Privacy policy

We, the Carrera Toys GmbH ("Carrera/we"), are pleased that you visit our website. In the following provisions, we inform you about the type, scope and purpose of the collection and use of your personal data on this website and in the context of the services we offer.

 

Personal data is any information relating to an identified or identifiable natural person. This includes, in particular, your name, address and e-mail address.

 

Please read the privacy policy carefully before using this website. We reserve the right to amend parts of this Privacy Policy at our sole discretion and in accordance with legal requirements. Therefore, please check this privacy policy periodically for changes.

The provider of the website and controller within the meaning of data protection law is the

Carrera Toys GmbH

Rennbahn Allee 1

5412 Puch / Salzburg Austria

Managing Director: Mr. Stefan Krings

Tel: +43 662 88921-0 E-mail: shop@carrera-toys.com

 

You can contact the data protection officer of Carrera Toys GmbH at:

krupna LEGAL www.krupna.legal

Email: datenschutz@carrera-toys.com

Every time you access the content of our website, connection data is transmitted to our web server. This connection data includes:

· the IP address (Internet Protocol address) of the respective users,

· the date and time of the request,

· the referrer URL,

· Device numbers such as UDID (Unique Device Identifier) and comparable device numbers, device information (e.g. device type) and

· The browser type/version.

 

This connection data is not used to draw conclusions about the user's person or merged with data from other data sources, but is used to provide the website. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR. After 7 days at the latest, the data is anonymized by shortening the IP address at the domain level.

 

The use of our website is usually possible without providing personal data. You are not obliged to access this website or provide any personal data. However, the provision of personal data is required, for example, to receive newsletters or in the case of registration. If you do not provide us with personal data for the purposes listed below, you may not be able to use the functionalities of this website or individual of these services.

If you register with us as a dealer and use the dealer service or the B2B portal on our website, your information will be processed by us for this purpose. For details about the B2B portal, see the guide in our portal at https://carrera-toys.com/dealer-portal.

The processing of your personal data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR.

 

The provider of the website and controller within the meaning of data protection law is the

Carrera Toys GmbH

Rennbahn Allee 1

5412 Puch / Salzburg Austria

Managing Director: Mr. Stefan Krings

Tel: +43 662 88921-0 E-mail: shop@carrera-toys.com

 

You can contact the data protection officer of Carrera Toys GmbH at:

krupna LEGAL www.krupna.legal

Email: datenschutz@carrera-toys.com

If you wish to register with us as a customer, we will collect the required mandatory information (name, country, e-mail address, password) from you, which will be marked accordingly (*). Entering any additional information about yourself is voluntary.

 

Registration is not necessary, but it will make the ordering process easier for future orders, as you can reuse the data you have already saved. Alternatively, you can place an order as a guest. In this case, we collect the same data from you as when you registered, with the exception of a password. However, this data is not stored for you in a customer account, so you do not have access to a customer account.

 

After registration, you can log in by entering your e-mail address and password. Please always make sure to unsubscribe before leaving the website.

 

When using a password, please take appropriate security measures. For example, a password should be at least 8 characters long and, if possible, always consist of a combination of letters in upper and lower case, numbers and special characters. In this respect, trivial passwords such as "ABC" or keyboard sequences (e.g. "qwert" or "asdfgh"), all kinds of names (e.g. of friends, acquaintances, colleagues, family members, pets), city and building names, comic characters, car brands, license plates, terms, dates of birth, telephone numbers, common abbreviations, etc. are problematic.

 

The processing of your personal data is carried out on the basis of your consent in accordance with Art. 6 (1) sentence 1 (a) GDPR. Please note that in the event of a cancellation, any bonus points collected will be forfeited without replacement. For the rest, please note the corresponding usage instructions on our website with regard to bonus points.

 

In addition, your IP address and the time of registration will be stored by us as part of the registration. This is necessary to ensure the security of our information technology systems. In this case, the legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR.

