We are pleased that you are visiting our website to find out more about our company and motorhomes. We take the protection of your personal data very seriously. Carado GmbH (hereinafter “Carado”, “we” or “us”) considers the security of user data and compliance with data protection regulations of utmost importance.
We detail how we handle your data below.
• “Personal data” mean any information relating to an identified or identifiable natural person (hereinafter “data subject”) (Article 4(1) GDPR). Personal data include your key data (first name and surname, address and date of birth), your contact data (phone number, email address), your billing information (bank details) and much more.
• “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “Data subject” means any identified or identifiable natural person whose personal data are processed by the data controller responsible for data processing.
• “Data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by European Union or EU Member State law, the controller or the specific criteria for their nomination may be provided for by EU or Member State law.
• “Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which receive personal data as part of a particular inquiry in accordance with EU or Member State law shall not be regarded as recipients.
• “Third parties” mean a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• “Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of their personal data either with a statement or through clear affirmative action.
It is fundamentally possible to use our website without disclosing any personal data. However, if you would like to use the website to access our company’s services, it may be necessary to process your personal data. If we need to process personal data, and if there is no legal basis for such data processing, we will obtain the consent of the data subject.
It is possible to visit our website without actively disclosing any personal data. However, every time the website is accessed, we automatically store the access data (server log files), such as the name of your Internet Service Provider (ISP), the operating system used, the website you visited before accessing our own, the date of the visit and how long you spent on the website, and the name of the requested file. We will also store the IP address of the computer used to access the website for seven (7) days for security reasons, e.g. to identify attacks on our website. These data are only processed to improve our services and will not allow you to be identified from them. These data will not be merged with other data sources. The legal basis for processing these data is Article 6(1) GDPR. We process and use data for the following purposes: 1. Deployment of the Carado website, 2. Improving our websites, and 3. Preventing and identifying any errors/malfunctions on the websites as well as misuse of the websites. Data are processed in this way either to fulfil a contract via the use of Carado websites or to pursue a legitimate interest in ensuring the Carado websites function properly, are free of errors and are adapted to the requirements of the users.
You can change your browser’s settings so that you are told if cookies are being used, allowing you to decide whether you want to accept them on a case-by-case basis, or accept them in certain situations, or decline their use across the board. Furthermore, cookies can be deleted after visiting a website so that any data they have stored on your device are removed. You can find out how to do this with a quick internet search. If you deactivate cookies on Carado websites, some functionality may be lost.
Remove or opt-out of cookies
All browsers have the option to restrict which cookies are used and to delete them. You can find more information about cookies on specific browsers on these websites:
Preventing cookies from being stored
You can prevent cookies from being stored with the cookie settings on your browser. However, you should be aware that if you change these settings to reject cookies, some functions on this website may not work properly. By using this website, you declare that you consent to Google processing the data collected about you in the manner described above and for the aforementioned purpose.
We have activated the IP anonymisation function on this website. Google uses this function to truncate your IP address within EU Member States or in other states signed up to the Agreement on the European Economic Area before being transferred to the US.
Objecting to data collection
You should be aware that the “gat.anonymizeIp” code was added to Google Analytics on this website to guarantee IP addresses are anonymised when recorded (know as IP masking).
Demographics data and Google Analytics
This website uses the demographics data tool from Google Analytics. This tool enables us to create reports containing assertions about the age, gender and interests of visitors to the site. These data come from Google’s personalised advertisements and from visitor data supplied by third party providers. These data cannot be assigned to any particular person. You can deactivate this function any time by changing the ad settings in your Google account, or by objecting to any collection of your data whatsoever by Google Analytics as shown under “Objecting to data collection”.
This website uses Google remarketing technology provided by Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). Google Remarketing is a technology that enables us to direct visitors back towards our site after leaving by using targeted advertising on other websites within the Google advertising network. Cookies are used to display these advertisements.
