→ Version 5.0
This data protection notice informs you about the processing of your personal data and your rights under the General Data Protection Regulation (GDPR).
1. table of contents
2. Controller
3. Details of data processing
3.1. use of our websites
3.1.1. purposes and legal bases
3.1.2. storage duration/ criteria for storage duration
3.2. communication by email/ post/ telephone/ contact form
3.2.1. purposes and legal bases
3.2.2. storage duration/ criteria for storage duration
3.3. our pages on social media
3.3.1. responsibilities
3.3.4. shared responsibilities
3.4. social wall
3.4.1. purposes and legal bases
3.4.2. storage duration/criteria for storage duration
3.5. newsletter including tracking
3.5.1. purposes and legal bases
3.5.2. recipients/categories of recipients
3.5.3. storage duration/criteria for storage duration
3.6. webinars
3.6.1. purposes and legal bases
3.6.2. Recipients/categories of recipients
3.6.3. Storage duration/criteria for storage duration
3.7. Whitepapers
3.7.1. Purposes and legal bases
3.7.2. Storage duration/criteria for storage duration
3.8. integrated third-party content
3.8.1. YouTube videos
3.9. processing of requests from public bodies
3.9.1. purposes and legal bases
3.9.2. origin of data and data types
3.9.3. recipients/categories of recipients
3.9.4. storage period/criteria for the storage period
3.10. customer hotline
3.10.1. purposes and legal bases
3.10.2. storage period/criteria for the storage period
3.11. processing of support requests
3.11.1. purposes and legal bases
3.11.2. recipients/categories of recipients
3.11.3. storage duration/criteria for storage duration
4. Use of cookies and similar technologies
4.1. cookies
4.1.1. purposes and legal bases
4.1.2. recipients/categories of recipients
4.1.3. storage duration/criteria for storage duration
4.2. consent management
4.2.1. purposes and legal bases
4.2.2. storage duration/criteria for storage duration
4.3. Google Analytics
4.3.1. purposes and legal bases
4.3.2. recipients/categories of recipients
4.3.3. storage duration/criteria for the storage duration
4.4. Adobe Analytics
4.4.1. purposes and legal bases
4.4.2. recipients/categories of recipients
4.4.3. storage duration/criteria for the storage duration
4.5. Google Ads and Microsoft Ads
5. STACKIT benefits and services
5.1. STACKIT portal
5.1.1. Customer registration and account creation
5.1.2. Account management
5.1.3. Storage and backup
5.1.4. Aggregating usage data
5.1.5. User feedback
5.2. STACKIT domain services portal
5.2.1. Purposes and legal basis
5.2.2. Storage duration/ criteria for storage duration
5.3. STACKIT University
5.3.1. Purposes and legal bases
5.3.2. Storage duration
5.4. STACKIT Marketplace
5.4.1. Purposes and legal bases
5.4.2. Recipients/ categories of recipients
5.4.3. Storage duration/ criteria for storage duration
6. Processing of personal data of customers
6.1. Purposes and legal bases
6.1.1. for the performance of contractual obligations (Art. 6 para. 1 sentence 1 b) GDPR)
6.1.2. for compliance with a legal obligation (Art. 6 para. 1 sentence 1 c) GDPR)
6.1.3. for the purposes of legitimate interests (Art. 6 para. 1 sentence 1 f) GDPR)
6.2. recipients/categories of recipients
7. References
7.1. Purposes and legal bases
7.2. Recipients/categories of recipients
7.3. Storage period/criteria for the storage period
8. Provision of your personal data by third parties
9. Obligation to provide your data
10. Your rights as a data subject
11. Contact the data protection officer
Unless otherwise stated below, the controller (Art. 4 No. 7 GDPR) for the data processing described below is
STACKIT GmbH & Co KG
Stiftsbergstraße 1
74172 Neckarsulm
Email: website@stackit.cloud
Phone: 07132 30 474747
The information contained in this section applies equally to our websites and the associated subdomains or subpages. These currently include:
*.stackit.com
*.stackit.rocks
*.stackit.gg
*.stackit.zone
*.stackit.run
When you use our website, the browser used on your end device automatically and without your intervention
the IP address of the end device,
the date and time of access,
the name and URL of the file accessed,
the amount of data transferred,
the website/application from which access was made (referrer URL),
the browser you are using and, if applicable, the operating system of your end device and
the name of your access provider
are sent to the server of our website and temporarily stored in a log file for the following purposes
Ensuring a smooth connection setup,
Ensuring convenient use of our website/application and
Evaluation of system security and stability.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the protection of our systems and the prevention of abusive or fraudulent behavior each time a user accesses this website.
The log files are stored for 30 days.
We process personal data that you send us as part of your inquiry by email/post/telephone/contact form exclusively for the purpose of processing your inquiry.
The legal basis for this data processing in the context of initiating or executing a contract is Art. 6 para. 1 sentence 1 b) GDPR.
Otherwise, the legal basis is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest arises from the aim of responding to your customer inquiry and thus promoting customer satisfaction.
The data will be stored for 90 days after completion of your request. Experience has shown that no further queries are to be expected after this period.
If legal claims are asserted, your data will be stored for three years after your request has been completed, starting at the end of the calendar year, to prove that we have fulfilled any legal claims.
We store personal data that you transmit to us as part of the initiation or execution of a contract for up to twelve years due to statutory retention obligations.
We are partly responsible for the data collection and processing described below and partly the respective operators of the social media platforms. For certain processing operations, we and the platform operators also act as joint controllers within the meaning of Art. 26 GDPR.
We operate the following social media sites:
LinkedIn: https://de.linkedin.com/company/stackit-cloud-colocation
Xing: https://www.xing.com/pages/stackit-ihrpartnerfurcloudundcolocation
YouTube: https://www.youtube.com/channel/UCrlj8jX00GYQYJO5Wnal6Bw
Facebook: https://www.facebook.com/Stackitcloud
Instagram: https://www.instagram.com/stackitcloud
Twitter: https://twitter.com/stackitcloud
We have only limited influence on the data processing by the operators of the social media platform (e.g. management of members and the information shared). At the points where we can exert influence and parameterize data processing, we work towards data protection-compliant handling by the operator of the social media platform within the scope of the possibilities available to us. In many places, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data it processes.
