Privacy
PRIVACY POLICY
1) INTRODUCTION AND CONTACT DETAILS OF THE DATA CONTROLLER
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data refers to any information that can personally identify you.
1.2 The data controller for data processing on this website, as defined by the General Data Protection Regulation (GDPR), is Hassan Nadir Butt, TOPSTAR, Südfeld 1, 33739 Bielefeld, Germany, Tel .: 01713414202, Email: info@topstar-online.de. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
2) DATA COLLECTION WHEN YOU VISIT OUR WEBSITE
2.1 When you visit our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:
- The website you visited
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address used (if applicable, in anonymized form)
The processing is carried out in accordance with Art. 6(1)(f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for other purposes. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.
3) COOKIES
In order to make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of the cookies we use are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device and allow us to remember your settings and preferences (so-called "persistent cookies"). You can find the storage duration of the cookies in the cookie settings of your web browser.
If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6(1)(b) of the GDPR either for the performance of a contract, in accordance with Art. 6(1)(a) of the GDPR based on your consent, or in accordance with Art. 6(1)(f) of the GDPR based on our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and effective visit experience.
You can configure your browser to inform you about the use of cookies and decide on a case-by-case basis whether to accept or reject them, or you can generally exclude the acceptance of cookies for specific cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
4) CONTACT
When contacting us (e.g., via contact form or email), personal data is processed for the purpose of handling and responding to your inquiry, and only to the extent necessary.
The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) of the GDPR. If your contact is aimed at concluding a contract, an additional legal basis for the processing is Art. 6(1)(b) of the GDPR. Your data will be deleted once it can be inferred from the circumstances that the relevant matter has been conclusively clarified and provided there are no legal retention obligations.
5) COMMENT FUNCTION
As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commentator name you have chosen will be stored and published on this website. Furthermore, for security reasons, your IP address will be stored to enable attribution in case of any unlawful comments. Your email address will be stored for contact purposes in case a third party objects to your published content as unlawful.
The legal basis for storing your data is Art. 6(1)(b) and (f) of the GDPR. We reserve the right to delete comments if they are objected to as unlawful by third parties.
6) CUSTOMER ACCOUNT DATA PROCESSING
In accordance with Art. 6(1)(b) of the GDPR, personal data will continue to be collected and processed if you provide it to us when opening a customer account. The data required for account creation can be found in the input mask of the corresponding form on our website.
You can delete your customer account at any time by sending a message to the data controller's address mentioned above. Once your customer account has been deleted, your data will be deleted, provided that all contracts concluded via your account have been fully processed, there are no legal retention obligations, and we have no legitimate interest in further storage.
7) USE OF CUSTOMER DATA FOR DIRECT ADVERTISING
7.1 Subscription to our email newsletter
When you subscribe to our email newsletter, we regularly send you information about our offers. The mandatory information for sending the newsletter is solely your email address. Providing additional data is voluntary and will be used to address you personally. For newsletter delivery, we use the double opt-in procedure, which ensures that you only receive the newsletter after you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) of the GDPR. In this case, we store your IP address entered by the internet service provider (ISP), as well as the date and time of registration, to be able to trace any potential misuse of your email address at a later time. The data collected from you during the newsletter registration will be strictly used for the intended purpose.
You can unsubscribe from the newsletter at any time by using the link provided in the newsletter or by sending a corresponding message to the data controller mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use it beyond that, as permitted by law and as stated in this statement.
7.2 Email notifications for product availability
For temporarily unavailable items, you can sign up to receive email notifications about their availability. In this case, we will send you a one-time email notification about the availability of the selected item. The mandatory information for sending this notification is solely your email address. Providing additional data is voluntary and may be used to address you personally. For email notifications, we use the double opt-in procedure, which ensures that you only receive a notification after you have expressly confirmed your consent by clicking on a verification link sent to the email address provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) of the GDPR. In this case, we store your IP address entered by the internet service provider (ISP), as well as the date and time of registration, to be able to trace any potential misuse of your email address at a later time. The data collected from you during the registration for our email notification service regarding product availability will be strictly used for the intended purpose.
You can unsubscribe from the availability notifications at any time by sending a corresponding message to the data controller mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our distribution list specifically set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use it beyond that, as permitted by law and as stated in this statement.
8) DATA PROCESSING FOR ORDER PROCESSING
8.1 Transmission of image files for order processing via upload function
On our website, we offer customers the option to personalize products by submitting image files via an upload function. The submitted image serves as a template for the personalization of the selected product.
Through the upload form on the website, the customer can directly transmit one or more image files from the storage of the device used to us via automated, encrypted data transmission. We then capture, store, and use the transmitted files exclusively for the production of the personalized product according to the respective service description on our website. If the transmitted image files are passed on to specific service providers for the production and processing of the order, you will be explicitly informed about this in the following paragraphs. No further disclosure will be made. If the transmitted files or digital motifs contain personal data (especially images of identifiable individuals), all processing operations mentioned above are carried out exclusively for the purpose of processing your online order in accordance with Art. 6(1)(b) of the GDPR.
After the order has been processed, the transmitted image files are automatically and completely deleted.
8.2 Transmission of image files for order processing via email
On our website, we offer customers the option to personalize products by submitting image files via email. The submitted image serves as a template for the personalization of the selected product.
Using the email address provided on the website, the customer can transmit one or more image files from the storage of the device used to us. We then capture, store, and use the transmitted files exclusively for the production of the personalized product according to the respective service description on our website. If the transmitted image files are passed on to specific service providers for the production and processing of the order, you will be explicitly informed about this in the following paragraphs. No further disclosure will be made. If the transmitted files or digital motifs contain personal data (especially images of identifiable individuals), all processing operations mentioned above are carried out exclusively for the purpose of processing your online order in accordance with Art. 6(1)(b) of the GDPR.
After the order has been processed, the transmitted image files are automatically and completely deleted.
8.3 Where necessary for the fulfillment of the contract, the personal data collected by us will be disclosed to the commissioned shipping company and the commissioned bank/payment service provider in accordance with Art. 6(1)(b) of the GDPR.
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data you provided during the order (name, address, email address) to inform you personally about upcoming updates within the legally specified period, in accordance with our legal obligations under Art. 6(1)(c) of the General Data Protection Regulation (GDPR), using an appropriate communication channel (such as postal mail or email). Your contact data will be strictly used for notifications regarding updates owed by us and will only be processed to the extent necessary for the respective information.
For the processing of your order, we also cooperate with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the information provided below.
8.4 Transfer of personal data to shipping service providers
- DHL
As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.
In accordance with Art. 6(1)(a) of the GDPR, we share your email address and/or telephone number with the provider before delivering the goods, for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent for this during the ordering process. Otherwise, for the purpose of delivery, we only share the recipient's name and delivery address with the provider, in accordance with Art. 6(1)(b) of the GDPR. The disclosure is only made to the extent necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider or provide delivery notifications in advance.
The consent can be revoked at any time with effect for the future, either to the responsible party mentioned above or to the provider.
8.5 Use of payment service providers
- Paypal Checkout
This website uses PayPal Checkout, an online payment system provided by PayPal, which consists of PayPal's own payment methods and local payment methods provided by third-party providers.
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, "Pay later" via PayPal, we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer is made in accordance with Art. 6(1)(b) of the GDPR and only to the extent necessary for the payment processing.
