Legal note

This is a non binding translation. Only the German version of this page shall be decisive.

Data protection

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other relevant data protection regulations as well as this data protection declaration. Our website can generally be used without providing personal data. If personal data (e.g. name, address or email address) is collected on our website, this is done on a voluntary basis. This data will not be passed on to third parties without your express consent.

Responsible, data protection officer

Responsible for data processing within the meaning of the GDPR, the BDSG and other data protection regulations is:

Blitzstart Holding GmbH Maximiliansplatz 17 80333 München

Phone: +49 89 95 44 302 – 50 Fax: +49 89 95 44 302 – 55 E-Mail:

According to Art. 37 GDPR and § 38 BDSG n.F. we are not obliged to appoint a data protection officer.

Contact form

If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent. In this case, the legal basis for the processing of your personal data is the consent you have given in conjunction with Art. 6 Para. 1 a) GDPR.

Collection and storage of general data (server log files)

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us and which is temporarily stored. These are:

  • Browser type / browser version of the accessing system
  • Operating system and version of the accessing system used
  • Client version
  • Target domain or the sub-websites that are accessed via an accessing system on our website
  • the website from which an accessing system reaches our website (so-called referrer URL)
  • Host name, IP address and Internet service provider of the accessing system
  • Method of access
  • Date and time of the server request
  • amount of data transferred and access status

This log data is stored in a log file to ensure data security, but cannot be assigned to specific people. This data is not merged with other data sources and no conclusions are drawn about the data subjects. Rather, this data is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) to ensure the long-term functionality of our IT systems and the technology of our website, (4) being able to track unauthorized access attempts and access to the web server, and (5) to provide authorities and courts with the information necessary for criminal prosecution and security, as well as for the pursuit of our legitimate interests and civil law claims in the event of a cyber attack. This anonymously collected data and information is evaluated by us with the aim of increasing data protection and data security in our company. Any other use of the log data is only carried out anonymously for statistical purposes. We reserve the right to check this data retrospectively and, if necessary, to further process and save it if we become aware of specific indications of illegal use. Otherwise, the log data will be deleted at regular intervals – at the latest after 14 days. In this case, the legal basis for data processing, insofar as it concerns personal data at all, is Article 6 (1) (f) GDPR.

Disclosure of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only share your personal information with third parties if:

  • You have given your express consent in accordance with Art. 6 Para. 1 Clause 1 a) GDPR,
  • the disclosure according to Art. 6 Para. 1 Clause 1 f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation for the transfer according to Art. 6 Para. 1 Clause 1 GDPR, and
  • this is legally permissible and is required for the execution of contractual relationships with you in accordance with Art. 6 Para. 1 Clause 1 b) GDPR.

Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or if this was provided for by the GDPR or another data protection regulation to which the controller is subject. If the purpose of storage no longer applies or if a storage period prescribed by the GDPR or another applicable provision expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Google Analytics

On the basis of your consent given to us Art. 6 para. 1 lit. a., Art. 7 GDPR) we use Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: Link. Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (Link).

This website uses Google Analytics with the extension "anonymizeIP ()", so that the IP addresses are only processed in abbreviated form in order to exclude a direct personal reference.

You can find information on the use of data by Google, other setting and objection options in Google’s data protection declaration (Link) and in the settings for the display of advertisements by Google (Link).

Other personal data

No other personal data is collected, stored or processed when using this website. Cookies are not set on the user’s computer when using this website. Data is not processed in countries outside the European Union. There is no automated decision making or profiling. However, personal data is collected and stored and processed and used in another way for the respective purpose, if and insofar as you provide it to us e.g. voluntarily by sending an e-mail or by another way of contact suggested on this website. We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. A complete protection of the data against access by third parties is not guaranteed.