 

If you are registered as a customer, you can access your customer account via the login function on this website. The login is done by entering your e-mail address and password.

 

Login data must be kept strictly confidential. If a disclosure has nevertheless taken place, for example in order to enable access to certain data stocks by third parties in an emergency, the password must be changed immediately. For your own protection, you are prohibited from reusing passwords that have already been used.

 

In addition, your IP address and the time of access are stored by us as part of a login. This is necessary to ensure the security of our information technology systems.

 

We also set a session cookie every time you log in. This session cookie prevents automatic logout during active use of the account or related services. After the respective logout, the session cookie is automatically deleted within a few minutes.

 

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR and, if your contractual relationship is affected, Art. 6 para. 1 sentence 1 lit. b and/or f GDPR.

 

If you as a customer (see No. 3.4. f.) , you can add individual products from the shop to your wish list. Until the time you unsubscribe, you will be able to access this wishlist and see all the products you have added. In this case, the legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR. When you unsubscribe as a customer, the wish list will be automatically deleted

When you place an order with us, we process the following data about you:

· Registration data from the customer account or Your guest data,

· Purchasing data (order/shopping cart),

· Payment data (payment method, account and credit card details, billing addresses)

 

The processing of your personal data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR.

 

If you would like to participate in a competition offered by us via the website, you will first need to create an account. The provision of your data is necessary for the purpose of conducting the competition. After completion of the competition, this data or the account will be deleted, provided that there are no statutory retention obligations.

 

The processing of your personal data is carried out on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. There is no legal or contractual obligation to provide the personal data. The only consequence of non-consent is that you will not be able to participate in the competition. You can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation.

 

We provide a separate club area for our Carrera Club on our website. The data processing in connection with our Carrera Club is described in the following paragraphs.

If you would like to register with us as a club member, you must first order a membership in our online shop. We will then collect the necessary mandatory information (name, address, email address, password) from you to set up your membership account so that you can use the Club benefits.

 

Once registered, you can log in by entering your club username and password through the club section of our website. Please always make sure to unsubscribe before leaving the website.

 

When using a password, please take appropriate security measures. For example, a password should be at least 8 characters long and, if possible, always consist of a combination of letters in upper and lower case, numbers and special characters. In this respect, trivial passwords such as "ABC" or keyboard sequences (e.g. "qwert" or "asdfgh"), all kinds of names (e.g. of friends, acquaintances, colleagues, family members, pets), city and building names, comic characters, car brands, license plates, terms, dates of birth, telephone numbers, common abbreviations, etc. are problematic.

 

The processing of your personal data is carried out for the performance of a contract. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

 

In addition, your IP address and the time of registration will be stored by us as part of the registration. This is necessary to ensure the security of our information technology systems. In this case, the legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR.

 

If you are a club member, you have the option of accessing separate information or functionalities in our club area via the login function on this website.

 

Login data must be kept strictly confidential. If a disclosure has nevertheless taken place, for example in order to enable access to certain data stocks by third parties in an emergency, the password must be changed immediately. For your own protection, you are prohibited from reusing passwords that have already been used.

 

In addition, your IP address and the time of access are stored by us as part of a login. This is necessary to ensure the security of our information technology systems.

 

We also set a session cookie every time you log in. This session cookie prevents automatic logout during active use of the account or related services. After the respective logout, the session cookie is automatically deleted within a few minutes.

 

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR and, if your contractual relationship is affected, Art. 6 para. 1 sentence 1 lit. b GDPR.

 

If you have purchased a club membership, a membership account will be created for you, which can be viewed by other club members. You can use the settings to choose which information about you should be visible to other club members.

 

If you already have a customer account in accordance with Section 2.3 f., the data from your previous customer account will be linked to your member account. This allows you to take advantage of the club benefits when ordering from our online store.

 

The

legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR.

