The following declaration about data protection applies to the use of the website https://www.star-trac.de, hereinafter referred to as “the Website” and “the Online Offer”.

star/trac supply chain solutions GmbH attaches great importance to privacy. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular with the General Data Protection Regulation (GDPR). We collect and process your personal data in order to offer you this Website. This Declaration describes how and for what purpose your personal data is collected and used, and what choices you have in connection with your data.

By using this Website, you consent to the collection, use and transfer of your data in accordance with this Data Protection Declaration. If you wish to object to our collection, processing or use of your data completely or with regard to individual measures in accordance with this Data Protection Regulation, you can address your objection to the controller.

1 General

1.1 Controller

The controller who is the body responsible for the collection, processing and use of your personal data within the meaning of GDPR is

star/trac supply chain solutions GmbH
Baierbrunner Straße 35
81379 Munich
Germany
Tel.: +49 (0) 89 89 05 69 – 0
E-Mail: webinfo@star-trac.de
Managing Partners: Hans Maier-Dech, Clemens-Till Weber

1.2 Terminology in use

‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term has a broad meaning and practically comprises all handling of data.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Restriction of processing” is the marking of stored personal data with the aim of limiting its future processing.

“Profiling” is any type of automated processing of personal data that involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health to analyze or predict personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.

“Pseudonymization” means the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, assuming that such additional information is kept separate and is protected by technical and organizational measures to ensure that this information is not able to link to an identified or identifiable natural person.

“Processor” means a natural or legal person, public authority, agency or other institution that processes personal data on behalf of the controller.

“Recipient” means a natural or legal person, public authority, agency or other entity to whom personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law related to an inquiry are not considered to be beneficiaries.

“Third party” means a natural or legal person, public authority, agency or other institution other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.

“Consent” means any expression of will voluntarily and unequivocally made by the data subject by a statement or other unambiguous confirmatory act to indicate that data subject agrees with data processing of the data subject’s personal data in a specific manner.

1.2 Data processing

Types of processed data:
– Contact details (e. g. email, phone numbers)
– Content data (e.g., text input, photographs);
– Usage data (e.g. visited websites, interest in contents, access times);
– Meta/communications data (e.g. device information, IP addresses);

Categories of Data Subjects
Visitors and Users of the Online Offer. Hereinafter, we will refer to the Data Subjects also as “the Users”.

Purpose of the processing
– Making the Online Offer, its functions and contents available;
– Answering contact requests and communicating with Users; – Security measures;
– Range measurement.

Hosting

The hosting services we use service the purpose of providing the following services: infrastructure and platform services, computing capacity, storage space and database services, security and technical maintenance services which we use to operate this Online Offer.

Here, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this Website based on our legitimate interests in an efficient and secure provision of this Online Offer according to Art. 6 (1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of the contract about the processing of commissioned data).

Contact by email

If you contact us (e.g. via contact form or e-mail), we will save your details to process your request as well as for any follow-up questions which may arise acc. Art. 6 (1) sent. 1(b) GDPR. We store and use other personal data only with your consent or if this is permitted by law without special consent.

Application

We collect or process your personal data for our application process in accordance with the provisions of Art. 88 GDPR i.V.m. § 26 BDSG and Art. 6 (1)(b) GDPR.

Taking into account the statutory retention periods (eg AO, SGB, BetrAVG.), your personal data ist deleted after a maximum of 6 months (§ 26 BDSG in conjunction with §§ 15 (4) AGG § 61 (1) ArbGG).

2 General use of this Website

2.1 Access data

star/trac collects information about you when you use this Website. We automatically collect information about your user behavior and the interaction with us and register information about your computer or mobile device. We collect, store and use data about every access to our Online Offer (so-called server log files). The access data includes the name and URL of the retrieved file, date and time of the retrieval, the amount of data transferred, the message about a successful retrieval (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider.

