Data protection
Data protection declaration | Autoform Carbox GmbH
Stand 03.06.2024
Who we are
The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
Autoform Carbox GmbH
Justus-von-Liebig-Str-7-9
28832 Achim
Germany
+49 4202 9697 0
info@carbox.de
https://www.carbox.de
Contact with the data protection officer
The data protection officer of the person responsible is:
Dataco GmbH
Nymphenburger Str. 86
80636 Munich
Germany
+49 89 7400 45840
www.dataguard.de
General information on data processing
On this page we inform you about the processing of your personal data on the website.
How we collect and use your personal data depends on how you interact with us or which services you use. We only collect, use or share your personal data if we have a legitimate purpose and a legal basis for this.
What do we mean by the legal basis?
consent (Art. 6 Para. 1 S. 1 lit. a GDPR) -Sie gave us your consent to the processing of your personal data for the specific purpose that we have explained to you. You have the right to revoke your consent at any time. To do this, please contact the data protection officer under the contact details below.
Contract (Art. 6 Para. 1 S. 1 lit. b GDPR) -We have to use your data to fulfill a contract that you have with us. Alternatively, it is necessary to use your data because we asked you to do it or you have taken certain steps yourself before you have received this contract.
Legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR) -We have to use your data to comply with the law.
Vital interests (Art. 6 Para. 1 S. 1 lit. d GDPR) -The processing of your data is necessary to protect your vital interests or that of another person. For example, to protect them from serious physical damage.
Public task (Art. 6 Para. 1 S. 1 lit. e GDPR)) -The processing of your data is necessary for the performance of a task that lies in the public interest, or because it is covered by a legally defined task, e.g. B. for a legal function.
Legitimate interests (Art. 6 Para. 1 p.1 lit. f GDPR) -The processing of your data is necessary to support a legitimate interest that we or another party have, only if your own interests do not outweigh.
Please note that we may not be able to provide you with our web shop if your data is processed as part of the fulfillment of a contract or a legal obligation and you do not provide the requested data.
Your rights
If personal data is processed by you, you are affected in the sense of I.S.D. GDPR and the following rights are entitled to the person responsible:
1. The right to information (Art. 15 GDPR)
You have the right to request confirmation from us whether you are processed personal data. If this is the case, you have the right to information about this data and the following information:
- Processing purposes
- Categories of personal data
- Recipient or categories of recipients
- Planned memory period or the criteria for determining this duration
- the right to correction, deletion or restriction or contradiction
- Law of complaint with the responsible supervisory authority
- If necessary, origin of the data (if collected in a third party)
- If necessary, there is an automated decision making including profiling with meaningful information about the logic, the scope and the expected effects
- If necessary, transmission of personal data to a third country or international organization
2. Right to correction (Art. 16 GDPR)
If your personal data is incorrect or incomplete, you have the right to request an immediate correction or supplement of the personal data.
3. Right to restriction of processing (Art. 18 GDPR)
If one of the following requirements is met, you have the right to restrict the processing of your personal data:
- They deny the correctness of your personal data, for a duration that enables us to check the correctness of the personal data.
- As part of illegal processing, you reject the deletion of personal data and instead request the restriction of the use of personal data.
- We no longer need your personal data for the purposes of processing, but you need your personal data to assert, exercise or defend your legal claims or
- After you have objected to the processing, for the duration of the examination whether our legitimate reasons outweigh your reasons.
4. Right to deletion ("right to be forgotten") (Art. 17 GDPR)
If one of the following reasons is available, you have the right to request your personal data immediately:
- Your data is no longer necessary for the processing purposes for which you were originally collected.
- You cancel your consent and there is no other legal basis for the processing.
- They make an objection to the processing and there are no priority legitimate reasons for the processing or they are objecting in accordance with Art. 21 Para. 2 GDPR.
- Your personal data will be processed illegally.
- The deletion is necessary to fulfill a legal obligation under Union law or the law of the member state, which we are subject to.
- The personal data was collected in relation to offered services of the information company in accordance with Article 8 (1) GDPR.
- To exercise the right to freedom of expression and information;
- To fulfill a legal obligation or to perform a task that is in the public interest and which we are subject.
- For reasons of public interest in the area of public health.
- For archive purposes, scientific or historical research purposes or for statistical purposes.
- To assert, exercise or defend legal claims.
5. Right to data portability (Art. 20 GDPR)
You have the right to maintain your personal data in a structured, common and machine -readable format or to request the transmission to another responsible person.
