0 Items

Privacy policy of TOPSTAR GmbH for direct collection (Art. 13 GDPR)

I. Scope of application
This privacy policy applies to the TOPSTAR GmbH website (www.topstar.de) and to the personal data collected via this website. Our website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please check the applicable data protection notices and declarations before you transmit personal data to these websites.

II. Name and address of the controller
We, TOPSTAR GmbH, are the controller within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as other data protection regulations for our website (www.topstar.de) and the associated data processing. Comprehensive information about our company can be found in the legal notice.

TOPSTAR GmbH
Augsburger Straße 29
86863 Langenneufnach
Deutschland

III. data protection officer
Our data protection officer can be reached via the following contact details:

Herr RA Alexander Bradt
c/o IT LAW AND ORDER UG (haftungsbeschränkt)
Sterzinger Straße 3
86165 Augsburg
Tel.: +49 (0) 821 6660 6600
E-Mail: datenschutz(at)topstar(dot)de

IV. Hosting
The web server for the operation of our website is technically operated by the IT service company:
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
www.mittwald.de

V. Provision of the website and log files

1. description and scope of data processing
Each time you visit our website, you transmit data to our web server via your Internet browser (for technical reasons). During an ongoing connection to the communication, our system automatically records information from the system of the calling computer or end device of the user.

We collect the following data:
• Information about the web browser and the version used
• the operating system of the user’s device
• the user’s internet service provider
• the IP address of the user
• the previous website from which the user accessed our website (so-called referrer URL)
• the date and time of the access request
• Name of the requested file
• amount of data transferred

2. legal basis for data processing
The legal basis for the temporary storage of this data and the log files is Art. 6 para. 1 lit. f) GDPR (legitimate interests of us as the responsible website operator).

3. purpose of data processing
The temporary storage of the user’s IP address by our system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must necessarily remain stored for the duration of the session. The above-mentioned data is stored in the log files in order to ensure the functionality of our website. We also use this data to optimize the website and to ensure the security of our information technology systems (e.g. to detect attacks). The data is not analyzed for marketing purposes in this context.

4. duration of storage
The above-mentioned data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after 60 days at the latest. Storage beyond this period is possible. In this case, the user’s IP address is deleted or anonymized by us so that it is no longer possible to identify the accessing client and the data contained can no longer be linked to a specific person.

VI. Contact form and e-mail contact

1. Description and scope of data processing
We can be contacted via our contact form and the email address provided (info(at)topstar(dot)de). In this case, the personal data of the sender, i.e. the user, transmitted with the inquiry will be stored. The user’s first name, surname and email address are defined as mandatory fields. Other form fields are optional.

2. Legal basis for data processing
The legal basis for the processing of this data, which is transmitted in the course of sending an inquiry, is Art. 6 para. 1 lit. f) GDPR (legitimate interests of us as the controller). If the request is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR (fulfillment of a contract).

3. Purpose of data processing
The processing of this personal data serves us exclusively to process your contact.

4. Duration of storage
The above-mentioned data is deleted as soon as it is no longer required for the purpose for which it was collected. For personal data sent by email or via the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Option to object
The user has the option to object to data processing at any time. The objection should be sent to the following e-mail address: datenschutz(at)topstar(dot)de. All personal data stored in the course of making contact will be deleted in this case.

VII. Use of cookies

Some of our Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Rather, they serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit. A cookie set in this regard remains valid for our website for 12 months. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy (see the following explanations.

VIII. Tracking through Google Analytics

1. Description and scope of data processing
We use the tracking tool Google Analytics on our website. In Google Analytics, interactions of the user of our website are primarily recorded and systematically evaluated with the help of cookies. If details of our website are accessed, the following data is stored:

• three bytes of the IP address of the user’s accessing system (anonymized IP address),
• the website accessed,
• the website from which the user came to the page of our website accessed,
• the subpages that are accessed from the accessed page,
• the time spent on the website,
• the frequency of visits to the website

The software is set so that the IP addresses are not stored in full, but the last octet of the IP address is masked (e.g.: 192.168.79.***). In this way, it is no longer possible to assign the shortened IP address to the calling computer or end device of the user.

2. legal basis for data processing

The legal basis for the processing of users’ personal data is Art. 6 para. 1 lit. a) GDPR (consent).

3. Purpose of the data processing

The processing of the user’s personal data with the help of Google Analytics enables us to analyze the surfing behavior of our user. By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our own website and its user-friendliness.

4. Duration of storage

The data stored through tracking is deleted as soon as it is no longer required for our recording purposes. In our case, this is the case after twelve months. The processing of the user’s personal data with the help of Google Analytics enables us to analyze our user’s surfing behavior. By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our own website and its user-friendliness.

5. Possibility of objection

With the help of a browser add-on to deactivate Google Analytics JavaScripts (ga.js, analytics.js, dc.js), users can prevent Google Analytics from using their data on our website. If the user wishes to deactivate Google Analytics, they can download and install the add-on for their own web browser. The add-on for activating Google Analytics is compatible with the common versions of Chrome, Internet Explorer, Safari, Firefox and Opera. For the add-on to work, it must be loaded and executed correctly in the browser. For Internet Explorer, third-party cookies must also be activated. Interested users can find more information at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

X. Google reCAPTCHA

Our primary goal is to ensure that our website is as secure and safe as possible for you and for us. To ensure this, we use Google reCaptcha from Google (Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected is forwarded to Google for analysis in order to detect automated abusive requests.”

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Data processing is carried out on the legal basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM.

