Legal Disclaimer »privacy policy«
For each visitor to our Web page, our Web server automatically recognizes only the visitor's domain name, but not the email address. We collect the email address of visitors only via information volunteered by the consumer such as survey information, catalog requests, and/or site registrations. The information we collect is not sold to other organizations for commercial purposes. However, for international customers, information may be shared with our international dealers.
If you do not want to receive emails from us in the future, please let us know by sending an email or calling us and telling us that you do not want to receive emails from our company. If you supply us with your postal address you may receive periodic mailings from us with information on new products and services or upcoming events. If you do not wish to receive such mailings, please let us know by sending email or calling. Please provide us with your exact name and address. Persons who supply us with their telephone numbers online may receive telephone contact from us with information regarding orders they have placed online. Please get in contact to us and provide us with your correct phone number.
We take the privacy of your personal data seriously and comply with applicable data protection law. We would like to inform you about the processing of your personal data. You can review this information at any time at the bottom of each page of our website under the heading.
1. The Controller and Data Protection Officers
The controller for purposes of Article 4 number 7 General Data Protection Regulation ("GDPR") is
STARLAB (UK), Ltd
5 Tanners Drive
Blakelands
Milton Keynes MK14 5BU
United Kingdom
(also referred to in this Data Privacy Statement as "STARLAB", "we" or "us"). If you have any questions or suggestions about data protection or you want to contact our data protection officer, you can also contact us by email at the address DPO@starlab.co.uk
2. Subject of Data Protection and Processed Data
Data protection involves personal data. Pursuant to Art. 4 no. 1 GDPR these personal data consist of all information which relate to an identified or identifiable natural person; such as, for example, the name or identification number. Many data we process result directly from the respective context of the processing:
As soon as you visit our website, we automatically collect and store certain use data. This includes the IP address assigned to your computer which we need in order to transmit the content of our website you accessed to your computer or other end-device, (e.g. text, images, games and product information, as well as data files made available for downloading, etc.).
We also collect and store information about the use of the website, for example, the type of browser and operating system that are used as well as the data and time when you use the website as well as the URL of the previously visited website. We process your data, in order to provide the website and the related functions to you.
When you use specific functions, for example, placing an order on our website, we also process the data which are required to provide the function. In the case of an order, for example, we process the data you have entered to fill the order. When you complete the contact form, we use the data to conduct correspondence with you. We also describe in this Data Privacy Statement the other categories of personal data we process with regard to the respective topic.
3. Purpose and Legal Basis of the Processing
3.1 We process your data on the basis of a consent you have issued (Art. 6 para. 1 lit. a GDPR) in the scope described in the respective consent and for the purposes explained there.
3.2 We process your personal data for the following purposes on the basis of performing a contract or carrying out a pre-contractual measure (Art. 6 para. 1 lit. b GDPR):to display our website
· to process your orders, including payment as well as providing customer service (for example, returns)
· to carry out our special functions involving mySTARLAB (e.g. epPoints, product registration)
· for the purpose of ordering or cancelling subscriptions, newsletters and webinars
· to process online applications
· to carry out competitions or contests
3.3 We process your personal data for the following purposes in our legitimate interests, especially the protection of our IT infrastructure, assuring satisfactory customer communications and promoting the sales of our products (Art. 6 para. 1 lit. f GDPR):
· to get to know our customers better
· to process other contact from you (e.g. in the case of questions, suggestions or other notifications)
· to protect against fraud
· to optimize our offering (especially also to structure our website appropriately for the demand)
· to maintain IT security
· to send you information about products and activities which might be of interest to you
· To show you online adverts that match your interests
3.3. We process these data only to the extent your interests, fundamental rights or fundamental freedoms (especially protection of your personal data) do not outweigh our legitimate interests described above.
3.4 In exceptional situations, it is also possible that we process your data to fulfill a legal obligation (Art. 6 para. 1 lit. c), to protect vital interests (Art. 6 para. 1 lit. d) or to carry out a task in the public interest (Art. 6 para. 1 lit. e).
4. Other Collection and use of Your Data
4.1 Session cookies
We store so-called "cookies", in order to offer to you comprehensive functionality and to make the use of our websites (for example, online purchasing) more comfortable for you. "Cookies" are small data files which are stored on your computer by your internet browser. If you do not want to use "cookies", you can prevent the storage of "cookies" on your computer with corresponding settings in your internet browser. Please note that the functionality and extent of the functions in our offering can then be limited.