Cookies are stored on your device for this purpose, which are then used by third party providers, including Google, to record which of our websites you visited with your browser. These data are used to display our advertisements on sites you visit at a later time, e.g. as part of Google searches or on websites within the Google advertising network. You can find more information about Google’s data protection policy and how remarketing works at: https://policies.google.com/privacy/. This link also contains information about how to opt out of storing cookies using your browser settings and/or you can visit https://policies.google.com/technologies/ads/ to find out how to object to the collection of your data as part of Google Remarketing.
This website uses Google Conversion Tracking, an analytics service provided by Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). If you are visiting our website as a result of clicking a Google advertisement, Google AdWords will store a “conversion” cookie on your device. These cookies expire after 30 days and are not used to identify any particular person. If you visit one our sites while the cookie is still valid, we and Google will be able to tell that someone has clicked the advertisement, directing that person to our website as a result. Every AdWords customer receives a different cookie. This means that cookies cannot be tracked on other websites that use AdWords. The data obtained by the conversion cookie are used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are notified of the total number of users who clicked on their advertisement and were directed towards a site with a conversion tracking tag. However, they will not receive any information, with which users can be personally identified.
We use Google Maps to show maps on the site and create maps of routes. Google Maps is operated by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
By using this website, you declare that you consent to the collection, processing and use of your data, whether automatically obtained or input by you, by Google, its representatives or third party providers.
This website uses Google Tag Manager, a service that provides an interface for managing website tags. All Google Tag Manager does is deploy tags, meaning that cookies are not used and no personal data is collected. Google Tag Manager triggers other tags that in turn may collect data, but Google Tag Manager does not have any access to these data. If you have settings to block certain domains or cookies, these settings will remain valid for all tracking tags insofar as these are deployed by Google Tag Manager.
2.8.1 Social media plug-ins
Use of Facebook
If you do not want Facebook to be able to associate your visit to our website with your Facebook account, please log out of your Facebook account before visiting.
Use of Google+
Our websites use functions from Google+. This service is provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Data collection and transfer: You can publish information publicly using the Google “+1” button. You and other users can receive personalised content from Google and our partners using the Google “+1” button. Google saves information on the content you have clicked “+1” on and the web page you were viewing when you clicked “+1”. Your “+1” may be displayed as a review together with your profile name and photo within Google services, such as search engine results or your Google profile, or somewhere else on websites and internet advertisements. Google records data about your “+1” activities so that it can improve its services for you and other users. You need to have a Google account that is set to public with at least the profile name visible in order to use the Google “+1” button. The name on the profile is used for all Google services. In some cases, this name can be
Use of Twitter
Use of YouTube
Our website uses functions from YouTube, a site operated by Google. This service is provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our web pages featuring a YouTube function, a connection will be established to the YouTube servers. This shares information about which of our pages you have visited with the YouTube server.
If you are logged into your YouTube account when you visit such pages, this will enable YouTube to connect your browsing behaviour directly to your personal account. You can prevent this from occurring if you log out from your YouTube account.
Use of Instagram
Use of Pinterest
We use functions of the social network Pinterest on our site, that is operated by Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA ("Pinterest"). If you call a site that contains such a function your browser will establish a direct connection to the servers of Pinterest. The plugin hereby transmits protocol data to the server of Pinterest in the USA. These protocol data may include your IP address, the address of the visited websites, which also contain Pinterest functions, the type and settings of the browser, date and time of the enquiry, the way in which you use Pinterest as well as cookies.
You can find further information pertaining to the purpose, scope and further processing and use of the data by Pinterest as well as your rights in this respect and options for the protection of your privacy in the data protection notices of Pinterest: https://about.pinterest.com/de/privacy-policy.
Use of Spotify
Functions of the music service Spotify are integrated on our sites. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm in Sweden. You can recognise the Spotify functions by the green logo on our site. You can find an overview of the Spotify functions under https://developer.spotify.com.
A direct connection between your browser and the Spotify server can be established hereby when visiting our sites via these functions. Spotify receives the information hereby that you have visited our site with your IP address. When you click on the Spotify button while you are logged into your Spotify account you can link the contents of our sites to your Spotify profile. Spotify can hereby allocate the visit to our sites to your user account. You can find further information in this respect in the privacy statement of Spotify: https://www.spotify.com/de/legal/privacy-policy/ . If you do not want Spotify to be able to allocate the visit to our sites to your Spotify user account please log-out of your Spotify user account.
