We have noticed that you are shopping from the USWould you like to switch to our US Shopping experience?

PRIVACY POLICY

>>> General Terms and Conditions (GTC) for purchase on account (LINK)
>>> In addition to the Privacy Policy for Purchase on Account (LINK)

 

We, the Carrera Toys GmbH (CARRERA), are pleased about your visit to our website. In the following provisions, we inform you about the type, scope and purpose of the collection and use of your personal data on this website as well as in the context of the services we offer. Personal data is any information relating to an identified or identifiable natural person. This includes, in particular, your name, address and e-mail address. Please read the privacy policy carefully before using this website. We reserve the right to adapt parts of this privacy policy at our own discretion and legal requirements. Therefore, please check this privacy policy regularly for changes.

1. Data processing to enable the use of the website

When you access the content of our website, connection data is transmitted to our web server. These connection data include:

 

  • • the IP address (Internet Protocol address) of the respective users,
  • • the date and time of the request,
  • • the referrer URL,
  • • Device numbers such as e.B. UDID (Unique Device Identifier) and comparable device numbers, device information (e.B. device type) and
  • • the browser type /version.

 

This connection data is not used to draw conclusions about the person of the user or merged with data from other data sources, but serves to provide the website. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR. After 7 days at the latest, the data will be anonymized by shortening the IP address at domain level.

2. Data processing on request

The use of our website is usually possible without providing personal data. You are not obliged to access this website or provide any personal data. However, the provision of personal data is required, for .B, for the receipt of newsletters or in the event of registration. If you do not provide us with any personal data for the purposes listed below, you may not be able to use functionalities of this website or some of these services.

2.1. Dealer service "B2B Portal"

If you register as a dealer with us and use the dealer service or the B2B portal on our website, your details will be processed by us for this purpose. Details about the B2B portal can be found in the instructions in our portal under https://carrera-toys.com/dealer-portal. The processing of your personal data takes place on the basis of Art. 6 para. 1 sentence 1 lit.b GDPR.

2.2. Newsletter

If you have expressly consented, you will receive our newsletter. To receive our newsletter, it is sufficient to provide your e-mail address. The input of any additional information about you is voluntary, marked accordingly (*) and serves only to personalize the newsletter for you. To subscribe to our newsletter, we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. The processing of your personal data takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. There is no legal or contractual obligation to provide the personal data. Failure to give your consent will only result in you not receiving an e-mail newsletter. You can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. There is a link at the end of each newsletter to exercise the revocation. Alternatively, you can revoke your consent at any time, e.B. by e-mail to (shop-carrera-toys.de). As part of the registration for a newsletter, we also store your IP address and the time of registration in order to be able to fulfil our legal documentation obligation. The legal basis for data processing in this case is Art. 6 para. 1 sentence 1 lit.c GDPR.

2.3. Registration as a customer

If you wish to register with us as a customer, we will collect the necessary mandatory information (name, country, e-mail address, password) from you, which are marked accordingly (*). The input of any additional information about you is voluntary.

 

Registration is not necessary, but it makes the ordering process easier for you for future orders, as you can reuse the data you have already stored. Alternatively, you can place an order as a guest. In this case, with the exception of a password, we collect the same data from you as when you registered. However, this data is not stored in a customer account for you, so you do not have access to a customer account.

 

After registration, the login takes place by entering your e-mail address and password. Please always make sure to unsubscribe before leaving the website.

 

When using a password, please take appropriate security measures. For example, a password should be at least 8 characters long and, if possible, should always consist of a combination of letters in upper and lower case, numbers and special characters. Trivial passwords such as "ABC" or keyboard sequences (e.B. "qwert" or "asdfgh"), all kinds of names (such as friends, acquaintances, colleagues, family members, pets), city and building names, comic characters, car brands, car license plates, terms, dates of birth, telephone numbers, common abbreviations, etc. are problematic. The processing of your personal data takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Please note that in the event of a revocation, any bonus points collected will be cancelled without replacement. In addition, your IP address and the time of registration are stored by us as part of the registration. This is necessary to ensure the security of our information technology systems. The legal basis for the processing of your data in this case is Art. 6 para. 1 sentence 1 lit. f GDPR.

2.4. Login

access to your customer account. The login is done by entering your e-mail address and password.

 

login data must be kept strictly confidential. Should a transfer nevertheless have taken place, for example in order to enable access to certain data stocks by third parties in an emergency, the password must be changed immediately. For your own protection, it is forbidden to reuse passwords that have already been used.

