Thank you for visiting our website. Carado GmbH (hereinafter referred to as "Carado", "we" or "us") attaches great importance to the security of users' data and compliance with data protection regulations. We would like to inform you below about the processing of your personal data on our website.
Responsible body::
Carado GmbH, Ölmühlestr. 6, 88299 Leutkirch
Phone: +49 7561 9097 300
E-Mail: info@carado.com
External Data Protection Officer:
DDSK GmbH
Phone: +49 7542 949 21 01
E-Mail: datenschutz@carado.com
The technical terms used in this privacy policy are to be understood as legally defined in Art. 4 GDPR.
You can find more information about the processing of your personal data in the application process here: Data protection information for applicants
Our site can be visited without active information about the user. However, we automatically store access data (server log files) every time the website is accessed, such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, as well as for security reasons, e.g. to detect attacks on our website, the IP address of the device used for a period of 7 days. This data is evaluated exclusively to improve our offer and does not allow any conclusions to be drawn about the user's person. This data is not merged with other data sources.
We process and use the data for the following purposes: providing the website, improving our websites, preventing and detecting errors/malfunctions as well as misuse of the website.
Legal basis:
legitimate interest, in accordance with Art. 6 para. 1 lit. f) GDPR
Legitimate interests:
Ensuring functionality and error-free and secure operation of the website as well as this website to the requirements of the users.
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on our website. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible and is based on Art. 6 para. 1 lit. f) GDPR. Cookies are a standard internet technology used to store and retrieve login and other usage information for all users of the website. Cookies are small text files that are stored on the end device. They allow us, among other things, to store user preferences so that our website can be displayed in a format tailored to the user's device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on the user's device and enable us or our partner companies to recognize the browser on the next visit (so-called persistent cookies).
The browser can be set in such a way that the user is informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. Furthermore, the cookies can be deleted afterwards in order to remove data that the website has stored on the user's computer. Deactivating cookies (so-called opt-out) may lead to some restrictions on the functionality of our website.
Categories of data subjects:
Website visitors, users of online services
Opt out:
Internet Explorer:
https://support.microsoft.com/de-de/help/17442
Firefox:
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Google Chrome:
https://support.google.com/chrome/answer/95647?hl=de
Safari:
https://support.apple.com/de-de/HT201265
Legal bases::
Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)
The relevant legal basis in each case is specifically named in the corresponding tool.
Legitimate interests:
Storage of opt-in preferences, presentation of the website, ensuring the functionality of the website, preservation of user status over the entire website, recognition for next website visitors, user-friendly online offer, ensuring chat function.
We use a consent management procedure on our website in order to store and manage the consent given by website visitors in a verifiable manner in accordance with data protection requirements.
The consent management platform used helps us to detect all cookies and tracking technologies and control them based on consent status. At the same time, visitors to our website can manage the consents and preferences they have given (optional setting of cookies and other technologies that are not required) via the consent management service integrated by us or revoke their consent at any time via the button.
The status of the consent is stored on the server side and/or in a cookie (so-called opt-in cookie) or comparable technology in order to be able to assign the consent to a user or their device. In addition, the time of the declaration of consent is recorded.
Categories Data:
Consent data (consent so-called consent ID and number, time of consent, opt-in or opt-out), meta and communication data (e.g. de-vice information, IP addresses)
Purposes of processing:
Accountability, consent management
Legal bases:
Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 GDPR)
Manage Consent/Withdrawal
Cookiebot
Service used:
Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Dänemark
Transfer to third countries: No transfer to third countries.
Privacy policy:
https://www.cookiebot.com/de/privacy-policy/
Our website is hosted by an external service provider. Data of visitors to our website, in particular so-called log files, are stored on the servers of our service provider. By using a specialized service provider, we can provide our website efficiently. The data is not processed by the hosting provider used by us for its own purposes.