6. Right to object to certain data processing (Art. 21 GDPR)
You have the right to object at any time against the processing of the personal data relating to it due to Art. 6 Para. 1 S. 1 lit. e or f GDPR. This also applies to a profiling based on these provisions.
If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; This also applies to profiling, insofar as it is connected to such direct advertising.
7. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial legal remedy, you have the right to complain to a supervisory authority if you believe that the processing of the personal data relating to it violates the GDPR.
The supervisory authority, in which the complaint was submitted, teaches the complainant about the status and the results of the complaint, including the possibility of a judicial legal remedy in accordance with Art. 78 GDPR.
You can access a list of the supervisory authorities responsible in Germany on the website of the Federal Data Protection website under the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
Common use of data and international transmission
As explained in this data protection declaration, we take advantage of various service providers that help us provide our services and the security of your data. If we use these service providers, it is necessary to pass on your personal data to you.
With all the service providers to which we pass on your data, we have concluded agreements that you oblige to protect your data.
If your personal data is passed on outside of the EU, we ensure that your personal data will receive an equivalent level of protection, either because the country in which your data is transmitted has an "reasonable" data protection standard in accordance with the European Commission, or by a Apply other protective measure, such as B. an extended contractual agreement, i.e. h. The standard contract clauses (SCCS) adopted by the European Commission.
For example, if we use US service providers, depending on the provider, we rely on either the SCC or the EU-US data protection framework. You can request a copy of the SCCs that we have completed with our service providers by sending an email to the email address provided in this data protection directive.
Provision of the website and creation of the log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
- Information about the browser type and the version used
- The operating system of the user
- Date and time of access
- Websites from which the user's system reaches our website
This data is stored in the log files of our system.
There is no storage of this data together with other personal data of the user.
2. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session.
The storage in log files takes place to ensure the functionality of the website. We also serve the data to optimize the website and to ensure the safety of our information technology systems. There is no evaluation of the data for marketing purposes in this context.
3. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 S. 1 lit. f GDPR.
4. Duration of the storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose of their survey. In the event of the data for providing the website, this is the case if the respective session is ended.
In the event of storing the data in log files, this is the case after seven days at the latest. In addition, it is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Possibility of contradiction
The data for providing the website and storing the data in log files is imperative for the operation of the website. The user can contradict this. Whether the objection is successful must be determined in the context of a balancing of interests.
Use of cookies
1. Description and scope of data processing
When visiting our website, we use technical aids for different functions, especially cookies that can be saved on your device. When you call up our website and at any time, you have the choice at any time whether you generally allow the setting of cookies or which individual additional functions you would like to select. You can make changes in your browser settings or via our consent manager.
Cookies are text files or information in a database that is stored on your hard drive and assigned to the browser you use, so that the place that sets the cookie can flow to certain information. Below we describe what type of cookies we use:
We use technically necessary cookies that are required for the technical structure of the website. Without these cookies, our website cannot be displayed (fully correct) or the support functions are not possible.
The following data is stored and transmitted by the technically necessary cookies:
- Use of website functions
We use cookies on our website that are not technically necessary. Text files are viewed as technically not necessary cookies that do not only serve the functionality of the website, but also collect other data.
By setting technically non -necessary cookies, the following data are processed:
- Location of Internet users
- Date and time of calling the website
- Adjustment of advertisements to the user
- Tracking of surfing behavior
- Linking the website visit to other social media platforms
2. Purpose of data processing
The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a change of sides.
For the following applications we need the technically necessary cookies:
- Functionality of the website
The use of technically non -necessary cookies is to improve the quality of our website, your content and thus our reach and economy. By setting these cookies, we learn how the website is used and can thus steadily optimize our offer. In particular, these cookies serve us for the following purposes:
To improve the user experience and to optimize our services through personalization, marketing and functional improvement. Furthermore, it helps us to make the website more attractive and user -friendly.
3. Legal basis for data processing
For the storage of information in the end device of the end user and/or access to the information already stored in the final device of the end user, the provisions of the telecommunications official data protection law (TDDDG) are relevant. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your end facility is based on Section 25 (2) No. 2 TDDDG. This storage and access to the information in your end facility serve to make it easier for you to use our website and to be able to offer you our services, as you wish,. Some functions of our website do not work without the use of these cookies and could therefore not be offered. The cookies are deleted in size after the end of the session (e.g. logging or closing the browser) or after the expiry of a given duration. You can find information about different storage deadlines in cookies to the following sections of this data protection declaration.