4.2 Data analysis using pseudonymized use profiles
4.2.1 Data analysis using Google services
We use the web analysis services Google Analytics, AdWords Conversion-Tracking, DoubleClick Campaign Manager and DoubleClick Bid Manager of Google LLC ("Google"). These Google services use "cookies", i.e. text data files stored on your device which enable an analysis of how you use the website. The information about your use of this website produced by the cookie (including your IP address abbreviated with the last octet) are transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, compile statistical reports about website activities for us and to provide additional services related to the use of our website and the internet. For example, we can see with the "remarketing" function in Google Analytics which visitors have accessed specific pages and placed specific items in the shopping cart. Google will also transmit this information as needed to third parties if this is required by law or to the extent third parties process these data at the order of Google. More further information about how Google uses your data can be found in the Google data privacy statement: https://policies.google.com/privacy?hl=en. You can deactivate the Google services with a browser add-on if you do not want website analysis. You can download this add-on here: http://tools.google.com/dlpage/gaoptout?hl=en. As an alternative, you can regulate the use of individual cookies also with the privacy settings in your browser or at the following website: http://www.youronlinechoices.com/uk/your-ad-choices.
4.2.2 Google reCAPTCHA
Our website uses Google reCAPTCHA to prevent automated servers ("bots") from accessing and interacting with our website. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043. The reCAPTCHA allows Google to determine which website and IP adress is used to input content into our form fields. Google may collect other information then your IP address if necessary to provide and guarantee this service. Detailed information can be found at https://policies.google.com/privacy regarding the handling of your data.
4.2.3 Use of Hotjar
We use Hotjar, a service of Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta. Hotjar enables us to collect non-personal data (for example, mouse movements and clicks on our internet page, including your abbreviated IP address) and, thus, to evaluate and optimize the design of our internet site. Hotjar uses so-called "cookies", i.e. text data files which are stored on your device and enable us to analyze how you use the website. Hotjar can produce pseudonym use profiles and use this information to analyze your use of the website, provide analyses to us and provide other services related to the use of a website. Hotjar also might transfer this information to third parties to the extent this is legally required or to the extent third parties process these data at the order of Hotjar. You can object at any time to the use of Hotjar. You can find a corresponding instruction here: https://help.hotjar.com/hc/en-us/sections/360007812474-Compliance
4.3 Use of Google Maps
We use the Google Maps API (an interface to include Google Maps in our website), a service of Google LLC ("Google"). This has the purpose on our website of enabling you to plan how to get to us. When using Google Maps, information about your use of our website (including your IP address) can be transmitted to a Google server in the USA and stored there. We do not know the details about how the data are processed. When you are logged in with Google, your data can be attributed by Google to your account. Google can store these data as use profiles and use these data for purposes of advertising, market research and/or designing its website to meet demand. Google will also transfer this information as needed to third parties if this is required by law or to the extent third parties process these data at the order of Google. You can find more information about how Google uses your data in the data privacy statement of Google: https://policies.google.com/privacy?hl=en. You can deactivate the Google services by means of a browser add-on if you do not want the website analysis. You can download this here: http://tools.google.com/dlpage/gaoptout?hl=en. As an alternative, you can deactivate the Java script function in your browser or object to the use of your data directly to Google.
4.4 Involvement of payment service providers in Australia, Canada and USA
We use service providers to help us processing payments (for example, when you buy products from us). Our online store in Australia uses CyberSource Corporation HQ ("CyberSource"), our online stores in Canada and the US use Paymetric Inc. ("Paymetric"). If necessary, CyberSource and Paymetric use the data entered by you when placing your order to process the respective order on our behalf. For more information on the purpose and scope of CyberSource's processing of your personal information, please visit: https://www.visa.co.uk/legal/privacy-policy.html/. For more information on the purpose and scope of Paymetric's processing of your personal information, please visit: https://www.paymetric.com/privacy-policy-2/.
4.5 Marketo
We use Adobe Marketo Engage ("Marketo"), a software platform of Marketo EMEA Limited with its headquarters in Ireland. Marketo serves the purpose of marketing automatization and makes it possible for us to optimize marketing strategies and processes. The purposes of processing personal data with Marketo consist of personalized marketing automatization (4.5.1) as well as improving lead management (4.5.2). We process the following categories of personal data with Marketo: contact data (salutation, first name and last name, title if applicable, email address, telephone number), specific professional information (position, professional designation, company, section or department), behavioral data (website activities, interactions with received emails), event data (participation in events and webinars), additional information which are provided by the data subjects (e.g. using web forms). We do not process sensitive information. We accordingly ask you not to also communicate any information with potential contact forms or other communications channels with regard to your ethnic origin, political opinions, religious or philosophical convictions, membership in unions as well as data about health or data about sexual life or sexual orientation.
