1. What data do we collect and process?
Contractual data: We collect, process, and save the data you provide when you place an order with us, e.g. your name, your address, your bank account details or credit card number. Furthermore, we also save and process data related to order and payment procedures.
Data you save on our servers: We collect, process, and save the data which you yourself save when using our services. This includes the creation of backup copies in our backup systems.
Log data: When you visit our website or use our services, the device you use to access the page automatically sends log data (connection data) to our servers. In particular, this is the case when you place an order, log in, or when you upload or download data. Log data is also collected by our servers when users access your website. Log data contains e.g. the IP address of the device which you use to access the website or the service, the type of browser you use to access it, the website you visited prior to accessing it, your system configuration, as well as date and time information. We only save IP addresses to the extent necessary for providing our services. In all other cases, the IP addresses are deleted or anonymized. For example, the IP addresses of visitors to your websites are anonymized a short time after the connection to your website has been terminated.
Cookies are small bits of identification data that a server saves on a device which you use to access our website or our services. They contain information that can be read when accessing our services, thereby allowing for a more efficient and better utilization of our offerings.
We use both permanent and session cookies. Session cookies are deleted when your web browser is closed. Permanent cookies remain on your device up to a maximum of 60 days or until they are deleted, whichever comes first.
The cookies help to improve our services and the utilization of certain features. For example, the order process on our website is only possible with the help of cookies; in addition, cookies are also used to collect statistical information on our web offerings, such as the number of visitors.
However, at no time do the cookies placed on your device identify the user him-/herself — instead, they only identify the device used. The information stored in the cookies is not linked to any personal information we may have stored about you.
You can configure your browser such that it informs you before cookies are created or such that it blocks the creation of cookies. However, this may make it impossible for you to use certain functions of our web offerings.
Social media tracking: In order to enable user group-driven marketing in social networks, a tracking mechanism from the social media service Facebook is embedded in this website. If you have a Facebook account and are logged into it when you visit the website, this tracking mechanism will link the visit to your account at Facebook. Log out of your Facebook account before visiting the website to prevent this linking from taking place. You can configure additional ad-related settings on Facebook in your user profile.
2. How we process and use your data
We process and use your data to fulfill the contract and to provide our services, to improve our services and our websites and to adapt them to your needs, to provide updates and upgrades, and to send you notifications related to the service.
3. How we transfer data to third parties
In order to perform domain registrations, we need to transfer certain personal information and data to the various registries. This data is saved in the databases of the registries and can be publicly accessed to varying extents via the WHOIS query tools provided by the registries. Currently, for the registration of e.g. a .de domain, the name and address of the domain holder, of the administrative and technical contact, and of the zone administrator, as well as the telephone number, fax number, and the e-mail address of the technical contact and the zone administrator are transferred to DENIC e G, Frankfurt, where they are stored. The name and address can be viewed by customers and third parties online at www.denic.de in the WHOIS query. For .com, .net, and .org domains, we are also required to provide the telephone number, fax number, and email address of the administrative contact. This information can be accessed publicly in the corresponding whois databases. More information on what data is published in the WHOIS of the various registries can be found here.
4. Editing, blocking, and deleting data
You yourself can edit and delete data that you have saved in our services. Backup copies in our backup systems are automatically deleted after a certain period of time.
After a contract expires, we delete the data saved in the services.
Contractual data is blocked after the expiry of a contract and deleted after the legally mandated archival period.
Security is one of our utmost priorities. We have taken comprehensive technical and organizational security measures to ensure the availability and security of your data. These measures are audited regularly and updated to ensure that they remain state of the art.
Data centers:Our data centers are certified according to ISO 27001 by the certification authority TÜV SÜD. This certification includes a systematic security concept and numerous security measures in the IT infrastructure itself, in the secondary equipment, and in the process chain. The security concept is based on defined standards and is revised regularly. Our security measures include data mirroring between both data centers, battery-supported non-interruptible power supplies, emergency diesel generators for up to four weeks of entirely autonomous operation, laser fire alarms and gaseous fire suppression, admission and access rules, declarations of liability and training courses for employees, as well as regular analyses of new security requirements.
Orders: We provide an encrypted connection (SSL) for you to transfer us data such as your bank account or credit card details during an order.
Accessing our services: A number of services, e.g. the STRATO HiDrive online storage service, can be accessed via an encrypted connection.
Encrypted storage of data: In many cases, you can store data on our services with popular encryption services (e.g. True Crypt).
6. Your legal rights
Upon request, we will inform you in writing of whether we have data saved on you, and what this data is. If you would like to exercise your legal right to information, or regarding the correction, deletion, or blocking of your data, please contact STRATO AG's corporate data privacy officer.
Attn.: Data privacy officer
We would be happy to answer any questions you may have regarding data privacy. Simply send us an email at: