Privacy policy

We, Carrera Toys GmbH (Carrera“we”), are pleased to welcome you to our website. In the following provisions, we inform you about the nature, scope, and purpose of the collection and use of your personal data on this website and in connection with the services we offer.

Personal data refers to any information relating to an identified or identifiable natural person. This includes, in particular, your name, address, and email address.

Please read this Privacy Policy carefully before using this website. We reserve the right to amend parts of this Privacy Policy at our discretion and in accordance with legal requirements. Please therefore check this Privacy Policy regularly for changes.

1. Provider and Data Protection Officer

The provider of this website and the controller within the meaning of data protection law is

Carrera Toys GmbH,

Carrera

Rennbahn Allee 1

, 5412 Puch/Salzburg, Austria

. Authorized representative: Mr. Stefan Krings

. Tel.: +43 662 88921-0 . Email  :   shop@carrera-revell.com

CarreraYou can contact the data protection officer at CarreraToys GmbH at:

krupna LEGAL www.krupna.legal

. Email:   datenschutz@carrera-revell.com

Every time you access content on our website, connection data is transmitted to our web server. This connection data includes:

· the IP address (Internet Protocol address) of the respective user,

· the date and time of the request,

· the referrer URL,

· device numbers such asz.B . UDID (Unique Device Identifier) and comparable device numbers, device information ( z.B . device type), and

· the browser type/version.

This connection data is not used to identify the user personally or combined with data from other sources, but serves to provide the website. The legal basis for the processing of your data is Art. 6(1)(f) GDPR. After no more than 7 days, the data is anonymized by truncating the IP address to the domain level.

You can generally use our website without providing any personal data. You are under no obligation to visit this website or to provide personal data while doing so. However, providing personal data is z.B. required to receive newsletters or in the event of registration. If you do not provide us with personal data for the purposes listed below, you may not be able to use certain features of this website or individual services.

If you register with us as a merchant and use the merchant service or the B2B portal on our website, we will process your information for this purpose. You can find details about the B2B portal in the instructions on our portal under   https://carrera-revell.com/dealer-portal .

The processing of your personal data is based on Art. 6(1)(b) GDPR.

The provider of the website and the controller within the meaning of data protection law is

CarreraToys GmbH

, Rennbahn Allee 1

, 5412 Puch/Salzburg, Austria.

Carrera

Authorized representative: Mr. Stefan Krings

, Tel. : + 43 662 88921-0   Email:   shop@carrera-revell.com

Carrera You can contact the Data Protection Officer at CarreraToys GmbH at:

krupna LEGAL   www.krupna.legal

Email:   datenschutz@carrera-revell.com

If you wish to register with us as a customer, we will collect the required mandatory information (name, country, email address, password), which is marked accordingly (*). Providing any additional personal information is voluntary.

Registration is not required, but it simplifies the ordering process for future orders, as you can reuse the data you have already saved. Alternatively, you can place an order as a guest. In this case, we will collect the same information from you as we do during registration, with the exception of a password. However, this information will not be stored in a customer account for you, so you will not have access to a customer account.

After registration, you can log in by entering your email address and password. Please always make sure to log out before leaving the website.

When using a password, please ensure you take appropriate security measures. A password should be at least 8 characters long and, whenever possible, consist of a combination of uppercase and lowercase letters, numbers, and special characters. Common passwords such as “ABC” or keyboard sequences ( z.B. “qwert” or “asdfgh”), all types of names (such as those of friends, acquaintances, colleagues, family members, or pets), city and building names, comic book characters, car brands, license plate numbers, terms, dates of birth, phone numbers, common abbreviations, etc.

The processing of your personal data is based on your consent in accordance with Art. 6(1)(a) GDPR. Please note that in the event of a withdrawal of consent, any bonus points collected will be forfeited without replacement. Please also refer to the relevant terms of use on our website regarding bonus points.

Additionally, we store your IP address and the time of registration during the registration process. This is necessary to ensure the security of our IT systems. The legal basis for the processing of your data in this case is Article 6(1)(f) of the GDPR.

If you are a registered customer, you can access your customer account via the login function on this website. To log in, enter your email address and password.

Login credentials must be kept strictly confidential. If they are disclosed—for example, to allow a third party to access certain data in an emergency—the password must be changed immediately. For your own protection, you are prohibited from reusing passwords that have already been used.

In addition, when you log in, we store your IP address and the time of access. This is necessary to ensure the security of our IT systems.