4.5.1 Personalized marketing automatization
We use Marketo as a communications service, but also to optimize our services. This includes sending personalized email newsletters as well as personalized advertising of web content on our website, customized for likely preferences of the potential customers. As a result of using a tracking pixel, we can measure the interaction with newsletters we have sent. We use JavaScript-Snippet on our website to record whether certain pages are visited or certain actions are executed. This processing takes place on the basis of your consent (Art. 6 para. 1 lit. a) GDPR). Your consent is voluntary and can be revoked at any time with effect for the future. We also use Marketo for answering inquiries and registration and cancelling registration for webinars. Depending on the content of your inquiry, this takes place on the basis of developing a contract or performing a contract (Art. 6 para. 1 lit. b) GDPR) or on the basis of our overriding legitimate interests. Our legitimate interest results from the processing of your matter.
4.5.2 Lead management
Leads are information about potential new customers as well as inquiries from existing customers with a possible intent to purchase. Lead management is directed towards the effective administration of leads by segmenting and assessing them. Lead scoring is the basis for segmentation. Lead scoring makes it possible to assess the leads, in order to be able to classify the willingness to purchase. The standard is a measurement of the interest of a person in Starlab. The weighting and definition of the criteria for the storing are based on empirical assumptions which correlate to the probability of interest in making a purchase. The weighting takes place by assigning points in which a certain value is attributed to each criterion. The sum of the points then results in the total number of points for the lead which serves as a basis for classifying the lead. To the extent a threshold is reached, the lead is classified as a "Qualified Lead". A check can subsequently be carried out with regard to whether these persons can legally be approached with advertising.
The score can consist of the following information from offline sources:
- Registration for an event, participation in an event, participation in a roadshow, a user group, a table top event, visiting a trade fair stand, indicating interest after visiting the trade fair, participation in a webinar, viewing a recorded webinar. This information is imported into Marketo from various events.
- The reactions to emails also are included in developing the value as follows: opening an email, selecting a link in the email. A link is chosen which leads to social media content. This information is collected using a tracking pixel.
- The activity on our website is also recorded and included in the score: Downloading a white paper, user instructions for products as well as a catalog, downloading information brochures, certificates, visiting relevant sub-pages.
- We sometimes use cookies to collect the above-mentioned information. The use of cookies and the subsequent data processing only take place with your consent g (§ 25 para. 1 German Telecommunications-Telemedia Data Protection Act [Telekommunikation-Telemedien-Datenschutz-Gesetz, "TTDSG"], Art. 6 para. 1 lit. a) GDPR). If you have granted additional consent, we use your personal data also to develop a profile (Art. 6 para. 1 lit. a) GDPR). Your consent is voluntary and can be revoked at any time with effect for the future.
- Information is also collected which reduces the score. This information correlates with a person's lack of interest and, therefore, is also taken into account. An email cannot be delivered because the email address no longer exists, or an email cannot be delivered temporarily for technical reasons, or there has been absolutely no activity within the last sixty days, and cancelling registration for events or cancelling a newsletter.
- Adding the individual values requires that data are combined from various sources. If a data subject has already had contact with us, e.g. in the context of a purchase that has already been carried out, this information is also linked to the score.
5. Consequences of Potentially not Providing Data
We operate pages and profiles on various social media platforms. This presence serves to have better, active communication with our customers and interested parties. The following described processing of personal data occurs in this context.
If you interact with our social media presence or our articles, we will collect and process the information you have provided, if applicable, together with your user name and any profile photos, for example, if you mark a contribution with "like" or if you share or "retweet" or comment or provide other content. Please also note that this content is published in accordance with your account settings on our relevant social media presence and can be accessed by everyone worldwide. We can conduct additional data processing, in order to receive and be able to respond to inquiries or messages through or social media presence. Finally, your publicly disclosed profile data can be processed to the extent we have a legitimate interest in doing so.
Furthermore, the respective operators collect and process personal data from you under their own responsibility under their data protection law if you visit one of our social media presences and/or interact with the presence or our contributions. This applies especially if you are registered and logged in at the corresponding social media platform. Even if you are not registered at the respective platform, the operators collect certain personal data when the site is accessed, for example, clear designations which are linked to your browser or your device. Please note that these data might possibly be combined through various platforms and services if they are operated by the same operator. For example, both Facebook as well as Instagram are operated by Facebook Ireland Limited. You can find additional information in the data protection statements of the respective operators to which we refer below.
We operate specifically the following presences in social media:
5.1 Facebook
Starlab maintains various Facebook presences, including at https://www.facebook.com/Starlab/
Facebook is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland Ltd.”). You can find the data protection guideline of Facebook at: https://de-de.facebook.com/policy.php. You will also find their information about the possibilities for settings in your Facebook account.
Your personal data can also be provided to other Facebook companies. This can result in a transmission of personal data to the USA or other third party countries outside the European Economic Area. In order to preserve a reasonable level of data protection in the sense of the GDPR, Facebook Ireland, according to the own statements, uses standard contract clauses approved by the EU Commission which constitute an appropriate guarantee for transmission to third party countries pursuant to Art. 46 para. 2 lit. c GDPR.