 

In addition, your IP address and the time of access are stored by us as part of a login. This is necessary to ensure the security of our information technology systems.

 

We also set a session cookie every time you log in. This session cookie prevents automatic logout during the active use of the account or related services. After the respective logout, the session cookie is automatically deleted within a few minutes.

 

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR and, if your contractual relationship is concerned, Art. 6 para. 1 sentence 1 lit.b and/or f GDPR.

2.5. Wish list

If you as a customer (see para. 2.4.), you can add individual products from the shop to your wish list. Until you unsubscribe, you can access this wish list and see all the products you have added. The legal basis for the processing of your data in this case is Art. 6 para. 1 sentence 1 lit. f GDPR. When you unsubscribe as a customer, the wish list is automatically deleted.

2.6. Carrera Club Membership

If you want to register with us as a Carrera Club member, you must first order a membership in the shop for a certain period of time. We then collect the necessary mandatory information (name, address, e-mail address, password) from you in order to be able to send you, for example.B the membership card or gifts. Please note the age restrictions for purchases as a Carrera Club member.


After registration, the login is done by entering your club username and password on https://www.carreraclub.com/. Please always make sure to unsubscribe before leaving the website.

When using a password, please pay attention to appropriate security measures. For example, a password should be at least 8 characters long and, if possible, should always consist of a combination of letters in upper and lower case, numbers and special characters. In this respect, trivial passwords such as "ABC" or keyboard sequences (e.B. "qwert" or "asdfgh"), all kinds of names (such as friends, acquaintances, colleagues, family members, pets), city and building names, comic characters, car brands, license plates, terms, dates of birth, telephone numbers, common abbreviations, etc.

The processing of your personal data takes place for the fulfilment of the contract. The legal basis is Article 6 (1) sentence 1 lit.b GDPR. In addition, your IP address and the time of registration are stored by us as part of the registration. This is necessary to ensure the security of our information technology systems. The legal basis for the processing of your data in this case is Art. 6 para. 1 sentence 1 lit. f GDPR.

2.7. Ordering in the shop

If you place an order with us, we will process the following data from you:

  • • Registration data from the customer account or Your guest data,
  • • Purchase data (order/shopping cart),
  • • Payment data (payment method, account and credit card data, billing addresses)

The processing of your personal data takes place on the basis of Art. 6 para. 1 sentence 1 lit.b GDPR.

2.8. Sweepstakes

If you wish to participate in a competition offered by us via the Website, it is first necessary to create an account. The provision of your data is necessary for the purpose of carrying out the competition. After completion of the competition, this data or the account will be deleted, provided that there are no statutory retention obligations. The processing of your personal data takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. There is no legal or contractual obligation to provide the personal data. Failure to give your consent will only mean that you will not be able to participate in the competition. You can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

3. Data processing for the needs-based design of the website and tracking

In order to make the use of our website as pleasant as possible for you, we use so-called web tracking systems. Cookies are usually used for this purpose, i.e. small text files that are sent from a web server to your browser and stored on your computer's hard drive. This enables us to recognize the device you are using when using our shop. In this way, it is e.B possible for us to determine whether you are logged in, have an active shopping cart and what content the shopping cart has. The session cookies used for the use of the shop are deleted after the end of the browser session. Other cookies remain on your device and enable us to recognize your device on your next visit.


Most browsers are set to automatically accept cookies. You can deactivate the storage of cookies in your browser and have the option of deleting them from your hard drive at any time. However, you can also only prevent the setting of certain cookies via your browser (e.B. third-party cookies), for example if you want to prevent web tracking. Further information can be found in the help function of your browser.

We would also like to point out that you can also install a plugin in your browser to protect your privacy, which offers the possibility to prevent tracking – e.B. AdBlock, Ghostery or NoScript (please note the data protection information of the respective plugin provider).

Finally, we would like to point out that if cookies are deactivated, not all functions of this website may be used to their full extent.

The legal basis for the processing of your data follows, insofar as in the following provisions in para. 3.1.ff. not shown differently, from Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the needs-based design of the website.

3.1 Cookie consent with Cookiebot

In order to administer your consent to the use of tracking tools, we use the cookie consent technology "Cookiebot" of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark; Website: https://www.cookiebot.com/de/ (hereinafter "Cybot"). In this context, in addition to the connection data, the granting or rejection of your consent or the revocation of consent will be transmitted to Cybot. In order to be able to make the appropriate assignment, Cybot also sets a cookie in your browser. Cybot is used to obtain the legally prescribed consents for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit.c GDPR.

3.2. Google Analytics

Our website uses the tracking tool "Google Analytics". This is a service provided by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This tracking tool helps us to make the website more interesting for you and to improve the user experience. Data about the use of our website is stored in pseudonymous user profiles. Cookies may also be used for this purpose. In addition, data from different devices, sessions and interactions can be linked to a so-called "User ID". The generated information is usually transmitted to a Google server in the USA and stored there. We would like to point out that Google Analytics has been extended on our website by the "anonymizeIp" function. As a result, your IP address will first be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only then transmitted to a Google server in the USA. On our behalf, Google will use the information received to evaluate your use of our website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The pseudonymised user profiles will not be merged with personal data about the bearer of the pseudonym without a separately granted consent.


For more information about Google Analytics, please visit:
https://support.google.com/analytics/answer/2790010?hl=de

Please note that Google also has independent access to your data collected via Google Analytics and can also use this data for its own purposes. For example, Google may link this data to other data about you, such as your search history, personal account, usage data from other devices, and any other data that Google has about you. The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give your consent via our cookie banner. Please note that Google is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk for the protection of your data. For example.B, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as appropriate safeguards to ensure an adequate level of protection during data transfers.

3.3. YouTube

Our website uses plugins from the YouTube site operated by Google. When you visit one of our websites equipped with a YouTube plugin, a connection to YouTube's servers is established. The YouTube server is informed which of our website you have visited. If you are logged in to your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Please note that the provider is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk for the protection of your data. For example.B, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. If you still want to consent to the use of this tool, you can select this via the cookie banner.


Further information on the handling of user data can be found in YouTube's privacy policy at:
https://www.google.de/intl/de/policies/privacy

3.4. Facebook Pixel

The so-called "Facebook pixel" integrates an invisible Facebook pixel on our website, which is used to analyze the online behavior of each website visitor by Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). The Facebook pixel makes it possible to transmit customer data such as .B first name, last name, e-mail address, etc. to Facebook and enrich it with existing tracking data. This makes it possible to collect data from non-Facebook users or to record users who are not logged in to Facebook while visiting a website. As a result, website visitors are tracked via Facebook, which deliberately prevent the storage of third-party cookies. For example, if you place a vehicle in the shopping cart and cancel the purchase process, Facebook receives this information. We then have the opportunity to address you specifically on Facebook with an advertisement. Via the Facebook pixel, however, it is also possible to specifically win new customers and address new people who resemble website visitors.


In addition to us, Facebook itself is also responsible for data processing. The processing of the data by Facebook takes place in accordance with Facebook's data use policy. For details, see Facebook's Data Usage Policy . Specific information and details about the Facebook pixel and how it works can be found in the help area of Facebook.

 

Insofar as we are jointly responsible with Facebook within the meaning of Art. 26 GDPR for the processing of your personal data. In this case, you can assert your rights (see Section 10) in principle both against us and against Facebook. However, Facebook serves as the first point of contact. We have concluded an agreement with Facebook on joint responsibility for the processing of personal data.

This can be viewed under the following link: https://www.facebook.com/legal/controller_addendum

 

Our legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give your consent via our cookie banner. Please note that Facebook is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk for the protection of your data. For example.B, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. If you still want to consent to the use of this tool, you can select this via the cookie banner.

4. Links to other websites

Our website contains links to other websites such as.B. to the Carrera Club website or to social networks (Facebook, YouTube, Instagram). These websites are partly operated by us and partly by third parties. If you follow the links, in the latter case information may be transmitted to these third parties. The purpose and scope of the data collection by the websites of third parties as well as the further processing and use of your data there, as well as your rights in this regard and setting options for the protection of your privacy, can be found in the respective data protection information of the operators.

5. Data transmission

We only pass on your personal data to third parties or other recipients if this is necessary for the provision of services, if you have given your consent, if there is a legal obligation or if the transfer of data is permitted on another legal basis. Data is passed on, for example, to the respective payment or shipping service provider, service provider for the provision of marketing services (e.B. e-mail marketing), technical service providers or – in the case of a corporate transaction – to interested parties/buyers, etc. If necessary, we have concluded agreements with the recipients of your data on order processing in accordance with Art. 28 GDPR.

 

Please also note the separate data protection provisions of the payment methods.

