Data protection notice as of: 16.02.2022
In this data protection notice we inform you about the type, purpose and scope of the processing of your personal data. This data protection notice applies to the processing of your personal data as part of the provision of our services online and offline, but above all to this website and our social media presence.
All terms used are not gender specific.
Responsible for data processing:
Stars and Frogs Lda
General Manager: David Jacob
Address: Rua D. Sancho I, N.º 18, Loja E, 8500-013 Alvor, PORTUGAL
Phone: +351 960 272 927
The protection and security of your personal data are important to us. This website therefore stores and processes data exclusively in accordance with the Portuguese and European General Data Protection Regulation (GDPR). As a user, you consent to data processing in the sense of this declaration. You can find the current version of the GDPR at:
This data protection declaration only applies to this website. If you are forwarded to other pages via links on our pages, you can find out more about how your data is handled on the forwarded website. Your personal data (e.g. title, name, address, email address, telephone and fax number, date of birth, text input) will only be processed by us in accordance with the provisions of Portuguese data protection law. The following regulations inform you about the type, scope and purpose of the collection, processing and use of personal data.
Types of data processed
- Contact details (e.g. telephone numbers, email addresses)
- Inventory data (e.g. names, addresses)
- Content data (e.g. text entries, photos, videos)
- Contract data (e.g. subject matter of the contract)
- Payment details (e.g. account details)
- Usage data (e.g. websites visited)
- Location data (e.g. position of the device)
- Meta / communication data (e.g. IP addresses)
Categories of data subjects
- Customers, business partners, interested parties
- Visitors and users of the online offer
Purpose of processing
- Provision of our online offer
- Ease of use
- Communication with customers, business partners, interested parties, users
- Provision of contractual services
- Fulfillment of legal documentation requirements
- Safety measures
- Marketing & Advertising
Processing of special categories of personal data
A processing of sensitive personal data according to Art. 9 GDPR and Art. 10 GDPR does not take place.
Overview of the legal bases
- Consent (Art. 6 para. 1 lit. a GDPR)
The data subject has given their consent to the processing of their personal data for one or more specific purposes.
- Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR)
The processing is necessary for the fulfillment of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that take place at the request of the data subject.
- Fulfillment of a legal obligation (Art. 6 para. 1 lit. c GDPR)
The processing is necessary to fulfill a legal obligation to which the person responsible for the processing is subject.
- Preservation of legitimate interests (Art. 6 para. 1 lit. f GDPR)
Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh this.
Rights of the persons affected
According to Portuguese data protection law and the European GDPR, you as the person concerned have extensive rights. Above all, these rights should ensure more transparency. Your rights as a data subject are the right to information about your personal data, to correction, deletion, restriction of processing, objection to processing and data portability (only in the case of a contractual relationship or consent) and to withdraw consent at any time (Art. 15 to 21 GDPR).
The easiest way for you as a data subject to exercise your rights is to send an email to email@example.com. In addition, by sending a message by post, making personal contact, as well as via the contact form on the website.
In addition, you always have the right to lodge a complaint with the data protection authority regarding the processing of your personal data. The contact details of the data protection authority are:
CNPD – Comissão Nacional de Proteção de Dados
Av. D. Carlos I, 134, 1º
T (+351) 213 928 400
F (+351) 213 976 832
Your data will be deleted as soon as the respective contract with you has been fulfilled and there is no longer any legal obligation to store the data. Your data will generally be deleted after seven years.
Statutory / legal retention obligations or contractual obligations e.g. personal data must continue to be stored in relation to customers from warranty or compensation or to contractual partners. (Art. 6 para. 1 lit. c GDPR)
Contact form, email, phone, social media
If you contact us using the form on the website, via e-mail, phone or social media, the data you provide (e-mail addresses, names, addresses, telephone and fax numbers, date of birth, text input, etc.) will be used for the purpose of processing the request and in the event of Follow-up questions stored with us for 12 months. We do not pass on this data without your consent. The data entered is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent informally by email to us at any time.
The data you have entered will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. completed processing of your request). Statutory provisions remain unaffected (retention periods).