For the payment methods credit card via PayPal, direct debit via PayPal, or, if offered, "Pay later" via PayPal, PayPal reserves the right to perform a credit check. For this purpose, your payment data may be disclosed to credit agencies by PayPal, in accordance with Art. 6(1)(f) of the GDPR, based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check regarding the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit check may involve probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is taken into account in the calculation of score values. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
When selecting the PayPal payment method "Invoice purchase," your payment data will be transmitted to PayPal initially for the purpose of preparing the payment, after which PayPal forwards it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") for payment processing. The legal basis is Art. 6(1)(b) of the GDPR. In this case, Ratepay independently performs an identity and credit check to determine your ability to pay, as described above, and discloses your payment data to credit agencies based on the legitimate interest in determining the ability to pay, in accordance with Art. 6(1)(f) of the GDPR. A list of the credit agencies that Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/
When using a local third-party payment method, your payment data will be initially transmitted to PayPal for the purpose of preparing the payment, in accordance with Art. 6(1)(b) of the GDPR. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the corresponding provider for the purpose of payment processing, in accordance with Art. 6(1)(b) of the GDPR:
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland) Further data protection information can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
9) TOOLS AND OTHERS
Cookie-Consent-Tool
This website uses a "cookie consent tool" to obtain effective user consent for consent-required cookies and cookie-based applications. The "cookie consent tool" is displayed to users in the form of an interactive user interface when accessing pages, allowing them to give consent to specific cookies and/or cookie-based applications by checking boxes. By using the tool, all consent-required cookies/services are only loaded if the respective user has given their consent by checking the boxes. This ensures that such cookies are only set on the respective user's device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.
However, if personal data (such as IP addresses) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6(1)(f) of the GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies, and thus in a legally compliant design of our website.
Furthermore, Art. 6(1)(c) of the GDPR also serves as a legal basis for the processing. As the data controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user's consent.
Soweit erforderlich, haben wir mit dem Anbieter einen Auftragsverarbeitungsvertrag geschlossen, der den Schutz der Daten unserer Seitenbesucher sicherstellt und eine unberechtigte Weitergabe an Dritte untersagt.
Further information about the operator and the options for configuring the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
10) RIGHTS OF THE DATA SUBJECT
10.1 According to applicable data protection law, you have the following rights as a data subject (rights of access and intervention), with reference to the legal basis provided for each:
- Right of access pursuant to Art. 15 of the GDPR;
- Right to rectification pursuant to Art. 16 of the GDPR;
- Right to erasure ("right to be forgotten") pursuant to Art. 17 of the GDPR;
- Right to restriction of processing pursuant to Art. 18 of the GDPR;
- Right to notification pursuant to Art. 19 of the GDPR;
- Right to data portability pursuant to Art. 20 of the GDPR;
- Right to withdraw consent pursuant to Art. 7(3) of the GDPR;
- Right to lodge a complaint with a supervisory authority pursuant to Art. 77 of the GDPR.
10.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS PURSUANT TO ARTICLE 6(1)(F) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. WE WILL THEN CEASE PROCESSING THE PERSONAL DATA UNLESS WE DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.
WERDEN IHRE PERSONENBEZOGENEN DATEN VON UNS VERARBEITET, UM DIREKTWERBUNG ZU BETREIBEN, HABEN SIE DAS RECHT, JEDERZEIT WIDERSPRUCH GEGEN DIE VERARBEITUNG SIE BETREFFENDER PERSONENBEZOGENER DATEN ZUM ZWECKE DERARTIGER WERBUNG EINZULEGEN. SIE KÖNNEN DEN WIDERSPRUCH WIE OBEN BESCHRIEBEN AUSÜBEN.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE PERSONAL DATA FOR THE RELEVANT PURPOSES.
11) DURATION OF PERSONAL DATA STORAGE
The duration of the storage of personal data depends on the respective legal basis, the purpose of processing, and, if applicable, additional statutory retention periods (e.g., commercial and tax retention periods).
If personal data is processed based on explicit consent pursuant to Art. 6(1)(a) of the GDPR, the relevant data will be stored until you revoke your consent.
If there are legal retention periods for data processed within the scope of contractual or quasi-contractual obligations based on Art. 6(1)(b) of the GDPR, such data will be routinely deleted after the expiration of the retention periods, provided they are no longer required for contract fulfillment or contract initiation, and/or unless we have a legitimate interest in their further storage.
If personal data is processed based on Art. 6(1)(f) of the GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21(1) of the GDPR unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
If personal data is processed for direct marketing purposes based on Art. 6(1)(f) of the GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21(2) of the GDPR.
Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data will generally be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.