Privacy policy

We, the Carrera Toys GmbH ("Carrera/we"), are delighted that you have visited our website. In the following provisions, we inform you about the type, scope and purpose of the collection and use of your personal data on this website and in the context of the services we offer.

Personal data is any information relating to an identified or identifiable natural person. This includes in particular your name, your address and your email address.

Please read the privacy policy carefully before using this website. We reserve the right to amend parts of this privacy policy at our own discretion and in accordance with legal requirements. Please therefore check this privacy policy regularly for changes.

1. Provider and data protection officer

The website provider and controller within the meaning of data protection law is

Carrera Toys GmbH

Rennbahn Allee 1

5412 Puch/Salzburg Austria

Managing director with power of representation: Mr. Stefan Krings

Tel.: +43 662 88921-0 E-Mail: shop@carrera-revell.com

You can reach the data protection officer of Carrera Toys GmbH at:

krupna LEGAL www.krupna.legal

E-Mail: datenschutz@carrera-revell.com

 

Every time you access content on our website, connection data is transmitted to our web server. This connection data includes:

- the IP address (Internet Protocol address) of the respective user,

- the date and time of the request,

- the referrer URL,

- device numbers such as z.B. UDID (Unique Device Identifier) and comparable device numbers, device information (z.B. device type) and

- the browser type/browser version.

This connection data is not used to draw conclusions about the person of the user or merged with data from other data sources, but is used to provide the website. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR. After 7 days at the latest, the data is anonymized by shortening the IP address at domain level.

 

The use of our website is generally possible without providing personal data. You are neither obliged to access this website nor to provide personal data. However, z.B. the provision of personal data is required for the receipt of newsletters or in the case of registration. If you do not provide us with personal data for the purposes listed below, you may not be able to use the functionalities of this website or some of these services.

 

If you register with us as a retailer and use the retailer service or the B2B portal on our website, your data will be processed by us for this purpose. Details on the B2B portal can be found in the instructions in our portal at https://carrera-revell.com/dealer-portal.

The processing of your personal data is based on Art. 6 para. 1 sentence 1 lit. b GDPR.

 

The provider of the website and controller within the meaning of data protection law is

Carrera Toys GmbH

Rennbahn Allee 1

5412 Puch/Salzburg Austria

Managing director with power of representation: Mr. Stefan Krings

Tel.: +43 662 88921-0 E-Mail: shop@carrera-revell.com

You can reach the data protection officer of Carrera Toys GmbH at:

krupna LEGAL www.krupna.legal

E-Mail: datenschutz@carrera-revell.com

 

If you wish to register with us as a customer, we collect the required mandatory information (name, country, e-mail address, password), which is marked accordingly (*). Entering any additional information about yourself is voluntary.

Registration is not necessary, but makes the ordering process easier for you for future orders, as you can reuse the data you have already saved. Alternatively, you can also place an order as a guest. In this case, we collect the same data from you as when you register, with the exception of a password. However, this data will not be stored in a customer account for you, so you will not have access to a customer account.

After registering, you can log in by entering your e-mail address and password. Please always make sure you log out before leaving the website.

When using a password, please take appropriate security measures. For example, a password should be at least 8 characters long and, if possible, always consist of a combination of upper and lower case letters, numbers and special characters. Trivial passwords such as "ABC" or keyboard sequences (z.B. "qwert" or "asdfgh"), all kinds of names (e.g. of friends, acquaintances, colleagues, family members, pets), city and building names, comic figures, car brands, license plates, terms, dates of birth, telephone numbers, common abbreviations, etc.

The processing of your personal data is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Please note that in the event of revocation, any bonus points collected will be forfeited without replacement. Please also note the corresponding usage information on our website with regard to bonus points.

In addition, your IP address and the time of registration are stored by us as part of the registration process. This is necessary to ensure the security of our information technology systems. The legal basis for the processing of your data in this case is Art. 6 para. 1 sentence 1 lit. f GDPR.

 

If you are registered as a customer, you can access your customer account via the login function on this website. You can log in by entering your e-mail address and password.

