General Terms and Conditions (GTC) of POSTANDO GmbH

1. Scope of application and legal basis

The following General Terms and Conditions (GTC) include pre-formulated and simplified clauses which apply as a contractual basis between the operator of the internet platform, the company Postando GmbH and you as a customer or client.

We hereby advise explicitly that any other GTC, e. g. the GTC of our customers, do not apply in any way.

2. Conclusion of contract

By ordering our services the customer accepts our General Terms and Conditions. The order is passed when the customer confirms the payment method of his choice, and it is considered legally binding. This applies to orders passed via internet, but also via internet-enabled devices like smartphones or tablets by using the associated applications.

Subject to the transmission of illicit or immoral content by the customer or in case the latter violates any applicable law, the operator is entitled to withdraw from this contract.

3. Scope of services

  • The contract includes the production and the dispatch of a Postando (postcard / greeting card) designed by the customer to a receiver’s address indicated by the customer.
  • The transport of this Postando will be carried out by a German mail-order company.
  • The operator’s service is accomplished once he has transmitted the Postando to the mail-order company.
  • The operator is not obliged to check the transmitted data for correctness, completeness or for compliance with legal provisions.
  • The operator does not assume any liability for any defects caused by the data transmitted by the customer.
  • In the context of promotion or voucher campaigns which allow the customer to send one or more free or price-reduced Postandos, the operator reserves the right to place recommendations or advertisements of other companies on these postcards.
  • In case the content violates a copyright, the protection of competition or any other third party rights, the operator is released from any liability for third party claims.

4. The customer’s obligations

The customer is obliged to check the data for correctness before transmitting them to the operator. This applies especially for the quality and the print space of the inserted graphics, but also for the correctness of the indicated receiver’s address. A control by the operator does not take place. The customer assumes the risk of undeliverability to the transmitted receiver data.

Any defects caused by the operator have to be reported to the latter without delay. After two weeks, the operator is released from any recourse claims.

5. Prices, maturity and reminders

The prices indicated by the operator are final prices and include the legal VAT and all dispatch costs. The payment is due in advance immediately after the conclusion of the contract. The payment is carried out via a payment method selected by the customer, who can choose from the following methods: credit card, voucher, PayPal. Credit card billings are carried out by PAYONE GmbH · Fraunhoferstraße 2-4 · 24118 Kiel, Germany – Company domicile: Kiel – District court Kiel HRB 6107 – Chief executive manager: Carl Frederic Zitscher, Jan Kanieß – A company of Sparkassen-Finanzgruppe.

6. Copyright

The customer will respect the applicable law concerning the pictures, graphics or photos that he transmits to the operator in order to produce a Postando, and also concerning the content of his personal message that he wants to be transmitted to the receiver. The customer will ensure that no third party’s rights, especially copyrights and privacy rights, will be violated. The customer will release the operator from all kinds of third party claims deriving from the illegality of the pictures transmitted to the operator in order to produce a postcard, from the content of the personal message written to the receiver of the postcard and/or from the violation of any third party’s rights. Furthermore, the customer will also bear the reasonable costs of the operator’s legal defense.

To produce and to dispatch the Postando, the customer grants the operator a simple right to use the transmitted pictures, photos and texts; this simple right of use is unlimited in time and scope.

The operator cannot be obliged to produce and / or dispatch postcards that are obviously contrary to accepted morality or that violate any legal provisions. The operator will immediately inform the client about the non execution of an order.

7. Liability and warranty

The operator does not accept any warranty for differences in color between the print products and the original data. Furthermore, no complaints will be accepted that can be traced back to a faulty quality of the original picture, e. g. if the resolution of the original picture is not sufficiently high.

The operator will realize all orders at the shortest possible notice. Thus, an insignificantly late delivery does not authorize an acceptance refusal. We do not assume any liability for defects caused by transport.

The warranty is subject to the statutory provisions. For all defects of the ordered postcard incurring during the statutory warranty period, the legal rights to rectification, to correction of deficiencies or to delivery of a deficiency-free item apply, according to your choice. In case the legal conditions are fulfilled, the customer can also choose from the right to diminution or withdrawal as well as to damages including the compensation of the defect instead of the fulfillment, and a compensation of his efforts in vain. Next to this, no further individual or producer warranties exist.