We are also responsible together with Facebook Ireland for the processing of so-called page insights in the course of operating our Facebook page. Facebook Ireland uses these page insights to analyze the activity on our Facebook page and provides us this information in a form which does not relate to the specific person. We have concluded for this purpose an agreement with Facebook Ireland about joint responsibility under data protection law which you can see at the following link: https://de-de.facebook.com/legal/terms/page_controller_addendum. Facebook Ireland undertakes in this agreement, among other points, to assume the primary responsibility under the GDPR for the processing of page insights and to fulfill all duties under GDPR with regard to the processing of the page insights.
We use a chatbot for our Facebook page to answer your questions and your concerns. This chatbot is provided by knowhere GmbH, Hamburg, Germany. To the extent knowhere GmbH has access to personal data, knowhere GmbH acts as a contract data processer for us (see on this point also Section 7.1 of this Privacy Statement).
5.2 Instagram
Starlab has a presence on Instagram, including at https://www.instagram.com/starlabinternational/ .
Instagram is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). The Instagram data protection statement can be found at: https://help.instagram.com/519522125107875. You will also find their information about the possibilities for settings in your account.
Your personal data can also be provided to other Facebook companies. This can result in a transmission of personal data to the USA or other third party countries outside the European Economic Area. . In order to preserve a reasonable level of data protection in the sense of the GDPR, Facebook Ireland, according to the own statements, uses standard contract clauses approved by the EU Commission which constitute an appropriate guarantee for transmission to third party countries pursuant to Art. 46 para. 2 lit. c GDPR.
We also use the function Instagram Insights. Under this function, we receive from Facebook Ireland data about the use of our account which are not personal data. We can use this information to analyze and optimize the effectiveness of our Instagram activities.
5.3 Twitter
Starlab has various presences on Twitter, including at https://twitter.com/Starlab_group.
Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland ("Twitter International") for users outside the USA. The data protection statement of Twitter can be found at: https://twitter.com/de/privacy. You will also find information there about possibilities for settings in your Twitter Account.
Please note that Twitter International transmits personal data also to third party countries outside the European Economic Area. To the extent there is such transmission and no reasonable level of data protection has been identified by the EU Commission in the country where the data are received, Twitter International provides a reasonable level of data protection by using the standard contract clauses approved by the EU Commission which represent an appropriate guarantee under Art. 46 para. 2 lit. c GDPR for the transmission to third party countries. Twitter also transmit personal data to US companies which are certified under the EU-U.S. Privacy Shield. The European Commission made the decision in a resolution dated 12 July 2016 with regard to the USA that a reasonable level of data protection exists under the provisions in the EU-U.S. Privacy Shield (resolution on reasonableness, Art. 45 GDPR).
We also use the function Twitter Analytics. We receive with this function from Twitter International data about the use of our account which are not personal data. We can use this information to analyze and optimize the effectiveness of our Twitter activities.
5.4 Youtube
You can find our YouTube channel at https://www.youtube.com/user/Starlab.
YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Ireland"). You can find the data protection statement of Google Ireland here: https://policies.google.com/privacy?hl=de. You will also find their information about the possibilities for settings in your Google account. Please note that your Google account might be used for various Google services (e.g. Gmail, YouTube, Google Search) and that Google Ireland can combine personal data for the Google services you use in accordance with the settings in your Google account.
This can also result in processing by US American Company Google LLC and its subsidiaries. Google LLC is certified under the EU-U.S. Privacy Shield. One hundred percent subsidiaries of Google LLC are also covered by the certification. With regard to the USA, the EU Commission has made the decision with a resolution dated 12 July 2016 that a reasonable level of data protection exists under the provisions in the EU-U.S. Privacy Shield (resolution on reasonableness, Art. 45 GDPR). You can obtain further information about the certification of Google LLC here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Finally, Google Ireland receives information and analyses about the use of our account and interactions with our videos which do not include personal data. We can use this information to analyze and optimize the effectiveness of our YouTube activities.
5.5 LinkedIn
Starlab has various presences on LinkedIn, especially at https://de.linkedin.com/company/Starlab-ag .
LinkedIn is operated for users domiciled in the European Economic Area and Switzerland by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, ("LinkedIn Ireland") and for users domiciled in the USA by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The data protection statement of LinkedIn Ireland can be found here: https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. Your also find their information about the possibilities for settings in your LinkedIn profile.
LinkedIn Ireland transmits personal data also to third party countries outside the European Economic Area. You can find corresponding information at https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de. LinkedIn accordingly regularly secures a reasonable level of data protection by including standard contract clauses approved by the EU Commission which represent an appropriate guarantee for the transmission to third party countries pursuant to Art. 46 para. 2 lit. GDPR.
Finally, we receive from LinkedIn Ireland information and analyses about the use of our accounts and interaction with our contributions which do not include personal data. We can use this information to analyze and optimize the effectiveness of our LinkedIn activities.
