Privacy policy
(Last update: May 2025)
Your privacy is our business. Star/trac protects your privacy by making sure to collect and handle personal information in a responsible way. Our privacy policy takes dives deep into exactly how star/trac collects and uses your personal information. It’s highlighting your rights when it comes to personal data and how you can argue your rights.
”star/trac”, ”we” ”our”, or ”us” refers to star/trac supply chain solutions GmbH, Baierbrunner Straße 21, 81379 Munich. In accordance with EU data protection legislation, we are responsible for the personal data that you provided us with, or that we collected from you. All processing of your personal data by star/trac is done in accordance with applicable data protection legislation.
The PrivacyPolicy about data protection applies to the use of the website https://www.star-trac.de/.
1 General
Contact star/trac’s Data Protection Office at any time at datenschutzbeauftragter@star-trac.de to exercise your rights under applicable data protection laws.
2 Dataprocessing
Star/trac is responsible for the personal data collected and processed by us and our subcontractors within the framework of our services (the “star/trac Services”) and for the processing of personal data through our digital channels, such as this website and/or other digital touch points.
2.1 Types of processed data
- Name
- Address data (street, house number, postal code and city)
- Contact data (e. g. email, phone numbers)
- Birthday
- Content data (e.g. text entries, history)
- Usage data (e.g. visited websites, access times, location)
- Meta/communications data (e.g. device information, IP addresses)
- Identification numbers (e.g. driver ID, license plate)
- Signatures (e.g. certificates, technical documents)
Star/trac does not process special categories of personal data.
2.2 Categories of Data Subjects
“User”, “you” or“yours” refers to you as the visitors, supplier’s, partner’s, vendor’s, customer’s and users of star/trac Services.
2.3 Purpose of processing
When processing data, star/trac ensures compliance with contractual, legal, and security obligations while enhancing service functionality and user experience. Whenever possible, only anonymized data will be used to achieve these objectives. We process your personal data for the following purposes:
2.3.1 Provide and Administrate Your Access to star/trac Services
Star/trac must process User data to verify identity, create and manage accounts, and facilitate authentication for secure access. This includes managing subscriptions, user preferences, and permissions within the service environment.
2.3.2 Fulfill Our Contractual and Legal Obligations
Data processing ensures that star/trac can comply with agreements made with users. Legal obligations such as invoicing, tax regulations, financial reporting, and compliance with data protection laws (e.g., GDPR) require the collection and storage of certain User information.
2.3.3 To Answer Customer Service Issues
User interactions and queries require data processing to identify accounts, track service usage, and resolve complaints or inquiries efficiently.This may include analyzing previous interactions and troubleshooting service issues.
2.3.4 Data Analytics
Data analytics help tailor star/trac Services to individual User preferences, optimizing functionality and navigation. User behavior insights allow for a more personalized experience, enhancing usability and efficiency. Where possible, anonymized data will be utilized to enhance the user experience.
2.3.5 Secure Information and Infrastructure to provide star/trac Services
Security measures such as encryption, fraud detection, and access control mechanisms rely on data processing. Monitoring and logging User activities help prevent unauthorized access and maintain the integrity of the system. Processing data aids in detecting suspicious activities, preventing fraudulent transactions, and mitigating security risks. This includes identifying policy violations, restricting unauthorized activities, and conducting internal investigations if necessary. Wherever possible, anonymized data will be used to prevent and investigate misuse without compromising security.
2.3.6 Further Develop the star/trac Services
Collected data supports product improvements, feature enhancements, and innovation in services. Feedback analysis and usage statistics help identify trends and areas for technological advancements. Anonymized data will be prioritized for development purposes.
2.3.7 Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC(Google Ireland Limited for users in the EU), to analyze and improve the performance of our website. Google Analytics uses cookies to collect information about how visitors use our website. The data generated by these cookies is usually transmitted to a Google server in the United States and stored there. However, due to IP anonymization, your IP address will be shortened beforehand within the European Union or the European Economic Area, ensuring that no direct personal identification is possible. The processing of data is based on your consent according to Art. 6(1) (a) GDPR. You can revoke your consent at any time by [adjusting your cookie settings/link to opt-outtool]. Further information about Google Analytics’ data processing can be found in Google’s privacy policy at https://policies.google.com/privacy.
2.3.8 Microsoft Clarity
We use Microsoft Clarity, a web analytics tool provided by MicrosoftCorporation, to understand how users interact with our website. MicrosoftClarity uses cookies and similar technologies to collect data such as mouse movements, clicks, scrolling activity, and other user behaviors. This data is processed to help us improve the functionality and user experience of our website. Microsoft Clarity may collect information such as anonymized IP addresses and usage data. The data may be transferred to and stored onMicrosoft servers located outside the European Union. Data processing is conducted based on your consent according to Article 6 (1) (a) GDPR, which you can revoke at any time by [adjusting your cookie settings/link to opt-outtool]. For more information on how Microsoft handles data, please refer toMicrosoft's privacy policy at https://privacy.microsoft.com.
