We are pleased that you are visiting our website and are delighted by your interest in our company. The protection of your personal data is very important for us. Carado GmbH (hereafter "Carado", "we" or "us") attaches great importance to the security of users’ data and compliance with data protection legislation. Below we provide more detail about how your data is handled by us.

Data Controller:

Carado GmbH, Ölmühlestr. 6, 88299 Leutkirch

Tel.: +49 7561 9097 300

E-Mail: info@carado.com

Contact details of external Data Protection Officer:

DDSK GmbH

Tel.: 07542 949 21 - 01

E-Mail: datenschutz@carado.com

You can find more information about the processing of your personal data in the application process here:

The terms used in this privacy notice should be understood as having the meanings defined in Art. 4 GDPR.

You can visit our site without actively providing any details about yourself personally. However, we will automatically store access data each time the website is called up (server log files) such as the name of your Internet service-provider, the operating system used, the particular website you visit us from, the date and the duration of the visit or the name of the file requested, as well as for security reasons, e.g. to identify attacks on our websites, the IP address of the computer used; and all this for a period of seven days. This data is evaluated only to improve our offering and does not permit any conclusions to be drawn about you personally. This data will be not aggregated with other data sources.

We process and use the data for the following purposes: providing the website, improving our websites, preventing and detecting errors/malfunctions and misuse of the website.

Legal Basis:
Legitimate interest, Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: 
Ensuring the functionality, error-free and secure operation of the website and adapting this website to the requirements of users.

We use so-called cookies on our websites in order to make your visit to our website attractive and to enable the use of certain functions. This concerns a standard internet technology for the storage and to call login and other use-related information for all users of our website. Cookies are small text files, which are placed on your terminal device. Among other things, they enable us to store user settings, so that our websites can be displayed in a format that is customised for your device. Several of the cookies used by us are deleted again after the end of the browser session, therefore after your browser is closed (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies to recognise your browser the next time you visit the website (so-called permanent cookies).

You can set your browser so that you are informed about the setting of cookies and can make individual decisions about their acceptance or exclude the acceptance of cookies for certain cases or generally. The cookies can furthermore be deleted subsequently in order to remove data that websites have lodged on your computer. You can find an instruction for this purpose quickly on the Internet. The deactivation of the cookies can lead to several restrictions to the functionality of our website.

Categories of Data Subjects:
Website visitors, users of online services

Opt-Out:
Internet Explorer: 
https://support.microsoft.com/de-de/help/17442

Firefox: 
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome: 
https://support.google.com/chrome/answer/95647?hl=de

Safari: 
https://support.apple.com/de-de/HT201265

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR); fulfilment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)
The relevant legal basis in each case is specifically named with the corresponding tool.

Legitimate interests: 
Storage of opt-in preferences, presentation of the website, ensuring the functionality of the website, preservation of user status across the entire website, recognition for next website visitors, user-friendly online offering, ensuring chat function

To enable us to evaluate visitor flows in relation to our online offering, we use tools for web analysis and reach measurement. To this end, we collect information about the behaviour, interests and demographic information of our visitors, such as age, gender or similar. This helps us to recognise at what time our online offering, its functions or content are most frequented and it also helps us to know how to invite repeated visits. In addition, the information we collect enables us to determine whether our online offering needs any optimisation or adjustment.

The information collected for this purpose is stored in cookies or similar processes and is used for reach measurement and optimisation. The data stored in cookies may include content viewed, online sites visited, settings and functions and systems used. As a rule, however, no clear user data is processed for the purposes described. In this case, data is changed in such a way that the actual identity of users is not known, either to us or to the provider of the tool used. The data changed in this way is often stored in user profiles.

Categories of Data Subjects: 
Website visitors, users of online services

Categories of Data:
User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. email address, telephone number), content data (e.g. text details, photographs, videos)

Purposes of Processing:
Website analysis, reach measurement, utilisation and evaluation of website interaction, lead evaluation

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR); fulfilment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)

Legitimate Interests:
Optimisation and further development of the website, profit increase, customer retention and acquisition

Matomo

Service used:
InnoCraft Ltd, 150 Willis St., 6011 Wellington, Neuseeland

Privacy:
https://matomo.org/privacy-policy/

Opt-Out-Link:
https://matomo.org/docs/gdpr/

Legal Basis:
Consent (Art. 6 para. 1 lit. a) GDPR)

In order to continuously increase our reach and the awareness of our online offering, we process personal data as part of online marketing, in particular with regard to potential interests and measuring the effectiveness of our marketing actions.