Login data must be kept strictly confidential. If the password is nevertheless disclosed, for example to enable third parties to access certain data in an emergency, it must be changed immediately. For your own protection, it is prohibited to reuse passwords that have already been used.

In addition, your IP address and the time of access are stored by us when you log in. This is necessary to ensure the security of our information technology systems.

We also set a session cookie each time you log in. This session cookie prevents automatic logout during active use of the account or associated services. After the respective logout, the session cookie is automatically deleted within a few minutes.

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR and, if your contractual relationship is affected, Art. 6 para. 1 sentence 1 lit. b and/or f GDPR.

 

If you are registered as a customer (see section 3.4. f.), you can add individual products from the store to your wish list. Until you log out, you can access this wish list and see all the products you have added there. The legal basis for the processing of your data in this case is Art. 6 para. 1 sentence 1 lit. f GDPR. When you log out as a customer, the wish list is automatically deleted.

 

When you place an order with us, we process the following data about you:

- Registration data from the customer account or your guest data,

- Purchase data (order/shopping cart),

- Payment data (payment method, account and credit card details, billing addresses)

Your personal data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR.

 

If you would like to take part in a competition offered by us via the website, you must first create an account. The provision of your data is necessary for the purpose of running the competition. After completion of the competition, this data or the account will be deleted, provided there are no statutory retention obligations.

The processing of your personal data is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. There is no legal or contractual obligation to provide the personal data. The only consequence of not giving your consent is that you will not be able to take part in the competition. You can withdraw your consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

We provide a separate club area on our website for our Carrera Club. The data processing in connection with our Carrera Club is described in the following sections.

 

If you would like to register with us as a club member, you must first order a membership in our online store. We will then collect the mandatory information required from you (name, address, email address, password) to set up your member account so that you can take advantage of the club benefits.

After registration, you can log in by entering your Club user name and password via the Club area on our website. Please always make sure you log out before leaving the website.

When using a password, please take appropriate security measures. A password should be at least 8 characters long and, if possible, always consist of a combination of upper and lower case letters, numbers and special characters. Trivial passwords such as "ABC" or keyboard sequences (z.B. "qwert" or "asdfgh"), all kinds of names (e.g. of friends, acquaintances, colleagues, family members, pets), city and building names, comic characters, car brands, license plates, terms, dates of birth, telephone numbers, common abbreviations, etc.

are problematic in this respect

The processing of your personal data is carried out to fulfill the contract. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

In addition, your IP address and the time of registration are stored by us as part of the registration process. This is necessary to ensure the security of our information technology systems. The legal basis for the processing of your data in this case is Art. 6 para. 1 sentence 1 lit. f GDPR.

 

If you are a club member, you have the option of using the login function on this website to access separate information or functionalities in our club area.

Login data must be kept strictly confidential. If a password is nevertheless disclosed, for example to enable access to certain databases by third parties in an emergency, the password must be changed immediately. For your own protection, it is prohibited to reuse passwords that have already been used.

In addition, your IP address and the time of access are stored by us when you log in. This is necessary to ensure the security of our information technology systems.

We also set a session cookie each time you log in. This session cookie prevents automatic logout during active use of the account or associated services. After logging out, the session cookie is automatically deleted within a few minutes.

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR and, if your contractual relationship is affected, Art. 6 para. 1 sentence 1 lit. b GDPR.

 

If you have purchased a club membership, a member account will be created for you, which can be viewed by other club members. You can use the settings to select which information about you should be visible to other Club members.

If you already have a customer account in accordance with section 2.3 f., the data from your previous customer account will be linked to your member account. This enables you to take advantage of the club benefits when ordering in our online store.

The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR.

 

As a club member, you have the opportunity to get in touch with other club members via chat in our club forum. The content of your posts in the forum (text, photos or videos) and your user name can only be viewed by other club members and the administrators of Carrera . In this respect, the club forum is a closed area that is moderated and administered by Carrera . The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR.

