Go back
ImprintData Protection

Privacy policy

(Last update: January 2025)

The following data protection declaration applies to the use of the website https://www.star-trac.de/ and other websites and online applications that refer to it, hereinafter referred to as “website” and “online offer”.

star/trac supply chain solutions GmbH (hereinafter "star/trac") attaches great importance to data protection. The collection and processing of your personal data takes place in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). We process your personal data in order to be able to offer you the online offer and associated services. We explain here how and for what purpose your personal data is collected and used and what rights you have in connection with the processing of your data.

By using the online service, you agree to the collection, use and transfer of your data in accordance with this data protection declaration. If you wish to object to the collection, processing or use of your data by us in accordance with this data protection declaration in whole or for individual measures, you can address your objection to the data protection officer of the responsible party.

1 General

1.1 Person responsible

Responsible for the collection, processing and use of your personal data within the meaning of the GDPR is

star/trac supply chain solutions GmbH

Baierbrunner Straße 21

81379 Munich

Germany

Tel.: +49 (0) 89 89 05 69 - 0

E-Mail: webinfo@star-trac.de

Managing Partners: Hans Maier-Dech, Clemens-Till Weber

1.2 Data Protection Officer

You can reach our data protection officer at:

star/trac supply chain solutions GmbH

Baierbrunner Straße 21

81379 Munich

Germany

Email: datenschutz@star-trac.de

1.3 Terms used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any handling of personal data, such as collection, storage, transmission, receipt, deletion, etc.

“Restriction of processing” means the future processing of personal data in response to new, mandatory, restricted requirements. Only a very small group of people within our company are permitted to view and process the data. Any further processing is blocked.

"Deleting" personal data means both the final and therefore irreversible, complete removal of data (destruction) and the removal of personal references to them (anonymization). In any case, after the deletion process, a reference to specific people can no longer be established.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Recipient” means a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether a third party or not.

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons authorised to process personal data under the direct authority of the controller or processor.

“Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.

2 Data processing

2.1 Types of data processed:

  • names
  • address details (street, house number, zip code and city)
  • Contact details (e.g. email, telephone numbers)
  • birth date
  • Content data (e.g. text entries, conversation histories)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Meta/communication data (e.g. mobile device information, IP addresses)
  • Identification numbers (e.g. driver ID, vehicle license plate)
  • signatures (e.g. certificates, technical documents)

2.2 Categories of data subjects

Visitors and users of the online offering as well as issuers of certificates and technical documents. In the following, we refer to the persons concerned collectively as “users”.

2.3 Purpose of processing

2.3.1 Provision of the online offer, its functions and contents

star/trac collects information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and register data about your computer or mobile device. We collect, store and use data about every access to our online offering (so-called server log files). The access data includes the name and URL of the retrieved file, the date and time as well as the country of origin of the retrieval, the amount of data transferred, notification of successful retrieval (HTTP response code), browser type and version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider.

We use this log data without assigning it to you personally or creating any other profile for statistical evaluations for the purpose of operating, securing and optimizing our online offering, but also for anonymous recording of the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes in order to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based content and analyze data traffic, search for and correct errors and improve our services. We reserve the right to subsequently review the log data if there is reasonable suspicion of illegal use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision or billing of a service, e.g. if you use one of our offers. We also use IP addresses if we have specific suspicions of a criminal offense in connection with the use of our website. We also store the date of your last visit (e.g. when registering, logging in, clicking on links, etc.) as part of your account.

The processing of personal data is based on our legitimate interests in the efficient and secure provision of this online service as well as on legal obligations in accordance with Art. 6 (1) (c) (f) GDPR.

2.3.2 Online Hosting

The Amazon Web Services hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use to operate this online offering. Further information on data protection and IT security can be found at https://aws.amazon.com/de/privacy/ . AWS Web Services is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

We process your user data on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of a contract for data processing).

2.3.3 Registration function

You can create a user account to use the online service. Your registration by voluntarily providing personal data allows us to offer you content or services that, due to the nature of the matter, can only be offered to registered users (central identification, administration and validation of drivers, transport partners, vehicle components and contact persons). As part of the registration, you will be provided with the required mandatory information and processed on the basis of Art. 6 (1) (b) GDPR for the purposes of providing the user account. The data processed includes in particular the registration information (such as name, address, telephone number, email address). The data entered as part of the registration is used for the purposes of using the user account and can also be viewed by other registered users of the online service for the purpose of contacting you, if necessary for the provision of the online service.

