Privacy Policy Política de protección de datos Protection de données Gizlilik Politikası

Privacy Policy, Version 4.0

The protection of your data is one of the most important principles of STRATO GmbH. With this privacy policy, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, we would like to inform you about your rights.

1. Contact information

Controller:
STRATO GmbH
Otto-Ostrowski-Straße 7
10249 Berlin
You can reach us via the contact form: https://www.strato.com/faq/en_us/help/mail.php?thema=68

Data Protection Officer:
Data Protection Officer
STRATO GmbH
Otto-Ostrowski-Straße 7
10249 Berlin
If you want to assert your legal rights or have general questions, please contact privacy@strato.com or the corporate data protection officer of STRATO GmbH.

---

2. What data do we collect and process

a) Contract data
We collect, process and store the data you provide when you order from us. In addition, we store and process data about the order and payment history.

b) Data that you store on our servers
We collect, process and store the information you store yourself when you use our services. This includes the production of backup copies in our backup systems.

c) Log data
When you visit our website or use our services, the device that you use to access the page automatically transmits log data (connection data) to our servers. Log data includes the IP address of the device that you use to access the website or service, the type of browser you are using, the website you have visited beforehand, your system configuration, and the date and time. We store IP addresses only to the extent necessary to provide our services. Otherwise, the IP addresses are deleted or made anonymous. We store your IP address when visiting our website for a maximum of 7 days to detect and ward off attacks.

d) Cookies
We use cookies in various areas on our website.
Cookies are small identifiers that a server stores on the device that you use to access our website or our services. They contain information that can be retrieved when accessing our services, allowing for more efficient and better use of our services.
We use permanent and session cookies. Session cookies are deleted when you close your web browser. Permanent cookies remain on your device until they are no longer needed to achieve their purpose and are deleted.

The cookies serve to improve our services and the use of certain features. In addition, cookies are also used, among other things, to collect statistical information about our website, for example about the number of visitors.

You can prevent the creation of cookies at any time by means of an appropriate setting of your Internet browser used and thus permanently object the creation of cookies. Furthermore, cookies that have already been created can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the creation of cookies in the Internet browser you are using, not all functions of our website may be fully usable.

Pixel are small graphics on web pages that enable log file recording and log file analysis, which are often used for statistical evaluations.
We use the following tracking and analysis tools:

• Google Analytics: The operating company of the Google Analytics component is Google Inc.
  The purpose is to analyse the flow of visitors on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website in order to compile online reports for us. Google Analytics creates a cookie in your browser. By using this cookie, Google is enabled to analyse the use of our website. Each time you access a web page that has a Google Analytics component integrated into it, the web browser is automatically prompted to submit data to Google. No personal data will be transmitted to Google here. The IP address we collect will be forwarded to Google only after the data is made anonymous.
  It is possible to object to the collection and processing of this data by Google. To do so, you will need to download and install a browser add-on at https://tools.google.com/dlpage/gaoptout?hl=en
  Additional information and Google's privacy policy can be found at https://policies.google.com/privacy?hl=en&gl=de and http://www.google.com/analytics/terms/gb.html Google Analytics is explained in more detail at https://www.google.com/intl/en_uk/analytics/#?modal_active=none
• Matomo: While using the STRATO website, a unique web analysis cookie is created in your browser in order to collect and analyze various statistical data.
  [checkbox] If this box is checked, your current visit will be recorded by the Matomo web analysis. Deselect it so that your visit is no longer recorded.
• Econda: The operating company of econda is econda GmbH. Econda creates a cookie in your internet browser. Each time you visit one of the individual pages of this website, your Internet browser sends data to econda for marketing and optimization purposes. The user profiles obtained in this way serve to analyse the behaviour of visitors to our website and are evaluated with the aim of improving and optimising the website. This data is not combined with personal data or with other data containing the same pseudonym.
  It is possible to object to the collection and processing of data (opposition econda).
  econda's current privacy policy can be found at https://www.econda.de/en/data-protection
• Facebook: In order to enable user group controlled marketing in social networks, a tracking pixel of the social media service Facebook Inc. is integrated on this website. When you visit our website, the pixel is loaded from your web browser. Thereby information is sent to Facebook. This concerns, among other things, the information whether Facebook cookies are set in your browser. This information is used to assign the browser session to a person. This assignment is pseudonymised based on a Facebook ID only, so that no personal reference is possible for us.
  It is possible to object behavior-based advertising at http://optout.aboutads.info/?c=2#!/
  If you check this box, an opt-out cookie will be set in your browser.
  You can make additional settings for advertising on Facebook in your user profile.
• Google Adwords: The operating company of the services of Google AdWords is Google Inc.
  If you reach our website via a Google advert, a conversion cookie will be stored on your browser by Google. A conversion cookie expires after thirty days and is not used for identification. If the conversion cookie has not yet expired, it is used to track whether certain sub-pages have been visited on our website. The conversion cookie allows both us and Google to understand if our visitors came to our website through an AdWords ad and generated revenue. The data and information collected through the use of the conversion cookie will be used to determine the success or failure of the respective AdWords ad and to help us optimize our AdWords ads for the future. Neither we nor any other Google AdWords advertiser receives any information from Google that could be used to identify our site visitors. No personal data will be transmitted to Google. The IP address we collect will be forwarded to Google only after the data is made anonymous.
  You may opt out of Google interest-based advertising. To do this, use the link https://support.google.com/ads/answer/2662922?hl=en and choose the settings you want. Additional information and Google's applicable privacy policy can be found at https://policies.google.com/privacy?hl=en&gl=de
• Google Remarketing: Google Remarketing is a feature of Google AdWords. The integration of Google Remarketing allows a company to create user-based advertising and display interest-based ads to the Internet user. The operating company of the services of Google Remarketing is Google Inc.
  Google Remarketing creates a cookie in your Internet browser. By creating the cookie, Google will be able to recognise the visitor of our website if he subsequently accesses websites that are also members of the Google advertising network. With every visit to a website on which the Google Remarketing service has been integrated, the Internet browser automatically identifies itself to Google. No personal data will be transmitted to Google here. The IP address we collect will be forwarded to Google only after the data is made anonymous. You may opt out of Google interest-based advertising. To do this, use the link https://support.google.com/ads/answer/2662922?hl=en and choose the settings you want.
  Additional information and Google's applicable privacy policy can be found at https://policies.google.com/privacy?hl=en&gl=de

---

3. Legal basis of the processing

We process and use your data to execute the contract and provide our services, to improve our services and our websites and to adapt them to your needs and to provide updates and upgrades.

Article 6 I lit. a of the General Data Protection Regulation (GDPR) provides us with a legal basis for processing operations, in which we obtain consent for a particular processing purpose. If the processing of personal data is required to fulfil a contract, the processing is based on Article 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of enquiries regarding our products or services. If we are subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6 I lit. c GDPR. Finally, processing operations could be based on Article 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of our legitimate interests or those of a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned (data subject) prevail. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. A legitimate interest is usually to be assumed if the data subject is a customer of the controller.

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is conducting our business.

We process applicant data in accordance with Article 88 GDPR in conjunction with § 26 of the Federal Data Protection Act (BDSG, new version).

