Thank you for your interest in our website. The protection of your personal data is very important to us. Below you will find information on how your data is handled, which is collected through your use of our website or app. The processing of your data is carried out in accordance with the statutory data protection regulations.
Castle Tech GmbH
Hauptstraße 27, Haus 9 Aufgang N
10827 Berlin
info@caronsale.com
Dominik Fünkner
c/o Proliance GmbH
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
Our privacy policy is intended to be simple and understandable for everyone. In this privacy policy, the official terms of the General Data Protection Regulation (GDPR) are generally used. The official definitions are explained in Art. 4 GDPR.
In Part I of this privacy policy, you will be informed about the specific processing processes during the visit to our website. In Part II, you will be informed about additional processing in the event of the use of our app. In Part III, you will then be informed about the handling of your personal data in all overarching processing processes that are valid for the use of our services via the website as well as via the app.
Our website is hosted by an external service provider (hoster). The hosting of this website takes place in Germany. Personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact inquiries, meta and communication data, website accesses, and other data generated through a website.
When you access our website, it is technically necessary for data to be transmitted from your internet browser to our web server. The following data is recorded during an ongoing connection to facilitate communication between your internet browser and our web server:
We collect the listed data to ensure a smooth connection of the website and to enable a comfortable use of our website by the users. Additionally, the log file serves to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f GDPR. For technical security reasons, particularly to ward off attempts to attack our web server, this data is temporarily stored by us. It is not possible for us to draw conclusions about individual persons based on this data. The data will be anonymized after a maximum of 31 days by shortening the IP address at the domain level, so it will no longer be possible to associate it with a single user. In anonymized form, the data may be processed for statistical purposes. There is no storage of this data together with other personal data of the user, a comparison with other data stocks or a transfer to third parties at any time.
If you send us inquiries by email, your information from your email, including the name you provided and other voluntary contact details such as your phone number, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent. The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR, if consent has been given, otherwise our legitimate interest in responding to your request according to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, if your request is aimed at concluding a contract. Your data will be deleted after the final processing of your inquiry unless statutory retention obligations oppose this. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.
This website uses a live chat from WiseBit Pte. Ltd. to ensure the best possible user experience. To answer live inquiries, your email address is collected, if we need to contact you again in connection with the inquiry.
For the operation of the chat function, cookies are used. Cookies are small text files that are stored locally in the cache of the visitor's internet browser. The cookies enable the recognition of the visitor's internet browser to distinguish between individual users of the chat function on our website.
The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR, if consent has been given, otherwise our legitimate interest in responding to your request according to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, if your request is aimed at concluding a contract.
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. Continued processing will only take place if it is necessary for the initiation and handling of a contract or to fulfill contractual purposes.
To avoid the storage of cookies, you can set your internet browser so that no cookies are stored on your computer in the future or that cookies that have already been stored are deleted. However, disabling all cookies may mean that the chat function on our website can no longer be executed. If consent has been given, the user can withdraw their consent to the processing of personal data at any time. In such a case, the conversation cannot be continued.
Since personal data is transmitted to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed on standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even with this contractual extension, we strive for further regulations and commitments from the recipient in the USA.
For more information on WiseBit Pte. Ltd.'s data protection, please visit: https://botstar.com/privacy-policy/
When downloading the app, certain required information is transmitted to the app store you selected (Google Play Store, Apple App Store). In particular, this may include the username, email address, account number, time of download, payment information, and the individual device identifier. We have no influence on this data collection and are not responsible for it. The contract conclusion takes place with the respective provider of the store and is handled according to their business and usage conditions as well as their privacy policies. Within the scope of your use of the stores, we only process the reviews you publish about our app and the associated data and receive anonymous statistics from the stores, such as download numbers, uninstallations, and crashes.
This app is hosted by an external service provider (Amazon Web Services, Heruko (Salesforce.com, Inc.)) on servers located in the European Union (Frankfurt). Personal data collected in the app is stored on the servers of our hoster. We have concluded an order processing contract with the hoster in accordance with the requirements of Art. 28 GDPR, in which we oblige the hoster to protect our customers' data and not to pass it on to third parties.
In the context of your use of the app, certain data is automatically collected, which is required for the provision and use of the app. The following data is processed for this purpose: internal device ID, version of your operating system, time of access, IP address, content of access.