5.6 Social Media Management Tool
In order to manage our presence on various social media, we use the service "Falcon" provided by Falcon.io ApS, H.C. Andersens Boulevard 27, 1., 1553 Copenhagen V, Denmark. We use this service, for example, to prepare, plan, publish, like and share contributions. We also use the service to observe relevant discussion in the social web concerning our company, brands and our services and products. Falcon.io ApS is active as our contract data processor and can accordingly only process your personal data in accordance with our instructions (see on this aspect, Section 7.1 of this Privacy Statement).
5.7 Social Data Intelligence Tool
We use the Social Data Intelligence Tool "Talkwalker" provided by Talkwalker S.à r.l., 16, Avenue Monterey L-2163 Luxembourg. We can use this tool to monitor the social media channels and online media to identify when our company and our brands are mentioned and learn what customers are thinking about the brands, our advertising campaigns, products and events. We can also recognize early and observe trends and potential risks by using Talkwalker. The goal is to optimize our marketing measures accordingly. Talkwalker collects and processes the actions executed by your in social media channels and through the data publicly disclosed in your corresponding profiles such as name, user name, user ID, geolocalization data, age, gender, consumption practices, hobbies and interests, professional and educational background as well as photographs and videos. Talkwalker S.à r.l. works as our contract data processor and can accordingly only process your personal data in accordance with our instructions (see on this aspect, Section 7.1 of this Privacy Statement).
6. Disclosure of Data
On our websites we offer you the opportunity to request promotional information about Starlab Group goods and services.
If you have given us your consent to receive promotional information, we or other companies in the Starlab Group will use the data you provide (in particular your email address and name) to send you email newsletters, postal mail or to provide promotional information about the Starlab Group's goods and services by telephone.
We verify your consent to receive the email newsletter by using the so-called double opt-in procedure. This means that we first ask you to actively confirm your consent by sending an email to the email address you provided. We use the information about the confirmation and the time of the confirmation to document and prove your consent.
To the extent that it is necessary to achieve the aforementioned purposes, the aforementioned data will be transmitted between the companies of the Starlab Group. The legal basis for the transmission and further processing by the companies of the Starlab Group is the consent you have given (Art. 6 Para. 1 lit. a GDPR).
In connection with sending our email newsletters, we also use Mailchimp, a service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (“Rocket Science Group”). The Rocket Science Group processes your personal data on our behalf, i.e. exclusively in accordance with our instructions (see Art. 4 No. 8, 28 GDPR). In order to enable the service provider to provide its services, your personal data will be passed on to them.
The Rocket Science Group and individual companies in the Starlab Group to which we may transfer your data are located in countries outside the European Union or the European Economic Area (so-called third countries). With Starlab companies in third countries for which there is currently no adequacy decision from the European Union, as well as with The Rocket Science Group in the USA, we have concluded the standard contractual clauses approved by the European Commission in accordance with Art. 46 Para. 2 lit. c GDPR and (where necessary) complementary measures have been taken in accordance with the criteria of the European Court of Justice.
You can request a corresponding copy of these standard contractual clauses via one of the contact channels specified in our data protection declaration. There you can also request information about the appropriate safeguards we have put in place to protect your personal data.
The legal basis for the processing of your data for the above-mentioned purposes, including transmission and further processing by the companies in the Starlab Group, is the consent you have given (Art. 6 Para. 1 lit. a GDPR).
You can revoke your consent in whole or in part at any time with future effect, either via the unsubscribe link contained at the end of each email newsletter or by sending us an email to privacy@Starlab.com.
The legal basis for the processing of your personal data for the purpose of the double opt-in or to prove your consent to receive the email newsletter is Art. 6 Para. 1 lit. c) GDPR in conjunction with Art. 7 Para. 1 Sentence 3 GDPR. We are legally obliged to provide evidence of your consent.
Your data will be processed until the purpose of processing no longer applies or you withdraw your consent. If you revoke your consent to receive the email newsletter, your email address will be blocked from receiving the newsletter. Your registration data will then be stored to prove that we have complied with the legal requirements and will then be deleted.
7. Contact forms
We provide various contact forms on our website, which you can use to send us inquiries (e.g. about our products and services, your orders or press and PR activities). In order to process your request, you are asked to provide
· first and last name,
· email address,
· company,
· job title,
· position in the company
· as well as information that is required for processing and answering depending on the subject of your request (e.g. product name and number as well as order / invoice numbers or details about your request via free text fields) to be specified as mandatory data.
The provision of further information, e.g. your phone number, is voluntary.
