Privacy Policy of TOPSTAR GmbH for Direct Collection (Art. 13 GDPR)

 

I. Scope

This privacy policy applies to the online offering of TOPSTAR GmbH (www.topstar-werksverkauf.de) and to the personal data collected via these web pages. Our website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot assume responsibility or liability for third-party content or privacy practices. Please check the applicable privacy notices and policies before submitting personal data to these websites.

 

II. Name and Address of the Controller

We, TOPSTAR GmbH, are designated as the controller within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other data protection regulations for our website (www.topstar-werksverkauf.de) and the associated data processing. Comprehensive information about our company can be found in the imprint.

TOPSTAR GmbH
Augsburger Straße 29
86863 Langenneufnach
Germany

 

III. Data Protection Officer

Our Data Protection Officer can be contacted at the following details:

Mr. RA Alexander Bradt
c/o IT LAW AND ORDER UG (limited liability)
Sterzinger Straße 3
86165 Augsburg
Tel.: +49 (0) 821 6660 6600
Email: datenschutz(at)topstar(dot)de

 

IV. Hosting

The web server for operating our website is technically managed by the IT service provider maxcluster GmbH:

maxcluster GmbH
Lise-Meitner-Str. 1b
D-33104 Paderborn

 

maxcluster

Further information on security and data protection at maxcluster can be found here:
https://maxcluster.de/datenschutz/

Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

 

Wordfence

We have integrated Wordfence on this website. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).

Wordfence serves to protect our website against unauthorized access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence servers so that Wordfence can compare its databases with the accesses made on our website and block them if necessary.

The use of Wordfence is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective protection of its website against cyberattacks. If consent is requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.wordfence.com/help/general-data-protection-regulation/

Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

 

V. Provision of the Website and Log Files

  1. Description and Scope of Data Processing
    Each time our website is accessed, you (due to technical necessity) transmit data via your internet browser to our web server. During an active connection for communication, our system automatically records information from the system of the accessing computer or user device.
    The following data is collected:
    • Information about the web browser and its version
    • The operating system of the user’s device
    • The user’s internet service provider
    • The user’s IP address
    • The previous website from which the user accessed our website (referrer URL)
    • Date and time of the access request
    • Name of the requested file
    • Amount of data transferred

2. Legal Basis for Data Processing
The legal basis for the temporary storage of this data and log files is Art. 6(1)(f) GDPR (legitimate interests of us as the responsible website operator).

3. Purpose of Data Processing
Temporary storage of the user’s IP address by our system is necessary to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. Storage of the above-mentioned data in log files ensures the functionality of our website. Additionally, this data helps us optimize the website and ensure the security of our IT systems (e.g., for attack detection). Data is not evaluated for marketing purposes in this context.

4. Duration of Storage
The above-mentioned data is deleted as soon as it is no longer required to achieve the purpose of its collection. In the case of data collected for providing the website, this occurs when the respective session ends. In the case of storage in log files, this occurs after a maximum of 60 days. Longer storage is possible. In this case, the user’s IP address is deleted or anonymized so that assignment to the accessing client is no longer possible and the data no longer contains any personal reference.

 

VI. Contact Form and Email Contact

  1. Description and Scope of Data Processing
    You can contact us via our contact form and the provided email address (info(at)topstar(dot)de). In this case, the personal data transmitted with the inquiry from the sender (the user) will be stored. The mandatory fields are first name, last name, and email address of the user. Other form fields are optional.
  2. Legal Basis for Data Processing
    The legal basis for processing this data transmitted in the course of sending an inquiry is Art. 6(1)(f) GDPR (our legitimate interests as the controller). If the inquiry aims at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR (performance of a contract).
  3. Purpose of Data Processing
    The processing of this personal data serves exclusively to handle your contact request.
  4. Duration of Storage
    The above-mentioned data will be deleted as soon as they are no longer necessary to achieve the purpose of their collection. For personal data transmitted via email or the contact form, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
  5. Right to Object
    The user may object to the processing of their data at any time. The objection should be sent to the following email address: datenschutz(at)topstar(dot)de. All personal data stored in the course of the contact will then be deleted.

 

VII. Use of Cookies

Our website uses cookies in part. Cookies do not harm your computer and do not contain viruses. They serve to make our offering more user-friendly, effective, and secure. Cookies are small text files stored on your computer by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit ends. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit. A cookie set for this purpose remains valid for our website for 12 months. You can configure your browser to inform you about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be restricted.

Cookies required for carrying out the electronic communication process or for providing certain functions you desire (e.g., shopping cart function) are stored based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If other cookies (e.g., cookies for analyzing your browsing behavior) are stored, they are treated separately in this privacy policy (see following explanations).

