Logo STRATO
  • Menu

Privacy Policy, Version 2.9

Date: October 1, 2024

The protection of your data is one of the most important principles of STRATO AG. With this privacy policy, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, we would like to inform you about your rights.

  • 1. Contact information

    Controller:

    STRATO AG
    Otto-Ostrowski-Strasse 7
    10249 Berlin, Germany

    You can reach us via the contact form: link.

    Data Protection Officer:

    Data Protection Officer
    STRATO AG
    Otto-Ostrowski-Strasse 7
    10249 Berlin, Germany

    If you want to assert your legal rights or have general questions, please contact or the corporate data protection officer of STRATO AG.

  • 2. What data do we collect and process

    a) Contract data
    We collect, process and store the data you provide when you order from us. In addition, we store and process data about the order and payment history.

    b) Data that you store on our servers
    We collect, process and store the information you store yourself when you use our services. This includes the production of backup copies in our backup systems.

    c) Log data
    When you visit our website or use our services, the device that you use to access the page automatically transmits log data (connection data) to our servers. Log data includes the IP address of the device that you use to access the website or service, the type of browser you are using, the website you have visited beforehand, your system configuration, and the date and time. We store IP addresses only to the extent necessary to provide our services. Otherwise, the IP addresses are deleted or made anonymous. We store your IP address when visiting our website for a maximum of 7 days to detect and ward off attacks.

    d) Customer correspondence
    We process the data that is collected when you contact us by email, fax or post, for example.

    e) Cookies, pixels, and other procedures
    We use cookies, pixels, and similar technologies at several points on our web offerings.
    Cookies are small bits of identification data that a server saves on a device that you use to access our website or our services. They contain information that can be read when accessing our services, thereby allowing for a more efficient and better utilization of our offerings.
    We use both permanent and session cookies. Session cookies are deleted when your web browser is closed. Permanent cookies remain on your device until they are no longer necessary to achieve their purpose and are deleted.

    • For example, we use first-party cookies to record information about your user behavior on our website.
    • Third-party cookies do not come from STRATO but from a third-party provider. We use these cookies, for example, for marketing activities.

    A tag is an umbrella term for snippets of code which are integrated into websites and used for various functions, such as simple counters (“tracking pixels”) or complex data transmissions (e.g “conversion tracking tags”).

    A script (also JavaScript) is able to execute more complex instructions, just like a programming language

    Analogt till ett programmeringsspråk kan ett skript (även JavaScript) utföra mer komplexa instruktioner.

    We use the term “cookies” as a commonly used umbrella term. It also includes tags, pixels, and scripts as alternative technical implementations.

    The procedures we utilize can be subdivided into various categories. Except for cookies which are technically necessary, you can decide which cookies you wish to permit.

    You can change your settings later at the bottom of the page under "Cookie settings“.

    Some of the cookies process data in third countries. You can find out what these are in the respective cookie categories. When processing your data on the basis of these cookies, it is possible that the European level of data protection cannot be guaranteed. If you consent to processing using these cookies, you also consent to transferring and processing your data in these third countries in accordance with Article 49 (1) lit. a GDPR.

    Necessary cookies

    The navigation of our website is made possible by technically necessary cookies. Basic functions such as displaying and selecting products, adding items to the shopping cart, or logging in are not possible without them.

    NameProviderFunctionValidityThird country transfer
    hk_sessionSTRATO AGFAQ portal session1 hourno
    ksb_sessionSTRATO AGCustomer login sessionSessionno
    phpmyadmin_hostSTRATO AGRequired for PhpMyadmin loginSessionno
    cookiecookieSTRATO AGSaves cookie settings2 yearsno
    dsgvo_cookieSTRATO AGAgreement on whether to track anonymised10000 daysno
    auth_server_sessionSTRATO AGRequired for authentication in the server login1 hourno
    DPXSTRATO AGDetect and prevent DDo's attacks on servers that play content in the customer login.1 hourno
    Lang localeSTRATO AGManual language selection in Server Login10 yearsno
    visid_incap_$somenumberSTRATO AGDDoS-Protection1 yearno
    incap_ses_259_$somenumberSTRATO AGDDoS-ProtectionSessionno
    video_accept (localStorage)STRATO AGSaves that user accepts cookies from Youtube Videosunlimitedno
    CLICKSTRATO AGTracking gate for triggering external tracking on the final order page depending on the channel. No personal data is processed.3 monthsno
    swtsguidSTRATO AGSaves recommendation information for the allocation of different sales channels.180 daysno