We also set a session cookie with every login. This session cookie prevents you from being automatically logged out while actively using your account or related services. After you log out, the session cookie is automatically deleted within a few minutes.

The legal basis for the processing of your data is Art. 6(1)(f) GDPR and, insofar as your contractual relationship is concerned, Art. 6(1)(b) and/or (f) GDPR.

If you are logged in as a customer (see Section 3.4. f.), you can add individual products from the shop to your wish list. Until you log out, you can access this wish list and view all the products you have added there. The legal basis for the processing of your data in this case is Article 6(1)(f) of the GDPR. When you cancel your customer account, your wish list will be automatically deleted.

When you place an order with us, we process the following data about you:

· Registration data from your customer account or your guest data,

· Purchase data (order/shopping cart),

· payment data (payment method, bank account and credit card details, billing addresses)

The processing of your personal data is based on Art. 6(1)(b) of the GDPR.

If you wish to participate in a contest offered by us via the website, you must first create an account. Providing your personal data is necessary for the purpose of conducting the contest. Once the contest has ended, this data and your account will be deleted, unless there are legal obligations to retain it.

The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. There is no legal or contractual obligation to provide your personal data. Failure to consent will simply result in your inability to participate in the contest. You may revoke your consent at any time with future effect. The revocation of consent does not affect the lawfulness of processing carried out on the basis of consent prior to the revocation.

Carrera We have set up a separate club section on our website for our Carrera club. The data processing related to our Carreraclub is described in the following sections.

If you would like to register with us as a club member, you must first purchase a membership in our online shop. We will then collect the required mandatory information from you (name, address, email address, password) to set up your member account so that you can enjoy the club benefits.

After registration,

you can log in by entering your club username and password via the club section on our website. Please always make sure to log out before leaving the website.

When using a password, please ensure you take appropriate security measures. For example, a password should be at least 8 characters long and, whenever possible, consist of a combination of uppercase and lowercase letters, numbers, and special characters. In this regard z.B. , trivial passwords such as “ABC” or keyboard sequences ( z.B. “qwert” or “asdfgh”), all types of names (such as those of friends, acquaintances, colleagues, family members, or pets), city and building names, comic book characters, car brands, license plate numbers, terms, dates of birth, phone numbers, common abbreviations, etc.

The processing of your personal data is carried out for the purpose of fulfilling the contract. The legal basis is Art. 6(1)(b) GDPR.

In addition, we store your IP address and the time of registration as part of the registration process.This is necessary to ensure the security of our IT systems. The legal basis for the processing of your data in this case is Article 6(1)(f) of the GDPR.

If you are a club member, you can use the login function on this website to access specific information or features in our club area.

Login credentials must be kept strictly confidential. If they are nevertheless disclosed—for example, to allow third parties access to certain data in an emergency—the password must be changed immediately. For your own protection, you are prohibited from reusing passwords that have already been used.

In addition, when you log in, we store your IP address and the time of access. This is necessary to ensure the security of our IT systems.

We also set a session cookie each time you log in. This session cookie prevents you from being automatically logged out while you are actively using your account or related services. Once you log out, the session cookie is automatically deleted within a few minutes.

The legal basis for the processing of your data is Art. 6(1)(f) GDPR and, insofar as your contractual relationship is concerned, Art. 6(1)(b) GDPR.

If you have purchased a club membership, a member account will be created for you, which is visible to other club members. You can use the settings to select which information about you should be visible to other club members.

If you already have a customer account in accordance with Section 2.3 et seq., the data from your existing customer account will be linked to your membership account. This allows you to take advantage of club benefits when placing orders in our online shop.

The legal basis for the processing of your personal data is Article 6(1)(b) of the GDPR.

As a club member, you have the opportunity to communicate with other club members via chat in our club forum. The content of your posts in the forum (text, photos, or videos) as well as your username are Carrera visible exclusively to other club members and the administrators Carrera. In this respect, the club forum is a closed area that Carrera is moderated and administered by Carrera. The legal basis for the processing of your personal data is Art. 6(1)(b) GDPR.

If posts within the forum Carreraare also Carreraof interest to other customers of [ CarreraCompany Name], [Company Name] will Carreracontact the club member who published the post andu.a. Carrerarequestconsent to publish the postu.a. on [Company Name]’s social media channels Carrera. The processing of your personal data will then take place on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR

Please note the provisions in this Privacy Policy under Section7

The website provider and data controller under data protection law is

CarreraToys GmbH,

Carrera

Rennbahn Allee 1

, 5412 Puch/Salzburg, Austria

. Authorized Managing Director: Mr. Stefan Krings

. Tel.: + 43 662 88921-0   . Email:   shop@carrera-revell.com

CarreraYou can contact the data protection officer of CarreraToys GmbH at:

krupna LEGAL  www.krupna.legal

Email:   datenschutz@carrera-revell.com

To make your experience on our website as pleasant as possible, we use so-called web tracking systems. These systems i.d.R. utilize i.d.R. cookies—d.h. small text files sent from a web server to your browser and stored on your computer’s hard drive. This allows us to recognize the device you are using while you browse our store. This allows usz.B. to determine whether you are logged in, have an active shopping cart, and what items are in the cart. The session cookies used for the shop are deleted at the end of the browser session. Other cookies remain on your device and allow us to recognize your device during your next visit.

Details regarding the cookies used on this website can be found in the cookie banner and in the provisions below. Unless otherwise specified in sections 5.1 et seq. of the provisions below, the legal basis for the processing of your data is Article 6(1)(f) of the GDPR. Our legitimate interest lies in designing the website to meet user needs. Finally, we would like to point out that if cookies are disabled, you may not be able to use all features of this website to their full extent. Please also note that deactivation may need

to be performed for each browser and for each device.

To manage your consent to the use of tracking tools, we use the cookie consent technology “Cookiebot.” The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, website:   https://www.cookiebot.com/de/   (“Usercentrics”). In this context, in addition to connection data, information regarding your granting or refusal of consent, or the revocation of consent, is transmitted to Usercentrics. To enable proper tracking, Usercentrics also places a cookie in your browser.

Cookiebot is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.

provider of this website and the data controller under data protection law is

CarreraToys GmbH,

Carrera

Rennbahn Allee 1

, 5412 Puch/Salzburg, Austria

. Authorized representative and managing director: Mr. Stefan Krings

. Tel.: + 43 662 88921-0   . Email   :   shop@carrera-revell.com

CarreraYou can contact the data protection officer of CarreraToys GmbH at:

krupna LEGAL  www.krupna.legal

Email:   datenschutz@carrera-revell.com

Our website uses plugins from the GoGoogle-operated site YouTube. When you visit one of our websites that includes a YouTube plugin and actively click on the corresponding field, a connection is established with YouTube’s servers. In doing so, the YouTube server is informed which of our websites you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

The legal basis for the use of YouTube is your consent, based on Section 25(1) Sentence 1 of the German Telemedia Act (TDDDG) for the storage of and access to information in terminal equipment, as well as Article 6(1) Sentence 1(a) of the General Data Protection Regulation (GDPR) for our further processing of your data. You provide your consent via our cookie banner. Please note that Google is Goa company based in the United States. Information about the locations of Google’s data centers Gocan   www.google.com   be found at   www.google.com /about/datacenters/locations  /. The new EU Standard Data Protection Clauses have been adopted as appropriate safeguards to ensure an adequate level of protection for data transfers. In addition GoU.S . , Go ogle LLC is Goan active participant in the EU-U.S.U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the United States. For more information, please visit: https://www.dataprivacyframework.gov/list .

For more information on how user data is handled, please refer to YouTube’s Privacy Policy at:   https://www.google.de/intl/de/policies/privacy .

We use Go Google Tag Manager (GTM). This Go Google service Go allows website tags to be managed via a single interface. However, GTM merely implements tags. As such, no cookies are used. GTM only triggers other tags, which may in turn collect data; however, GTM does not access this data. Data is analyzed exclusively within the respective tool (see the tools listed in Section 5 for details). However, GTM collects your IP address as well as online identifiers (including cookie identifiers), which Go may also Gobe transmitted to Go Google in the United States. Additional information about GTM can be found at   https://support.google.com/tagmanager/answer/6102821?hl=de

The legal basis for the use of GTM is your consent, based on Section 25(1) of the Section 1 of the TDDDG for the storage of and access to information in terminal equipment, as well as Article 6(1)(a) of the GDPR for our further processing of your data. You provide your consent via our cookie banner. Please note that the provider is a company based in the United States. The new EU Standard Data Protection Clauses have been agreed upon as appropriate safeguards to ensure an adequate level of protection during data transfers. Additionally GoU.S. ,ogle LLC is Go an active participant in the EU U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the United States. Further information can be found here: https://www.dataprivacyframework.gov/list

To reduce delivery errors, we use the Address Validation API from Google. The Address Validation API can be used to determine whether an entered address corresponds to a real location or contains errors. To do this, your IP address and the content you entered in the address field are Gotransmitted to GoGoogle. If the entered addressz.B . is incomplete, the Address Validation API will provide a correction suggestion that you can accept. Alternatively, you will be prompted to correct the address you entered.

