Privacy Policy
The following declaration about data protection applies to the use of the website https://www.star-trac.de/ und and other related websites and online applications, hereinafter referred to as “the Website” and “the Online Offer”.
star/trac supply chain solutions GmbH attaches great importance to privacy. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular with the General Data Protection Regulation (GDPR). We collect and process your personal data in order to offer you this Website. This Declaration describes how and for what purpose your personal data is collected and used, and what choices you have in connection with your data.
By using this Website, you consent to the collection, use and transfer of your data in accordance with this Data Protection Declaration. If you wish to object to our collection, processing or use of your data completely or with regard to individual measures in accordance with this Data Protection Regulation, you can address your objection to the controller.
1 General
1.1 Controller
The controller who is the body responsible for the collection, processing and use of your personal data within the meaning of GDPR is
star/trac supply chain solutions GmbH
Baierbrunner Straße 35
81379 München
Deutschland
Tel.: +49 (0) 89 89 05 69 – 0
E-Mail: webinfo@star-trac.de
Managing Partners: Hans Maier-Dech, Clemens-Till Weber
1.2 Datenschutzbeauftragter
You can reach our data protection officer at:
star/trac supply chain solutions GmbH
Baierbrunner Straße 35
81379 München
Deutschland
Tel.: +49 (176) 6140 5111
E-Mail: datenschutz@ star-trac.de
1.3 Terminology
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘processing’ means any handling of personal data, such as collection, storage, transmission, receipt, deletion, etc.
‘restriction of processing’ means the future processing of personal data to new mandatory limited requirements. Only a very few employees within our company may further view and process the data. Beyond that any processing is blocked.
‘deletion’ of personal data means both the definitive and therefore irrevocable, complete removal of data (destruction) and of the personal reference to them (anonymisation). In any case, after the deletion process a reference to specific persons can no longer be established.
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2 Data processing
2.1 Types of processed data
- Name
- Address data (street, house number, postal code and city)
- Contact data (e. g. email, phone numbers)
- Birthday
- Content data (e.g. text entries, history);
- Usage data (e.g. visited websites, interest in contents, access times);
- Meta/communications data (e.g. device information, IP addresses);
- Identification numbers (e.g. driver ID, license plate)
2.2 Categories of Data Subjects
Visitors and users of the Online Offer. Hereinafter, we will refer to the Data Subjects also as “user”.
2.3 Purpose of processing
2.3.1 Provision of the Online Offer, its functions and contents
star/trac collects information about you when you use this Website. We automatically collect information about your user behavior and the interaction with us and register information about your computer or mobile device. We collect, store and use data about every access to our Online Offer (so-called server log files). The access data includes the name and URL of the retrieved file, date and time of the retrieval, the amount of data transferred, the message about a successful retrieval (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider.
We use this protocol data – without assigning it to you personally or creating another profile – for statistical evaluations in order to operate, make secure and optimize our Online Offer, but also to anonymously collect the number of visitors (traffic) on our Website and the extent and type of use of our Website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based contents and analyze the data traffic, search and remedy errors and improve our services. We reserve the right to check the log data retrospectively if, on the basis of concrete indications, the legitimate suspicion of unlawful use exists. We store IP addresses in the log files for a limited period, if necessary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers. We also store IP addresses, if we have a specific suspicion of a crime in connection with the use of our Website. In addition, we store the date of your last visit (e.g. when registering, logging in, clicking links, etc.) as part of your account.
The processing of personal data takes place here on the basis of our legitimate interests in an efficient and secure provision of this online offer as well as on the basis of legal obligations according to Art. 6 sec. 1 lit. c and f GDPR.
2.3.2 Website Hosting
The hosting services we use serves the purpose of providing the following services: infrastructure and platform services, computing capacity, storage space and database services, security and technical maintenance services which we use to operate this Online Offer.
Here, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this Website based on our legitimate interests in an efficient and secure provision of this Online Offer according to Art. 6 sec. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of the contract about the processing of commissioned data).
2.3.3 Replying to contact requests and communication with users
When you contact us (e.g. via contact form, agent bot or e-mail), we store your details (e.g. name, address, telephone number, e-mail address, conversation history) to process your enquiry and in the event that follow-up questions arise in relation to a subsequent contractual or business relationship in accordance with Art. 6 sec. 1 lit. b GDPR. We only store and use further personal data if you give your consent or if this is legally permissible without special consent.
2.3.4 Registration
You can create a user account to use the Online Offer. Your registration with voluntary provision of personal data serves us to offer you content or services which, due to the nature of things, can only be offered to registered users (central identification, administration and surveillance of logistic processes). During registration, you will be provided with the required mandatory data which is to be processed for the purposes of providing the user account according to Art. 6 sec. 1 lit. b GDPR. The processed data includes in particular the registration and login information (such as name, address, telephone number, e-mail address). The data entered during registration is also used for the purposes of using the user account.