This data is automatically transmitted to us to provide the service and the associated functions and to prevent and eliminate misuse and malfunctions.
This data processing is carried out based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR in ensuring the functionality and error-free operation of the app.
The app requires the following permissions for the full use of our services: internet access, push notifications, and location.
The permissions to access the above functions are explicitly requested at the latest when the app is first used on the device and can be granted or denied.
If you have granted the individual permissions, the processing of your data is based on your consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw any consent you have given at any time for the future. A granted permission can usually be revoked in the device settings at any time (this depends on the device and the operating system, over which we have no influence). The legality of the data processing carried out until the withdrawal remains unaffected. Please note that permissions that have not been granted can restrict the use of the app.
By using our website and app, access to information (e.g., IP address) or storage of information (e.g., cookies) on your end devices may occur. This access or storage may be associated with further processing of personal data within the meaning of the GDPR.
In cases where such access to information or storage of information is absolutely necessary for the technically error-free provision of our services, this is done based on § 25 para. 1 sent. 1, para. 2 no. 2 TTDSG.
In cases where such a process serves other purposes (e.g., the needs-based design of our website and app), this is done based on § 25 para. 1 TTDSG only with your consent according to Art. 6 para. 1 lit. a GDPR. The consent can be withdrawn at any time for the future.
Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website and app.
You have the option to register as a seller or buyer for our auction platform and create a user profile. With your user account, you can list and sell vehicles as a seller and view, bid on, and purchase vehicle listings as a buyer. Additionally, users can book services related to vehicle purchases.
In the context of registration as a seller, we collect the following personal data:
These details are a prerequisite for using the auction platform as a seller. The legal basis for processing your first and last name as well as your email address is the execution of the contract according to Art. 6 para. 1 sent. 1 lit. b GDPR.
The legal basis for processing a copy of your ID and the personal data contained therein to identify your person is your consent according to § 18 para. 3 PassG or § 20 para. 2 sent. 3 PAuswG in connection with Art. 6 para. 1 sent. 1 lit. a GDPR. To identify your person, we need the following data from your ID document: first and last name, date of birth, validity period, and address. All other details can be blacked out before uploading during registration. The data will be deleted if it is no longer required to achieve the original purpose. The ID copy will not be passed on to third parties. You can withdraw your consent at any time with effect for the future by sending an email to info@caronsale.com. Please note that providing a copy of your ID is necessary for identity verification. Therefore, if you do not grant us your consent according to Art. 6 para. 1 sent. 1 lit. a GDPR during registration, the use of our auction platform cannot take place.
The request for a copy of the business registration is to verify that your company has a valid business registration and can thus act as a seller on our auction platform. In addition, this copy of the business registration is stored by us to regularly check in connection with the VAT ID whether the prerequisites for using our auction platform as a seller are still met.
When you use our portal, your data can be made accessible to transport companies for the execution of the contract or based on your consent. The legal basis for the transfer of personal data in this case is the execution of the contract according to Art. 6 para. 1 sent. 1 lit. b GDPR.
We use the so-called double opt-in procedure for registration, i.e., your registration is only complete when you have confirmed your registration via a confirmation email sent to you for this purpose by clicking on the link contained therein. If your confirmation is not received within 7 days, your registration will automatically be deleted from our database.
To prevent unauthorized access by third parties to your personal data, especially financial data, the connection is encrypted using TLS technology.
With your user account, you can list and sell vehicles as a seller and view, bid on, and purchase vehicle listings as a buyer. Additionally, users can book services related to vehicle purchases. The legal basis for data processing is, with consent, Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR, if the processing is necessary to provide the desired services.
Your data will be deleted as soon as the user account on our website is deleted, provided there are no legal retention obligations. Changes and/or deletions of your user account, including the data you have provided, can usually be made directly in your user account after logging in or by sending a corresponding message to the controller mentioned at the beginning.
To transmit purchase price payments from buyers to sellers and to collect platform fees on our auction platform, we use the payment service provider Stripe Payments Europe Ltd. (hereinafter "Stripe") and its white-label solution "Stripe Connect." As part of the transaction processing, Stripe is legally obliged (among others according to the Anti-Money Laundering Act) to carry out a so-called KYC check. To comply with this obligation, it is necessary for us to forward a copy of the ID or passport of the owner or management of the selling company to Stripe.
