Data protection statement
- Name/Company: Starhunter GmbH
- Street, No.: Erika-Mann-Str. 23
- Zip, City, Country: 80636 Munich, Germany, European Union
- Commercial Register/No.: District Court Munich, HRB 227702
- Managing Director: Jonas Schaub, Patrick Geyer
- Phone number: 089 4161 5961 0
- Email address: email@example.com
External data protection officer:
- Name: Dominik Fünkner
- Email address: firstname.lastname@example.org
Stand: März, 2018
- We refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR) for the terms used, e.g. “personal data” or their “processing”.
- The personal data of users processed in the context of this online offer include inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of agents, payment information), usage data (e.g., the websites visited on our online offer, interest in our products) and content data (e.g., entries in the contact form).
- The term “user” covers all categories of data subjects. These include our business partners, customers, interested parties and other visitors who visit our website. The terms used, such as “user”, are to be understood as gender-neutral.
- We process personal data of users only in compliance with the relevant data protection regulations. In other words, user data will only be processed if a legal permit has been obtained. This means, in particular if data processing is necessary for the provision of our contractual services (e.g. processing of orders) and online services, or is required by law, if the user has given his consent, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online services within the meaning of Art. 6 para. 1 lit. f. GDPR, especially for measuring reach, creating profiles for advertising and marketing purposes, collecting access data and using third-party services.
- We hereby point out that the legal basis of the consents Art. 6 para. 1 lit. a. and Art. 7 GDPR is the legal basis for the processing for the fulfillment of our services and the implementation of contractual measures Art. 6 para. 1 lit. b. GDPR, the legal basis for processing to meet our legal obligations Art. 6 para. 1 lit. c. GDPR, and the legal basis for processing to protect our legitimate interests Art. 6 para. 1 lit. f. GDPR.
2. Security measures
- We take organizational, contractual and technical security measures in accordance with the latest technology to ensure that the regulations of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
- These security measures include in particular the encrypted transmission of data between your browser and our server.
- A transfer of data to third parties only takes place within the framework of legal requirements. We only transfer user data to third parties if this is necessary, for example, for contractual purposes on the basis of Art. 6 para. 1 lit. b) GDPR or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR for the economic and effective operation of our business.
- To the extent that we employ subcontractors to provide our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
- If the content, tools or other means from other providers (hereinafter jointly referred to as “Third party providers”) are used within the scope of this data protection declaration and their named registered office is in a third country, it is to be assumed that data is transferred to the countries in which the third providers have their registered office. Third countries are countries in which the GDPR is not directly applicable law, i.e. in principle countries outside of the EU or the European Economic Area. The transfer of data to third countries takes place either if an appropriate level of data protection, user consent or other legal permission is available.
4. Performance of contractual services
- We process inventory data (e.g., names and addresses as well as contact data of users), contractual data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. GDPR.
- In the context of the use of our online services, we store the IP address as well as the user agent string and the time of the respective user action. The data is stored on the basis of our legitimate interests as well as the user’s protection against misuse and other unauthorized use. This data will not be forwarded to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c GDPR.
- We process usage data (e.g., the websites visited from our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, in order to display product information to the user based on the services they have used to date, for example.
5. Establishing contact
- When contacting us (via contact form or e-mail), the user’s details are processed for processing the contact enquiry and its handling in accordance with Art. 6 Para. 1 lit. b) GDPR.
- User information may be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization.
- We use the CRM system “FreshDesk” from the supplier Freshworks GmbH in Alte Jakobsstraße 85/86, Hof 4, Haus 6, 10179 Berlin, Germany, European Union.
6. Collection of access data and log files
- On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR we collect data about each access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
- Log file information is stored for security reasons (e.g. to investigate misuse or fraud). Data that must be kept for further evidence purposes are excluded from deletion until the respective incident has been finally clarified.
7. Cookies & Range measurement
- Cookies are information that is transferred from our own web server or third party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
- We use “session cookies”, which are only stored on our website for the duration of your current visit. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. Furthermore, a cookie contains information about its origin as well as the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close your browser, for example.
- If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
8. Google Analytics
- Google is certified under the Privacy Shield Agreement and offers the guarantee to comply with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
- We also use Google Analytics to display the ads placed by Google and its partners within advertising services only to those users who have also shown an interest in our online offer or who exhibit certain features (e.g. interests in certain topics or products that are determined by the web pages visited) that we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interest of the users and are not annoying.
- We only use Google Analytics with IP anonymization enabled. This means that Google will shorten the IP address of users within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA in exceptional cases and shortened there.
- The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting up their browser software accordingly; users can also prevent Google from collecting the data generated by the cookies and relating to their use of the online offer and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
- Further information on data use by Google, possible settings and contradictions can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using our partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertisements”).
- Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use the marketing and remarketing services (“Google Marketing Services” for short) of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
- Google is certified under the Privacy Shield Agreement and provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Google Marketing services allow us to target ads for and on our site to show users only ads that potentially match their interests. For example, if a user sees advertisements for products he has been interested in on other websites, this is referred to as “remarketing”. For these purposes, when you visit our and other websites on which Google marketing services are active, a Google code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (instead of cookies, other comparable technologies may also be used). Cookies may be placed by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file contains information about which websites the user visits, what content he is interested in and what offers he has clicked on, technical information about the browser and operating system, referring websites, visiting time and other information about the use of the online offer. We also record the IP address of the users, whereby we inform you within the framework of Google Analytics that the IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area is shortened and only in exceptional cases completely transmitted to a Google server in the USA and subsequently shortened there. The IP address is not combined with the user’s data within other Google offers. The above-mentioned information may also be linked by Google to such information from other sources. If the user then visits other websites, the advertisements tailored to his interests can then be displayed.
- User data is processed pseudonymously within the framework of Google Marketing services. This means that Google does not store and process, for example, the names or e-mail addresses of users, but processes the relevant cookie-related data within pseudonymous user profiles. From Google’s point of view, this means that the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder may be. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected by Google Marketing services about users is transmitted to Google and stored on Google’s servers within the USA.
- One of the Google marketing services that we use is the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. As a result, cookies cannot be traced through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.
- We can also utilize the service “Google Optimizer”. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to input fields, design, etc.) within the framework of so-called “A/B testing”. Cookies are stored on the user’s devices for these test purposes. Only pseudonymous user data is processed.
- We may use Google Tag Manager to integrate and manage Google analytics and marketing services on our website.
- If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
- In the following notices, we will inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of revocation. By subscribing to our newsletter, you agree to the receipt and the procedures described.
- Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as “newsletters”) only with the consent of the recipients or another legal permission. If the contents of a newsletter are specifically described within the scope of a registration, they are decisive for the consent of the user. Furthermore, our newsletters contain information about our products, offers, promotions and our company.
- Double opt-in and recording: The registration for our newsletter takes place in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can log in with a different e-mail address. Subscriptions to the newsletter are recorded in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. The changes to your data stored with the dispatch service provider are also recorded.
- Dispatch service provider: The newsletter is sent via “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the dispatch service provider can be found here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and provides a guarantee to comply with the European data protection standard (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
- Furthermore, the dispatch service provider can use this data in pseudonymous form, i.e. without allocation to a user, to optimize or improve their services, e.g. for technical optimization of the dispatch and presentation of the newsletter or for statistical purposes in order to determine which countries the recipients originate from. However, the dispatch service provider does not use the data of our newsletter recipients to communicate with them or forward them to third parties.
- Registration data: To subscribe to the newsletter, it is sufficient if you enter your e-mail address. Optionally, we ask you to provide a name in order to address you personally in our newsletter.
- Statistical surveys and analyses – The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file which is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for technical enhancement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention, nor that of the dispatch service provider, to observe individual users. These evaluations are used to recognize the reading habits of our users and to adapt our content to them or to distribute different content according to the interests of our users.
- The use of the dispatch service provider, the performance of statistical surveys and analyses as well as logging of the registration procedure are carried out based on our legitimate interests pursuant to Art. 6 para. 1 letter f GDPR.
- We are committed to using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users.
- Cancellation/Revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will also be deleted.
- The distribution of the newsletter and the performance measurement are based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 no. 3 UWG or on the basis of the legal permission pursuant to § 7 para. 3 UWG.
- The registration procedure is recorded based on our legitimate interests pursuant to Art. 6 para. 1 letter f DSGVO and serves as proof of consent to receipt of the newsletter.
11. Integration of third-party services and content
- In the context of our online offer, we make no representations or warranties of any kind based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) content or service offers of third parties to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always assumes that the third party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. Therefore, the IP address is required to display this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as may be linked to such information from other sources.
- The following presentation provides an overview of third-party providers and their content, in addition to links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out):
- If our customers use the payment services of third parties (e.g. PayPal or direct bank transfer), the terms and conditions and the data protection information of the respective third party providers, which can be called up within the respective websites or transaction applications, apply.
12. User rights
- Users have the right, upon request and free of charge, to receive information about the personal data that we have stored about them.
- Furthermore, users have the right to correct inaccurate data, to restrict the processing and deletion of their personal data, if applicable, to assert their rights to data portability, and, in the event of the assumption of unlawful data processing, to lodge a complaint with the competent supervisory authority.
- Similarly, users may revoke their consent, with effect for the future.
13. Deletion of data
- The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no other legal obligations to retain it. If the user’s data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.
- In accordance with statutory requirements, the data is stored for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
14. Right of objection
Users may object to the future processing of their personal data in accordance with legal requirements at any time. This objection may be lodged in particular against processing for direct marketing purposes.
- We reserve the right to change the data protection statement in order to adapt it to changed legal situations or in the event of changes to the service or data processing. This however only applies with regard to declarations on data processing. If user consent is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the users’ consent.
- Users are asked to inform themselves about the contents of the data protection statement on a regular basis.
16. Use of fonts / web fonts