Privacy Notice when our website is visited

This Privacy Notice fulfills the obligation to provide information pursuant to Article 13 et seq. of the General Data Protection Regulation (GDPR) where personal data is collected on our website.

1. Name and contact details of the data controller:

CARFAX Europe GmbH Barthstraße 2-10 80339 Munich Email: info@carfax.eu (hereinafter referred to as "CARFAX", “we", "us").

2. Contact details of the data protection officer:

Martin Holzhofer Holzhofer Consulting GmbH Lochhamer Str. 31 82152 Planegg, Germany Tel.: +49 89 125 01 56 00 Email: privacy@carfax.eu Website: https://www.holzhofer-consulting.de

3.1. Data processing on the basis of legitimate interests (Article 6(1)(f) GDPR)

In consideration of your rights and freedoms, processing will be carried out if this is necessary for the purposes of a legitimate interest on our part and this is not overridden by your interests, fundamental rights and fundamental freedoms, which require protection of personal data. Article 6(1)(f) GDPR provides the legal basis in these cases.

3.1.1. Collection of access data/server log files

For technical reasons, we process a limited amount of data (known as connection data) each time the website is accessed. This data is necessary from a technical point of view to establish and implement a connection between your device and our servers. The following data or categories of data can be collected:

  • Name of the file accessed.

  • The date and time of access.

  • Amount of data transferred.

  • Notification indicating whether access was successful.

  • Notification indicating why access may have failed.

  • Name of your Internet service provider.

  • Your computer's operating system and browser software, if applicable.

  • The website which directed you to us.

This log data will only be processed in order to carry out statistical analyses for the purpose of operating, securing and optimizing the site. However, we reserve the right to check the log data retrospectively if there are legitimate grounds for suspecting unlawful use on the basis of concrete evidence. This data is therefore not used to create user profiles.

3.1.2. Cookies required and not required for technical reasons

This website sometimes uses files known as cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our site more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser.

Most of the cookies we use are known as session cookies. They are automatically deleted once you leave our website. Cookies of this kind are essential from a technical standpoint for the website to be able to operate and for the purpose of providing the service requested by the user and therefore cannot be disabled.

3.1.3. Use of the contact form

When using the contact form, we will only collect personal data to the extent to which you provide it. We will only use your name and your email address to process your request.

3.2. Data processing based on your consent (Article 6(1)(a) GDPR)

Third-party services such as advertising and marketing cookies (tracking cookies) and analysis tools may also be used on the website. These are not necessary from a technical standpoint for operation of the website but are used, for example, to record how the user utilizes the Internet, to create a user profile and to send ads to the user which are tailored to the user's profile. These services will only become enabled after you have explicitly given your consent using the consent banner. For an overview of all third-party services which are embedded in the website and which are subject to consent, see point 10.

3.3 Data processing after entering a vehicle identification number (VIN)

By entering a vehicle identification number (VIN) on our website, you can check in advance whether CARFAX has fundamental information available for a specific vehicle at no charge and without the purchase of a used car history.

4. Automated decision-making including profiling

CARFAX Europe GmbH does not employ automated individual decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR.

5. Data transfer to a third country

Data is transferred to countries outside the EU and the European Economic Area ("third countries") as part of administering, developing and operating IT systems. Data shall only be transferred on the basis of:

  • an adequate decision of the European Commission under Article 45 GDPR;

  • an approved certification mechanism pursuant to Article 42 GDPR together with legally binding and enforceable obligations on the part of the controller or the processor in the third country;

  • standard data protection clauses issued by the Commission in accordance with the examination procedure referred to in Article 93(2) GDPR.

Personal data is currently transferred to the United States through the use of analysis and tracking tools (such as Google Analytics, DoubleClick or Microsoft Bing Ads) in the following cases:

  • Transmission of data to Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

  • Transmission of data to New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA.

  • Transmission of data to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

  • Data Transfer to Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

  • Data Transfer to YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

  • Data Transfer to LinkedIn Corp., 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

  • Data Transfer to OneTrust Technology Limited, Green, 82 St John St, London EC1M 4NJ, UK.

  • Data Transfer ton TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

In the event that you order a search for information by entering a valid vehicle identification number, we will transmit the VIN to our parent company CARFAX Inc., 5860 Trinity Parkway, Suite 600, Centreville, VA 20120 in the USA, only in cases where there is no data available in our own database and to therefore allow you full access to the global database.