---

4. Categories of recipients

Registrars and registries: For domain registrations, we must forward certain personal data to registrars and registries. This data is stored in the registries' databases and publicly available to a varying extent via Whois enquiries from the registries. Further information about this can be found here https://www.strato.com/faq/en_us/article/2098/What-is-WHOIS-and-which-data-is-stored-there.html

Escrow services: All registrars accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) must, in accordance with ICANN's generic domain rules, hold the domain data they manage in a secure environment in trust. This is intended to ensure the reliable management of the namespace. To that end, we use the escrow services of DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main.
Processors: We pass on various personal data to our processors as the controller within the scope of the processing. We have ensured the security of your data by concluding data processing agreements. Our processors can be divided into the following categories:

• Provision of services: These include newsletter delivery, printing and shipping of invoices, customer surveys, payment service providers, data carrier destruction
• Operation of services, maintenance and upkeep of hardware and software

We only release data to authorities and third parties in accordance with statutory provisions or a legal title. Information may be provided to authorities on the basis of a legal regulation on security or for prosecution purposes. Third parties will only receive information if required by law. This may be the case, for example, in the case of a copyright infringement.

---

5. Data transmission to third countries

Registries: To register top level domains. In this case, the data is transmitted on the basis of Article 49 (1) lit. b GDPR.

---

6. Duration of storage

We only process and store personal data for the period required to achieve the purpose of storage or where required by law. As a rule, the processing purpose is achieved upon termination of your contract.

You can change and delete data that you save in our services yourself. After the termination of contract, we will delete the data stored in the services.

Backup copies in our backup systems are automatically deleted with a time delay.

For contract data, processing will be restricted after the contract has been terminated; it will be deleted after expiry of the statutory retention period.

---

7. Your rights

a) Right to information and confirmation
You have the right to receive free information from us at any time, as well as confirmation of your personal data stored and a copy of this information.

b) Right to rectification
You have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of processing.

c) Rights to erasure
You have the right to have your personal data erased without delay if any of the following is true and if processing is not required:

• The personal data has been collected for such purposes or processed in a way for which it is no longer necessary.
• You revoke your consent, on which the processing was based, and any other legal basis for processing is lacking.
• You object to the processing in accordance with Article 21 (1) GDPR and there are no legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
• The personal data has been processed unlawfully.
• The erasure of personal data is required to fulfil a legal obligation under European Union law or a national law to which we are subject.
• The personal data was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

d) Right to restriction of processing
You have the right to request the restriction of processing if one of the following conditions is met:

• The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
• The processing is unlawful, you refuse the deletion of the personal data and instead require the restriction of the use of personal data.
• We no longer need your personal information for processing purposes, but you need it to assert, exercise or defend your rights.
• You have objected to the processing in accordance with Article 21 (1) GDPR and it is not yet clear whether our legitimate interests prevail over yours.

e) Rights to object
You have the right to object at any time to the processing of personal data concerning you, which takes place on the basis of Article 6 (1) lit. e or f GDPR.

In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

You have the right to object at any time to the processing of your personal data for the purpose of direct advertising.

f) Right to data portability
You have the right to receive personal data relating to you that has been provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us if the processing is based on the consent pursuant to Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR or is based on a contract pursuant to Article 6 (1) lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising your right to data transferability under Article 20 (1) GDPR, you have the right to arrange that your personal data is transmitted directly from one controller to another, where this is technically feasible and as long as this does not affect the rights and freedoms of others.

g) Right to withdraw consent under data protection law

You have the right to withdraw the consent to the processing of personal data at any time.

h) Right of appeal to the supervisory authority
You have the right to contact a supervisory authority in the Member State of your place of residence or place of work or the location of the alleged violation at any time if you believe that the processing of personal data concerning you is contrary to the EU General Data Protection Regulation.

---

8. Statutory or contractual requirement, for the provision of personal data, necessity for the conclusion of the contract, obligation to provide the personal data, possible consequences of failure to provide data

The provision of personal data may in part be required by law (e.g. tax regulations) or result from contractual provisions (e.g. information about the contracting party). Sometimes it may be necessary that you provide us with personal data, which must subsequently be processed by us, in order to conclude a contract. For example, you are required to provide us with personal information when we conclude a contract with you. Failure to provide the personal data would mean that the contract could not be concluded.

---

9. Existence of automatic decision-making / profiling

We do not use automatic decision-making or profiling.