    Cookies hos HiDrive:

    NameProviderFunctionValidityThird country transfer
    sfm.langSTRATO AGLanguage set for HiDrive10 yearsno
    privacy_consentSTRATO AGSaves the cookie settings2 yearsno

    Cookies in the rankingCoach products:

    NameProviderFunctionValidityThird country transfer
    logged_inrankingCoach GmbHDetection if a user is logged in.Sessionno
    authautologinrankingCoach GmbHSingle sign-on1 year, 2 monthsno
    session_redisrankingCoach GmbHSession detection4 hoursno
    language_redirectionrankingCoach GmbHDetection of the user's language2 monthsno
    initial_subscription_idrankingCoach GmbHDetermining the original account IDSessionno
    referrerrankingCoach GmbHInternal referrer2 monthsno
    hide_trustpilotrankingCoach GmbHRemoving an external provider2 yearsno
    documentHighlightsrankingCoach GmbHUsed to highlight keywords in the content of the customer areaunlimitedno
    wistiaWistia, Inc.Streaming service for playing videos / video instructionsunlimitedYes / USA
    intercom-session-ea1oqsuiIntercom, Inc.Intercom is used for the in-app support/support chat of rankingCoach.1 weekYes / USA
    intercom-id-ea1oqsuiIntercom, Inc.Intercom is used for the in-app support/support chat of rankingCoach.1 yearYes / USA
    personalization_id
    guest_id
    _twitter_sess
    ct0
    external_referer
    gt
    auth_token
    remember_checked_on
    dnt
    twid
    kdt
    ads_prefs
    twitter.com.The STRATO products "STRATO marketingRadar", "STRATO rankingCoach", "STRATO listingCoach" and "STRATO adCoach" can include social media monitoring as an essential part of the application. Messages/posts on Twitter which refer to the user‘s company or to his selected competitors are displayed within the application as a message stream. Furthermore, functions are available to connect your own Twitter account with the application. In order to make this technically possible and thus to enable the basic function of the application, these cookies must be saved by Twitter.2 years
    2 years session
    160 min
    7 days
    30 min
    Session
    5 years

    5 years
    Session
    1 year
    5 years
    Yes / USA
    fr
    locale
    xs
    spin
    sb
    c_user
    datr
    wd
    dpr
    facebook.comThe STRATO products "STRATO marketingRadar", "STRATO rankingCoach", "STRATO listingCoach" and "STRATO adCoach" can include social media monitoring as an essential part of the application. Messages/posts on Facebook that refer to the user‘s company or to its selected competitors are displayed within the application as a news stream. Furthermore, functions are offered to connect your own Facebook account with the application. In order to make this technically possible and thus to enable the basic function of the application, these cookies must be saved by Facebook.90 days
    7 days
    1 year
    1 day
    2 years
    1 year
    2 years
    7 days
    7 days
    Yes / USA

    Statistics and analysis

    We use cookies to get a better understanding of your user behavior and to help you find your way around our website. We also use this data to modify the website so it better suits your needs.

