Privacy Policy

We take the protection of your personal data very seriously and treat it confidentially and pursuant tothe EU General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG) as well as the Carano privacy policy. The following information will provide you an overview of how your personal data is processed and the rights you are entitled to.

#1 Who is responsible for the processing of personal data and who can I turn to?

Responsible body:
Carano Software Solutions GmbH
Bornstraße 32, 12163 Berlin
Phone: +49 30 399944-0
Fax: +49 30 399944-99

E-Mail

Carano’s data protection officer:
Udo Wenzel
agentia Wirtschaftsdienst – Dipl.-Inform. Udo Wenzel
CCP Certified Compliance Professional (Finance)
Bornstraße 32, 12163 Berlin
Telefon: +49 30 399944-0
Telefax: +49 30 399944-99
E-Mail: datenschutz@carano.de

#2 Who does this privacy policy apply to?

This privacy policy applies to all visitors to our webpages, our customers and interested parties, job applicants and individuals whose data we have researched (for preliminary information) from publicly accessible sources or received through business cards.

#3 What data do we make use of?

In principle, you can visit our webpages without sharing with us your identity, unless you send us an email or message via our contact form, apply for a position or use our demos. In these cases, we will process only the data necessary to answer your inquiry or provide our services.
Which data is collected depends on the input forms. Required data is marked as mandatory fields. Insofar as further information requested by us, the information you provide is voluntary. We use this information to customize our offers to your needs. In all other cases, we will use only the data that is necessary for contacting you.

#4 For what purposes and on what legal basis do we use your data?

We process your personal data pursuant tothe provisions laid out in the General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG). Please note our information on your right of objection according to Article 21 DS-GVO.

a) Provision of solutions and services

The processing of personal data is carried out for the purpose of fulfilling a contract and for the implementation of precontractual measures carried out at your request (Art. 6 Para. 1b of the DS-GVO).

b) Contact form

If you submit inquiries using the contact form, the details you provide, including contact data, will be saved for the purpose of processing the inquiry and in the event of follow-up questions. This data will not be passed on without your consent. The data is processed in accordance to Art. 6 para. 1 lit. b of the DSGVO, insofar as your inquiry is connected with the fulfillment of a contract or is necessary for the implementation of precontractual measures. In all other cases, the processing is conducted on the basis of our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f of the DSGVO) or of your consent (Art. 6 para. 1 lit. a of the DSGVO). The data entered by you in the contact form will remain with us until you request its deletion, revoke your consent to its storage or the purpose for which it was saved ceases to apply (e.g. after your inquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

c) Request by email, telephone or fax

If you contact us by email, telephone or fax, your inquiry including all personal data (name, inquiry) will be saved and handled by us for the purpose of processing your request. This data will not be passed on without your consent.

This data is processed based on Art. 6 para. 1 lit. b of the DSGVO, provided your inquiry is related to the fulfillment of a contract or is necessary for the implementation of precontractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of the inquiries addressed to us (Art. 6 para. 1 lit. f of the DSGVO) or at your consent (Art. 6 para. 1 lit. a DSGVO).

The data you provide to us via contact inquiries will remain with us until you request its deletion, revoke your consent for retention or the purpose for which the data is retained no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

d) Registration on this website

You may register on this website to access its additional features. We will use the data entered solely for the purpose of using the respective offer or service for which you have registered. The mandatory data requested during registration must be provided in full. Otherwise the registration will be rejected.

In the event of important changes, for example in the range of the services and solutions or due to necessary technically changes, we will use the email address provided during registration to inform you. The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if applicable, for the initiation of further contracts (Art. 6 para. 1 lit. b of the DSGVO). The data entered during registration is retented by us for the period you are registered on this website and will be deleted subsequently. Legal retention periods remain unaffected.

e) Newsletter data

If you wish to receive the newsletter offered on the website, you will need to provide an email address as well as information that allows us to verify you are the owner of the email address and have consented to receiving the newsletter. Additional data is not collected or collected only on a voluntary basis. We use this data exclusively for sending the information requested and do not pass them on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a of the DSGVO). You may revoke your consent to the retention of the data, the email address as well as its use for sending the newsletter at any time, for example by using the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of subscribing to the newsletter will be saved by us or the newsletter service provider until you unsubscribe from the newsletter and are deleted from the newsletter mailing list upon cancellation. Data saved by us for other purposes remains unaffected.

After you have been removed from the newsletter mailing list, your email address may be retained by us or the newsletter service provider on a blacklist to prevent future mailings. The data from the blacklist will be used solely for this purpose and will not be merged with other data.