The legal basis for using the Address Validation API is your consent, based on Section 25(1)(1) of the German Telecommunications Act (TDDDG) for the storage of and access to information in terminal equipment, as well as Article 6(1)(1)(a) of the GDPR for our further processing of your data. You can provide your consent via our cookie banner. Please note that the provider is a company based in the United States. The new EU Standard Data Protection Clauses have been agreed upon as appropriate safeguards to ensure an adequate level of protection during data transfers. In addition Go U.S . , ogle LLC is Goan active participant in theU.S . EU-US U.S . Privacy Shield Framework, which ensures the secure transfer of personal data to the United States. Further information can be found here:  https://www.dataprivacyframework.gov/list.

We have integrated “AWIN” into our website. AWIN is an affiliate marketing software provided by AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany. Through AWIN, registered providers (“Advertisers”) can promote their online goods and services as part of programs. To this end, individuals registered with AWIN (so-called “Publishers”) make their advertising spaces, such as websites, available to the “Advertisers.” We are registered with AWIN as a “publisher,” which means we provide “advertisers” with advertising space (via links) on our website.

As part of its tracking services, AWIN stores cookies on the devices of users who visit or use advertisers’ websites or other online offerings (z.B . when placing an online order) to document transactionsz.B. . These cookies serve solely the purpose of correctly attributing the success of an advertising medium and the corresponding billing within the network. A unique sequence of numbers—which cannot be traced back to an individual user—is stored in the AWIN tracking cookies. This sequence documents the advertiser’s affiliate program, the publisher, and the time of the user’s action (click or view). In doing so, AWIN also collects information about the device from which an action is performed,z.B. the operating system,z.B. and the browser.

The legal basis for the use of AWIN is your consent, based on Section 25(1), Sentence 1 of the TDDDG for the storage and access of your data, and Article 6(1), Sentence 1(a) of the GDPR for our further processing of your data. You provide your consent via our cookie banner.

For more information on AWIN’s use of data https://www.awin.com/de/rechtliches

z.B. , please refer to the company’s privacy policy:  https://www.awin.com/de/rechtliches

In z.B. order to redirect the user to the appropriate online store ( z.B. the U.S. online store), we use the so-called geolocation service provided by “Country.is ”. Country.isis an open-source geolocation API that determines a user’s country (and nothing else) based on their IP address.IP-based geolocation is the process of associating an IP address or MAC address with the actual geographic location of a computer or mobile device connected to the Internet. During geolocation, IP addresses are associated with, among other things, the country, region (city), latitude/longitude, internet service provider, and domain name. Based on this information, the user is automatically redirected to the web store appropriate for their location.

The legal basis for the use ofCountry.isgeolocation is your consent, based on Section 25(1) Sentence 1 of the German Telecommunications Data Protection Act (TDDDG) for the storage of and access to information in terminal equipment, as well as Article 6(1) Sentence 1(a) of the General Data Protection Regulation (GDPR) for our further processing of your data. You provide your consent via our cookie banner.

On our website, we use Microsoft’s “Azure Content Delivery Network,” a service provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Azure Content Delivery Network allows us to reduce loading times and improve the performance of our high-bandwidth website content by distributing user requests and serving them directly from Microsoft servers. When you access website content, you connect to Microsoft servers, transmitting your IP address and, where applicable, browser data such as your user agent, as well as the time and date of your visit to the website. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Azure Content Delivery Network. We have no control over the specific retention period for the processed data; it is determined by Microsoft. Additional information can be found at:  https://azure.microsoft.com/de-de/support/legal/ .

The legal basis for our use of the Azure Content Delivery Network is your consent, based on Section 25(1) Sentence 1 of the German Telecommunications Data Protection Act (TDDDG) for the storage of and access to information in terminal equipment, as well as Article 6(1) Sentence 1(a) of the General Data Protection Regulation (GDPR) for our further processing of your data. You provide your consent via our cookie banner. Please note that Microsoft is a company based in the United States. Information about the locations of Microsoft’s data centers can be found at:   https://www.microsoft.com/de-de/privacy/privacystatement#mainwherewestoreandprocessdatamodule . The new EU Standard Data Protection Clauses have been agreed upon as appropriate safeguards to ensure an adequate level of protection during data transfers. In additionU.S. ,Microsoft is an active participant in theU.S.EU-U.S.U.S. Privacy Shield Framework, which ensures the secure transfer of personal data to the United States. For more information, please visit here:   https://www.dataprivacyframework.gov/list  and here:  https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

We use the services of Findologic GmbH, Jakob-Haringer-Str. 5a, 5020 Salzburg (“Findologic”) to provide a search function for our articles as well as for navigation. Cookies are used for the aforementioned service, and various data is transmitted to Findologic. This includes, in particular, the IP address and browser data of users as well as associated behavioral data resulting from search queries.This allows us, on the one hand, to optimize the shopping experience for our users and, on the other hand, to better understand which products interest our users the most. For more information about Findologic’s privacy policy, please visit:  https://findologic.com/datenschutz/

The legal basis for the use of Findologic is your consent, based on Section 25(1) Sentence 1 of the German Telecommunications Act (TDDDG) for the storage of and access to information in terminal equipment, as well as Article 6(1) Sentence 1(a) of the General Data Protection Regulation (GDPR) for our further processing of your data. You provide your consent via our cookie banner.

The so-called “Meta Pixel” involves embedding an invisible pixel on our website, which allows Meta Platforms Ireland Limited (formerly Facebook Ireland Limited), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”), to analyze the online behavior of each website visitor. The Meta Pixel enables customer data such asz.B. first name, last name, email address, etc.,z.B. to be transmitted to Meta and enriched with existing tracking data. This makes it possible to collect data from non-users of the Facebook social network or to track users who are not logged into Facebook while visiting a website. As a result, website visitors who deliberately block the storage of third-party cookies are tracked via Meta. This allows us to target you with an advertisement on Facebook. However, the Meta Pixel also makes it possible to specifically target new customers and reach new people who are similar to website visitors.

In addition to us, Meta itself is also responsible for data processing. Meta processes the data in accordance with     Meta’s Privacy Policy   . You can find further details in    Meta’s  Privacy Policy  . Specific information and details about the Meta Pixel and how it works can be found in    Meta’s Help Center .

In this regardi.S.d. , we are jointlyi.S.d . responsible with Metai.S.d. under Article 26 of the GDPR for the processing of your personal data. In this case, you may generally exercise your rights (see Section 12) against both us and Meta.However, Meta serves as the primary point of contact. We have entered into an agreement with Meta regarding joint responsibility for the processing of personal data. You can view this agreement at the following link: https://www.facebook.com/legal/controller_addendum .

The legal basis for the use of the Meta Pixel is your consent, based on Section 25(1) Sentence 1 of the German Telecommunications Data Protection Act (TDDDG) for the storage of and access to information in terminal equipment, as well as Article 6(1) Sentence 1(a) of the General Data Protection Regulation (GDPR) for our further processing of your data. You provide your consent via our cookie banner. Please note that Meta is a company based in the United States. The new EU Standard Data Protection Clauses have been agreed upon as appropriate safeguards to ensure an adequate level of protection during data transfers. Additionally, Meta is an active participant in the EU-U.S.Data Privacy Framework, which ensures the secure transfer of personal data to the United States. For more information, please click here: https://www.dataprivacyframework.gov/list .

We use the TikTok Pixel for conversion tracking, an analytics service provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”).

The TikTok Pixel is a snippet of JavaScript code that enables us to analyze visitor activity on our website. For this purpose, the TikTok Pixel collects certain information from visitors (so-called “event data”), which is then forwarded to TikTok.This includes user content, date of birth, profile information, profile picture, usage data, device information, smartphone-related information, last name, first name, internet service provider, IP address, email address, and browser history.

For further information and TikTok’s privacy policy   https://www.tiktok.com/legal/page/eea/privacy-policy/de

, please visit: https://www.tiktok.com/legal/page/eea/privacy-policy/de

TikTok also offers users the option to view their profile:   https://support.tiktok.com/de/account-and-privacy/personalized-ads-and-data/requesting-your-data

The legal basis for the use of the TikTok Pixel is your consent, based on Section 25(1) Sentence 1 of the German Telecommunications Data Protection Act (TDDDG) for the storage of and access to information in terminal equipment, as well as Article 6(1) Sentence 1(a) of the General Data Protection Regulation (GDPR) for the processing of your data. You provide your consent via our cookie banner. Please note that TikTok is a company based in China. TikTok uses the so-called Standard Contractual Clauses as the basis for data processing outside the EU. See:   https://www.tiktok.com/legal/page/eea/privacy-policy/de

Our website uses the Pinterest tag as a pixel from Pinterest Europe Ltd., Palmerston House, 2nd Floor   , Fenian Street, Dublin 2, Ireland (“Pinterest”) for remarketing purposes, to be able to target you again on the Pinterest social network within 180 days. This allows users of our website to be shown interest-based advertisements (so-called “Pinterest Ads”) while visiting Pinterest.

