Data privacy statement

The uniform requirements of the EU General Data Protection Regulation (GDPR) came into force across Europe in relation to data protection on 25 May 2018.

The following data privacy statement sets out the processing of personal data carried out by Stern und Kreisschiffahrt GmbH (“Stern und Kreis” and/or “we”) in accordance with the GDPR and the German Federal Data Protection Act (BDSG 2018) when you visit our website www.sternundkreis.de/en/.

Protecting your data is very important to us, especially protecting your personal data.

This is all data that can be used to identify you personally.

Data processing on our website is carried out by Stern und Kreis. 

In principle, our website can be visited and used without giving any personal data.

Where personal data is collected, this is always done on a voluntary basis.

Your data will only be shared with third parties if you have given your explicit consent to this.

1. Data controller for data processing on this website

Stern und Kreisschiffahrt GmbH

Puschkinallee 15

12435 Berlin

E-mail: info@sternundkreis.de

Data protection officer:

Detlef Hegemann Verwaltungs- und Beteiligungs GmbH

Mr. Andreas Reuter

Arberger Hafendamm 16

28309 Bremen

Email address: andreas.reuter@hegemann.de

Telephone: +49 421 41 07 0

Fax: +49 421 41 07 198

2. Collection and storage of personal data, as well as the nature and purpose of its processing

When you visit our website www.sternundkreis.de/en/, the browser you use on your end device automatically sends information to our website’s server. This information is temporarily stored in what is known as a log file and comprises:

We use the aforementioned data in order to ensure that the connection is established smoothly and our website runs properly, to assess system security and stability, and for further administrative purposes.

The legal basis for the data processing is Art. 6(1)(f) GDPR. Our legitimate interest arises from the aforementioned purposes of data collection. Under no circumstances will we use the collected data in order to draw conclusions about you as an individual.

3. Use and disclosure of personal data

Your personal data will only be shared with third parties for the purposes listed below.

We will only share your personal data with third parties if:

If you instruct us to provide a service or send goods, your personal data is used without your specific consent solely to the extent that is necessary in order to provide the service or fulfil the contract. This includes specifically sharing your data with our catering and hospitality service provider Optimahl Catering GmbH as well as credit card companies or other service providers used to provide the service or fulfil the contract.

Once the contract has been fulfilled completely, your data is blocked for further use and erased once the retention periods relating to tax and commercial law have expired, unless you have given your explicit consent to a further use.

Unless there are necessary reasons relating to the processing of transactions, website users can withdraw their consent to the use of personal data they have provided at any time with effect for the future.

Stored personal data is erased if website users and/or customers withdraw their consent for storage, if the data is no longer necessary to fulfil the purpose achieved by storing the data, or if the data storage is prohibited for other legal reasons. Data used for settlement and accounting purposes is not affected by a request for erasure.

4. Contact form

If you wish to contact us, we provide a contact form on our website. If you use this form, you are required to provide your email address so that we can respond to you. Additional information may be entered voluntarily.

The data you provide in the contact form is processed on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time. Sending an informal message by email to the data controller for our website is sufficient for this purpose. The lawfulness of the data processing activities carried out before this withdrawal is not affected by the withdrawal.

The data you provide in the contact form is kept until you ask us to erase it, withdraw your consent for its storage, or the purpose for the data storage no longer applies (for example, once we have finished dealing with your message). Mandatory legal provisions will continue to apply, especially retention periods.

Our website uses Secure Sockets Layer (SSL) encryption to protect the transmission of the data that you provide in the contact form.

(See Point 12. Data security.)

5. Use of cookies

We use cookies on various pages in order to make our website attractive to visitors, to allow them to use specific functionality, and to capture statistics for the use of our website.

Cookies are small text files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not damage your end device and they do not contain viruses, Trojans or other malware. Each cookie stores information that is provided in conjunction with the specific end device that is used. However, this does not mean that we are immediately made aware of your identity.

