Privacy policy

We at Centa-Star are delighted that you are interested in our product range and have visited our websites. When you use our websites, various types of personal data are collected. Personal data as defined by the General Data Protection Regulation (“GDPR”) refers to all information that enables you to be personally identified.

We take the protection of your personal data very seriously. We treat your personal data in confidence and in accordance with the statutory data protection rules and this privacy policy. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

Our privacy policy for the use of our websites does not apply to your activities on the websites of social media networks or other providers that you can contact via the links on our websites. When using these providers’ websites, ensure you inform yourself about their privacy policies.

1. Name and address of the data controller as defined by the GDPR

Centa-Star Bettwaren GmbH & Co. KG
represented by its managing directors Andreas Eule and Thomas Müller
Augsburger Str. 275 | 70327 Stuttgart | Deutschland
Tel.: +49 (0)711 305 05-0
Fax: +49 (0)711 305 05-230
Email: info@centa-star.com
Internet: www.centa-star.com

Our data protection officer:
René Rautenberg GmbH
represented by its Managing Director René Rautenberg
Hauptstrasse 28 | 15806 Zossen | Deutschland
Email: datenschutzbeauftragter@centa-star.com
Internet: www.er-secure.de

2. Security

Please note that security loopholes may occur when transferring data over the Internet (e.g. when communicating by email). It is not possible to provide seamless protection of data from third-party access.

This page uses TLS encryption for security reasons and to protect the transfer of confidential content, such as orders or inquiries that you send to us as the operator of the page. You can identify an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and that your browser bar displays a padlock icon. When TLS encryption is activated, the data that you transmit to us cannot be intercepted by third parties.

3. Collection and processing of your personal data

3.1. Extent of processing of personal data

We only ever collect and use our users’ personal data to the extent necessary to provide both a functional website and our content and services. In many cases the collection and use of personal data is only performed with the user’s consent. An exception only applies in cases where consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

One way that your data is collected is when you communicate it to us. This may comprise data that is entered into a contact form, for example. Other data is recorded automatically by our IT systems when you visit our website. This mainly comprises technical data that is required to ensure that we can make our website available with no issues. This data is collected automatically as soon as you access our website. Other data may be used to analyse your browsing behaviour, provided you give the requisite consent. This data is collated in a pseudonymised form and cannot be traced back to your identity. When you access our websites we notify you about the use of cookies for analytics purposes and ask you click the “Accept cookies” button to give your consent to such use. We use this data to identify your usage interests and use this information to make the use of our online offer more user-friendly and more effective as a whole.

You can use the Centa-Star websites without having to provide any personal data yourself or without personal data being collected for analytics purposes. For more information about cookies and ways in which you can control them, see section „4.3. Cookies“.

3.2. Legal basis for the processing of personal data

Centa-Star will only collect and process personal data if you provide your consent (Art. 6 (1) (a) GDPR), for the performance of a contract or in order to take steps prior to entering into a contract (Art. 6 (1) (b) GDPR) or for the purposes of our legitimate interests (Art. 6 (1) (f) GDPR).

Where we obtain your consent for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis for the processing of personal data.

Where personal data needs to be processed for the purpose of performing a contract to which you are party, the legal basis shall be Art. 6 (1) (b) GDPR. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.

If personal data needs to be processed in order to fulfil a legal obligation to which our company is subject, the legal basis is Art. 6 (1) (c) GDPR.

Where the processing of personal data is necessary to protect your vital interests or those of another natural person, Art. 6 (1) (d) GDPR shall serve as the legal basis.

If the processing is necessary to protect a legitimate interest pursued by our company or a third party and this interest is not overridden by your interests or your fundamental rights and freedoms, Art. 6 (1) (f) GDPR shall serve as the legal basis for the processing.

3.3. Data erasure and storage duration

Your personal data will be deleted or made unavailable as soon as the purpose for which it was saved ceases to apply. Data may additionally be stored if so intended by European or domestic legislation in the form of EU regulations, statutes or other stipulations to which we are subject. Data will also be made unavailable or erased when a storage period prescribed by the specified regulations lapses unless there is a necessity for the continued storage of the data in order to enter into or fulfil a contract.