Categories Data:
User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP address-es)
Purposes of processing:
Proper presentation and optimization of the website, faster and loca-tion-independent accessibility of the website,
Legal bases:
Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests:
Avoidance of downtime, high scalability, reduction of the bounce rate on the website
Microsoft
Service used:
Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Irland / Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Legal basis:
Consent (Art. 6 para. 1 lit. f) GDPR)
Transfer to third countries: On the basis of the adequacy decision of the European Commission for the country USA
Privacy policy:
https://privacy.microsoft.com/de-de/privacystatement
We have commissioned a web agency to support and advise on services and applications on our website. This supports us in all activities related to the design and functionality of our website. In this context, the web agency selected by us receives the access data for our website in order to make necessary adjustments and changes, such as the design of forms or other programming activities.
The inspection of personal data, such as data from forms or log data of website visitors, cannot be excluded. The web agency therefore acts as a so-called processor for us and acts exclusively on our instructions. Data is not processed for other purposes:
Categories Data:
Usage data (e.g. access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. e-mail ad-dress), content data (e.g. text information)
Purposes of processing:
Support in web analysis and optimization, analysis of user behavior on the website (website interaction) for web optimization and reach measurement, checking the load of the website
Legal bases:
Legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests:
Support and support for website maintenance through a high level of technical expertise, efficiency through outsourcing
Web Agency
Receiver:
PANSOFT GmbH Tullastr. 28 76131 Karlsruhe, Deutschland
Transfer to third countries: No transfer to third countries.
Privacy policy:
https://www.pansoft.de/de/home/datenschutz/index.html
Web Agency
Receiver:
LightsOn GmbH, Leonhardstraße 15 87437 Kempten (Allgäu), Deutschlan
Transfer to third countries: No transfer to third countries.
Privacy policy:
https://lights-on.io/datenschutz
Web Agency
Receiver:
Jungle GmbH, Zwingerstraße 2, 87435 Kempten, Deutschland
Transfer to third countries: No transfer to third countries.
Privacy policy:
https://www.jungle.guide/datenschutz
In order to be able to evaluate visitor flows on our online offer, we use tools for web analysis and reach measurement. To do this, we collect information about our visitors' behavior, interests, or demographic information, such as age, gender, or similar. This helps us to recognize at what time our online offer, its functions or content are most frequented or invite repeat access. In addition, we can use the information collected to determine whether our online offer is in need of optimisation or adaptation.
The information collected for this purpose is stored in cookies or similar processes and is used for reach measurement and optimization. The data stored in the cookies may include content viewed, websites visited, settings and functions and systems used. However, no clear data of the users is regularly processed for the purposes described. In this case, the data is changed in such a way that the actual identity of the users is known neither to us nor to the provider of the tool used. The data changed in this way is often stored in user profiles.
Categories of data subjects:
Website visitors, users of online services
Categories Data:
User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP address-es), contact data (e.g. e-mail address, telephone number), content data (e.g. texts, photographs, videos)
Purposes of processing:
Website analysis, reach measurement, utilization and evaluation of website interaction, lead evaluation
Legal bases:
Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests:
Optimization and further development of the website, increase in prof-its, customer loyalty and acquisition
Google Analytics
Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy:
https://policies.google.com/privacy
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR
Facebook Connect
Service used:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
Privacy:
https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR
In order to constantly increase our reach and awareness of our online offering, we process personal data in the context of online marketing, in particular with regard to potential interests and the measurement of the effectiveness of our marketing measures.
For the purpose of measuring the effectiveness of our marketing efforts and identifying potential interests, relevant information is stored in cookies or similar processes. The data stored in the cookies may include content viewed, websites visited, settings and functions and systems used. However, no clear data of the users is regularly processed for the purposes described. The data is then changed in such a way that the actual identity of the users is known neither to us nor to the provider of the tool used. The data changed in this process is often stored in user profiles.
In the case of the storage of user profiles, the data can be read, supplemented and supplemented on the server of the online marketing provider when visiting other online offers that use the same online marketing process.
We can determine the success of our advertisements on the basis of aggregated data that is made available to us by the provider of the online marketing process (so-called conversion measurement). As part of these conversion measurements, we can understand whether a marketing measure has led to a purchase decision by the visitor to our online offer. This evaluation serves to analyze the success of our online marketing.