6. Categories of data recipient

To the extent permitted by law, we share personal data with external service providers:

  • IT service providers to maintain our IT infrastructure.

  • Server providers to store and process the data in a confidential manner.

Your data will also be shared as far as we are legally obliged to do so.

7. Retention period and criteria for determining such period

Personal data will only be retained for as long as is necessary in order to fulfill the purposes mentioned here or as stipulated by the statutory retention periods. The data will be deleted in accordance with the statutory regulations once the relevant purpose ceases to apply or after the retention periods have expired.

We will store your data for advertising purposes until you object to such use or we are no longer permitted by law to send promotional material to you.

8. Information about your rights as a data subject

CARFAX Europe GmbH, Barthstraße 2-10, 80339 Munich, Germany, is responsible for processing your data, unless otherwise stated.

You can obtain information from us at any time (Article 15 GDPR) about the data stored about you and request that it be rectified (Article 16 GDPR) where there are errors. You can also request that processing be restricted (Article 18 GDPR), request that data you give us be provided (Article 20 GDPR) in a machine-readable format (data portability) or that your data be erased (Article 17 GDPR) provided it is no longer required.

Furthermore, you have the right to object to the use of your data, which is based on public or legitimate interests (Article 21 GDPR), at any time.

If we process your data on the basis of your consent, you can revoke this consent at any time with effect for the future (Art. 7 para. 3 GDPR). Upon receipt of your withdrawal, we will no longer process your data for the purposes specified in the consent.

If you wish to exercise your rights as a data subject, please contact: CARFAX Europe GmbH Barthstraße 2-10 80339 Munich, Germany privacy@carfax.eu

9. Right to lodge a complaint with a supervisory authority

In addition, you can contact a supervisory authority at any time to lodge a complaint. The Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision), P.O. Box 1349, 91504 Ansbach, Germany, is the competent authority for us. Alternatively, you can contact your local supervisory authority.

10. Privacy notice for all third-party services embedded in the website

10.1 Data protection notice on the use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google Analytics uses technologies such as cookies, web storage in the browser and tracking pixels that enable your use of the website to be analyzed.

Additional Google Analytics functions, such as Google Looker Studio, are also used. With the help of Google Looker Studio, we manage and visualize your data in dashboards and reports to analyze results and make decisions for our website. Google Looker Studio enables us to display data from a wide range of different sources and link them together.

Among other things, the following information can be collected

  • Host name of the accessing computer (IP address),

  • Browser type/version,

  • Operating system used,

  • Referrer URL (the previously visited page),

  • Date and time of the server request,

  • Measurement of user behavior (e.g. views of individual pages / content, views of content from different areas, session duration / dwell time, bounce rate, click path, mouse and scroll movements),

  • Language / location data,

  • eCommerce activity (e.g. products purchased, sales),

  • Customer satisfaction.

Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices and all other data that Google has about you.

The data generated by Google Analytics is stored for 14 months. After this period, all data is automatically deleted. We have also added the code "anonymizeIP" to Google Analytics on this website.

The data generated about your use of this website is generally transferred to a Google server in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission within the meaning of Art. 45 para. 3 GDPR, which extends to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified in accordance with the DPF, the level of data protection is therefore considered adequate. Google has certified itself in accordance with the DPF and has therefore undertaken to comply with European data protection principles.

The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. On behalf of CARFAX Europe GmbH, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and related to how you use the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about how Google Analytics handles user data, please refer to Google's Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en

10.2. Privacy notice about the use of Google Tag Manager

This website uses Google Tag Manager provided by Google Inc. LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). This service allows website tags to be managed via an interface. This application manages JavaScript tags and HTML tags that are used to implement tracking and analysis tools in particular. Data is processed for the purposes of designing and optimizing our website on a needs-oriented basis. Google Tool Manager only implements tags. This means: No cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If disabled at domain or cookie level, this setting remains in place for all tracking tags, insofar as these are implemented with Google Tag Manager.

However, Google Tag Manager records your IP address, which may be transmitted to a Google server in the USA and stored there. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about Google Tag Manager, visit: https://www.google.com/analytics/terms/tag-manager/

10.3. Privacy notice about the use of Doubleclick.net by Google

This website uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to run ads that are relevant to users, improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are placed in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to capture conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later uses the same browser to visit the advertiser's website and buys something from it. According to Google, DoubleClick cookies do not contain any personal data.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google as a result of this tool being used and we are therefore providing you with the following information to the best of our knowledge: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, the provider may learn of and store your IP address.