    NameProviderFunctionValidityThird country transfer
    _pk_id.*,
    _pk_ses.*
    STRATO AG / MatomoPseudonymized analysis of statistical data of website visitors. Integrated as first-party cookie. No data transmitted to third parties.13 months
    30 minutes
    no
    LorVisitorTagger
    emos_jcsid
    emos_jcvid
    emos-session
    emos-visitor
    em
    STRATO AG / Econda GmbHAnalysis of data for marketing and optimization purposes. Pseudonymized usage profiles are created. This data is not combined with personal data or data which contains the same pseudonym. Econda is utilized as a first-party cookie.2 months
    Session
    3 years
    Session
    2 years
    no
    dsgvo_trackingSTRATO AGAgreement on whether to track /anonymised1 yearno
    Not a cookie itself, accesses Econda dataXAD spoteffects GmbHSpoteffects uses the data collected by Econda to analyse the impact of our TV advertising. You can object to the data processing by opposing the data processing of Econda.no
    abtestmarker,
    abcdtestmarker
    STRATO AGCookie for A/B tests. Anonymized and no data transmitted to third parties.1 monthno
    kameleoonVisitorCode,
    kameleoonTestCookie
    KameleeonA/B test: via JavaScript code, variants of elements of our website are created and presented to our website users. This allows for an analysis of user behavior. The resulting user data is stored along with an internal ID, whereby the IP address is anonymized. No other personal data is collected.1 year 14 days Depends on duration of A/B testno
    Variant,
    Variant.configname
    Ionos Adserver: contains the selected variant for the delivery of content and ensures that the user sees the same content on his next visit (e.g. A/B tests)189 daysno
    Google Tag ManagerGoogle LLC.The Google Tag Manager is a service which allows additional Google analysis and marketing services to be integrated into our Internet offerings. The Google Tag Manager itself does not collect any personal data. Instead, it triggers other tags which in turn collect data under certain circumstances.186 daysYes / USA
    jts-rwJentisServer-side tracking first party identifier (User ID)2 yearsno
    jctr_sidJentisServer-side tracking session identifier (Session ID)30 minutesno
    jts_logJentisActivates the server-side debug-log function for developers (only set in Preview Mode for JTM users and developers)1 yearno
    stratoCookieSTRATO AGamong other things old cookie-hint, as well as for the comment function necessary1 Yearno
    o4ocl4042099280STRATO AGMailing (Clicks including timestamp, clientID, MailingID, Mailing2UserID, LinkID are transmitted to Episerver Campaigns in encrypted form and pseudonymized)31 daysno

    Cookies at HiDrive:

    NameProviderFunctionValidityThird country transfer
    emos_jcsid
    emos_jcvid
    emos-session
    emos-visitor
    STRATO AG / Econda GmbHAnalysis of data for marketing and optimization purposes. Pseudonymous user profiles are created. This data is not merged with personal data or data containing the same pseudonym. Econda is used as a first-party cookie.Session
    3 years
    Session
    2 years
    no

    Cookies in the rankingCoach products:

    NameProviderFunctionValidityThird country transfer
    _ga









    _gid
    Google LLCGoogle Analytic Statistics is used to analyse visitor flows on our website in order to compile on-line reports for us. Google Analytics sets a cookie in your browser for this purpose. Every time a website on which a Google Analytics component has been integrated is accessed, the Internet browser is automatically prompted to transmit data to Google. Google only works with anonymous IP addresses.

    You can find more information and Google's privacy policy https://policies.google.com/privacy

    You can change your privacy settings at Google here: https://safety.google/privacy/privacy-controls/
    20 months









    1 hour
    Yes / USA
    fs_uidFullStory, Inc.With FullStory, user sessions are recorded to identify user problems with the software and to track bugs more easily.11 monthsYes / USA
    mp_(hexdigits)_mixpanel
    mp_mixpanel_c
    Mixpanel International, Inc.With Mixpanel, user behaviour is analysed in the rankingCoach and compiled in on-line reports.1 year
    1 month
    Yes / USA

    Marketing and personal website settings

    We retain information about how you use our website to create better offers within the scope of direct marketing activities and campaigns. We are responsible for this storage and management of data processing. In addition, personal website settings also fall under this category.

    NameProviderFunctionValidityThird country transfer
    package_viewSTRATO AGDisplaying of the package overview as a list/tiles in the customer login (anonymized)2 yearsno
    collapseFooterSTRATO AGStatus for the expanding/retracting of the footer in the customer login (anonymized)Sessionno
    rating_linkSTRATO AGDisplaying of the Google rating link in the customer login (anonymized)2 yearsno
    hasNewPackageSTRATO AGHighlighting of the new WordPress packages in the customer login (anonymized)Sessionno
    surveySTRATO AGCookie that is set when you voluntarily participate in a survey.Valid until the defined end of the surveyno

    Partnerships

    We also use cookies to show you individual product and service offerings which are not on our website. Information about your user behavior is, therefore, transmitted to partner companies in order to display content personalized by us or these partners in accordance with your interests. We or our partners can evaluate, track, and issue invoices for these campaigns. Other advertising companies can also read cookies within this category and display personalized content to you. Responsibility for the use of your data beyond our processing lies with these companies and is carried out without our involvement.