By registering on this website, your IP address assigned by your Internet service provider (ISP), the date and time of registration will also be stored. This data is stored in accordance with Art. 6 Paragraph 1 (c) (f) GDPR on the basis that this is the only way to prevent the misuse of our services and that this data enables us to investigate crimes that have been committed if necessary.

We may also inform you by email about information relevant to your user account, such as technical changes.

2.3.4 Business/contract-related processing

In addition, we process your personal data (e.g. name, address, telephone number, e-mail address, conversation history, contract number) in order to fulfil both pre-contractual obligations when initiating the contract and contractual obligations in accordance with Art. 6 (1) (b) GDPR, which are related to the online offer and its terms of use and are necessary for its implementation (e.g. sending administration e-mails and generating billing data).

The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. When processing the data provided in this context, we act in accordance with your instructions and those of our clients as well as the legal requirements. Your personal data may be passed on to business partners and service providers for the purpose of providing contractual services in accordance with Art. 6 (1) (b) GDPR, provided this is necessary for the purpose of fulfilling the contract.

As a general rule, we do not process special categories of personal data.

2.3.5 Cookies

Cookies are used on this website. This standard technology consists of small text files that are stored on the device used by the user and that, among other things, make it possible to make visiting a website more convenient or secure. Cookies can also be used to better tailor the offering on a website to the interests of visitors or to generally improve it based on statistical evaluations.

You can decide for yourself whether or not you allow cookies in the browser you use. You should bear in mind that the functionality of websites may be restricted or even eliminated if cookies are not allowed.

The processing of personal data by cookies that are absolutely necessary for the presentation and function of the website is carried out in accordance with Art. 6 (1) (f) GDPR. All other cookies require your consent in accordance with Art. 6 (1) (f) GDPR. You can change your decision at any time.

2.3.6 Answering contact requests and communicating with users

If you contact us (e.g. via contact form or email), we will save your details (e.g. name, address, telephone number, email address, conversation history) to process your request in accordance with Art. 6 Paragraph (1) (a) GDPR and in the event that follow-up questions arise in relation to a later contractual or business relationship in accordance with Art. 6 Paragraph (1) (c) GDPR. In addition, we only use your personal data if you consent to this or if this is legally permissible without consent.

2.3.7 Application process

If you apply to star/trac, we will save and process the data you provide in order to review and process your application. The legal basis for the associated data processing is Art. 6 (1) (b) GDPR in conjunction with Section 26 BDSG.

If your application is successful, we will continue to process your data for the purposes of your employment relationship. If your application is unsuccessful, your data will normally be deleted no later than 6 months after the end of the application process. If you agree that we can keep your data in our pool of interested parties for further job advertisements beyond this period, we ask for your consent by email.

2.3.8 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (Google Ireland Limited for users in the EU), to analyze and improve the performance of our website. Google Analytics uses cookies to collect information on how visitors use our website. The data generated by these cookies is usually transferred to a Google server in the USA and stored there. However, due to IP anonymization, your IP address is shortened beforehand within the European Union or the European Economic Area, so that direct personal identification is excluded. The data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR . You can withdraw your consent at any time [by adjusting your cookie settings/link to the opt-out tool]. For more information on data processing by Google Analytics, see Google's privacy policy at https://policies.google.com/privacy .

2.3.9 Microsoft Clarity  

We use Microsoft Clarity, a web analytics tool from Microsoft Corporation, to understand how users interact with our website. Microsoft Clarity uses cookies and similar technologies to collect data such as mouse movements, clicks, scrolling activity, and other user behavior. This data is processed to improve the functionality and user experience of our website. Microsoft Clarity may collect information such as anonymized IP addresses and usage data. The data may be transferred to Microsoft servers outside the European Union and stored there. The data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR , which you can revoke at any time [by adjusting your cookie settings/link to the opt-out tool]. For more information about data processing by Microsoft, see Microsoft's privacy policy at https://privacy.microsoft.com .

