Privacy Policy

Welcome!
If you have found your way here, it is a reliable sign that you value your privacy. We understand this perfectly, which is why we provide you with a document in which, in one place, you will find the rules for the processing of personal data as well as the use of cookies and other tracking technologies in connection with the operation of the guidetophoto.com website.
A formal note to begin with – the administrator of the website is Guide to Photo Nordic, Drevevägen 19G, 705 10 Örebro, Sweden.
This privacy policy has been structured in the form of questions and answers. The choice of this form was dictated by our concern for the transparency and clarity of the information presented to you.
If you have any doubts related to the privacy policy, you can contact us at any time by sending a message to contact@guidetophoto.com.

1. Who is the controller of your personal data?
The controller of your personal data is Guide to Photo Nordic, Drevevägen 19G, 705 10 Örebro, Sweden.
The hosting provider of the website is Hostinger, which provides the server infrastructure and mechanisms supporting the security and availability of the website.

2. Who can you contact regarding the processing of your personal data?
For matters related to the protection of personal data and privacy in the broad sense, you can contact us at the e-mail address contact@guidetophoto.com.

3. What information about you do we possess?
The scope of personal data processed is indicated separately for each processing purpose in Annex No. 1 to this privacy policy.
Moreover, we use tools that collect information about you related to your use of our website. Depending on the tool and settings, these may include in particular:

  • information about your device, operating system and web browser,
  • IP address,
  • date of visiting the website,
  • subpages viewed,
  • time spent on the website,
  • transitions between individual subpages,
  • clicks on individual links,
  • the source from which you access the website.

This information is referred to later in this privacy policy as “Anonymous Information”.
In our opinion, Anonymous Information, in itself, does not constitute personal data, because it does not allow us to identify you, and we do not combine it with the typical personal data that we collect about you. Nevertheless, taking into account the strict case-law of the Court of Justice of the European Union and differing opinions among lawyers, out of caution – in case Anonymous Information were to be classified as personal data – we have also included in this privacy policy detailed explanations regarding the processing of such information.

We are not able to provide you with access to Anonymous Information about you, because we cannot attribute it to a specific user. From the level of the tools collecting Anonymous Information, we have access only to a set of statistics and information not assigned to specific individuals. Moreover, we do not have access at all to the information collected by some tools – we are only interested in the proper functioning of the features provided by a given tool.

The processing of Anonymous Information makes it possible to ensure that you can use the functionalities available on the website. In addition, Anonymous Information may be used for analytical, statistical and marketing purposes, including measuring the effectiveness of promotional activities.
Since Anonymous Information is collected by external tools that we use, Anonymous Information may also be processed by the providers of those tools – under the rules resulting from their terms and privacy policies.

The tools we use that involve the collection of Anonymous Information are listed in Annex No. 2 to this privacy policy.

4. Where do we obtain your personal data from?
In most cases, you provide it to us yourself. This happens when you:

  • register a user account
  • complete your user profile,
  • place an order,
  • submit a complaint or withdraw from a contract,
  • subscribe to the newsletter,
  • contact us via e-mail,
  • submit a request related to the processing of personal data,
  • follow our profiles on social media or interact with the content we publish on social media.

In Annex No. 1 to this privacy policy, we have assigned the source of data acquisition to each processing purpose.

In addition, some information about you may be collected automatically by the tools we use:
the website mechanism collects your IP address,
the newsletter system mechanism collects your IP address and information about your activity in relation to the content sent to you within the newsletter (e.g. message openings, link clicks),
external tools listed in Annex No. 2 collect Anonymous Information related to your activities within the website.

5. Are your data safe?
We take care of the security of your personal data. We have analysed the risks associated with individual processes of processing your data and then implemented appropriate security and personal data protection measures. We continuously monitor the state of the technical infrastructure, review the procedures in place and introduce necessary improvements.

If you have any questions regarding your personal data, we are at your disposal at contact@guidetophoto.com.

6. For what purposes do we process your personal data?
The purposes of processing your personal data are listed in Annex No. 1 to this privacy policy.

7. How long will we store your personal data?
We store your personal data for as long as is justified within the given purpose of personal data processing, and therefore the processing periods differ depending on the purpose – their specification can be found in the table constituting an annex to the privacy policy.
Remember that the completion of the processing of your data within one purpose does not necessarily have to lead to the complete deletion or destruction of your personal data, because the data may be processed within another purpose for the period indicated for that purpose.