For the purpose of measuring the effectiveness of our marketing actions and identifying potential interests, relevant information is stored in cookies or else similar processes are used. The data stored in cookies may include content viewed, online sites visited, settings and functions and systems used. As a rule, however, no clear user data is processed for the purposes described. In this case, the data is changed in such a way that the actual identity of users is not known, either to us or to the provider of the tool used. The data changed in this way is often stored in user profiles.

In the case of storage of user profiles, data can be read out, supplemented and added to on the server of the online marketing provider whenever other online offerings that use the same online marketing process are visted.

We can determine the success of our advertisements on the basis of aggregated data supplied to us by the provider of the online marketing process (so-called conversion measurement). Within the scope of these conversion measurements, we can track whether a marketing measure has led to a purchase decision by the visitor to our online offering. This assessment process is used to analyse the success of our online marketing.

Categories of Data Subjects: 
Website visitors, users of online services, interested parties, communication partners, business and contractual partners

Categories of Data: 
User data (e.g. web pages visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), location data, contact data, content data (e.g. text details, photographs, videos)

Purposes of Processing: 
Marketing (partly also interest-based and behavioural), conversion measurement, target group formation, click tracking, development of marketing strategies and increasing the efficiency of campaigns

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR); fulfilment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)

Legitimate interests:
Optimisation and further development of the website, profit increase, customer retention and acquisition

Google Tag Manager

Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection: 
https://policies.google.com/privacy

Opt-Out link: 
https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/

Legal Basis:
Legitimate interest (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests:
Coordination of different tools, management, ease of use and presentation

Google Analytics 4-Property

Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Privacy: 
https://policies.google.com/privacy

Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal Basis:
Consent (Art. 6 para. 1 lit. a) GDPR)

Google AdWords

Service used:    Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Privacy:
https://policies.google.com/privacy

Opt-Out-Link: 
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal Basis:
Consent (Art. 6 para. 1 lit. a) GDPR)

Google Doubleclick

Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Privacy: 
https://policies.google.com/privacy

Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal Basis:
Consent (Art. 6 para. 1 lit. a) GDPR)

Microsoft Advertising   

Service used:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Privacy:
https://privacy.microsoft.com/de-de/privacystatement      

Opt-Out-Link:
https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings

Legal Basis:
Consent (Art. 6 para. 1 lit. a) GDPR)

Facebook-Pixel

Service used:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland

Privacy: 
https://www.facebook.com/privacy/explanation

Opt-Out-Link:
https://www.facebook.com/policies/cookies/

Legal Basis:
Consent (Art. 6 para. 1 lit. a) GDPR)

LinkedIn

Service used: 
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Privacy: 
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Opt-Out-Link: 
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR)

Pinterest Web Analytics

Service used:
Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA

Privacy: 
https://policy.pinterest.com/de/privacy-policy

Opt-Out-Link: 
https://policy.pinterest.com/de/cookies

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR)

Xandr Universal Pixel

Service used:
Xandr Inc. 28 West 23rd Street, Fl 4 New York, NY 10010 USA 

Privacy: 
https://about.ads.microsoft.com/en-us/solutions/xandr/digital-platform-cookie-policy  

Opt-Out-Link: 
https://monetize.xandr.com/privacy-center/captcha?next_page=/privacy-center/delete  

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR)

We maintain online presences on social networks and career platforms in order to be able to exchange information with the users registered there and to make contact wit them in an uncomplicated way.

In some cases, the data of users on social networks is used to conduct market research and so, pursue advertising purposes. User profiles can be created via the usage behaviour of users; for example, by specifying interests, and can be used to adapt advertisements to the interests of target groups. For this purpose, cookies are regularly stored on the terminal devices of users, sometimes regardless of whether they are registered users of the social network.

In connection with the use of social media, we also use the associated messenging systems in order to be able to communicate with users in an uncomplicated way. We would like to point out that the security of individual services may depend on the user's account settings. Even in the case of end-to-end encryption, the service-provider may be able to draw conclusions about both the fact that users communicate with us and the time that they communicate with us and it may also collect location data if required.

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This can result in risks to users; for example, because it makes it more difficult to enforce their rights.