 

PayPal: https://www.paypal.com/de/webapps/mpp/home

Klarna: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

VISA: www.visaeurope.com

MasterCard: https://www.mastercard.de/de-de.html

Stripe: https://stripe.com/de/privacy

6. Social Media Appearances
6.1 Data processing by CARRERA and legal basis

Our social media presences (Facebook, YouTube, LinkedIn, Xing and Instagram) serve the purpose of informing you about CARRERA as well as about new developments, services and products from us. Depending on the offer of the respective provider, you have e.B. the possibility of different interactions (commenting, recommendation, etc.) e.B. in connection with our social media presence. User interaction is an important criterion for us to conduct targeted marketing. In this way, we can determine, for example, .B. which contributions are preferably read. We therefore also use the statistics determined by the providers in this regard for our own purposes. If we process personal data of the users, the legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest then consists in particular in targeted information / advertising. You will be informed separately by the providers about the legal basis on the basis of which the providers processed your data for their own purposes.

6.2 Shared responsibility

In individual cases, we are jointly responsible with the social media providers for the processing of your personal data. In this case, you can assert your rights (see section 10) both against us and against .dem social media provider. However, the first point of contact is the social media provider.


We have concluded an agreement with Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA (Facebook) on joint responsibility for the processing of personal data. This applies to the processing of so-called "insights data". These are page statistics, in particular on the interactions of Facebook users. For details on the Insights data, see here. Our agreement with Facebook can be viewed at the following Link 

With regard to the storage period of the data processed by you for our own purposes, we refer to our explanations under para. 8. Incidentally, please note the data protection regulations of the respective social media provider.

7. Data transfer to countries outside the EU

Insofar as necessary for our purposes, we also transfer your data to recipients outside the EU if you have given your consent, if there is a legal obligation or if the transfer of data is permissible on another legal basis. As part of the data processing, your data will also be transmitted to recipients who are based in the USA. An adequate level of data protection is ensured by the conclusion of the so-called EU standard contractual clauses. Please note, however, that according to a recent ruling of the European Court of Justice (ECJ) in the USA, there is no adequate level of data protection and thus a risk for the protection of your data. For example.B, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. In addition, with regard to the legal basis for the data transfer, we refer to Art. 49 GDPR.

8. Duration for which personal data is stored / Criteria for determining the duration

In principle, your personal data will be stored by us for as long as it is necessary for the aforementioned purposes of processing, in the event of an objection there are no compelling legitimate grounds opposed by CARRERA or in the event of a revocation there is no other legal basis for data processing.


In certain cases, e.B. if there is a statutory retention obligation, your personal data will not be deleted immediately, but initially blocked.

9. Security measures to protect your personal data

We protect your data from unauthorized access, loss or destruction by means of technical and organizational measures. Our security measures are continuously improved in line with technological developments. Our employees and all persons involved in data processing are obliged to comply with data protection-relevant laws and the confidential handling of personal data. Our employees are trained accordingly.


To protect the personal data of our users, we use a secure online transmission method, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" ("https://") or a green, closed lock symbol is displayed on the address component http://. By clicking on the icon, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption ensures the encrypted and complete transmission of your data.

10. Your rights

In the context of the legal requirements, you are generally entitled to Carrera

 

  • • Confirmation of whether personal data concerning you is being processed by Carrera,
  • • Information about this data and the circumstances of the processing,
  • • Correction if this data is incorrect,
  • • Deletion, insofar as there is no justification for the processing and no obligation to store it (anymore),
  • • Restriction of processing in special cases determined by law,
  • • Objection in the event of data processing on the basis of Art. 6 para. 1 sentence 1 lit. f. GDPR and
  • • Transfer of your personal data – insofar as you have provided it – to you or a third party in a structured, commonly used and machine-readable format.

 

Insofar as the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time, with the result that the processing of your personal data will become inadmissible for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

Please address your specific request in writing or by e-mail to our data protection officer with a clear identification option for you:

 

crupna LEGAL

Dr. Karsten Krupna

Am Sandtorkai 77

20457 Hamburg

 

E-mail: datenschutz@carrera-toys.com

 

Insofar as we process your data under joint responsibility within the meaning of Article 26 GDPR with third parties, the third party is centrally responsible for the exercise of all rights of data subjects. However, you are free to assert your rights against us. Finally, we would like to draw your attention to your right to lodge a complaint with the supervisory authority (Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at).

11. No automated individual decision

We do not use your personal data for automated individual decisions.

12. Changes to the Privacy Policy

New legal requirements, business decisions or technical developments may require changes in our privacy policy. The data protection declaration will then be adapted accordingly. You can always find the latest version on our website.