If posts within the forum are also of interest to other customers of Carrera , Carrera will ask the club member who published the post and request consent to publish the post u.a. on the social media sites of Carrera . Your personal data will then be processed on the basis of your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR

 

Please note the provisions in this privacy policy under point 7

 

The provider of the website and controller within the meaning of data protection law is the

Carrera Toys GmbH

Rennbahn Allee 1

5412 Puch/Salzburg Austria

Managing director with power of representation: Mr. Stefan Krings

Tel.: +43 662 88921-0 E-Mail: shop@carrera-revell.com

You can reach the data protection officer of Carrera Toys GmbH at:

krupna LEGAL www.krupna.legal

E-Mail: datenschutz@carrera-revell.com

 

In order to make your use of our website as pleasant as possible, we use so-called web tracking systems. For this purpose i.d.R. Cookies, d.h. small text files that are sent from a web server to your browser and stored on your computer's hard disk. This enables us to recognize the device you are using when you use our store. This enables us z.B. to determine whether you are logged in, have an active shopping cart and what the contents of the shopping cart are. The session cookies used to use the store are deleted at the end of the browser session. Other cookies remain on your end device and enable us to recognize your end device on your next visit.

Details on the cookies used on the website can be found in the cookie banner and in the following provisions. The legal basis for the processing of your data follows, unless otherwise stated in the following provisions in Section 5.1. ff. from Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the needs-based design of the website. Finally, we would like to point out that if cookies are deactivated, it may not be possible to use all the functions of this website to their full extent. Please also note that deactivation may have to be carried out for each browser and for each end device.

 

In order to manage your consent to the use of tracking tools, we use the cookie consent technology "Cookiebot". The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, Website: https://www.cookiebot.com/de/ ("Usercentrics"). In this context, in addition to the connection data, the granting or refusal of your consent or the revocation of consent is transmitted to Usercentrics. Usercentrics also sets a cookie in your browser in order to be able to make the corresponding assignment.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

 

Provider of the website and controller within the meaning of data protection law is the

Carrera Toys GmbH

Rennbahn Allee 1

5412 Puch/Salzburg Austria

Managing director with power of representation: Mr. Stefan Krings

Tel.: +43 662 88921-0 E-Mail: shop@carrera-revell.com

You can reach the data protection officer of Carrera Toys GmbH at:

krupna LEGAL www.krupna.legal

E-Mail: datenschutz@carrera-revell.com

 

Our website uses plugins from the YouTube site operated by GoGoogle. If you visit one of our websites equipped with a YouTube plugin and actively click on the corresponding field, a connection to the YouTube servers is established. This tells the YouTube server which of our websites you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The legal basis for the use of YouTube is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that Google is a company from the USA. Information about the locations of Google's data centers can be found at www.google.com/about/datacenters/locations/ . The new EU standard data protection clauses were agreed as appropriate safeguards to ensure an adequate level of protection for data transfers. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list.

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

 

We use the Google Tag Manager "GTM". This service from Google allows website tags to be managed via an interface. However, the GTM only implements tags. In this respect, no cookies are used. The GTM only triggers other tags, which in turn may collect data, but the GTM does not access this data. The data is only analyzed in the respective tool (see the tools listed in section 5 for details). However, the GTM records your IP address and online identifiers (including cookie identifiers), which may also be transmitted to GoGoogle in the USA. You can find additional information on GTM at https://support.google.com/tagmanager/answer/6102821?hl=de

The legal basis for the use of GTM is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent via our cookie banner. Please note that the provider is a company from the USA. The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an adequate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list

 

To reduce delivery errors, we use the Address Validation API from GoGoogle. The Address Validation API can be used to determine whether an entered address refers to a real location or contains errors. For this purpose, your IP address and the content you enter in the address field are transmitted to Google. If the address entered z.B. is incomplete, a correction recommendation is made via the Address Validation API, which you can accept. Alternatively, you will be asked to correct the address you entered.

The legal basis for the use of the Address Validation API is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that the provider is a company from the USA. The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an adequate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list.

 

&We have integrated "AWIN" on our website. AWIN is an affiliate marketing software from AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany. Registered providers ("advertisers") can use AWIN to advertise their online goods and services as part of programs. For this purpose, the persons registered with AWIN (so-called "publishers") make their advertising space, such as websites, available to the "advertisers". We are registered with AWIN as a "publisher", i.e. we provide the "advertisers" with advertising space (through links) on our website.