Categories of Data Subjects: 
Registered users and non-registered users of the social network

Categories of Data: 
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text data, photographs, videos), usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address)

Purposes of Processing: 
Extension of reach, networking

Legal Basis:
Legitimate interests (Art. 6 para. 1 lit. f) GDPR), consent (Art. 6 para. 1 lit. a) GDPR)

Legitimate interests: 
Interaction and communication on social media presence, increasing profit, insights about target groups

GIPHY

Service used:
GIPHY Inc., 416 West 13th Street, Suite 207, New York, NY 10014, USA

Privacy:
https://support.giphy.com/hc/en-us/articles/360032872931-GIPHY-Privacy-Policy

Instagram

Service used: 
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland

Privacy: 
https://help.instagram.com/519522125107875 and https://www.facebook.com/about/privacy

Opt-Out-Link:
https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

Facebook

Service used:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland

Privacy: 
https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum

Opt-Out-Link:
https://www.facebook.com/policies/cookies/ 

Facebook-Messenger

Service used: 
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland

Privacy: 
https://www.facebook.com/privacy/explanation

Opt-Out-Link:
https://www.facebook.com/policies/cookies/

LinkedIn

Service used:  
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Privacy: 
https://www.linkedin.com/legal/privacy-policy

Opt-Out-Link: 
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Pinterest

Service used: 
Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA

Privacy: 
https://policy.pinterest.com/de/privacy-policy

Opt-Out-Link: 
https://policy.pinterest.com/de/cookies

TikTok

Service used:  
TikTok Inc., 10100 Venice Blvd., Culver City, CA 90232, USA

Privacy: 
https://www.tiktok.com/legal/privacy-policy?lang=de

Xing

Service used: 
New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland

Privacy: 
https://privacy.xing.com/de/datenschutzerklaerung

YouTube

Service used: 
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Privacy: 
https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link: 
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

We have integrated functions and contents into our online offering, which are obtained from third-party providers. For example, videos, representations, buttons or posts (hereafter referred to as content ) can be integrated.

In order to be able to display content to visitors to our online offering, the respective third-party provider processes, among other things, the IP address of the user, so that the content can be transmitted to the browser and displayed. Without this processing operation, the display of third-party content is not possible.

In some cases, additional information is collected via so-called pixel tags or web beacons, whereby the third-party provider receives information about the use of the content or visitor traffic on our online offering, technical information about the user's browser or operating system, the time of the visit or referring websites. The data obtained in this way is stored in cookies on the user's terminal device.

In order to protect the personal data of visitors to our online offering, we have taken certain security precautions to prevent automatic transmission of this data. This data is only transmitted when users use the buttons or click on the third-party content.

Categories of Data Subjects: 
Users of the plug-in or embedded third-party content

Categories of Data: 
Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. e-mail address, telephone number), master data (e.g. name, address)

Purposes of Processing: 
Designing our online offering, increasing the reach of social media ads, sharing posts and content, interest and behaviour-based marketing, cross-device tracking

Legal Basis:
Consent (Art. 6 para. 1 lit. b) GDPR)

OpenStreetMap

Service used: 
OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, Vereinigtes Königreich

Privacy: 
https://wiki.osmfoundation.org/wiki/Privacy_Policy

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR)

ReCaptcha

Service used: 
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy: 
https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link: 
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal Basis:
Consent (Art. 6 para. 1 lit. a) GDPR)

Legitimate interests:
Ensuring the functionality, error-free and secure operation of the website and adapting this website to the requirements of users.

Adobe Typekit

Service used: 
Adobe Inc.: 345 Park Avenue, San Jose, California 95110-2704, USA

Privacy: 
https://www.adobe.com/de/privacy.html

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR)

YouTube

Service used:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy:
https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link: 
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR)

On our online offering, users have the option of subscribing to our newsletter or any notifications via various channels (hereafter newsletter). Subject to legislative provisions, we only send out newsletters to recipients who have consented to receive the newsletter. We use a selected service-provider to send out our newsletter.

In order to subscribe to one of our newsletters, it is necessary to provide an e-mail address. If necessary, we collect additional data, such as an individual’s name, in order to provide our newsletter with a personal address.

Our newsletter is only sent out after the so-called double opt-in procedure has been completed. If visitors to our online offering decide to subscribe to our newsletter, they will receive a confirmation e-mail, which is used to prevent the misuse of false e-mail addresses and to exclude the possibility that a simple, possibly accidental click triggers the sending of the newsletter. Subscription to our newsletter can be terminated for the future at any time. An unsubscribe link (opt-out link) is included at the end of each newsletter.

In addition, we are obliged to provide proof that our subscribers actually wanted to receive the newsletter. For this purpose, we collect and store their IP address and their log-in and log-out times.