 

As a club member, you have the opportunity to get in touch with other club members via chat in our club forum. The content of your posts in the forum (text, photos or videos) as well as your username can only be viewed by other club members and the administrators of Carrera. In this respect, the club forum is a closed area that is moderated and administered by Carrera. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR.

 

If posts within the forum are also of interest to other Carrera customers, Carrera will ask the club member who published the post and ask for consent to the publication of the post on Carrera's social media presence, among other things. The processing of your personal data is then carried out on the basis of your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR

 

Please note the provisions in this data protection declaration under No. 7

The provider of the website and controller within the meaning of data protection law is the

Carrera Toys GmbH

Rennbahn Allee 1

5412 Puch / Salzburg Austria

Managing Director: Mr. Stefan Krings

Tel: +43 662 88921-0 E-mail: shop@carrera-toys.com

 

You can contact the data protection officer of Carrera Toys GmbH at:

krupna LEGAL www.krupna.legal

Email: datenschutz@carrera-toys.com

In order to make your use of our website as pleasant as possible, we use so-called web tracking systems. Cookies are usually used for this purpose, i.e. small text files that are sent to your browser by a web server and stored on your computer's hard drive. This enables us to recognise the device you use when using our shop. In this way, it is possible for us to determine, for example, whether you are logged in, have an active shopping cart and what the contents of the shopping cart are. The session cookies used for the use of the shop are deleted again after the end of the browser session. Other cookies remain on your device and enable us to recognize your device on your next visit.

 

Details of the cookies used on the website can be found in the cookie banner as well as in the provisions below. The legal basis for the processing of your data follows, insofar as the following provisions in No. 5.1. et seq. from Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest consists in the needs-based design of the website. Finally, we would like to point out that if cookies are deactivated, it may not be possible to use all functions of this website to their full extent. Please also note that deactivation may have to be done for each browser and for each device.

 

In order to be able to administer your consent to the use of tracking tools, we use the cookie consent technology "Cookiebot". The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, website: https://www.cookiebot.com/de/ ("Usercentrics"). In this context, in addition to the connection data, the granting or refusal of your consent or the revocation of consent will be transferred to Usercentrics. In order to be able to make the appropriate assignment, Usercentrics also places a cookie in your browser.

 

Cookiebot is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

 

The provider of the website and controller within the meaning of data protection law is the

Carrera Toys GmbH

Rennbahn Allee 1

5412 Puch / Salzburg Austria

Managing Director: Mr. Stefan Krings

Tel: +43 662 88921-0 E-mail: shop@carrera-toys.com

 

You can contact the data protection officer of Carrera Toys GmbH at:

krupna LEGAL www.krupna.legal

Email: datenschutz@carrera-toys.com

Our website uses plugins from YouTube, which is operated by Google. When you visit one of our websites equipped with a YouTube plugin and actively click on the corresponding field, a connection to YouTube's servers is established. The YouTube server is informed which of our websites you have visited. If you are logged in to your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

 

The legal basis for the use of YouTube is your consent, based on Section 25 (1) sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 (1) sentence 1 (a) GDPR for our further processing of your data. You give your consent via our cookie banner. Please note that Google is a company from the USA. Information about the locations of Google's data centers can be found at www.google.com/about/datacenters/locations/. The new EU standard data protection clauses have been agreed as appropriate safeguards to ensure an adequate level of protection in data transfers. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. You can find more information here: https://www.dataprivacyframework.gov/list.