8. Who are the recipients of your personal data?
We dare say that modern business cannot function without services provided by third parties. We also use such services. Some of these services involve the processing of your personal data. External service providers who participate in the processing of your personal data include:

  • the hosting provider who stores data on the server,
  • the e-mail service provider,
  • providers of cloud software in which data is processed,
  • the accounting office that processes your data visible on invoices,
  • the entity providing technical support services, which gains access to data if the technical work carried out concerns areas where personal data is located,
  • other subcontractors who gain access to data if the scope of their activities requires such access.

All the entities listed above process your data on the basis of data processing agreements concluded with us and guarantee an appropriate level of personal data protection.
If necessary, your data may be made available to a legal advisor or attorney bound by professional secrecy – to the extent necessary to provide legal assistance.

Your personal data may also be transferred to tax authorities to the extent necessary to fulfil tax, settlement and accounting obligations.
Furthermore, when it comes to Anonymous Information, access to it may be granted to providers of tools or plugins that collect Anonymous Information. The providers of these tools may be independent controllers of the data collected therein and may share this data under the rules set out in their own terms and privacy policies.

9. Do we transfer your data to third countries or international organisations?
Yes, some operations involving the processing of your personal data may involve transferring it to third countries.
We transfer your personal data to third countries in connection with the use of tools that may store data on servers located outside the European Economic Area (EEA), in particular in the USA. The providers of these tools declare the use of compliance mechanisms provided for by the GDPR, in particular standard contractual clauses.
Tools that may involve transferring data to third countries include:

  • E-mail,
  • cloud services.

The following information may be transferred to third countries:

  • data stored in the cloud,
  • data contained in e-mail correspondence.

We also remind you that we use external tools that may collect Anonymous Information. The providers of these tools often use servers located all over the world, including in the USA, to store the collected information.

10. Do we use profiling? Do we make automated decisions based on your personal data?
We do not make decisions about you that are based solely on automated processing, including profiling, which would produce legal effects concerning you or similarly significantly affect you.
We may carry out marketing activities and measure their effectiveness (for example through statistics), but we do not use automated decisions that would change the terms of a contract or your situation as a user of the website.

11. What rights do you have in connection with the processing of your personal data?
The GDPR grants you the following potential rights related to the processing of your personal data:

  • the right of access to your data and to receive a copy of it,
  • the right to rectify (correct) your data,
  • the right to delete data,
  • the right to restrict data processing,
  • the right to object to data processing,
  • the right to data portability,
  • the right to withdraw consent to the processing of personal data (if it was the basis),
  • the right to lodge a complaint with a supervisory authority.

12. Do we use cookies or other similar technologies and what exactly are they?
Our website, like almost all other websites, uses cookies and other similar technologies, such as tags or pixels, conversion APIs, etc.
By using cookies or other similar technologies, certain information may be collected and subsequently used for various purposes, ranging from ensuring the proper functioning of specific website features, through analysing user behaviour on the website, to measuring the effectiveness of promotional activities.

13. On what basis do we use cookies or other similar technologies?
We use cookies and other similar technologies on the basis of your consent, except in situations where cookies or other similar technologies are necessary for the proper provision of an electronic service to you.

14. Can you disable cookies or other similar technologies?
Yes, you can manage the settings of cookies or other similar technologies within your web browser. You can block all or selected cookies. You can also delete previously saved cookies and other site and plugin data.

15. For what purposes do we use our own cookies?
Our own cookies are used to ensure the proper functioning of individual website mechanisms (for example, the proper operation of forms).
Information about the consent you have given to cookies may also be stored in our own cookies.

16. Which third-party cookies are used?
Within our website, cookies or other similar technologies of third parties related to the tools listed in Annex No. 2 to this privacy policy are in operation.

17. Do we track your behaviour within our website?
Yes, we use tools that involve collecting information about your activities on our website. These tools are listed in Annex No. 2 to this privacy policy.

18. Do we direct targeted advertisements to you?
We carry out promotional activities (for example campaigns on social media and other forms of marketing) and we also measure their effectiveness. This does not exclude the possibility that external advertising platforms may use their own targeting mechanisms within their services.
At the same time, we note that we do not conduct remarketing based on additional tracking tools installed on the website (e.g. advertising pixels) – unless such tools are introduced in the future and described in an updated version of the policy and in the cookie settings.

19. How can you manage your privacy?
Below you will find a list of options for managing your privacy: 

  • cookie settings within the web browser,
  • browser plugins supporting cookie management (e.g. Ghostery),
  • incognito mode in the web browser,
  • settings on the side of external tool providers (references in Annex No. 2).