In addition, the DoubleClick Floodlight cookies used enable us to understand whether you perform certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or on another platform via DoubleClick (conversion tracking). DoubleClick uses this cookie to understand the content that you have interacted with on our website so that targeted ads can subsequently be sent to you.

Your data is generally transmitted to Google LLC servers in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about DoubleClick by Google, visit https://marketingplatform.google.com/about/enterprise/

10.4. Privacy notice about the use of Google Fonts API/gStatic API

This website uses external fonts from Google Inc. such as Google Fonts and gStatic. These are services provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA. ("Google"). These web fonts are embedded via a call to a server, usually a Google server in the USA. This will tell the server which of our websites you have visited. The IP address of the browser on the device of the visitor to these Internet pages is also stored by Google.

Your data can be transferred to the USA, if applicable. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information, visit https://developers.google.com/fonts/faq?tid=331597391040

10.5. Privacy notice about the use of Google Dynamic Remarketing

On our website, we use the remarketing or "similar audiences" function from Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). The purpose of the application is to analyze visitor behavior and visitor interests. Google uses cookies to carry out analysis of website usage, which forms the basis for creating interest-based ads. The cookies are used to record the visits to the website as well as anonymous data about how the website is used. No personal data about visitors to the website is stored. If you subsequently visit another website in the Google Display Network, you will see advertisements that are likely to take into account products and information previously viewed.

Your data is generally transmitted to Google LLC servers in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about Google Remarketing and its privacy policy, please visit: https://www.google.com/privacy/ads/

10.6. Privacy notice about the use of Google Audiences

We also use Google Audiences ("GA Audience") from Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"), another web analytics service from Google. This service collects and stores data from which pseudonymized usage profiles are created. This technology allows users who have visited our websites to see targeted advertising from us on other external sites in the Google Partner Network.

Among other things, GA Audience uses cookies, which are stored on your computer and other mobile devices (such as smartphones, tablets etc.) and enables how the respective devices are used to be analyzed. In this respect, the data is, in part, analyzed across devices. GA Audience will have access to the cookies created in the context of Google Analytics being used.

In the context of such use, data such as, in particular, the IP address and activities of the users, can be transferred to a Google LLC server in the USA, where it will be stored. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

Google LLC may transfer this information to third parties if required by law or if such data is processed by third parties.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about privacy when GA Audience is being used, please visit: https://support.google.com/analytics/answer/2700409?hl=en&ref_topic=2611283.

10.7. Privacy policy notice for the use of Google reCaptcha

In addition to the conventional function of Google reCaptcha (for example, within an ordering process to be able to differentiate between input by a natural person or misuse by a bot or other spam software), we are also using the new reCAPTCHA v3 on our website (called the invisible reCAPTCHA). This is a function of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google) to detect abusive traffic—especially spam—on a website without user interaction. By spam, we mean any unsolicited, unwanted information sent electronically. The reCAPTCHA is therefore used to secure our website and ultimately also for your security.

The reCAPTCHA service is a JavaScript element integrated into the source text and the application runs in the background and analyzes your user behavior.

The invisible reCAPTCHA does not conduct any classic CAPTCHA test, but rather makes an assessment to allow us to select the most suitable action for our website ourselves. Google does not disclose exactly which data it collects and stores in this process. In addition, we also use the classic CAPTCHAS, in which you generally have to solve a text or image puzzle or check a box to confirm that you are not a bot. The classic reCAPTCHA is only used as a fallback solution if the invisible reCAPTCHA identifies a user as a bot in order to still give real users the opportunity to access the website.

According to our information, the following information is collected in relation to your terminal and your browser and transmitted to Google:

  • Referrer URL (the address of the site from which the visitor is coming)

  • User’s IP address

  • User’s operating system

  • Mouse and keyboard behavior

  • Language set in the browser

  • Screen and window resolution

  • Timezone

  • Installation of browser plugins

  • Limited location and usage data

Furthermore, Google reCAPTCHA also uses cookies (small text files in which your data is stored in your browser).

The Captcha window uses "Google Fonts" for the visual display, i.e. the fonts loaded from the Internet by Google. There is no processing of information other than that mentioned above, which is already transmitted to Google via the functionality of reCAPTCHA.

The use of Google reCAPTCHA occurs in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in establishing individual ownership on the Internet and preventing misuse and spam, and thereby ensuring the security of our website. Information is stored and accessed in accordance with Article 25 (1 and 2) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act).

