Skip to content Skip to footer
german flag

DE

german flag

DE

german flag
Close

Data Protection

Introduction and General Information

The protection of your personal data is very important to us. This Data Protection Policy explains what personal data is collected when you use this website, how it is processed, and what third-party plugins and services are integrated. “Personal data” refers to any information that can directly or indirectly identify you, such as your name, email address, or IP address. We handle your data in accordance with the General Data Protection Regulation (GDPR) and applicable national laws.

Controller and Contact Information

The data processing on this website is carried out by:

Stellar Consulting
Stellar Attractions GmbH & Co. KG
Bergisch Gladbacher Str. 1177
Email: info@stellar-consulting.de

If you have any questions regarding data protection or wish to exercise your rights, you may contact us at the above address.

Data Collection on This Website

a) How Data is Collected

– Direct input by users: For example, when you fill in a contact form, subscribe to a newsletter, or place an order.
– Automatic collection: Technical data (e.g., browser type, operating system, IP address, access time) are automatically logged when you visit the site.

b) Purpose of Data Use

We process data to:
– Ensure the technical operation and security of the website.
– Respond to user inquiries.
– Fulfil contracts (e.g., product orders, bookings).
– Analyze visitor behavior (only where anonymized or with consent).

c) Legal Basis of Processing

Data is processed on one of the following bases:
– Consent (Art. 6 (1) (a) GDPR)
– Performance of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR)
– Legal obligation (Art. 6 (1) (c) GDPR)
– Legitimate interest in secure, efficient website operation (Art. 6 (1) (f) GDPR)

Server Log Files

Our hosting provider (Hostinger) automatically collects and stores information in server log files that your browser transmits:
– Browser type and version
– Operating system used
– Referrer URL
– Host name of the accessing device
– Date and time of server request
– IP address

This data is not merged with other data sources and is necessary to ensure website security and stability.
Legal basis: Art. 6 (1) (f) GDPR.

Cookies

This website uses cookies. Cookies are small text files that are stored on your device and help us make the site more user-friendly and effective.

– Essential cookies: Required for basic website functions (e.g., shopping cart).
– Preference cookies: Store settings like language or login.
– Analytics cookies: Track visitor behavior (used only with consent).

You can configure your browser to block or delete cookies. However, disabling cookies may affect functionality.
Legal basis: Art. 6 (1) (a) GDPR (consent) or Art. 6 (1) (f) GDPR (legitimate interest).

Plugins and Tools Used on This Website

1. Contact Form 7

We use Contact Form 7 to provide a contact form. Data entered (name, email, message) is stored only to respond to inquiries. This data is not shared with third parties without your consent.
Legal basis: Art. 6 (1) (b) GDPR.

2. CookieYes | GDPR Cookie Consent

This plugin manages cookie banners and stores user preferences.
Legal basis: Art. 6 (1) (c) GDPR.

3. Elementor & Starter Templates

Our website is built using Elementor. The plugin itself does not store personal data but may load external resources (such as Google Fonts). Please refer to the Google Privacy Policy.

4. WooCommerce & TI WooCommerce Wishlist

WooCommerce processes personal data for orders (name, address, payment info, email).
TI WooCommerce Wishlist allows users to save products. Cookies may be set and preferences stored.
Legal basis: Art. 6 (1) (b) GDPR.

5. MC4WP: Mailchimp for WordPress

Newsletter subscription data (email, name) is transferred to Mailchimp (USA). See Mailchimp Privacy Policy.
Legal basis: Art. 6 (1) (a) GDPR (consent).

6. QuickCal

QuickCal processes booking requests (name, email, appointment details).
Legal basis: Art. 6 (1) (b) GDPR.

7. Rank Math SEO

Rank Math SEO is used for SEO. May collect anonymized usage data but no personal visitor data.

8. The Events Calendar

The Events Calendar allows us to publish events. Personal data is collected only if users register or submit event-related forms.

9. Slider Revolution

Slider Revolution creates sliders. Does not process personal data.

10. Hostinger Tools & AI

Hostinger processes access data (IP, date/time, etc.) in server logs. See Hostinger Privacy Policy.

11. LiteSpeed Cache

LiteSpeed Cache improves performance by caching site content. Does not process personal data.

12. ThemeREX Addons & Updater

These plugins extend our WordPress theme. They do not process personal data.

Third-Party Services

Google Analytics

This site uses Google Analytics to analyze traffic, only if you consent via the cookie banner. IP anonymization is active. Data may be transmitted to Google servers in the USA. See Google Privacy Policy.
Legal basis: Art. 6 (1) (a) GDPR.

YouTube (if used)

When visiting a page with a YouTube video, data is transmitted to YouTube (Google). If logged in, it may be linked to your account.
Legal basis: Art. 6 (1) (f) GDPR.

Google Maps (if used)

If you access a map, your IP address will be transmitted to Google. See Google Privacy Policy.
Legal basis: Art. 6 (1) (f) GDPR.

Data Security

We use SSL/TLS encryption to protect data transmission (visible as “https://” and the lock icon in your browser).

Data Retention and Deletion

We store personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by statutory retention periods. In particular:
Contact inquiries: up to 6 months after final response, unless longer retention is required to establish, exercise, or defend legal claims.
Order and contract data (WooCommerce): retained for the duration of the contractual relationship and in accordance with commercial and tax retention laws (generally 6–10 years, depending on jurisdiction).
Newsletter data (Mailchimp): retained until you unsubscribe or withdraw consent; we then promptly delete or anonymize the data unless legal obligations require further retention.
Server logs: retained for short periods (typically up to 30–90 days) for security and troubleshooting, unless a security incident requires longer retention.
If the purpose for storage no longer applies or a retention period expires, personal data will be deleted or anonymized in accordance with legal requirements.

International Data Transfers

Some recipients of personal data (e.g., Google, Mailchimp) are located outside the EU/EEA (notably the USA). Where such transfers occur, we ensure an adequate level of data protection through appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission and, where necessary, additional technical and organizational measures (e.g., IP anonymization, encryption). You can find more details in the providers’ privacy policies and, where applicable, their SCC commitments.

Children’s Data

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe that a child has provided personal data to us without such consent, please contact us and we will promptly delete the data.

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

Data Protection Officer

Based on the nature and scale of our processing activities, we are currently not required to appoint a Data Protection Officer under Art. 37 GDPR. If this changes, we will update this Policy and provide the relevant contact details.

Rights of Data Subjects

You have the right to:

  • Access your stored personal data (Art. 15 GDPR)
  • Rectify incorrect data (Art. 16 GDPR)
  • Request deletion (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

You may withdraw consent at any time with effect for the future (Art. 7 (3) GDPR). To exercise these rights, contact us at info@stellar-consulting.de.

Right to Lodge a Complaint

If you believe your data has been processed unlawfully, you may file a complaint with your local Data Protection Authority. A list of EU supervisory authorities can be found here.

Objection to Marketing Emails

The use of contact details published under the legal notice requirement for sending unsolicited advertisements is prohibited. We reserve the right to take legal action in case of spam emails or similar misuse.

Changes to This Policy

We may update this Data Protection Policy from time to time to reflect changes in our processing activities or legal requirements. The version published on this website at the time of your visit applies. Where required by law, we will obtain your consent for material changes.