8. The right of withdrawal

All realized print products are individually produced according to the customer’s wishes and adapted to his personal needs. Thus, the right of withdrawal from an order is excluded in accordance with § 3 para.2 no. 1 Fernabsatzgesetz (distance selling act).

9. Data protection

The operator only saves and processes the data that are necessary for the accomplishment of the service. The customer’s personal data are only passed on to third parties (our business partners) involved into the fulfillment of the contract, e. g. the logistic company that assures the transport of the postcard and the banking institution authorized for the processing of the payment. In these cases, only a minimum of the relevant data are passed on. Furthermore, your data might eventually be used in the context of internal analyses at the operator.

The operator is obliged to treat confidentially all data of the receiver, the personal data of the customer as well as the personal message that are transmitted to him in the context of the service. He is obliged to respect the privacy of posts and telecommunications, the data protection regulation of postal operators and all legal provisions.

10. Other provisions

  • There are no additional or deviating provisions to these General Terms and Conditions.
  • German law applies.
  • The place of performance and jurisdiction is Frankfurt/Main.
  • Should one or more provisions be or become inefficient, the efficiency of the other provisions remains unaffected.

Privacy Statement

The object of this privacy statement is the protection of personal data, which is particularly important to us. The following notes explain how we process your personal data. A possible processing takes place, of course, within the framework of the General Data Protection Regulation (GDPR).

By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of which they are entitled.

0. Definitions

The data protection declaration of the Postando GmbH is based on the European Legislator for the Adoption of the General Data Protection Regulation (GDPR). In this data protection declaration, we use, the following terms:

  • a) Personal data

Personal data means any information pertaining to an identified or identifiable natural person (“data subject”).

  • b) Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

  • c) Processing

Processing or setting up of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • d) Pseudonymisation

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the additional information provided that the personal data are not attributed to an identified or identifiable natural person.

  • e) Controller or controller responsible for the processing

Controller or controller responsible for the processing of the person or public person, public authority, agency or other body which, alone or with others, determines the purposes and means of the processing of personal data.

Controller or controller responsible in the General Data Protection Regulation (GDPR)

Postando GmbH, Rotlintstrasse 126, 60389 Frankfurt, Germany (Tel .: +49 698 3048 – 066 ; E-Mail: )

  • f) Processor

Processor is a natural or legal person, public authority, agency or other body.

  • g) Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

  • h) Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

  • i) Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1. Subject to data protection policy

The visit of our website or the use of our Postando Postcard App is possible without the specification of personal data.

The website of the Postando GmbH or the Postando Postcard App collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information.

When using these general data and information, the Postando GmbH does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

If you want to contact us via our contact form, however, we need your personal data, e.g. name, address, telephone number, or e-mail address to process your request. If data are collected in this context, this is solely for the purpose of processing your request. Your personal data will not be passed on to third parties unless this is necessary for the provision of the service or for the execution of the contract.

If you have installed our app and use until placing an order, it is necessary to collect, store and process certain user data (like email address, receiver address and payment type) to be able to provide our service.

2. Google Analytics, Firebase and cookies

The websites of Postando GmbH use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”. “Cookies” are text files that are stored on your computer and allow you to analyze your usage behaviour of the website.

The information about your usage behaviour generated with the help of the cookie is then transmitted to a Google Inc. server in the USA where it is stored. To ensure the greatest possible protection of your data, this website uses the IP anonymization tool “anonymizeIP”, which shortens your IP address prior to the transfer to the US in a way that the transmitted IP address does not permit to reveal any conclusions about your identity. For more information, please visit:

In exceptional cases, the full IP address may be transmitted to a Google server in the United States. The shortening then takes place there. On behalf of the operator of this website, Google will use this information to evaluate your website’s use behaviour to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator. The data transmitted in this context is only used for the evaluation of your usage behaviour and is not brought together with other data from Google. You can prevent the storage of cookies on your computer by using appropriate browser settings. However, we would like to draw your attention to the fact that in this case you will not be able to use all the functions of this website in its entirety.