As part of this use of Google reCAPTCHA, personal data may be transmitted to the server at Google LLC. in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. The service provider Google is certified under the DPF and thus committed to complying with European data protection principles.

For further information on data privacy at Google, please visit: https://www.google.com/intl/de/policies/privacy/

For further information on Google reCAPTCHA Version 3 can be found at https://developers.google.com/recaptcha?hl=de

10.8. Privacy notice about the use of Microsoft Bing Ads

On our website we use conversion tracking by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In this respect, Microsoft Bing Ads will store a cookie on your computer if you have accessed our website via a Microsoft Bing advertisement. In this way, we and Microsoft Bing can see that someone clicked on an ad, was redirected to our website and arrived at a previously designated landing page (conversion page). We are told the total number of users who clicked on a Bing ad and were then redirected to the conversion page.

In addition, Microsoft may be able to track your usage behaviour across several of your electronic devices through cross-device tracking, which allows Microsoft to display personalized advertising on or in Microsoft websites and apps. You can disable such tracking of your behaviour via https://account.microsoft.com/privacy/ad-settings/signedout. If you do not want information about your behaviour to be used by Microsoft as explained above, you may opt out of a cookie being set, for example by using a browser setting that generally disables cookies being set automatically.

When using Microsoft Bing Ads, personal data may also be transmitted to Microsoft's servers in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Microsoft is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about Microsoft's privacy policy and the cookies used by Microsoft and Bing Ads, please visit the Microsoft website at https://privacy.microsoft.com/en-gb/privacystatement.

10.9. Privacy notice about the use of Hotjar

Our website uses Hotjar, analysis software from Hotjar Ltd. ("Hotjar"), 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe. Hotjar can be used to measure and analyze usage behavior on our website in the form of clicks, mouse movements, scroll depths, etc. The information generated by the "tracking code" and the "cookie" is transmitted to and stored on the Hotjar servers in Ireland. The following information is collected:

  • The IP address of your device (collected and stored in an anonymized format)

  • Screen size of your device

  • Device type and browser information

  • Geographical location (country only)

  • The preferred language for displaying our website

In addition, the following data will be logged on our server when Hotjar is used:

  • Referring domain

  • Pages visited

  • Geographical location (country only)

  • The preferred language for displaying our website

  • Date and time website accessed

Hotjar will use this information to analyze how you use our website, to create reports as well as other services concerning website use and Internet analysis of the website. Hotjar also uses third-party services such as Google Analytics to provide services. These third-party companies may store information that your browser sends during the visit to the site, such as cookies or IP requests. For more information about how Google Analytics stores and uses data, please refer to their respective privacy notices.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give corresponding consent via the consent banner.

For more information about privacy when using Hotjar, please visit www.hotjar.com/privacy and www.hotjar.com/legal/policies/privacy

10.10. Privacy policy on the use of Meta Pixel and Meta Custom audience 

Our website uses a "Meta pixel" created by the social network Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta"). The Meta pixel makes it possible to track users' behavior after they click on a Meta ad. Using this Meta pixel helps us to understand how our marketing campaigns are received by users on Meta's platforms, such as Facebook and Instagram, and enables us to devise action improvement plans, if necessary. While visiting one of Meta's social networks or any other website that also utilizes this tool, users of our website are shown targeted ads ("Meta ads" or "Facebook ads" and "Instagram ads"). Accordingly, we also use the Meta pixel to display Meta ads placed by us only to those Meta users who have also shown an interest in our online offering or to those who have certain characteristics (e.g. interest in certain topics or products determined on the basis of the web pages they have visited), which we share with Meta (Meta "Custom Audiences" or "Lookalike Audiences"). 

Your browser uses the Meta pixel to automatically establish a direct connection to the Meta server. We have no influence on the scope and further use of the data collected by Meta, as a result of this tool being used, and we are therefore providing you with the following information to the best of our knowledge:  

The integrated Meta Pixel notifies Meta that you have clicked on an ad from us or called up the corresponding page of our website. If you are registered with a Meta service, Meta can assign the visit to your account. Even if you are not registered with Meta or you have not logged in, the provider may learn a store your IP address and other identifying information. 

Your data is generally transmitted to the Meta Platforms Inc. servers in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Meta is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner. 