The platform operator operates the entire IT infrastructure of the service, maintains its own data protection regulations and maintains its own user relationship with you (if you are a registered user of the social media service). In addition, the operator is solely responsible for all questions relating to the data in your user profile, to which we as a company have no access.
You can find more information on data processing by the provider of the social media platform and other objection options in the provider's privacy policy:
LinkedIn: https://de.linkedin.com/legal/privacy-policy?trk=d_org_guest_company_overview_footer-privacy-policy
Xing: https://privacy.xing.com/de/datenschutzerklaerung
YouTube: https://policies.google.com/privacy?hl=de&gl=de
Facebook: https://www.facebook.com/privacy/explanation
Instagram: https://help.instagram.com/519522125107875
Twitter: https: //twitter.com/de/privacy
The purpose of data processing by us on our social media presences is to inform customers about services, promotions, competitions, factual topics, company news and interaction with visitors to the social media presences on these topics, as well as to respond to corresponding queries, praise or criticism.
We only reserve the right to delete content should this be necessary. We may share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is Art. 6 para. 1 sentence 1 f) GDPR. Data processing is carried out in the interest of our public relations and communication. The operator has no influence on the processing of your data carried out by us in the context of customer communication or competitions.
As already mentioned, we take care to design our social media pages to be as data protection compliant as possible where the provider of the social media platform gives us the opportunity to do so.
The data you enter on our social media pages, such as comments, videos, images, likes, public messages, etc., are published by the social media platform for this purpose and are not used or processed by us for any other purpose at any time. We only reserve the right to delete illegal content if this should be necessary. This is the case, for example, with posts that violate the law or are illegal, hate comments, offensive comments (explicitly sexual content) or attachments (e.g. images or videos) that may violate copyrights, personal rights or criminal laws.
We may share your content on our site if this is a function of the social media platform and communicate via the social media platform. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the required response. You always have the option of sending us confidential inquiries to our address stated under point 1 or in the legal notice.
We will delete or securely anonymize all personal data that you provide to us in the event of inquiries no later than 90 days after the final response to you. The 90-day retention period is due to the fact that you may occasionally contact us again about the same matter after a reply and we may then need to refer to the previous correspondence. Experience has shown that, as a rule, there are no further queries about our responses after 90 days. If you assert your rights as a data subject, your personal data will be stored for three years after the final reply to prove that we have provided you with comprehensive information and that the legal requirements have been met.
All public posts by you on one of our social media pages will remain in the timeline indefinitely, unless we delete them due to an update of the underlying topic, a legal violation or a violation of our guidelines, or you delete the post yourself. We have no means of influencing the deletion of your data by the operator itself. The data protection provisions of the respective operator therefore also apply.
We use the Sales Navigator function on LinkedIn. This enables us to search for corresponding profiles of LinkedIn users based on certain criteria, such as interests, professional background, place of work specified in the profile or similar, and to contact these users based on this. The Sales Navigator includes a messaging function that we can use to contact you via the profiles of our employees on LinkedIn. Messages that we exchange with you via this function on LinkedIn are stored by us for the duration of your use of the Sales Navigator. The communication that takes place in this way is not publicly visible to other users on LinkedIn. The legal basis for the data processing described is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest lies in establishing contact and forming a network of people who may be interested in STACKIT.
We also use the "Generate leads" function on the LinkedIn platform. In a first step, certain characteristics are used to pre-filter which profiles are shown our advertisements. The legal basis for this is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest is to be able to display the ads to target groups relevant to STACKIT.
When you click on our advertisements on LinkedIn, you have the option of leaving your name and business contact details and requesting that STACKIT contact you to obtain further information about our products. The data you provide will be transferred to our customer database. The legal basis for this is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest lies in effective communication with interested parties. If you provide us with personal data in the course of initiating a contract or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing.
All personal data that you provide to us in the aforementioned manner will be deleted or securely anonymized by us no later than 90 days after the final reply to you. The 90-day retention period is due to the fact that you may occasionally contact us again about the same matter after a reply and we may then need to refer to the previous correspondence. Experience has shown that, as a rule, there are no more queries about our responses after 90 days.
We store personal data that you transmit to us as part of the initiation or execution of a contract for a period of up to twelve years due to statutory retention obligations.
There is a partial relationship with the operator of the social media service in accordance with Art. 26 para. 1 GDPR (joint responsibility):
For the web tracking methods used by the operator of the social media platform, the platform operators and we act as joint controllers. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we unfortunately have little influence on the web tracking methods of the social media platform. For example, we cannot switch this off.
The legal basis for the web tracking methods is Art. 6 para. 1 sentence 1 f) GDPR. The interest in optimizing the social media platform and the respective fan page is to be regarded as legitimate within the meaning of the aforementioned provision.
Further information on the recipients or categories of recipients as well as the storage period or the criteria for determining the storage period can be found in the data protection declarations of the platform operators. We have no influence over these.
The options for exercising your rights to prevent these web tracking methods can be found in the privacy policies of the platform operators. You can also contact the platform operators using the contact details provided in the respective legal notice.
With regard to statistics that the provider of the social media platform makes available to us, we can only influence and prevent these to a limited extent. However, we make sure that no additional optional statistics are made available to us.
Please be aware that it cannot be ruled out that the provider of the social media platform may use your profile and behavioral data, for example to evaluate your habits, personal relationships, preferences, etc. STACKIT GmbH & Co KG has no influence on the processing or disclosure of your data by the provider of the social media platform.
We compile the content you share publicly and voluntarily on social media platforms (e.g. X, Facebook) using certain hashtags with reference to our company on so-called social walls. These social walls are published on our website and on our social media channels, for example for the external presentation of our company, for the implementation of marketing campaigns or competitions and for customer loyalty purposes.