We use this protocol data – without assigning it to you personally or creating another profile – for statistical evaluations in order to operate, make secure and optimize our Online Offer, but also to anonymously collect the number of visitors (traffic) on our Website and the extent and type of use of our Website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based contents and analyze the data traffic, search and remedy errors and improve our services. We reserve the right to check the log data retrospectively if, on the basis of concrete indications, the legitimate suspicion of unlawful use exists. We store IP addresses in the log files for a limited period, if necessary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers. We also store IP addresses, if we have a specific suspicion of a crime in connection with the use of our Website. In addition, we store the date of your last visit (e.g. when registering, logging in, clicking links, etc.) as part of your account.

2.2 Cookies

Cookies are used on some of our Websites. Cookies, a standard technology, are small text files that are stored on the device used by the User, enabling, among other things, to make the visit to a website more comfortable or safer. Cookies can also be used to better tailor the offerings on a website to the interests of the visitors or to generally improve the offer on the basis of statistical evaluations. The User can decide for itself whether or not it allows cookies to the browser used. Users should keep in mind that the functionality of websites may be restricted or even suspended if the use of cookies has been objected to.

If the User permits the use of cookies in its browser settings or by consent, the following cookies can be used on our Websites:
– _ga: This cookie allows the analysis of website usage by Google Analytics and is not necessary to use the website.
– pll_language: This cookie records whether the user accessed a German or English language page last time and is required to use the website. The next time the start page is called, the corresponding version is loaded.
– wpgmza-api-consent-given: This cookie is used for geo-localization for the Google Maps implementation on the contact page and is not necessary for the use of the website and requires a separate consent.

2.3 Access measurement

On this website, we have integrated the component Google Analytics (with anonymization function) on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1)(f) GDPR). Google Analytics is a web analytics service. Web analysis is the collection, collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website data subject has come to a website (so-called referrers), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. A web analysis is mainly used to optimize a website and cost-benefit analysis of Internet advertising.

This is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (register number: 368047) located at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). ).

We use the addition “_gat._anonymizeIp” for web analysis via Google Analytics. This addendum will shorten and anonymize the IP address of the data subject if Google accesses our website from a Member State of the European Union or from another state party to the Agreement of the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website to compile for us online reports showing the activities on our website and to provide other services related to the use of our website.

Google Analytics uses a cookie on the information technology system of the data subject. What cookies are has already been explained above. By using this cookie Google is enabled to analyze the usage of our website. Each time one of the pages of this website is accessed the Internet browser of the information technology system of the person concerned is automatically initiated by the respective Google Analytics component to submit data to Google for the purposes of online analysis. As part of this technical process, Google receives information about personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks, and subsequently to facilitate commission settlement.

The cookie stores personally identifiable information, such as access time, the location from which access was made and the frequency of site visits by the data subject. Each time you visit our website, your personal information, including the IP address of the Internet connection used by the data subject is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer this personal data collected through the technical process to third parties.

You can prevent the use of cookies through our website, as shown above, at any time by a corresponding setting of the Internet browser and thus permanently contradict the use of cookies. Such a setting of the Internet browser would also prevent Google from using a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, you have the possibility of objecting to and preventing the collection of the data generated by Google Analytics for the use of this website and the processing of this data by Google. To do this, you must download and install a browser add-on at https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a contradiction. If the data subject’s information technology system is later deleted, formatted or reinstalled, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their control, you may reinstall or re-enable the browser add-on.

Additional information and Google’s applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ or https://www.google.com/analytics/terms/de.html. Here you can find more detailed information: https://www.google.com/intl/de_de/analytics/.

2.3 Legal bases

Art. 6(1)(f) GDPR provides the legislative basis for the processing of data in line with the preceding numerals. Our interests in data processing include, in particular, ensuring the operation and security of the Website, investigating the way the Website is used by visitors, and simplifying the use of the Website.

3 Contractual services

star/trac processes the data of its Contractual Partners and customers (referred to as “the Contractual Partners”) in accordance with Art. 6(1)(b) GDPR in order to provide them the contractual or pre-contractual services. The data processed in this context, the nature, scope and purpose and necessity of their processing are determined by the underlying contractual relationship.

The processed data includes the master data of the Contractual Partners (e.g., name, address, contact information (e.g. e-mail addresses, telephone numbers), and contract data (e.g. contractual task, IMEI No., business correspondence) and payment data (e.g. bank details).

