0 Empty Basket

    Your basket is currently empty

    Checkout

      You don't have any saved projects.

      Save 30% on photo books

      {"openPopupId":""}
      {"openPopupId":""}
      {"openPopupId":""}

      PRIVACY POLICY FOR Pictino ApS

      Updated September 23, 2025

      DATA CONTROLLER

      WE TAKE YOUR DATA PROTECTION SERIOUSLY

      We process personal data and have therefore adopted this privacy policy, which tells you how we handle your data. To best protect your personal data, we continuously assess the level of risk that our data processing may negatively affect your fundamental rights. We are especially attentive to risks of discrimination, identity theft, financial loss, damage to reputation, or loss of data confidentiality. If decisions we need to make depend on processing sensitive personal data, biometric data, or information about criminal matters about you, we conduct an analysis of the impact the processing has on your privacy. This analysis is conducted before we begin processing your personal data.

      CONTACT INFORMATION

      Pictino ApS is the data controller, ensuring that your personal data is processed in accordance with the law.
      Contact information:
      Contact person: Pictino ApS
      Address: Skejby Nordlandsvej 311, 8200 Aarhus N
      CVR: 36088966
      Email: info@pictino.com
      Website: www.pictino.com

      WE ENSURE FAIR AND TRANSPARENT DATA PROCESSING

      When we ask you to provide your personal data, we inform you of what data we process and for what purpose. You will be informed at the time your personal data is collected. We do not obtain information from other parties.

      PROCESSING OF PERSONAL DATA

      WE USE THESE TYPES OF DATA ABOUT YOU

      We use data about you to improve our service and ensure the quality of our products, services, and our interactions with you.
      The data we use includes:
      General personal data. Used to deliver your order.
      Sensitive data. Used to personalise products.
      Data about interests and habits. Used to show relevant and interesting content.
      Internet traffic data. Used to learn from our visitors and how they use our website.
      Transaction data. Used to handle your order.
      Unique IP numbers on network devices. Used to prevent and combat abuse and illegal behavior.
      We do not aggregate data.

      WE COLLECT AND STORE YOUR PERSONAL DATA FOR SPECIFIC PURPOSES

      We collect and store your data in connection with specific purposes or other legitimate business purposes. This happens when needed for:
      Processing your purchase and delivering our service
      Fulfilling your request for products or services
      Improving our products and services
      Administration of your relationship with us
      Fulfilling legal requirements
      We may need to use your personal data for a different purpose from the one it was collected for. Unless you consent to such a new use, we will assess whether the original purpose of the collection is compatible with the new purpose, taking into account the sources of your data and whether we need to use general or sensitive information. We also assess whether use for the new purpose will negatively affect your freedom of action.

      WE ONLY PROCESS RELEVANT PERSONAL DATA

      We only process data about you that are relevant and sufficient for the purposes defined above. The purpose is decisive for what type of data is relevant to us, as well as the scope of the data we use. For instance, we do not use more data than we need for the specific purpose.
      Before processing your personal data, we assess if it is possible to minimise the amount of data about you. We also assess if some types of data we use can be anonymised or pseudonymised. We do this if it does not negatively affect our obligations or the services we offer you.

      WE ONLY PROCESS NECESSARY PERSONAL DATA

      We only collect, process and store the personal data needed to fulfil our stated purposes. Furthermore, laws may require the collection and storage of certain types of data for our business operations. The type and amount of personal data we process may also be necessary to fulfil a contract or another legal obligation.
      We make sure that we only process data necessary for each of our specific purposes. Our IT systems are designed such that only the necessary amount of data is collected. It is also ensured that the processing is not unnecessarily extensive, and that storage time is not too long.
      To protect your data from unauthorised access, we use solutions that automatically ensure data is only accessible to relevant employees. There are also protections in place to prevent an unlimited number of people from accessing data.

      WE CHECK AND UPDATE YOUR PERSONAL DATA

      Since our service depends on your data being correct and up to date, we ask that you inform us of relevant changes to your data. You can use the contact details above to provide us with updates.
      To assure the quality of your data, we have established internal rules and procedures for checking and updating your personal data.

      WE DELETE YOUR PERSONAL DATA WHEN THEY ARE NO LONGER NEEDED

      We delete your personal data when they are no longer necessary for the purpose that was the reason for our collection, processing, and storage. Certain data will be retained for up to 5 years to comply with applicable law.

      WE OBTAIN YOUR CONSENT BEFORE PROCESSING YOUR PERSONAL DATA

      We will obtain your consent before processing your personal data for the purposes described above, unless we have a legal basis to do so without consent. We will inform you of such a basis and our legitimate interest in processing your personal data.
      Your consent is voluntary, and you may withdraw it at any time by contacting us (see contact info above).
      If we wish to use your personal data for a different purpose than the original, we will inform you of the new purpose and ask for your consent before starting the processing. If we have another legal basis for the new processing, we will inform you.

