Privacy policy for recipients of greeting cards and postcards (privacy policy for data not collected from the data subject pursuant to Art. 14 GDPR)

With the offer of GmbH, Hohenzollerndamm 3, 10717 Berlin (“MyPostcard“ or “we“), customers of MyPostcard can send greetings and postcards to natural persons (“recipients“) and store information about recipients in an address book in the MyPostcard app. In this context, MyPostcard stores personal data of Recipients that MyPostcard does not collect directly from the data subject. This privacy policy informs recipients about the personal data processed by MyPostcard and their rights in accordance with Art. 14 GDPR.

Note: Insofar as you are a customer of the MyPostcard offer or visit our website, you will find information about the processing of your personal data and your rights in our “Privacy Policy for the Services of GmbH“ at

1.    Responsible person and contact details data protection officer

The person responsible for the processing of personal data pursuant to Art. 4 (7) GDPR is: GmbH
Hohenzollerndamm 3
10717 Berlin

If you have any questions regarding the collection, processing or use of your personal data, or if you wish to obtain information, correct, block or delete data, please contact our data protection officer directly at or via our postal address with the addition of “the data protection officer“.

2.    Processing purposes and legal bases, protection of your legitimate interests

Users of the MyPostcard services may provide and store personal data concerning third parties within the framework of the functionalities made available to them. This relates to the following functionalities and personal data:

  • Users of the MyPostcard services have the possibility to design personalised postcards and greeting cards and send them to third parties. In this context, users provide the name/first name and address of the recipient. We process this data in order to fulfil the user's order for the purpose of sending the greeting and postcard and thus to fulfil our contractual obligation towards the user. Without the processing of this data, proper handling of the user's dispatch order is not possible. We have a legitimate interest in fulfilling dispatch orders placed by our users. The legal basis for processing the data collected from third parties, i.e. you, for this purpose is Art. 6 (1) sentence 1 lit. f GDPR.

  • Users also have the option to create an address book to access contacts to whom users have already sent postcards and greeting cards via our services, or to manually add contacts themselves. In this case, users can provide third parties with their surname, first name, address, an email address, telephone number, date of birth and relationship to the person (family, friends, business, etc.). We also offer users the option of automatically adding contacts from the contacts stored on their terminal device and saving them in their address book in our services. In doing so, the contacts saved by the user on their terminal device are transferred to the address book in our services with their surname, first name, address and - if stored by the user - date of birth and e-mail address. We process this data from third parties in order to offer our users the possibility to save contacts in our services, to create a digital address book, and to enable our users to simplify the integration of addresses in greeting cards and postcards. This is also our legitimate interest or the legitimate interest of the user. The legal basis for processing the data collected from third parties, i.e. you, for this purpose is Art. 6 para. 1 sentence 1 lit. f GDPR.

  • Insofar as users have also stored a date of birth of contacts in their address book in our services or the date of birth has been transferred to the address book in our services when accessing the contacts on the terminal device, users will receive reminders of upcoming birthdays of their contacts stored in the address book by push notifications and/or by e-mail. We have a legitimate interest in drawing the attention of existing customers to our offer to send greeting cards and postcards through service reminders of upcoming birthdays of their contacts. Our users have a legitimate interest in using this service to receive reminders. The legal basis for processing the data collected from third parties, i.e. you, for this purpose is Art. 6 (1) sentence 1 lit. f GDPR.

Under no circumstances do we process the data entered or transmitted by our users themselves regarding their contacts in the address book in order to contact you ourselves.

We ensure the protection of the rights and freedoms and the legitimate interests of the third party concerned by means of appropriate technical and organisational security measures such as e.g. encryption of the data.

3.    Categories of data

The categories of personal data collected from third parties in accordance with section 2 above are as follows

  • Master or basic data (surname, first name, date of birth, if applicable)

  • Contact details (postal address, e-mail address if applicable and telephone number if provided by the user).

4.    Source of the data

We receive your data exclusively from the users of our services, insofar as they send greeting cards and postcards via our services or make use of the option to use our digital address book function and thereby manually enter information from third parties or allow transmission via access to the contacts stored on the terminal device.

5.    Recipients, categories of recipients

To process your data, we use special external service providers such as IT service providers, e-commerce/webshop software providers, digital support systems, email delivery service providers and hosting service providers. These are carefully selected and contracted by us, are bound by our instructions and are regularly monitored. Furthermore, we may pass on your personal data to third parties (such as shipping companies for sending greeting cards and postcards to you as the recipient, etc.), if this is necessary for the performance of a contract concluded with the user in accordance with Art. 6 para. 1 p. 1 lit. b GDPR.

6.    Storage period and deletion of data

We ourselves have no influence on how long data from our users is stored in our services, as this depends solely on the user and his or her use of the functionalities offered in our services. In principle, however, the data remains stored as long as the user of our services has a user account or as long as a user does not delete or edit his or her manually entered contacts in the address book or revoke access to contacts stored in the terminal device.

7.    Your rights

As a data subject, you have the following rights with regard to the personal data concerning you in accordance with the provisions of the GDPR:

  • – Right of access (Art. 15 GDPR),
  • – Right to rectification (Art. 16 GDPR),
  • – Right to erasure (Art. 17 GDPR),
  • – Right to restriction of processing (Art. 18 GDPR),
  • – Right to object to processing (Art. 21 GDPR),
  • – Right to data portability (Art. 20 GDPR).

You also have the right to lodge a complaint about our processing of your personal data with a data protection supervisory authority in the Member State of your residence, workplace or the place of the alleged infringement.

8.    Supplementary information on the right of objection

We would also like to point out that insofar as your personal data is processed on the basis of legitimate interest within the framework of the balance of interests pursuant to Art. 6 (1) sentence 1 f) GDPR, you have the right to object to the processing of your personal data at any time. To declare your objection, you can contact us at any time via the contact channels mentioned in point 1 above and/or those listed in our imprint.

Exclusive Offers, Special Discounts & More