Use of TikTok
We are represented by Carado GmbH on the video portal TikTok, which is operated by TikTok Inc., 10100 Venice Blvd, Culver City, CA 90232, USA.
We have an online presence using different social media platforms (e.g. Facebook pages), which contain information about Carado and give us the opportunity to connect with you. We would like to note that we have no control over how your personal data are processed on these platforms, and only the respective operators of these sites have full knowledge of the content of data transmitted and how the data are used. Cookies are usually stored in your browser when you visit one of these platforms.
Your data may still be collected even if you do not have an account with that particular website. We have no knowledge about whether and to what extent these data are transferred outside of the European Economic Area. We process personal data on these platforms based on point (f) of Article 6(1) GDPR. Our legitimate interest is to be able to publicise Carado in a variety of ways and to communicate with our customers as effectively as possible using such means.
Data processing may have a legal basis as per point (a) of Article 6(1) GDPR if you have consented to data processing on the platform. You can view the privacy policies for each of the platform operators below, detailing their data processing policies, options for objecting to data processing, your right to access the data and specific information about the platforms themselves:
Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Information about cookies: https://www.facebook.com/policies/cookies/
Specific information about Facebook pages: Facebook processes your personal data (Facebook Insights) when you visit our Facebook page. Facebook transfers these data to us in anonymised form as part of the services by Facebook Insights. These anonymised data contain statistics about people who like or follow our Facebook page.
Facebook also shares your profile data with us if you interact with us or our pages, such as liking or commenting on posts, contacting us via Facebook or following our pages.
Google+ / YouTube
Specific information on YouTube accounts or channels: YouTube processes your personal data when you visit our YouTube channel. YouTube transfers these data to us in anonymised form as part of the services by YouTube STUDIO. These anonymised data contain statistics about people who subscribe to our YouTube channel.
YouTube also shares the user name of your Google+ profile with us if you interact with us or our pages, such as liking or commenting on videos or subscribing to our channel.
Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Opt out: https://twitter.com/personalization
Specific information about Twitter business profiles: Twitter processes your personal data when you visit our Twitter business page. Twitter transfers these data to us in anonymised form as part of Twitter Analytics. These anonymised data contain statistics about our Twitter followers.
Twitter also shares your profile name with us if you interact with us, our page or tweets, such as liking, retweeting or replying to tweets or following our account.
Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Information about cookies: https://help.instagram.com/1896641480634370?ref=ig
Specific information about Instagram accounts: Instagram processes your personal data when you visit our Instagram business page. Instagram transfers these data to us in anonymised form as part of Instagram Insights. These anonymised data contain statistics about people who follow our Instagram account.
Instagram also shares your user name with us if you interact with us or our page, such as liking or commenting on posts or following our account.
Provider: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA
Privacy statement: https://policy.pinterest.com/de/privacy-policy
Cookie information: https://policy.pinterest.com/de/cookies
Specific information pertaining to Pinterest corporate profile: When visiting our Pinterest corporate profile, Pinterest processes your personal data. These data are transmitted by Pinterest anonymously within the scope of Pinterest-Analytics. These transmitted data concern statistical data. Moreover, your profile name is transmitted to us by Pinterest if you interact with our Pins by for example commenting on our Pins, sending messages to us or following us on Pinterest.
Provider: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden
Privacy statement: https://www.spotify.com/de/legal/privacy-policy/
Cookie information: https://www.spotify.com/de/legal/cookies-policy/?language=de&country=de
Specific information pertaining to Spotify profiles: When visiting our Spotify profile, Spotify processes personal data. Out of these personal data, we are informed, for example, of user name and profile photos if you interact with us by following us or our playlist. The further data entered by Spotify are transmitted anonymously. This concerns statistical data about our subscribers.