Most of the cookies we use are deleted again at the end of the browser session (referred to as session cookies). Other cookies remain on your computer so that we can recognise your computer on your next visit (referred to as persistent cookies). These cookies in particular are used to make our services more effective, secure and user-friendly.

Of course, you can configure your browser so that it does not store our cookies on your hard drive. The Help feature on the menu bar of most web browsers will tell you how to stop your browser from accepting new cookies, how to configure your browser to alert you when a new cookie is placed, or how to clear all existing cookies and block all additional ones.

6. Website evaluation/web analysis

AWStats

We use several tools to evaluate our website, including the open-source AWStats tool. AWStats uses cookies; text files that are placed on your computer to analyse the behaviour of website users and/or customers when they visit the website. You can find further information about AWStats at:  http://awstats.sourceforge.net/.

To this end, the information generated by the cookies about the use of the website as well as the IP address of website users and/or customers are stored, specifically on the server of IT-Direkt Business Technologies GmbH, Gustav-Meyer-Allee 25, 13355 Berlin, Germany, the company commissioned by the website operator for this purpose. The aforementioned data is used solely for statistical purposes. Accordingly, behaviour profiles are not compiled for individual users of our website. IT-Direkt Business Technologies GmbH uses this information to evaluate website use, compile reports on website activities for the website operator, and provide additional services linked to website use and internet use.

Under no circumstances will the aforementioned IT company link your IP address to other data stored on its servers. Website users can configure their browser software to stop cookies from being placed. Users should be aware, however, that this may prevent them from being able to use the full functionality of this website. By visiting our website, customers and/or users agree to the processing of the data collected about them by the operator of this website, as well as by the aforementioned IT company commissioned to carry out the evaluation, this using the method set out above and for the previously stated purpose.

DoubleClick

Our website utilises the services of DoubleClick, a web analysis service provided by Google Ireland Limited (Gordon House, Barrow St, Dublin 4, Ireland), to present you with ads that are relevant to you. For this purpose, anonymised data is collected from you in order to optimise our website in accordance with Art. 6(1)(f) GDPR.

If you do not wish DoubleClick to continue to collect anonymised data from you, please click on Deactivate. You can then deactivate personalised ads in the Google settings, so that existing stored information is deleted and further collection of information is prevented.

THE ADEX

We use the DMP tag from The ADEX GmbH on behalf of QWERTZ Media GmbH in order to collect, analyse and evaluate usage and behaviour data on our website. This is provided by The ADEX GmbH (Rotherstrasse 22, 10245 Berlin, Germany). This provider processes data solely as a data processor in accordance with the instructions of QWERTZ Media GmbH and not for its own purposes. Further information is available in the provider’s data protection provisions.

This is also where you can object to the collection and/or evaluation of your data, by downloading and storing the opt-out cookie that is available there. Please bear in mind that data collection will only be prevented for that particular client. If you use several different end devices, you will need to repeat this opt-out process on each one.

Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses cookies; text files that are placed on your computer to analyse how you use this website. As a general rule, information provided by cookies about how you use this website is transmitted to a Google server in the USA and stored there. Google Analytics cookies are placed in accordance with Art. 6(1)(f) GDPR. A legitimate interest in the analysis of user behaviour is based on the need to optimise both the website pages and potential advertising.

Naturally, the IP anonymisation feature is enabled. This means that Google shortens your IP address within member states of the European Union or in other signatories to the Agreement on the European Economic Area before transmission to the USA. The full IP address will only be transmitted to a Google server in the USA and then shortened there in exceptional cases. Google will use this information to evaluate how you use this website, compile reports on behaviour on this website, and provide additional services linked to the use of this website and internet use to the website operator.