The data collection and transfer are based on your consent according to Art. 6 para. 1 sent. 1 lit. a GDPR in conjunction with § 18 para. 3 PassG or § 20 para. 2 PAuswG. If special categories of personal data (e.g., ethnic origin) are apparent from the copy, the data collection and transfer also take place based on your consent according to Art. 9 para. 2 lit. a GDPR in conjunction with § 18 para. 3 PassG or § 20 para. 2 PAuswG. You can withdraw your consent at any time with effect for the future. Please note, however, that the processing of the purchase price payment is only possible with the consent to transfer the ID or passport copy.
The data will be deleted as soon as they are no longer needed for the purposes collected. Since data transfer to third countries outside the EU by Stripe to affiliated companies of Stripe may occur, additional protective mechanisms are required to ensure an adequate level of data protection according to the GDPR requirements. For this purpose, Stripe uses various measures, including the agreement of standard data protection clauses. For more information on Stripe's data protection, please visit: https://stripe.com/de/privacy.
If you have given us your consent according to Art. 6 para. 1 sent. 1 lit. a GDPR at the beginning of the conversation, we process personal data about you within the scope of recording telephone conversations for training and quality assurance purposes. The recordings collected and stored in this context are not passed on to third parties. The recordings are deleted after achieving the purpose (at the latest after six months). You can also withdraw your consent at any time with effect for the future by sending an email to info@caronsale.com.
If you apply to us via our contact form or email, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number, and email address) as well as further data provided by you about your career (e.g., CV, qualifications, degrees, and work experience) and your person (e.g., cover letter, personal interests). This may also include special categories of personal data (e.g., information on a disability). Your personal data is usually collected directly from you as part of the application process and is encrypted during electronic transmission. The primary legal basis for this is Art. 6 para. 1 b GDPR in conjunction with § 26 para. 1 BDSG. Additionally, consents according to Art. 6 para. 1 lit. a, 7 GDPR in conjunction with § 26 para. 2 BDSG can be used as a data protection legal permission provision. If the processing of your data is based on consent, you have the right to withdraw your consent at any time with effect for the future.
Within our company, only those persons and positions (e.g., HR department) have access to your personal data who need this to conduct the application process or to fulfill our legal obligations. Your applications may be forwarded to the respective responsible persons for review. In no case will your personal data be passed on to unauthorized third parties.
Your data regarding an application for a specific job advertisement will be stored and processed by us during the ongoing application process, provided the applicants have given their consent according to Art. 6 para. 1 sent. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. A simple email to the contact details of the controller mentioned above is sufficient. In the case of a successful application, your application documents will be included in the personnel file.
Our website uses so-called "cookies." Cookies are small text files that are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted after your visit. Permanent cookies remain on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or language settings). Other cookies serve to evaluate user behavior or display advertising.
The processing of data through the use of essential cookies is based on a legitimate interest according to Art. 6 para. 1 lit. f GDPR in the technically error-free provision of our services. Details on the purposes of processing and legitimate interests can be found in the explanations on specific data processing activities.
The processing of personal data through the use of other cookies is based on consent according to Art. 6 para. 1 lit. a GDPR. The consent can be withdrawn at any time for the future. If such cookies are used for analysis and optimization purposes, we will inform you separately in this privacy policy and obtain consent according to Art. 6 para. 1 lit. a GDPR.
You can set your browser to inform you about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or generally, and activate the automatic deletion of cookies when closing the browser.
The cookie settings can be managed under the following links for the respective browsers:
You can also manage cookies from many companies and functions used for advertising individually. Use the appropriate user tools available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called "do-not-track" function. When this function is activated, the respective browser informs advertising networks, websites, and applications that you do not want to be "tracked" for behavioral advertising and the like.
For information and instructions on how to edit this function, depending on your browser provider, use the following links:
Additionally, you can prevent scripts from loading by default. "NoScript" allows the execution of JavaScripts, Java, and other plugins only on trusted domains of your choice. Information and instructions on how to edit this function can be found through your browser provider (e.g., for Mozilla Firefox at https://addons.mozilla.org/de/firefox/addon/noscript/).
Please note that disabling cookies may limit the functionality of our website.