This serves both your interest and ours in terms of compliance with the legal provisions in the distribution of newsletters (legitimate interest in accordance to Art. 6 para. 1 lit. f of the DSGVO). Retention on the blacklist is not limited in time. You can object to the retention if your interests outweigh our legitimate interest. Moreover, we are subject to various legal obligations (e.g. Commercial Code, tax laws) based on legal guidelines (Article 6 para 1c of the DSGVO) or public interest (Article 6 para 1e of the DSGVO).

4.1 Privacy policy for job applicants

Please also note our privacy policy in the job application process.
The legal basis for the processing of your personal data in this application procedure is primarily § 26 BDSG (25.05.2018 version). According to this section, the processing of data with regard to the decision to establish an employment relationship is permissible. Should the data be required for legal prosecution subsequent to the completion of the application procedure, it may be processed in accordance to the provisions of Article 6 of the DSGVO, in particular Article 6 (1) f of the DSGVO to safeguard legitimate interests. Our interest is then tied to the assertion or defense of claims.

#5 Who gets my data?

Within Carano, access to your data is granted to parties that require it to fulfill our contractual and legal obligations or in the context of balancing interests. Also, service providers and vicarious agents employed by us may receive data for these purposes, provided they maintain confidentiality and comply with our data protection instructions. Data will only be passed on to third parties pursuant tothe regulations of the DSGVO and the BDSG.

#6 Will the data be transferred to a third country?

No data is transferred to countries outside the EU or the EEA (EU third countries).

#7 How long will my data be saved?

We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations or in the context of balancing interests. Data that is no longer required for the fulfillment of these purposes are regularly deleted, unless their – temporary – further processing is necessary for the fulfillment of retention periods under commercial and tax laws, such as the German Commercial Code and the German Fiscal Code. The periods of retention or documentation specified therein are six to ten years.

#8 What data protection rights am I entitled to?

You have the right of information under Article 15 of the DSGVO, right of correction under Article 16 of the DSGVO, right of deletion under Article 17 of the DSGVO, right to restrict processing under Article 18 of the DSGVO, right of objection under Article 21 of the DSGVO and right of data transferability under Article 20 of the DSGVO. In addition, there is the right of appeal to a data protection supervisory authority (Article 77 of the DSGVO in conjunction with Article 19 of the BDSG).

A list of the supervisory authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

You may revoke your consent to the processing of personal data at any time. Please note that the revocation is effective only for the future. Processing that took place prior to the revocation remains unaffected. Please also note our information regarding your right of objection under article of the 21 DSGVO.

To exercise your rights, please contact our data protection officer mentioned above.

#9 Is there an obligation to provide data?

Within the framework of our business relationship or the commissioning of services, you must provide the personal data necessary for the execution of the business relationship or the provision of a service, and the fulfillment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the commission, or we will be unable to execute an existing contract and therefore may have to terminate it.

#10 Is automated decision-making including profiling conducted?

Pursuant to Article 22 of the DSGVO, we do not fundamentally use fully automated decision-making including profiling.

#11 Information regarding your right of objection under Article 21 of the DSGVO

a) Right of objection on a case-by-case basis

You have the right to object to the processing of your personal data for reasons arising from your particular situation. The prerequisite for this is that the processing of data is carried out in the public interest or on the basis of a balance of interests. This also applies to profiling. In the event of an objection, we will cease processing of your personal data unless we can demonstrate compelling reasons considered worthy of protection and that which outweigh your interests, rights and freedoms. Alternatively, your personal data may be used to assert, exercise or defend legal claims.

#12 What kind of data is processed during the usage of the website?

a) Usage-related data

The provider of these webpages automatically collects and saves information in server log files transmitted automatically via your browser.

These are:

  • Browser type and browser version operating system used is Referrer URL
  • Host name of the accessing computer, time of the server request
  • IP address

This data is not merged with other data sources. The data recorded is founded on Art. 6 para. 1 lit. f of the DSGVO. The website operator has a legitimate interest in the provision of a technically error-free presentation and optimization of their website – to this end, server log files must be recorded.

b) Use of cookies

Our Internet pages use “cookies”. Cookies are small text files and do not incur damage on your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or video presentations). Other types of cookies are used to evaluate user behavior or display advertising.

Cookies required to carry out the electronic communication process (necessary cookies) or provide functions requested by you (functional cookies, e.g. for the shopping basket function) or optimize the website (e.g. cookies for evaluating the web audience) are saved pursuant to Art. 6 para. 1 lit. f of the DSGVO, unless another legal basis is indicated. The website operator has a legitimate interest in the depositing of cookies to ensure technically error-free and optimized provision of their services. If consent to the storage of cookies has been requested, depositing of the cookies in question will be carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a of the DSGVO); the consent may be revoked at any time.