Specifically, this website uses the Google Analytics Demographics and Interests feature. This can be used to compile reports that contain statements on age, gender and interest categories relating to website visitors. This data is taken from interest-related advertising by Google as well as visitor data from third-party providers. This data cannot be assigned to specific individuals. You can deactivate this feature at any time via the ad settings in your Google account. You can also prevent Google Analytics from collecting your data in general as set out below. The data that you send and that is linked to cookies, user IDs or advertising IDs is automatically erased after 14 months. Data that has reached the end of its retention period is automatically erased once a month. You can find more detailed information in the Google Analytics Terms of Service or Google’s Privacy Policy and Terms of Service.

You can configure the settings in your browser software to prevent cookies from being placed. Please be aware, however, that this may prevent you from being able to use the full functionality of this website. You can also prevent the collection of data generated by cookies and relating to your use of this website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser add-on for Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Edge. These opt-out cookies prevent the future collection of your data when you visit websites. If you wish to prevent this collection on several different devices, you must repeat this opt-out on all the systems you use.

As the website operator, we have concluded a contract with Google for it to process data on our behalf and we fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

7. Google Maps and Google Fonts

In order to improve our online services and provision, our website incorporates the use of Google Maps, a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This represents a legitimate interest in accordance with Art. 6(1)(f) GDPR. In connection with this, the browser you use has to establish a connection to Google’s servers. As a result, Google is aware of your IP address and that you have visited our website. You can find further information about how Google handles privacy in:

Additional Terms of Service for Google Maps/Google Earth

Google’s Privacy Policy

Google is a registered trademark of Google Inc.; 1600 Amphitheatre Parkway, Mountain View, California, 94043, USA.

8. Order handling

If you enter into a contract with us by ordering a ticket in our online shop, we process personal data in order to fulfil, deliver or terminate the contract with you.

This data may include:

The legal basis for this is Art. 6(1)(a) and Art. 6(1)(b) GDPR; in other words, you provide us with the data on the basis of the relevant contractual relationship (transacting a purchase contract) between yourself and ourselves. In order to process your email address if you make a purchase via our website, we are also required, based on legal regulations in the German Civil Code (BGB), to issue an electronic order confirmation (Art. 6(1)(c) GDPR).

If we do not use your contact details for promotional purposes, we will store the data collected to fulfil the contract until the expiry of the legal and/or potential contractual warranty and guarantee rights. Once this period expires, we will retain the information from the contractual relationship as required under commercial and tax law for the legally specified periods. During this period (routinely 10 years from when the contract is fulfilled), this data will only be processed again in the event of an audit by the financial authorities, for economic and tax audit purposes, and in order to clarify possible offences.

We will process your payment information for the purpose of payment processing; in other words, if you purchase a product and/or service from www.sternundkreis.de/en/. Depending on the payment method, we may share your payment details with third parties (e.g. with your credit card provider if you pay by credit card).

The legal basis for this data processing is Art. 6(1)(a), Art. 6(1)(b) and Art. 6(1)(f) GDPR.

The payment service providers we use are listed below.

a) Direct debit with Verifone Payments

If the customer selects the payment type “Direct debit with Verifone Payments”, the retailer transfers the following details (payment and purchase details) for the purpose of risk management to the service provider Verifone Payments GmbH, Karl-Hammerschmidt-Str. 1, 85609 Aschheim, Germany:

• International bank account number and bank identifier code (IBAN/BIC) 

• Transaction amount

• Customer’s name and address 

Verifone Payments will save and use the payment and purchase details to process payment, to prevent misuse, to mitigate the risk of payment defaults (risk management), and for other procedures in accordance with Section 25 KWG (German Banking Act) that prevent money laundering and the financing of terrorism or other criminal activities that might endanger the assets of Verifone Payments. To that end, maximum amounts for payments within specific time periods are defined (limit system). Different maximum amounts may be defined for different accounts. In addition, payment details are compared with a blocklist maintained by Verifone Payments. This blocklist contains details of when card-supported ELV electronic direct debits (payment with EC card and signature at a retailer) were revoked or not authorised. Based on the checks described above, Verifone Payments recommends to companies (who are connected) whether a direct debit can be accepted. For this purpose, Verifone Payments can

• use information relating to chargebacks for direct debit payments from all companies connected to its system;

• spend a short period – of a few days – evaluating payment information, including across retailers, to prevent card misuse;

• in addition to that, only evaluate payment information that it has received from the same company.