The website uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service allows website tags to be managed through an interface. The Google Tag Manager implements tags only. This means that no cookies are used, and only the IP address of the user is transmitted to Google for connection purposes. The Google Tag Manager triggers other tags that may collect data. However, the Google Tag Manager does not access this data. If deactivation has been carried out on the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager.
We use Google Tag Manager based on your consent according to Art. 6 para. 1 lit. a GDPR.
Since the IP address is transmitted to Google in the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed on standard data protection clauses with the provider according to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even with this contractual extension, we strive for further regulations and commitments from the recipient in the USA.
Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies" and web beacons.
Google will use this information on behalf of the operator of this website to evaluate your use of the website and to compile reports on website activities. Google will also use this information to provide the website operator with other services related to website use and internet use. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other data from Google. The processing takes place according to Art. 6 para. 1 lit. a GDPR based on your given consent.
We use Google Analytics only with activated IP anonymization. This means your IP address will only be processed further in a shortened form.
Since personal data is transmitted to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed on standard data protection clauses with the provider according to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even with this contractual extension, we strive for further regulations and commitments from the recipient in the USA.
The terms of use of Google Analytics and information on data protection can be accessed via the following links: http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.
The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. Deletion of data at the user and event level, which are linked to cookies, user identifiers (e.g., User-ID), and advertising IDs (e.g., DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]), is carried out.
You can prevent the storage of cookies by adjusting your browser software settings accordingly. However, please note that you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=de.
Our homepage uses the online map service provider Google Maps via an interface. This allows us to display interactive maps directly on the website and enable you to use the map function comfortably. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps, it is necessary to store your IP address.
Google uses cookies to collect information about user behavior. The legal basis for processing your personal data is your given consent according to Art. 6 para. 1 sent. 1 lit. a GDPR.
Since personal data is transmitted to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, Google uses standard data protection clauses according to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even with this contractual extension, we strive for further regulations and commitments from the recipient in the USA.
For more information on how Google handles user data, please see Google's privacy policy: https://www.google.de/intl/de/policies/privacy/ and the opt-out link: https://www.google.com/settings/ads/.
Our website uses the web analysis service of Datadog, Inc (620 8th Avenue, Floor 45, New York, NY 10018, USA).
The data processing is aimed at evaluating your use of the website and monitoring the performance of this website, fixing ongoing errors, and compiling reports on website activities. The following information may be collected: IP address, date and time of page access, click path, information about the browser and device used, pages visited, referrer URL (website from which you accessed our website), location data, and purchase activities. The IP address transmitted by your browser within the framework of Datadog is not merged with other data from Datadog.
Datadog uses technologies such as cookies, web storage in the browser, and tracking pixels, which enable the analysis of the use of the website described above.
The processing takes place according to Art. 6 para. 1 lit. a GDPR based on your given consent.
Since the IP address is transmitted to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed on standard data protection clauses with the provider according to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even with this contractual extension, we strive for further regulations and commitments from the recipient in the USA.
For more information on terms of use and data protection, please visit: https://www.datadoghq.com/legal/privacy/.
We use the services of SendGrid / Twilio for sending emails. The provider is Twilio Inc, 375 Beale Street, Suite 300, San Francisco, CA 94105, and/or one of its subsidiaries (including SendGrid).
SendGrid / Twilio is a service that organizes and analyzes the sending of emails and newsletters. If you provide data, such as an email address, it will be stored on the servers of SendGrid in the USA.
With the help of SendGrid / Twilio, we can analyze the dispatch of emails. For example, it can be determined whether a message has been opened and which links have been clicked, if any. In addition, technical information is collected (e.g., the time of retrieval, IP address, browser type, and operating system). This data is used exclusively for statistical analysis of messages. The results of these analyses can be used to better detect delivery problems.
The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR, if consent has been given. If the collected information has a personal reference, the processing is also based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR in effective customer care. If the sending of emails via SendGrid is part of the contract execution, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
Since personal data is transmitted to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed on standard data protection clauses with the provider according to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even with this contractual extension, we strive for further regulations and commitments from the recipient in the USA.
For more information, please see the privacy policy of SendGrid / Twilio: https://www.twilio.com/legal/privacy.
Our online offering uses the analysis service of LogRocket, located at 87 Summer St, Boston, Massachusetts 02110, USA.