Rights of the data subjects

Every person affected by the processing of personal data (hereinafter "data subject") has the following rights granted by the GDPR: a) Right to confirmation Every data subject has the right to ask the controller to confirm whether they are processing personal data.

b) Right to information Every data subject has the right to receive free of charge information about the personal data stored about him as well as a copy of this information from the controller at any time. The data subject can also request information about the following information:

  • the processing purposes
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of a right to correction or deletion of the personal data concerning them or to restriction of processing by the person responsible or a right to object to this processing
  • the right to lodge a complaint with a supervisory authority
  • if the personal data is not collected from the data subject: all available information about the origin of the data
  • the existence of automated decision-making, including profiling, in accordance with Article 22 Paragraph 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject. The data subject also has the right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transfer.

c) Right to rectification Every data subject has the right to request the immediate correction of incorrect personal data concerning them. In addition, the data subject has the right to request the completion of incomplete personal data, also by means of a supplementary statement, taking into account the purposes of the processing.

d) Right to cancellation Every data subject has the right to request that the person responsible delete their personal data immediately, provided that one of the following reasons applies and if processing is not necessary:

  • The personal data were collected for such purposes or processed in any other way for which they are no longer necessary.
  • The data subject withdraws their consent on which the processing was based in accordance with Art. 6 Para. 1 a) GDPR or Art. 9 Para. 2 a) GDPR, and there is no other legal basis for the processing.
  • The data subject objects to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Article 21 (2) GDPR.
  • The personal data was processed illegally.
  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
  • The personal data was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

If the personal data has been made public by us and our company is responsible as a person responsible for deleting the personal data in accordance with Art. 17 Para. 1 GDPR, we take appropriate measures, also technical, to take account of the available technology and implementation costs to inform the data processing officers who process the published personal data that the data subject has asked these other data controllers to delete all links to this personal data or copies or replications of this personal data, insofar as the processing is not required.

e) Right to restriction of processing Every data subject has the right to request the controller to restrict processing if one of the following conditions is met:

  • The data subject disputes the accuracy of the personal data for a period of time that enables the controller to check the accuracy of the personal data.
  • The processing is unlawful, the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted.
  • The controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
  • The data subject has objected to processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the data subject.

f) Right to data portability Every data subject has the right to receive the personal data relating to them, which the data subject has made available to a person responsible, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) a) GDPR or based on a contract in accordance with Art. 6 Para. 1 b) GDPR and the processing is carried out using automated processes, unless the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority, which was transferred to the person responsible. Furthermore, when exercising their right to data portability in accordance with Art. 20 Para. 1 GDPR, the data subject has the right to have the personal data transferred directly from one person responsible to another, insofar as this is technically feasible and if not the rights and freedoms of others are compromised.

g) Right to object Every person concerned has the right to object at any time to the processing of personal data relating to them, which is based on Art. 6 Para. 1 e) or f) GDPR, for reasons arising from their particular situation. In the event of an objection, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims . If we process personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. If the data subject objects to us processing for direct marketing purposes, we will no longer process the personal data for these purposes. In addition, the person concerned has the right, for reasons that arise from their particular situation, to object to the processing of personal data relating to us, which we do for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR unless such processing is necessary to perform a task in the public interest. The data subject is free to exercise their right of objection in connection with the use of information society services, regardless of Directive 2002/58 / EC, using automated procedures that use technical specifications.

h) Right to withdraw consent under data protection law Every data subject has the right to revoke any consent given to the processing of personal data in whole or in part at any time with no effect for the future. The revocation does not affect the legality of the data processing carried out prior to receipt of the revocation based on the consent given. The revocation can be made in any way permitted by law to transmit declarations, in particular by post, fax or email to the contact details of the person responsible given above.

Assertion of rights, supervisory authority

If the data subject wishes to exercise one or more of the aforementioned rights, they can contact us at any time. This can be done in any manner permitted by law to transmit declarations, in particular by post, fax or email to the contact details of the person responsible given above. According to Art. 77 GSDVO you also have the opportunity to contact a data protection supervisory authority with information or complaints. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters. The data protection supervisory authority responsible for us is: Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach.

Data security

We use the common SSL (Secure Socket Layer) procedure in connection with the highest encryption level, which is supported by your browser. As a rule, this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether a single page of our website is being transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.