As part of its tracking services, AWIN stores cookies on the end devices of users who visit or use websites or other online offers from advertisers (z.B. when placing an online order) in order to document transactions. These cookies serve the sole purpose of correctly assigning the success of an advertisement and the corresponding billing within the network. In the AWIN tracking cookies, an individual sequence of numbers is stored, which cannot be assigned to the individual user, with which the partner program of an advertiser, the publisher and the time of the user's action (click or view) are documented. AWIN also collects information about the end device from which an action is performed, z.Bthe operating system and the browser.

The legal basis for the use of AWIN is your consent, based on § 25 para. 1 p. 1 TDDDG for storage and access and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner.

For more information on the use of data by AWIN, please refer to the company's privacy policy: https://www.awin.com/de/rechtliches

 

In order to be able to redirect the user to the appropriate webshop (z.B. the US webshop) from us, we use the so-called geo-localization of "Country.is". Country.is is an open source geolocation API that determines the country of a user (and nothing else) based on their IP address. IP-based geolocalization is the assignment of an IP address or MAC address to the actual geographical location of a computer or mobile device connected to the Internet. With geolocalization, IP addresses are assigned to the country, the region (city), the latitude/longitude, the Internet provider and the domain name, among other things. On this basis, the user is automatically forwarded to the webshop that is locally appropriate for them.

The legal basis for the use of Country.is is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner.

 

On our website we use "Azure Content Delivery Network" from Microsoft, a service of Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

The Azur Content Delivery Network allows us to reduce load times and improve performance for our high bandwidth website content by distributing user requests and delivering them directly from Microsoft servers. When you access website content, you establish a connection to Microsoft servers, whereby your IP address and possibly browser data such as your user agent, but also the time and date of your visit to the website are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Azur Content Delivery Network. The specific storage period of the processed data cannot be influenced by us, but is specified by Microsoft. You can find additional information at: https://azure.microsoft.com/de-de/support/legal/.

The legal basis for the use of Azur Content Delivery Network by us is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that Microsoft is a company from the USA. Information about the locations of Microsoft's data centers can be found at: https://www.microsoft.com/de-de/privacy/privacystatement#mainwherewestoreandprocessdatamodule. The new EU standard data protection clauses were agreed as suitable guarantees to ensure an appropriate level of protection when transferring data. Microsoft is also an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Weitere Informationen finden Sie hier: https://www.dataprivacyframework.gov/list und hier: https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

 

We use the service of Findologic GmbH, Jakob-Haringer-Str. 5a, 5020 Salzburg ("Findologic") on our website to provide a search function for our articles and for navigation. Cookies are used for the aforementioned service and various data are transmitted to Findologic. This includes in particular the IP address and browser data of the user as well as associated behavioral data resulting from the search queries. This enables us to optimize the shopping experience for our users and to better understand which products our users are most interested in. Further information on Findologic's privacy policy can be found at: &

The legal basis for the use of Findologic is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner.

 

The so-called "meta pixel" is an invisible pixel embedded on our website, which is used by Meta Platforms Ireland Limited (formerly Facebook Ireland Limited), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta") to analyze the online behavior of each website visitor. The Meta pixel makes it possible to store customer data such as z.B. First name, last name, email address, etc. to Meta and enrich it with existing tracking data. This makes it possible to collect data from non-users of the Facebook social network or to record users who are not logged in to Facebook while visiting a website. As a result, website visitors are tracked via Meta, which deliberately prevents the storage of third-party cookies. This gives us the opportunity to target you on Facebook with an advertisement. However, it is also possible to use the meta pixel to acquire new customers and target new people who are similar to website visitors.

We are responsible for data processing, as is Meta itself. Meta processes the data in accordance with the Privacy Policy of Meta. For details, please refer to the Privacy Policy of Meta. Specific information and details about the Meta Pixel and how it works can be found in the help section of Meta.

In this respect, we are jointly responsible with Meta i.S.d. Art. 26 GDPR for the processing of your personal data. In this case, you can assert your rights (see Section 12) against both us and Meta. However, Meta serves as the first point of contact. We have concluded an agreement with Meta on joint responsibility for the processing of personal data. You can view this at the following link: https://www.facebook.com/legal/controller_addendum.