Data that is transmitted to Verifone Payments is used exclusively for the aforementioned purposes. It is not used or shared for sales or marketing purposes. Verifone Payments is the data controller for information shared by retailers as defined in the German Federal Data Protection Act. You can find more detailed information at: https://www.verifone.com/en/global/legal/gdpr-privacy-policy-uk-and-european-economic-area

b) SOFORT instant transfer/SOFORT instant payment with Klarna

If the customer selects the payment type SOFORT instant transfer, Sofort GmbH has direct contact with the end customer via the payment screen, thus giving Sofort GmbH a direct relationship with the end customer. Consequently, Sofort GmbH is responsible for the resulting collection and processing of personal data, as its services do not involve processing data on behalf of Stern und Kreisschiffahrt GmbH.

Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (telephone: +46 8-120 120 00 – fax: +46 8-120 120 99 – email address: info@klarna.de)

Online retailers who use Klarna payment methods can also contact Klarna GmbH in Germany: Klarna GmbH, Theresienhöhe 12, 80339 Munich, Germany, reception: +49 221 669 501 00

More detailed information is available from: https://www.sofort.com/payment/wizard/getCmsContent/data_protection

c) Credit cards via ipayment by IONOS

If the customer selects the payment type Visa, Mastercard or Amex, the payment will be handled via ipayment by IONOS.

IONOS SE is part of United Internet AG.

IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany

More detailed information is available from: https://www.ionos.de/terms-gtc/datenschutzerklaerung/

Visa and Mastercard

Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, telephone: +49 69 7922-0, fax: +49 69 7922-4500, email address: service@concardis.com

Concardis privacy statement (Visa and MasterCard): https://www.concardis.com/datenschutzerklaerung

AMEX

American Express Services Europe Limited, Frankfurt am Main branch, subsidiary of a limited company under the law of the United Kingdom with its registered office in London, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany.

Amex privacy statement: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html

9. External links

This website contains links to the social networks Facebook, Instagram and Twitter. These links establish a direct connection between the servers for Facebook, Instagram and Twitter respectively with the browser of the website user and/or customer.

If you do not wish the aforementioned social networks to assign the data collected via our website to your corresponding account, you must log out of these social networks before visiting our website.

The Facebook, Instagram and Twitter websites are the responsibility of the relevant companies.

This website also contains links to other websites and content. We have no influence whatsoever over the current and future design of the linked websites or over their content. Placing external links does not mean that we take ownership of the content accessed via the link. Without specific indications of legal violations, we cannot reasonably be expected to carry out regular checks of the external links. If we become aware of legal violations, however, we will delete any such external links immediately.

10. Rights of data subjects

In accordance with Art. 15 GDPR, you have the right to request access to your personal data that is processed by us. Specifically, you can request information about the purposes of the processing; the category of personal data concerned; the categories of recipients to whom your personal data has been or will be disclosed; the envisaged period for which the personal data will be stored; the existence of the right to rectification, erasure, restriction of processing and objection to such processing; the existence of the right to lodge a complaint; information about the source of your personal data, where it was not collected by us; and the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about those details.

In accordance with Art. 16 GDPR, you have the right to request without undue delay the rectification or completion of your personal data that is stored with us.

In accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data that is stored with us, provided that processing is no longer necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defence of legal claims.

In accordance with Art. 18 GDPR, you have the right to request the restriction of processing of your personal data where you contest the accuracy of the personal data; the processing is unlawful, but you oppose its erasure; we no longer require the personal data, but it is required by you for the establishment, exercise or defence of legal claims; or you have objected to the processing in accordance with Art. 21 GDPR.