Categories of data subjects:
Website visitors, users of online services, interested parties, com-munication partners, business partners and contractual partners
Categories Data:
User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP address-es), location data, contact data, content data (e.g. texts, photo-graphs, videos)
Purposes of processing:
Marketing (partly also interest-based and behavioural), conversion measurement, target group building, click tracking, development of marketing strategies and increasing the efficiency of campaigns
Legal bases:
Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests:
Optimization and further development of the website, increase in prof-its, customer loyalty and acquisition
Adsience
Service used:
Adscience BV Information, 56m Basisweg, Amsterdam, Noord Holland 1043 AP, NL
Privacy:
https://adscience.zenfolio.com/us/zf/f/user-agreement (Pop-Up)
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR
Microsoft Invest
Service used:
Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Irland / Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy:
https://privacy.microsoft.com/de-de/privacystatement
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR
Google Tag Manager
Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy:
https://policies.google.com/privacy
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR
Google Ads and Conversion Measurement
Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy:
https://policies.google.com/privacy
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR
Google Adssense
Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy:
https://policies.google.com/privacy
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR
Google Double Click
Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy:
https://policies.google.com/privacy
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR
Pinterest
Service used:
Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA
Privacy:
https://policy.pinterest.com/de/privacy-policy
Opt-Out-Link:
https://policy.pinterest.com/de/cookies
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR
Taboola
Service used:
Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin, Deutschland
Privacy:
https://www.taboola.com/de/privacy-policy
Opt-Out-Link:
https://www.taboola.com/de/privacy-policy#user-choices-and-optout
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR
We maintain online presences on social networks and career platforms in order to exchange information with the users registered there and to be able to get in touch in an uncomplicated way.
In some cases, the data of users in social networks is used to conduct market research and thus pursue advertising purposes. User profiles can be created and used to adapt advertisements to the interests of target groups via user behaviour, for example the indication of interests. For this purpose, cookies are regularly stored on the end devices of the users, sometimes regardless of whether they are registered users of the social network.
In connection with the use of social media, we also use the associated messengers to be able to communicate with users in an uncomplicated way. We would like to point out that the security of individual services may depend on the user's account settings. Even in the case of end-to-end encryption, the service provider can draw conclusions about the fact that and when users communicate with us and, if necessary, collect location data.
Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This can result in risks for users, for example because it makes it more difficult to enforce their rights.
Categories of data subjects:
Registered users and non-registered users of the social network
Categories Data:
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text information, photographs, videos), usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address)
Purposes of processing:
Expanding Reach, Networking
Legal basis:
Legitimate interests (Art. 6 para. 1 lit. f) GDPR), consent (Art. 6 para. 1 lit. a) GDPR)
Legitimate interests:
Interaction and communication on social media presence, increased profits, insights about target groups
Giphy
Service used:
GIPHY Inc., 416 West 13th Street, Suite 207, New York, NY 10014, USA
Privacy:
https://support.giphy.com/hc/en-us/articles/360032872931-GIPHY-Privacy-Policy
Instagram
Service used:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
Privacy:
https://help.instagram.com/519522125107875 and https://www.facebook.com/about/privacy
Opt-Out-Link:
https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/
Facebook
Service used:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
Privacy:
https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum
Opt-Out-Link:
https://www.facebook.com/policies/cookies/
Linkedin
Service used:
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Privacy:
https://www.linkedin.com/legal/privacy-policy
Opt-Out-Link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Pinterest
Service used:
Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA
Privacy:
https://policy.pinterest.com/de/privacy-policy
Opt-Out-Link:
https://policy.pinterest.com/de/cookies
Reddit
Service used:
Reddit, Inc., 548 Market St. 16093 San Francisco, California 94104 USA
Privacy:
https://www.redditinc.com/policies/privacy-policy
Opt-Out-Link:
https://www.reddit.com/personalization
Tiktok
Service used:
TikTok Inc., 10100 Venice Blvd., Culver City, CA 90232, USA
Privacy:
https://www.tiktok.com/legal/privacy-policy?lang=de
Xing
Service: used:
New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland
Privacy:
https://privacy.xing.com/de/datenschutzerklaerung
Youtube
Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy:
https://policies.google.com/privacy?hl=de&gl=de
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Whatsapp
Service used:
WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Privacy:
https://www.whatsapp.com/privacy
Opt-Out-Link:
https://www.whatsapp.com/legal/cookies?lang=de
We have integrated functions and content into our online offer that are obtained from third-party providers. For example, videos, illustrations, buttons or posts (hereinafter referred to as content) can be integrated.