2.3.10 Meta-Pixel  

We use the meta pixel, a tracking tool from Meta Platforms Ireland Limited, to analyze and optimize our advertising efforts on meta platforms (such as Facebook and Instagram). The meta pixel enables us to track user behavior after interacting with our advertisements and being redirected to our website. This helps us measure the effectiveness of our ads and improve their targeting. The data collected may include information such as your IP address, browser type, and user behavior on our website. Data collected by the meta pixel may be transferred to Meta servers in the USA. This data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR , which you can revoke at any time [by adjusting your cookie settings/link to the opt-out tool]. For more information on data processing by Meta, please see Meta's privacy policy at https://www.facebook.com/about/privacy .

2.3.11 LinkedIn Insight-Tag  

We use the LinkedIn Insight Tag, a marketing and analytics tool from LinkedIn Ireland Unlimited Company, to analyze and optimize our advertising campaigns on LinkedIn and to track conversions. The LinkedIn Insight Tag enables us to collect data such as website visits, user behavior, and anonymized IP addresses. LinkedIn may use this data to provide us with aggregated reports and to improve the relevance of the advertisements shown to you. This data may be transferred to LinkedIn servers outside the European Union and stored there. This data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR , which you can revoke at any time [by adjusting your cookie settings/link to the opt-out tool]. You can also manage your privacy settings directly in your LinkedIn account. For more information about data processing by LinkedIn, see their privacy policy at https://www.linkedin.com/legal/privacy-policy .

3 Storage period

Unless specifically stated, we will only store your personal data for as long as is necessary to fulfil the purposes pursued in accordance with Art. 6 GDPR or as long as retention rights in accordance with Art. 17 (3) GDPR prevent data deletion.

In addition, your data will be deleted if the data is no longer required to fulfil contractual or legal retention obligations pursuant to Art. 17 (3) (b) GDPR (e.g. retention obligations under tax and commercial law) or to deal with any warranty and similar obligations.

In addition, we retain your personal data for the establishment, exercise or defense of legal claims in accordance with Art. 17 (3) (e) GDPR.

If personal data may no longer be processed for the original purpose, but retention obligations still exist, the data will be archived from the productive processing or storage locations, completely deleted from the productive level and access to it will be restricted.

After all retention obligations have been fulfilled, retention rights have expired and all deletion periods have expired, the corresponding data will be routinely deleted.

4 Your rights as a data subject

Under applicable law, you have various rights with regard to your personal data. If you wish to exercise these rights, please send your request by email or post, clearly identifying yourself, to the data protection officer of the controller (see section 1.2).

As a data subject, you have the following rights:

4.1 Right to information

According to Art. 15 GDPR, you have the right to obtain confirmation from us at any time as to whether we process personal data concerning you. If this is the case, you have the right to receive information from us free of charge about the personal data stored about you, together with a copy of this data.

4.2 Right to rectification

According to Art. 16 GDPR, you have the right to request that we immediately correct any inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed.

4.3 Right to erasure (“right to be forgotten”)

According to Art. 17 GDPR, you have the right to request that we delete the personal data concerning you immediately, which obliges us to delete it immediately, unless there are statutory or contractual retention periods to the contrary. In this case, the further processing of your data will be restricted.

If we have made personal data public and are obliged to delete it, we will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform the recipients of your personal data in accordance with Art. 19 GDPR that you have requested that they delete all personal data or copies or replications of this personal data.

4.4 Right to restriction of processing

According to Art. 18 GDPR, you have the right to request that we restrict the processing of your personal data. This applies in particular if data deletion is not yet possible. You can also request that we only process the personal data that is absolutely necessary for the provision of our services.

4.5 Right to data portability

According to Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and you have the right to transmit this data to another controller without hindrance from us.

4.6 Right of objection

data concerning you based on Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend our legal claims.

4.7 Right to revoke consent to data protection

According to Art. 6 (1) (a) GDPR, you have the right to withdraw your previously granted consent to data processing without giving reasons. Unless another legality of the processing within the meaning of Art. 6 (1) GDPR justifies further data processing, your personal data must then be deleted immediately. Otherwise, the processing of your personal data must be temporarily restricted (blocked).

4.8 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you is unlawful.

For star/trac, the responsible supervisory authority is the Bavarian State Office for Data Protection Supervision, Promenade 27 (Schloss), D-91522 Ansbach. Email: poststelle@lda.bayern.de .