You may set your browser so that you are informed of the placement of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general and activate the automatic deletion of cookies when closing the browser. Deactivation of cookies may limit this website’s functionality.

Insofar as cookies used by third-party companies or for analysis purposes are concerned, we will inform you separately within the scope of this privacy policy and, if necessary, request your consent.

c) Consent of cookies from Borlabs Cookie

Our website uses Borlabs Cookie Content Technology to obtain your consent to store certain cookies in your browser and document this consent in a manner consistent with data protection. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is placed in your browser, which stores the consent or the revocation you have given. This data is not passed on to the provider of Borlabs Cookie.

The data collected will be saved until you request us to delete it or until you delete the Borlabs cookies yourself or until the purpose for which the data is stored no longer applies. Mandatory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at: https://borlabs.io/kb/what-information-does-borlabs-cookie-store/?_ga=2.233546206.1549852592.1596460689-937799771.1593083223
Borlabs Cookie Content Technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is founded on Art. 6 para. 1 sentence 1 lit. c of the DSGVO. You may check and adjust your personal cookie settings.

#13 How secure is my data?

To protect the personal data of our customers and interested parties, we use a secure online transmission method secure socket layer (SSL) transmission. All information transmitted using this method is encrypted before it is sent. Your personal data will be processed exclusively at computer centers and computers protected by security technologies and in compliance with industry standards (e.g. firewalls, password protection, access controls, etc.).

#14 What plugins and tools are used on the website?

This website uses plugins from social media platforms (Facebook, XING, LinkedIn, YouTube).
You can usually recognize the plugins by the social media logos. In order to guarantee data protection on this website, we use only these plugins in conjunction with the Shariff solution. This application prevents the plugins integrated on this website from transmitting data to their respective providers the moment you enter the site.

Only when you activate the respective plugin by clicking the corresponding button will a direct connection to the provider’s server be established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited this website along with your IP address. If you are simultaneously logged in to this particular social media account (e.g. Facebook), the provider in question can assign the visit to this website to your user account.

Activating the plugin constitutes consent as defined by Art. 6 para. 1 lit. a of the DSGVO. You may revoke this consent at any time with effect from that moment forwards.

The purpose and scope of data collection and the further processing and use of data by the aforementioned social networks as well as your rights and setting options for the protection of your privacy can be found in the data protection information on
www.facebook.com/policy.php, https://privacy.xing.com/de/datenschutzerklaerung, www.linkedin.com/legal/privacy-policy and https://twitter.com/de/privacy

b) YouTube

This website incorporates videos from the YouTube website. The latter is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our webpages that has YouTube embedded, a connection is made to YouTube’s servers. This lets the YouTube server know which of our pages you have visited. In addition, YouTube may deposite various cookies on your device or use similar technologies for recognition (e.g. device fingerprinting). In this way, YouTube may obtain information about visitors to this website. This information is used, among others, to gather video statistics, improve user experience and prevent fraud.

When you log into your YouTube account, you are giving permission for YouTube to associate your browsing behavior directly with your personal profile. You may prevent this by logging out of your YouTube account. YouTube is used in the interest of providing an attractive presentation of our online offers. This represents a legitimate interest based on Art. 6 para. 1 lit. f of the DSGVO. If consent has been requested, the processing is carried out solely purusant to Art. 6 para. 1 lit. a of the DSGVO; consent may be revoked at any time.

Further information on the handling of user data can be found in the YouTube privacy policy at

https://policies.google.com/privacy?hl=de.

Wenn Sie in Ihrem YouTube-Account eingeloggt sind, ermöglichen Sie YouTube, Ihr Surfverhalten direkt Ihrem persönlichen Profil zuzuordnen. Dies können Sie verhindern, indem Sie sich aus Ihrem YouTube-Account ausloggen. Die Nutzung von YouTube erfolgt im Interesse einer ansprechenden Darstellung unserer Online-Angebote. Dies stellt ein berechtigtes Interesse im Sinne von Art. 6 Abs. 1 lit. f DSGVO dar. Sofern eine entsprechende
Einwilligung abgefragt wurde, erfolgt die Verarbeitung ausschließlich auf Grundlage von Art. 6 Abs. 1 lit. a DSGVO; die Einwilligung ist jederzeit widerrufbar.