The legal basis for the use of the meta pixel is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that Meta is a company from the USA. The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an adequate level of protection when transferring data. Meta is also an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list.

 

We use the TikTok pixel for conversion tracking, an analytics service provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").

The TikTok pixel is a JavaScript code snippet that allows us to analyze the activities of visitors to our website. The TikTok pixel collects certain information from the respective visitors (so-called "event data"), which is then forwarded to TikTok. This includes user content, date of birth, profile information, profile picture, usage data, device information, smartphone-related information, last name, first name, internet service provider, IP address, email address and browser history.

Further information and TikTok's privacy policy can be found at: https://www.tiktok.com/legal/page/eea/privacy-policy/de

Tik Tok also offers users the option to view their profile: https://support.tiktok.com/de/account-and-privacy/personalized-ads-and-data/requesting-your-data

The legal basis for the use of TikTok Pixel is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for the processing of your data. You give your consent via our cookie banner. Please note that TikTok is a company from China. TikTok uses the so-called standard contractual clauses as the basis for data processing outside the EU. Hierzu unter: https://www.tiktok.com/legal/page/eea/privacy-policy/de

 

Our website uses the Pinterest tag as a pixel from Pinterest Europe Ltd, Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland ("Pinterest") for remarketing purposes in order to be able to address you again on the Pinterest social network within 180 days. This allows users of our website to be shown interest-based advertisements (so-called "Pinterest ads") when they visit Pinterest.

If you have given your consent (as described below), your browser automatically establishes a direct connection with the Pinterest server. By integrating the Pinterest pixel, Pinterest receives the information that you have accessed the corresponding website of our Internet presence or have clicked on an advertisement from us. If you are registered with Pinterest, Pinterest can assign the visit to your account.

In addition to the IP address and the marketing identifier, Pinterest also receives information about the device you are using, the website visited and the time and can assign this data to your Pinterest account. Pinterest processes this data under its own responsibility. We have no influence on data collection and further processing by Pinterest. We only have access to conversion reports and the event history.

To set directly on Pinterest which types of ads are displayed to you within Pinterest, you can go to the page set up by Pinterest and there edit your personalization settings. The settings are platform-independent, d.hthey are applied to all devices, such as desktop computers or mobile devices. You can also opt out of the use of cookies for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative und zusätzlich die US-amerikanische Webseite aboutads.info oder die europäische Webseite youronlinechoices.com widersprechen.

For more information on data processing by Pinterest, please refer to the Pinterest Advertising Guidelines. You can also find general information on the display of Pinterest advertisements in the Advertising Data Policy.

The legal basis for the use of Pinterest Pixel is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for the processing of your data. You give your consent via our cookie banner. Please note that Pinterest is a company from the USA. Pinterest uses the so-called standard contractual clauses as the basis for data processing outside the EU. Hierzu unter: https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea

 

Our website uses the  Snapchat pixel, an analysis tool from Snap Inc, 2772 Donald Douglas Loop N, Danta Monica (HQ), CA USA ("Snapchat"). With the Snapchat pixel, we can track the behavior of users who have reached our website via Snapchat ads. This enables us to measure the effectiveness of our advertising measures, track conversions and better tailor our ads to your interests. The Snapchat pixel is a JavaScript code that transmits the following data to Snapchat:

·         HTTP Header-Informationen (u.a. IP address, information on the web browser, page location, document, URL of the website and user agent of the web browser as well as day and time of use),

·         pixelspezifische Daten; this includes the pixel ID and your hashed email address (this data is used to link events to a specific Snapchat advertising account and associate them with a Snapchat user),

-         additional information about visits to our websites, as well as standard and user-defined data events,

·         getätigte Bestellungen (Kaufabschlüsse),

-         the completion of registrations and purchase transactions,

·         Additionen zum Warenkorb sowie

·         den Aufruf von Produktinformationen.

The aforementioned data processing only affects users who have an account with Snapchat. If the email address can be assigned to a Snapchat user, Snapchat assigns this user to a target group ("Custom Audience") based on the rules we have defined, provided that the rules are relevant. We use the information obtained in this way to present our advertising content via Snapchat.