In principle, star/trac does not process special categories of personal data, unless these are part of a commissioned or contractual processing.

star/trac processes data necessary to establish and fulfill contractual services and points out that it is necessary to provide the data, if this is not evident to the Contractual Partners. Disclosure to external persons or companies will only be made if required by a contract. When processing the data provided in the context of an order, star/trac acts in accordance with the instructions of the client and the legal requirements.

star/trac processes data in the context of administrative tasks and organization of operations, financial accounting and compliance with legal obligations, such as archiving. Here, the same data is processed which is processed in the context of the provision of the contractual services. The bases of processing are laid down under Art. 6(1)(c) and Art. 6(1)(f) GDPR. The processing affects customers, prospects, business partners and Website visitors. The purpose of and interest in the processing is to fulfill administrative tasks, financial accounting, office organization, data archiving, i.e. tasks that serve to maintain our business, perform our duties, and provide our services. The erasure of the data with regard to contractual services and the contractual communication corresponds to the information provided in these processing activities.

In this context, star/trac discloses or transmits personal data to the financial management, advisors, such as tax advisors, auditors, banks.

Furthermore, data is processed on the basis of the business interest, information on suppliers, organizers and other business partners, e.g. for later contact. As a rule, this mostly companyrelated data is stored permanently.

4 Storage period

Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes pursued.

Additionally, the data will be erased, if it is no longer required for the fulfillment of contractual or statutory retention obligations acc. Art. 17 (3)(b) GDPR and handling of any warranty and comparable obligations; the statutory retention requirements apply.

In addition, the controller acc. Art. 17 (3)(e) GDPR is entitled to store personal data in case of assertion, exercise or defense of legal claims.

After the fulfillment of all retention obligations, the elimination of retention rights and the expiration of all deletion periods, corresponding data is routinely deleted.

5 Your rights as a Data Subject

Under applicable law, you have various rights regarding your personal data. If you wish to assert these rights, please send your request to the Website operator by e-mail or by mail with a clear identification of your person (see numeral 1). As a Data Subject, you have the following rights:

5.1 Right of access

You have the right to obtain from us a confirmation as to whether or not personal data concerning you is being processed. Where that is the case, you have the right to obtain free information from us about the personal data stored about you and a copy of this data. In addition, you have the following rights:
– the processing purposes;
– the categories of personal data being processed;
– the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular in case of recipients in third countries or to international organizations;
– if possible, the planned duration for which the personal data is stored or, if this is not possible, the criteria for the determining of that duration;
– the existence of the right to request rectification or erasure of the personal data concerning you;
– the right to restriction of processing by the controller
– the right to object to this processing;
– the right to lodge a complaint with the supervisory authority;
– where the personal data is not collected from you, any available information as to the source of the data;
– the existence of automated decision-making, including profiling, in accordance with Art. 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, and the significance and envisaged consequences of such processing for you.

Where personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards relating to the transfer pursuant to Art. 46 GDPR.

5.2 Right to rectification

You have the right to obtain from us the immediate rectification of inaccurate personal data concerning you. In consideration of the purposes, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

5.3 Right to erasure (“Right to be forgotten”)

You have the right to obtain from us the immediate erasure of the personal data concerning you and we are obliged to erase your personal data immediately, if one of the following reasons applies:
– the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
– You withdraw your consent, on which the processing was based, in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing.
– You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing (e.g. statutory retention periods), or you object to the processing pursuant to Art. 21(2) GDPR.
– The personal data was processed unlawfully.
– The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the we are subject.
– The personal data was collected with regard to services offered by the information society according to Art. 8(1) GDPR.

Where we have made personal data public and we are required to erase it, we will take appropriate measures, taking into account available technology and implementation costs, also of technical nature, to inform the controllers who process the personal data that you have requested the deletion of any links to such personal data or of copies or replications of such personal data.