Depending on the type of content, the following data is processed:
Timestamp,
post IDs,
post texts,
images,
videos,
links,
comments,
ratings,
file attachment,
metadata,
first name/surname,
user ID,
profile URL,
profile images,
website URL.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest arises from the above-mentioned purposes.
The data used for the social wall is processed for as long as the social wall is displayed. If you delete your post displayed on the social media platform, it will no longer be displayed on the social wall.
If you agree to receive our newsletter, we will process your data:
Email address
First and last name (optional)
Company (optional)
Profession (optional) and
Interest
for sending information about products, offers, promotions, services, announcements and invitations to competitions, surveys, training courses, events and webinars relating to STACKIT services and, if applicable, information about goods and services from affiliated partner and associated companies. These are currently in particular
Schwarz Digits KG
XM Cyber Ltd.
Schwarz IT KG
Schwarz Digital GmbH & Co. KG
Lidl e-commerce GmbH & Co. KG
Kaufland e-commerce Services GmbH & Co. KG
Schwarz Media GmbH
mmmake GmbH
Aleph Alpha GmbH
Wire Swiss GmbH
We also use tracking mechanisms (cookies or pixel tags) to record your usage behavior in the newsletters (in particular opening, clicking on links and other activities) and create personalized usage profiles on this basis and by assigning them to your person and/or e-mail address in order to tailor the information to your interests and to improve the offers.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR (for data processing) and Section 25 para. 1 TDDDG (for the use of cookies, etc.). You can revoke your consent to receive the newsletter and the recording of newsletter activities at any time with effect for the future, e.g. by unsubscribing from the newsletter on our website. You will find the link to the unsubscribe page at the end of each newsletter. When you unsubscribe, we consider your consent to the sending of the newsletter and the recording of your usage behavior and the receipt of newsletters based on this to be revoked. Your usage data will be deleted by us. This does not affect the legality of the data processing carried out up to receipt of your revocation.
To ensure that no errors have been made when entering the e-mail address, we use the so-called double opt-in procedure: After you have entered your e-mail address in the registration field, we will send you a confirmation link. Only when you click on this link will your e-mail address be added to our mailing list.
We also process the following data to document your consent and to defend our rights:
IP address of the end device used for registration,
date and time of registration and email verification,
registration and unsubscription source and
newsletter history.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest arises from the above-mentioned purposes.
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients.
For our newsletter, we use IT service providers who process personal data on our behalf.
If the confirmation link is not confirmed within 90 days, your data will be deleted completely.
As soon as you unsubscribe from the newsletter, we will delete your e-mail address, your name (if provided), your company (if provided), profession (if provided), your interest and your usage data.
To prove your consent, the required data will be stored for three years, starting at the end of the calendar year in which you unsubscribe from the newsletter.
If you would like to participate in a live webinar or view it as a call-up afterwards, you will be asked to provide your name, your business e-mail address (mandatory) and your company, business telephone number and job title (optional) in order to register.
If you use the interactive functions as part of your participation, the content of your chat or other contributions (e.g. questions, answers to surveys) may also be processed. Please note that the webinar will be recorded and therefore the content of your interactions will also become part of the recording. In this context, please do not provide any personal information about yourself or third parties in your contributions.
Further information can be found in the data protection information of the respective webinar itself.
We collect the above-mentioned identity and contact data in order to be able to include them in our customer database and to be able to provide you with information about our products and, if necessary, training documents for the webinar by e-mail and telephone afterwards on the basis of your voluntary consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and § 7 a para. 1 UWG. In addition, the other data is required to make the webinar, including the interactive functions, technically available. This data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 f) GDPR to enable the webinar to be held to the extent necessary. With regard to contacting us by email, please refer to the information on sending newsletters.
Your consent is voluntary and can be revoked at any time. In this case, your contact details will be deleted immediately. The legality of the processing that has already taken place up to receipt of the revocation is not affected by the revocation.
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients.
In this context, the service provider Cisco International Limited, 9-11 New Square Park, Bedfont Lakes, Feltham, England TW14 8HA, United Kingdom, is used to provide the webinar tool Webex. We use the service provider Microsoft Ireland Operations Ltd South County Business Park, One Microsoft Court, Carmanhall an Leopardstown, Dublin, D18 P521, Ireland to provide the webinar tool MS Teams Webinar/ MS Teams Live and to operate our customer database.
We delete personal data as soon as it is no longer required for the above-mentioned purposes.
Recordings of the webinar are stored for five years.
Your contact details will be stored in our customer database until you withdraw your consent. Your consent itself will also be retained for verification purposes for a further three years after deletion or for five years after the last telephone contact as part of the statutory documentation obligations.
If you would like to download one of our whitepapers, you will be asked to provide your name, your business e-mail address (mandatory) and your company and business telephone number (optional).
We collect the above-mentioned identity and contact data in order to include them in our customer database and to be able to subsequently provide you with information about our products by e-mail and telephone on the basis of your voluntary consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and Section 7 a para. 1 UWG. With regard to contacting us by email, please refer to the information on sending newsletters.
Your consent is voluntary and can be revoked at any time. In this case, your contact details will be deleted immediately. The legality of the processing that has already taken place up to receipt of the revocation is not affected by the revocation.
We delete personal data as soon as it is no longer required for the above-mentioned purposes.
Your contact data will be stored in our customer database until you withdraw your consent. Your consent itself will also be retained for verification purposes for a further three years after deletion or for five years after the last telephone contact as part of the statutory documentation obligations.
We have integrated YouTube videos on our website, which are stored on http://www.YouTube.com and can be played directly from our website. The following data is processed:
the IP address of the end device,
the browser you are using and, if applicable, the operating system of your end device,
the date and time of access and
the name and URL of the file accessed.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR (for data processing) and Section 25 para. 1 TDDDG (for the use of cookies and similar technologies).
If you have given your consent to the immediate playback of YouTube videos, you have the option below to withdraw this consent at any time. As soon as you have deactivated the following switch, your consent will be requested again when you visit one of our pages containing a YouTube video.