When you visit our website, LogRocket collects information about your use of our website, such as pages visited, links clicked, non-sensitive text, and mouse movements, as well as information that is often collected, such as the referring URL, browser, operating system, and information about your internet service provider.
The legal basis for processing is Art. 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest lies in improving the operation of our website and fixing errors.
LogRocket allows us to reproduce what users do on our website, enabling us to reproduce errors and fix problems with the operation of our website more quickly.
The data will be deleted as soon as it is no longer required for the purpose of data processing, unless legal regulations prevent this.
Since personal data is transmitted to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed on standard data protection clauses with the provider according to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even with this contractual extension, we strive for further regulations and commitments from the recipient in the USA.
For more information on data protection, please visit: https://logrocket.com/privacy/.
We use WhatsApp Business for communication purposes, a service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
You can contact us, for example, via a button on the website. Your contact details in the form of your phone number as well as meta/communication data (e.g., device information, IP addresses) will be processed.
We point out that the communication contents (i.e., the content of the message and attached images) are end-to-end encrypted. This means that the content of the messages cannot be viewed, not even by WhatsApp Ireland Limited itself. You should always use a current version of the messenger with encryption enabled to ensure the encryption of message content.
We also point out that the providers of the messengers can find out that and when you communicate with us as well as process technical information about the used device and, depending on your device settings, also location information (so-called metadata).
If we ask for your permission before communicating with you via Messenger, the legal basis for processing your data is your consent according to Art. 6 para. 1 sent. 1 lit. a GDPR. Otherwise, if we do not ask for consent and you, for example, contact us on your own initiative, we use WhatsApp in relation to our contract partners as well as within the scope of contract initiation as a contractual measure according to Art. 6 para. 1 sent. 1 lit. b GDPR and in the case of other interested parties based on our legitimate interest according to Art. 6 para. 1 sent. 1 lit. f GDPR in quick and efficient communication.
Since personal data is transmitted to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed on standard data protection clauses with the provider according to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even with this contractual extension, we strive for further regulations and commitments from the recipient.
The terms of use of WhatsApp and information on data protection can be accessed via the following links:
You can withdraw a given consent at any time and object to communication with us via WhatsApp at any time. In this case, we will delete the messages according to our general deletion policies (e.g., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that any queries you may have been answered and no reference to a previous conversation is to be expected, and no statutory retention obligations oppose deletion.
In conclusion, we would like to point out that we reserve the right to refrain from answering inquiries via WhatsApp for your security reasons. This is the case, for example, if contract details require special confidentiality or a response via WhatsApp does not meet formal requirements. In such cases, we will refer you to more appropriate communication channels.
Below you will find information on how your data is handled, which is collected through your use of our social media appearances on social networks and platforms. The processing of your data is carried out in accordance with the statutory data protection regulations.
If the data you provide to us is also or exclusively processed by Facebook, the responsible party for data processing in the sense of the GDPR is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we have concluded an agreement with Facebook according to Art. 26 GDPR about joint responsibility for data processing (Controller Addendum). In this agreement, it is determined for which data processing operations we or Facebook is responsible when you visit our Facebook fan page. This agreement can be viewed under the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
Since personal data is transmitted to the USA by Facebook Ltd. among others to Facebook Inc., additional protective mechanisms are required to ensure the data protection level of the GDPR. For this purpose, the provider uses standard data protection clauses according to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.
If you wish to exercise your rights (access, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection, or withdrawal) as a visitor to the site, you can contact both Facebook and us.
You can adjust your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com.
For more details, please see Facebook's privacy policy: https://www.facebook.com/about/privacy.
To contact Facebook's Data Protection Officer, you can use the online contact form provided by Facebook under the following link: https://www.facebook.com/help/contact/540977946302970.
Facebook provides so-called page insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. These are aggregated data that provide insight into how people interact with our page. Page insights can be based on personal data collected in connection with a visit or interaction by individuals on or with our page and the content provided. Please note what personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged into Facebook or do not have a Facebook account. For example, user profiles can be created from the usage behavior and resulting interests of the users. The user profiles can, in turn, be used to place advertisements within and outside the platforms that are presumably in line with the interests of the users. This data collection takes place via cookies stored on your end device. In the user profiles, data that is independent of the devices used by the users can also be stored; especially if the users are members of the respective platforms and are logged in to them. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimized presentation of our offer, effective information and communication with customers and interested parties, and targeted placement of advertisements. Please note that we have no influence on the data collection and further processing by Facebook. Consequently, we cannot provide any information about the extent to which, where, and for how long the data is stored by Facebook. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, which evaluations and connections are made with the data on the part of Facebook, and to whom the data is passed on by Facebook. If you want to avoid the processing of your personal data by Facebook, please contact us through other means.