    NameProviderFunctionValidityThird country transfer
    _fbp
    fr
    AA003
    ATN
    Facebook Inc.In order to enable user group-driven marketing in social networks, a tracking mechanism in the form of a pixel is embedded in this website. Upon visiting our website, the pixel is loaded by your web browser. During this procedure, information is sent to Facebook. Based on this information, the browser session is linked to a person. This correlation takes place in a pseudonymized fashion solely according to a Facebook ID, such that we are unable to link it to a person. The data is used by Facebook in order to display targeted ads based on behavior profiling and geographical location. For this purpose, we use the Facebook pixel only in the standard model without additional data matching. You can configure ad-related settings on Facebook in your user profile.

    For more information and Facebook‘s privacy policy, visit: https://www.facebook.com/policy.php
    3 months
    3 months
    3 months
    2 years
    Yes / USA
    1P_JAR
    ANID
    NID
    Google LLC
     
     
    Google Analytics Advertising
    In addition to the standard functions, we also use the additional functions of Google Analytics on this website. For this purpose, in addition to the data which is collected by the analysis tool Google Analytics, additional data is collected via Google cookies for ad specifications and anonymous IDs on accesses. We use this information to improve our web offerings.

    For more information and Google‘s privacy policy, visit: https://policies.google.com/privacy

    You can modify your Google data protection settings here: https://safety.google/privacy/privacy-controls/
    1 month
    2 years
    5 months
    Yes / USA
    CONSENT








    _gcl_au
    Google LLC,

    Google Ads
    This cookie is used to save user preferences and other information. In particular, this includes the preferred language, the number of search results to be displayed on the page, as well as the decision regarding whether the Google SafeSearch filter is to be enabled or not.

    Conversion linker tags are used to support tags with the measurement of click data, so that conversions can be measured efficiently.

    For more information and Google’s privacy policy, visit: https://policies.google.com/privacy

    You can modify your Google data protection settings here: https://safety.google/privacy/privacy-controls/
    20 years








    90 days
    Yes / USA
    _gcl_auGoogle LLC

    Google Ads/ DoubleClick
    This cookie enables ads to be made more attractive for you. The ad is displayed based on what is relevant for a user. In this manner, reports on the performance of a campaign are improved, and we avoid ads which the user has already seen. One of the most important ad cookies on non-Google sites is called “IDE” and is saved in browsers under the domain doubleclick.net.

    For more information and Google’s privacy policy, visit: https://policies.google.com/privacy

    You can modify your Google data protection settings here: https://safety.google/privacy/privacy-controls/
    2 yearsYes / USA
    _ga
    _gat_UA-40858965-1
    _gid
    Google LLC
     
    Google Analytic Statistics
    With Google Analytic Statistics, user streams are analyzed on our website in order to compile online reports for us. For this purpose, Google Analytics places a cookie in your browser. Each time a website is accessed into which a Google Analytics component has been integrated, the Internet browser is automatically asked to transmit data to Google. In this context, Google only works with an anonymized IP address.

    For more information and Google’s privacy policy, visit: https://policies.google.com/privacy

    You can modify your Google data protection settings here: https://safety.google/privacy/privacy-controls/
    2 yearsYes / USA
    IDEGoogle LLC
     
    Google Analytic Statistics
    This cookie enables ads to be made more attractive for you. The ad is displayed based on what is relevant for a user. In this manner, reports on the performance of a campaign are improved, and we avoid ads which the user has already seen. One of the most important ad cookies on non-Google sites is called “IDE” and is saved in browsers under the domain doubleclick.net.

    For more information and Google’s privacy policy, visit: https://policies.google.com/privacy