5 Data security

We take care of the security of your personal data within the framework of applicable data protection laws and technical possibilities.

We implement the following technical, physical and organizational measures to preserve the security of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, modification, disclosure or access and against all other unlawful forms of processing.

We transmit your personal data in encrypted form. We use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is hardly possible.

When personal data is accessed by authorized personnel, access is only possible through an encrypted connection. When accessing the data in a database, the IP number of the person accessing the data must also be pre-authorized to gain access.

All access to personal data is blocked by default. Access to personal data is restricted to individually authorized personnel. Our security and data protection officer grants authorizations and keeps a log of the authorizations granted. Our role and authorization concept only grants authorized employees the minimum access they absolutely need to perform their tasks.

Administrative operations, including system access, are logged to provide an audit trail if unauthorized or inadvertent changes are made.

System performance and availability are monitored by both internal and external monitoring services.

All data is stored on servers monitored by us in the Amazon Web Services data centers in Frankfurt am Main, Germany and Dublin, Ireland. Databases are backed up continuously to enable recovery at any point in time. Backups are stored in file storage in the same geographic location as the database.

To protect your data, we continue to develop technical and organizational security measures in line with the state of the art.

We also do not guarantee that our service will be available at specific times; disruptions, interruptions or failures cannot be ruled out.

In the event that your data is compromised, we will notify you and the applicable regulators by email within 72 hours of the extent of the breach, the data affected, any impact on the service, and the action plan to secure the data and limit any potential adverse impact on the individuals affected.

6 Automated decision-making

There is no automated decision-making based on the personal data collected.

7 Transfer of data to third parties,
data transfer to non-EU/EEA countries

As a general rule, we only use your personal data within our company.

In addition, your personal data will only be passed on if you have given your consent in accordance with Art. 6 (1) (a) GDPR, the transfer is necessary to fulfill a contract in accordance with Art. 6 (1) (b) GDPR, we are subject to a legal obligation in accordance with Art. 6 (1) (c) GDPR (e.g. tax regulations, cooperation in the investigation of a criminal offense), or this is necessary to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR, unless your interests or fundamental rights and freedoms which require the protection of personal data prevail.

If and to the extent that we engage third parties to fulfill contracts, they will only receive personal data to the extent that the transmission is absolutely necessary for the corresponding service.

In the event that we outsource certain parts of the data processing (“contract processing”), we contractually oblige our contract processors to use personal data only in accordance with the requirements of the data protection laws and this data protection declaration and to ensure the protection of the rights of the data subject.

Data transfer to institutions or persons outside the EU/EEA and outside the cases mentioned in this declaration does not currently take place. Furthermore, it is only permitted under the special conditions specified in Art. 44 ff. GDPR. In particular, GDPR-adequate protection is then ensured by appropriate measures, such as standard contractual clauses of the EU Commission within the meaning of Art. 46 (2) (d) GDPR.

8 Data Protection Officer

If you have any questions about our data protection or this data protection declaration, or if you wish to exercise your rights, please contact our data protection officer (contact details see section 1.2).

9 Changes to the Privacy Policy

We reserve the right to change the privacy policy in order to adapt it to changes in the legal situation or changes to the service and data processing. However, this only applies to statements on data processing. If the consent of the users is required or parts of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

Users are asked to regularly inform themselves about the content of the privacy policy. You can save and print this privacy policy at any time.

(Stand: Januar 2025)

Privacy Notice

The following declaration about data protection applies to the use of the website https://www.star-trac.de/ und and other related websites and online applications, hereinafter referred to as the “Website” and the “Online Services”.

star/trac supply chain solutions GmbH attaches great importance to privacy. attaches great importance to privacy. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular with the General Data Protection Regulation (GDPR). We collect and process your personal data in order to offer you this Online Services. This Declaration describes how (f)or what purpose your personal data is collected and used, and what choices you have in co1nnection with your data.

By using this Online Services, you consent to the collection, use and transfer of your data in accordance with this Data Protection Declaration. If you wish to object to our collection, processing or use of your data completely or with regard to individual measures in accordance with this Data Protection Regulation, you can address your objection to the controller.