      WE WILL NOT DISCLOSE YOUR PERSONAL DATA WITHOUT YOUR CONSENT

      If we disclose your personal data to partners or other parties, e.g. for marketing purposes, we will obtain your consent and inform you about what your data will be used for. You can object to this at any time.
      We do not require your consent if we are legally obligated to disclose your data, e.g. as part of reporting to authorities.
      We will obtain your consent before passing your personal data to partners in third countries (outside the EU/EEA). If we do so, we ensure that their data protection level matches the requirements set by this policy and applicable laws, including requirements concerning data processing, information security, and the rights you have regarding, for example, objecting to profiling and submitting complaints to the Data Protection Authority.

      CREATION AND RESPONSIBILITY FOR USER ACCOUNTS

      User accounts are free and can be created by anyone aged 16 or older. When creating an account, you must provide your mobile number, email address, name, and address. You are responsible for ensuring this information is correct and kept up to date.

      Security

      WE PROTECT YOUR PERSONAL DATA AND HAVE INTERNAL RULES ON INFORMATION SECURITY

      We have established internal rules on information security, containing instructions and measures that protect your personal data from being destroyed, lost, altered, disclosed, or accessed by unauthorised persons. We have established procedures for assigning access rights to employees who process sensitive personal data and information about personal interests and habits, and we monitor access via logging and supervision. We make regular backups to avoid data loss. Confidentiality and data authenticity are protected through encryption.
      In the event of a security breach that results in a high risk to you, e.g. discrimination, ID theft, financial loss, reputation damage, or other significant disadvantage, we will inform you as soon as possible and report the incident to the police.

      DATA PROCESSORS

      We exchange data with the following processors to deliver our products to you:


      Adyen
      When you initiate a payment, it is handled by Adyen, one of the world’s largest payment providers, managing communication with PayPal, MobilePay, Visa, or MasterCard. All communication is encrypted.


      Amazon Web Services, Inc.
      Emails are delivered through Amazon Web Services. All communication is encrypted.


      Google Ireland Limited
      When you click a Google ad, we store a click ID, which we can use later if you return and make a purchase.


      Meta Platforms
      To remind you of incomplete purchases, we save a unique ID only known to Meta, which is used to show you ads reminding you to complete your purchase.


      We have entered data processing agreements with all our processors, dictating how they handle our and your data. If we believe a given partner does not treat data with respect for privacy, we immediately terminate the collaboration and have them delete all data.

      USE OF COOKIES

      COOKIES, PURPOSE AND RELEVANCE

      We use cookies to identify you and your devices, register your behavior, optimize our website, create a profile of you, and provide targeted digital marketing both through our own media and via third parties.

      WHAT ARE COOKIES?

      You can read more here: Wikipedia: Cookie

      THIRD-PARTY COOKIES

      This website uses tracking programs from Google Analytics, Google AdWords, Microsoft Bing Ads, and Facebook, which may also set cookies and store/access saved data about you, share it with us, and display targeted content on social media. Embedded social media content may be used in marketing (e.g. from Google or Facebook). If you interact with embedded content, your behavior is tracked by third parties and may be linked by the social media to your social profile. This processing is outside our control and is solely a matter between you and the social media.

      OPTING OUT OF COOKIES

      If you don’t want us to collect/store data about you, you can disable cookies in your browser settings. How to do this depends on your browser. You can read how to do this for Firefox , Google Chrome or Internet Explorer, Windows 7, 8.1 og 10 .

      YOUR RIGHTS

      YOU HAVE THE RIGHT TO ACCESS YOUR PERSONAL DATA

      You have the right at any time to know what data we process about you, where it originates, and what we use it for. You can also know how long we store your data and who may receive your data in Denmark or abroad. If you request it, we can provide you with copies of the data we process about you, but access may be limited to safeguard other individuals’ privacy, business secrets, or intellectual property. You can request your data here: Send me my data.

      YOU HAVE THE RIGHT TO HAVE INCORRECT DATA CORRECTED

      If you believe the data we process about you is incorrect, you are entitled to have it corrected. Contact us with details of the inaccuracies and how they should be corrected. When you request a correction, we investigate whether the conditions are met and, if so, make changes as soon as possible.

      YOU HAVE THE RIGHT TO HAVE YOUR DATA DELETED/ANONYMISED

      You can at any time request to have your data deleted or anonymized to the extent permitted by law. Request deletion/anonymization of your data.. Please note that the Act requires us to keep some data for up to 5 years. This includes invoices.

      YOU HAVE THE RIGHT TO OBJECT TO OUR PROCESSING OF YOUR DATA

      You have the right to object to our processing of your personal data, as well as to our disclosure of your data for marketing purposes. Use the contact details above to submit your objection. If your objection is justified, we cease processing your data. You have the right to receive the data you have provided to us, and those we have collected about you from others with your consent. If we process data about you as part of a contract you are party to, you can also receive your data. You also have the right to transfer your data to another service provider. If you wish to exercise your right to data portability, you will receive your personal data from us in a commonly used format. If you want to access, correct, or delete your data, or object to our processing, we will review your request and respond as quickly as possible, and at the latest within one month after receiving your request.

      COMPLAINTS

      If you believe we are not meeting our obligations, you may contact our data controller at dpo@pictino.com. If you still believe that we are not complying with our obligations, you can complain to the Information Commissioner’s Office, tel. 0303 123 1113, www.ico.org.uk.