If you have given your consent (as described below), your browser automatically establishes a direct connection to the Pinterest server. By integrating the Pinterest pixel, Pinterest receives information that you have visited the relevant page on our website or clicked on one of our ads. If you are registered with Pinterest, Pinterest can associate the visit with your account.

In addition to your IP address and marketing identifier, Pinterest also receives information about the device you are using, the website you visited, and the time of your visit, and can associate this data with your Pinterest account. Pinterest processes this data on its own responsibility. We have no influence over the data collection or further processing by Pinterest. We only have access to conversion reports and the event history.

To control directly on Pinterest which types of ads are shown to you within Pinterest, you can visit the page set up by Pinterest and   edit your personalization settings there .d.h. . Thesesettings apply across all platforms and d.h. are applied to all devices, such as desktop computers or mobile devices. You can also     aboutads.info   youronlinechoices.com  opt out of the use of cookies for audience measurement and advertising purposes via the  Network Advertising Initiative’s opt-out page,   as well as the  U.S. websiteaboutads.info  or the European websiteyouronlinechoices.com  .

For more information on data processing by Pinterest, please refer to the   Pinterest Advertising Policies .   .

. You can also find general information on the display of Pinterest ads in the   Advertising Data Policy .

. The legal basis for the use of the Pinterest Pixel is your consent, based on Section 25(1) Sentence 1 of the German Telecommunications Act (TDDDG) for the storage of and access to information on end devices, as well as Article 6(1)(a) of the GDPR for the processing of your data. You provide your consent via our cookie banner. Please note that Pinterest is a company based in the United States. Pinterest uses the so-called Standard Contractual Clauses as the basis for data processing outside the EU. See section   https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea

Our website uses the  Snapchat Pixel, an analytics tool provided by Snap Inc., 2772 Donald Douglas Loop N, Santa Monica (HQ), CA, USA (“Snapchat”). The Snapchat Pixel allows us to track the behavior of users who have arrived at our website via Snapchat ads. This enables us to measure the effectiveness of our advertising efforts, track conversions, and better tailor our ads to your interests. The Snapchat Pixel is a JavaScript code that transmits the following data to Snapchat:

·        HTTP header information (u.a.IP address, web browser information, page location, document, website URL, and web browser user agent

         , as well as the date and time of use),

·          pixel-specific data; this includes the pixel ID and your hashed email address (this data is used to link events to a specific Snapchat advertising account and attribute them to a Snapchat user),

·                additional information about your visit to our websites, as well as standard and custom data events,

·         orders placed (purchases made),

·               the completion of registrations and purchases,

·               Adding items to the shopping cart and

·               viewing product information.

The aforementioned data processing applies only to users who have a Snapchat account. If an email address can be linked to a Snapchat user, Snapchat will assign that user to a target group (“Custom Audience”) based on the rules we have established, provided those rules are applicable. We use the information obtained in this way to display our advertising content via Snapchat.

Please note that it cannot be ruled out that Snapchat may process the data in question here for its own purposes and under its own responsibility, and in doing so may combine this information with data already available to Snapchat, such as user profiles (if available).

The legal basis for our use of the Snapchat Pixel is your consent, based on Section 25(1) Sentence 1 of the TDDDG for the storage of and access to information in terminal equipment, as well as Article 6(1) Sentence Article 6(1)(a) of the GDPR for the processing of your data. You provide your consent via our cookie banner.

You also have the option to object to data collection via the Snapchat pixel by adjusting the privacy settings in your Snapchat account or by disabling cookies. For further information and to view the privacy settings options for advertising purposes, please refer to Snapchat’s Privacy Policy, which   https://support.snapchat.com/en-US/a/advertising-preferences   can be   https://support.snapchat.com/en-US/a/advertising-preferences   found at [link]   https://support.snapchat.com/en-US/a/advertising-preferences   .