 

VIII. Plugins and Tools

Cookiebot by Usercentrics
We use the cookie consent technology of the provider Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”) on our website.
The consent tool allows you to grant consent for data processing via the website, particularly for setting cookies, and to exercise your right to withdraw consent already given. Data processing serves the purpose of obtaining and documenting necessary consents for data processing and thus complying with legal obligations. Cookies may be used for this purpose. Among other things, the following information is collected and transmitted to Cookiebot: Date and time of page access, A random ID and Consent status.

TOPSTAR GmbH does not process these data itself; they are stored as log files. Access to customer log files only occurs after prior agreement and consent of the customer. These data are not passed on to other third parties. Data processing is carried out to fulfill a legal obligation based on Art. 6(1)(c) GDPR.

We have concluded a Data Processing Agreement (DPA) with the provider Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark in accordance with Art. 28 GDPR. This contract ensures that Usercentrics processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

For more information on data processing, please refer to the privacy policy of Usercentrics at: https://usercentrics.com/privacy-policy/

 

IX. Tracking via Google Analytics

  1. Description and Scope of Data Processing
    We use the tracking tool Google Analytics on our website. Google Analytics primarily records interactions of users on our website using cookies and systematically evaluates them. When individual pages of our website are accessed, the following data is stored:
    • Three bytes of the IP address of the user’s system (anonymized IP address)
    • The accessed page
    • The page from which the user arrived at the accessed page (referrer URL)
    • Subpages accessed from the visited page
    • Duration of stay on the website
    • Frequency of page visits

The software is configured so that IP addresses are not stored in full; the last octet of the IP address is masked (e.g., 192.168.79.***). This way, the shortened IP address can no longer be assigned to the accessing computer or user device.

2. Legal Basis for Data Processing
The legal basis for processing users’ personal data is Art. 6(1)(a) GDPR (consent).

3. Purpose of Data Processing
Processing users’ personal data using Google Analytics enables us to analyze user browsing behavior. By evaluating the collected data, we can compile information about the use of individual components of our website. This helps us continuously improve our website and its user-friendliness.

4. Duration of Storage
Data stored through tracking is deleted as soon as it is no longer needed for our recording purposes. In our case, this is after twelve months.

5. Right to Object
Users can prevent Google Analytics from using their data on our website by installing a browser add-on to disable Google Analytics JavaScripts (ga.js, analytics.js, dc.js). If the user wishes to disable Google Analytics, they can download and install the add-on for their browser. The add-on is compatible with common versions of Chrome, Internet Explorer, Safari, Firefox, and Opera. For the add-on to work, it must be correctly loaded and executed in the browser. For Internet Explorer, third-party cookies must also be enabled. More information can be found at: https://tools.google.com/dlpage/gaoptout?hl=de

 

X. Google Tag Manager

This website uses Google Tag Manager (GTM). The service provider of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GTM is a tool that allows us to integrate tracking, analytics, and other technologies on our website. It only serves to manage the tools integrated via GTM. GTM itself does not create user profiles, store cookies, or perform independent analysis. However, Google Tag Manager collects your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and easy integration and management of various tools on its website. If consent is requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG (Telecommunications-Digital Services Data Protection Act), insofar as consent includes the storage of cookies or access to information on the user’s device within the meaning of the TDDDG. Consent can be revoked at any time.

Google is certified under the EU-US Data Privacy Framework (DPF), which aims to ensure compliance with European data protection standards for data processing in the USA. Each certified company commits to adhering to these standards. More information can be found at:
https://www.dataprivacyframework.gov/list

 

XI. Integration of Google Maps

  1. Description and Scope of Data Processing
    We integrate maps from the service Google Maps, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To provide the map material, technically necessary data is processed by Google for this purpose.
  2. Legal Basis for Data Processing
    The integration of Google Maps services is necessary for the user-friendly design of our website. This also constitutes our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.
  3. Further Information on Data Processing
    Google LLC is responsible for further data processing. For more information on how Google handles your data, please visit: https://policies.google.com/privacy?hl=de

 

XII. Integration of Facebook

  1. Data Collected by Facebook
    TOPSTAR GmbH does not store any data about your activities outside the Facebook fan page of TOPSTAR GmbH. We record your activities on this fan page solely to respond to your requests and inquiries. We only store personal data about you within the scope of business processes and delete it unless legal requirements or the purpose of processing prevent deletion.
  2. b) Data Collected by Facebook:
    Facebook collects personal and usage data from you when you visit this page. For these processes, Facebook’s privacy policy applies, which you can find at the following link: https://de-de.facebook.com/policy.php

 

XIII. Social Plugins

We offer you the option to use so-called “social media buttons” on our website. To protect your data, we use buttons implemented as graphics that contain a link to the respective provider’s website. By clicking the graphic, you are redirected to the services of the respective provider. Only then will your data be transmitted to the provider. If you do not click the graphic, there is no exchange of data between you and the social media button providers. Information about the collection and use of your data in social networks can be found in the respective terms of use of the providers.

