Privacy policy

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Sterntal UG (haftungsbeschränkt), Neubrandenburger Straße 53, 17291 Prenzlau, Germany, Tel.: +49 1522 181 2297, E-Mail: tarek.schubert@sterntal-industries.com. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

1.3 The controller has appointed a data protection officer, who can be reached as follows: "Tarek Schubert, Neubrandenburger Straße 53, 17291, Prenzlau, +49 1522 181 2297, Tarek.Schubert@Sterntal-Industries.com"

2) Data Collection When Visiting Our Website

2.1 In the case of purely informational use of our website, i.e., if you do not register or otherwise provide us with information, we only collect such data that your browser transmits to the page server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website

  • Date and time at the moment of access

  • Amount of data sent in bytes

  • Source/reference from which you reached the page

  • Browser used

  • Operating system used

  • IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Shopify

For the hosting of our website and the display of page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider's servers. We have concluded an order processing contract with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

In the case of data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

3.2 Cloudflare

We use a Content Delivery Network of the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA.

This service enables us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR. We have concluded an order processing contract with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision of the European Commission.

3.3 IONOS

We use a Content Delivery Network of the following provider: 1&1 IONOS Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.

This service enables us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR. We have concluded an order processing contract with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

3.4 Shopify

We use a Content Delivery Network of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data can also be transferred to:

  • Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

  • Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR. We have concluded an order processing contract with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

In the case of data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission. For data transfers to the USA, the data recipient has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision of the European Commission.

4) Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your end device. Some of these cookies are automatically deleted after the browser is closed (so-called "session cookies"), while others remain on your end device for a longer period and allow page settings to be saved (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the execution of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the event of consent being given, or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general. Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

5.1 Tidio

This website uses a live chat system from the following provider: Tidio Poland Sp. z o.o., Wojska Polskiego 81, 70-481 Szczecin, Poland.

The processing of personal data transmitted via the chat is carried out either in accordance with Art. 6 Para. 1 lit. b GDPR, because it is necessary for contract initiation or execution, or in accordance with Art. 6 Para. 1 lit. f GDPR due to our legitimate interest in effective support for our site visitors. Your data transmitted in this way will be deleted, subject to conflicting statutory retention periods, when the matter in question has been finally clarified.

Additionally, for the purpose of creating pseudonymized usage profiles using cookies, further information may be collected and evaluated, which, however, does not serve your personal identification and is not merged with other data sets. If this information has a personal reference, processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes. You can object to the collection and storage of data for the purpose of creating a pseudonymized user profile at any time with effect for the future. We have concluded an order processing contract with the provider.

5.2 TidioChat (Tidio Ltd.)

On this website, technologies of Tidio Ltd., 220C Blythe Road, W14 0HH, London, Great Britain (www.tidiochat.com) are used to collect and store anonymized data for web analysis purposes and to operate the live chat system. Pseudonymous usage profiles can be created from this anonymized data. Cookies may be used for this purpose. The data collected with TidioChat technologies will not be used to personally identify the visitor of this website and will not be merged with personal data about the bearer of the pseudonym without the separately granted consent of the person concerned. You can object to the collection and storage of data at any time with effect for the future by sending us your objection informally by email to the email address mentioned in the legal notice (Impressum).

5.3 Loox

For review reminders, we use the services of the following provider: Loox Online Ltd., Rehov Har Sinai 2, 6581602 Tel Aviv-Yafo, Israel.

Exclusively on the basis of your express consent in accordance with Art. 6 Para. 1 lit. a GDPR, we transmit your email address and, if applicable, other customer data to the provider so that they can contact you with a review reminder by email. You can revoke your consent at any time with effect for the future. We have concluded an order processing contract with the provider. For data transfer to Israel, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

5.4 Within the framework of contacting us (e.g., via contact form or email), personal data is processed—exclusively for the purpose of processing and answering your request and only to the extent necessary for this. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact aims at a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no statutory retention obligations.

6) Use of Customer Data for Direct Marketing

6.1 Registration for our Email Newsletter

If you register for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. We store your IP address as well as the date and time of registration to be able to trace possible misuse of your email address at a later date. You can unsubscribe from the newsletter at any time.

6.2 Klaviyo

The distribution of our email newsletters is carried out via this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA.

On the basis of our legitimate interest in effective and user-friendly email marketing, we pass on the data you provided during registration in accordance with Art. 6 Para. 1 lit. f GDPR to this provider. Subject to your express consent, the provider also performs statistical evaluation of email campaigns. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework. We have concluded an order processing contract with the provider.

6.3 Shopping Cart Reminders via Email

In the event that you abandon your purchase before completing the order, you have the option of being reminded once of the contents of your virtual shopping cart via email. The only mandatory information for this is your email address. This also uses the double opt-in procedure. By activating the confirmation link, you give us your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can unsubscribe from these reminders at any time.