<<Toggle switch>> Consent to play YouTube videos
When YouTube videos are activated, Google sets cookies that may not be necessary for the provision of YouTube videos. You can find more information about cookies in our cookie policy. We have no influence on the processing and use of data by Google. Further information on data processing by Google can be found here: https://business.safety.google/privacy/
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients.
The processed data is accessible to IT service providers, in particular Google Ireland, Limited Gordon House, Barrow Street Dublin 4, Ireland, as this service provider is the provider of YouTube.
Your processed data will be deleted after the end of use.
If we receive inquiries from public authorities about our customers or business partners, we process these inquiries on the basis of Art. 6 para. 1 sentence 1 f) GDPR for the purpose of examining, documenting and responding to the request in our legitimate interest or in the legitimate interest of a third party, including the public, in effective law enforcement and the assertion, defense or defense of legal claims. As a result, personal data of our customers or business partners may be transferred to the respective public authority. If there is a legal obligation for us to respond to inquiries from authorities, the legal basis for the transfer of personal data is Art. 6 para. 1 sentence 1 c) GDPR in conjunction with a relevant special law.
The public authority may provide us with information on the content of the request and other data that we need to identify the data subject. Otherwise, we use the data already known to us to process the request, insofar as this is absolutely necessary to process the request. The content of the request and the data processed depend on the specific individual case. This may include, for example, names, contact details, information on the payment method and information on possible criminal offenses or administrative offenses.
If necessary to process the request and covered by the above-mentioned legal basis, we transmit personal data to public authorities (e.g. police authorities, public prosecutors or courts) and external parties who support us in processing the request (e.g. law firms, legal advice service providers, credit agencies, detectives). Furthermore, the request, including the relevant data, may be forwarded within our group of companies to the departments responsible for processing.
In exceptional cases, data is processed on our behalf by processors in the area of customer service.
We store the inquiries and the associated communication until the expiry of the applicable statutory periods.
If you contact the STACKIT customer hotline, personal data will be processed in the course of processing your telephone inquiry (by default: name, title, contact details).
We will, of course, treat any personal information that you provide to us during a telephone conversation as part of a customer service inquiry as confidential. We use your data exclusively for the purpose of processing your request.
The legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest here arises from the interest in answering your inquiries and thus maintaining and promoting the satisfaction of our customers, employees, business partners and other persons interested in STACKIT as part of the service.
If you provide us with personal data within the scope of the contact options in the course of initiating a contract or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing.
All personal data that you provide to us in telephone inquiries will be deleted or securely anonymized by us no later than 90 days after the conversation. The 90-day retention period is due to the fact that you may occasionally contact us again about the same matter after a conversation and we may then need to refer to the information you have already provided. Experience has shown that, as a rule, after 90 days there are no more queries about conversations that have taken place.
We process personal data that you provide to us as part of your support request exclusively for the purpose of processing your request.
The legal basis for this data processing in the context of initiating or executing a contract is Art. 6 para. 1 sentence 1 b) GDPR.
Otherwise, the legal basis is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest arises from the aim of answering your support request and thus promoting customer satisfaction.
You have the option of sharing support tickets you have created with other people who you have assigned as users to your organization account in our STACKIT portal. External users can also be considered as users if you have assigned them to your organization in the STACKIT portal. For sharing, each user has the option of choosing from the users assigned to your organization account as possible recipients. Accordingly, the user can have the users of your organization suggested as recipients of the ticket by name and/or e-mail address. Each user with whom a ticket is shared also receives information about the other users (name and email address) from your organization account with whom the same ticket was shared.
All personal data that you provide to us in support requests will be deleted or securely anonymized by us at the latest at the end of the existing business relationship with you.
When cookies and similar technologies are used to process usage data (in particular local storage), files are stored locally on your end device when you visit our website. They are used to store information in connection with the device you are using. However, this does not mean that we obtain direct knowledge of your identity.
The use of cookies and similar technologies to process usage data serves the following purposes, depending on the category of cookie or similar technology:
Technically necessary: These are cookies and other technologies without which you cannot use our services (websites/apps) (for example, to display our services correctly, including the language, font and font color, to provide the functions you have requested, to take into account your settings, such as your selection regarding cookies and other technologies, to save your login in the login area, to fill the shopping cart when shopping online, etc.).
The use of technically necessary cookies and similar technologies in the "Technically necessary" category is based on Section 25 (2) No. 2 TDDDG. Subsequent data processing is carried out on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 f) GDPR.
Depending on the purpose, the following types of personal data in particular are processed and the following cookies and similar technologies are used
User input to retain input across multiple subpages (e.g. selection of your preferred store in our store finder);
authentication data to identify a user after login in order to gain access to authorized content on subsequent visits (e.g. access to the customer account);
security-related events (e.g. detection of frequently failed login attempts);
data to play multimedia content (e.g. playback of (product) videos selected by the user).
An overview of information on the cookies and similar technologies used, the storage periods and any integrated third-party providers in this category can be found in our cookie policy.
Convenience: With the help of these technologies, we can take into account your actual or presumed preferences for the convenient use of our services. For example, we may be able to save goods placed in your shopping cart if you leave the online store before completing your order. We may also avoid showing you products that are not available in your region.
The use of cookies and similar technologies in the convenience category is based on Section 25 (1) TDDDG. Subsequent data processing takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR.
Depending on the purpose, the following types of personal data in particular are processed and the following cookies and similar technologies are used
User interface customization settings that are not linked to a persistent identifier (e.g. the specific display of search queries or the maps in the store finder).
You can find an information overview of the cookies and other technologies used, the storage periods and any integrated third-party providers in this category in our cookie policy.
Statistics: These technologies enable us to compile pseudonymous and possibly cross-device statistics on the use of our services for the purpose of tailoring them to your needs. This provides us with information on how or how often our services are used. This enables us to adapt our services even better to the habits of users.