1 General

1.1 Controller

The controller who is the body responsible for the collection, processing and use of your personal data within the meaning of GDPR is

star/trac supply chain solutions GmbH

Baierbrunner Straße 21

81379 München

Deutschland

Tel.: +49 (0) 89 89 05 69 - 0

E-Mail: webinfo@star-trac.de

Managing Partners: Hans Maier-Dech, Clemens-Till Weber

1.2 Data Protection Officer

You can reach our data protection officer at:

star/trac supply chain solutions GmbH

Baierbrunner Straße 35

81379 Munich

Germany

E-Mail: datenschutz@ star-trac.de

1.3 Terminology

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘processing’ means any handling of personal data, such as collection, storage, transmission, receipt, deletion, etc.

‘restriction of processing’ means the future processing of personal data to new mandatory limited requirements. Only a very few employees within our company may further view and process the data. Beyond that any processing is blocked.

‘deletion’ of personal data means both the definitive and therefore irrevocable, complete removal of data (destruction) and of the personal reference to them (anonymisation). In any case, after the deletion process a reference to specific persons can no longer be established.

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2 Data processing

2.1 Types of processed data

  • Name
  • Address data (street, house number, postal code and city)
  • Contact data (e. g. email, phone numbers)
  • Birthday
  • Content data (e.g. text entries, history);
  • Usage data (e.g. visited websites, interest in contents, access times);
  • Meta/communications data (e.g. device information, IP addresses);
  • Identification numbers (e.g. driver ID, license plate)
  • Signatures (e.g. certificates, technical documents)

2.2 Categories of Data Subjects

Visitors and users of the Online Services. Hereinafter, we will refer to the Data Subjects also as "user".

2.3 Purpose of processing

2.3.1 Provision of the Online Services, its functions and contents

star/trac collects information about you when you use this Website. We automatically collect information about your user behavior and the interaction with us and register information about your computer or mobile device. We collect, store and use data about every access to our Online Services (so-called server log files). The access data includes the name and URL of the retrieved file, date and time of the retrieval, the amount of data transferred, the message about a successful retrieval (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider.

We use this protocol data - without assigning it to you personally or creating another profile - for statistical evaluations in order to operate, make secure and optimize our Online Services, but also to anonymously collect the number of visitors (traffic) on our Website and the extent and type of use of our Website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based contents and analyze the data traffic, search and remedy errors and improve our services. We reserve the right to check the log data retrospectively if, on the basis of concrete indications, the legitimate suspicion of unlawful use exists. We store IP addresses in the log files for a limited period, if necessary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers. We also store IP addresses, if we have a specific suspicion of a crime in connection with the use of our Website. In addition, we store the date of your last visit (e.g. when registering, logging in, clicking links, etc.) as part of your account.

The processing of personal data takes place here on the basis of our legitimate interests in an efficient and secure provision of this Online Services as well as on the basis of legal obligations according to Art. 6 (1) (c) (f) GDPR.

2.3.2 Online Services Hosting

The hosting services of Amazon Web Services we use serves the purpose of providing the following services: infrastructure and platform services, computing capacity, storage space and database services, security and technical maintenance services which we use to operate these Online Services. Further information on privacy and IT security can be found at https://aws.amazon.com/de/privacy/. Amazon Web Services is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Here, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this Website based on our legitimate interests in an efficient and secure provision of these Online Services according to Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of the contract about the processing of commissioned data).

2.3.3 Registration

You can create a user account to use the Online Services. Your registration with voluntary provision of personal data serves us to offer you content or services which, due to the nature of things, can only be offered to registered users (central identification, administration and validation of drivers, transport partners, vehicle components and contact persons). During registration, you will be provided with the required mandatory data which is to be processed for the purposes of providing the user account according to Art. 6 (1) (b) GDPR. The processed data includes in particular the registration and login information (such as name, address, telephone number, e-mail address). The data entered during registration is also used for the purposes of using the user account and can also be viewed by other registered users of the Online Services for contact purposes, if necessary for the provision of the Online Services.

Furthermore, by registering on this website, your IP address assigned by your Internet Service Provider (ISP), the date and time of registration will be saved. The storage of this data is carried out in accordance with Art. 6 (1) (c) (f) GDPR because this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of criminal offences.

You can also be informed by us about information relevant to your user account, such as technical changes via e-mail.

