fb tw yt

Privacy Policy of TOPSTAR GmbH at direct data collection (Art. 13 GDPR)

 

I. Legal scope
This privacy policy applies to the internet-based service of TOPSTAR GmbH (www.topstar.de) and to every personal data collected on our website. Our website may contain hyperlinks from and to websites of third parties. When following a hyperlink from or to one of these websites, please note that we cannot take responsibility or guarantee any third-party content as well as their own privacy policies. Please make sure that you inform yourself of the respectively applicable data privacy statements and privacy policies before submitting personal data to these websites.

 

II. Contact details of the controller
We at TOPSTAR GmbH are to be called the controller in compliance with the General Data Protection Regulation ("GDPR") and the Bundesdatenschutzgesetz (BDSG) as well as other data protection regulations for our website (www.topstar.de) and the data processing linked to these regulations. 

You can find more information about our company in the imprint

TOPSTAR GmbH
Augsburger Straße 29
86863 Langenneufnach
Deutschland

 

III. Data protection officer
Here are the contact details of our data protection officer:

Herr RA Alexander Bradt
c/o IT LAW AND ORDER UG (with limited liability)
Sterzinger Straße 3
86165 Augsburg
Phone.: +49 (0) 821 6660 6600
Email: datenschutz@topstar.de

 

IV. Hosting
The web server which is used to operate our website is run by the IT service company. Here are their contact details:  

Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
www.mittwald.de

 

V. Running of the website and log files

1. Description and scope of the data processing
With every visit to our website you submit (out of technical necessity) data via your browser to our web server. 

During a running connection of communication, our system records automatically information of the calling computer’s system or the user’s terminal.

During this process we collect the following data: 
• information about the browser and the used version
• the operating system of the user’s terminal
• the user’s internet service provider      
• the IP address of the user         
• the previous website which the user visited before our website (referrer URL)
• the date and time of the server request of our website
• the name of the requested file 
• the quantity of data transmitted

2. Legal basis of the data processing
The legal basis for the temporary retention of these data and of the log files is Article 6, Paragraph 1, point (f) GDPR (legitimate interests by us as the controlling website operator).

3. Purpose of the data processing
The temporary retention of the user’s IP-address by our system is necessary in order to ensure that the user has access to our website. It is therefore inevitable that the user’s IP-address is retained during the visit to our website. The above named data is stored in log files in order to make sure that our website works properly. In addition, these data serve to optimize the website and to guarantee the security of our information technology systems (for example concerning intrusion detection). We do not evaluate your data for marketing purposes.  

4. Duration of data retention
The above named data are deleted as soon as they are not needed anymore to achieve the purpose of their collection. Concerning the collection of data to make sure the access to our website, the user’s data is deleted when he or she leaves our web page. Concerning the retention of data in log files, your data will be deleted after 60 days at the latest. A temporary retention is possible. In this case, the user’s IP address is deleted or made unrecognizable by us in order to ensure that the calling client cannot be identified and that the existing data cannot be related to a specific person anymore.

 

VI. Contact form and email contact 

1. Description and scope of data processing
You can contact us via our contact form and our email address info@topstar.deIn this case, the personal data of the sender, i.e. the user, which have been submitted during the request, are retained. Concerning the contact form, it is mandatory for the user to enter his first name, last name and his or her email address. All other information that you enter in the form is optional.

2. Legal basis for the data processing
The legal basis for the processing of these data which are transferred during the submission of a request is Article 6, Paragraph 1, point (f) GDPR (legitimate interests of us as the controller). If the request aims at the conclusion of a contract, then the additional legal basis for the processing is Article 6, Paragraph 1, point (b) GDPR (performance of a contract). 

3. Purpose of the data processing
The processing of these personal data serves exclusively to make sure that we can deal with your request in an appropriate way. 

4. Duration of data retention
The above named data are deleted as soon as they are not needed anymore to achieve the purpose of their collection. The personal data which has been submitted via email or via the contact form are erased as soon as the respective conversation with the user has ended. The conversation can be defined as “ended“ when it can be deduced from the circumstances that the subject of request has been dealt with in a satisfactory and concluding way.

5. Possibility of objection
At any time, the user has the possibility to object to the processing of his or her data. The objection has to be sent to the following email address: datenschutz@topstar.de. All personal data which have been retained during the establishment of the contact are deleted in this case.

 

VII. Use of cookies

In parts, our website uses so-called cookies. Cookies do not cause any damage on your computer and do not contain viruses. They rather serve to render our service more user-friendly, effective and secure. Cookies are small text files which are deposited on your computer and which are stored by your browser. 

Most of the cookies used by us are so-called “session-cookies“. Session cookies are automatically deleted once you leave our website. Other cookies are stored on your terminal until you delete them. These cookies make it possible for us to recognize your browser when you next visit our website. A cookie which has been stored for this purpose remains valid for our website for 12 months. 