2.3.9 Meta Pixel
We use the Meta Pixel, a tracking tool provided by Meta Platforms Ireland Limited, to analyze and optimize our advertising efforts on Meta platforms (such as Facebook and Instagram). The Meta Pixel allows us to track user behavior after they interact with our advertisements and are redirected to our website. This helps us measure the effectiveness of our ads and improve their targeting. The collected data may include information such as your IP address, browser type, and user behavior on our website. Data collected by theMeta Pixel may be transmitted to Meta servers in the United States. The processing of this data is based on your consent according to Article 6( 1) (a)GDPR, which you can revoke at any time by [adjusting your cookie settings/linkto opt-out tool]. Further details about how Meta processes your data can be found in Meta’s privacy policy at https://www.facebook.com/about/privacy.
2.3.10 LinkedIn Insight Tag
We use the LinkedIn Insight Tag, a marketing and analytics tool provided by LinkedIn Ireland Unlimited Company, to analyze and optimize our advertising campaigns on LinkedIn and track conversions. The LinkedIn Insight Tag allows us to collect data such as website visits, user behavior, and anonymized IP addresses. LinkedIn may use this data to provide us with aggregated reports and to improve the relevance of advertisements displayed to you. This data may be transferred to and stored on LinkedIn servers located outside the EuropeanUnion. The processing of this data is based on your consent according to Article 6 (1) (a) GDPR, which you can revoke at any time by [adjusting your cookie settings/link to opt-outtool]. You can also manage your privacy preferences directly in your LinkedIn account settings. Further information about data processing by LinkedIn can be found in their privacy policy at https://www.linkedin.com/legal/privacy-policy.
2.3.11 HubSpot (Contact form & Newsletter)
We use HubSpot,Inc. (25 First Street, Cambridge, MA 02141, USA) as a third-party service provider for our contact form and newsletter management. When you submit a contact request or subscribe to our newsletter, your personal data (e.g., name, email address, and any message content) is processed to handle your inquiry and provide you with relevant updates. The legal basis for this processing is our legitimate interest in effective communication and marketing, as well as your consent where required.
To ensure an adequate level of data protection, HubSpot complies with the EU-US Data PrivacyFramework and implements Standard Contractual Clauses (SCCs) where necessary.Your data is retained only as long as necessary for processing your request or managing your subscription. If you unsubscribe from our newsletter, your data will be deleted unless retention is required for legal or contractual obligations.
For more details, please refer to HubSpot’s privacy policy: https://legal.hubspot.com/privacy-policy.
2.3.12 Processing of Personal Data in the Context ofJob Applications
If you apply for a position with us, we process the personal data you provide as part of the application process (e.g., contact details, résumé, certificates, qualifications). This data is processed solely for the purpose of carrying out the application procedure and making a decision regarding the establishment of an employment relationship. Your data will only be shared internally with individuals involved in the specific recruitment process. It will not be disclosed to third parties. If no employment relationship is established, your data will be deleted no later than six months after the conclusion of the application process, unless legal retention obligations apply or you have explicitly consented to longer storage (e.g., for inclusion in a talent pool).
3 Cookies
Cookies are a standard technology consisting of small text files stored on the User's device. We use both first-party cookies and third-party cookies, which might receive your personal data. They help enhance browsing experience by making the website more convenient and secure. Additionally, cookies can be used to tailor website content to visitors’ interests or improve offerings through statistical analysis. The processing of personal data through cookies that are essential for the website’s operation and functionality is carried out as necessary. All other cookies (Analytics, Marketing and Personalization)require your consent, which can be managed via our consent banner you can always access at the bottom of the website.
Users can also manage their cookie preferences through their browser settings, or our cookies consent manager. However, it is important to note that disabling cookies may limit or even prevent certain website functionalities.
4 Legal bases and storage period
Unless explicitly stated otherwise, we retain your personal data only for as long as necessary to fulfill the intended purposes or as required by applicable retention regulations. Additionally, your data will be deleted once it is no longer needed to comply with contractual or legal retention obligations (e.g.,tax and commercial law requirements) or to address potential warranty and similar obligations.
We may also retain your personal data for the purpose of asserting, exercising, or defending legal claims. If your data can no longer be processed for its original purpose but is still subject to retention requirements, it will be archived and removed from active processing or storage locations. It will then be fully deleted from operational systems, with access strictly restricted.
Once all retention obligations have been met, legal rights to storage have expired, and applicable deletion periods have lapsed, the relevant data will be permanently deleted as part of our routine processes.
5 Your rights as a Data Subject
Under applicable law, you are entitled to the following rights concerning your personal data. If you wish to exercise these rights, please submit your request to the Data Protection Officer via email or postal mail, ensuring that your identity is clearly stated (see Section 1).
5.1 Right of access
You have the right to request confirmation from us regarding whether your personal data is being processed. If so, you are entitled to receive, at no cost, information about the personal data we have stored about you, along with a copy of that data.
5.2 Right to rectification
You have the right to request the prompt correction of any inaccurate personal data we hold about you. Additionally, considering the intended purposes, you may also request the completion of any incomplete personal data, including through a supplementary statement.