We use the marketing tool Facebook pixel on our website. This service is provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”). A tracking “pixel” is placed on our website through the Facebook pixel code. The pixel in turn stores cookies on the end device you use to access our website. This function enables us to analyse your browsing behaviour once you are directed to our website after clicking on one of the advertisements we have placed on Facebook. We can then show you targeted advertisements based on this information. If you have a Facebook account which you are logged into when you visit our website, Facebook will be able to associate your visit to our website with your Facebook account.
You can find out how to customise your settings for viewing Facebook advertisements here:
You can also view specific detailed information about Facebook pixel and how it works in Facebook’s help centre:
The legal basis for using Facebook pixel is our legitimate interest, as per point (f) Article 6(1) GDPR, in optimising and analysing our online offering to give you a better experience.
Facebook is certified under Privacy Shield framework. This certification means that Facebook offers assurances, in accordance with Article 44 et seqq. GPDR, that it fulfils the requirements of EU data protection standards.
We use the Custom Audiences feature of Facebook Pixel. This service is provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”). We use this service to help optimise our Facebook advertisements so you have a better experience. Facebook advertisements are then targeted to you if you have previously shown a specific interest in particular features or parts of our page (e.g. particular themes or products). We transmit these characteristics to Facebook, which then uses the activity to create customer audiences (target audiences), allowing us to show appropriate advertisements for these themes or products to visitors on Facebook at a later time. This information is transferred in the form of lists on our Facebook business account. These lists contain personal data on our website users (including: name, location, email address and telephone number). The data are encrypted in accordance with Facebook’s data protection information and then transferred before being stored on Facebook’s servers. The data are encrypted using SHA256 (secure hash algorithm 256), which encrypts the data in advance so that it is not transferred to Facebook in plain text format. Facebook first creates a hash value (combination of numbers and letters) from the data in question. These hashes are then matched against other existing hash values for the relevant Facebook user data and the matching value is associated with the Facebook user account. This enables us to show targeted advertisements for our company on Facebook.
Data are processed by Facebook in accordance with Facebook’s data policy (https://www.facebook.com/about/privacy/). You can also use information that Facebook has published at the following link to customise your advertisement settings within Facebook: https://www.facebook.com/settings?tab=ads.
The legal basis for this data processing is your consent as per point (a) of Article 6(1) GDPR.
Facebook is certified under Privacy Shield framework (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active) and thereby offers assurances that it is compliant with EU data protection legislation.
You can send us queries on our website by using the contact form. We store the data you enter into the contact form (your query, subject and date), including the contact information entered (first name, surname and email address) for the purpose of processing your query and in the event that we need to ask follow up questions. We will not transfer these data without your consent. The legal basis for collecting and processing these data is Article 6(1) GDPR.
We will retain the data you enter into the contact form until you request that we delete them, or you revoke your consent to their storage, or there ceases to be a purpose for storing the data (e.g. once your query has been processed to completion). Mandatory legal provisions, including stipulations on retention periods, will not be affected.
You can request information about our products and services by filling out a form on our website.
We store your details from the request form, including the contact details that you have entered (title, first name, surname, company, address, telephone number and email address), for the purpose of processing your order and in the event that we need to ask follow up questions. We also forward these details to an external service provider that we have contracted to dispatch the materials. We will not transfer these data to third parties without your consent. The legal basis for collecting and processing these data is Article 6(1) GDPR.
We will retain the data you enter into the online form until you request that we delete them, or you revoke your consent to their storage, or there ceases to be a purpose for storing the data (e.g. once we have agreed on an appointment). Mandatory legal provisions, including stipulations on retention periods, will not be affected.
If you send us queries or information by email, we will save your details (email address, email content, subject and date), including the contact details you have specified in the email (first name, surname, any telephone number or postal address given), for the purposes of processing your query and in the event that we need to ask you follow up questions. We will not transfer these data without your consent. The legal basis for collecting and processing these data is Article 6(1) GDPR.
The user should be aware there is a possibility that during transmission emails may be altered or read by unauthorised individuals without any trace of this having occurred. Carado uses software to filter unwanted emails (spam filter). The spam filter may reject some emails if they contain certain characteristics that allow them to be falsely flagged up as spam.