In order for content to be displayed to visitors to our online offer, the respective third-party provider processes, among other things, the user's IP address so that the content can be transmitted to the browser and displayed. Without this processing process, the display of third-party content is not possible.
In some cases, additional information is collected via so-called pixel tags or web beacons, whereby the third-party provider receives information about the use of the content or visitor traffic on our online offer, technical information about the user's browser or operating system, the time of visit or the websites to be referred. The data obtained in this way is stored in cookies on the user's end device.
In order to protect the personal data of visitors to our online offer, we have taken certain security precautions to prevent the automatic transmission of this data. This data is only transmitted when the users use the buttons or click on the third-party content.
Categories of data subjects:
Users of the plug-in or embedded third-party content
Categories Data:
Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. e-mail address, telephone number), master data (e.g. name, address)
Purposes of processing:
Designing our online offering, increasing the reach of advertisements in social media, sharing posts and content, interest- and behavior-based marketing, cross-device tracking
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR), legitimate interest (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests:
Protection of our website from misuse, ensuring functionality and error-free and secure Operation of the website
Google Content Security Policy
Service used:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy:
https://policies.google.com/privacy?hl=de&gl=de
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis:
Legitimate interest (Art. 6 para. 1 lit. f) GDPR)
Google Recaptcha
Service used:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy:
https://policies.google.com/privacy?hl=de&gl=de
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis:
Legitimate interest (Art. 6 para. 1 lit. f) GDPR)
Vehicle configurator
Service used:
Erwin Hymer Group SE, Holzstraße 19, 88339 Bad Waldsee, Deutschland
Privacy:
https://www.erwinhymergroup.com/de/footer/datenschutz
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
Google Fonts
Service used:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy:
https://policies.google.com/privacy?hl=de&gl=de
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
Mapbox Plugins und -Schaltflächen
Service used:
Mapbox, 1133 15TH St NW Ste 825 Washington, DC, 20005-2751 United States
Privacy:
https://www.mapbox.com/legal/privacy/
Opt-Out-Link:
https://www.mapbox.com/legal/cookies
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
Pimcore
Service used:
Pimcore GmbH, Söllheimer Straße 16, 5020 Salzburg, Österreich
Privacy:
https://pimcore.com/en/about/privacy
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
Syscara
Service used:
Web for You., Manuel Wendt, Lassahner Str. 73, 19300 Grabow, Deutschland
Privacy:
https://syscara.com/datenschutz.php
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
Typography
Service used:
The Hoefler Type Foundry, Inc. Hoefler&Co 611 Broadway, Room 725 New York, NY 10012-2608
Privacy:
https://www.typography.com/policies/privacy
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
Yuoutube
Service used:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy:
https://policies.google.com/privacy?hl=de&gl=de
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
We offer a market on our website for available vehicles offered by different dealers. If you are interested in a vehicle, you have the option of contacting the provider of the vehicle via our form, among other things, to receive further information, to arrange a consultation appointment or to obtain an offer about the vehicle. For this purpose, your data, name, e-mail address and, if applicable, a telephone number, will be transmitted from the form to the respective trading partner who offers the vehicle. The provider of the vehicle is in turn responsible for the data processing itself from the time of the data transmission and decides, according to the contact details provided and related to your request, how further communication with you takes place.