5.4 Right to restriction of processing

You have the right to obtain from us restriction of processing, where one of the following applies:
– the accuracy of the personal data is contested by you, as long as necessary enabling us to verify the accuracy of the personal data;
– the processing is unlawful and you opposed the erasure of the personal data and requested the restriction of its use instead;
– the personal data is no longer needed for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims;
– you have objected to the processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the our company override yours.

5.5 Right to data portability

You have the right to receive the personal data concerning you provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, provided that:
– the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) or on a contract pursuant to of Art. 6(1)(b) GDPR; and
– the processing is carried out by automated means.

In exercising your right to data transferability in accordance with paragraph 1, you have the right to have the personal data transmitted directly from us another controller, where technically feasible.

5.6 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. We do no longer process the personal data unless we can demonstrate compelling grounds, worthy of protection, for the processing which override your interests, rights and freedoms or the processing serves for the establishment, exercise or defense of legal claims.

Where we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, you, on grounds relating to your particular situation, have the right to object to the processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

5.7 Automated decisions, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

5.8 Right of withdrawal of a declaration of consent given under data protection law

You have the right to revoke your consent at any time with effect for the future.

5.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your abode, work or at the place where the infringement has allegedly been committed, if you are of the opinion that the processing of the data concerning you is unlawful.

The supervisory authority in charge of star/trac is Bayerische Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), D-91522 Ansbach. Email: poststelle@lda.bayern.de.

6 Security of data

We endeavor to ensure the security of your personal data under the scope of applicable data protection laws and technical options.

We transmit your personal data in encrypted form. This applies to your orders and also to a customer login. We use the SSL (Secure Socket Layer) coding system but point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. It is not possible to protect such data completely against access by third parties.

To safeguard your data, we maintain technical and organizational security measures that we always adapt to state-of-the-art technology.

Furthermore, we do not warrant that our offer will be available at specific times; disturbances, interruptions or failures cannot be excluded. The servers we use are regularly and diligently backed up.

7 Automated decision-making

No automated decision-making will be done on the basis of the collected personal data.

8 Disclosure of data to third parties, no transfer of data to non-EU/-EEA countries

As a rule, we only use your personal data in our company.

In addition, your personal data will only be disclosed if you consent to data processing acc. Art. 6 (1) sent. 1(a) GDPR has been given, to fulfill a contract acc. Art. 6 (1) sent. 1(b) GDPR, we must comply with a legal obligation acc. Art. 6 (1) sent. 1(c) GDPR (for example, tax regulations, participation in the investigation of a criminal offense) or for the protection of our legitimate interests aa. Art. 6 (1) sent. 1(f) GDPR, except where such interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data, prevail.

Third parties which we may engage in the performance of contracts will only receive personal data to the extent to which the transmission is required for the corresponding service.

In the event that we outsource certain parts of the data processing (“processing of commissioned data”), we contractually obligate our processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the Data Subject’s rights.

Data transmission to agencies or persons outside the EU / EEA and outside the cases specified in this declaration takes place only under the special conditions specified in Art. 44 et seq. GDPR. In particular, protection adequate to the requirements of GDPR is guaranteed. If a subcontractor provides the agreed service at a place of performance outside the EU / EEA, the Contractor shall ensure that the rendering of the services is admissible under data protection law by taking appropriate measures, like standard data protection clauses according to Art. 46 (2)(d) GDPR.

9 Data protection officer

Should you still have any questions relating to our data protection or to this Data Protection Declaration, or should you intend to exercise your rights named herein, kindly contact our data protection officer at datenschutzbeauftragter@star-trac.de or in writing to star/trac supply chain solutions GmbH (see this numeral 1 and the legal information on our Website for the contact details), stating the word “Datenschutz”.

10 Changes to the Data Protection Declaration

star/trac supply chain solutions GmbH reserves the right to change the Data Protection Declaration in order to adapt it to changed legal situations, or in the event of changes in the service and data processing. However, this only applies to declarations about the processing of data. If the consent of the User is required or elements of the Data Protection Declaration contain provisions of the contractual relationship with the User, the changes are only made with the approval of the User.

Users are asked to inform themselves regularly about the content of the Data Protection Declaration. You can save and print this Data Protection Declaration at any time.

(Last update: October 2019)