Our newsletters are designed in such a way as to make it possible for us to gain insights into improvements, target groups or the reading behaviour of our subscribers. This enables us to use a so-called web beacon or a tracking pixel, which reacts to interactions with the newsletter; for example, on the basis of whether links are clicked, whether the newsletter is opened at all or at what time the newsletter is read. We may, for technical reasons, attribute this information to individual subscribers.

Categories of Data Subjects: 
Newsletter subscribers

Categories of Data: 
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times)

Purposes of Processing:
Marketing, customer retention and new customer acquisition, analysis and evaluation of the success of a campaign

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR)

Salesforce

Service used: 
Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA

Privacy: 
https://www.salesforce.com/uk/company/privacy/

We use our online presences to run prize draws and/or competitions . In doing this, we process the data of campaign participants, as required to implement the respective campaign. This also includes the data we need to inform the winner and to pay out the winnings.

Depending on the nature of the campaign, contributions from or about campaign participants may be published, for example when reporting on the respective campaign or if a vote on a submitted contribution by the participant is part of the campaign. Depending on the type of competition, the name of the participant will also be published. The data we process in individual cases depends on the specific campaign carried out and on the data we receive from the participant.

The implementation of the respective campaign on our presence in a social network is also subject to the usage and data protection provisions of the respective network.

Categories of Data Subjects: 
Campaign participants

Categories of Data: 
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photos, videos)

Purposes of Processing:
Competition implementation incl. prize distribution and announcement of the winner in various media

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR)

Our online offering provides the options of either contacting us directly or else obtaining information via various contact possibilities. In order for users always to have an overview of contacts, we use a management tool to process corresponding requests.

Whenever contact is made, we process the data of the person making the enquiry only to the extent needed to answer or process the enquiry. Depending on the way in which contact is made, the actual data processed may vary.

Categories of Data Subjects: 
Enquirers

Categories of Data: 
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of Processing: 
Processing of enquiries

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR), fulfilment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)

Schmieder

Service used: 
Schmieder GmbH, Schussenstraße 16, 88273 Fronreute-Staig

Privacy: 
https://www.schmieder-personal.de/datenschutz

We offer the ability to create a user account on our online offering. As part of registration, we collect the necessary data from interested visitors, which we need in order to provide a user account and to provide the associated functions.

If visitors to our online offering decide to register, they will receive an e-mail, which must be confirmed and is used to prevent the misuse of false e-mail addresses.

To protect use of the internal area, we collect IP addresses and the time of access, as this prevents misuse of a user account and any unauthorised use. We do not pass this data on to third parties, unless this is necessary to pursue our claims or we are under a legal obligation to do so.

Categories of Data Subjects: 
registered users

Categories of Data: 
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), login data (user name and password), possibly other content data (e.g. text entries, photographs, videos), meta and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interests, access times)

Purposes of Processing:
Simplification of website functionality, contract fulfilment, customer retention

Legal Basis: 
Consent (Art. 6 para. 1 lit. a) GDPR)

On our website you have the possibility to arrange a test drive and/or a consultation appointment. For this purpose, the necessary personal data will be collected and transmitted to the dealer selected by you: Your name, title, e-mail address, preferred vehicle type, and, provided you would like your selected dealer to contact you by phone, phone number is also collected and transmitted as voluntary information. For general assurance that the appointment will take place as agreed, we will send you an appointment confirmation and a reminder.

This collection, storage, and transmission of the data is based on your voluntarily given consent within the meaning of Article 6 paragraph 1 sentence 1 lit. a) in conjunction with Article 7 of the GDPR. You can revoke this consent at any time by sending your revocation to info@carado.com or Carado GmbH, Ölmühlestraße 6, 88299 Leutkich im Allgäu, with effect for the future. In addition, you can also assert your rights against the dealer. Please contact the dealer of your choice.

Salesforce

Service used: 
Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA

Privacy: 
https://www.salesforce.com/uk/company/privacy/

Zendsek

Service used: 
Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA

Privacy:
https://www.zendesk.de/company/privacy-and-data-protection/#gdpr-sub

We transmit the personal data of visitors to our online offering for internal purposes (e.g. for internal administration or to the HR department in order to comply with legal or contractual obligations). Internal data transmission or disclosure of your data is only carried out in the extent necessary for this purpose, subject to compliance with the relevant data protection regulations.

We are a globally active company with headquarters in Germany. The data of visitors to our online offering is stored in our centralised customer database in Germany, subject to  compliance with the relevant data protection regulations; and it is processed within this framework for internal administrative purposes throughout the Group. No processing is carried out beyond stated administrative purposes.