 

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

 

We use the Google Tag Manager "GTM". Through this service from Google, website tags can be managed through an interface. However, the GTM only implements tags. In this respect, no cookies are used. The GTM only triggers other tags, which in turn may collect data, but the GTM does not access this data. The data is evaluated exclusively in the respective tool (see the tools listed in Section 5 for details). However, GTM does collect your IP address as well as online identifiers (including cookie identifiers), which may also be transmitted to Google in the United States. For additional information about GTM, see https://support.google.com/tagmanager/answer/6102821?hl=de

 

The legal basis for the use of GTM is your consent, based on Section 25 (1) sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 (1) sentence 1 (a) GDPR for our further processing of your data. You give your consent via our cookie banner. Please note that the provider is a company from the USA. The new EU standard data protection clauses have been agreed as appropriate safeguards to ensure an adequate level of protection in data transfers. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. More information can be found here: https://www.dataprivacyframework.gov/list

 

To reduce delivery errors, we use Google's Address Validation API. The Address Validation API can be used to determine whether an entered address points to a real location or whether it contains errors. For this purpose, your IP address and the content you enter in the address field will be transmitted to Google. For example, if the address entered is incomplete, the Address Validation API will make a correction recommendation that you can accept. Alternatively, you will be asked to correct the address you entered.

 

The legal basis for the use of the Address Validation API is your consent, based on Section 25 (1) sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 (1) sentence 1 (a) GDPR for our further processing of your data. You give your consent via our cookie banner. Please note that the provider is a company from the USA. The new EU standard data protection clauses have been agreed as appropriate safeguards to ensure an adequate level of protection in data transfers. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. You can find more information here: https://www.dataprivacyframework.gov/list.

 

We have integrated "AWIN" on our website. AWIN is an affiliate marketing software from AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany. Registered providers ("advertisers") can use AWIN to advertise their online goods and services within the framework of programs. For this purpose, the registered persons at AWIN (so-called "publishers") make their advertising space, such as websites, available to the "advertisers". We are registered with AWIN as a "publisher", i.e. we provide the "advertisers" with advertising space (through links) on our website.

 

As part of its tracking services, AWIN stores cookies on the devices of users who visit or use websites or other online offers of advertisers (e.g. when placing an online order) to document transactions. These cookies serve the sole purpose of correctly assigning the success of an advertising medium and corresponding billing within the network. AWIN tracking cookies store an individual sequence of digits, which cannot be assigned to the individual user, which documents the affiliate program of an advertiser, the publishers and the time of the user's action (click or view). AWIN also collects information about the end device from which an action is performed, e.g. the operating system and the browser.

 

The legal basis for the use of AWIN is your consent, based on Section 25 (1) sentence 1 TDDDG for storage and access and Art. 6 (1) sentence 1 (a) GDPR for our further processing of your data. You give your consent via our cookie banner.

 

For more information about AWIN's use of data, please refer to the company's privacy policy: https://www.awin.com/de/rechtliches

 

In order to be able to redirect the user to the web shop that suits him or her (e.g. the US web shop), we use the so-called geo-location of "Country.is". Country.is is an open-source geolocation API that determines a user's country (and nothing else) based on their IP address. IP-based geolocation is the mapping of an IP address or MAC address to the real geographic location of an internet-connected computer or mobile device. Geolocation maps IP addresses to the country, region (city), latitude/longitude, ISP, domain name, and more. On this basis, the user is automatically redirected to the locally suitable webshop.

 

The legal basis for the use of Country.is is your consent, based on Section 25 (1) sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 (1) sentence 1 (a) GDPR for our further processing of your data. You give your consent via our cookie banner.

 

On our website, we use "Azur Content Delivery Network" from Microsoft, a service of Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

 

With Azur Content Delivery Network, we can reduce load times and improve performance for our high-bandwidth website content by distributing user requests and serving them directly from Microsoft servers. When you access website content, you connect to Microsoft servers, which transmits your IP address and, if applicable, browser data such as your user agent, as well as the time and date of your visit to the website. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Azur Content Delivery Network. The specific storage period of the processed data cannot be influenced by us, but is specified by Microsoft. For additional information, see: https://azure.microsoft.com/de-de/support/legal/.

