Privacy Policy

Last updated Jan 12, 2021

I Privacy policy

We are pleased that you are visiting our website. We respect your privacy. Data protection and data security while using our website are very important to us. With this privacy policy, we would like to inform you about the extent to which data is collected when you use our website and for what purposes we use this data. We would also like to inform you about your rights in this regard.

 

II Responsiblity

Stacket by

FlashSites UG (haftungsbeschränkt)

Loreleiring 18, 65197 Wiesbaden

[email protected]

 

III SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

IV Contact

a. Type and purpose of processing

 

The data you enter will be stored for the purpose of individual communication with you. For this purpose, it is necessary to provide a valid email address, telephone number and your name. This serves the assignment of the request and the subsequent response to the same. The provision of further data is optional.

 

b. Legal basis of the processing

 

The processing of the data entered in the contact form is based on a legitimate interest (Article 6 (1) (f) GDPR). By providing the contact, we would like to enable you to contact us in an uncomplicated manner. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions. If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures (Article 6 (1) (b) GDPR).

 

c. Data categories

 

- Name

- Location

- Phone number

- Web Adress

- Mail

 

d. Recipient

 

Recipients of the data are internal employees and, if applicable, or their processors.

 

e. Storage periods

 

Data will be deleted no later than 6 months after the request has been processed. If there is a contractual relationship, we are subject to the statutory retention periods under the German Commercial Code (HGB) and delete your data after these periods have expired.

 

f. Legal / contractual requirement

 

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, email address and the reason for the request.

 

g. Third country transfer

 

Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

 

h. Withdrawal of consent

 

You can revoke your consent to the storage of your personal data at any time with effect for the future. You can notify us of your revocation at any time using the contact option provided at the beginning of this privacy notice.

 

i. Automated decision-making and profiling

 

As a responsible company, we do not use automated decision-making or profiling for this data processing.

 

 

V Data subject rights

If personal data is processed by you as a user, you are considered a data subject according to the GDPR. Data subjects are entitled to the following rights:

- Right of information (Article 15 GDPR)

- Right of correction or deletion of personal data (Article16, 17 GDPR)

- Right of restriction of processing (Article 18 GDPR)

- Right of communication in connection with therectification or erasure of your personal data or the restriction of processing (Article 19 GDPR)

- Right of data portability (Article 20 GDPR)

- Right to object (Article 21 GDPR)

- Right to revoke declarations of consent given. The law fulness of the data processing carried out until the revocation remains unaffecteddue to the consent valid to date. (Article 7 (3) GDPR)

- Right to complain to the supervisory authority (Article77 GDPR).

 

 

VI Right of access

Every data subject has a right of access to personal data concerning him or her. The right of access extends to all data processed by us. The right can be exercised easily and at regular intervals so that alldata subjects are always aware of the processing of their personal data and can verify its lawfulness (see recital 63 GDPR). The right of access includes inparticular the following information:

- The purpose of the processing

- The categories of data

- The recipients / categories of recipients, in particular recipients of international organizations or third countries;moreover, if a third country is involved, the data subject shall have the rightto obtain information on the appropriate safeguards in connection with the transfer.

If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration

Any available information on the origin of the data, if the personal data are not collected from the data subject

Any available information on the existence ofautomated decision-making, including profiling, pursuant to Article 22 (1) and(4) of the GDPR

The existence of a right of rectification or to erasure of the personal data concerning him or her, or of restriction of processing by the controller, or to object to such processing; and the existence of a right of appeal to a supervisory authority.

If a data subject wishes to exercise this right of access, he or she may contact us at any time via the contact option indicate date the beginning of this Privacy Notice.

 

VII Right of appeal

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of ajudicial remedy under Article 78 GDPR.

Our competent supervisory authority is:

 

The Hessian Commissioner for Data Protection and Freedom of Information

Gustav-Stresemann-Ring 1

65189 Wiesbaden

Phone: +49611-1408 0

Mail: [email protected]

 

VIII Right to data portability

Every data subject has the right to receive personal data concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance by the current controller to whomthe personal data have been provided, provided that the processing is based on consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on acontract pursuant to Article 6 (1) (b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary forthe performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising the right to data portability pursuant to Article 20 (1) of the GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller where technically feasible and provided that this does not adversely affect therights and freedoms of other individuals. In order to assert the right to dataportability, the data subject may at any time contact us using the contact details provided at the beginning of this data protection notice.

 

IX Right to rectification

Every data subject has the right to demand that our company immediately correct any inaccurate personal data concerning him or her. Furthermore, the data subjecthas the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing.

 

If a data subject wishes to exercise this right of access, he or she may, at any time, contact us using the contact details provided at the beginning of this privacy statement.

 

X Right to erasure

Every data subject has the right to erasure and to be forgotten and may request that weerase personal data concerning him or her without delay, provided that one of the following reasons applies and to the extent that the processing is no longer necessary:

The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.

The data subject revokes his or her consent on which the processing was based pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR and there is no other legal basis for the processing.

The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.

The personal data have been processed unlawfully.

The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

The personal data has been collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

If one of the mentioned reasons applies, and a data subject wishes to arrange for the erasure of personal data, he or she may, at any time, contact us using the contact details provided at the beginning of this data protection notice. The controller will arrange for the erasure request to be carried out immediately.

 

XI Right to object

Every data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out on the basis of Article 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.

The controller shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims. If the controller processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data for such marketing. This also applies to profiling, in so far as it is related to such direct marketing. If the data subject objects to the controller to the processing for direct marketing purposes, the controller will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning himor her which is carried out by the controller for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) GDPR,unless such processing is necessary for the performance of a task carried out in the public interest. In order to exercise the right to object, the data subject may contact us at any time via the contact details provided at the beginning of this data protection notice.