    You can modify your Google data protection settings here: https://safety.google/privacy/privacy-controls/
    2 yearsYes / USA
    MUID,
    MUIDB
    bing.com/MicrosoftThese cookies are used for advertising, site analytics, and other operational purposes.365 daysYes / USA
    _vt2STRATO AG/Google LLCThe cookie contains the pseudonymized customer number and the login status for transferring the data within the respective STRATO domain. The cookie itself does not pass on any data to third parties; it ensures that the pseudonymized customer number is known throughout the domain and can be used for other tracking processes, e.g. Google Analytics.30 daysYes / USA
    enc_aff_session_*TUNE Inc.This is an offer-specific cookie. It is valid for the duration of the offer and contains the transaction ID and the user's IP address to track conversions. The * stands for the offer ID. There is a different version of the cookie for each clicked offer.30 daysYes / USA
    ho_mob*TUNE Inc.This is a base64-encoded JSON value of the user's device/connection information. It is used for audience targeting of offers.30 daysYes / USA
    tdl_stratoTUNE Inc.It passes the Transaction ID through to the ordering process until the thank-you page.400 daysYes / USA
    tunesdktestTUNE Inc.This is a test cookie that ensures that the Transaction ID can be stored in the cookie tdl_strato.1-2 minutesYes / USA

    f) Cookie setting via YouTube video embedding
    We include videos from youtube.com on our website, especially on our Help & Contact page and our blog. We have embedded the videos in the so-called "extended privacy mode". This means that cookies are set by YouTube on the device you are using only after the play function is used, which can also serve to analyse usage behaviour for market research and marketing purposes.
    If you have not agreed to cookies in the Partnership category, you must agree to the transfer of data to YouTube before playing a video. You can change your settings at any time at the bottom of the page under "cookie settings".
    You can find out more about cookie usage by YouTube in Google's cookie policy at https://policies.google.com/technologies/types?hl=en-GB

    g) Newsletter tracking by Episerver:
    The operating company of the application is Episerver GmbH.
    The newsletters are provided by Episerver with a pixel-sized file that is retrieved from the server when the newsletter is opened. As part of this retrieval, information about the browser and your system, your IP address and whether and when the newsletters are opened are collected.
    Links in the newsletters are individual, so that it can be tracked whether you have clicked on them.
    In addition, a post-click tracking cookie is set. This makes it possible to track user actions even after leaving the newsletter. Among other things, purchases, registrations and downloads on the STRATO website are recorded.
    The analyses carried out by Episerver on the basis of the data collected are made available to us in summarized form in anonymized form, so that it is no longer possible to draw conclusions about the actions of individual recipients.

    We use these statistical analyses to improve the accessibility of our offers and to ensure that you only receive content from us that corresponds to your interests. Our aim is also to optimize websites and to assess the success of advertising campaigns.

    While the post-click tracking cookie is only set with your consent, the other tracking measures are carried out within the scope of our legitimate interests. You have the option to object to the collection and processing of data by Episerver in the customer login under the tab "Change customer data"-> "Contact ways".

    h) Integration of Google services with STRATO Webmail
    STRATO Webmail`s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

  • i) Use of inventory data with marketing partners

    We use services such as Meta Custom Audiences, LinkedIn Matched Audiences, TikTok Custom Audiences, Reddit Custom Audiences and Google Customer Match to deliver targeted advertising in the form of adverts on our marketing partners' portals. We transmit inventory data (email address, telephone number, postcode, country) to our marketing partners. However, the data is not sent in plain text, but hashed in advance using the SHA 256 algorithm and then transmitted. The marketing partner then compares the data with its own, identical data in order to display targeted, personalized advertising in the form of advertisements on the portals of the respective marketing partner.

    Further information on data processing at Meta can be found at:
    https://www.facebook.com/privacy/policy

    Further information on data processing at Google can be found at:
    https://policies.google.com/privacy

    Further information on data processing at TikTok can be found at:
    https://www.tiktok.com/legal/page/row/privacy-policy/en

    Further information on data processing at LinkedIN can be found at:
    https://www.linkedin.com/legal/privacy-policy

    Further information on data processing at Reddit can be found at:
    https://www.reddit.com/de-de/policies/privacy-policy

    If data is transferred to third countries, suitable guarantees for data transfer are agreed with any processors or controllers in accordance with the legal requirements. Further information on data transfer to third countries by our marketing partners can also be found under the links above.

    Legal basis
    The legal basis for the use of your data is your consent. You can revoke your consent at any time in the customer area.

    Storage period
    Your personal data will be deleted immediately if you have revoked your consent.