The use of cookies and similar technologies in the statistics category is based on Section 25 (1) TDDDG. Subsequent data processing takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR.
Depending on the purpose, the following types of personal data in particular are processed and the following cookies and similar technologies are used
Pseudonymized user profiles with information about the use of our websites. These include in particular:
browser type/version,
operating system used,
referrer URL (the previously visited page),
host name of the accessing computer (IP address),
time of the server request,
individual user ID and
triggered events on the website (surfing behavior).
The IP address is regularly anonymized so that it cannot be traced back to you personally.
We only combine the user ID with other data from you (e.g. name, email address, etc.) with your separate express consent. The user ID itself does not allow us to identify you personally.
You can find an overview of the cookies and similar technologies used, the storage periods and any integrated third-party providers in this category in our cookie policy.
Marketing: This enables us and other responsible parties to show you and other users suitable advertising content on our services and third-party services (websites/ apps/ social media) based on the analysis of pseudonymous user behavior and to measure the success of the marketing measures. Your usage behavior can also be tracked across different websites, browsers or end devices using a user ID (unique identifier).
In addition, we analyse the use of our services (e.g. advertising banners viewed or clicked on) in order to optimize our advertisements and offers and provide our advertising partners with pseudonymous data for billing purposes and to optimize marketing campaigns. Our advertising partners cannot trace this information back to you personally.
The use of cookies and similar technologies in the marketing category is based on Section 25 (1) TDDDG. Subsequent data processing takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR.
Depending on the purpose, the following types of personal data in particular are processed and the following cookies and similar technologies are used
Pseudonymized usage profiles with information about the use of our websites. These include in particular:
IP address,
individual user ID;
potential product interests,
triggered events on the website (surfing behavior).
The IP addresses are regularly anonymized so that they cannot be used to identify you personally.
We only combine the user ID with other data about you (e.g. name, email address, etc.) with your separate express consent. The user ID itself does not allow us to draw any conclusions about your person.
You can find an information overview of the cookies and other technologies used, the storage periods and any integrated third-party providers in this category in our cookie policy.
You can revoke/adjust your consent at any time with effect for the future without affecting the legality of the processing carried out on the basis of the consent until revocation. Simply click here and make your selection. By unchecking the relevant boxes, you can easily and simply withdraw your consent for the respective processing purposes.
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients.
In exceptional cases, your personal data may be accessible to IT service providers and online marketing service providers in accordance with the respective cookie category.
The storage period for cookies can be found in our cookie policy.
If "persistent" is specified in the "Expiry" column, the cookie is stored permanently until the corresponding consent is revoked.
If "Session" is specified in the "Expiry" column, the cookie is stored for the duration of your visit to the website. As soon as you end the respective session or close your browser, the locally stored cookies are deleted.
We use a consent management tool on our website to manage your consent to the use of cookies and similar technologies.
Insofar as we use technically necessary cookies and similar technologies as part of the integration of the tool, this is done in accordance with Section 25 (2) No. 2 TDDDG. Subsequent data processing is carried out on the basis of Art. 6 para. 1 sentence 1 f) GDPR for the purpose and in our legitimate interest of using cookies and similar technologies on our website in compliance with data protection regulations and to enable you to easily revoke your declaration of consent.
If you give your consent via our consent banner, we process the following data
IP address of the end device,
date and time of access,
name and URL of the retrieved file,
date and time of consent,
a pseudonymous, random and encrypted consent key (consent ID),
your consent status, which serves as proof of your consent.
This enables our website to check your consent status for all subsequent and future page views and to activate or deactivate cookies and similar technologies in accordance with your decision to use them when you return to the site.
The check is carried out by comparing the consent ID and the consent status from the "CookieConsent" cookie with the values transmitted when you gave your consent in order to ensure that the status of your original consent has not changed.
Your consent ID and your consent status are stored both in the browser of your end device in the "CookieConsent" cookie and on the OneTrust servers for a period of one year.
We use the web analysis service Google Analytics to evaluate user access to our website. The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR (for data processing) and Section 25 para. 1 TDDDG (for the use of technologies similar to cookies).
Data collected during your use of our website is used by us for user guidance, for statistical evaluations and to adapt our website to your needs. This is the following data:
IP address of the end device,
date and time of access,
name and URL of the retrieved file,
browser used by you and, if applicable, the operating system of your end device.
Google Analytics 4 works largely without the setting of classic cookies, but on the basis of the evaluation of your behavior on our website. The processed IP address is automatically shortened so that direct identification is not possible.
Further information on data processing when using Google Analytics can be found here: https://business.safety.google/privacy/
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients.
The use of Google Analytics takes place by transmitting your data specified above to Google Ireland, Limited Gordon House, Barrow Street Dublin 4, Ireland.
The user data collected via Google Analytics is generally deleted after 14 months.
We use the web analysis service Adobe Analytics to evaluate user access to our website. The legal basis is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR (for data processing) and Section 25 para. 1 TDDDG (for the use of cookies and similar technologies).
Data collected during your use of our website is used by us for user guidance, for statistical evaluations and to adapt our website to your needs. This involves the following data:
Name and URL of the retrieved file,
date and time of access,
amount of data transferred,
access status, such as "file transferred", "file not found" etc.,
browser used by you,
anonymized IP address - shortened by the last three digits.
For this purpose, we use cookies to control your connection to our website during the session. For this purpose, a permanent cookie is set in your browser to create an anonymized user profile. This permanent cookie makes it possible to recognize your browser when you visit this website again. This serves to recognize the anonymized user profile and the needs-based design of our website.
A direct personal reference is excluded when using Adobe Analytics, as the settings have been selected in such a way that the IP address is anonymized as far as possible. This means that only a vague location can be determined. To prevent general tracking by Adobe, you only need to click on the corresponding link and confirm your objection on the page that can be accessed via this link. In this case, a permanent "Do not track" cookie will be set by Adobe in your browser so that Adobe Analytics is no longer used.
Further information on data processing when using Adobe Analytics can be found here: https://www.adobe.com/de/privacy.html
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients.