We have integrated social media buttons from the following companies on our website:

  • YouTube button by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“YouTube”). Privacy policy:
    https://developers.google.com/+/web/buttons-policy
  • Facebook button by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Privacy policy:
    https://www.facebook.com/policy.php
  • Twitter button by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). Privacy policy:
    https://twitter.com/de/privacy
  • Instagram button by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). Privacy policy:
    https://help.instagram.com/519522125107875

 

XIV. Newsletter

You can subscribe to our newsletter free of charge on our website. When registering for the newsletter, the data entered in the input form is transmitted to us. We use the double opt-in procedure, meaning we will only send you a newsletter by email after you have explicitly confirmed that we may activate the newsletter service. The legal basis for processing data for newsletter distribution is Art. 6(1)(a) GDPR (consent). The data collected during newsletter registration is used exclusively for sending newsletters. There is no transfer to third parties. You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the end of each newsletter. After unsubscribing, your email address will be immediately removed from our newsletter distribution list.

 

XV. Data Security

We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification, or distribution of your data by unauthorized persons. In particular, your personal data is transmitted in encrypted form. We use the widely adopted SSL (Secure Socket Layer) protocol during your website visit. However, transmission of information over the Internet is not completely secure, so we cannot guarantee the security of data transmitted to our website via the Internet.

 

XVI. Data Sharing

We do not share your personal data with third parties unless you have consented to the data transfer or we are legally authorized or obliged to do so by statutory provisions and/or official or judicial orders. This may include providing information for law enforcement purposes, averting danger, or enforcing intellectual property rights.

 

XVII. Rights of the Data Subject

If personal data of a user is processed, that user is a data subject within the meaning of the GDPR. Personal data according to Art. 4 GDPR includes all information relating to an identified or identifiable natural person. A person is identifiable if they can be determined directly or indirectly, for example by assigning an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. A data subject is the person whose personal data is processed, e.g., the website user or the email sender.

As a user of our online offering, you have various rights under the GDPR against us as the controller, particularly those arising from Articles 15 to 18 and 21 GDPR:

  • Right of Access

You may request information under Art. 15 GDPR about your personal data processed by us. In your request for information, you should specify your concern to help us compile the required data. Please note that your right of access may be restricted under certain circumstances according to legal provisions (especially § 34 BDSG and Art. 10 BayDSG).

  • Right to Rectification

If the information concerning you is incorrect or no longer accurate, you may request rectification under Art. 16 GDPR. If your data is incomplete, you may request completion.

  • Right to Erasure

You may request the deletion of your personal data under the conditions of Art. 17 GDPR. Your right to erasure depends, among other things, on whether we still need the data concerning you to fulfill our legal obligations.

  • Right to Restrict Processing

Under Art. 18 GDPR, you have the right to request the restriction of processing of your data.

  • Right to Data Portability (Art. 20 GDPR)
  • Right to Object

Under Art. 21 GDPR, you have the right to object at any time to the processing of your data for reasons arising from your particular situation. However, we may not always be able to comply, for example, if legal regulations require us to process the data as part of our official duties.

  • Right to Withdraw Consent

You have the right to withdraw your consent to data processing at any time.

  • Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

 

Note on Withdrawal of Consent
A data subject has the right to withdraw their consent at any time. However, this does not affect the lawfulness of processing carried out based on consent before its withdrawal.

 

Note on Complaints to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, a data subject has the right to lodge a complaint with a supervisory authority – particularly in the Member State of the user’s residence, workplace, or the place of the alleged infringement – if the user believes that the processing of their personal data by us violates the GDPR. The competent supervisory authority is: Bavarian State Office for Data Protection Supervision
Website: www.lda.bayern.de

However, you may also lodge complaints with the supervisory authority responsible for your place of residence. Current addresses and contact details can be found at the following link:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

 

Privacy Policy for Payment Service Providers Used by Us

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” via PayPal, we transmit your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of payment processing. For the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” via PayPal, PayPal reserves the right to carry out a credit check. The result of the credit check regarding the statistical probability of payment default is used by PayPal to decide on the provision of the respective payment method. The credit check may include probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data is among the factors included in the calculation of score values. Further data protection information, including the credit agencies used, can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full