In the case of inquiries in connection with contracts, e.g. in connection with our products and services or support inquiries, the processing takes place to initiate or implement the respective contractual relationship, Art. 6 Para. 1 lit. b GDPR. For other inquiries, processing is based on our legitimate interests in receiving and processing your inquiry, Art. 6 Para. 1 lit. f GDPR. We process voluntary information that you transmit to us in connection with our contact forms on the basis of our legitimate interests in processing your concerns effectively and appropriately, Art. 6 Para. 1 lit. f GDPR. If your request concerns another company of the Starlab Group, e.g. questions about certain products and services, we transmit them to the responsible company for further processing. In this case, the further processing of your data is carried out by the relevant Starlab company as the person responsible for data protection. The legal basis for the transmission of your data is Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in enabling the responsible company to process your request properly. We use the services of Typeform SL, Calle de Pallars 108 (Aticco), 08018 Barcelona, Spain ("Typeform") and Zapier Inc., 548 Market St. #62411, San Francisco, CA 94104-5401, USA ("Zapier"). Typeform and Zapier process your personal data on our behalf, i.e. exclusively according to our instructions (cf. Art. 4 No. 8, 28 GDPR). When using the service provider Zapier, your data may be transferred to the USA. Therefore, we have concluded the standard data protection clauses approved by the EU Commission with Zapier in accordance with Art. 46 Para. 2 lit. c GDPR and have taken additional measures in accordance with the criteria of the European Court of Justice (Schrems II judgment). The European Commission's standard data protection clauses are available here. You can request a corresponding copy of these Standard Contractual Clauses via one of our contact channels.
We store inquiries about contracts or of potential legal relevance during the general limitation period, i.e. three years from the end of the year in which we received your inquiries, unless statutory provisions require longer storage. We store all other inquiries for a period of one year. The storage takes place on the basis of our legitimate interest, the proper documentation of our business operations and the safeguarding of our legal positions, Art. 6 Para. 1 lit. f DSGVO.
8. Surveys
Our website gives you the opportunity to take part in surveys on a voluntary basis, e.g. about our campaigns, products and services or the user-friendliness of our website. If you participate in one of our customer surveys, we process
· first and last name,
· email address,
· company,
· feedback,
· as well as any other information that you provide to us via free text fields.
When using free text fields, please refrain from transmitting personal data about yourself or other people. Your personal data is processed on the basis of our legitimate interest in maintaining and promoting your satisfaction as a customer or user of our website and in considering your feedback and suggestions for our business activities, Art. 6 Para. 1 lit. f GDPR.You are neither contractually nor legally obliged to provide your data. Nor is the provision required for the conclusion of a contract. Without providing the data, however, participation in our surveys is not possible. We use Typeform and Zapier (see above) for processing surveys. We store your survey results for a period of one year.
9. Consequences of potentially not providing data
In addition to the data used to perform the contract (for example, your name, the delivery address, the ordered product, payment data etc.), we collect some data, in order to be able to provide for you the corresponding functions on our website or respond to your inquiries, for example, if you use our contact form for questions.
If you provide these data yourself, you are not required to provide this above-mentioned voluntary information. However, we are not able to provide the corresponding functions of our website to you or process your inquiries without these data.
10. DISCLOURE OF DATA
10.1 Forwarding data to contract data processors
We need third party companies and external service providers bound by contract in order to render the services (the "Contract Processors"). In such situations, personal data are forwarded to these Contract Processors for further processing. These Contract Processors are carefully selected by us and regularly checked in order to make sure that your privacy is preserved. The Contract Processors can only use the data for the purposes we determine and are furthermore required by us under the contract to handle your data exclusively in accordance with this Data Privacy Statement as well as applicable data protection laws.
10.2 Other transmission of data
Aside from this, we forward your personal data without your consent only in the situations permitted by law. Such a transfer of data can especially be permissible in the following situations:
The processing is necessary to fulfill a legal obligation or is in the legitimate interests of Starlab, for example, due to corresponding demands for transfer by public authorities.
The processing is necessary to perform a task in the public interest or in the exercise of official authority vested in Starlab.
10.3 Data transfer to Third Countries
We potentially transmit your personal data in the context of a business relationship to the respectively responsible local company in the Starlab Group. You can find a complete list of our branches here.
We assure a reasonable level of data protection in corresponding data transmissions by concluding so-called standard agreements published by the European Commission. You can access those agreements here.
Through the use of the analysis tools, data are transferred to countries outside the European Economic Area ("Third Countries"), e.g. to the USA. In order to assure the protection of your rights of privacy also in this regard, Starlab will never transmit your data to Third Countries if a level of data privacy equivalent to the GDPR is not assured there.
The European Commission decided by a resolution dated 12 July 2016 with regard to the USA that a reasonable level of data protection exists under the provisions in the EU-U.S. Privacy Shield (the so-called "adequacy decision" pursuant to Art. 45 GDPR). We use the following service providers certified under the EU-U.S. Privacy Shield:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA HubSpot Inc, 25 First Street, 2nd Floor Cambridge, MA 02141, USA
In addition, when structuring contractual relationships with service providers in Third Countries, we use the standard agreements of the EU Commission in accordance with Art. 46 para. 2 lit. c DSGVO. These are available here.