We will retain the data you give in emails until you request that we delete them, or you revoke your consent to their storage, or there ceases to be a purpose for storing the data (e.g. once your query has been processed to completion). Mandatory legal provisions, including stipulations on retention periods, will not be affected.
You have the opportunity to participate in competitions and/or promotional offers on our website. In doing so, you are taking part voluntarily and independently of any other offers on our website. When you sign up a for a competition, you will tell us your email address (and, if necessary, your first name, surname, telephone number, date of birth and address). The purpose of collecting these data is to run the competition, inform the winner and award the prize. The legal basis for collecting and processing these data is Article 6(1) GDPR. Any extra data will not be collected, unless given voluntarily by the data subject.
However, participants hereby agree to provide their first name (with only the first initial of the surname) and photos if they win for use in articles.
We will only save the data you give us until the end of the competition. Mandatory legal provisions, including stipulations on retention periods, will not be affected.
You can subscribe to our company’s newsletter on our website. We use this newsletter to inform our customers and commercial partners about our offers in regular instalments. To send you the newsletter, we need a valid email address and information that allows us to verify that you are the real owner of the email address given and to confirm that you agree to receive the newsletter. Any extra data will not be collected, unless given voluntarily by the data subject. The first time a data subject submits an email address for subscription to the newsletter, a confirmation email will be sent to this email address as part of the double opt-in process and for legal reasons. We will only use these data to send newsletters and will not forward them to third parties. The legal basis for collecting and processing these data is Article 6(1) GDPR.
When the data subject signs up to the newsletter, we will also store the time that the email address is submitted as well as the IP address (as provided by the ISP) of the computer used by the data subject when signing up. We need to collect these data so that we can trace any possible misuse of a data subject’s email address at a later time, thereby helping to bolster our online security.
You can revoke the consent you have given to have your data and email address stored, and for this to be used to receive the newsletter, at any time, for example by clicking the “unsubscribe” link in any newsletter. Alternatively, you can send us an email at email@example.com at any time to tell us you wish to unsubscribe. Data that have already been processed prior to revoking consent will remain legally valid. Once consent has been revoked, the data controller responsible for data processing will delete the personal data. Unsubscribing from newsletters will be automatically deemed a revocation of consent.
We will save the data that you submit to us to subscribe to the newsletter until you unsubscribe, and we will delete these data after you unsubscribe.
Our newsletters contain tracking pixels. A tracking pixel is a tiny graphic embedded in HTML emails that allows a log file to be saved and analysed. This then allows statistics to be compiled to evaluate the success of an online marketing campaign. We use the embedded tracking pixel to identify if and when a data subject has opened an email and which links in the email the data subject has clicked.
We store and analyse personal data collected using the email tracking pixel on the basis of our legitimate interest in optimising how we send out emails and in improving how we tailor content in future newsletters to be better aligned with the interests of the data subject. The legal basis for collecting and processing these data is Article 6(1) GDPR.
You can use our website to take advantage of the careers page and/or submit job applications by email. We collect and process the personal data of applicants (key data, contact data, documents such as cover letter, CV, references, etc.) for the purposes of conducting the application process. Data may also be processed electronically, which is done especially if an applicant submits the necessary documents to the data controller electronically, such as by email or using the online form on our website. If the data controller concludes an employment contract with an applicant, the data submitted will be stored in compliance with statutory provisions for use in the course of the employment relationship. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the applicant has been informed that their application was rejected, provided that deleting the data does not contravene any other legitimate interest that the data controller may have. An example of a different legitimate interest is the requirement to furnish evidence in proceedings initiated under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz – AGG). The legal basis for collecting and processing these data is Article 6(1) GDPR.
During the online application process, you will have the opportunity to give your express consent for us to save and use your data beyond the current application process. If you give your consent, we will be able to inform you of any vacancies and new job advertisements that may be of interest to you.
You can sign up to have an account on our website. Signing up for an account allows you to be shown content or services that are exclusive to registered users. We collect the following data when you sign up for a website account: Title, first name and surname, email address, telephone number, postal address, etc. Fields that are marked as mandatory pertain to information that is required for registration; anything that is not mandatory can be given at will.