4. Data collection on our websites

4.1. Server log files

When you visit our websites, the provider of the pages automatically records information in “server log files” that your browser automatically transmits to us. This data contains for example:

  • Browser type and browser version
  • Operating system used
  • Referrer URL (last page visited)
  • Host name of the querying computer
  • Access date and time of the server query
  • IP address

This data will only be collected for the purpose of statistical analysis and on security grounds (e.g. to investigate acts of misuse or fraud), stored for the duration of seven days and then erased. If a longer retention period of the data is required for evidential purposes, this data shall be excluded from erasure until the incident has been conclusively investigated. This data will not be merged with any other data sources. The system needs to store the IP address temporarily to enable the website to be provided to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. This data is recorded and temporarily stored on the basis of Art. 6 (1) (f) GDPR. As a website operator we have a justified interest in the technically flawless presentation and optimisation of our website, and this requires the server log files to be recorded.

4.2 Query by contact form, email, phone or fax

If you contact us via contact form, email, phone or fax, we store and process your query including all personal data arising from it. The data is used exclusively for the purpose of handling the matter about which you made contact and will not be passed to third parties without your consent. The data transmitted contains your name and the content and time of your query.

This data is processed on the basis of Art. 6 (1) (b) GDPR, provided your query is connected with the performance of a contract or the taking of steps prior to entering into a contract. In all other cases the processing is based on your consent (Art. 6 (1) (a) GDPR) and/or our legitimate interests (Art. 6 (1) (f) GDPR) because we have a legitimate interest in the effective handling of the queries addressed to us.

You may revoke a consent at any time. To do so, send us an email (info@centa-star.com), no specific form required. The data processing operations performed up to the point of revocation will be deemed lawful and shall not be affected by the revocation. We shall retain the data you send to us by way of contact requests until you ask us to erase it, revoke your consent to its storage or until the purpose for which the data is stored lapses (e.g. once your matter has been conclusively dealt with). Applicable statutory stipulations, in particular statutory retention periods, shall be unaffected by this.

4.3. Cookies

In order to identify your usage interests and use this information to make the use of our web presence more user-friendly and more effective as a whole, Centa-Star itself or third parties commissioned by Centa-Star store what are known as cookies on your device. Cookies are small text files that are placed on your device when you visit a website and are saved by your browser. Among other things, they are used to collect information about the use of a website and enable us to recognise your browser on your next visit. Cookies do not cause any damage to your computer and cannot execute programs or transfer viruses to your computer. Some of the cookies we use are what are known as “session cookies”. They are automatically deleted after the end of your visit. We also use cookies on our websites that enable an analysis of your browsing behaviour. This may entail for example the transmission of data that notifies us about the duration and frequency of page accesses. The table below in this section of our privacy policy provides information on which cookies we use and how long each of them is stored.

We use cookies on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in the storage of cookies to ensure that our services can be provided with no technical faults and in an optimised manner. The purpose of using analytics cookies is to improve the quality of our websites and their content. The analytics cookies tell us how our websites are used and enable us to constantly optimise our offering. When you access our websites, a banner notifies you about the use of cookies for analytics purposes and asks for your consent to the processing of the personal data used for this purpose. You grant this consent to us by clicking the “Accept cookies” button in the banner. There is also a reference to our privacy policy in this context. The legal basis for the data processing based on this consent is Art. 6 (1) (a) GDPR.

You can also visit our websites without agreeing to the use of cookies. You can revoke a previously granted consent at any time by clicking the link below to change your consent. This removes all cookies that you no longer agree to the use of. The data processing performed up to the point of revocation will be deemed lawful and shall not be affected by the revocation.

You can reject the use of cookies and also delete them at any time by selecting the corresponding settings on your device. You can configure your browser of choice to notify you when cookies are placed and only allow cookies in individual cases, exclude the receipt of cookies for specific cases or in general and activate the automatic deletion of the cookies when closing the browser. You can also delete cookies from your device at any time. Similar to the deployment of cookies, their rejection or deletion is also specific to the device and browser used. You therefore need to reject or delete the cookies separately for each of your devices and, if you use multiple browsers, also for each browser. Deactivating cookies may restrict the functionality of our websites.

You will find a list of the cookies we use below:

CookieTypeDurationDescription
ga-opt-outpersistentpersistentWird genutzt, um dem Google Analytics Tracking zu widersprechen. / Used to reject Google Analytics tracking.
_gathird party2 JahreZum Unterscheiden der User. / Used to distinguish users.
_gatthird party1 MinuteWird zum drosseln der Anfrage Rate genutzt. / Used to throttle request rate.
_gidthird party24hZum Unterscheiden der User. / Used to distinguish users.
_icl_current_languagesessionSpeichert die gerade genutzte Sprache der Website / Saves the current display language of the website.