You can set your browser so that you are informed of the storage of cookies and that you allow cookies only in particular cases, exclude the acception of cookies for certain cases or in general and activate the automatic deletion of the cookies when closing the browser. When deactivating the cookies, the functionality of this website can be reduced.

Cookies which are necessary for the carrying out of electronic communication or for the provision of certain requested functions (for example shopping basket function) are stored according to Article 6, Paragraph 1, point (f) GDPR. The website owner has a legitimate interest in the storage of cookies in order to provide his services without technical errors and in an optimized way. In case that other cookies (for example cookies to analyse the user’s surfing behaviour) are stored, these cookies are treated separately in this privacy policy (see the following explanations)

 

VIII. Plugins and tools

CCM19

We use the consent management tool CCM19 from the provider Papoo Software & Media on our website.

The consent tool enables you to give your consent to data processing via the website, in particular the setting of cookies, and to make use of your right of revocation for consents already given. Data processing serves the purpose of obtaining and documenting necessary consents to data processing and thus complying with legal obligations.

Cookies may be used for this purpose. Among other things, the following information is collected and transmitted to CCM19: Date and time of the page view, a random ID, consent status. Topstar GmbH does not process the data itself; the data is stored as a log file. Access to the log files of our customers only takes place with the prior agreement and consent of the customer. This data is not passed on to other third parties. Data processing is carried out to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.

We have concluded an order agreement (AVV) with the provider Papoo Software & Media GmbH in accordance with Art. 28 GDPR.

You can find out more about data processing in CCM19's privacy policy at the link: https://www.ccm19.de/datenschutzerklaerung.html

 

IX. Tracking through Google Analytics

1. Description and scope of the data processing

On our website we use the tracking tool Google Analytics. With the help of Google Analytics, interactions of the user with our website are primarily recorded by means of cookies and are systematically analysed. If certain details of our website are called up, the following data will be saved: 

• three bytes of the IP address of the user’s calling system (anonymized IP address),
• the called website,
• the website which the user visited before our own website
• the subpages which are visited from a specific web page 
• how long the user stayed on the specific website,
• how often the user visited the specific website

The software is set that the IP addresses are not completely retained but that the last octet of the IP address is hidden (Bsp.: 192.168.79.***). In this way, it is not possible any more to link the shortened IP address with the user’s calling computer or terminal. 

2. Legal basis for the data processing
The legal basis for the processing of the user’s personal data is Article 6, Paragraph 1, point (a) GDPR (consent). 

3. Purpose of the data processing
The processing of the user’s personal data employing Google Analytics makes it possible for us to analyse the surf behaviour of our users. The evaluation of the hereby obtained data enables us to collect information about the usage of the individual components of our website. This helps us to improve our website and its user-friendliness constantly. 

4. Duration of data retention
The data obtained through tracking are deleted as soon as they are not necessary anymore for our purposes of recording. In our case, this happens after 12 months. The processing of the user’s personal data employing Google Analytics makes it possible for us to analyse the surf behaviour of our users. The evaluation of the hereby obtained data enables us to collect information about the usage of the individual components of our website. This helps us to improve our website and its user-friendliness constantly. 

5. Possibility of objection
The user can prevent Google Analytics from using his or her data on our website by employing a browser add-on for deactivating the java scripts of Google Analytics (ga.js, analytics.js, dc.js). If the user wishes to deactivate Google Analytics, he can download and install the add-on for his or her own web browser. The add-on for activating Google Analytics is compatible with the current versions of Chrome, Internet Explorer, Safari, Firefox and Opera. You have to correctly load and execute the add-on in the browser in order to make sure that it works properly. To use Internet Explorer, you additionally have to activate cookies of third-party providers. Interested users can find more information here: https://tools.google.com/dlpage/gaoptout?hl=de

 

X. Google reCAPTCHA

Our primary goal is to ensure that our website is as secure and safe as possible for you and for us. To ensure this, we use Google reCaptcha from Google (Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is carried out by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. To analyse this, reCAPTCHA evaluates various pieces of information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected is forwarded to Google for analysis in order to recognise automated abusive requests."

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Data processing is carried out on the legal basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM.

Further information about Google reCAPTCHA and Google's privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and
https://www.google.com/recaptcha/intro/android.html

 

XI. Incorporation of Google Maps

1. Description and scope of the data processing
On our website, we incorporate the maps of the service Google Maps of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to make the map data available, Google processes the technically necessary data for this purpose. 

2. Legal basis for data processing
The incorporation of the services of Google maps is necessary in order to guarantee a website design which meets the requirements of our users. This is also our interest as controller with respect to the data processing according to Article 6, Paragraph 1, point (c) GDPR (legitimate interests of the controller). 

