Privacy Policy

We take the protection of your personal data very seriously and treat it confidentially and pursuant tothe EU General Data Protection Regulation (DS-GVO) and the German Federal Data Protection Act (BDSG) as well as the Carano privacy policy. The following information will provide you an overview of how your personal data is processed and the rights you are entitled to.

1. Who is responsible for the processing of personal data and who can I turn to?

Responsible body:
Carano Software Solutions GmbH
Bornstraße 32, 12163 Berlin
Phone: +49 30 399944-0
Fax: +49 30 399944-99
Email

Carano’s data protection officer:
Udo Wenzel
agentia Wirtschaftsdienst – Udo Wenzel, M.C.S.
CCP Certified Compliance Professional (Finance)
Bornstraße 32, 12163 Berlin
Phone: +49 30 399944-0
Fax: +49 30 399944-99
Email: datenschutz@carano.de

2. Who does this privacy policy apply to?

This privacy policy applies to all visitors to our webpages, our customers and interested parties, job applicants and individuals whose data we have researched (for preliminary information) from publicly accessible sources or received through business cards.

3. What data do we make use of?

In principle, you can visit our webpages without sharing with us your identity, unless you send us an email or message via our contact form, apply for a position or use our demos. In these cases, we will process only the data necessary to answer your inquiry or provide our services.
Which data is collected depends on the input forms. Required data is marked as mandatory fields. Insofar as further information requested by us, the information you provide is voluntary. We use this information to customize our offers to your needs. In all other cases, we will use only the data that is necessary for contacting you.

4. For what purposes and on what legal basis do we use your data?

We process your personal data pursuant tothe provisions laid out in the General Data Protection Regulation (DS-GVO) and the German Federal Data Protection Act (BDSG). Please note our information on your right of objection according to Article 21 DS-GVO.

a) Provision of solutions and services

The processing of personal data is carried out for the purpose of fulfilling a contract and for the implementation of precontractual measures carried out at your request (Art. 6 Para. 1b of the DS-GVO).

b) Contact form

If you submit inquiries using the contact form, the details you provide, including contact data, will be saved for the purpose of processing the inquiry and in the event of follow-up questions. This data will not be passed on without your consent. The data is processed in accordance to Art. 6 para. 1 lit. b of the DSGVO, insofar as your inquiry is connected with the fulfillment of a contract or is necessary for the implementation of precontractual measures. In all other cases, the processing is conducted on the basis of our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f of the DSGVO) or of your consent (Art. 6 para. 1 lit. a of the DSGVO). The data entered by you in the contact form will remain with us until you request its deletion, revoke your consent to its storage or the purpose for which it was saved ceases to apply (e.g. after your inquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

c) Request by email, telephone or fax

If you contact us by email, telephone or fax, your inquiry including all personal data (name, inquiry) will be saved and handled by us for the purpose of processing your request. This data will not be passed on without your consent.

This data is processed based on Art. 6 para. 1 lit. b of the DSGVO, provided your inquiry is related to the fulfillment of a contract or is necessary for the implementation of precontractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of the inquiries addressed to us (Art. 6 para. 1 lit. f of the DSGVO) or at your consent (Art. 6 para. 1 lit. a DSGVO).

The data you provide to us via contact inquiries will remain with us until you request its deletion, revoke your consent for retention or the purpose for which the data is retained no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

d) Registration on this website

You may register on this website to access its additional features. We will use the data entered solely for the purpose of using the respective offer or service for which you have registered. The mandatory data requested during registration must be provided in full. Otherwise the registration will be rejected.

In the event of important changes, for example in the range of the services and solutions or due to necessary technically changes, we will use the email address provided during registration to inform you. The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if applicable, for the initiation of further contracts (Art. 6 para. 1 lit. b of the DSGVO). The data entered during registration is retented by us for the period you are registered on this website and will be deleted subsequently. Legal retention periods remain unaffected.

e) Newsletter data

If you wish to receive the newsletter offered on the website, you will need to provide an email address as well as information that allows us to verify you are the owner of the email address and have consented to receiving the newsletter. Additional data is not collected or collected only on a voluntary basis. We use this data exclusively for sending the information requested and do not pass them on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a of the DSGVO). You may revoke your consent to the retention of the data, the email address as well as its use for sending the newsletter at any time, for example by using the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of subscribing to the newsletter will be saved by us or the newsletter service provider until you unsubscribe from the newsletter and are deleted from the newsletter mailing list upon cancellation. Data saved by us for other purposes remains unaffected.

After you have been removed from the newsletter mailing list, your email address may be retained by us or the newsletter service provider on a blacklist to prevent future mailings. The data from the blacklist will be used solely for this purpose and will not be merged with other data.

This serves both your interest and ours in terms of compliance with the legal provisions in the distribution of newsletters (legitimate interest in accordance to Art. 6 para. 1 lit. f of the DSGVO). Retention on the blacklist is not limited in time. You can object to the retention if your interests outweigh our legitimate interest. Moreover, we are subject to various legal obligations (e.g. Commercial Code, tax laws) based on legal guidelines (Article 6 para 1c of the DSGVO) or public interest (Article 6 para 1e of the DSGVO).