The use of Adobe Analytics takes place with the transmission of your data specified above to Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West Business Campus, Saggart D24, Dublin, Ireland.
For the use of Adobe Analytics, a persistent (permanent) cookie is set on your end device and stored until you withdraw your consent.
The storage period for cookies can be found in our cookie policy.
We use the Google Advertising service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google) and the Microsoft Advertising and Microsoft Clarity services of the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (Microsoft) for our own advertising on our website. Google and Microsoft also process your data as part of the Google and Microsoft Advertising services on their own responsibility.
Google Advertising and Microsoft Advertising can be used to display targeted advertisements via the Google and Microsoft networks (e.g. in search engines and email programs), to optimize them and to track the activities of users on our website if they have reached our website via advertisements. Microsoft Clarity can be used to track and visualize user interactions with our website.
We also use Google and Microsoft Advertising services to collect information that allows us to track target groups using remarketing lists. Google Advertising and Microsoft Advertising can be used to recognize that our website has been visited and to display an advertisement when Google or Microsoft networks are subsequently used. The information is also used to create conversion statistics, i.e. to record how many users have reached our website after clicking on an advertisement. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information with which users can be personally identified.
You can deactivate personalized advertising with Google and Microsoft or set it individually. Details on this can be found on the respective support pages of our partners:
- Google: https://support.google.com/My-Ad-Center-Help/answer/12155451
- Microsoft: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/personalisierte-anzeigen and
https://account.microsoft.com/privacy/ad-settings/signedout
You can also find setting options for personalized advertising at https://youradchoices.com/ and https://optout.networkadvertising.org/?c=1.
To use STACKIT services, you need an account for the STACKIT portal. This is associated with various functions and services.
An account is required in order to use STACKIT services. The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the fact that we would like to offer our services to potential customers and they need an account for this.
If the data processing takes place in the course of a contract initiation or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for the data processing.
In the course of registration, it may be necessary for us to carry out a credit and risk assessment of your company. This basically involves information about your company, which only constitutes personal data in exceptional cases if the company is not a legal entity, e.g. in the case of a sole proprietorship. The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the stated purpose.
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients, in particular for the purposes of creditworthiness and risk assessment.
Your data will always be deleted or securely anonymized once the purpose has been achieved. Different time limits apply here.
To complete your registration, you will receive an email to the address you have provided to confirm account activation (so-called user account). If you do not activate your user account, all your data will be deleted after 90 days. After activation, you will be asked to create a customer account. If no customer account is created and the user account is not assigned to any customer account in the subsequent sequence, all your data will also be deleted after 90 days.
If a customer account is not activated by us, all your data will be deleted after 120 days. If a customer account is rejected by us, all your data will be deleted immediately.
We delete personal data for the creditworthiness and risk assessment of your company as soon as it is no longer required for the stated purpose.
In order to enable you to use the STACKIT portal, data processing is required so that we can manage the account in the back office. The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the fact that you can manage the account yourself, for example to be able to invite other users to the customer account.
If you provide us with personal data in the course of initiating a contract or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing.
There is a differentiated deletion concept that differentiates the individual, generally proportionate deletion periods according to data types. Your personal data is always deleted when the purpose has been achieved, i.e. it is stored for as long as the user/project is created. In the latest case, the data will be deleted after 120 days, provided there are no retention obligations to the contrary.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from ensuring the security of the data stored in the cloud. In addition, your data is processed as part of systemic evaluations for the purposes of IT security (incorrect login attempts), evaluation of the services/features used for billing purposes as well as capacity management, optimization purposes and ensuring operation.
If the data processing takes place in the course of an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for the data processing.
The data is generally stored for as long as the system user is active. After that, the deletion period is 30 days. The log files are deleted after 90 days.
The legal basis for the processing of personal data with regard to the aggregation and provision of usage data is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the determination of consumption in order to see which customer has consumed/purchased what with regard to the use of the cloud.
If personal data is processed for further processing for billing purposes, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing, provided that the data subjects are contracting parties. If this affects persons who are not contractual partners, the data processing can be based on Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest in data processing arises from the chargeable nature of the services offered.
In cases in which STACKIT end customers receive services due to the activities of STACKIT partner companies (e.g. agents or resellers) and the partner's commission is influenced by the end customer's use of STACKIT cloud services or their scope of use, the partner receives information on the end customer's use and scope of use, unless it is not possible to settle the commission otherwise.
The data is generally stored for as long as the system user is active. After that, the deletion period is 30 days. The deletion period for log files is 90 days. The storage period for reports on tax retention obligations is twelve years.
The legal basis for data processing for the initial invitation to user feedback is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the stated purpose.
The legal basis for the processing of personal data for further contact (in the event that you are interested in providing user feedback), for the subsequent assessment of suitability (e.g. based on your professional position and activity, experience with IT applications, etc.) and for the evaluation of any user feedback you provide is your consent pursuant to Art. 6 (1) sentence 1 a) GDPR.
After submitting any user feedback, we store the contact details you have provided in order to be able to invite you to participate in any further user feedback in the future. The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR.
You give your consent when registering for possible user feedback. Your consent is voluntary and can be withdrawn at any time. The lawfulness of the data processing carried out until receipt of the revocation remains unaffected by the revocation. The legal basis for logging your declaration of consent for the purposes of verifiability (date and time of granting consent, specified name and email address) is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the aforementioned verification option.
If you decide after an initial interest not to participate in a user feedback offered by us or are not suitable for a user feedback, your data will be stored for another 30 days in case of queries.
Data for the evaluation of any user feedback you provide will be stored for four months and then anonymized.
Your contact details will be stored for two years in case you are invited again in the future.
The data associated with your declaration of consent will be stored for a period of three years for verification purposes, starting at the end of the calendar year in which you revoke your consent or all other data has been deleted by you.