5. Plugins and tools

We also use third-party products on our websites, for instance to make our online presence more appealing, more informative and more user-friendly, for analysis purposes or to increase the visibility of our company via links to social media. These purposes constitute a legitimate interest pursued by our company pursuant to Art. 6 (1) (f) GDPR, which, alongside any consent (Art. 6 (1) (a) GDPR) you may have granted us, forms the legal basis for processing.

5.1. YouTube with enhanced privacy

Our websites use plugins of the website YouTube. The pages are operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in privacy-enhanced mode. According to YouTube, the effect of this mode is that YouTube does not store any information about the users of our websites before they view an embedded video on our pages. Conversely, privacy-enhanced mode does not necessarily preclude data being passed to YouTube’s partners. YouTube thus connects to the Google DoubleClick network, irrespective of whether you watch a video. As soon as you start to view a YouTube video on our website, a connection is made to the YouTube servers. The YouTube server is notified about which of our pages you visited. If you are logged into your YouTube account, you enable YouTube to allocate your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account prior to playing a video on our websites. Furthermore, YouTube may store various cookies on your end device when you start a video. YouTube may obtain information about you via these cookies. This information is used for example to record video statistics, improve user-friendliness and prevent attempts at fraud. These cookies remain on your end device until you delete them. Further data processing operations over which we have no influence may be triggered following the starting of a YouTube video. YouTube is used in the interest of presenting our online presence in an appealing manner. This constitutes a legitimate interest as defined in Art. 6 (1) (f) GDPR. For further information about data protection with YouTube, see Google’s privacy policy at:
https://policies.google.com/privacy?hl=en

5.2 Google Web Fonts

This page uses “web fonts” provided by Google to ensure a uniform presentation of fonts. The Google Fonts are installed locally. No connection is made to Google’s servers.

5.3. Google Maps with consent

This page uses the Google Maps mapping service via an API. This is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. To guarantee data protection on our websites, Google Maps is deactivated when you visit our websites for the first time. A direct link to Google’s servers is only made if you directly activate Google Maps (consent under Art. 6 (1) (a) GDPR). This prevents your data from being transferred to Google as soon as you access our websites. After activation, Google Maps will store your IP address. This is then usually transferred to a Google server in the USA and stored there. Once Google Maps is activated, Centa-Star has no influence over this data transfer. For further information on how user data is handled, refer to Google’s Privacy Policy at:
https://policies.google.com/privacy?hl=en

5.4 Social media plugins with Shariff

Social media plugins are used on our pages. Currently these are plugins of the platforms Facebook, Instagram and YouTube. You can identify the plugins based on the respective social media logos. Centa-Star itself does not collect any personal data relating to you via these plugins. To prevent personal data being transferred to the service providers of the social media platforms without your knowledge, we only use these plugins in conjunction with what is referred to as the “Shariff” solution. Shariff is provided as an open-source application by Heise online (news website of the Heise magazine publishing house). This application prevents the plugins integrated on our website from transferring data to the respective service providers as soon as our websites are accessed. Only when you activate one of the plugins by clicking the corresponding social media button is a direct connection to the server of the respective service provider created. Further information about data protection using Shariff can be found here:
https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

Clicking the respective social media button is deemed to be consent to the use of the social media platform in question pursuant to Art. 6 (1) (a) GDPR. As soon as you activate the plugin, the provider in question is notified that you accessed one of our websites with your IP address. For this to occur you neither need an account with this service provider, nor do you need to be logged in. If you are logged into your account with the social media platform in question at the point at which a plugin is activated, the respective provider may allocate the visit to our pages to your user account. If you do not want the service provider in question to be able to allocate your visit to our page to your social media profile, you need to log out of your account before clicking one of the social media buttons.

Please be aware of the following: some service providers have their registered office in the USA. From the perspective of the European Union, there is no “adequate level of protection” in the USA compliant with the EU standards for the processing of personal data. However, for individual companies this level of protection can be replaced by a certification under what is known as the “EU-US Privacy Shield”. Some service providers are certified under the Privacy Shield framework and as a result undertake to comply with European data protection laws.