Categories of data subjects:
Interested website visitors, prospective buyers
Categories Data:
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries), meta and com-munication data (e.g. device information, IP addresses)
Purposes of processing:
Mediation of vehicle offers
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
Caravana
Service used:
Caravana GmbH; Pferdemarkt 2; 19300 Grabow, Deutschland
Privacy:
Https://www.Caravana.De/datenschutz
On our online offer, users have the option of subscribing to our newsletter or any notifications via various channels (hereinafter referred to as the newsletter). Within the framework of the legal provisions, we only send newsletters to recipients who have consented to receive the newsletter. We use a selected service provider to send our newsletter.
In order to subscribe to a newsletter from us, an e-mail address must be provided. We may collect additional data, such as: the name to provide our newsletter with a personal address.
Our newsletter will only be sent after the so-called double opt-in procedure has been completed. If visitors to our online offer decide to subscribe to our newsletter, they will receive a confirmation e-mail, which serves to prevent the misuse of false e-mail addresses and is intended to prevent a simple, possibly accidental click from triggering the sending of the newsletter. The subscription to our newsletter can be terminated at any time for the future. An opt-out link is included at the end of each newsletter.
In addition, we are obliged to provide proof that our subscribers actually wanted to receive the newsletter. For this purpose, we collect and store the IP address as well as the time of registration and deregistration.
Our newsletters are designed in such a way that we are able to gain insights into improvements, target groups or the reading behavior of our subscribers. This enables us to use a so-called web beacon or a tracking pixel that reacts to interactions with the newsletter, for example whether links are clicked, the newsletter is opened at all or at what time the newsletter is read. We may assign this information to individual subscribers for technical reasons.
Categories of data subjects:
Newsletter subscribers
Categories Data:
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), meta and communication data (e.g. device infor-mation, IP address), usage data (e.g. interests, access times)
Purposes of processing:
Marketing, customer loyalty and new customer acquisition, analysis and evaluation of the success of the campaign
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
Salesforce
Service used:
Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA
We offer a Carado newsletter via the messenger service WhatsApp. Registration is done by scanning the corresponding QR codes or via the stored links. These lead directly to our WhatsApp area. This requires that you have an active WhatsApp account. To receive the newsletter, follow the instructions in the initial message.
In order to be able to send the newsletter on our part, we process your data – in particular your mobile phone number and your (user) name. If you no longer wish to receive the newsletter, you can deactivate the sending via the "STOP" button or by sending the message "STOP" within the WhatsApp chat.
Categories of data subjects:
WhatsApp users
Categories Data:
Mobile number, (user) name, meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times)
Purposes of processing:
Marketing, customer loyalty and new customer acquisition, analysis and evaluation of the success of the campaign
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
WhatsApp
Service used:
WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA
Privacy:
https://www.whatsapp.com/legal/
Sinch
Service used:
MessengerPeople GmbH, St.-Martin-Straße 63, 81669 München
We also use the data provided to us for advertising purposes, in particular to inform you about news from us or from our portfolio of products and services on various channels. An advertising approach on our part takes place within the framework of the legal requirements and – if necessary afterwards – after obtaining consent.
If the recipients of our advertising do not wish to receive them, they can inform us at any time. We will be happy to comply with the corresponding request.
Categories of data subjects:
Communication
Categories Data:
Master data (e.g. name, address), contact details (e.g. e-mail ad-dress, telephone number)
Purposes of processing:
Direct marketing
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR), legitimate interests (Art. 6 pa-ra. 1 lit. f) GDPR)
Legitimate interests:
Retention of existing contacts and acquisition of new ones or con-tractual partners
We use our online presences to conduct sweepstakes and/or competitions. In doing so, we process the data of the campaign participants required for the implementation of the respective campaign. This also includes such data as we need to inform the winner and distribute the prize.
Depending on the nature of the action, contributions from or about the participants may be published, for example when reporting on the respective campaign or if a vote on a contribution submitted by the participant is part of the campaign. Depending on the type of competition, the name of the participant will also be published. Which data we process in individual cases depends on the specific action carried out and on what data we receive from the participant.
The implementation of the respective campaign on our presence in a social network is also subject to the terms of use and data protection of the respective network.
Categories of data subjects:
Action participants
Categories Data:
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photos, videos)
Purposes of processing:
Competition including distribution of prizes and announcement of the winner in various media
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
On our online offer, we offer the possibility to contact us directly or to obtain information via various contact options.