 

The legal basis for our use of Azur Content Delivery Network is your consent, based on Section 25 (1) sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 (1) sentence 1 (a) GDPR for our further processing of your data. You give your consent via our cookie banner. Please note that Microsoft is a company from the USA. For information about Microsoft datacenter locations, see: https://www.microsoft.com/de-de/privacy/privacystatement#mainwherewestoreandprocessdatamodule. The new EU standard data protection clauses have been agreed as appropriate safeguards to ensure an adequate level of protection in data transfers. Microsoft is also an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the United States. More information can be found here: https://www.dataprivacyframework.gov/list and here: https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

 

On our website, we use the service of Findologic GmbH, Jakob-Haringer-Str. 5a, 5020 Salzburg ("Findologic") to provide a search function for our articles as well as for navigation. Cookies are used for the aforementioned service and various data are transmitted to Findologic. In particular, this includes the IP address and browser data of the users as well as associated behavioral data resulting from the search queries. This allows us to optimize the shopping experience for our users on the one hand, and on the other hand to better understand which products our users are most interested in. For more information about Findologic's privacy policy, please visit: https://findologic.com/datenschutz/

 

The legal basis for the use of Findologic is your consent, based on Section 25 (1) sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 (1) sentence 1 (a) GDPR for our further processing of your data. You give your consent via our cookie banner.

 

The so-called "meta pixel" is an invisible pixel integrated into our website, via which the online behaviour of every website visitor is analysed by Meta Platforms Ireland Limited (formerly Facebook Ireland Limited), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta"). The Meta Pixel makes it possible to transmit customer data such as first name, last name, email address, etc. to Meta and enrich it with existing tracking data. For example, it is possible to collect data from non-users of the social network Facebook or to record users who are not logged in to Facebook while visiting a website. As a result, website visitors are tracked via Meta, who deliberately prevent the storage of third-party cookies. We have the option of addressing you specifically on Facebook with an advertisement. However, it is also possible to use the meta pixel to specifically acquire new customers and address new people who resemble website visitors.

 

In addition to us, Meta itself is also responsible for data processing. Meta processes the data in accordance with Meta's Privacy Policy. For details, see Meta's Privacy Policy. For specific information and details about the meta pixel and how it works, see Meta's help section.

 

In this respect, we are jointly responsible with Meta for the processing of your personal data within the meaning of Art. 26 GDPR. In this case, you can in principle assert your rights (see section 12) against us as well as against Meta. However, Meta serves as the first point of contact. We have entered into an agreement with Meta on joint responsibility for the processing of personal data. You can view it at the following link: https://www.facebook.com/legal/controller_addendum.

 

The legal basis for the use of the Meta-Pixel is your consent, based on Section 25 (1) sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 (1) sentence 1 (a) GDPR for our further processing of your data. You give your consent via our cookie banner. Please note that Meta is a company from the USA. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection in data transfers. Meta is also an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the United States. You can find more information here: https://www.dataprivacyframework.gov/list.

 

We use the TikTok Pixel for conversion tracking, an analytics service provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").

 

The TikTok pixel is a snippet of Javascript code that allows us to analyze the activities of visitors to our website. The TikTok Pixel collects and for this purpose certain information of the respective visitors (so-called "event data"), which is then forwarded to TikTok. This includes User Content, date of birth, profile information, profile picture, usage data, device information, smartphone-related information, last name, first name, Internet service provider, IP address, email address, and browsing history.

 

Further information and TikTok's privacy policy can be found at: https://www.tiktok.com/legal/page/eea/privacy-policy/de

 

Tik Tok also offers users the option to view their profile: https://support.tiktok.com/de/account-and-privacy/personalized-ads-and-data/requesting-your-data

 

The legal basis for the use of the TikTok Pixel is your consent, based on Section 25 (1) sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 (1) sentence 1 (a) GDPR for the processing of your data. You give your consent via our cookie banner. Please note that TikTok is a company from China. TikTok uses the so-called standard contractual clauses as the basis for data processing outside the EU. To do this, see: https://www.tiktok.com/legal/page/eea/privacy-policy/de

Our website uses the Pinterest tag as a pixel from Pinterest Europe Ltd., Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland ("Pinterest") for remarketing purposes in order to be able to address you again on the social network Pinterest within 180 days. This allows users of our website to be shown interest-based advertisements (so-called "Pinterest ads") as part of their visit to Pinterest.