Centa-Star is neither aware of nor able to influence the type, extent, purpose and storage period of the data collection performed by these service providers. The service providers may use cookies and may also record your IP address or device-related information. We use social media plugins on our websites to increase the visibility of our company. This constitutes a legitimate interest of ours under Art. 6 (1) (f) GDPR.

You can find further information on the social media platforms whose plugins we use on our websites and how they deal with data protection issues below:

Facebook
Facebook is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the Facebook plugin in conjunction with the Shariff solution described above. Facebook is certified under the Privacy Shield framework and consequently undertakes to comply with European data protection laws. You can view Facebook’s Privacy Shield certificate here:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Facebook’s privacy policy is available via the following link:
https://en-gb.facebook.com/about/privacy/

Instagram
Instagram is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the Instagram plugin in conjunction with the Shariff solution described above. Facebook is certified under the Privacy Shield framework and consequently undertakes to comply with European data protection laws. You can view Facebook’s Privacy Shield certificate here:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Instagram’s privacy policy is available via the following link:
https://help.instagram.com/519522125107875

YouTube
YouTube is a service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use the YouTube plugin in conjunction with the Shariff solution described above. Google is certified under the Privacy Shield framework and consequently undertakes to comply with European data protection laws. You can view Google’s Privacy Shield certificate here:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google’s privacy policy is available via the following link:
https://policies.google.com/privacy?hl=en-GB&%3Bamp%3Bgl=en

5.5. Google Analytics

We want to tailor the content of our online presence as closely as possible to your interests and by doing so improve our offer to you. Centa-Star uses the Google Analytics web analytics service on the basis of our legitimate interest in an optimisation of our websites, the creation of a more targeted offer and monitoring the effectiveness of advertising measures. This is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies that enable your use of our websites to be analysed. Pseudonymised usage profiles are created to facilitate this. By aggregating a user’s multiple website accesses from various devices into a single pseudonymised user profile, we can make a more realistic assessment of the use of our online presence. Data about your use of these websites collected via cookies may contain the following information:

  • Browser type and browser version
  • Operating system used
  • Referrer URL (last page visited)
  • Host name of the accessing computer (IP address)
  • Time of server request

This data is usually transferred to a Google server in the USA and stored there. We have activated IP anonymisation on our websites via the code extension “_anonymizeIp()”, meaning that a Google Analytics script automatically shortens your IP address by the last three digits within the member states of the EU or other signature states to the Agreement on the European Economic Area prior to transfer to the USA. Only in exceptional cases will your full IP address be transferred to one of Google’s servers in the USA and shortened there. This procedure ensures that the pseudonymised user profiles created in this way cannot be clearly traced to a given individual. Google uses this information on behalf of Centa-Star to analyse your use of our websites, to generate reports relating to website activity for Centa-Star and to provide further services connected to the use of the website and the Internet. Google may also transfer this information to third parties to the extent prescribed by law or where third parties process the data on Google’s behalf.

The legal basis for the processing of personal data for these analytical purposes is your consent pursuant to Art. 6 (1) (a) GDPR, provided you have granted us such, and our legitimate interest in optimising our online presence pursuant to Art. 6 (1) (f) GDPR. When you access our websites, a banner notifies you about the use of cookies for analytic purposes and we ask for your consent to the processing of personal data used for this purpose. You grant this consent to us by clicking the “Accept cookies” button in the banner. There is also a reference to our privacy policy in this context. As set out in section “4.3. Cookies”, you can also visit our websites without agreeing to the use of cookies. There you will find information about how to revoke a consent you have already granted and how you can control the use of cookies.

Deactivating cookies may restrict the functionality of our websites. Google offers an add-on for web browsers that can prevent data collection by Google Analytics and the processing of this data by Google. The add-on can be downloaded and installed at your own risk from the following link:

https://tools.google.com/dlpage/gaoptout?hl=en-GB

As an alternative to the add-on, in particular for browsers on mobile end devices, you can also prevent data recording by Google Analytics by setting an opt-out cookie in your browser that prevents the future collection of your data when visiting this website. The opt-out cookie only applies in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you need to reset the opt-out cookie.
Set Google Analytics opt-out cookie.