Insofar as cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can grant you via the cookie banner. In this case, the basis for the storage and access to information is § 25 Paragraph 1 TDDDDG in conjunction with Art. 6 Para. 1 lit. a), Art. 7 GDPR. You can revoke your consent at any time with effect for the future or re -issue it by configuring your settings for cookies. Alternatively, you can prevent the storage of cookies by making the appropriate setting of your browser software. Please note that the browser settings made only work for the browser used in each case. If personal data is processed after storing and accessing the information on your end facility, the provisions of the GDPR are relevant. You can find information on this in the following sections of this data protection declaration.
4. Objection and deletion
You can revoke your consent to the use of cookies at any time.
registration
1. Description and scope of data processing
On our website we offer users the opportunity to register with personal data. The data is entered in an input mask and transmitted to us and saved. There is no transfer of the data to third parties. The following data is collected as part of the registration process:
• E-mail address
• Last name
• First name
• address
• Telephone/ cell phone number
• Date and time of registration
As part of the registration process, the user's consent to process this data is obtained.
2. Purpose of data processing
Registration of the user is required to fulfill a contract with the user or to carry out pre -contractual measures.
3. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 Para. 1 S. 1 lit. a GDPR if the user is consent.
If the registration of the fulfillment of a contract, the contracting party of which is the user or the implementation of pre -contractual measures, is an additional legal basis for the processing of data Art. 6 Para. 1 S. 1 lit. b GDPR.
4. Duration of the storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose of their survey.
This is the case for the data collected during the registration process to fulfill a contract or to carry out pre -contractual measures if the data is no longer necessary for the implementation of the contract. Even after the contract has been concluded, there may be a necessity to save personal data from the contractual partner in order to comply with contractual or legal obligations.
5. Possibility of revocation in the event of consent
As a user, you have the opportunity to dissolve the registration at any time. You can have the data stored over you at any time.
In detail, you can apply for the deletion in the following way:
Customer account: Insofar as you have granted your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR by choosing a customer account, we use your data for the purpose of the customer account opening and to store your data for further future orders our website. The deletion of your customer account is possible at any time and can be made either by means of a message to the contact option described in this data protection declaration or via a function provided in the customer account. After deleting your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve a usage usage that is permitted and via which we inform you in this explanation.
If the data is necessary to fulfill a contract or to carry out pre -contractual measures, early deletion of the data is only possible if there is no contractual or legal obligations of deletion.
Web shop
We offer a web shop on our website.
For this we use the following web shop software:
Shopify of the provider Shopify 151 O’Connor Street, Ground Floor, Ottawa, ON, K2P 2L8, Canada (hereinafter referred to as Shopify).
You can find more information in the provider's data protection declaration:
https://www.shopify.com/de/legal/datenschutz
The website and the web shop are hosted on external servers by a service provider commissioned by us.
Our service provider is:
Company Shopify International Ltd.
The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information is:
• Information about the browser type and the version used
• The operating system of the user
• Date and time of access
• Websites from which the user's system reaches our website
This data is not merged with other data sources. This data is recorded on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and the optimization of its website-the server log files must be recorded.
With the corresponding service provider, we have concluded a contract for order processing, in which we oblige the relevant service provider to protect user data and not to pass it on in third parties.
The location of the website of the website is geographically in Germany.
Payment options
1. Description and scope of data processing
We offer our customers various payment options for processing their orders. To do this, we forward customers to the platform of the corresponding payment service provider depending on the payment option. After completing the payment process, we receive the payment data of the customers from the payment service providers or our house bank and process them in our systems for the purpose of invoicing and accounting.
Payment by Amazon Pay
It is possible to process the payment process with the payment service provider AmazonPay. AmazonPay makes it possible to make online payments to third parties by using the payment and shipping information stored in their Amazon account.
The European operating company of AmazonPay is the Amazon Payments Europe S.C.A., 38 Avenue J.F. Kennedy, L-1855 Luxembourg. If you already have an Amazon.de customer account, you can immediately use the payment method stored there via bank directory or with a credit card. This requires registration with your Amazon account.
You can find more information and your order overview via AmazonPay at https://pays.amazon.de.
When paying via Amazon Pay, all personal data that Amazon Pay is communicated or collected by Amazon Pay, primarily by Amazon Pays S.C.A. And secondary by Amazon EU Sarl, Amazon Services Europe Sarl and Amazon Media EU Sarl, all three based in 5, Rue Plaetis L 2338, Luxembourg. Further information on the processing of your data by Amazon as part of AmazonPay can be found in the data protection regulations of Amazon Pay at:
https://pay.amazon.com/de/help/201751600
Payment by PayPal
It is possible to process the payment process with the payment service provider PayPal. In addition to a direct payment method, PayPal also offers purchase on account, direct debit, by credit card and payment in installments.
The European operating company of PayPal is the PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.
If you choose PayPal as a payment method, your data required for the payment process will automatically be transmitted to PayPal.
In particular, it was the following data:
• Name
• address
• E-mail address
• Telephone/ mobile phone number
• IP address
• Bank details
• Card number
• Date of validity and CVC code
• number of items
• Item number
• Data on goods and services
• transaction amount and tax taxes
• Information on the previous buying behavior
The data transmitted to PayPal may be transmitted to economic ideas by PayPal. This transmission aims for identity and credit check.
PayPal may also pass on your data to third parties, insofar as this is necessary to fulfill the contractual obligations or the data should be processed on behalf. When transmitting their personal data within companies associated with PayPal, the Binding Corporate Rules are used, which are approved by the responsible supervisory authorities. You can find this here:
https://www.paypal.com/de/webapps/mpp/ua/bcr
Other data transfers are based on contractual protection regulations. For more information, please contact PayPal.
All PayPal transactions are subject to PayPal's data protection declaration. You can find them at:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
Sepa direct debit mandate
It is possible to make payments via SEPA direct debit mandate.
When paying via SEPA direct debit mandate, we save the data you provide for the purpose of carrying out direct debit. As part of this procedure, your payment information, including your IBAN and BIC, will be sent to an intermediate payment service provider who shows your authorized bank to carry out the debit.
Payment in advance
If you have chosen payment in advance, no data will be processed from our website in addition to the data transmitted by your bank. These are only used to check the receipt of payment.
2. Purpose of data processing
The transmission of payment data to payment service providers serves to handle the payment, e.g. if you acquire a product and/or use a service.
3. Legal basis for data processing
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b GDPR, since the processing of the data is required for the processing of the concluded purchase contract.
4. Duration of the storage
All payment data as well as data on any recovery that may arise are only stored as long as required for the payment processing and possible processing of return fonts and the receipt of the claim as well as to combat abuse.
Furthermore, the payment data that goes beyond can be made, provided that this is necessary to comply with legal retention periods or to pursue a specific abuse.
Your personal data will be deleted with the expiry of the statutory retention obligations, i.e. after 10 years at the latest.
5. Exercise of your rights
If the data is necessary to fulfill a contract or to carry out pre -contractual measures, early deletion of the data is only possible if there is no contractual or legal obligations of deletion.
Shipping service provider
1. Description and scope of data processing
If you order products or services on our website for which a shipping service provider is used, you will receive your order and shipping confirmation via your email address and, depending on the respective shipping service provider, the notification that your shipment has arrived and/or the notification for package announcement and possible delivery options.
The data is transmitted to the following service providers:
• DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany
• Hellmann Worldwide Logistics SE & Co. KG Elbestraße 1 49090 Osnabrück
The transmitted data is regularly:
• Name
• address
• E-mail address
2. Purpose of data processing
The purpose of processing the personal data is to give shipping service providers the opportunity to inform recipients about the shipment course by email and thus increase the likelihood of successful delivery.
3. Legal basis for data processing
The legal basis for the transmission of the email address to the respective shipping service provider and their use is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Shipping service provider is Art. 6 Para. 1 S. 1 lit. b GDPR, since the processing of the data is required for the processing of the closed purchase contract.
4. Duration of the storage
The transmitted data is deleted at the respective shipping service provider if the package could be delivered.
5. Possibility of contradiction
The notification service by the shipping service provider can be canceled at any time by the affected user. For this purpose, there is a corresponding opt-out link in each email.
Newsletter
1. Description and scope of data processing
On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask will be transmitted to us.
To provide this service, we collect the following data from you:
• E-mail address
• Last name
• First name
• Telephone/ cell phone number
• address
• Date and time of registration
For the processing of the data, your consent is obtained as part of the registration process and referred to this data protection declaration.
In connection with the data processing for sending newsletters, there is no transfer of the data to third parties. The data is used exclusively for sending the newsletter.
2. Purpose of data processing
The collection of the user's email address serves to deliver the newsletter.
The collection of other personal data in the context of the registration process serves to prevent abuse of the services or the email address used.
3. Legal basis for data processing
The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 Para. 1 Sentence 1 lit. a GDPR if the user is consent.
4. Duration of the storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose of their survey. The user's email address is therefore stored as long as the subscription to the newsletter is active.
The other personal data collected as part of the registration process will usually be deleted after a period of seven days.
5. Possibility of revocation
The subscription to the newsletter can be terminated at any time by the affected user. For this purpose there is a corresponding link in every newsletter.
This also enables a revocation of the consent of the storage of the personal data collected during the registration process.