If the data subject signs up for an account on our website, we will also save the IP address of the data subject (as provided by the ISP) and the date and time of registration. We can only prevent abuse of our services by collecting these data, which may then be used to help to investigate any offences committed. In this respect, saving these data is necessary to bolster our online security. These data will not be transferred to third parties, unless it is required by law or for criminal prosecution.
The legal basis for processing data in this case is point (b) of Article 6(1) GDPR.
You can use an online form on our website to arrange a test drive or an appointment to view a vehicle with one of the authorised dealers listed on our website, or you can use the form to submit a configuration request to a dealer. For this purpose, the necessary personal data will be collected and transmitted to the dealer selected by you: your name, title, e-mail address, preferred vehicle type, and, provided you would like your selected dealer to contact you by phone or mail, phone number and/or address is also collected and transmitted as voluntary information. For general assurance that the appointment will take place as agreed, we will send you an appointment confirmation and a reminder. This collection, storage, and transmission of the data is based on your voluntarily given consent within the meaning of Article 6 paragraph 1 sentence 1 lit. a) in conjunction with Article 7 of the GDPR.
You can revoke this consent at any time by sending your revocation to firstname.lastname@example.org or Carado GmbH, Bahnhof 11, 88299 Leutkirch Deutschland with effect for the future. In addition, you can also assert your rights against the dealer. Please contact the dealer of your choice.
We store and forward to your chosen dealer the data you enter for the purpose of arranging an appointment, preparing a quote and in the event that we need to ask follow up questions. We will retain the data you enter into the online form until you request that we delete them, or you revoke your consent to their storage, or there ceases to be a purpose for storing the data (e.g. once we have agreed on an appointment). Mandatory legal provisions, including stipulations on retention periods, will not be affected.
We have no control over data that dealers collect from you beyond the online form. Please get in touch with your dealer directly about this.
We transfer data internally to management, HR and payroll to comply with our contractual and legal obligations. Your data will only be transferred or disclosed to the extent necessary and in compliance with the relevant data protection laws.
Carado is a company with global operations and is headquartered in Germany. Data that you send to us are stored in our centralised customer database in Germany and transferred within the Group for administrative purposes. If the data are exchanged within the Group, they are done so for the performance of a contract or as a condition of using the website. There may also be a legitimate interest in transferring these data for internal administrative purposes. If your data are processed outside of Europe, for example in India, Brazil, Russia, China, Switzerland, Singapore or US, these data will be transferred in compliance with all data protection laws in force and in accordance with point (f) of Article 44 GDPR in particular.
So that we can provide appropriate products and services, we transfer your data to specific third parties (“data processors”) who provide external services on our behalf, such as newsletter services and IT service providers. We may also transfer your data to third parties if it necessary to comply with our obligations (authorities, banks, social security agencies, etc.). Third parties only process data in accordance with our instructions, and third parties are prohibited from using these data for their own commercial purposes outside of the agreed scope.
We must disclose personal data if we are obliged to do so by current legislation, as part of an ongoing court case or as a result of an order (point (f) of Article 6 (1) GDPR).
We will only transfer your data to third parties if:
• You have given your express consent as per point (a) of Article 6(1) GDPR,
• the transfer of data in accordance with point (f) of Article 6(1) GDPR is required to assert, exercise or defend against legal claims, and there is no reason to believe that you have an overriding interest in not having your data transferred which is worthy of protection,
• if there is a legal obligation to transfer the data as per point (c) of Article 6(1) GDPR, and
• the transfer of data is permitted by law and is necessary for the performance of a contractual relationship with you as per point (b) of Article 6(1) GDPR.
If your data are processed outside of Europe, for example in India, Brazil, Russia, China, Switzerland, Singapore or USA, these data will be transferred in compliance with all data protection laws in force and in accordance with point (f) of Article 44 GDPR in particular.
We will not transfer your data to a third country or an international organisation.
If automated decision making processes are used, including profiling
As a responsible company, we do not use any automated decision making processes or profiling.