Furthermore, by registering on this website, your IP address assigned by your Internet Service Provider (ISP), the date and time of registration will be saved. The storage of this data is carried out in accordance with Art. 6 sec. 1 lit. c and f GDPR because this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of criminal offences.
You can also be informed by us about information relevant to your user account, such as technical changes via e-mail.
2.3.6 Business-/contract-related processing
In addition, we process your personal data (e.g. name, address, telephone number, e-mail address, conversation history, contract number, IMEI, IBAN, BIC) in order to fulfil both pre-contractual obligations in the initiation of the contract as well as contractual obligations of the contract in accordance with Art. 6 sec. 1 lit. b GDPR, which are related to the Online Offer and necessary for its implementation (e.g. online trade-in mobile device, for the creation and sending of the shipping label, sending of the deletion or disposal confirmation).
The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship. In processing the data provided in this context, Teqcycle acts in accordance with your instructions and the instructions of its customers as well as the legal requirements. Your personal data may be passed on to business partners and service providers for the purpose of contractual performance and services, in accordance with Art. 6 sec. 1 lit. b GDPR, if this is necessary for the purpose of fulfilling the contract.
Teqcycle does not process special categories of personal data.
2.3.7 Newsletter
We offer you a newsletter in which we inform you about current events and offers. If you would like to subscribe to the newsletter, you must provide a valid e-mail address, which we store until you unsubscribe from the newsletter.
The newsletter will be sent by the mailing service provider Bitrix, Inc., Poseidonos 1, Ledra Business Center, Egkomi, 2406, Nicosia, Cyprus. The data processing is also carried out within the European Union. Information about the data protection regulations of the shipping service provider can be found at: https://www.bitrix24.de/gdpr/.
The processing of your name and your e-mail address is carried out in accordance with Art. 6 sec. 1 lit. a GDPR exclusively on the basis of your consent.
You can revoke your consent to receive the newsletter at any time and thus cancel the newsletter subscription. After your cancellation, your personal data will be deleted immediately. At the end of each newsletter you will also find a link for cancellation.
2.3.8 Application
When you apply for a job at star/trac, we store and process personal data you provide in order to check and process your application. The legal basis for the associated data processing is Art. 6 sec. 1 lit. b GDPR in conjunction with § 26 BDSG.
If your application is successful, we will continue to process your data for the purposes of your employment relationship. If your application is unsuccessful, your data will normally be deleted 6 months after the end of the application procedure at the latest. If you agree that we may use your data beyond this period in our pool of interested in further job advertisements, we ask for your consent via e-mail.
3 Legal bases and storage period
Unless specifically stated, we only store your personal data for as long as necessary to fulfil the purposes pursued in accordance with Art. 6 GDPR.
Furthermore, your data will be deleted if the data is no longer required to fulfil contractual or legal storage obligations in accordance with Art. 17 sec. 3 lit. b GDPR (e.g. tax and commercial law storage obligations) as well as dealing with possible warranty and comparable obligations.
In addition, we store your personal data for the purpose of asserting, exercising or defending legal claims according to Art. 17 sec. 3 lit. e GDPR.
If personal data may no longer be processed for the original purpose, but storage obligations still exist, the data will be archived from the productive processing or storage locations, completely deleted from the productive level and access restricted.
Once all storage obligations have been fulfilled, storage rights have lapsed and all deletion periods have expired, the corresponding data is routinely deleted.
4 Your rights as a Data Subject
Under applicable law, you have various rights regarding your personal data. If you wish to assert these rights, please send your request to the data protection officer by e-mail or by mail with a clear identification of your person (see Clause 1.2).
As a Data Subject, you have the following rights:
4.1 Right of access
According to Art. 12 and 13 you have the right to obtain from us a confirmation as to whether or not your personal data is being processed. Where that is the case, you have the right to obtain free information from us about your personal data and a copy of this data.
4.2 Right to rectification
According to Art. 16 GDPR you have the right to obtain from us the immediate rectification of inaccurate personal data concerning you. In consideration of the purposes, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
4.3 Right to erasure (“Right to be forgotten”)
According to Art. 17 GDPR you have the right to obtain from us the immediate erasure of your personal data and we are obliged to erase your personal data immediately, unless there are legal or contractual obligations to keep records. In this case the further processing of your personal data will be restricted.
Where we have made personal data public and we are required to erase it, we will take appropriate measures, taking into account available technology and implementation costs, also of technical nature, to inform the controllers who process your personal data that you have requested the deletion of any personal data or of copies or replications of such personal data according to Art. 19 GDPR.
4.4 Right to restriction of processing
According to Art. 18 GDPR you have the right to obtain from us restriction of processing of your personal data. For example, you can oblige us to process only those personal data that are absolutely necessary for the provision of our services.
4.5 Right to data portability
According to Art. 20 GDPR You have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without objection from us.