5.3 Right to erasure ("Right to be forgotten")
You have the right to request the immediate deletion of your personal data, and we are obligated to comply unless legal or contractual obligations require us to retain certain records. In such cases, further processing of your data will be restricted.
If we have made your personal data public and are required to erase it, we will take appropriate measures, considering available technology, implementation costs, and technical feasibility, to inform relevant data controllers of your request to delete any copies or replications of the data.
5.4 Right to restriction of processing
You have the right to request a restriction on the processing of your data, particularly in cases where immediate deletion is not feasible. Additionally, you may ask us to limit processing to only the personal data essential for the provision of our star/trac Services.
5.5 Right to data portability
You have the right to obtain the personal data you have provided to us in a structured, commonly used, and machine-readable format. Additionally, you have the right to transfer this data to another controller without any interference from us.
5.6 Right to object
You have the right to object, at any time and for reasons related to your particular situation, to the processing of your personal data, including profiling based on relevant provisions. In such cases, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
5.7 Right of withdrawal of a declaration of consent given under data protection law
You have the right to withdraw your previously given consent for data processing at anytime, without the need to provide a reason. If there is no other legal basis justifying the continued processing of your data, your personal information must be promptly deleted. Otherwise, the processing of your personal data must be temporarily restricted (blocked).
5.8 Right to appeal to a supervisory authority
You have the right to appeal to a supervisory authority, particularly in the Member State of your residence, workplace, or the location where the alleged infringement occurred, if you believe that the processing of your personal data is unlawful.
For star/trac the competent supervisory authority is the Bayerische Landesamt für Datenschutzaufsicht, Promenade 27(Schloss), D-91522 Ansbach. e-mail: poststelle@lda.bayern.de.
6 Datasecurity
We are committed to ensuring the security of your personal data in accordance with applicable data protection laws and the best available technical measures. To protect your data from accidental or unlawful destruction, loss, alteration, unauthorized access, disclosure, or any other unlawful forms of processing, we implement a range of technical, physical, and organizational safeguards.
All personal data transmissions, including order processing and customer logins, are encrypted using the SSL (Secure Socket Layer) protocol. However, we must highlight that data transmission over the Internet, particularly via email communication, may still present security vulnerabilities, and complete protection cannot be guaranteed.
Access to personal data is strictly controlled and limited to authorized personnel, who can only retrieve data via encrypted connections. By default, access to personal data is blocked, and only employees with specific authorization are granted access based on a strict role and permission framework. Furthermore, our system’s performance and availability are continuously monitored by both internal and external services to maintain security and reliability. Our technical and organizational security measures are regularly updated to align with the latest technological advancements.
While we strive to provide uninterrupted service, we cannot guarantee availability at all times, as occasional disturbances, interruptions, or failures may occur. In the unfortunate event of a data breach that poses a risk to your personal information, we will promptly notify you and the relevant regulatory authorities. Our notification will include details on the extent of the breach, the data involved, potential impacts on the service, and the measures we are taking to secure the data and mitigate any adverse effects.
7 Automated decision-making
No automated decision-making will be done on the basis of the collected personal data.
8 Transfer of data to third parties, data transfer to non-EU/EEA countries
8.1 General
We generally use your personal data exclusively within our company. Star/trac may share your personal data to partners who perform services on behalf of star/trac. These recipients only have the right to process your personal data in connection with performing a service for star/trac. Your data will only be shared with third parties under specific circumstances: if you have given your explicit consent, if the transfer is necessary for the fulfillment of a contract, if we are legally required to do so (e.g., for tax compliance or participation in criminal investigations), or if the transfer is necessary to protect our legitimate interests, provided that your fundamental rights and freedoms requiring the protection of personal data do not outweigh these interests.
When third parties are involved in fulfilling contractual obligations, they will receive personal data only to the extent necessary for the provision of their respective services. If we engage external service providers for data processing, we ensure through contractual agreements that they process personal data strictly in compliance with data protection laws and this Privacy Policy, while also safeguarding the rights of the individuals concerned.
Furthermore, the transfer of personal data to institutions or individuals outside the EU/EEAis only permitted under the conditions set out in Article 44 and subsequent provisions GDPR. In such cases, adequate protection is ensured through appropriate safeguards, such as the EU Commission’s standard contractual.
8.2 Website Hosting
The hosting services provided by Amazon Web Services EMEA Sarl support the operation of our online platform by offering essential infrastructure and platform services, computing capacity, storage space, database solutions, security measures, and technical maintenance. To enhance security, we also utilize the Amazon Web Application Firewall. Further details regarding data protection and IT security can be found at AWS Privacy.
The processing of your personal data is based on our legitimate interest in ensuring the efficient and secure operation of this online platform. Data is stored in the AWS Ireland region. Additionally, AWS Web Services participates in the EU-USData Privacy Framework, which governs the lawful and secure transfer of personal data from EU citizens to the United States when necessary. More information on this framework is available at European Commission.
9 Changes to the Data Protection Declaration
We reserve the right to make changes to thisPrivacy Policy. If such changes occur, the latest version will be available on our website, https://www.star-trac.de/.
(Last update: May 2025)