We only store your data for as long as they are required for delivering our services or for as long as data retention has been provided for in laws or legal provisions by European legislators or another legislator, to which the data controller is subject. In all other cases, we will delete your personal data once the purpose for which they were collected is fulfilled, except for data that we are obliged to retain to comply with our legal obligations (e.g. due to retention periods set by tax and trade law, we are obliged to retain documents such as contracts and invoices for a specific period).
Carado takes measures in technical and organisational security to protect your data, which are in our control, from accidental or intentional manipulation, loss, destruction or unauthorised access. Our security measures are continually improved as technology develops.
This website uses SSL encryption (secure socket layer) in connection with the highest level of encryption supported by your browser to ensure our website is secure and to protect the transfer of confidential content, such as queries that you send to us as the site’s operators. These security measures usually use 256 bit encryption. If your browser does not support 256 bit encryption, we will use 128 bit v3 technology instead. You can determine whether an individual page on our website has been transmitted with encryption by looking at the address bar in your browser to see if the address prefix has changed from “http://” to “https://” and if it displays a padlock symbol.
When SSL encryption is activated, the data you transfer to us cannot be read by any third parties.
You should be aware that there may be security flaws in transferring data on the internet (e.g. through email communication). It is not possible to completely protect against unauthorised data access by third parties.
The legal basis for our company’s data processing activities is point (a) of Article 6(1) GDPR; we obtain consent for a specific purpose when processing these data.
Data processing is based on point (b) of Article 6(1) GDPR if personal data need to be processed for the performance of a contract to which the data subject is party, as is the case with processing activities required for delivering goods or other services or for a counter performance, for example. The same applies to processing activities required to perform pre-contractual actions, such as when we receive enquiries about our motorhomes.
If our company is subject to a legal obligation that requires us to process personal data, such as complying with tax obligations, this data processing is based on point (c) of Article 6(1) GDPR.
In rare circumstances, it may be necessary for us to process personal data to protect an interest which is essential for the life of the data subject or that of another natural person. Such a case could occur if a visitor to our company is injured, and we are required to forward that person’s name, age, health insurance details or other vital information to a doctor, hospital or other third party. In this case, the data processing is based on point (d) of Article 6(1) GDPR.
Data processing activities may ultimately be based on point (f) of Article 6(1) GDPR. Data processing activities will use this legal basis if they are not covered by any other of the aforementioned legal bases, and if the data processing is necessary to protect a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of the data subject prevail. If processing personal data is based on point (f) of Article 6(1) GDPR, our legitimate interest is the performance of our business activities for the benefit of all our employees and customers.
You should note that supplying certain personal data is required by law (e.g. tax laws) or may even occur as a result of contractual arrangements (e.g. details about the contracting party). Sometimes it may be necessary for the data subject to provide us with personal data, which we will subsequently need to process to conclude a contract. The data subject will be obliged to supply us with personal data if our company is concluding a contract with the data subject, for example. If such personal data are not supplied, it may not then be possible to conclude the contract with the data subject. The data subject must contact one of our employees before supplying the personal data. Our employee will then tell the data subject in each instance whether the supply of personal data is required by legal or contractual provisions, or whether it is necessary for the conclusion of a contract, or whether the data subject is obliged to supply personal data including the possible consequences of not doing so.
Our website is not intended for children under 16. Anyone under 16 may not submit personal data to Carado without the consent of a parent or guardian.
You have the right to find out about the data that we store, length of data retention, purpose and legal basis for the storage of data, as well as the origin and recipient of data transfers. Inaccurate data must be corrected and data which have been stored without permission or which are no longer needed must be deleted. The data subject also has the right to object to data processing, the right to restrict processing and the right to data portability.
This information will be provided at your request. This information is available free of charge.
You also have the right to file a complaint with a supervisory body.
Some data processing activities require your express consent. You may revoke consent you have already given at any time. An informal message to us via email at email@example.com will be enough to revoke your consent. Data that have already been processed prior to revoking consent will remain legally valid.
Ich bin ein Tooltip.