You can find further information about Google Analytics and data protection on the Internet via the following link of the producer Google:
https://support.google.com/analytics/answer/6004245?hl=en

Please be aware of the following: From the perspective of the European Union, there is no “adequate level of protection” in the USA compliant with the EU standards for the processing of personal data. However, for individual companies this level of protection can be replaced by a certification under what is known as the “EU-US Privacy Shield”. Google is certified under the Privacy Shield framework and consequently undertakes to comply with European data protection laws. You can view Google’s Privacy Shield certificate here:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

6. Your rights

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your personal data stored by us. You also have the right to request the rectification, making unavailable or erasure of this data. If you have any questions about this or any other matters relating to the subject of data protection, you can contact us at the address provided in the legal notice. Additionally, you have a right to lodge a complaint with the competent supervisory authority (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Königstraße 10a, 70173 Stuttgart, Germany). You also have the right to request the restriction of the processing of your personal data under certain circumstances. For further details, see section “6.7. Right to restrict processing” of the privacy policy.

6.1. Analytics tools and tools from third-party providers

When you visit our website, your browsing behaviour may be statistically evaluated. This is done above all by using cookies and what are termed analytics programs. Your browsing behaviour is analysed in a pseudonymised manner and cannot be traced back to you. You may lodge an objection to this analysis or prevent it by not using certain tools. You can find detailed information about these tools and your options for objection in this Privacy Policy.

6.2. Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You may revoke a previously granted consent at any time. To do so simply send us an email (no form required) or follow the link provided for this purpose in section “4.3. Cookies“. The data processing performed up to the point of revocation will be deemed lawful and shall not be affected by the revocation.

6.3. Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

If the data processing is being performed on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your specific situation. This also applies to any profiling based on these provisions. The specific legal basis on which a processing operation is based can be found in this privacy policy. If you raise an objection, we will no longer process the personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing is for the purpose of establishing, exercising or defending legal claims (objection pursuant to Art, 21 (1) GDPR). Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This also includes profiling to the extent that it is related to such direct marketing. If you raise an objection, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

6.4. Right to lodge a complaint with the competent supervisory authority

In the event of breaches of GDPR, the data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state in which they are habitually resident, have their place of work or the location of the alleged breach. The right to lodge a complaint exists irrespective of any other administrative or judicial legal remedies.

6.5. Right to data portability

You have the right to receive, or have transmitted to a third party, the data that we have processed in an automated manner on the basis of your consent or in the performance of a contract in a commonly used, machine-readable format. If you request the direct transfer of the data to a different controller, this will only be done if it is technically feasible.

6.6. Information, making unavailable, erasure and rectification

Within the framework of the applicable legislation, you have the right to obtain at any time information free of charge about your stored personal data, its origin and recipients and the purpose of the data processing and, where relevant, a right to the rectification, making unavailable or erasure of this data. If you have any questions about this or any other matters relating to the subject of personal data, you can contact us at the address provided in the legal notice.

6.7. Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us in this regard at any time at the address provided in the legal notice. The right to restriction of processing exists in the following cases: If you contest the accuracy of the personal data regarding you stored by us, we usually need time to verify this. You have the right to request the restriction of the processing of your personal data for the period required for the verification. If your personal data was or is being processed in an unlawful manner, you may request the restriction of the use of the data as opposed to its erasure. If we no longer need your personal data but you require it for the establishment, exercise or defence of legal claims, you have the right to request the restriction of the use of the personal data as opposed to its erasure. If you have lodged an objection pursuant to Art. 21 (1) GDPR, an assessment needs to be made of whether your rights override ours. Until it has been established whose rights prevail, you have the right to request the restriction of the processing of your personal data. Where you have restricted the processing of your personal data, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

6.8. Objection to marketing emails

We hereby object to the use of contact details published in the context of the obligation to provide a legal notice for the purpose of sending advertising and information materials that are not expressly requested. Centa-Star expressly reserves the right to take legal steps in the event of the unsolicited sending of advertising materials, for example in the form of spam emails.

7. Updates to our privacy policy

Our privacy policy is valid in its current form; however, we reserve the right to make amendments in future. If any changes occur to our handling of your personal data or the statutory position, we shall amend our privacy policy and publish the latest valid version online here. It is your responsibility to inform yourself of any changes to our privacy policy. We therefore recommend that you review it from time to time.

Last revised: June 2019

Copyright
This privacy policy is based in part on the free privacy policy generator from eRecht24.de. The texts have been modified and expanded by Centa-Star in order to meet our requirements for a privacy policy.