In the event of contact, we process the data of the person making the enquiry to the extent necessary to answer or process the request. Depending on the way in which we are contacted, the data processed may vary.
Categories of data subjects:
Requesting persons
Categories Data:
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, vid-eos), usage data (e.g. interests, access times), meta and communi-cation data (e.g. device information, IP address).
Purposes of processing:
Processing of inquiries
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR), performance or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)
Salesforce
Service used:
Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA
Privacy:
https://www.salesforce.com/uk/company/privacy/
Zendesk
Service used:
Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA
Privacy:
https://www.zendesk.de/company/privacy-and-data-protection/#gdpr-sub
Erwin Hymer Group Services GmbH
Service used:
Erwin Hymer Group Services GmbH, Holzstraße 15, 88339 Bad Waldsee, Deutschland
Privacy:
https://hc-portal.erwinhymergroup.com/hc/articles/14883241095709
Legal basis:
Legitimate interests (Art. 6 para. 1 lit. f) GDPR)
We offer the possibility to create a user account on our online offer. As part of the registration process, we collect the necessary data from interested visitors, which we need to provide a user account and to provide the associated functions.
If visitors to our online offer decide to register, they will receive an e-mail, which must be confirmed and serves to prevent the improper provision of false e-mail addresses.
In order to protect the use of the internal area, we collect IP addresses and the time of access in order to prevent misuse of a user account and unauthorized use. We do not pass on this data to third parties unless this is necessary to pursue our claims or we are legally obliged to do so.
Categories of data subjects:
registered users
Categories Data:
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), login data (user name and password), meta and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interests, access times)
Purposes of processing:
Simplification of website function, contract fulfillment, customer loyal-ty
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
Via our website you have the opportunity to arrange a test drive and/or a consultation appointment. For this purpose, the personal data required for this purpose will be collected and transmitted to the dealer you have selected: name, title, e-mail address, preferred vehicle type. If you wish to be contacted by telephone by your selected dealer, the telephone number will also be collected and transmitted as voluntary information. To ensure that the appointment is carried out as agreed, we will send you a confirmation and an appointment reminder.
This collection, storage and transmission of the data is carried out on the basis of your voluntarily given consent within the meaning of Art. 6 (1) sentence 1 lit. a) in conjunction with Art. 7 GDPR. You can revoke this consent at any time by info@carado.com or by post to Carado GmbH, Ölmühlestraße 6, 88299 Leutkirch im Allgäu, with effect for the future. In addition, you can also assert your rights against the dealer. To do this, contact the retailer you have selected.
Salesforce
Service used:
Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA
Privacy:
https://www.salesforce.com/uk/company/privacy/
Zendesk
Service used:
Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA
Privacy:
https://www.zendesk.de/company/customers-partners/privacy-policy/
We offer the possibility to make downloads on our website in order to provide our visitors with up-to-date or related information. In order to statistically evaluate the use of this content and to improve our offer in a targeted manner, we record clicks on the respective download buttons. Personal data, in particular the IP address, is stored and an evaluation is made possible. This data is used exclusively for internal analysis and is not passed on to third parties.
Categories of data subjects:
Prospects, customers
Categories Data:
Meta and communication data (e.g. device information, IP address-es), usage data (e.g. access time)
Purposes of processing:
Marketing, acquisition of new customers, increase in sales
Legal basis:
Legitimate interest (Art. 6 para. 1 lit. f) GDPR)
Legitimate interest:
Optimization of online offerings
We are a global company headquartered in Germany. The data of visitors to our online offer is stored in our centralised customer database in Germany in compliance with the relevant data protection regulations and is processed throughout the Group for internal administrative purposes. Processing beyond administrative purposes does not take place.
Legal basis:
legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests:
so-called small group privilege, centralized administration and admin-istration in the company to exploit synergy effects, cost savings, in-crease in effectiveness
Receiver:
https://www.erwinhymergroup.com/de/unternehmen/ueber-die-erwin-hymer-group
In the event that we transfer data to a country outside the EEA for intra-group processing, we will ensure that the processing is legally permissible in the manner we intend. In this case, we have concluded Binding Corporate Rules/Standard Data Protection Clauses, including a separate regulation of suitable technical and organizational measures to protect the data of data subjects in the best possible way. A copy of the warranty is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.