Please note that it cannot be ruled out that Snapchat may process the data concerned here for its own purposes and under its own responsibility and merge this information with the data already available at Snapchat, such as user profiles (if available).

The legal basis for our use of the Snapchat pixel is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment. 1 lit. a GDPR for the processing of your data. You give your corresponding consent via our cookie banner.

You also have the option of objecting to the collection of data by the Snapchat pixel by adjusting the privacy settings in your Snapchat account or deactivating the use of cookies. For more information and the setting options for protecting your privacy for advertising purposes, please refer to Snapchat's privacy policy, which can be found at https://support.snapchat.com/en-US/a/advertising-preferences .

Please note that Snapchat is a company from the USA. Pinterest uses the so-called standard contractual clauses as the basis for data processing outside the EU. Hierzu unter: https://www.snap.com/terms/standard-contractual-clauses?lang=en-US

 

Our website contains links to other websites such as z.B. to the Carrera Club website or to social networks (Facebook or Meta, YouTube, Instagram). Some of these websites are operated by us and some by third parties. If you follow the links, information may be transmitted to these third parties in the latter case. For the purpose and scope of data collection by the third-party websites and the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, please refer to the respective data protection notices of the operators.

 

We only pass on your personal data to third parties or other recipients if this is necessary for the provision of services, if you have given your consent, if there is a legal obligation or if the transfer of data is permitted on another legal basis. Data is passed on, for example, to the respective payment or shipping service provider, service providers for the provision of marketing services (z.B. email marketing), technical service providers or - in the case of a company transaction - to interested parties/buyers, etc. Where necessary, we have concluded agreements with the recipients of your data on order processing in accordance with Art. 28 GDPR.

If you choose a payment method offered via the payment service provider Shopify Payments, payment processing will be carried out via the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information you provide during the ordering process together with information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number). Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. You can find more information on Shopify Payments' data protection at the following Internet address: https://www.shopify.com/legal/privacy. Data protection information on Stripe Payments Europe Ltd. finden Sie hier: https://stripe.com/de/privacy

Please also note the separate data protection provisions of the payment methods you have selected.

Klarna: It is possible to use the payment options of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Payment is then made to Klarna. The use of the payment methods invoice and direct debit/immediate transfer requires a positive credit check. If you wish to use Klarna, your data will be forwarded to Klarna for the purpose of address and credit checks as part of the purchase initiation and processing of the purchase contract. Based on the credit check, not all payment methods may be available to you. Please note that we have no influence on this. Further information and Klarna's terms of use can be found here. You can find Klarna's privacy policy here.

PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full  When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we will pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be processed in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency to credit agencies. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Further data protection information, including information on the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

VISA: www.visaeurope.com

MasterCard: https://www.mastercard.de/de-de.html

 

Our social media presences (Facebook or Meta, X, TikTok, YouTube, LinkedIn, Xing and Instagram) serve the purpose of informing you about Carrera as well as new developments, services and products from us. Depending on the services offered by the respective providers, you z.B. have the option of various interactions (commenting, recommending, etc.) z.B. in connection with our social media presence. User interaction is an important criterion for us in order to conduct targeted marketing. This allows us z.B. to determine which posts are read most frequently. We therefore also use the statistics determined by the providers in this regard for our own purposes. Insofar as we process personal data of users, the legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest then consists in particular in targeted information/advertising. You will be informed separately by the providers about the legal basis on which the providers process your data for their own purposes.

 

In some cases, we are jointly responsible with the social media providers for the processing of your personal data. In this case, you can assert your rights (see section 12) against both us and the social media provider. However, the social media provider serves as the first point of contact.