 

If you have consented (as described below), your browser will automatically establish a direct connection with the Pinterest server. By integrating the Pinterest Pixel, Pinterest receives the information that you have accessed the corresponding website of our website or clicked on an advertisement from us. If you are registered with Pinterest, Pinterest can assign the visit to your account.

 

In addition to the IP address and marketing identifier, Pinterest also receives information about the device you are using, the website you visit and the time you visit and can assign this data to your Pinterest account. Pinterest processes this data under its own responsibility. We have no influence on the data collection and further processing by Pinterest. We only have access to conversion reports and event history.

 

To control the types of ads you see within Pinterest directly on Pinterest, you can go to the page set up by Pinterest and edit your personalization settings. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices. You can also opt out of the use of cookies that are used for reach measurement and advertising purposes via the deactivation page of the network advertising initiative and additionally the US website aboutads.info or the European website youronlinechoices.com contradict.

 

For more information about Pinterest's data processing, please see the Pinterest Advertising Policies. You can also find general information on the display of Pinterest ads in the ad data terms.

 

The legal basis for the use of the Pinterest Pixel is your consent, based on Section 25 (1) sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 (1) sentence 1 (a) GDPR for the processing of your data. You give your consent via our cookie banner. Please note that Pinterest is a company from the USA. As a basis for data processing outside the EU, Pinterest uses the so-called standard contractual clauses. See https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea

Our website uses the  Snapchat pixel, an analytics tool provided by Snap Inc., 2772 Donald Douglas Loop N, Danta Monica (HQ), CA USA ("Snapchat"). The Snapchat pixel allows us to track the behavior of users who have come to our website through Snapchat ads. This allows us to measure the effectiveness of our advertising efforts, track conversions, and better tailor our ads to your interests. The Snapchat pixel is a JavaScript code that transmits the following data to Snapchat:

         HTTP header information (including IP address, web browser information, page location, document, website URL and web browser user agent, and day and time of use),

         Pixel-specific data; this includes pixel ID and your hashed email address (this data is used to associate events with a specific Snapchat ad account and associate them with a Snapchat user);

         · Additional information about the visit to our websites, as well as standard and custom data events,

         · orders placed (purchases),

         · the completion of registrations and purchases,

         · Additions to the shopping cart and

         · the retrieval of product information.

 

The aforementioned data processing only affects users who have an account with Snapchat. If an email address can be assigned to a Snapchat user, Snapchat will match that user to a Custom Audience based on the rules we have established, if the rules apply. We use the information obtained in this way for the presentation of our advertising content via Snapchat.

 

Please note that it cannot be ruled out that Snapchat processes the data concerned here for its own purposes and under its own responsibility and that this information is combined with the data already available at Snapchat, such as e.g. user profiles (if any).

 

The legal basis for our use of the Snapchat pixel is your consent, based on Section 25 (1) sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 (1) sentence 1 (a) GDPR for the processing of your data. You give your consent via our cookie banner.

 

In addition, you have the option of objecting to data collection by the Snapchat pixel by adjusting the privacy settings in your Snapchat account or deactivating the use of cookies. For more information and the setting options to protect your privacy for advertising purposes, please refer to Snapchat's privacy policy, which can be found at https://support.snapchat.com/en-US/a/advertising-preferences.