Email contact
1. Description and scope of data processing
On our website, contact via the email address provided is possible. In this case, the user's personal data transmitted with the email are stored.
The data is used exclusively for the processing of the conversation.
2. Purpose of data processing
In the event of contact by email, the necessary legitimate interest in the processing of the data is also available.
3. Legal basis for data processing
The legal basis for the processing of the data that is sent in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to optimally answer your request, which you send by email.
If e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.
4. Duration of the storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose of their survey. For the personal data sent by email, this is the case if the respective conversation has ended with the user. The conversation has ended when it can be seen from the circumstances that the affected fact is finally clarified.
The personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of contradiction
If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
In this case, all personal data stored in the course of contact is deleted.
Contact form
1. Description and scope of data processing
There is a contact form on our website, which can be used for electronic contact. If a user perceives this option, the data entered in the input mask is transmitted and saved.
The following data will be saved at the time of sending the message:
• E-mail address
• Last name
• First name
• address
• Telephone/ cell phone number
• Date and time
2. Purpose of data processing
The processing of the personal data from the input mask of the contact form or via the email address provided is used for us to process contact.
The other personal data processed during the sending process serve to prevent misuse of the contact form and ensure the safety of our information technology systems.
3. Legal basis for data processing
The legal basis for the processing of the data that is transmitted in the course of sending an email is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is to optimally answer your request, which you direct to us using the contact form. If email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Para. 1 S. 1 lit. b GDPR.
4. Duration of the storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose of their survey. This is the case for the personal data from the input mask of the contact form and those sent by email if the respective conversation has ended with the user. The conversation has ended when it can be seen from the circumstances that the affected fact is finally clarified.
The personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of contradiction
If the user contacts us by input mask in the contact form, he can at any time to store his personal data by informal email
In this case, all personal data stored in the course of contact is deleted.
Company appearances
Instagram:
Instagram, Part of Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland
We provide information on our company side and offer Instagram users the opportunity to communicate.
If you carry out an action on our Instagram company presence (e.g. comments, contributions, likes, etc.), you may make personal data (e.g. clar name or photo of your user profile) public.
However, since we usually have no influence on the processing of your personal data by Instagram, we cannot make any binding statements about the purpose and scope of the processing of your data.
We use our company presence on social networks for communication and information exchange with (potential) customers.
The publications about the company presence can contain the following content:
• Information about products
• Advertising
• Customer contact
Every user is free to publish personal data through activities.
Insofar as we process your personal data to evaluate your online behavior, offer you competitions or carry out lead campaigns, this is done on the basis of your express declaration of consent, Art. 6 Para. 1 S. 1 lit. a, Art. 7 GDPR.
The legal basis for the processing of personal data for the purpose of communication with customers and interested parties is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is to optimally answer your request or to be able to provide the requested information.
If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.
The data generated by the company presence are not stored in our own systems.
You can contradict the processing of your personal data that we collect in the context of your use of our corporate presence at any time and assert your rights as a data subject, as you are presented in the "Your Rights" section in this data protection declaration. Send us an informal email to info@carbox.de. To process your personal data by Instagram and the corresponding objection options, you can find more information here:
Instagram: https://help.instagram.com/519522125107875
YouTube:
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States
We provide information on our company side and offer YouTube users the opportunity to communicate.
If you carry out an action on our YouTube company presence (e.g. comments, contributions, likes, etc.), you may make personal data (e.g. clar name or photo of your user profile) public.
However, since we usually have no influence on the processing of your personal data through YouTube, we cannot make any binding statements about the purpose and scope of processing your data.
We use our company presence on social networks for communication and information exchange with (potential) customers.
The publications about the company presence can contain the following content:
• Information about products
• Advertising
• Customer contact
Every user is free to publish personal data through activities.
Insofar as we process your personal data to evaluate your online behavior, offer you competitions or carry out lead campaigns, this is done on the basis of your express declaration of consent, Art. 6 Para. 1 S. 1 lit. a, Art. 7 GDPR.
The legal basis for the processing of personal data for the purpose of communication with customers and interested parties is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is to optimally answer your request or to be able to provide the requested information.
If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.
The data generated by the company presence are not stored in our own systems.
You can contradict the processing of your personal data that we collect in the context of your use of our corporate presence at any time and assert your rights as a data subject, as you are presented in the "Your Rights" section in this data protection declaration. Send us an informal email to info@carbox.de. To process your personal data by YouTube and the corresponding objection options, you can find more information here:
YouTube: https://policies.google.com/privacy?gl=DE&hl=en
Integrated services of third -party providers
We use various service providers to provide the services we offer on the website.