4.1 Privacy policy for job applicants

Please also note our privacy policy in the job application process.
The legal basis for the processing of your personal data in this application procedure is primarily § 26 BDSG (25.05.2018 version). According to this section, the processing of data with regard to the decision to establish an employment relationship is permissible. Should the data be required for legal prosecution subsequent to the completion of the application procedure, it may be processed in accordance to the provisions of Article 6 of the DS-GVO, in particular Article 6 (1) f of the DS-GVO to safeguard legitimate interests. Our interest is then tied to the assertion or defense of claims.

5. Who gets my data?

Within Carano, access to your data is granted to parties that require it to fulfill our contractual and legal obligations or in the context of balancing interests. Also, service providers and vicarious agents employed by us may receive data for these purposes, provided they maintain confidentiality and comply with our data protection instructions. Data will only be passed on to third parties pursuant tothe regulations of the DS-GVO and the BDSG.

6. Will the data be transferred to a third country?

No data is transferred to countries outside the EU or the EEA (EU third countries).

7. How long will my data be saved?

We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations or in the context of balancing interests. Data that is no longer required for the fulfillment of these purposes are regularly deleted, unless their – temporary – further processing is necessary for the fulfillment of retention periods under commercial and tax laws, such as the German Commercial Code and the German Fiscal Code. The periods of retention or documentation specified therein are six to ten years.

8. What data protection rights am I entitled to?

You have the right of information under Article 15 of the DS-GVO, right of correction under Article 16 of the DS-GVO, right of deletion under Article 17 of the DS-GVO, right to restrict processing under Article 18 of the DS-GVO, right of objection under Article 21 of the DS-GVO and right of data transferability under Article 20 of the DS-GVO. In addition, there is the right of appeal to a data protection supervisory authority (Article 77 of the DS-GVO in conjunction with Article 19 of the BDSG).

A list of the supervisory authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

You may revoke your consent to the processing of personal data at any time. Please note that the revocation is effective only for the future. Processing that took place prior to the revocation remains unaffected. Please also note our information regarding your right of objection under article of the 21 DS-GVO.

To exercise your rights, please contact our data protection officer mentioned above.

9. Is there an obligation to provide data?

Within the framework of our business relationship or the commissioning of services, you must provide the personal data necessary for the execution of the business relationship or the provision of a service, and the fulfillment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the commission, or we will be unable to execute an existing contract and therefore may have to terminate it.

10. Is automated decision-making including profiling conducted?

Pursuant to Article 22 of the DS-GVO, we do not fundamentally use fully automated decision-making including profiling.

11. Information regarding your right of objection under Article 21 of the DS-GVO

a) Right of objection on a case-by-case basis

You have the right to object to the processing of your personal data for reasons arising from your particular situation. The prerequisite for this is that the processing of data is carried out in the public interest or on the basis of a balance of interests. This also applies to profiling. In the event of an objection, we will cease processing of your personal data unless we can demonstrate compelling reasons considered worthy of protection and that which outweigh your interests, rights and freedoms. Alternatively, your personal data may be used to assert, exercise or defend legal claims.

b) Objection to the processing of your data for direct marketing

If your personal data is processed for our direct marketing purposes, you have the right to object to this at any time, including profiling linked to direct marketing. In the case of an objection, we will cease processing your personal data for these purposes. An objection may be made without any formal requirement and should be addressed, if possible, to our data protection officer mentioned above.

12. What kind of data is processed during the usage of the website?

a) Usage-related data

The provider of these webpages automatically collects and saves information in server log files transmitted automatically via your browser.

These are:

Browser type and browser version operating system used is Referrer URL

Host name of the accessing computer, time of the server request

IP address

This data is not merged with other data sources. The data recorded is founded on Art. 6 para. 1 lit. f of the DSGVO. The website operator has a legitimate interest in the provision of a technically error-free presentation and optimization of their website – to this end, server log files must be recorded.

b) Use of cookies

Our Internet pages use “cookies”. Cookies are small text files and do not incur damage on your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or video presentations). Other types of cookies are used to evaluate user behavior or display advertising.

Cookies required to carry out the electronic communication process (necessary cookies) or provide functions requested by you (functional cookies, e.g. for the shopping basket function) or optimize the website (e.g. cookies for evaluating the web audience) are saved pursuant to Art. 6 para. 1 lit. f of the DSGVO, unless another legal basis is indicated. The website operator has a legitimate interest in the depositing of cookies to ensure technically error-free and optimized provision of their services. If consent to the storage of cookies has been requested, depositing of the cookies in question will be carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a of the DSGVO); the consent may be revoked at any time.

You may set your browser so that you are informed of the placement of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general and activate the automatic deletion of cookies when closing the browser. Deactivation of cookies may limit this website’s functionality.

