Privacy Policy

ST-PROMOTIONS GmbH & Co. KG | As of: May 2026

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to our full Privacy Policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Note on the Responsible Party” in this Privacy Policy.

How do we collect your data?

Your data is collected in two ways: firstly, you may provide data directly to us (e.g. by entering information in a contact form). Secondly, technical data is collected automatically or with your consent when you visit the website (e.g. browser type, operating system, time of page visit). This data is collected automatically as soon as you access the website.

What do we use your data for?

Some of your data is collected to ensure the error-free operation of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipient and purpose of your stored personal data, and the right to request its correction or deletion. If you have given consent for data processing, you may withdraw that consent at any time with effect for the future. You also have the right to request restriction of data processing and to lodge a complaint with the competent supervisory authority.

Please contact us at any time if you have further questions about data protection.

Analytics Tools and Third-Party Tools

When you visit this website, your browsing behaviour may be statistically analysed, primarily using analytics programs. Details on these analytics programs can be found in the full Privacy Policy below.

2. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this Privacy Policy.

Please note that data transmission over the internet (e.g. when communicating by email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Note on the Responsible Party

The party responsible for data processing on this website is:

ST-PROMOTIONS GmbH & Co. KG

Feldstraße 66

20359 Hamburg, Germany

Phone: +49 40 386082-0

Email: info@st-promotions.de

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

Storage Duration

Unless a more specific storage period is stated in this Privacy Policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or withdraw consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing it (e.g. retention periods under tax or commercial law); in the latter case, deletion will occur after those reasons cease to apply.

Legal Bases for Data Processing on This Website

Where you have given consent to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (special categories). For data required for the performance of a contract or pre-contractual measures, we rely on Art. 6(1)(b) GDPR. For compliance with legal obligations: Art. 6(1)(c) GDPR. For legitimate interests: Art. 6(1)(f) GDPR. Where cookies or device fingerprinting are involved, processing is additionally based on Sec. 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act). Consent may be withdrawn at any time.

Data Transfers to the USA and Other Third Countries – EU-US Data Privacy Framework

We use tools from companies based in the USA or other countries that do not provide an adequate level of data protection under EU law. For data transfers to the USA, the adequacy decision of the European Commission on the EU-US Data Privacy Framework (DPF) of 10 July 2023 serves as the primary legal basis under Art. 45 GDPR, provided the respective US company is DPF-certified. A list of certified companies is available at dataprivacyframework.gov.

For companies not certified under the DPF, or for transfers to other third countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46(2)(c) GDPR. The applicable legal basis for each service is specified in the relevant section below.

We note that the DPF is subject to ongoing judicial review. Should the adequacy decision be invalidated in the future, we will switch to alternative safeguards such as SCCs. We have no control over the data processing activities of third-party providers.

Withdrawal of Consent

Many data processing operations are only possible with your explicit consent. You may withdraw consent already given at any time with effect for the future. The lawfulness of processing carried out prior to withdrawal remains unaffected.

Right to Object to Data Collection in Specific Cases and to Direct Marketing (Art. 21 GDPR)

WHERE DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS. THE LEGAL BASIS ON WHICH PROCESSING RESTS IS SET OUT IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint with the Supervisory Authority

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement.

The competent supervisory authority for ST-PROMOTIONS GmbH & Co. KG is: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI), Ludwig-Erhard-Str. 22 (7th Floor), 20459 Hamburg, Germany.

Right to Data Portability

You have the right to receive data that we process automatically on the basis of your consent or for the performance of a contract in a structured, commonly used and machine-readable format, or to request that it be transferred to another controller, where technically feasible.

Access, Erasure and Rectification

Within the framework of applicable legal provisions, you have the right to free information at any time about your stored personal data, its origin and recipients, and the purpose of data processing, and the right to rectification or erasure of this data. Please contact us at any time for further questions on personal data.

Right to Restriction of Processing

You have the right to request restriction of processing of your personal data. This right applies in particular: where you contest the accuracy of the data; where processing is unlawful and you oppose erasure; where we no longer need the data but you need it for legal claims; or where you have objected to processing under Art. 21(1) GDPR pending verification.

SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the “https://” in your browser’s address bar and the padlock symbol. When SSL/TLS encryption is active, data you transmit to us cannot be read by third parties.

3. Data Collection on This Website

Cookies

This website uses cookies. Cookies are small data packets that do not cause harm to your device. They are stored either temporarily (session cookies, deleted when you close your browser) or permanently (persistent cookies, stored until you delete them or your browser does so automatically).

Third-party cookies may also be stored on your device when you visit our site. These enable us or you to use certain services of those third parties.

Necessary cookies are stored on the basis of Art. 6(1)(f) GDPR. Where consent has been obtained, processing is based solely on that consent (Art. 6(1)(a) GDPR and Sec. 25(1) TTDSG); consent may be withdrawn at any time.

Contact Form

If you send us enquiries via the contact form, your details from the form, including the contact information you provide, will be stored for the purpose of processing your request and in case of follow-up questions. We will not share this data without your consent.

Processing is based on Art. 6(1)(b) GDPR (contractual enquiries) or Art. 6(1)(f) GDPR (legitimate interest in processing requests), or on your consent under Art. 6(1)(a) GDPR where obtained. Consent may be withdrawn at any time.

