an outside domain
  • Pages generation time
  • Browser version including plugins (PDF, Flash, Java) 
  • Main Language of the browser
  • User Agent of the browser
  • Site Searches and
  • Not found pages (HTTP header “Status: 404 Not Found”)

The processing of personal data is based on legitimate interests. Processing your personal data such as cookies is helping me identify what is working and what is not on my website. For example, it helps me identify if the way I am communicating is engaging or not and how I can organize the structure of the website better. I am benefiting from the processing of your personal data, and they are directly acting on the website. By processing your personal data, you can profit from a website which is getting better and better. Without the data, I would not be able to provide you the service I am currently offering to you. Your data will be used only to improve the user experience on my website and help you find the information you are looking for.

However you are free to object to the tracking of your (anonymised and unidentifiable) data by using the following opt-out feature or by enabling DoNotTrack in your browser, as Matomo respects this setting by default.

When you visit my website for the first time, you see a small cookie information box in the lower right corner of your screen in which I inform you that my website collects anonymous usage statistics with the help of cookies and I refer you to this privacy policy. In this box you also have the option to object to the tracking of your visit to my website at any time. However, if you have hidden this box with a click on the X, you can still change your mind on each page. Simply click on the 🍪 symbol, which is also located in the lower right corner of your screen. The information box opens again and you can change your selection.

Web Server Log Files

For reasons of operational security, for the creation of access statistics, etc., web server log files are created every time you access my website as a default setting by my hosting company . In compliance with GDPR, these log files are stored for two weeks. The web servers generate logfiles containing the following information:

  • the website (URL)
  • the browser and its version
  • the operating system used
  • the referrer URL (the previously visited page)
  • Host name and IP address of the accessing computer
  • the time of the server request

Since IP addresses are personal data, they are no longer evaluated and displayed in the access statistics of the respective website. The IP addresses have already been removed from old statistics files.

Testimonials / Feedback

After we have been working together I may ask for feedback. This feedback you provided me via email is saved and archived in my inbox of my web host. It is solely published on my front page under the testimonial section. By answering on my feedback request I assume you give your consent to publishing it. It won’t be used for any other purpose. Also feedback from my Facebook page will be copied to the testimonial pages. Thank you for your feedback!

Who I share your data with

No one!

How long I retain your data

Data you provided by using the contact form or by sending me an email directly will be archived just like you probably do within your inbox of your email provider as well. Matomo deletes the anonymous unaggregated statistical data after 13 months. Anonymous and aggregated data are stored for an indefinite period for analysis purposes.

What rights you have over your data

You can request to receive an exported file of the personal data I hold about you, including any data you have provided to me (e.g. submissions using the contact form). You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes as well as anonymous data as I can’t identify a particular visitor.

Where I send your data

Matomo (see Analytics / Statistics), my website data and my mailserver are all hosted in Austria. No data leaves the EU. Website related data (e.g. submissions using the contact form) is handled within the servers of my hosting company, who state on their website it “[…] operates all its services in compliance with the GDPR.” (=”DSGVO”). The client area (https://gallery.manzanoimages.com) on the other hand uses the services of Pixieset and I therefore have to refer to their cookie policy. Access to the gallery itself is possible with a password which is only send to the contractor.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

As it is in my own interest to protect your privacy I use an Instagram Feed plugin to display social media content on my website. This plugin is set up in a way, that it copies and stores images from Instagram on my server so your browser does not need to connect to any third party servers. Sometimes it might happen, that this mechanism is not working and as a result, my website makes requests to Instagram’s servers in order to get the data to populate the feed(s) and to display images and videos. Only these requests make your IP address visible to Instagram, who may use it in accordance with their data privacy policy: https://help.instagram.com/519522125107875

Additional Information

How I protect your data

I try my best to keep your data safe with me by choosing only strong passwords in combination with Two-Factor Authentication (2FA). You may know this procedure from your online banking. My website supports encrypted communication using the https:// protocol. In order to ensure a secure mail delivery, my website also uses an SMTP connection with TLS encryption. Unfortunately, I have to remind you that the Internet of this century is still not a safe zone. Research publications have shown – even industry standard encrypted email communication like S/MIME or OpenPGP is not secure at all (see so called “Efail“). Therefore, please note that due to many vulnerabilities in the structure of the internet itself it is possible that the rules of data protection and the above mentioned safeguards are not observed by other persons or institutions not within my area of responsibility.

Besides I also protect your data by not using the “original” share buttons because those automatically transmit data to the social network sites as soon as you visit any website. You do not need to click on one of these share button for this and therefore have no choice, wether you want your data to be send or not. However, the German computer magazine c’t has developed “Shariff” (ʃɛɹɪf) that follows the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) by implementing the share buttons as static images instead, which contain a link to the corresponding social network site. It is an open-source, low-maintenance, high-privacy solution to enable my visitors to share the content of my website without needless data leaks. If you click on such a button, you will be redirected to the respective social network site in the same way, as normal links would do as well. You now decide for yourself which data you make available to Facebook & Co. by clicking on the share button only if you really want to recommend a post. In fact, by clicking on such a button you agree that your browser connects to the servers of this social network and transmits data. If you do not click on a share button like this, no data will be transmitted. For more information about the Shariff project check out the original GitHub project. For information on the collection and usage of your data on the social network sites please find the terms of use of the respective provider.

What data breach procedures I have in place

Physical safety of the servers shall be guaranteed by the web hosting company itself. Whenever I get to know a data breach myself I have to inform you and the following Austrian Data Protection Authority within 72 hours.

Österreichische Datenschutzbehörde
Wickenburggasse 8-10, 1080 Wien
E-Mail: dsb@dsb.gv.at
Website: https://www.dsb.gv.at

Miscellaneous

Please note: The privacy policy above is just for data you provide using my website. The privacy policy of data which is related to orders of my service can be found in the Terms and Conditions (orig. Germ.: “allgemeine Geschäftsbedingungen”) of our contract at XII. Datenschutz.

Information on copyright, liability, responsibility for contents and editing can be found at the imprint.

Manzano Images