By submitting a comment in the comment form on our website, the personal data you provide will be processed for the purpose of presenting your comment on our website and our internal documentation. This is done on the basis of Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract (free hosting contract to display your comment on our website). Your entered data will be stored by us until your comment is deleted.
Inventory data (customer and contract data)
We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship. This is done on the basis of Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures. We collect, process and use personal data on the use of our website (usage data) only insofar as this is necessary to enable the user to use the service. The customer data collected will be deleted after the business relationship has ended. Statutory retention periods remain unaffected.
Automatic data storage
When you visit our website, various information is automatically stored on the web server of the hosting provider.
We host our website with our processor: IONOS by 1&1 Limited, Discovery House, 154 Southgate Street, Gloucester, GL1 2EX, United Kingdom.
Only connection data are processed for the mere provision of the website. This processing is based on our legitimate interest in accordance with. Art. 6 para. 1 lit. f GDPR (absolute technical necessity to provide this website).
Personal data is processed to operate the website and to call up other functions. You can read details about the individual functions and services here in this data protection declaration.
Server log files
When you visit this website, the browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- Name and URL of the file called up,
- Website from which access is made (referrer URL),
- Browser used and, if applicable, the operating system of your computer and the name
- your access provider.
The possibility to use this data on the legal basis according to Art. 6 para. 1 lit. f GDPR for purposes like
- ensuring a smooth connection to the website,
- ensuring comfortable use of our website,
- the evaluation of system security and stability as well as
- for further administrative purposes
to use is currently being used by us. Under no circumstances will the data collected be used to draw conclusions about you personally. The duration of the processing is limited to 14 days.
What is a cookie?
Cookies are small text files that are created by the website you are visiting and that contain data. They are stored on the visitor’s computer in order to give the user access to various functions. A session cookie is temporarily stored on the computer while the visitor is navigating through the website. This cookie is deleted when the user closes his internet browser or after a certain period of time (i.e. when the session expires). A permanent cookie remains on the visitor’s computer until it is deleted.
Types of cookies
- Temporary cookies (session cookies)
Session cookies are only temporarily stored on the computer and are deleted when the browser is closed.
- Permanent cookies
Permanent cookies remain stored on the computer even after the browser is closed. E.g. Language settings for the next visit are saved in these cookies.
- Essential cookies
Essential cookies are absolutely necessary for the smooth operation of a website.
- Marketing cookies
These cookies are used for advertising purposes, e.g. to assign a specific user profile to a user and thereby show the user advertising appropriate to his surfing behavior.
- First-party cookies
These cookies are set by the website operator himself.
- Third-party cookies
These cookies are mostly set by so-called social networks (so-called third parties) to process the usage behavior of the website visitor.
Storage duration of cookies
The storage duration of cookies varies depending on the type and function of the cookie. If our cookie notice does not provide any information on the storage period, the storage period can be up to 2 years.
How can I refuse and delete cookies?
If you deactivate cookies, the functionality of this website may be restricted. Cookies that are required to carry out the electronic communication process or to provide certain functions you require (e.g. comment function, shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR saved. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services.
For more information about cookies, including information on how to set, organize, block or delete cookies, visit www.allaboutcookies.org. The website www.allaboutcookies.org provides detailed instructions on how cookies are set and deleted, depending on the browser type.
Your cookie settings
As a user, you can make your personal cookie settings in our cookie notice (pop-up window). If you give us your consent to the setting of cookies, we will process this data on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time.
Otherwise, only cookies (essential cookies) are set that are absolutely necessary for the operation of the website. We act on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).
Integration of third party services
We integrate services (content and functions) from third-party providers on our website in order to display their content such as fonts, videos, images, etc.
If we obtain the consent of the user for this, the processing of the data takes place on the legal basis of the consent of the user (Art. 6 para. 1 lit. a GDPR). Otherwise, we process the user’s data on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).
If you have given your consent, we use maps (“Google Maps”) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processing of your personal data serves the purpose of displaying interactive maps on our website.
This Google service can process browser and connection data, but these are usually only collected with the consent of the user (settings in the browser or on the mobile device).