In general, we have a legitimate interest in sharing your data with the relevant service providers if these services for providing the basic service offered on the website are essential to provide the corresponding website service.
If such services are required for additional services, extended functions or additional purposes, your personal data will only be transferred to service providers if you give your consent.
Here you can cancel your consent to the use of integrated services of third parties at any time and manage your approval settings: https://www.carbox.de/
Use of boat trap
1. Scope of the processing of personal data
We use the OpenSource Framework boat trap. This is loaded via the Content Delivery Network from BootstrapCDN.com. The provider of this service is Maxcdn DBA Stackpath, 2021 McKinney Ave., Suite 1100, Dallas, TX 75201, USA (hereinafter referred to: stackpath). By using boottrapcdn, cookies are set on your computer and the usage data is stored. This enables personal data to be saved and evaluated, especially the activity of the user (especially which pages have been visited and on which elements have been clicked) as well as device and browser information (in particular the IP address and the operating system). Further information on the processing of the data by Stackpath can be found here: https://www.bootstrapcdn.com/privacy-policy/
2. Purpose of data processing
Boat trap is used to improve our online presence and its user -friendliness.
3. Legal basis for the processing of personal data
The legal basis for processing is Art. 6 Para. 1 S.1 lit. f GDPR. Our legitimate interest is in the purposes of data processing mentioned under 2.
4. Duration of the storage
Your personal information will be saved as long as this is necessary to meet the purposes described in this data protection declaration or how this is required by law, e.g. for tax and accounting purposes.
5. Exercise of your rights
You can prevent the recording and processing of your personal data by Stackpath by preventing the storage of third-party cookies on your computer that use the "Do Not Track" function of a supportive browser, deactivate the execution of script code in your browser Or install a script blocker such as Noscript (https://noscript.net/) or Ghostery (https://www.ghostery.com). Further information on objection and disposal options for Stackpath can be found at:
https://www.bootstrapcdn.com/privacy-policy/
Use of Google AdWords
1. Scope of the processing of personal data
We use Google AdWords of the Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to: Google). We switch advertising with this service. Google puts a cookie on your computer. This enables personal data to be saved and evaluated, especially the activity of the user (especially which pages have been visited and which elements have been clicked), device and browser information (in particular the IP address and the operating system), data about the displayed advertisements (in particular which advertisements were presented and whether the user clicked on it) and also data from advertising partners (especially pseudonymized user IDS).
Further information on processing the data by Google can be found here:https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of data processing
We only get knowledge of the total number of users who have reacted to our ad. No information is passed on with which we could identify you. The use does not serve to be followed.
3. Legal basis for the processing of personal data
The legal basis for the processing of the personal data of the user is basically the user's consent according to Art. 6 Para. 1 S.1 lit. a GDPR.
4. Duration of the storage
Your personal information will be saved as long as this is necessary to meet the purposes described in this data protection declaration or how this is required by law, e.g. for tax and accounting purposes.
5. Cancellation and removal option
You have the right to revoke your data protection declaration at any time. The revocation of the consent becomes the legality, which is not touched by the consent until the revocation.
You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer that use the "Do Not Track" function of a supportive browser, deactivate the execution of script code in your browser Or a script blocker such as Noscript (https://noscript.net/) or ghostery (https://www.ghostery.com) Install in your browser.
With the following link you can deactivate the use of your personal data by Google:
https://adssettings.google.de
Further information on contradiction and disposal options for Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Google Analytics 4 (GA 4)
1. Scope of the processing of personal data
We use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to: Google called).
Google Analytics examines u. How the website visitor uses our site. Google sets cookies on your end device. During the visit, the user behavior is recorded in the form of "events". This enables personal data to be saved and evaluated, including:
• First visit to the website
• Interaction with the website, usage path
• Clicks on external links
• Video use
• DALLOMPLOADS
• Advertising expressions and clicks
• Scroll behavior (if up to the end of the page)
• Search processes on the website
• Speech selection
• Side visits
• Location (region)
• Your IP address (in abbreviated form)
• Technical information about your browser and the devices you use (e.g. language setting, screen resolution)
• Your internet provider
• Referrer URL
By default, IP address anonymization is activated by GA 4. This means that your IP address of Google within the Member States of the European Union or other contracting states of the Agreement will be reduced via the European Economic Area. In exceptional cases, the complete IP address is only transferred to a Google server in the USA and shortened there. Google states that the IP address transmitted by your browser is not merged with other Google data as part of Google Analytics.