4.6 Right to object
According to Art. 21 GDPR you have the right to object, on grounds relating to your particular situation, at any time the processing of your personal data which is based on Art. 6 sec. 1 lit. e or f GDPR, including profiling based on those provisions. We do no longer process your personal data unless we can demonstrate compelling grounds, worthy of protection, for the processing which override your interests, rights and freedoms or unless the processing serves for the establishment, exercise or defense of our legal claims.
4.7 Right of withdrawal of a declaration of consent given under data protection law
According to Art. 6 sec. 1 lit. a GDPR, you have the right to revoke the previously granted consent to data processing without giving reasons. If no other lawfulness of the processing within the meaning of Art. 6 sec. 1 GDPR justifies further data processing, your personal data must then be deleted immediately. Otherwise, the processing of your personal data must be temporarily restricted (blocked).
4.8 Right to appeal to a supervisory authority
You have the right to appeal to a supervisory authority, in particular in the Member State of your home, work or at the place where the infringement has allegedly been committed, if you have the opinion that the processing of the data concerning you is unlawful.
For star/trac the competent supervisory authority is the Bayerische Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), D-91522 Ansbach. e-mail: poststelle@lda.bayern.de.
5 Data security
We endeavor to ensure the security of your personal data under the scope of applicable data protection laws and technical options.
We implement the following technical, physical and organizational measures to protect the security of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized disclosure or access and against all other unlawful forms of processing
We transmit your personal data in encrypted form. This applies to your orders and also to a customer login. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. It is not possible to protect such data completely against access by third parties.
When personal data is accessed by authorized personnel, access is only possible via an encrypted connection. When accessing data in a database, the IP number of the person accessing the data must also be pre-authorized to gain access.
All access to personal data is blocked by default. Access to personal data is restricted to individually authorized personnel. Our security and data protection officer issues authorizations and keeps a log of the authorizations granted. Authorized employees are granted only the minimum access they absolutely need for their tasks through our role and authorization concept.
Administrative processes, including system access, are logged to provide an audit trail when unauthorized or accidental changes are made.
System performance and availability is monitored by both internal and external monitoring services.
All data is stored on servers of Amazon Web Services in Frankfurt, Germany and Dublin, Ireland which are monitored by us. Databases are backed up continuously to enable recovery at any time within a 35-day retention period. Backups are stored in file storage in the same geographic location as the database.
To safeguard your data, we maintain technical and organizational security measures that we always adapt to state-of-the-art technology.
Furthermore, we do not warrant that our offer will be available at specific times; disturbances, interruptions or failures cannot be excluded.
In the event that your data is compromised, we will notify you and the relevant regulatory authorities by email within 72 hours of the extent of the breach, the data involved, any impact on the service and the plan of action to secure the data and limit any adverse effects on the data subject.
6 Automated decision-making
No automated decision-making will be done on the basis of the collected personal data.
7 Transfer of data to third parties, data transfer to non-EU/EEA countries
As a rule, we only use your personal data in our company.
In addition, your personal data will only be passed on if you have given your consent in accordance with Art. 6 sec. 1 lit. a GDPR, the transfer is necessary for the fulfilment of a contract in accordance with Art. 6 sec. 1 lit. b GDPR, we are subject to a legal obligation in accordance with Art. 6 sec. 1 lit. c GDPR (e.g. e.g. tax regulations, participation in the clarification of a criminal offence), or if this is necessary to protect our legitimate interests in accordance with Art. 6 sec. 1 lit. f GDPR, unless your interests or fundamental rights and freedoms that require the protection of personal data outweigh this.
If and insofar as we involve third parties in the fulfilment of contracts, these third parties will only receive personal data to the extent that the transmission is absolutely necessary for the corresponding service.
In the event that we outsource certain parts of data processing (“contract processing”), we contractually oblige our processors to use personal data only in accordance with the requirements of the data protection laws and this privacy policy and to ensure the protection of the rights of the data subject.
There currently is no data transfer to institutions or person outside the EU/EEA and outside the cases mentioned in this declaration. Furthermore, it is only permitted to transfer personal data to institutions or persons outside the EU/EEA under the conditions set out in Art. 44 following GDPR. In particular, adequate protection is then guaranteed by appropriate measures, such as standard contractual clauses of the EU Commission within the meaning of Art. 46 sec. 2 lit. d GDPR.
8 Data protection officer
Should you still have any questions relating to our data protection or to this Data Protection Declaration, or should you intend to exercise your rights named herein, kindly contact our data protection officer (contact details see point 1.2).
9 Changes to the Data Protection Declaration
Teqcycle reserves the right to change the Privacy Policy in order to adapt it to changed legal situations, or in the event of changes in the service and data processing. However, this only applies to declarations about the processing of data. If the consent of the user is required or elements of the Data Protection Declaration contain provisions of the contractual relationship with the User, the changes are only made with the approval of the User.
Users are asked to inform themselves regularly about the content of the Data Protection Declaration. You can save and print this Data Protection Declaration at any time.
(Last update: April 2021)