Please note that Snapchat is a company based in the United States. Pinterest uses the so-called Standard Contractual Clauses as the basis for data processing outside the EU. See section   https://www.snap.com/terms/standard-contractual-clauses?lang=en-US

Our website contains links to other websites, such as z.B. the Carrera club website or social media platforms (Facebook or Meta, YouTube, Instagram). These websites are operated partly by us and partly by third parties. If you follow the links, information may be transmitted to these third parties in the latter case. For information on the purpose and scope of data collection by third-party websites, as well as the further processing and use of your data there, and your rights and settings options regarding the protection of your privacy, please refer to the respective privacy policies of the operators.

We will only disclose your personal data to third parties or other recipients if this is necessary to provide our services, if you have given your consent, if there is a legal obligation to do so, or if the disclosure is permitted under another legal basis. Data is transferred, for example, to the respective payment or shipping service provider, service providers for the provision of marketing services ( z.B . email marketing), technical service providers, or—in the case of a corporate transaction—to prospective buyers, etc. Where necessary, we have entered into data processing agreements with the recipients of your data in accordance with Article 28 of the GDPR.

If you choose a payment method offered through the payment service provider Shopify Payments, payment processing will be handled by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will disclose the information you provided during the ordering process, along with information about your order (name, address, account number, bank routing number, credit card number if applicable, invoice amount, currency, and transaction number). Your data is transferred exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. For more information on Shopify Payments’ privacy policy, please visit the following website:   https://www.shopify.com/legal/privacy . Privacy Policy of Stripe Payments Europe Ltd.can be found here: https://stripe.com/de/privacy

Please also note the separate privacy policies for the payment methods you have selected.

Klarna: You have the option to use the payment options offered by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Payment is then made to Klarna. The use of the payment methods "Invoice" and "Direct Debit/Instant Transfer" requires a positive credit check. If you wish to use Klarna, your data will be forwarded to Klarna during the purchase initiation and processing of the purchase contract for the purpose of address and credit checks. Depending on the outcome of the credit check, not all payment methods may be available to you. Please note that we have no influence over this. You can find further information and Klarna’s terms of use here .You can find Klarna’s privacy policy here.

. PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full  When paying via PayPal, credit card via PayPal, direct debit via PayPal, or—if offered—“Purchase on Account” or “Installment Payment” via PayPalS.a.r.l.S.C.A. ,we will share your payment information with PayPal (Europe)S.a.r.l. et Cie,S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). This transfer is made in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for payment processing. For the payment methods credit card via PayPal, direct debit via PayPal, or—if offered—“Purchase on Account” or “Installment Payment” via PayPal, PayPal reserves the right to perform a credit check. For this purpose, your payment data may be transferred in accordance with Art. 6(1)(b)f GDPR on the basis of PayPal's legitimate interest in determining your solvency to credit agencies. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information regarding data protection, including details about the credit reporting agencies used, please refer to PayPal’s Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

VISA: www.visaeurope.com

MasterCard: https://www.mastercard.de/de-de.html

Our social media presence (Facebook or Meta, X, TikTok, YouTube, LinkedIn, Xing, and Instagram) are used to Carrerainform you about Carreraour company as well as new developments, services, and products. Depending on the offerings of the respective providers, you havez.B. the option to engage in various interactions (commenting, recommending, etc.)z.B. in connection with our social media presence. User interaction is an important criterion for us in conducting targeted marketing. This allows usz.B. to determine which posts are most frequently read. We therefore also use the statistics compiled by the providers for our own purposes. If we process users’ personal data in this context, the legal basis for this is Article 6(1)(f) of the GDPR. Our legitimate interest in this regard consists, in particular, of targeted information and advertising.The providers will inform you separately about the legal basis on which they process your data for their own purposes.

In certain cases,

we are jointly responsible with the social media providers for the processing of your personal data. In this case, you can generally exercise your rights (see Section 12) against both us and the social media provider. However, the social media provider serves as the first point of contact.

We have entered into a joint responsibility agreement with Meta regarding the processing of personal data. This applies to the processing of so-called “Insights data.” This refers to page statistics, particularly regarding the interactions of Facebook users. You can find details about the Insights data here: https://www.facebook.com/business/pages/manage#page_insights. You can view our agreement with Meta at the following link: www.facebook.com/legal/terms/page_controller_addendum. Please note that Meta is a U.S.-based company. Meta is an active participant in the EU-U.S.U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the United States. Further information can be found here: https://www.dataprivacyframework.gov/list

We have also entered into a joint responsibility agreement with LinkedIn Ireland regarding so-called “Page Insights.” Through Page Insights, LinkedIn Ireland does not provide us with any personal data about you, but only aggregated data. We are unable to draw conclusions about individual users based on the information from Page Insights.You can view details about Page Insights and our agreement with LinkedIn Ireland at the following link: https://legal.linkedin.com/pages-joint-controller-addendum. Please note that LinkedIn Ireland may also process your data outside the EU/EEA. LinkedIn Corporation is an active participant in the EU-U.S.U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the United States. For more information, click here: https://www.dataprivacyframework.gov/list.