Further information on processing the data by Google can be found here: https://policies.google.com/privacy
2. Purpose of data processing
The use of GA 4 serves us to evaluate the use of our online presence and to generate reports on the activities on our website. The reports serve to analyze the performance of our website and the targeted playback of advertising, to the people who have already expressed a first interest from their visiting.
3. Legal basis for the processing of personal data
The legal basis for the processing of the personal data of the user is basically the user's consent according to Art. 6 Para. 1 S.1 lit. a) GDPR.
4. Duration of the storage
Your personal data will be deleted after 2 months. This deletion takes place automatically once a month.
5. Cancellation, objection and disposal option
You have the right to revoke your data protection declaration at any time. The revocation of the consent becomes the legality, which is not touched by the consent until the revocation. You can revoke your consent via our Cookie Consent Tool.
You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do not Track" "function of a supporting browser, the execution of script code in your Deactivate the browser or a script blocker such as Noscript (https://noscript.net) or ghostery (https://www.ghostery.com) Install in your browser.
Further information on contradiction and disposal options for Google can be found at: https://policies.google.com/technologies/partner-sites
You can also prevent Google (including your IP address) to Google as well as the processing of this data by Google by the Cookie and related to your use of the online presence by Google by downloading the browser plugin available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de
With the following link you can deactivate the use of your personal data by Google: https://adssettings.google.de
Use of Google Ads remarketing
1. Scope of the processing of personal data
We use Google Ads Remarketing of the Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to). Google remarketing is used for the renewed response of visitors to the online presence for advertising purposes via Google Ads ads. With the help of Google Ads remarketing, target groups ("similar target groups") can be created, which have accessed certain pages, for example. This makes it possible to identify the user on other online presences and display targeted advertising. Google sets a cookie on the user's computer. This enables personal data to be saved and evaluated, especially the activity of the user (especially which pages have been visited and which elements have been clicked), device and browser information (in particular the IP address and the operating system), data about the displayed advertisements (in particular which advertisements were presented and whether the user clicked on it) and also data from advertising partners (especially pseudonymized user IDS).
Further information on processing the data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of data processing
The purpose of processing the personal data lies in the targeted address of a target group. The cookies stored on the end device of the users recognize them when visiting an online presence and can therefore show you interest -appropriate advertising.
3. Legal basis for the processing of personal data
The legal basis for the processing of the personal data of the user is basically the user's consent according to Art. 6 Para. 1 S.1 lit. a GDPR.
4. Duration of the storage
Your personal information will be saved as long as this is necessary to meet the purposes described in this data protection declaration or how this is required by law, e.g. for tax and accounting purposes.
5. Cancellation and removal option
You have the right to revoke your data protection declaration at any time. The revocation of the consent becomes the legality, which is not touched by the consent until the revocation.
You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer that use the "Do Not Track" function of a supportive browser, deactivate the execution of script code in your browser Or a script blocker such as Noscript (https://noscript.net/) or ghostery (https://www.ghostery.com) Install in your browser.
You can also prevent Google (including your IP address) to Google as well as the processing of this data by Google by the Cookie and related to your use of the online presence by Google by downloading the browser plugin available under the following link and install:
https://tools.google.com/dlpage/gaoptout?hl=de
With the following link you can deactivate the use of your personal data by Google:
https://adssettings.google.de
Further information on contradiction and disposal options for Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Trusted Shop seal of approval with reviews
1. Scope of the processing of personal data
We use the Trusted Shops Trustbadge for the display of our Trusted Shop Güsiegel and the ratings collected as well as the offer of the Trusted Shops for buyers. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (hereinafter referred to as: Trusted Shops). When calling up the Trustbadge, the web server automatically stores a so-called server log file, which, for example, contains your IP address, date and time of access, transmitted amount of data and the requesting provider (access data) and documents the access.
Further personal data will only be transferred to Trusted Shops, insofar as you have agreed to choose the use of Trusted Shops products or have already registered for use after completing an order. In this case, the contractual agreement made between you and trusted shops applies.
Further information on processing the data by Trustedshops can be found here:
https://www.trustedshops.de/impressum/
2. Purpose of data processing
The use of Trusted Shops serves to optimally market our offer.
3. Legal basis for the processing of personal data
The legal basis for the processing of the personal data of the user is basically the user's consent according to Art. 6 Para. 1 S.1 lit. a GDPR.
4. Duration of the storage
The access data will be automatically deleted at least 90 days after the end of your page visit.
5. Cancellation and removal option
You have the right to revoke your data protection declaration at any time. The revocation of the consent becomes the legality, which is not touched by the consent until the revocation.