Enquiries by Email, Phone or Fax

If you contact us by email, phone or fax, your request and all resulting personal data (name, request details) will be stored and processed for the purpose of handling your enquiry. We will not share this data without your consent.

Processing is based on Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR. Statutory retention periods remain unaffected.

4. Social Media

Social Media Plugins via Shariff

This website uses social media elements (e.g. Facebook, Instagram, Pinterest, XING, LinkedIn, X (formerly Twitter)).

Social media elements are only deployed using the “Shariff” solution, which prevents integrated social media elements from transmitting your personal data to the respective provider when you first access the page. A direct connection to the provider’s server is only established when you activate the respective element by clicking on it (consent under Art. 6(1)(a) GDPR and Sec. 25(1) TTDSG). This consent may be withdrawn at any time with effect for the future.

Facebook

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Data may also be transferred to the USA and other third countries.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook receives information that you have visited this website with your IP address.

Where consent has been obtained: Art. 6(1)(a) GDPR and Sec. 25 TTDSG. Where no consent has been obtained: Art. 6(1)(f) GDPR (legitimate interest in social media visibility).

Where personal data is collected via this tool and forwarded to Facebook, we and Meta Platforms Ireland Limited are jointly responsible for that data processing (Art. 26 GDPR). The text of the agreement is available at: https://www.facebook.com/legal/controller_addendum.

Data transfer to the USA is based on the EU Commission adequacy decision on the EU-US Data Privacy Framework (DPF) of 10 July 2023 and, supplementarily, on Standard Contractual Clauses. Further information: https://de-de.facebook.com/privacy/explanation.

Instagram

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram receives information that you have visited this website.

Where consent has been obtained: Art. 6(1)(a) GDPR and Sec. 25 TTDSG. Where no consent has been obtained: Art. 6(1)(f) GDPR. We and Meta Platforms Ireland Limited are jointly responsible for the initial data transfer (Art. 26 GDPR).

Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF). Further information: https://instagram.com/about/legal/privacy/.

Pinterest

Provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you access a page containing a Pinterest element, your browser establishes a direct connection to Pinterest’s servers, transmitting log data (including IP address, browser, date/time) to Pinterest in the USA.

Where consent has been obtained: Art. 6(1)(a) GDPR and Sec. 25 TTDSG. Where no consent has been obtained: Art. 6(1)(f) GDPR.

Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF), supplemented by Standard Contractual Clauses. Further information: https://policy.pinterest.com/en/privacy-policy.

5. Analytics and Advertising

WP Statistics

This website uses the analytics tool WP Statistics. Provider: Veronalabs, ARENCO Tower, 27th Floor, Dubai Media City, Dubai, UAE (https://veronalabs.com).

WP Statistics collects log files (IP address, referrer, browser, user origin) and visitor actions on the website. All collected data is stored exclusively on our own server and is not shared with third parties.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in anonymised usage analysis). Where consent has been obtained: Art. 6(1)(a) GDPR and Sec. 25(1) TTDSG. Consent may be withdrawn at any time.

IP Anonymisation

We use WP Statistics with IP anonymisation. Your IP address is truncated so that it can no longer be directly associated with you.

6. Newsletter

Newsletter Data

If you wish to subscribe to the newsletter offered on this website, we require your email address and confirmation that you are the owner of the email address and consent to receiving the newsletter (double opt-in). No further data is collected, or only on a voluntary basis.

Processing of newsletter subscription data is based solely on your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time, for example by using the unsubscribe link in the newsletter.

Your data stored for the newsletter will be retained until you unsubscribe and deleted thereafter. After unsubscribing, your email address may be added to a suppression list to prevent future mailings (Art. 6(1)(f) GDPR).

7. Plugins and Tools

YouTube with Enhanced Privacy Mode

This website embeds videos from YouTube. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode, which means YouTube does not store information about visitors to this website before they watch a video. Once you start a YouTube video, a connection to YouTube’s servers is established.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in attractive presentation). Where consent has been obtained: Art. 6(1)(a) GDPR and Sec. 25(1) TTDSG. Consent may be withdrawn at any time.

Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF), where Google/Alphabet is DPF-certified. Further information: https://policies.google.com/privacy?hl=en.

OpenStreetMap

We use the OpenStreetMap (OSM) mapping service. Map data is provided by the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The UK is recognised as a third country with an adequate level of data protection based on an EU Commission adequacy decision. When OpenStreetMap maps are used, a connection to the OSMF servers is established, during which your IP address and other information may be transmitted.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in attractive presentation and findability). Where consent has been obtained: Art. 6(1)(a) GDPR and Sec. 25(1) TTDSG.

hCaptcha

We use hCaptcha for spam protection. Provider: Intuition Machines Inc., 2211 Selig Dr, Los Angeles, CA 90026, USA.

hCaptcha analyses visitor behaviour using various characteristics (including IP address, dwell time, mouse movements) to distinguish human users from automated programs.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protection against spam and automated scraping). Where consent has been obtained: Art. 6(1)(a) GDPR and Sec. 25(1) TTDSG.

Data transfer to the USA is based on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR, as Intuition Machines Inc. is currently not certified under the EU-US Data Privacy Framework (DPF).

Further information: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.

Model Data Protection Statement for Anwaltskanzlei Weiß & Partner