We have concluded an agreement with Meta on joint responsibility for the processing of personal data. This applies to the processing of so-called "Insights data". These are page statistics, in particular on the interactions of Facebook users. Details of the Insights data can be found here: https://www.facebook.com/business/pages/manage#page_insights. You can view our agreement with Meta at the following link: www.facebook.com/legal/terms/page_controller_addendum. Please note that Meta is a company from the USA. Meta is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list

We have also concluded a joint responsibility agreement with LinkedIn Ireland with regard to so-called "Page Insights". With the Page Insights, LinkedIn Ireland does not provide us with any personal data about you, but only aggregated data. It is not possible for us to draw conclusions about individual users from the information in the Page Insights. Details on Page Insights and our agreement with LinkedIn Ireland can be found at the following link: https://legal.linkedin.com/pages-joint-controller-addendum. Please note that LinkedIn Ireland may also process your data outside the EU/EEA. LinkedIn Corporation is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list.

We use the analysis functions of "TikTok Insights". TikTok Insights provides us with an aggregated analysis of visitor behavior on our profile. For example, likes or the sharing of videos, the age and gender of visitors can be recorded. This analysis via TikTok Insights is used by us to improve our profile, reach and target group reach. Insofar as the data you provide to us via TikTok is processed exclusively by TikTok, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok Ireland"), TikTok Information Technologies UK Limited WeWork, 125 Kingsway, London, WC2B 6NH ("TikTok UK") is also responsible for data processing in addition to us. Where we process data jointly with TikTok, we have also entered into a joint controllership agreement with TikTok. Details of this can be found at: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms, Part B 1, points 3 and 4). A summary of the main contents of this agreement can be found at: https://www.tiktok.com/legal/page/global/information-about-tiktok-analytics/en.

With regard to the storage period of the data processed by us for our own purposes, please refer to our explanations under point 10. In addition, please note the data protection regulations of the respective social media provider.

 

If necessary for our purposes, we also transfer your data to recipients outside the EU if you have given your consent, if there is a legal obligation or if the transfer of data is permitted on another legal basis. As part of data processing, your data will also be transferred to recipients based in the USA. An adequate level of data protection is ensured by the conclusion of the new so-called EU standard contractual clauses and/or the participation of the service provider in the USA in the EU-U.S. Data Privacy Framework is ensured. An overview of the participants in the EU-U.S. Data Privacy Framework can be found here: https://www.dataprivacyframework.gov/s/participant-search

 

In principle, your personal data will be stored by us for as long as is necessary for the aforementioned purposes of processing, in the event of an objection there are no compelling legitimate grounds for Carrera processing to the contrary or in the event of revocation there is no other legal basis for data processing. Please also note the information in the cookie banner.

In certain cases, z.B. however, if there is a legal obligation to retain your data, your personal data will not be deleted immediately, but will first be blocked.

 

We use technical and organizational measures to protect your data against unauthorized access, loss or destruction. Our security measures are continuously improved in line with technological developments. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to handle personal data confidentially. Our employees are trained accordingly.

To protect the personal data of our users, we use a secure online transmission method, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" is appended to the address component http:// ("https://") or a green, closed lock symbol is displayed. By clicking on the symbol, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption guarantees the encrypted and complete transmission of your data.

 

Within the framework of the legal requirements, you are generally entitled to Carrera

• confirmation as to whether personal data concerning you is being processed by Carrera ,
• Information about this data and the circumstances of the processing,
• rectification if this data is incorrect,
• Erasure if there is no justification for the processing and there is (no longer) an obligation to retain the data,
• Restriction of processing in specific cases determined by law,
• Objection in the event of data processing on the basis of Art. 6 para. 1 sentence 1 lit. f. GDPR and
• Transfer of your personal data - insofar as you have provided it - to you or a third party in a structured, commonly used and machine-readable format.

If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time, with the result that the processing of your personal data will become unlawful for the future. However, this does not affect the lawfulness of processing based on consent before its withdrawal.

Please send your specific request in writing or by email, clearly identifying yourself, to our data protection officer:

krupna LEGAL

E-Mail: datenschutz@carrera-revell.com

Insofar as we process your data under joint responsibility i.S.d. Art. 26 GDPR with third parties, the third party is centrally responsible for exercising all data subject rights. However, you are at liberty to assert your rights against us as well.

Finally, we would like to draw your attention to your right of appeal to the supervisory authority (Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at)

 

We do not use your personal data for automated individual decision-making.

 

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You will always find the latest version on our website.