In order to enable you to use the STACKIT Domain Services Portal, we process the data you provide when registering for the portal and when using the portal functionalities (e.g. account management, users, organizational data and contacts), as well as log data associated with the use (log files). The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from providing you with access to our portal and the associated functions, as well as from the technical stability and security of our systems.
If you provide us with personal data in the course of initiating a contract or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing.
We store the log data (log files) associated with the use of the portal for a period of 30 days.
The data associated with an account or user is stored for the duration of the existence of the account or user.
We store data associated with the initiation of a contract or an existing contractual relationship for a period of up to twelve years due to statutory retention obligations.
The legal basis for the processing of personal data with regard to the learning management system Totara is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the offer of STACKIT-specific cloud knowledge in the form of training and the collection and storage of training data to derive potential individual certifications.
The data is generally stored for as long as the system user is active. After that, the deletion period is 90 days.
Personal data that you provide to us via the contact form within the STACKIT Marketplace will, of course, be treated confidentially. The legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR if you suggest a third-party product (vendor) for the STACKIT Marketplace. The legitimate interest here arises from the interest in checking your request and the inclusion of the product proposed by you in the STACKIT Marketplace.
If you provide us with information about your product as a vendor so that it can be included in the STACKIT Marketplace, the legal basis for data processing is Art. 6 para. 1 sentence 1 b) GDPR if you yourself become a party to a possible contractual relationship with STACKIT GmbH & Co KG. If it is not you yourself but, for example, your employer who becomes a party to the contract, the legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest here arises from the interest in checking your request and the inclusion of the product of your employer, for example, in the STACKIT Marketplace.
If you book a product directly with a vendor via the STACKIT Marketplace, we will transmit the data you provide to the respective vendor that is required for the order. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 b) GDPR, which you give when you provide your data. Your consent is voluntary and can be revoked at any time by sending an email to marketplace@stackit.cloud. If you have not already done so, your data will not be transmitted to the vendor and will be deleted. In this case, however, the order cannot be completed. This does not affect the legality of the data processing carried out until receipt of your revocation.
If you book a product directly with STACKIT GmbH & Co KG via the STACKIT Marketplace, the legal basis for data processing is Art. 6 para. 1 sentence 1 b) GDPR if you yourself become a contracting party. If it is not you, but your employer, for example, who becomes a contracting party, the legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the interest in implementing the contractual relationship with, for example, your employer.
If you book a product directly with STACKIT GmbH & Co KG via the STACKIT Marketplace and the service associated with the product is not provided by STACKIT itself but by a vendor, we transmit the personal data (business e-mail address and unique user ID) of the users to the respective vendor. You can determine the users yourself by assigning them to the corresponding product as users in the STACKIT portal. The legal basis for the processing of user data is Art. 6 para. 1 sentence 1 b) GDPR if the user himself becomes a contracting party. If it is not the user but, for example, their employer who becomes a contracting party, the legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the interest in enabling the use of the ordered product by allowing the user to use the associated services via single sign-on on the vendor's website.
When ordering a product directly from a vendor via our STACKIT Marketplace, we transmit the data you provide to the respective vendor that is required for the order. This applies accordingly when ordering a product directly from us if the service associated with the product is not provided by STACKIT itself but by a vendor.
We delete data that you send us in connection with an inquiry that does not result in a contractual relationship, further customer communication or other information after the final response to your inquiry.
Data in connection with the booking of products (e.g. transaction date, purchased product, product configuration) is stored for a period of eleven years.
Otherwise, personal data will be stored for as long as is necessary to fulfill the above-mentioned purposes.
Irrespective of the data processing described above, we process personal data of customers in connection with the associated contractual relationship and/or pre-contractual measures.
We generally collect your data ourselves. However, it may also be necessary to process personal data that we receive from other companies, authorities or other third parties, for example credit agencies, tax offices or similar. This may also include personal data that we receive via our established whistleblower channels regarding possible compliance violations or as part of compliance investigations.
Relevant personal data may include: personal details (e.g. first/last name, address and other contact details, date and place of birth and nationality), legitimation and authentication data (e.g. extracts from the commercial register, ID card data, specimen signature), data relating to our business relationship (e.g. payment data, data on orders), creditworthiness data, data on company structures and ownership structures, photographs and video recordings and other data comparable to the categories mentioned.
You always have the choice of communicating with us by e-mail or by post. For technical reasons, communication by e-mail may be unencrypted.
The purposes of data processing arise from the implementation of pre-contractual measures that precede a contractually regulated business relationship and in the fulfillment of obligations arising from the contract concluded.
The purposes of data processing arise in individual cases from legal requirements. These legal obligations include, for example, the fulfillment of retention and identification obligations, e.g. in the context of requirements for the prevention of money laundering, tax control and reporting obligations and data processing in the context of inquiries from authorities.
It may be necessary to process your personal data beyond the actual fulfillment of the contract. The legitimate interests here are in particular the selection of suitable customers, research on potential customers, e.g. to ensure compliance requirements, etc, assertion of legal claims, defence against liability claims, avoidance of legal risks and economic disadvantages (also for third parties), protection of our IT infrastructure, management of access authorizations to our systems, access controls, other internal administrative purposes (e.g. process and workflow optimization, ensuring data quality), in the event of your prior willingness to participate, sending the invitation email to provide feedback via your contact persons in the Schwarz Group companies, conducting and facilitating communication (e.g. web meeting, telephone, etc.) and contacting you via our group-wide user directory, clarifying possible compliance violations, preventing criminal offenses and settling damages resulting from the business relationship.
When a contract is concluded, we occasionally collect data about your creditworthiness via credit agencies to fulfill the above-mentioned legitimate interests. We use the credit rating data from the credit agencies to check your creditworthiness. The credit agencies store data that they receive from banks or companies, for example. This data includes, in particular, surname, first name, date of birth, address and information on payment history. You can obtain information about the data stored about you directly from the credit agencies.