7) Data Processing for Order Fulfillment

7.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR. We also work with the following service providers:

7.2 Use of Payment Service Providers

  • Amazon Pay: Processing via Amazon Payments Europe s.c.a., Luxembourg. Data transfer occurs according to Art. 6 Para. 1 lit. b GDPR for payment processing.

  • Apple Pay: Processing via Apple Distribution International, Ireland. Encrypted data transfer for payment fulfillment according to Art. 6 Para. 1 lit. b GDPR.

  • Google Pay: Processing via Google Ireland Limited. Use of transaction numbers (tokens) for payment processing according to Art. 6 Para. 1 lit. b GDPR.

  • Klarna: Processing via Klarna Bank AB, Sweden. For invoice/installment purchases, identity and creditworthiness checks are carried out according to Art. 6 Para. 1 lit. f GDPR.

  • PayPal: Processing via PayPal (Europe) S.a.r.l. et Cie, S.C.A., Luxembourg. Credit checks may be performed for deferred payment options according to Art. 6 Para. 1 lit. f GDPR.

  • Shopify Payments: Processing via Shopify International Limited, Ireland, according to Art. 6 Para. 1 lit. b GDPR.

  • Sofortüberweisung: Processing via Klarna Bank AB (publ), Sweden, according to Art. 6 Para. 1 lit. b GDPR.

8) Web Analysis Services

8.1 Google Analytics 4

This website uses Google Analytics 4 from Google Ireland Limited. It uses cookies to analyze website usage. IP addresses are shortened to ensure anonymity. Data is stored for two months. This processing only occurs if you have given your express consent according to Art. 6 Para. 1 lit. a GDPR. We have an order processing contract with Google. For US transfers, Google complies with the EU-US Data Privacy Framework.

  • Demographic characteristics: Statistics on age, gender, and interests.

  • Google Signals: Cross-device reports (if personalized ads are enabled in your Google account).

  • UserIDs: Cross-device activity analysis for logged-in users.

8.2 Google Tag Manager

A technical basis for bundling web applications. It transmits the IP address to Google. Use only with consent according to Art. 6 Para. 1 lit. a GDPR.

8.3 Shopify Analytics

Uses cookies/pixels to create pseudonymized visitor profiles and heatmaps. Use only with consent according to Art. 6 Para. 1 lit. a GDPR.

9) Retargeting/Remarketing and Conversion Tracking

  • 9.1 Meta Pixel: Used for Facebook/Instagram Ads and conversion tracking. Only with consent (Art. 6 Para. 1 lit. a GDPR).

  • 9.2 Google Ads Remarketing: Interest-based advertising. Only with consent (Art. 6 Para. 1 lit. a GDPR).

  • 9.3 Pinterest Retargeting Pixel: Personalized ads on Pinterest. Only with consent (Art. 6 Para. 1 lit. a GDPR).

  • 9.4 Google Ads Conversion Tracking: Measures success of Google Ads. Only with consent (Art. 6 Para. 1 lit. a GDPR).

  • 9.5 Pinterest Tag Conversion Tracking: Analyzes user actions after clicking Pinterest ads. Only with consent (Art. 6 Para. 1 lit. a GDPR).

  • 9.6 TikTok Pixel: Analyzes user actions after clicking TikTok ads. Only with consent (Art. 6 Para. 1 lit. a GDPR).

10) Page Functionalities

10.1 Loox Widget

Displays customer reviews. IP address is transmitted to Loox Online Ltd., Israel, to load graphic elements. Based on legitimate interest (Art. 6 Para. 1 lit. f GDPR).

10.2 Google Web Fonts

Uniform display of fonts. IP address is transmitted to Google. Only with consent (Art. 6 Para. 1 lit. a GDPR).

11) Tools and Miscellaneous

11.1 Accounting Services

  • Finom (PNL Fintech B.V.): Cloud-based accounting.

  • Lexware Office (Haufe-Lexware GmbH & Co. KG): Cloud-based accounting.

    Processing is based on our legitimate interest in efficient business organization (Art. 6 Para. 1 lit. f GDPR).

11.2 Cookie Consent Tool

Used to obtain and manage user consent for cookies. Legally required under Art. 6 Para. 1 lit. c GDPR and based on legitimate interest under Art. 6 Para. 1 lit. f GDPR.

12) Rights of the Data Subject

12.1 Applicable data protection law grants you the following rights:

  • Right to information (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to notification (Art. 19 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7 Para. 3 GDPR)

  • Right to lodge a complaint (Art. 77 GDPR)

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA WITHIN THE SCOPE OF A BALANCE OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU OBJECT, WE WILL STOP THE PROCESSING UNLESS WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION OR THE PROCESSING SERVES THE ASSERTION OF LEGAL CLAIMS.

IF WE PROCESS YOUR DATA FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME.

13) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and—if relevant—statutory retention periods (e.g., commercial and tax retention periods). Data processed with consent is stored until the consent is revoked. Data for contract fulfillment is deleted after retention periods expire, unless further storage is necessary. Data based on legitimate interest is stored until an objection is made, unless compelling reasons for further storage exist.

Status: 30.04.2026, 12:00:11