2.3.4 Business-/contract-related processing

In addition, we process your personal data (e.g. name, address, telephone number, email address, conversation history, contract number) in order to fulfill both pre-contractual obligations when initiating a contract and contractual obligations pursuant to Art. 6 (1) (b) GDPR, which are related to the online offer and its terms of use and are necessary for its implementation (e.g. sending administration emails and generating billing data).

The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship. In processing the data provided in this context, we act in accordance with your instructions and the instructions of its customers as well as the legal requirements. Your personal data may be passed on to business partners and service providers for the purpose of contractual performance and services, in accordance with Art. 6 (1) (b) GDPR, if this is necessary for the purpose of fulfilling the contract.

We do not process special categories of personal data.

2.3.5 Cookies

Cookies are used on our Website. Cookies, a standard technology, are small text files that are stored on the device used by the User, enabling, among other things, to make the visit to a website more comfortable or safer. Cookies can also be used to better tailor the offerings on a website to the interests of the visitors or to generally improve the offer on the basis of statistical evaluations.

The User can decide for itself whether or not it allows cookies to the browser used. Users should keep in mind that the functionality of websites may be restricted or even suspended if the use of cookies has been objected to.

The processing of personal data by cookies that are absolutely necessary for the presentation (f)unction of the Website is carried out in accordance with Art. 6 (1) (f) GDPR. All other cookies require your consent in accordance with Art. 6 (1) (a) GDPR. You can adjust your decision anytime.

2.3.6 Replying to contact requests and communication with users

When you contact us (e.g. via contact form, agent bot or e-mail), we store your details (e.g. name, address, telephone number, e-mail address, conversation history) to process your enquiry in accordance with Art. 6 (1) (a) GDPR and in the event that follow-up questions arise in relation to a subsequent contractual or business relationship in accordance with Art. 6 (1) (b) GDPR. In addition, we only use your personal data if you consent to this or if this is permitted by law without consent.

2.3.7 Application

When you apply for a job at star/trac, we store and process personal data you provide in order to check and process your application. The legal basis for the associated data processing is Art. 6 (1) (b) GDPR in conjunction with § 26 BDSG.

If your application is successful, we will continue to process your data for the purposes of your employment relationship. If your application is unsuccessful, your data will normally be deleted 6 months after the end of the application procedure at the latest. If you agree that we may use your data beyond this period in our pool of interested in further job advertisements, we ask for your consent via e-mail.

2.3.8 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (Google Ireland Limited for users in the EU), to analyze and improve the performance of our website. Google Analytics uses cookies to collect information about how visitors use our website. The data generated by these cookies is usually transmitted to a Google server in the United States and stored there. However, due to IP anonymization, your IP address will be shortened beforehand within the European Union or the European Economic Area, ensuring that no direct personal identification is possible. The processing of data is based on your consent according to Art. 6(1) (a) GDPR. You can revoke your consent at any time by [adjusting your cookie settings/link to opt-out tool]. Further information about Google Analytics’ data processing can be found in Google’s privacy policy at https://policies.google.com/privacy.

2.3.9 Microsoft Clarity

We use Microsoft Clarity, a web analytics tool provided by Microsoft Corporation, to understand how users interact with our website. Microsoft Clarity uses cookies and similar technologies to collect data such as mouse movements, clicks, scrolling activity, and other user behaviors. This data is processed to help us improve the functionality and user experience of our website. Microsoft Clarity may collect information such as anonymized IP addresses and usage data. The data may be transferred to and stored on Microsoft servers located outside the European Union. Data processing is conducted based on your consent according to Article 6 (1) (a) GDPR, which you can revoke at any time by [adjusting your cookie settings/link to opt-out tool]. For more information on how Microsoft handles data, please refer to Microsoft's privacy policy at https://privacy.microsoft.com.

2.3.10 Meta Pixel

We use the Meta Pixel, a tracking tool provided by Meta Platforms Ireland Limited, to analyze and optimize our advertising efforts on Meta platforms (such as Facebook and Instagram). The Meta Pixel allows us to track user behavior after they interact with our advertisements and are redirected to our website. This helps us measure the effectiveness of our ads and improve their targeting. The collected data may include information such as your IP address, browser type, and user behavior on our website. Data collected by the Meta Pixel may be transmitted to Meta servers in the United States. The processing of this data is based on your consent according to Article 6( 1) (a) GDPR, which you can revoke at any time by [adjusting your cookie settings/link to opt-out tool]. Further details about how Meta processes your data can be found in Meta’s privacy policy at https://www.facebook.com/about/privacy.