If you do not wish that Google processes the data generated by the cookie, you can prevent it by downloading and installing the browser plug-in available at

We also use the Google Firebase service to analyze and categorize user groups to optimize our service and to inform via push notifications.

Firebase is a real-time database that lets you embed real-time information into your own website or app. Here, the user data is sent to Firebase anonymously. Firebase is a Google subsidiary based in San Francisco, CA. The Firebase privacy policy can be found at

For more information on the terms of use and privacy, please visit or

3. Facebook Pixel und SDK

Our website uses Facebook pixels and our app uses the Facebook SDK for the conversion of visitors’ campaigns.

With your consent, which you have given by confirming the appropriate button in a pop-up window on our homepage,

“Our website uses Facebook pixels for the conversion of visitors campaigns. By using this website you agree to the use of the Facebook’s visitor action pixel.”

we use the “visitor action pixel” of the

Facebook Inc.
1601 S. California Ave,
Palo Alto, CA 94304, USA

within our Internet presence.

This tool allows to track users’ behaviour after being redirected to the vendor’s website by clicking on a Facebook ad. This enables Facebook to evaluate the effectiveness of Facebook advertising and to evaluate the results for statistical and market research purposes. This allows future advertising measures to be optimized.

The collected data are anonymous for us. Therefore we cannot draw any conclusions about the identity of the users. However, Facebook’s data is stored and processed so that it can be connected to the respective user profile and Facebook can use the data for its own advertising purposes, according to the Facebook data guideline. This can be found at the following link:

You can enable Facebook as well as its partners to turn advertising ads on and off Facebook. For this purpose, a cookie can be stored on your computer.

A consent to the use of the “visitor action pixel” may only be declared by users older than 13 years of age. Younger users need to ask their educators for their consent.

4. Subscription to our newsletters

On the website of the Postando GmbH or within the Postando Postcard App, users are given the opportunity to subscribe to our enterprise’s newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.

The Postando GmbH informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter.

The newsletter of the Postando GmbH contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the Postando GmbH may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties.

5. Contact possibility via the website or app

The website of the Postando GmbH or the Postando Postcard App contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

6. Comments function in the blog on the website

The Postando GmbH offers users the possibility to leave individual comments on individual blog contributions on a blog, which is on the website of the controller. A blog is a web-based, publicly-accessible portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in so-called blogposts. Blogposts may usually be commented by third parties.

If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information on the date of the commentary and on the user’s (pseudonym) chosen by the data subject. In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also logged. This storage of the IP address takes place for security reasons, and in case the data subject violates the rights of third parties, or posts illegal content through a given comment. The storage of these personal data is, therefore, in the own interest of the data controller, so that he can exculpate in the event of an infringement. This collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the aim of the defense of the data controller.

7. Routine erasure and blocking of personal data

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

8. Rights of the data subject

Each data subject shall have the right granted by the European legislator;

  • to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed
  • to obtain from the controller free information about his or her personal data stored at any time and a copy of this information
  • to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her
  • to obtain from the controller the erasure of personal data concerning him or her without undue delay whenever no lega grounds applies and as long as the processing is not necessary
  • to obtain from the controller restriction of processing where a legal ground applies
  • to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format
  • to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR.  This also applies to profiling based on these provisions
  • to withdraw his or her consent to processing of his or her personal data at any time

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact an employee of the Postando GmbH.

9. Data protection for applications and the application procedures

The data controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure.

10. Payment Method: Data protection provisions about the use of PayPal, direct banking or credit card as a payment processor

On this website or in the Postando Postcard App, the controller has integrated components of PayPal, direct banking or the payment via credit card.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

The operating company of direct banking or credit card payment is  BS PAYONE GmbH, Lyoner Straße 9, D-60528  Frankfurt/Main , Germany.

If the data subject chooses “PayPal”, direct banking or “credit card” as the payment option during the ordering process, we will automatically transfer the data to the data subject to PayPal, direct banking or the respective credit card provider (eg VISA or Mastercard ). By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.

Version  04.05.2018