We use the analytics features of “TikTok Insights.” Through TikTok Insights, we receive an aggregated analysis of visitor behavior on our profile. For example, likes, video shares, and the age and gender of visitors may be tracked. We use this analysis from TikTok Insights to improve our profile, our reach, and our audience reach.To the extent that the data you provide to us via TikTok is processed exclusively by TikTok, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok Ireland”), and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH (“TikTok UK”), are also data controllers alongside us. When we process data jointly with TikTok, we have also entered into a joint responsibility agreement with TikTok. Details can be found in https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms, Part B 1, Sections 3 and 4. A summary of the key provisions of this agreement can be found at: https://www.tiktok.com/legal/page/global/information-about-tiktok-analytics/en.

Regarding the retention period for the data we process from you for our own purposes, please refer to our explanation in Section 10.Please also note the privacy policies of the respective social media providers.

To the extent necessary for our purposes, we may also transfer your data to recipients outside the EU if you have given your consent, if there is a legal obligation to do so, or if the transfer is permitted on another legal basis. Thus, your data is also transferred to recipients based in the U.S. as part of data processing. An adequate level of data protection isU.S. ensuredthrough the conclusion of the new so-called EU Standard Contractual Clauses and/or the service provider’s participation in the EUU.S. Data Privacy Frameworkin the U.S.U.S. An overview of the participants in the EU-U.S.You can find the Data Privacy Framework here: https://www.dataprivacyframework.gov/s/participant-search

We generally store your personal data for as long as is necessary for the aforementioned processing purposes, provided that, in the event of an objection, there are no compelling legitimate grounds for Carreraprocessing Carrerathat override your interests, Carreraor, in the event of a withdrawal of consent, there is no other legal basis for data processing. Please also note the information in the cookie banner.

In certain cases,z.B. however,z.B. where a legal retention obligation applies, your personal data will not be deleted immediately but will first be blocked.

We protect your data from unauthorized access, loss, or destruction through technical and organizational measures. Our security measures are continuously improved in line with technological advancements. Our employees and all persons involved in data processing are obligated to comply with data protection laws and to handle personal data confidentially. Our employees have received appropriate training.

To protect our users’ personal data, we use a secure online transmission method known as “Secure Socket Layer” (SSL) transmission. You can recognize this by the fact that an “s” is appended to the address component http:// (“https://”) or A green, closed padlock icon is displayed. Clicking on the icon will provide you with information about the SSL certificate being used. The appearance of the icon depends on the version of your browser. SSL encryption ensures that your data is transmitted securely and in its entirety.

: In accordance with legal requirements Carrera

• , you Carreragenerally have Carrerathe right to
  • obtain confirmation as to whether personal data concerning you Carrerais being processed by us Carrera
    • Carrera,
    • to receive information about this data and the circumstances of the processing,
    • correction if such data is inaccurate,
    • erasure if there is no justification for processing and no obligation to retain the data (any longer),
    • restriction of processing in specific cases prescribed by law, and
    • objection in the event of data processing based on Art. 6(1)(f) GDPR, and
    • the transmission of your personal data—to the extent you have provided it—to you or a third party in a structured, commonly used, and machine-readable format.

    To the extent that the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time, with the result that the processing of your personal data will no longer be permitted going forward. However, this does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

    Please direct your specific request in writing or by email, clearly identifying yourself, to our Data Protection Officer:

    krupna LEGAL

    Email: datenschutz@carrera-revell.com

    To the extent that wei.S.d. processyour data jointlyi.S.d. with third partiesunderi.S.d. Article 26 of the GDPR, the third party is primarily responsible for ensuring that all data subject rights are exercised. However, you are free to assert your rights against us as well.

    Finally, we would like to dsb@dsb.gv.atinform you of your right to lodge a complaint with the supervisory authority (Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna dsb@dsb.gv.at). dsb@dsb.gv.at

     

We do not use your personal data for automated individual decision-making.

New legal requirements, business decisions, or technical developments may necessitate changes to our Privacy Policy. The Privacy Policy will then be updated accordingly. You can always find the most recent version on our website.