In accordance with Art. 20 GDPR, you have the right to request that you receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, or that it is transmitted to another controller.

In accordance with Art. 7(3) GDPR, you have the right to withdraw your consent at any time. This means that we will cease the data processing that was based on this consent for the future.

In accordance with Art. 77 GDPR, you have the right in the event of infringements of the applicable data protection law to lodge a complaint with the competent supervisory authority. This competent supervisory authority is the Commissioner for Data Protection for the state of Berlin.

In the event of violations of applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR. This is the State Data Protection Officer of the Federal State of Berlin.

You can find the relevant contact details at:  https://www.bfdi.bund.de/SharedDocs/Adressen/EN/LfD/Berlin.html?nn=408004 

11. Right to object

Where your personal data is processed on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data, provided that there are grounds for this arising from your particular situation or that your objection relates to direct marketing. In the latter case, you have a general right to object, which we will implement without you needing to state a particular situation.

Should you wish to exercise your right to withdraw consent or to object, you simply need to send an email to datenschutz@sternundkreis.de.

The lawfulness of the data processing carried out before this withdrawal is not affected by the withdrawal.

12. Data security

For visits to our website, we use the common SSL protocol in conjunction with the maximum encryption level supported by your browser. This is normally 256-bit encryption. You can see whether individual pages on our website are encrypted by checking for the closed key or padlock symbol in your browser’s status bar.

In addition, we implement appropriate organisational and technical security measures to protect your data against accidental or intentional manipulation, partial or complete loss or destruction, and unauthorised access by third parties. We update and improve our security measures continuously in line with developments in technology.

13. Newsletter

Description and scope of data processing 

There are two ways to receive our newsletter. One is for you to visit our website and subscribe to a free newsletter. When you register in this way, the data from the entry screen is sent to us.

The following data is collected during the registration process:

Company name, where applicable | Title | First name | Surname | Email address | Date and time of registration

During the registration process, we obtain your consent to the processing of this data and we refer you to this privacy statement.

If, on the other hand, you buy tickets for our trips in our online shop and enter your email address during the process, we can then use your email address to send you a newsletter. In this case, the newsletter is exclusively used for direct marketing of our own services.

Legal basis for data processing

The legal basis for processing data once you register to receive our newsletter is as follows: Art. 6(1)(a) GDPR if you have given your consent; Section 7(3) UWG (German Federal Act Against Unfair Competition) if you have purchased goods or services.

Purpose of data processing

Your email address is collected so that we can send you our newsletter. Other personal data collected during the registration process is used to prevent misuse of services or the email address used, as well as to personalise how we address you in order to improve how you experience the content of our newsletter.

Disclosure of personal data to third parties

We use the services of the German email service provider CleverReach GmbH & Co. KG (Schafjückenweg 2, 26180 Rastede) to send out our newsletter. In order to do this, we transmit the aforementioned personal data by SSL encryption to CleverReach, which has been certified in accordance with CSA standards. You can find more detailed information on this at https://certified-senders.org.

In order to comply with the strict requirements of the German data protection authorities when using the services of CleverReach, we have also concluded a contract with CleverReach for it to process data on our behalf.

You can find more detailed information on the data protection measures implemented by CleverReach GmbH & Co. KG by reading its data protection provisions.

Duration of storage

If the newsletter subscription is terminated, your data will be erased within 1 week of the termination, provided that the erasure is not blocked by legal retention obligations.

Opportunity for objection and removal

You can opt out from receiving our newsletter at any time. To this end, each newsletter has a link to allow you to unsubscribe. You can also opt out from receiving our newsletter by sending an email to info@sternundkreis.de.

14. Validity and amendment of these data protection provisions

This privacy statement is currently valid and was last amended in May 2018.

The further development of our website and the content available there, as well as changes to legal and regulatory requirements may make it necessary to amend this privacy statement. You can always access and print out the currently valid privacy statement here.