11. Erasure of your data
We store your personal data no longer than is necessary to achieve the respective purposes of the data processing (see point 3). Especially the following time periods apply in this regard:
- If you have concluded a contract with us or use our services, we generally process your data as long as necessary to perform the respective contract or provide the respective service and, if applicable, plus the period of time for any warranty or guarantee periods.
- If you have purchased a product from us, this period is normally two years after receiving the product.
- If you send us a message or we send you a message which is classified as a commercial or business letter, we delete the message six years after the end of the year in which the letter was received.
- It is possible when using some applications on our website that we retain back-up copies of certain information for a very limited period of time. When the related interest has expired (for example, by correction of the error or defending against cyber-attacks), we delete these data.
12. Your rights as the data subject
12.1 Right to information
You have the right to obtain information from us at any time on request about your personal data we have processed as set forth in Art. 15 GDPR.
This right is limited by the exceptions in § 34 German Data Protection Act (Bundesdatenschutzgesetz, "BDSG"), according to which the right to obtain information especially does not exist if the data are stored solely on the basis of retention requirements in the law or to secure data and monitor data privacy or if granting the information would require a disproportionate effort and improper use of the data processing is prevented by appropriate technical and organizational measures.
12.2 Right to correction
You have the right to demand from us the correction without undue delay of your personal data if these data are incorrect.
12.3 Right to erasure
You have the right to demand from us the erasure of your personal data under the prerequisites set forth in Art. 17 GDPR. These prerequisites are especially satisfied if the respective purpose of the processing has been achieved or otherwise no longer applies as well as if we have illegally processed your data or if you have cancelled a consent and the data processing cannot be continued on another legal basis or if you have successfully objected to the data processing (see point 7.6), and in cases where there is a duty to erase on the basis of the law of the European Union or the law of a EU Member State to which we are subject.
This right is subject to the limitations in § 35 BDSG, according to which the right to erasure can especially not exist if there is a disproportionately high effort for erasure in the case of non-automated data processing and your interest in the erasure is considered to be low.
12.4 Right to restrict processing
You can demand from us pursuant to Art. 18 GDPR that we only process your personal data within certain restrictions. This right exists especially if the accuracy of the personal data is in dispute, if you demand restricted processing instead of erasure when the prerequisites for a legitimate demand for erasure exist (point 7.3); also in the event that the data are no longer needed for our purposes, but you require the data for the assertion, exercise or defense of legal claims as well as if the result of an objection is still in dispute.
12.5 Right to data portability
You have the right under Art. 20 GDPR to receive from us the relevant personal data you have provided to us in a structured, common, machine-readable format as well as the transfer of these data to another controller.
12.6 Right to object
You have the right to object at any time to the processing of your personal data carried out either in the public interest or to preserve our legitimate interests for reasons resulting from your specific situation. We will stop processing your personal data unless we can prove that there are material grounds for the processing which are deserving of protection and outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend against legal claims. If you object to the processing of your data for advertising purposes, we will, in any event, stop this processing.
12.7 Exercise of these rights
Please, contact us if you would like to exercise these rights, for example, by email to:
DPO@starlab.co.uk
12.8 Right to object
If you have issued a consent to the processing of your personal data, you can revoke this consent at any time, for example, at
DPO@starlab.co.uk
. We will stop the processing of your personal data covered by the consent starting at that point in time unless we carry out the respective data processing on another legal basis (e.g. in order to continue to be able to fulfill contracts with you).
12.9 Right to raise complaints
If you are of the view that the processing of your personal data violates the GDPR, you also have the right to raise complaints with a supervisory authority, especially in the Member State where you have your domicile, your place of employment or at the location of a suspected violation.
Information on the Use of Your Personal Data GDPR
Controller
For all data that is obtained in connection with the conclusion, performance and termination of your contract, the controller within the meaning of Article 4, no. 7, of the EU General Data Protection Regulation (GDPR), i.e. the person or entity responsible, is:
STARLAB (UK) LTD
5 Tanners Drive,
Milton Keynes
MK14 5BU (“STARLAB”).
Processing of your personal data
The personal data processed by Starlab includes your particulars (name, gender, position, employer and comparable data), work address and contact data (telephone number, email address and comparable data) as well as information about your customer history (ordered products, points discussed in sales conversations and comparable data) and information about your product and contract interests which is deduced from that data.
Insofar as that data is necessary for the conclusion, performance and termination of the contracts, Starlab processes it on the basis of Article 6, paragraph 1, point b, of the GDPR.
The data necessary for the performance of the contract, especially the particulars as well as the work address and contact data, are necessary for the conclusion of the contract. If the customer does not provide that data, the contract cannot be concluded. There will be no other consequences of any failure
to provide the above personal data.