Details can be found here:
Data protection notice: https://policies.google.com/privacy
Possibility of objection: https://tools.google.com/dlpage/gaoptout?hl=de
Opt-out (advertising settings): https://adssettings.google.com/authenticated
We use the hCaptcha anti-bot service (hereinafter “hCaptcha”) on our website. This service is provided by Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA, a Delaware US Corporation (“IMI”). hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the “invisible mode” may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a “data processor” acting on behalf of its customers as defined under the GDPR, and a “service provider” for the purposes of the California Consumer Privacy Act (CCPA).
Social plugins (“plugins”) from the social network facebook.com can be integrated into our website. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. These plugins can display content such as graphics, text contributions, videos or elements for interaction on the website. You can see the list and appearance of the Facebook social plugins here: https://developers.facebook.com/docs/plugins/
Details can be found here:
We use the Wordfence Security Plugin to secure our online offer. The provider of this plug-in is Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.
Our website uses this service to protect against viruses, malware and other attacks by criminals. For the purpose of protection against brute force and DDoS attacks or message spam, IP addresses are stored on the servers of Defiant, Inc. Wordfence Security protects our website and thus all visitors to our website against viruses and malware.
This data processing is based on our legitimate interest in accordance with. Art. 6 para. 1 lit. f GDPR (absolute technical necessity to provide this website).
Details on the collection and use of data by Wordfence Security can be found here: https://www.wordfence.com/privacy-policy/
Wordfence currently uses three cookies:
What does this cookie do: This cookie is used by the Wordfence firewall to perform a functional test of the current user before WordPress is loaded.
Who receives this cookie: This cookie is only set for users who can log into WordPress.
How does this cookie help: With this cookie, the Wordfence firewall can recognize registered users and give them increased access. Wordfence can also detect users who are not logged in and restrict their access to secure areas. The cookie also tells the firewall what level of access a visitor has, so the firewall can make wise decisions about who to allow and who to block.
What does this cookie do: This cookie is used to notify the Wordfence administrator when an administrator logs in from a new device or location.
Who is receiving this cookie? This is only set for administrators.
How does this cookie help: This cookie enables website owners to determine if an administrator has been logged in from a new device or location.
What does this cookie do: Wordfence offers a function for a website visitor to bypass country blocking by accessing a hidden URL. You can use this cookie to track who is allowed to bypass country blocking.
Who is receiving this cookie? If a hidden URL defined by the site administrator is visited, this cookie is set to check whether the user can access the site from a country restricted by country blocking. This is set for anyone who knows the URL that can be used to bypass the standard country blocking. This cookie is not set for people who do not know the hidden URL in order to bypass country blocking.
How does this cookie help: With this cookie, website owners can allow certain users from blocked countries even though their country has been blocked.
Online presence in social media
On the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) we operate online presences within so-called “social media” in order to be able to communicate with users there or to provide information about our services.
We would like to point out that these social media can also process user data outside of the European Union and that this user data is processed in most cases for marketing and advertising purposes.
If you use these social media or networks (such as Facebook, Instagram, Pinterest, etc.), the terms and conditions and data processing guidelines of the respective operator apply.
The provider of the service is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Details can be found here:
Data protection notice: https://www.facebook.com/about/privacy
Additional data protection notice: https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-out (advertising settings): https://www.facebook.com/settings?tab=ads
This site uses SSL encryption for reasons of security and to protect the transmission of confidential content, such as the inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.
If the SSL encryption is activated, the data that you transmit to us cannot be read by third parties.
The provider uses technical and organizational security measures to protect the data stored by the provider against accidental or deliberate manipulation, loss, destruction or against access by unauthorized persons. Data transfers between service providers are carried out using the SSL (Secure Socket Layer) method. In this case, this software encrypts all information that is transmitted to and from supporters.
All data is stored on the server of this website or on the servers of our service providers, with whom contracts for order processing according to § 28 GDPR have been concluded with appropriate verification.
Updates to this privacy notice
We adjust the content of this data protection notice at regular intervals if this becomes necessary due to changes in the data processing we have carried out. We therefore ask you to inform yourself regularly about the content of our data protection notice.
For your information: Addresses, links and other contact information that are given here in this data protection notice may change over time.