In order to perform contracts or to comply with a legal obligation, it may be necessary for us to share personal data. If we are not provided with the data required in this respect, it may not be possible to conclude the contract with the data subject.
We transfer data to countries outside the EEA (so-called third countries). This is done on the basis of the purposes mentioned above (transmission within the group and/or other recipients). The transfer only takes place to fulfil our contractual and legal obligations or on the basis of a previously given consent of the data subject.
As a matter of principle, we store the data of visitors to our online offer for as long as this is necessary for the provision of our service or if this has been provided for by the European legislator or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been completed, with the exception of data that we must continue to store in order to comply with legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to tax and commercial retention periods).
We refrain from automated decision-making or profiling in accordance with Art. 22 GDPR.
Relevant legal bases result primarily from the GDPR. These are supplemented by national laws of the Member States and may be applicable together with or in addition to the GDPR.
Consent:
Art. 6 (1) (a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.
Contract:
Art. 6 (1) (b) GDPR serves as the legal basis for processing that is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are taken at the request of the da-ta subject.
Legal obligation:
Art. 6 para. 1 lit. c) GDPR serves as the legal basis for pro-cessing that is necessary to comply with a legal obligation.
Vital interests:
Art. 6 (1) (d) GDPR serves as a legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest:
Art. 6 para. 1 lit. e) GDPR serves as the legal basis for pro-cessing that is necessary for the performance of a task that is in the public interest or is carried out in the exercise of of-ficial authority vested in the controller.
Legitimate interest:
Art. 6 (1) (f) GDPR serves as a legal basis for processing that is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data are overridden, in particular if the data subject is a child.
Recht auf Auskunft:
Betroffene Personen haben gem. Art. 15 DSGVO das Recht, eine Bestätigung zu verlangen, ob wir sie betreffende Daten verarbeiten. Sie können Auskunft über diese Daten sowie die in Art. 15 Abs. 1 DSGVO aufgeführten weiteren Informationen und eine Kopie ihrer Daten verlangen.
Right to information:
In accordance with Art. 15 GDPR, data subjects have the right to request confirmation as to whether we are processing data concerning them. They can request information about this data as well as the further information listed in Art. 15 pa-ra. 1 GDPR and a copy of their data.
Right to rectification:
In accordance with Art. 16 GDPR, data subjects have the right to request the correction or completion of the data con-cerning them and processed by us.
Right to erasure:
In accordance with Art. 17 GDPR, data subjects have the right to demand the immediate deletion of data concerning them. Alternatively, they can request that we restrict the pro-cessing of their data in accordance with Art. 18 GDPR.
Right to data portability:
In accordance with Art. 20 GDPR, data subjects have the right to demand the provision of the data they have provided to us and to request their transfer to another controller.
Right of appeal:
Data subjects also have the right to complain to the supervi-sory authority responsible for them in accordance with Art. 77 GDPR.
Right to object:
Insofar as personal data is processed on the basis of legiti-mate interests pursuant to Art. 6 (1) sentence 1 lit. f) GDPR, data subjects have the right to object to the processing of their personal data pursuant to Art. 21 GDPR if there are rea-sons for this that arise from their particular situation or the objection is directed against direct marketing. In the latter case, data subjects have a general right to object, which we implement without specifying a special situation.
Some data processing operations are only possible with the express consent of the data subjects. You have the option of revoking your consent at any time. All you need to do is send an informal message or e-mail to info@carado.com us. The lawfulness of the data processing carried out up to the time of revocation remains unaffected by the revocation.
On our website you will find links to the online services of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.
We reserve the right to amend this data protection notice at any time in the event of changes to our online offer and in compliance with the applicable data protection regulations, so that they comply with the legal requirements.
This Privacy Policy has been prepared by of DDSK GmbH.