    Data recipient
    Google Ireland Ltd.
    Gordon House, Barrow Street
    Dublin 4
    Ireland

    Meta Platforms Ltd.
    4 Grand Canal Square
    Dublin 2
    Ireland

    Tiktok Technology Limited
    10 Earlsfort Terrace
    Dublin
    Ireland

    LinkedIn Ireland Unlimited Company
    Wilton Pl,
    Dublin
    Ireland

    Reddit Ireland Ltd.
    70 Sir John Rogerson's Quay,
    Dublin 2
    Ireland

  • 3. Legal basis of the processing

    We process and use your data to execute the contract and provide our services, to improve our services and our websites and to adapt them to your needs and to provide updates and upgrades.

    Article 6 I lit. a of the General Data Protection Regulation (GDPR) provides us with a legal basis for processing operations, in which we obtain consent for a particular processing purpose. If the processing of personal data is required to fulfil a contract, the processing is based on Article 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of enquiries regarding our products or services. If we are subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6 I lit. c GDPR. Finally, processing operations could be based on Article 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of our legitimate interests or those of a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned (data subject) prevail. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. A legitimate interest is usually to be assumed if the data subject is a customer of the controller.

    If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is conducting our business. This also includes data analysis to improve our products and services. As well as performance of legal obligations, insofar as processing does not fall under Article 6 (1) lit. c GDPR.

    We process applicant data in accordance with Article 88 GDPR in conjunction with § 26 of the Federal Data Protection Act (BDSG, new version).

  • 4. Categories of recipients

    Registrars and registries: For domain registrations, we must forward certain personal data to registrars and registries. This data is stored in the registries' databases and publicly available to a varying extent via Whois enquiries from the registries. Further information about this can be found here https://www.strato.com/faq/en_us/article/2098/What-is-WHOIS-and-which-data-is-stored-there.html

    Escrow services: All registrars accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) must, in accordance with ICANN's generic domain rules, hold the domain data they manage in a secure environment in trust. This is intended to ensure the reliable management of the namespace. To that end, we use the escrow services of DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main.

    Collection service provider: These provide collection services for us.

    Processors: We pass on various personal data to our processors as the controller within the scope of the processing. We have ensured the security of your data by concluding data processing agreements. Our processors can be divided into the following categories:

    • Provision of services: These include newsletter delivery, printing and shipping of invoices, customer surveys, payment service providers, data carrier destruction
    • Operation of services, maintenance and upkeep of hardware and software

    We only release data to authorities and third parties in accordance with statutory provisions or a legal title. Information may be provided to authorities on the basis of a legal regulation on security or for prosecution purposes. Third parties will only receive information if required by law. This may be the case, for example, in the case of a copyright infringement.

  • 5. Data transmission to third countries

    Microsoft: To create your Microsoft Office 365 Business Account, we forward the following data to Microsoft Ireland Operations Ltd: Name, address, e-mail address and language. This data, as well as data that you store in Microsoft Office 365, can be processed in various Microsoft data centres around the world. The processing is carried out on the basis of the EU standard data protection clauses in accordance with Article 46 (2) lit. c GDPR.

    Registries: For the registration of top level domains. Processing is carried out on the basis of Article 49 (1) lit. b GDPR.

    Dropsuite: In order to provide you with STRATO mail archiving, we use software developed and operated by Dropsuite Ltd. In support cases, there is the possibility of remote access from Singapore. The archived contents themselves are stored on our servers in Germany. Processing is carried out on the basis of the EU standard data protection clauses pursuant to Article 46 (2) lit. c GDPR.

    Digicert and Sectigo: We act as an intermediary in the procurement and maintenance of SSL certificates. We transmit your data either to Digicert Inc. in the USA or to Sectigo Limited in the United Kingdom so that the SSL provider can provide its service. The processing is carried out by us on the basis of Art. 45 GDPR. SSL providers process your data under their own responsibility. For more details on how Sectigo protects, processes and manages your data, please refer to Sectigo's privacy policy https://www.sectigo.com/de/privacy-policy. You can find Digicert's data protection information at https://privacy.digicert.com/policies/en/.

    Sitelock: When using SiteLock, LCC, malware in your webspace is automatically detected and deleted. We act as an intermediary and provide Sitelock with your domain names for this purpose. SiteLock saves your webspace for 7 days. Processing is carried out on the basis of Article 49 (1) lit. b GDPR.