You can prevent the recording and processing of your personal data by Trusted Shops by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supportive browser, the execution of script code in your browser Deactivate or a script blocker such as Noscript (https://noscript.net/) or ghostery (https://www.ghostery.com) Install in your browser.
Further information on contradiction and disposal options compared to Trusted Shops can be found at:
https://www.trustedshops.de/impressum/
Use of Google Tag Manager
1. Scope of the processing of personal data
We use the Google Tag Manager (https://www.google.com/intl/de/tagmanager/) The Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to). With the Google Tag Manager, the services of Google and third -party providers can be managed and bundled on an online presence. Tags are small code elements on an online presence that, among other things, serve to measure visitor numbers and behavior, to record the effects of online advertising and social channels, to use remarketing and alignment on target groups and to test and optimize online presences. When a user visits the online presence, the current day configuration will be sent to the user's browser. It contains instructions that should be triggered tags. Google Tag Manager ensures the triggering of other tags, which in turn collect data. Information on this can be found in the passages for the use of the relevant services in this data protection declaration. Google Tag Manager does not access this data.
Further information on the Google Tag Manager can be found at https://www.google.com/intl/de/tagmanager/faq.html and in Google's data protection declaration: https://policies.google.com/privacy?hl=de
2. Purpose of data processing
The purpose of processing the personal data lies in the collected and clear administration as well as efficient integration of third -party services.
3. Legal basis for the processing of personal data
The legal basis for the processing of the personal data of the user is basically the user's consent according to Art. 6 Para. 1 S.1 lit. a GDPR.
4. Duration of the storage
Your personal information will be saved as long as this is necessary in order to meet the purposes described in this data protection declaration or how this is required by law. Advertising data in server protocols is anonymized by deleting parts of the IP address and cookie information after 9 or 18 months.
5. Cancellation and removal option
You have the right to revoke your data protection declaration at any time. The revocation of the consent becomes the legality, which is not touched by the consent until the revocation.
You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer that use the "Do Not Track" function of a supportive browser, deactivate the execution of script code in your browser Or a script blocker such as Noscript (https://noscript.net/) or ghostery (https://www.ghostery.com) Install in your browser.
You can also prevent Google (including your IP address) to Google as well as the processing of this data by Google by the Cookie and related to your use of the online presence by Google by downloading the browser plugin available under the following link and install:
https://tools.google.com/dlpage/gaoptout?hl=de
With the following link you can deactivate the use of your personal data by Google:
https://adssettings.google.de
Further information on contradiction and disposal options for Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Facebook Retargeting
1. Scope of the processing of personal data
Facebook retargeting serves to carry out advertising campaigns and the interaction with them. Facebook retargeting users are reminded of products that you are looking for or viewed but not bought. Facebook cookies are saved on your end device.
In particular, the following personal data is processed by Facebook:
• Information about the activities of the user
• Called website
• Which products have been displayed
• Which ads have been clicked
• Device information, in particular device type, IP address
• The user Facebook account when they are logged into Facebook
Data on Server Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025in are processed to the USA. Other recipients of the data are providers and service providers of Facebook Inc., e.g. for analysis purposes.
Further information on the processing of the data by Facebook can be found here:
https://de-de.facebook.com/privacy/explanation
2. Purpose of data processing
The use of Facebook Retargeting serves us to switch advertising on various platforms and the analysis of the interaction of users with these advertisements. As a result, we aim to display users personalized and thus more relevant advertising for you.
3. Legal basis for the processing of personal data
The legal basis for the processing of the personal data of the user is basically the user's consent according to Art. 6 Para. 1 S.1 lit. a GDPR.
4. Duration of the storage
Your personal information will be saved as long as this is necessary to meet the purposes described in this data protection declaration or how this is required by law, e.g. for tax and accounting purposes.
5. Cancellation and removal option
You have the right to revoke your data protection declaration at any time. The revocation of the consent becomes the legality, which is not touched by the consent until the revocation.
You can prevent the collection and processing of your personal data by Facebook by preventing the storage of third-party cookies on your computer that use the "Do Not Track" function of a supportive browser, deactivate the execution of script code in your browser Or install a script blocker such as Noscript (https://noscript.net/) or Ghostery (https://www.ghostery.com).
Deactivating personalized advertising for Facebook users is possible for logged-in users:
https://www.facebook.com/settings/?tab=ads
Further information on contradiction and disposal options compared to Facebook can be found at:
https://de-de.facebook.com/privacy/explanation
Change of data protection declaration
We reserve the right to change the data protection declaration in order to adapt it to any changed legal situation or in the event of changes to the service and data processing.
This data protection declaration was created with the support of Dataguard.