2.3.11 LinkedIn Insight Tag

We use the LinkedIn Insight Tag, a marketing and analytics tool provided by LinkedIn Ireland Unlimited Company, to analyze and optimize our advertising campaigns on LinkedIn and track conversions. The LinkedIn Insight Tag allows us to collect data such as website visits, user behavior, and anonymized IP addresses. LinkedIn may use this data to provide us with aggregated reports and to improve the relevance of advertisements displayed to you. This data may be transferred to and stored on LinkedIn servers located outside the European Union. The processing of this data is based on your consent  according to Article 6 (1) (a) GDPR, which you can revoke at any time by [adjusting your cookie settings/link to opt-out tool]. You can also manage your privacy preferences directly in your LinkedIn account settings. Further information about data processing by LinkedIn can be found in their privacy policy at https://www.linkedin.com/legal/privacy-policy.

3 Legal bases and storage period

Unless specifically stated, we only store your personal data for as long as necessary to fulfil the purposes pursued in accordance with Art. 6 GDPR or for as long as retention rights in accordance with Art. 17 (3) GDPR prevent data deletion.

Furthermore, your data will be deleted if the data is no longer required to fulfil contractual or legal storage obligations in accordance with Art. 17 (3) (b) GDPR (e.g. tax and commercial law storage obligations) as well as dealing with possible warranty and comparable obligations.

In addition, we store your personal data for the purpose of asserting, exercising or defending legal claims according to Art. 17 (3) (e) GDPR.

If personal data may no longer be processed for the original purpose, but storage obligations still exist, the data will be archived from the productive processing or storage locations, completely deleted from the productive level and access restricted.

Once all storage obligations have been fulfilled, storage rights have lapsed and all deletion periods have expired, the corresponding data is routinely deleted.

4 Your rights as a Data Subject

Under applicable law, you have various rights regarding your personal data. If you wish to assert these rights, please send your request to the data protection officer by e-mail or by mail with a clear identification of your person (see Clause 1.2).

As a Data Subject, you have the following rights:

4.1 Right of access

According to Art. 15 you have the right to obtain from us confirmation as to whether or not your personal data is being processed. Where that is the case, you have the right to obtain free information from us about your personal data and a copy of this data.

4.2 Right to rectification

According to Art. 16 GDPR you have the right to obtain from us the immediate rectification of inaccurate personal data concerning you. In consideration of the purposes, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

4.3 Right to erasure ("Right to be forgotten")

According to Art. 17 GDPR you have the right to obtain from us the immediate erasure of your personal data and we are obliged to erase your personal data immediately, unless there are legal or contractual obligations to keep records. In this case the further processing of your personal data will be restricted.

Where we have made personal data public and we are required to erase it, we will take appropriate measures, taking into account available technology and implementation costs, also of technical nature, to inform the controllers who process your personal data that you have requested the deletion of any personal data or of copies or replications of such personal data according to Art. 19 GDPR.

4.4 Right to restriction of processing

According to Art. 18 GDPR you have the right to obtain from us restriction of processing of your personal data This applies in particular if data erasure is not yet possible. You can also ask us to process only the personal data that is absolutely necessary for the provision of our services.

4.5 Right to data portability

According to Art. 20 GDPR You have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without objection from us.

4.6 Right to object

According to Art. 21 GDPR you have the right to object, on grounds relating to your particular situation, at any time the processing of your personal data which is based on Art. 6 (1) (e) or f GDPR, including profiling based on those provisions. We do no longer process your personal data unless we can demonstrate compelling grounds, worthy of protection, for the processing which override your interests, rights freedoms or unless the processing serves for the establishment, exercise or defense of our legal claims.

4.7 Right of withdrawal of a declaration of consent given under data protection law

According to Art. 6 (1) (a) GDPR, you have the right to revoke the previously granted consent to data processing without giving reasons. If no other lawfulness of the processing within the meaning of Art. 6 (1) GDPR justifies further data processing, your personal data must then be deleted immediately. Otherwise, the processing of your personal data must be temporarily restricted (blocked).