    Hewlett-Packard-Enterprise: For the maintenance and support of your servers, support access (remote access) can be provided by the Hewlett-Packard-Enterprise Company from the USA in individual cases of faults. For this purpose, an activation is made in individual cases, which is closed again after the end of the task. To ensure lawfulness, we have concluded EU standard data protection clauses in accordance with Article 46 (2) lit. c GDPR.

    Salesforce: Our order processor for the STRATO homepage design service, web4business, uses the CRM software Salesforce. In support cases, there is the possibility of remote access by Salesforce Inc. from the USA. Processing is carried out on the basis of the EU standard data protection clauses pursuant to Article 46 (2) lit. c GDPR.

    Genesys: when you contact us, your phone number and the area you are calling from are stored at AWS (Amazon Web Services) in Europe by Genesys Telecommunications Laboratories B.V.. This company operates our telephone system. In addition, your customer number, service pin and details of your products are also cached in AWS Europe. If you have given your consent to the recording of the call at the beginning of the call, this will also be stored. Both the storage and the transmission are exclusively encrypted. In individual support cases, there may be remote access to the data from the USA. However, these are only individual cases, which must be enabled by us in advance. To ensure legality, we have concluded EU standard data protection clauses in accordance with Art. 46 Para. 2 lit. c GDPR.

  • 6. Duration of storage

    We only process and store personal data for the period required to achieve the purpose of storage or where required by law. As a rule, the processing purpose is achieved upon termination of your contract.

    You can change and delete data that you save in our services yourself. After the termination of contract, we will delete the data stored in the services.

    Backup copies in our backup systems are automatically deleted with a time delay.

    For contract data, processing will be restricted after the contract has been terminated; it will be deleted after expiry of the statutory retention period.

  • 7. Your rights

    a) Right to information and confirmation
    You have the right to receive free information from us at any time, as well as confirmation of your personal data stored and a copy of this information.

    b) Right to rectification
    You have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of processing.

    c) Rights to erasure
    You have the right to have your personal data erased without delay if any of the following is true and if processing is not required:

    • The personal data has been collected for such purposes or processed in a way for which it is no longer necessary.
    • You revoke your consent, on which the processing was based, and any other legal basis for processing is lacking.
    • You object to the processing in accordance with Article 21 (1) GDPR and there are no legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
    • The personal data has been processed unlawfully.
    • The erasure of personal data is required to fulfil a legal obligation under European Union law or a national law to which we are subject.
    • The personal data was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

    d) Right to restriction of processing
    You have the right to request the restriction of processing if one of the following conditions is met:

    • The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
    • We no longer need your personal information for processing purposes, but you need it to assert, exercise or defend your rights.
    • You have objected to the processing in accordance with Article 21 (1) GDPR and it is not yet clear whether our legitimate interests prevail over yours.

    e) Rights to object
    You have the right to object at any time to the processing of personal data concerning you, which takes place on the basis of Article 6 (1) lit. e or f GDPR.
    In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
    You have the right to object at any time to the processing of your personal data for the purpose of direct advertising.

    f) Right to data portability
    You have the right to receive personal data relating to you that has been provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us if the processing is based on the consent pursuant to Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR or is based on a contract pursuant to Article 6 (1) lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
    Furthermore, in exercising your right to data transferability under Article 20 (1) GDPR, you have the right to arrange that your personal data is transmitted directly from one controller to another, where this is technically feasible and as long as this does not affect the rights and freedoms of others.

    g) Right to withdraw consent under data protection law
    You have the right to withdraw the consent to the processing of personal data at any time.

    h) Right of appeal to the supervisory authority
    You have the right to contact a supervisory authority in the Member State of your place of residence or place of work or the location of the alleged violation at any time if you believe that the processing of personal data concerning you is contrary to the EU General Data Protection Regulation.

  • 8. Statutory or contractual requirement, for the provision of personal data, necessity for the conclusion of the contract, obligation to provide the personal data, possible consequences of failure to provide data

    The provision of personal data may in part be required by law (e.g. tax regulations) or result from contractual provisions (e.g. information about the contracting party). Sometimes it may be necessary that you provide us with personal data, which must subsequently be processed by us, in order to conclude a contract. For example, you are required to provide us with personal information when we conclude a contract with you. Failure to provide the personal data would mean that the contract could not be concluded.

  • 9. Existence of automatic decision-making / profiling

    We do not use automatic decision-making or profiling.