If your personal data is processed by any of the providers listed below, they are responsible for the data processing in the sense of the GDPR. To assert your rights as a data subject, please note that these are most effectively asserted with the respective providers. Only they have access to the data collected from you. Should you still need assistance, you can contact us at any time.
We have online presences on the social media platforms of the following providers:
Information on how to contact the Data Protection Officer of the other social media providers can be found here:
The controller for data processing in the sense of the GDPR is the entity named at the beginning of this privacy policy, insofar as data transmitted by you via one of the social media platforms is processed by us.
For concerns regarding data processing carried out by us as the controller, you can reach our Data Protection Officer at the contact details provided at the beginning of this privacy policy.
As a rule, personal data on the company's page is processed for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. With the help of the collected data, usage profiles can be created. These are used to display advertisements that are presumably of interest to you within and outside the platform. Furthermore, data can be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them.
We collect personal data if you contact us via contact form or messenger service, such as the Facebook Messenger. The data collected depends on your information and the contact details you provide or release. This data is stored and used exclusively for the purpose of responding to your request or for the purpose of contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request according to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after the final processing of your inquiry unless statutory retention obligations oppose this. We assume final processing when it can be inferred from the circumstances that the relevant matter has been conclusively clarified.
If your contact via a social network or other platform is aimed at concluding a contract for the delivery of goods or the provision of services with us, we process your data to fulfill the contract or to carry out pre-contractual measures or to provide the requested services. The legal basis for processing your data in this case is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if they are no longer required for contract execution or if it is established that the pre-contractual measures do not lead to the conclusion of a contract corresponding to the purpose of the contact. Please note that it may still be necessary to store personal data of our contractual partners after the conclusion of the contract in order to fulfill contractual or legal obligations.
If you are asked for consent by the respective platform providers for a specific processing purpose, the legal basis for processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. A given consent can be withdrawn at any time with effect for the future.
When visiting and using the above platforms, personal data may be transferred to the USA or other third countries outside the EU, which requires additional protective mechanisms to ensure the data protection level of the GDPR. Further information on whether and which suitable guarantees the providers can demonstrate can be found in the following overview.
We have no influence on the processing of your personal data by the provider and the handling of it. Likewise, we have no information on this. For further information, please refer to the respective provider's privacy policy and, if necessary, use the options for opt-out / personalization regarding the data processing by the provider:
Your personal data will not be transferred to third parties, except:
Additionally, we use external service providers for the processing of our services, which we have carefully selected and commissioned in writing.
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, considering the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons according to Art. 32 GDPR. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
The duration of the storage of personal data is determined by the respective statutory retention periods (e.g., from commercial and tax law). After the expiry of the respective period, the corresponding data is routinely deleted if it is no longer required for contract fulfillment or contract initiation, and if there is no legitimate interest in further storage on our part or you have exercised your right to object or withdraw consent.
Below you will find information about which data subject rights the applicable data protection law grants you against the controller regarding the processing of your personal data:
If your personal data is processed by us based on legitimate interests according to Art. 6 para. 1 sent. 1 lit. f GDPR, you have the right to object to the processing of your personal data if there are reasons arising from your particular situation. If the objection is directed against the processing of personal data for direct marketing purposes, you have a general right to object without specifying a particular situation.
The provision of personal data for the decision on the conclusion of a contract, the contract fulfillment, or the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the scope of contractual measures if you provide such personal data that is necessary for the conclusion, fulfillment, or pre-contractual measures.
Automated decision-making or profiling according to Art. 22 GDPR does not take place.
We reserve the right to adapt or update this privacy policy if necessary, in compliance with the applicable data protection regulations. This way, we can adapt them to current legal requirements and consider changes in our services, e.g., when introducing new services. For your visit, the latest version of this privacy policy applies.
Status of this privacy policy: March 15, 2023