 

XII Right to restriction

Any data subject has the right to obtain from the controller the restriction of processing if one of the following conditions is met:

The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.

The processing is unlawful, the data subject objects to the erasure of the personaldata and requests instead the restriction of the use of the personal data.

The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the assertion, exercise ordefense of legal claims.

The data subject has objected to the processing pursuant to Article 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by the controller, he or she may, at anytime, contact us using the contact details provided at the beginning of this data protection notice. The controller will arrange the restriction of the processing.

 

XIII Payment methods used

In the context of contractual and other legal relationships, due to legal obligationsor otherwise based on our legitimate interests, we offer data subjects efficient and secure payment options and use service providers for this purpose.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the payment service providers transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and the privacy notices of the payment service providers.

For payment transactions, the terms and conditions and data protection notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information andother data subject rights.

Types of data processed: inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matterof contract, term, customer category); usage data (e.g., websites visited,interest in content, access times); meta/communication data (e.g., deviceinformation, IP addresses).

Data subjects: Customers; prospective customers.

Purposes of processing: provision of contractual services and customer service.

Legal Grounds: Contract performance and pre-contractual inquiries (Article 6 (1) (b)GDPR); Legitimate Interests (Art. 6 (1) (f) GDPR).

Payment service providers used:

PayPal: payment processing services (e.g. PayPal, PayPal Plus, Braintree); Serviceprovider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/de; Privacy Policy: https://www.paypal.com

/de/webapps/mpp/ua/privacy-full.

We have concluded a corresponding order processing contract or standard contractual clauses with PayPal.

 

XIV External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.

The hosteris used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6para. 1 lit. f DSGVO).

Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We use the following hoster:

Amazon Web Services, Inc.

P.O. Box 81226

Seattle, WA98108-1226

http://aws.amazon.com

For more information and the privacy policy, please visit https://aws.amazon.com

/de/privacy/

We have entered into a corresponding order processing agreement or standard contractual clauses with Amazon Web Service.  

 

XV GitHub

Customer websites are stored by an external service provider (hoster). The personal data collected on the customers' websites are stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

The hoster collects the following data in so-called log files:

IP address, the address of the previously visited website (referer request header), date and time of the request, time zone difference to Greenwich Mean Time, content of the request, HTTP status code, amount of data transferred, website from which the request came and information about the browser and operating system.

 

This is necessary to provide our services and products, to store the customers' website and to ensure stability and security. Legal basis corresponds to contract performance and pre-contractual requests (Article 6 (1) (b) GDPR) and legitimate interest within the meaning of Article 6 (1) (f) GDPR.

We use the following hoster for the provision of our services:

GitHub Inc.

88 Colin P Kelly Jr St

San Francisco, CA 94107

United States

This is the recipient of your personal data. This corresponds to our legitimate interest within the meaning of Article 6 (1) (f) GDPR, not to have to maintain a serveron our premises ourselves. Server location is USA.

We have concluded a corresponding order processing contract or standard contractual clauses with GitHub.  

For more information on objection and removal options please visit: https://docs.github.com/github

/site-policy/github-privacy

-statement

 

XVI Google Web Fonts

Our website uses web fonts from Google. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using these web fonts, it is possible to present you with the presentation of our website that we desire, regardless of which fonts are available to you locally. This is done by retrieving theGoogle Web Fonts from a Google server in the USA and the associated transfer of your data to Google. This is your IP address and which of our pages you have visited. The use of Google Web Fonts is based on Article 6 (1) (f) GDPR. As the operator of this website, we have a legitimate interest in the optimal presentation and transmission of our website.

We have entered into a corresponding order processing agreement or standard contractual clauses with Google.  

Details about Google Web Fonts can be found at: https://www.google.com

/fonts#AboutPlace:about and further information in Google's privacy policy: https://policies.google.com      

/privacy/partners

 

XVII Cloudflare

Our website uses Cloudflare. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA. By using Cloudflare, it is possible to present you with the presentation of our website that we desire, regardless of which fonts are available to you locally. This is done by retrieving the Google Web Fonts from a Cloudflare server in the USA and the associated transfer of your data to Cloudflare. This is your IP address and which page you have visited on our site. The use of Cloudflare is based on Article 6 (1) (f) GDPR. As the operator of this website, we have a legitimate interest in the optimal presentation and transmission of our website.

We have entered into a corresponding order processing agreement or standard contractual clauses with Cloudflare.

Details about Cloudflare and further information can be found in Cloudflare's privacy policy: https://www.cloudflare.com

/de-de/privacypolicy/

XVIII Cookies

Our website uses cookies. These are small text files that your web browser stores on your terminal device. Cookies help us to make our offer more user-friendly, effective and secure. Some cookies are "session cookies." Such cookies are deleted by themselves after the end of your browser session. In contrast, other cookies remain on your terminal device until you delete them yourself. Such cookies help us to recognize you when you return to our website. With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured to automatically delete cookies when you close the program. Disabling cookies may result in limited functionality of our website. The setting of cookies, which are necessary for the exercise of electronic communication processes or the provision of certain functions desired by you (e.g. shopping cart), is based on Art. 6 (1) lit. f DSGVO. As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these are treated separately in this privacy policy.

XIX Our right to amend the policy

Because changes in the law or changes in our internal company processes may require us to amend this Privacy Policy, we encourage you to review this Privacy Policy periodically. The Privacy Policy can be accessed at any time at https://stacket.app/privacy . We therefore reserve the right to amend this policy at any time in compliance with data protection law.

Navigation
HomeFeaturesBenefitsPricingFAQ's
Legal
Terms of ServicePrivacy Policy
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Accept