 

Please note that Snapchat is a company from the USA. As a basis for data processing outside the EU, Pinterest uses the so-called standard contractual clauses. To do this, see: https://www.snap.com/terms/standard-contractual-clauses?lang=en-US

Our website contains links to other websites such as the Carrera Club website or to social networks (Facebook or Meta, YouTube, Instagram). These websites are operated partly by us and partly by third parties. If you follow the links, information may be transmitted to these third parties in the latter case. For the purpose and scope of data collection by third-party websites as well as the further processing and use of your data there, as well as your rights in this regard and setting options to protect your privacy, please refer to the respective data protection notices of the operators.

We will only pass on your personal data to third parties or other recipients if this is necessary for the provision of services, if you have given your consent, if there is a legal obligation or if the data transfer is permissible on another legal basis. Data is passed on, for example, to the respective payment or shipping service provider, service providers for the provision of marketing services (e.g. e-mail marketing), technical service providers or – in the case of a corporate transaction – to interested parties/buyers, etc. Where necessary, we have concluded agreements with the recipients of your data on order processing in accordance with Art. 28 GDPR.

 

If you choose a payment method offered through the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will send your information provided during the order process along with the information about your order (name, address, account number, bank code, credit card number, credit card number, etc.). invoice amount, currency and transaction number). Your data will be passed on exclusively for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. For more information on Shopify Payments privacy, please visit the following web address: https://www.shopify.com/legal/privacy. Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

 

In addition, please note the separate data protection provisions of the payment methods you have selected.

 

Klarna: It is possible to use the payment options of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Payment is then made to Klarna. The use of the payment methods invoice and direct debit/instant transfer requires a positive credit check. If you want to use Klarna, your data will be forwarded to Klarna for the purpose of address and credit check as part of the purchase initiation and processing of the purchase contract. Based on the credit check, not all payment methods may be available to you. Please note that we have no influence on this. You can find more information and Klarna's terms of service here. Klarna's privacy policy can be found here.

 

PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full  In case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "payment in instalments" via PayPal, we provide your payment data as part of the payment processing to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). The transfer will take place in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values. For further information on data protection law, including the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.

 

VISA: www.visaeurope.com

MasterCard: https://www.mastercard.de/de-de.html

 

 

 

Our social media presences (Facebook or Meta, X, TikTok, YouTube, LinkedIn, Xing and Instagram) serve the purpose of informing you about Carrera as well as new developments, services and products from us. Depending on the offer of the respective providers, you have the opportunity for different interactions (comments, recommendations, etc.), e.g. in connection with our social media presence. User interaction is an important criterion for us to conduct targeted marketing. This allows us to determine, for example, which articles are preferred to read. We therefore also use the statistics determined by the providers in this regard for our own purposes. If we process personal data of the users in the process, the legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest then consists in particular in targeted information / advertising. You will be informed separately by the providers about the legal basis on which the providers process your data for their own purposes.

In individual cases, we are jointly responsible with the social media providers for the processing of your personal data. In this case, you can assert your rights (see Section 12) against us as well as against the social media provider. However, the social media provider serves as the first point of contact.

 

We have entered into an agreement with Meta on joint responsibility for the processing of personal data. This applies to the processing of so-called "insights data". These are page statistics, especially on the interactions of Facebook users. Details of the insights data can be found here: https://www.facebook.com/business/pages/manage#page_insights. You can view our agreement with Meta at the following link: www.facebook.com/legal/terms/page_controller_addendum. Please note that Meta is a company from the USA. Meta is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the United States. More information can be found here: https://www.dataprivacyframework.gov/list

 

We have also concluded a joint responsibility agreement with LinkedIn Ireland with regard to so-called "page insights". With the Page Insights, LinkedIn Ireland does not provide us with any personal data, but only aggregated data about you. It is not possible for us to draw conclusions about individual users from the information in the Page Insights. Details of Page Insights and our agreement with LinkedIn Ireland can be found at the following link: https://legal.linkedin.com/pages-joint-controller-addendum. Please note that LinkedIn Ireland may also process your data outside the EU/EEA. LinkedIn Corporation is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the United States. You can find more information here: https://www.dataprivacyframework.gov/list.