Starlab also processes the personal data of customers in order to get to know its customers better and be able to offer them products and services that are suitable for them. The legal basis of this data processing is Article 6, paragraph 1, point f, of the GDPR or, if a consent has been given, Article 6, paragraph 1, point a, of the GDPR. If you have given a consent, you may revoke it at any time; however, the revocation will not affect the legality of the data processing that took place on the basis of the consent until the time of the revocation.
If the processing of your personal data is based on Article 6, paragraph 1, point f, of the GDPR, our legitimate interest lies in our economic interest in the advancement of our business operations and specifically in the optimisation of our sales activities.
If you do not want us to use your personal data for the above-mentioned purposes (advertising), you may object to it at any time (Article 21 paragraph 3 of the GDPR). Please send your objection by email to DPO@starlab.co.uk or by mail to Starlab (UK) LTD, 5 Tanners Drive, Milton Keynes MK14 5BU. Of course, your objection will not affect your contracts with Starlab.
Automatic decision-making pursuant to Article 22 paragraphs 1 and 4 of the GDPR does not take place at Starlab.
DELETION OF DATA
Personal data will be deleted by Starlab if they are no longer needed for the purpose of their processing and any legal retention periods have expired.
As a rule, data of accounting transactions is deleted ten years after the transaction was carried out, and all other personal data is deleted six years after the termination of all contracts of the customer with Starlab.
DISCLOSURE OF YOUR PERSONAL DATA
For the performance of contracts, Starlab cooperates closely with internal and external sales partners. To enable your Starlab-internal sales partner to advise you adequately and support you in all matters related to your existing contracts with Starlab, the adviser in charge of you is given access to the data described above. A disclosure of personal data to external sales partners only takes place on particular occasions and only for the data that is necessary for the performance of the contracts. This concerns, for example, disclosures to logistics service providers or to service partners. The legal basis of such disclosures of your personal data is Article 6, paragraph 1, point b, of the GDPR.
In addition, we may also transfer your data to the appropriate national company of the Starlab Group (see also the section “Data Transfer Abroad”) if you use offers that are provided jointly by several companies of the Starlab Group. The legal basis of such disclosures of your personal data is Article 6, paragraph 1, point b, of the GDPR.
Besides, we disclose your personal data to the appropriate national company if it is in charge of the country in which you operate. In those cases, the legal basis of the data transmission is Article 6, paragraph 1, point f, of the GDPR. Our legitimate interest in such data transmissions lies in our business's interest in the effectiveness of its sales organisation.
In addition, we may give service providers that are bound by instruction access to your data. These socalled processors within the meaning of Article 28 of the GDPR must not process the data for their own purposes but only in the manner defined by Starlab. They are chosen carefully and are obliged, by law and by contract, to ensure a high level of data protection. For example, an IT administrator sent by an IT service provider might maintain Starlab databases and, in the course of this work, theoretically have the possibility to access personal data of our customers. As further examples, we may assign third parties with hosting our website, operating the different functions available on the website, sending emails, analysing data, making available search results or links and supporting us with executing your orders.
For purposes other than those mentioned in this letter, we will only disclose your personal data to third parties if we are obliged to do so by law (eg. to provide information to supervisory authorities in certain cases) or if you have given us your express consent to doing so. In addition, we may disclose your data if we are entitled to do so by law. In those cases, however, we will inform you separately (in case the disclosure is not described in this document already).
INFORMATION, DELETION AND PORTING OF YOUR PERSONAL DATA
If you wish to be given detailed information about the personal data that Starlab has stored about you, please contact Starlab (UK) LTD, 5 Tanners Drive, Milton Keynes MK14 5BU or DPO@starlab.co.uk. On request, we can provide you with a copy of the data that Starlab has stored about you.
Besides, you may receive the data which you have provided to us in a structured standard machinereadable format from us or require us to transfer that data to a third party named by you.
If you find that data stored about your person is incorrect or incomplete, you can require the immediate correction or completion of that data at any time.
Provided that the prerequisites described in Article 17 and 18 of the GDPR are fulfilled, you may require the deletion of your data or the restriction of its processing.
If you should not agree to the data processing performed by us or the information provided by us, you may file a complaint with the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Tel 01625 545 745, or email england@ico.org.uk. Details on the ICO can be found at: www.ico.org.uk. Contact details for ICO regional offices in Scotland, Wales and Northern Ireland can be found at www.ico.org.uk/global/contact-us/postal-addresses
If you have any questions about the processing of your personal data by Starlab, please contact our Data Protection Officer at the email address DPO@starlab.co.uk or the postal address Starlab (UK) LTD, 5 Tanners Drive, Milton Keynes MK14 5BU.
Starlab UK’s Data Protection Officer can be contacted by email at DPO@starlab.co.uk