Further information about Google reCAPTCHA and Google’s privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ und https://www.google.com/recaptcha/intro/android.html

XI. Google TAG Managers
Google Tag Manager (GTM) is used on this website. The service provider of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GTM is a tool with the help of which we can integrate tracking or statistics and other technologies on our website. It is only used to manage the tools integrated via it. GTM itself does not create any user profiles, does not store any cookies and does not carry out any independent analysis. However, the Google Tag Manager records your IP address, which may also be transmitted to the parent company Google in the United States.
The use of Google Tag Manager is based on Art. 6 para. 1 lit. F GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. A GDPR and § 25 para. 1 TDDDG (Telecommunications Digital Services Data Protection Act), insofar as the consent includes the storage of cookies or access to information in the user’s terminal device within the meaning of the TDDDG. Consent can be revoked at any time. Google is certified in accordance with the “EU-US Data Privacy Framework” (DPF), which is intended to ensure compliance with European data protection standards for data processing in the USA. Every certified company undertakes to comply with these standards. Interested users can find more information at the following link: https://www.dataprivacyframework.gov/list

XII. Integration of Google Maps

1. Description and scope of data processing
We integrate the maps of the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to make the map material available, technically necessary data is processed by Google for this purpose.

2. Legal basis for data processing
The integration of Google Maps services is necessary for the needs-based design of our website. This also constitutes our interest in data processing pursuant to Art. 6 (1) (f) GDPR (legitimate interests of us as the controller).

3. Further information on data processing
Google LLC is responsible for further data processing. Further information on how Google handles your data can be found at: https://policies.google.com/privacy?hl=de

XIII. Integration of Facebook

1. Data collected via Facebook
TOPSTAR GmbH does not store any data about your activities outside the TOPSTAR GmbH Facebook fan page. We record your activities on this fan page in order to be able to respond to your requests and inquiries. We store personal data about you only in the context of business processes and delete it unless the purpose or legal regulations prevent this.

b) Data collected by Facebook:
Facebook collects personal data and usage data from you when you visit this page. These processes are governed by Facebook’s privacy policy, which you can find at the following link:
https://de-de.facebook.com/policy.php

XIV. Social Plugins

We offer you the option of using so-called “social media buttons” on our website. To protect your data, we use buttons that are only integrated on the website as graphics and which contain a link to the corresponding website of the button provider. By clicking on the graphic, you will be redirected to the services of the respective provider. Only then will your data be sent to the respective provider. If you do not click on the graphic, there will be no exchange between you and the providers of the social media buttons. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the corresponding providers.

We have integrated social media buttons from the following companies on our website:

• Youtube button from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Youtube”). You can find Google’s privacy policy at: https://developers.google.com/+/web/buttons-policy

• Facebook button from Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can find Facebook’s privacy policy at:https://www.facebook.com/policy.php

• Twitter button from Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”).Twitter’s privacy policy can be found at:https://twitter.com/de/privacy

• Instagram button from Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). You can find Instagram’s privacy policy at: https://help.instagram.com/519522125107875

XV. Data security

We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons. In particular, your personal data is transmitted in encrypted form. We use the widely used SSL (Secure Socket Layer) method when you visit our website. Unfortunately, however, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to our website via the Internet.

XVI. Data disclosure

We do not disclose your personal data to third parties unless you have consented to the disclosure of data or we are entitled or obliged to disclose data due to statutory provisions and/or official or court orders. In particular, this may involve providing information for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.

XVII. Rights of the data subject

If a user’s personal data is processed, the user is a data subject within the meaning of the GDPR. Personal data according to Art. 4 GDPR is any information relating to an identified or identifiable natural person. Someone is identifiable if they can be identified directly or indirectly. This can be done by assigning an identifier such as a name, an identification number, location data or an online identifier. Or by association with one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The data subject is the person whose personal data is processed, e.g. the user of the website or the e-mail sender.

As a user of our website, you have various rights vis-à-vis us as the controller under the GDPR, which arise in particular from Art. 15 to 18, 21 GDPR:

• Right to information

You can request information about your personal data processed by us in accordance with Art. 15 GDPR. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that your right to information may be restricted under certain circumstances in accordance with the statutory provisions (in particular Section 34 BDSG and Art. 10 BayDSG).

• Right to rectification

If the information concerning you is not (or no longer) correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

• Right to erasure

You can request the erasure of your personal data under the conditions of Art. 17 GDPR. Your right to erasure depends, among other things, on whether the data concerning you is still required by us to fulfill our legal obligations.

• Right to restriction of processing

Within the framework of the provisions of Art. 18 GDPR, you have the right to request that the processing of data concerning you be restricted.

• Right to data portability (Art. 20 GDPR)

• Right to object

In accordance with Art. 21 GDPR, you have the right to object to the processing of data concerning you at any time for reasons arising from your particular situation. However, we are not always able to comply with this, e.g. if we are required by law to process data as part of our official duties.

• Right to revoke the declaration of consent under data protection law

• Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR)

Information on revoking consent
A data subject has the right to revoke their declaration of consent under data protection law at any time. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Information on lodging a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, a data subject shall have the right to lodge a complaint with a supervisory authority – in particular in the Member State of the user’s habitual residence, place of work or place of the alleged infringement – if the user considers that the processing of his or her personal data by us infringes the GDPR.

The competent supervisory authority is the Bavarian State Office for Data Protection Supervision
Website: www.lda.bayern.de

However, you can also contact the competent supervisory authority in your place of residence if you have any complaints. Current addresses and contact options can be found under the following link list:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html