Meta processes data in line with Meta's Privacy Policy. You can also find specific information and details about Meta pixel and how it works in the Meta Business Help Centre

10.11. Privacy notice regarding the use of Optimizely

Our website uses the web analysis and optimization service "Optimizely," which is provided by Optimizely Inc., 119 Fifth Avenue, 7th Floor, New York, NY 10003, USA. We use Optimizely to enhance the appeal, content and functionality of our website by using the service to publish new functions and content and by using the service to display these functions and content to a percentage of our users and then perform statistical analysis of the differences in website use. This is known as A/B testing.

Optimizely uses tools such as cookies, which you can enable to help optimize and analyze the use of our website. The information generated by these cookies about how you use our website is usually transferred to an Optimizely server in the USA, where it will be stored.

The following data may be collected and processed as part of optimization tests:

  • IP address (the user's IP address is automatically anonymized)

  • Any specific identifiers such as cookie IDs or similar identifiers, as well as event data connected to these identifiers (such as device type, browser and operating system, time of access and the characteristics of the website tested)

Optimizely uses this information on our behalf to evaluate your usage of our website, to compile reports regarding optimization tests and the associated website activities and to provide us with additional services related to the use of the website and the Internet.

The storage of and access to information on the end user's device is carried out on the basis of informed consent, in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for any further processing of your personal data is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

We have concluded a data processing agreement (DPA) and additional standard contractual clauses (SCC) with the service provider Optimizely.

Additional information regarding data protection can be found in Optimizely's privacy policy

10.12. Data protection notice on the use of YouTube

We use the function for embedding YouTube videos from YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube") on our website. YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").

YouTube videos can be played directly from our website. With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also known as "framing". When you call up a (sub)page of our website on which YouTube videos are integrated in this form, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.

The integration of YouTube content only takes place in "extended data protection mode". This is provided by YouTube itself and ensures that YouTube does not initially store any cookies on your device. However, when the relevant pages are accessed, the IP address and other data (e.g. browser used, operating system and its interface, language and version of the browser software, date and time of the query) are transmitted, usually by means of scripts from YouTube, and thus in particular which of our Internet pages you have visited. However, this information cannot be assigned unless you have logged in to YouTube or another Google service (e.g. Google+) before accessing the page or are permanently logged in. However, we have restricted the direct transmission of this data by integrating YouTube videos via a so-called "two-click solution" (click to load), so that the scripts and the associated transmission of your data only takes place after a second click on the video.

As soon as you start playing an embedded video by clicking on it, YouTube only stores cookies on your device through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented using the appropriate browser settings and extensions.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The data collected is usually transferred to a YouTube or Google server in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission within the meaning of Art. 45 para. 3 GDPR, which extends to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified under the DPF, the level of data protection is therefore considered adequate. YouTube and Google have certified themselves in accordance with the DPF and are therefore obliged to comply with European data protection principles.

The storage of and access to information in the end user's terminal equipment is based on informed consent in accordance with Section 25 (1) TTDSG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give the corresponding consent via the consent banner or alternatively via the "two-click solution" (click to load) directly with the respective video.

You can find more information on the collection and use of data by YouTube and Google in YouTube's privacy policy at https://www.youtube.com/t/privacy

10.13. Data protection notice on the use of OneTrust (including cookie law)

This website uses the OneTrust consent management platform to obtain your consent to the storage of certain cookies and related technologies on your end device and to document this in compliance with data protection regulations. The provider of this technology is OneTrust Technology Limited, 82 St John St, London EC1M 4NJ, United Kingdom (hereinafter referred to as "OneTrust").

OneTrust is used to consent to the storage of cookies and related technologies in a legally compliant manner and to ensure the revocation of this consent. Furthermore, the consent is documented for legal proof and the setting of cookies and related technologies is technically controlled. For this purpose, OneTrust stores information about the categories of cookies and related technologies used by the website and whether users have given or withdrawn their consent to the use of the individual categories. Among other things, this enables us to prevent cookies and related technologies from being set in each category in the user's browser even though consent has not been given.

OneTrust itself uses cookies for information storage, which have a normal lifespan of one year, so that the preferences of returning visitors can be stored. The following information is collected and stored in connection with this

  • Your consent(s) or the withdrawal of your consent(s)

  • pseudonymous browser ID: Retention of the given/withdrawn consents according to groups/solutions with indication of the time of change in order to be able to provide legal proof of the consent given

  • IP address (is not stored)

  • If consent is given, information on browser, country, device type is also stored

The data collected is generally stored for one year or until you delete the OneTrust cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

The provider Cookie Law is part of OneTrust Technology Limited and is therefore also used in connection with the consent management tool OneTrust. Cookie Law is used by OneTrust in particular as a CDN for hosting the script for the Consent Management Tool.