3. More information about the data processing
Google LLC is responsible for further data processing. You can find more information about how Google treats your data here: https://policies.google.com/privacy?hl=en

 

XII. Incorporation of Facebook1. Facebook data processed by us

TOPSTAR GmbH retains no data about your Facebook activities with the exception of those activities on the TOPSTAR GmbH fan page. We process your data on this fan page in order to react to your desires and requests. We retain your personal data only for our business operations and will delete them if the purpose of their collection and legal regulations allow it. 

2. Data processed by Facebook

When visiting our fan page, Facebook processes your personal data and your user data. In this context, Facebook is the responsible party and their privacy statements apply for these procedures. You can find the privacy statements of Facebook here:
https://www.facebook.com/policy.php

 

XIII. Social plugins 

On our website, we offer you the possibility of using so-called social media buttons. In order to protect your data we implement buttons which are integrated in the website only as a graphic symbol and which contain a link to the respective web page of the button provider. By clicking on the graphic symbol you will be forwarded to the services of the respective provider. Only then your data will be sent to the respective provider. If you do not click on the graphic symbol, there will not be any data exchange between you and the providers of the social media buttons. You find information about the collection and usage of your data in the social networks in the respective terms of use of the providers. 

On our website, we have integrated the social media buttons of the following companies: 

•Button of youtube, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can find the privacy statements of Google here:
https://developers.google.com/+/web/buttons-policy

•Button of Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can find the privacy statements of Facebook here:
https://www.facebook.com/policy.php

•Button of Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. You can find the privacy statements of Twitter here:
https://twitter.com/de/privacy

• Button of Instagram, Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. You can find the privacy statements of Instagram here:
https://help.instagram.com/519522125107875

 

XIV. Data security
By employing technical and organizational measures we secure our website and other systems against loss, destruction, access, alteration or dissemination of your data by unauthorized persons. We particularly transfer your personal data in code. During your visit to our website we employ the widespread Secure Socket Layer (SSL) procedure. Unfortunately, the transfer of information via the internet is not completely secure. Therefore, we cannot guarantee the security of the data which has been transferred to our website via the internet.  

 

XV. Data transfer
We do not share your personal data with third parties unless you have given your consent to the transferring of your data or that we are entitled or obliged to pass on your data due to legal provisions and/or official or judicial orders. This particularly means that we are allowed to provide information for reasons of criminal prosecution, public safety or enforcement of intellectual property rights. 

 

XVI. Rights of the data subject
In case that personal data of a user are processed, this user is called a data subject according to the GDPR. 

According to Art. 4 GDPR, personal data are all these kinds of information which relate to an identified or identifiable natural person.  

A person is called “identifiable“ in case he or she can be determined in a direct or indirect way. This can happen by assigning him or her to a reference like a name, a reference number, location data or online identification data. Another way to identify someone is to assign him or her to one or more special features which express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person. 

This person is a data subject whose personal data are processed, for example the user of the website or the sender of an email. 

As a user of our internet-based service you have the following rights according to Art. 15, 16, 17, 18 and 21 GDPR.

• Right of access
According to Article 15 GDPR you have the right of confirmation as to whether or not personal data concerning him or her are being processed. In your access request you should state more precisely the reason why you contact us in order to make it easier for us to compile the necessary data. Please note that under certain circumstances your right of access might be limited by other laws (especially Paragraph 34 Bundesdatenschutzgesetzand Article 10 Bayerisches Datenschutzgesetz). 

• Right to rectification
According to Art.16 GDPR you have the right to request rectification of incorrect or incomplete data.

• Right to erasure
According to Art. 17 GDPR you have the right to the erasure of your personal data. Among other things, your right to deletion depends on the fact if we still need your data in question for the fulfilment of our legal tasks. 

• Right to restriction of processing
According to Art. 18 GDPR you have the right to request a restriction of the processing of your personal data. 

• Right to data portability(Art. 20 GDPR)

• Right to object
On grounds relating to your specific situation you can at any time object to the processing of your personal data (Art. 21 GDPR). However, we cannot always comply with this right, for example in case we are bound by legal regulations regarding our official task fulfilment of data processing,  

• Right to revoke your data protection declaration of consent

• Right to lodge a complaint with the supervisory authority(Art. 77 GDPR)

 

When you object to a declaration of consent
A data subject has at any time the right to object to his or her data protection declaration of consent. However, the lawfulness of the processing which has been performed because of your consent until your objection is not affected.

 

When you lodge a complaint with a supervisory authority
Regardless of the lodging of an administrative or judicial appeal, every data subject has the right to complain about the use of his or her personal data and contact a supervisory authority, in particular in the member state of his or her habitual residence, the place of work or the place of the alleged infringement. The data subject can lodge a complaint if he or she considers that the processing of his or her personal data by us has infringed the GDPR.

The responsible supervisory authority is: 
Data Protection Authority of Bavaria for the Private Sector
Website: www.lda.bayern.de

To lodge a complaint you can also contact the responsible supervisory authority of your place of residence. You can find current addresses and contact details here:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html