20. What are server logs?
Using the website involves sending requests to the server on which the website is stored. Each request made to the server may be recorded in the server logs.
Logs may include, among other things, your IP address, server date and time, information about the web browser and operating system. The data stored in the server logs is not associated with specific individuals using the website and is not used by us to identify you.

21. Is there anything else you should know?
If anything is unclear to you, you want to learn more or simply talk about your privacy, write to us at contact@guidetophoto.com.

22. Can this privacy policy be subject to change?
Yes, we may modify this privacy policy, in particular due to technological changes on the part of our website and changes in legal regulations. If the change affects the rules for the processing of your personal data and we possess your electronic contact details, you will receive a message about each change to the privacy policy.
This Privacy Policy content has been in force since 2025-12-28.

Annex No. 1 – purposes of personal data processing
Purpose of processing. Legal basis for processing. Scope of processed data.Data storage period.Source of data acquisition
Handling correspondence. Art. 6 sec. 1 letter f GDPR – legitimate interest consisting in responding to messages.E-mail address, data contained in correspondence.Until the end of the exchange of correspondence.Incoming message
Handling the e-mail newsletter. Art. 6 sec. 1 letter a GDPR – consent of the data subject.E-mail address, IP address, subscriber profile and engagement statistics.Until withdrawal of consent or unsubscription.Subscription form, mailing system mechanism. Handling the user account. Art. 6 sec. 1 letter b GDPR – performance of a contract for the provision of an electronic service.Data from account registration, IP address, data voluntarily provided in account settings.Until the account is deleted.Registration form, website mechanism.
Handling the user profile card. Art. 6 sec. 1 letter b GDPR – provision of an electronic service related to the profile.IP address, data provided in the profile.Until the profile card is deleted.Profile form, website mechanism
Order handling. Art. 6 sec. 1 letter b GDPR – conclusion and performance of a contract.Data from the order form, IP address, order details.Until completion of the contract performance.Order form, website mechanism
Satisfaction survey. Art. 6 sec. 1 letter f GDPR – legitimate interest consisting in collecting feedback.Data from the order, order details.Until completion of the survey.Order form
Handling complaints. Art. 6 sec. 1 letter f GDPR – legitimate interest consisting in handling complaints.Data provided in the complaint, details of the complaint.Until completion of the procedure.Complaint
Handling withdrawal from a contract. Art. 6 sec. 1 letter f GDPR – legitimate interest consisting in handling the withdrawal procedure.Data provided in the withdrawal statement.Until completion of the procedure.Withdrawal statement
Accounting. Art. 6 sec. 1 letter c GDPR – legal obligation.Data visible in the sales document.For the period required by tax regulations.Order form
Handling the affiliate program / affiliate links. Art. 6 sec. 1 letter b GDPR – performance of a contract (if you conclude a separate contract) or Art. 6 sec. 1 letter f GDPR – legitimate interest consisting in settling affiliate cooperation.Data necessary to settle cooperation (scope depends on the model).For the duration of cooperation and settlements.Data provided within cooperation / settlements
Handling social media. Art. 6 sec. 1 letter f GDPR – legitimate interest consisting in running profiles.Public profile data, content of interactions.Until deleted by the user on the social media platform.Social media services
Analysis and statistics. Art. 6 sec. 1 letter f GDPR – legitimate interest consisting in analysing traffic and optimising the website.Anonymous Information.Until usefulness ceases or an objection is lodged.Analytical scripts/tools
Handling data-related requests. Art. 6 sec. 1 letter c GDPR – legal obligation.Data provided in the request, content of the request.Until completion of the procedure.User request
Archive. Art. 6 sec. 1 letter f GDPR – legitimate interest consisting in securing claims and demonstrating compliance.Data of various scope.Until limitation of claims / liability.All sources depending on the purpose.

Annex No. 2 – list of external tools
Tool.Provider.Purpose of use
Google Analytics.Google LLC.Analysis and statistics related to the behaviour of visitors to the website.
reCAPTCHA.Google LLC.Verification whether the user is a human and not a bot (form protection).
YouTube.Google LLC.Embedding video materials from the YouTube service.
Vimeo.Vimeo.com, Inc..Embedding video materials from the Vimeo service. Bokio.Bokio AB.Accounting and invoicing.

The Privacy Policy has been prepared with the support of a law firm, in accordance with the applicable personal data protection regulations.