Since the cookies used by OneTrust serve the sole purpose of managing your consent and are therefore technically necessary so that the telemedia service expressly requested by you can be provided, no consent is required for this (see Section 25 (2) No. 2 TTDSG). OneTrust is generally used to obtain the legally required consent for the use of cookies and related technologies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

You can find further information on data protection at OneTrust at

https://www.onetrust.com/privacy/

10.14. Data protection notice on the use of LinkedIn Analytics and LinkedIn Ads

On this website, we use "LinkedIn Analytics" and "LinkedIn Ads", services provided by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. ("LinkedIn"). LinkedIn Ireland Unlimited, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection aspects in the EU and the European Economic Area (EEA).

Both services store and process information about your user behavior on our website. Among other things, cookies are used for this purpose, which are stored locally in the cache of your web browser on your end device and which enable an analysis of your use of our website.

We use LinkedIn Analytics for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user.

We use LinkedIn Ads so that visitors to this website who are also members of LinkedIn can be shown personalized ads on LinkedIn (retargeting). Furthermore, it is possible to create anonymous reports on the performance of the advertisements and information on website interaction. For this purpose, the LinkedIn Insight tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. The Insight Tag can also measure across devices whether visitors to our websites make a purchase or other action (conversion measurement).

The LinkedIn Insight Tag sets a cookie in the user's browser. LinkedIn uses this to collect data such as

  • URL

  • Referrer URL

  • Device properties

  • Browser properties

  • IP address (is shortened or - if it is used to reach members across devices - hashed)

  • Timestamp

  • Page views

  • URL of the page or name of the application, if applicable

LinkedIn anonymizes the direct identifier of members within 7 days LinkedIn deletes probilistic identity references of non-members within 90 days. Anonymized data is deleted after 180 days.

The data collected by LinkedIn cannot be assigned to a natural person by us as the website operator. We only receive aggregated reports on the demographic composition of our target audience and the efficiency of our ads. Retargeting also only uses data that does not identify members in order to improve the relevance of ads and reach members across devices.

In connection with these processes, we also receive information about criteria such as

  • industry

  • Job title

  • Size of the company

  • Career stage

  • Location of the website visitors

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions on our website to their full extent. LinkedIn members can also control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website, you can click here.

LinkedIn also processes your data in the USA. For the USA, there is an adequacy decision of the EU Commission within the meaning of Art. 45 para. 3 GDPR, which extends to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified under the DPF, the level of data protection is therefore considered adequate. LinkedIn has certified itself in accordance with the DPF and is therefore committed to complying with European data protection principles.

The storage of and access to information in the end user's terminal equipment is based on informed consent in accordance with Section 25 (1) TTDSG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give the corresponding consent via the consent banner.

Further information on data protection at LinkedIn can be found in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy

10.15. Data protection notice on the use of TikTok Pixel (TikTok Ads)

This website uses the so-called "TikTok pixel" of the social network TikTok, which is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").

This is a code that we have implemented on our website. With the help of this code, a connection is established with the TikTok servers when you visit our website in order to track and evaluate your behaviour on our website and then enable the display of interest-based and personalized product recommendations on TikTok. The information collected and processed pseudonymously in this way generally includes the device ID, device type, timestamp, operating system used and IP address. The information can be assigned to the person of the user with the help of further information that TikTok has stored about the user, e.g. due to the ownership of an account on the social network "TikTok". TikTok may also combine the information collected via the pixel with other information that TikTok has collected via other websites and/or in connection with the use of the social network "TikTok" and thus create pseudonymized user profiles. Under no circumstances can the information collected be used to personally identify visitors to this website. The TikTok pixel also enables us to track the effectiveness of advertisements on TikTok. If the user is redirected from an advertisement on TikTok to pages on this website and the cookies have not yet expired, the pixel records certain user actions predefined by us and can track these (e.g. completed transactions, leads, search queries on the website, views of product pages). When such an action is carried out, your browser sends an HTTP request from the cookie via the TikTok pixel to the TikTok server, with which certain information about the action is transmitted. Through this transmission, TikTok can compile statistics about the usage behavior on our website after forwarding a TikTok ad, which we use to optimize our offer. The storage of and access to information in the end user's terminal equipment is based on informed consent in accordance with Section 25 (1) TTDSG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give the corresponding consent via the consent banner. You can find further information on TikTok's privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/en

Munich, July 2024