Insofar as cookies used by third-party companies or for analysis purposes are concerned, we will inform you separately within the scope of this privacy policy and, if necessary, request your consent.

c) Consent of cookies from Borlabs Cookie

Our website uses Borlabs Cookie Content Technology to obtain your consent to store certain cookies in your browser and document this consent in a manner consistent with data protection. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is placed in your browser, which stores the consent or the revocation you have given. This data is not passed on to the provider of Borlabs Cookie.

The data collected will be saved until you request us to delete it or until you delete the Borlabs cookies yourself or until the purpose for which the data is stored no longer applies. Mandatory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at: https://borlabs.io/kb/what-information-does-borlabs-cookie-store/?_ga=2.233546206.1549852592.1596460689-937799771.1593083223
Borlabs Cookie Content Technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is founded on Art. 6 para. 1 sentence 1 lit. c of the DSGVO. You may check and adjut your personal cookie settings here.

13. How secure is my data?

To protect the personal data of our customers and interested parties, we use a secure online transmission method secure socket layer (SSL) transmission. All information transmitted using this method is encrypted before it is sent. Your personal data will be processed exclusively at computer centers and computers protected by security technologies and in compliance with industry standards (e.g. firewalls, password protection, access controls, etc.).

14. What plugins and tools are used on the website?

This website uses plugins from social media platforms (Facebook, XING, LinkedIn, YouTube).
You can usually recognize the plugins by the social media logos. In order to guarantee data protection on this website, we use only these plugins in conjunction with the Shariff solution. This application prevents the plugins integrated on this website from transmitting data to their respective providers the moment you enter the site.

Only when you activate the respective plugin by clicking the corresponding button will a direct connection to the provider’s server be established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited this website along with your IP address. If you are simultaneously logged in to this particular social media account (e.g. Facebook), the provider in question can assign the visit to this website to your user account.

Activating the plugin constitutes consent as defined by Art. 6 para. 1 lit. a of the DSGVO. You may revoke this consent at any time with effect from that moment forwards.

The purpose and scope of data collection and the further processing and use of data by the aforementioned social networks as well as your rights and setting options for the protection of your privacy can be found in the data protection information on
www.facebook.com/policy.php, www.xing.com/privacy, www.linkedin.com/legal/privacy-policy and https://twitter.com/de/privacy.

b) YouTube

This website incorporates videos from the YouTube website. The latter is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our webpages that has YouTube embedded, a connection is made to YouTube’s servers. This lets the YouTube server know which of our pages you have visited. In addition, YouTube may deposite various cookies on your device or use similar technologies for recognition (e.g. device fingerprinting). In this way, YouTube may obtain information about visitors to this website. This information is used, among others, to gather video statistics, improve user experience and prevent fraud.

When you log into your YouTube account, you are giving permission for YouTube to associate your browsing behavior directly with your personal profile. You may prevent this by logging out of your YouTube account. YouTube is used in the interest of providing an attractive presentation of our online offers. This represents a legitimate interest based on Art. 6 para. 1 lit. f of the DSGVO. If consent has been requested, the processing is carried out solely purusant to Art. 6 para. 1 lit. a of the DSGVO; consent may be revoked at any time.

Further information on the handling of user data can be found in the YouTube privacy policy at

https://policies.google.com/privacy?hl=de.

c) Google Maps

This site uses Google Maps via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Saving your IP address is necessary for using the Google Maps function. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of creating an attractive presentation of our online offers and to facilitate finding the places indicated on the website. This represents a legitimate interest pursuant to Art. 6 Para. 1 lit. f of the DSGVO. If consent has been requested, the processing is carried out based exclusively on Art. 6 para. 1 lit. a of the DSGVO; consent may be revoked at any time.

d) Google Remarketing

This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Remarketing analyzes your user behavior on our website (e.g. by clicking on certain products) in order to determine your classification within certain advertising target groups which is then used to display advertising messages of interest to you when you visit other online products (remarketing or retargeting).

Furthermore, the target groups created by Google Remarketing may be linked to the cross-device functions of Google. In this way, interest-based, personalized advertising messages adapted to you on one device (e.g. mobile phone), based on your previous usage and surfing behavior, may also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google Account, you can opt-out of targeted advertising by clicking on the link below:
https://www.google.com/settings/ads/onweb/.

The use of Google Remarketing is based on Art. 6 para. 1 lit. f of the DSGVO. The website operator has a legitimate interest in marketing their products as effectively as possible. If consent has been requested, the processing is carried out exclusively pursuant to Art. 6 para. 1 lit. a of the DSGVO; consent may be revoked at any time.

You can find further information and the data protection provisions under Google’s privacy policy at
https://policies.google.com/privacy?hl=en.

15. Links to websites of other providers

Our website may contain links for information purposes to websites of other providers, whereby we have no influence on compliance with data protection and security regulations. Our data protection declaration therefore does not extend to these websites.

Valid as of July 2020