If you participate in the conclusion of a contract offered by us by means of a digital signature (e.g. Adobe Sign), we process your data, in particular your e-mail address, IP address and the times at which you have processed the respective contract document, e.g. approved, displayed or digitally signed, in each case with the time and date. Our legitimate interest lies in the efficient and fast digital processing of contract signatures and the corresponding logging of the signature process for verification purposes. It is also possible to sign certain contracts with a so-called qualified electronic signature. In this case, we also process the certificate data of your signature in addition to the aforementioned data. Our legitimate interest here is to check whether you have a valid qualified electronic signature, which can be used to replace a possible legal requirement for the written form. A prerequisite for the use of a qualified electronic signature is registration with a trust service provider (e.g. D-Trust/ Bundesdruckerei), which you must carry out independently. However, the respective provider processes the data you provide during registration under its own responsibility and not on our behalf.
In order to check for marketing purposes whether products from other Schwarz Group companies are also of interest to you, they may be given access to your contact data.
In addition, we occasionally process personal data to document important historical milestones and events in the development of the Schwarz Group companies in order to create a company chronicle.
Within our company, access to the data provided by you is granted to those areas that require it to fulfill contractual or legal obligations or to fulfill legitimate interests. Processors or service providers may also have access to your personal data within the scope of contractual relationships, to fulfill legal obligations and to protect legitimate interests. Compliance with data protection regulations is ensured by contract.
The data may also be transferred to Schwarz Group companies for the fulfillment of contractual obligations or legitimate interests (e.g. marketing purposes).
If a contract is concluded using a digital signature, your data will also be accessible to all persons involved in approving and signing the contract, as they will receive a log after the contract has been signed showing all processing steps, including e-mail address, IP address, date and time. Furthermore, your data may be accessible to the respective service providers that we use for the corresponding digital signature process. In the case of Adobe Sign, this is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West, Business Campus, Saggart D24, Dublin, Ireland. If a qualified electronic signature is used when concluding digital contracts, your data is also accessible to D-Trust GmbH, Kommandantenstraße 18, 10969 Berlin, Germany, as they check the validity of the signature.
If it is necessary for us to name existing customers and partners as references for the corresponding services in the context of tendering procedures, contract initiation, etc., we process your personal data (e.g. name, contact details, company and position) in order to be able to name you as a reference. In addition, we may process your data in order to name you as a reference on our website, our social media pages, in presentation materials (print and digital) and/or in press materials for the purpose of promoting our services and the STACKIT brand.
The prerequisite for this is that a corresponding reference agreement exists with your employer or you, or that you have submitted a declaration of consent for the naming of references. The data actually processed and the publication media depend in this respect on the reference agreement or declaration of consent.
The legal basis in the case of a reference agreement is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the stated purposes. If you yourself are a party to the reference agreement, the legal basis is Art. 6 para. 1 sentence 1 b) GDPR.
In the case of a declaration of consent, Art. 6 para. 1 sentence 1 a) GDPR is the legal basis.
We also process your data associated with the possible submission of a declaration of consent to document your consent and to defend our rights. The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the purposes mentioned.
In the case of tendering procedures, contract initiation, etc., your personal data will be accessible to the respective tendering body or potential contractual partners. When references are mentioned on our website, our social media pages, in presentation materials and/or in press materials, your data will be accessible to visitors to the respective pages or the recipients of the materials.
We process your personal data for as long as the existing contractual relationship with your employer or you that is relevant for the customer or business relationship and reference exists. At the longest, however, for the duration of the reference agreement or the existence of your declaration of consent.
Irrespective of this, the data associated with the proof of your possible declaration of consent will be stored for three years, starting at the end of the calendar year in which you revoke your consent or your other data is deleted.
Depending on how you obtain STACKIT Cloud Services or which business model we use, we may not collect your personal data from you ourselves, but may receive this data from third parties.
Third parties may, for example, be intermediaries who establish contact between us and you as a potential end customer. In this case, the intermediary provides us with your contact details (e.g. surname, first name, company, email address, address and your function/position within your company). We process this data on the basis of Art. 6 para. 1 sentence 1 f) GDPR in order to select potential end customers and contact them, as well as to initiate possible contracts. The legitimate interest arises from the aforementioned purposes.
If STACKIT Cloud Services are sold by partner companies of STACKIT GmbH & Co KG, e.g. as part of reselling or as the basis for our own services, it may be necessary for these partners to provide us with information about a potential end customer in advance in order to take advantage of individual contractual conditions. This usually involves information about the company of the potential end customer, which may constitute personal data under certain circumstances. We process this data on the basis of Art. 6 para. 1 sentence 1 f) GDPR in order to check whether the partner is entitled to make use of individual contractual conditions. The legitimate interest arises from the stated purpose.
Unless otherwise stated above, you are neither contractually nor legally obliged to provide us with personal data.
However, some of the data is processed for technical reasons as soon as you use our website and the associated services. If you no longer wish to provide us with the data, you can only do so by no longer using our website or the corresponding services.
Insofar as personal data is required for the processing of an inquiry from you, a possible conclusion of a contract or other services on our part, we may also not be able to process your inquiry, conclude a contract with you or provide other services if you do not provide this data.
If the data processing is based on consent in accordance with Art. 6 para. 1 sentence 1 a) or Art. 9 para. 2 a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.
In accordance with Art. 15 (1) GDPR, you have the right to receive information about the personal data stored about you free of charge upon request.
In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data.
If you have provided the processed data yourself, you have the right to data portability in accordance with Art. 20 GDPR.
If the data processing is carried out on the basis of Art. 6 para. 1 sentence 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will only be continued if we can demonstrate compelling legitimate grounds for further processing that outweigh your interest in objecting.
To exercise your rights as a data subject, if you have any questions or complaints, please contact the data protection officer in writing or by email. You also have the right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority of the federal state in which you live or in which the controller has its registered office is responsible.
If you have any further questions regarding the processing of your data or the exercise of your rights, you can contact the responsible data protection officer at the controller:
STACKIT GmbH & Co KG
- Data Protection Officer -
Stiftsbergstraße 1
74172 Neckarsulm
E-mail: datenschutz-digits@mail.schwarz