Weitere Informationen zum Umgang mit Nutzerdaten finden Sie in der Datenschutzerklärung von YouTube unter:

https://policies.google.com/privacy?hl=de.

c) Google Maps

This site uses Google Maps via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Saving your IP address is necessary for using the Google Maps function. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of creating an attractive presentation of our online offers and to facilitate finding the places indicated on the website. This represents a legitimate interest pursuant to Art. 6 Para. 1 lit. f of the DSGVO. If consent has been requested, the processing is carried out based exclusively on Art. 6 para. 1 lit. a of the DSGVO; consent may be revoked at any time.

d) Google Remarketing

This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Remarketing analyzes your user behavior on our website (e.g. by clicking on certain products) in order to determine your classification within certain advertising target groups which is then used to display advertising messages of interest to you when you visit other online products (remarketing or retargeting).

Furthermore, the target groups created by Google Remarketing may be linked to the cross-device functions of Google. In this way, interest-based, personalized advertising messages adapted to you on one device (e.g. mobile phone), based on your previous usage and surfing behavior, may also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google Account, you can opt-out of targeted advertising by clicking on the link below:
https://www.google.com/settings/ads/onweb/.

The use of Google Remarketing is based on Art. 6 para. 1 lit. f of the DSGVO. The website operator has a legitimate interest in marketing their products as effectively as possible. If consent has been requested, the processing is carried out exclusively pursuant to Art. 6 para. 1 lit. a of the DSGVO; consent may be revoked at any time.

You can find further information and the data protection provisions under Google’s privacy policy at
https://policies.google.com/privacy?hl=en.

 

e) LinkedIn Plugin

This website uses features of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time you access a page on this website that contains LinkedIn features, a connection to LinkedIn servers is established. LinkedIn is notified of your visit by your IP address. When you click the LinkedIn “Recommend Button” and are logged into your LinkedIn account, LinkedIn will assign the visit to this website to you and your user account. We wish to point out that as the provider of these webpages, we have no knowledge of the data transmitted and its use by LinkedIn.

The use of the LinkedIn plugin is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest to ensure the highest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; consent may be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details are found here:

https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.

 

f) Sendinblue

This website uses the services of Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

SendinBlue is a service that can be used to organize and analyze the sending of newsletters. If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), this will be stored on German servers.

Using Sendinblue we can analyze our newsletter campaigns. When you open an email sent with Sendinblue, a file contained in the email (so-called web beacon) connects to the Sendinblue servers. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the each newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyzes can be used for future optimization of the newsletter according to the interests of the recipients.

If you do not wish to be analyzed by Sendinblue, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you have entried for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected.

After you have been removed from the newsletter distribution list, your e-mail address may be stored in a blacklist by us or the newsletter service provider in order to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests. For more information, see Sendinblue’s privacy policy at: https://de.sendinblue.com/datenschutz-uebersicht/

Conclusion of a data processing agreement
We have concluded a so-called “Data Processing Agreement” with Sendinblue, in which we oblige Sendinblue to protect our customers’ data and not to pass it on to third parties.

g) Mouseflow

This website uses Mouseflow, a web analytics tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark.
Data processing is used for the purpose of analyzing this website and its visitors. To this end, data is collected and stored for marketing and optimization purposes. From this data, usage profiles are generated under pseudonyms. Cookies are used for this purpose.
With the help of the web analysis tool Mouseflow, randomly selected individual visits (only with anonymized IP addresses) are recorded. This creates a log of mouse movements and clicks aimed at randomly replaying individual website visits and obtaining potential improvements for the website. The data collected by Mouseflow will not be used to identify visitors to this website without prior consent of the person concerned and will not be merged with personal data of the bearer of the pseudonym.
Processing is carried out on in accordance to Art. 6 (1) f) DSGVO from the legitimate interest in direct customer communication and as required in the design of the website. Based on Art. 6 (1) f DSGVO, you have the right to object at any time to this processing of personal data with regard to you for reasons arising from your particular situation. To do so, you may on the whole deactivate data recording on all websites that use Mouseflow on the browser you are currently using at the following link: https://mouseflow.com/opt-out/
If you are interested in commissioned data processing, you may authorize this with us directly via RightSignature online: https://mouseflow.com/gdpr/

h) Use of SalesViewer® technology

On this website, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer technology of SalesViewer®® GmbH on the basis of the legitimate interests of the website operator (Art. 6 (1) (f) GDPR).

For this purpose, a JavaScript-based code is used to collect company-related data and the corresponding use. The data collected with this technology is encrypted using a non-reversible one-way function (so-called hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website.

The data stored within the framework of SalesViewer will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.

The collection and storage of data can be revoked to at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out in order to prevent the collection by SalesViewer® within this website in the future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you will have to click this link again.

 

#15 Links to websites of other providers

Our website may contain links for information purposes to websites of other providers, whereby we have no influence on compliance with data protection and security regulations. Our data protection declaration therefore does not extend to these websites.

valid as of 04-2023