 

We use the analysis functions of "TikTok Insights". TikTok Insights provides us with an aggregated analysis of visitor behavior on our profile. For example, likes, or sharing videos, the age and gender of visitors can be recorded. We use this analysis via TikTok Insights to improve our profile, reach and audience reach. To the extent that the data you transmit to us via TikTok is processed exclusively by TikTok, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok Ireland"), TikTok Information Technologies UK Limited WeWork, 125 Kingsway, London, WC2B 6NH ("TikTok UK") is also the data controller. When we process data together with TikTok, we also have a joint responsibility agreement with TikTok. For details, see: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms, Part B 1, paragraphs 3 and 4). For a summary of the main contents of this Agreement, please see: https://www.tiktok.com/legal/page/global/information-about-tiktok-analytics/en.

 

With regard to the storage period of the data processed by you by us for our own purposes, we refer to our explanations under No. 10. In all other respects, please note the data protection regulations of the respective social media provider.

To the extent necessary for our purposes, we will also transfer your data to recipients outside the EU if you have given your consent, if there is a legal obligation or if the transfer of data is permitted on the basis of another legal basis. For example, your data will also be transmitted to recipients based in the USA as part of data processing. An adequate level of data protection is ensured by the conclusion of the new so-called EU standard contractual clauses and/or the participation of the service provider in the USA in the EU-U.S. Data Privacy Framework. An overview of the participants in the EU-U.S. Data Privacy Framework can be found here: https://www.dataprivacyframework.gov/s/participant-search

In principle, we will store your personal data for as long as it is necessary for the aforementioned purposes of processing, in the event of an objection there are no compelling reasons worthy of protection on the part of Carrera or in the event of a revocation there is no other legal basis for data processing. For the rest, please refer to the information in the cookie banner.

 

However, in certain cases, e.g. if there is a legal obligation to retain data, your personal data will not be deleted immediately, but will initially be blocked.

 

We protect your data from unauthorized access, loss or destruction through technical and organizational measures. Our security measures are continuously improved in line with technological developments. Our employees and all persons involved in data processing are obliged to comply with data protection-relevant laws and to handle personal data confidentially. Our employees are trained accordingly.

 

To protect the personal data of our users, we use a secure online transmission method called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" is appended to the address component http:// ("https://") or a green, closed lock symbol is displayed. By clicking on the icon, you will get information about the SSL certificate used. The display of the icon depends on the browser version you are using. SSL encryption ensures the encrypted and complete transmission of your data.

 

Within the framework of the legal requirements, you are generally entitled to Carrera to:

• Confirmation as to whether personal data concerning you is being processed by Carrera,
• information about this data and the circumstances of the processing,
• Correction, insofar as these data are incorrect,
• Deletion, insofar as there is no justification for the processing and no obligation to retain it (any longer),
• restriction of processing in special cases specified by law,
• Objection in the case of data processing on the basis of Art. 6 para. 1 sentence 1 lit. f. GDPR and
• Transmission of your personal data – to the extent that you have provided it – to you or a third party in a structured, commonly used and machine-readable format.

 

Insofar as the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time, with the consequence that the processing of your personal data becomes inadmissible for the future. However, this does not affect the lawfulness of the processing carried out on the basis of consent before its revocation.

 

Please send your specific request in writing or by e-mail to our data protection officer, clearly identifying yourself:

krupna LEGAL

Email: datenschutz@carrera-toys.com

 

Insofar as we process your data with third parties under joint responsibility within the meaning of Art. 26 GDPR, the third party is centrally responsible for exercising all rights of data subjects. However, you are free to assert your rights against us.

Finally, we would like to draw your attention to your right to lodge a complaint with the supervisory authority (Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at)

We do not use your personal data for automated individual decisions.

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can always find the latest version on our website.