Legal Basis:
Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests:
So-called small group privilege, centralised management and administration within the company, in order to exploit synergy effects, cost savings, increasing effectiveness

Recipient:
https://www.erwinhymergroup.com/de/unternehmen/ueber-die-erwin-hymer-group

In the event that we transfer internal Group data to a country outside the EEA for processing purposes, we will ensure that the processing carried out in the manner we intend is lawful. For this scenario, we have concluded binding corporate rules/standard data protection clauses that include a special arrangement involving appropriate technical and organisational measures; this is in order to protect the data of data subjects in the best possible way. A copy of the guarantee used can be downloaded here https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.

We principally store your data for as long as necessary in order to provide our services or to the extent envisaged by the European legislator of directives and regulations or another legislator in laws or regulations, which the data controller responsible for the processing is subject to. In all other cases we erase your personal data after completion of the relevant purpose. This does not include any data that we are required to continue to store in order to fulfil legal obligations (e.g. we are obligated owing to tax and commercial law storage obligations to keep documents in reserve such as e.g. contracts and invoices for a certain period of time).

We do not use automated decision-making or profiling pursuant to Art. 22 DSGVO.

The relevant legal bases are primarily derived from the GDPR. These are supplemented by national laws of the member states and are applicable together with or in addition to the GDPR where applicable.

Consent:
Art. 6 1 lit. a GDPR is used by our company as the legal basis for processing activities, whereby we will obtain special consent for a particular processing purpose.

Performance of a contract:
If the processing of personal data is necessary in order to perform a contract, to which the data subject is a contractual party; as, for example, would be the case with processing activities, which are necessary to deliver goods or supply any other service or consideration, then the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations as are needed to implement pre-contractual measures; for example, in the case of enquiries about our products or services.

Legal obligation:
If our company is subject to a legal obligation, under which the processing of personal data becomes necessary; such as, for example, to fulfil tax obligations, then the processing is based on Art. 6 I lit. c GDPR.

Vital interests:
In rare cases, the processing of personal data might be necessary in order to protect vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were to be injured at our company and subsequently his name, his age, his health insurance details or other vital information had to be forwarded to a doctor, a hospital or some other third party. Then the processing would be based on Art. 6 I lit. d GDPR.

Public interest: 
Article 6(1)(e) of the GDPR serves as the legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate interest:
Finally, processing activities might be based on Art. 6 I lit. f GDPR. Processing activities not covered by any of the above legal bases would rely on this particular legal basis, where such processing is necessary in order to safeguard a legitimate interest of our company or of a third party; provided, however, that the interests, basic rights and basic freedoms of the data subject do not prevail in particular where the data subject is a child. 

Right of Access: 
Under Article 15 of the GDPR, data subjects have the right to request confirmation regarding whether we are processing data relating to them. They can request information about this data as well as the additional information listed in Art. 15 (1) GDPR, as well as a copy of their data.

Right of Rectification:
Under Art. 16 GDPR, data subjects have the right to request the rectification or completion of data concerning them and processed by us.

Right to Erasure: 
Data subjects have the right under Art. 17 GDPR to demand immediate erasure of the data concerning them. Alternatively, under Art. 18 GDPR, they may request us to restrict the processing of their data.

Right to Data Portability: 
Under Art. 20 of the GDPR, data subjects have the right to request that the data they have supplied to us be made available and transferred to another data controller.

Right to lodge a complaint: 
Data subjects also have the right to lodge a complaint with the competent supervisory authority  in accordance with Article 77 of the GDPR.

Right to Object:
If personal data is processed based on legitimate interests under Article 6 (1) sentence 1 lit. f) GDPR, data subjects have the right to object to the processing of their personal data under Article 21 GDPR, inasmuch as there are grounds for doing so arising from their particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right to object, which will be acted on by us without the particular situation being stated.

A number of data processing activities are only possible with your express consent. You have the option of being able, at any time, to revoke consent that you have already granted. For this purpose, it would be sufficient to e-mail us an informal notice, using the following address: info@carado.com. The lawfulness of any data processing carried out prior to the time at which consent is revoked remains unaffected by the revocation.

On our website you will find links to the online offers of other providers. We would like to point out here that we have no influence over the content of linked websites or, indeed, over the level of compliance with data protection regulations practised by the providers of those websites.

We reserve the right to adapt this privacy notice at any time in the event of changes to our online offering and in compliance with applicable data protection rules, so that it then meets legal requirements.

This Privacy Policy was created by DDSK GmbH