4.8 Right to appeal to a supervisory authority

You have the right to appeal to a supervisory authority, in particular in the Member State of your home, work or at the place where the infringement has allegedly been committed, if you have the opinion that the processing of the data concerning you is unlawful.

For star/trac the competent supervisory authority is the Bayerische Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), D-91522 Ansbach. e-mail: poststelle@lda.bayern.de.

5 Data security

We endeavor to ensure the security of your personal data under the scope of applicable data protection laws and technical options.  

We implement the following technical, physical and organizational measures to protect the security of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized disclosure or access and against all other unlawful forms of processing.

We transmit your personal data in encrypted form. This applies to your orders and also to a customer login. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. It is not possible to protect such data completely against access by third parties.

When personal data is accessed by authorized personnel, access is only possible via an encrypted connection. When accessing data in a database, the IP number of the person accessing the data must also be pre-authorized to gain access.

All access to personal data is blocked by default. Access to personal data is restricted to individually authorized personnel. Our security and data protection officer issues authorizations and keeps a log of the authorizations granted. Authorized employees are granted only the minimum access they absolutely need for their tasks through our role and authorization concept.

Administrative processes, including system access, are logged to provide an audit trail when unauthorized or accidental changes are made.

System performance and availability is monitored by both internal and external monitoring services.

All data is stored on servers of Amazon Web Services in Frankfurt, Germany and Dublin, Ireland which are monitored by us. Databases are backed up continuously to enable recovery at any time within a 35-day retention period. Backups are stored in file storage in the same geographic location as the database.

To safeguard your data, we maintain technical and organizational security measures that we always adapt to state-of-the-art technology.  

Furthermore, we do not warrant that our offer will be available at specific times; disturbances, interruptions or failures cannot be excluded.

In the event that your data is compromised, we will notify you and the relevant regulatory authorities by email within 72 hours of the extent of the breach, the data involved, any impact on the service and the plan of action to secure the data and limit any adverse effects on the data subject.

6 Automated decision-making

No automated decision-making will be done on the basis of the collected personal data.  

7 Transfer of data to third parties, data transfer to non-EU/EEA countries

As a rule, we only use your personal data in our company.

In addition, your personal data will only be passed on if you have given your consent in accordance with Art. 6 (1) (a) GDPR, the transfer is necessary for the fulfilment of a contract in accordance with Art. 6 (1) (b) GDPR, we are subject to a legal obligation in accordance with Art. 6 (1) (c) GDPR (e.g. e.g. tax regulations, participation in the clarification of a criminal offence), or if this is necessary to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR, unless your interests or fundamental rights (f)reedoms that require the protection of personal data outweigh this.

If and insofar as we involve third parties in the fulfilment of contracts, these third parties will only receive personal data to the extent that the transmission is absolutely necessary for the corresponding service.

In the event that we outsource certain parts of data processing ("contract processing"), we contractually oblige our processors to use personal data only in accordance with the requirements of the data protection laws and this privacy policy and to ensure the protection of the rights of the data subject.

There currently is no data transfer to institutions or person outside the EU/EEA and outside the cases mentioned in this declaration. Furthermore, it is only permitted to transfer personal data to institutions or persons outside the EU/EEA under the conditions set out in Art. 44 following GDPR. In particular, adequate protection is then guaranteed by appropriate measures, such as standard contractual clauses of the EU Commission within the meaning of Art. 46 (2) (d) GDPR.

8 Data protection officer

Should you still have any questions relating to our data protection or to this Data Protection Declaration, or should you intend to exercise your rights named herein, kindly contact our data protection officer (contact details see point 1.2).

9 Changes to the Data Protection Declaration

We reserve the right to change the Privacy Policy in order to adapt it to changed legal situations, or in the event of changes in the service and data processing. However, this only applies to declarations about the processing of data. If the consent of the user is required or elements of the Data Protection Declaration contain provisions of the contractual relationship with the User, the changes are only made with the approval of the User.

Users are asked to inform themselves regularly about the content of the Data Protection Declaration. You can save and print this Data Protection Declaration at any time.

(Last update: January 2025)

Designed and developed by Stega Creative