Privacy Policy

We, them Carrera Toys GmbH (“Carrera/we”), look forward to your visit to our website. In the following provisions we inform you about the type, scope and purpose of the collection and use of your personal data on this website and within the framework of the services we offer.

Personal data is any information relating to an identified or identifiable natural person. This includes in particular your name, your address and your email address.

Please read the privacy policy carefully before using this website. We reserve the right to adapt parts of this data protection declaration at our own discretion and as required by law. Please check this data protection declaration regularly for changes.

1. Provider and data protection officer

The provider of the website and the person responsible within the meaning of data protection law is

Carrera Toys GmbH
Rennbahn Allee 1
5412 Puch / Salzburg Austria

Authorized managing director: Mr. Stefan Krings

Tel.: +43 662 88921-0
E-mail:shop@carrera-revell.com

You can reach Carrera Toys GmbH's data protection officer at:

krupna LEGALwww.krupna.legal
E-mail: datenschutz@carrera-revell.com

2. Data processing to enable website use

Every time the content of our website is accessed, connection data is transmitted to our web server. This connection data includes:

the IP address (Internet Protocol address) of the respective user,
the date and time of the request,
the referrer URL,
Device numbers such as UDID (Unique Device Identifier) and comparable device numbers, device information (e.g. device type) as well
the browser type/version.

This connection data is not used to identify the user or combined with data from other data sources, but is used to provide the website. The legal basis for the processing of your data is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. After 7 days at the latest, the data will be anonymized by shortening the IP address at the domain level.

3. Data processing on request

It is generally possible to use our website without providing any personal data. You are neither obliged to access this website nor to provide any personal data. However, the provision of personal data is required, for example, to receive newsletters or when registering. If you do not provide us with personal data for the purposes listed below, you may not be able to use the functionalities of this website or individual services.

3.1. Provider and data protection officer

If you register with us as a dealer and use the dealer service or the B2B portal on our website, we will process your information for this purpose. Details about the B2B portal can be found in the instructions on our portalhttps://carrera-revell.com/dealer-portal.

Your personal data is processed on the basis of Article 6 Paragraph 1 Sentence 1 Letter b GDPR.

3.2. newsletter

The provider of the website and the person responsible within the meaning of data protection law is

Carrera Toys GmbH
Rennbahn Allee 1
5412 Puch / Salzburg Austria

Authorized managing director: Mr. Stefan Krings

Tel.: +43 662 88921-0E-mail:shop@carrera-revell.com

You can reach Carrera Toys GmbH's data protection officer at:

krupna LEGALwww.krupna.legal
E-mail: datenschutz@carrera-revell.com

3.3. Registration as a customer

If you would like to register with us as a customer, we will collect the required mandatory information from you (name, country, email address, password), which is marked accordingly (*). Entering any additional information about yourself is voluntary.

Registration is not necessary, but it will make the ordering process easier for future orders because you can reuse the data you have already saved. Alternatively, you can also place an order as a guest. In this case, we collect the same data from you as when you registered, with the exception of a password. However, this data is not stored in a customer account for you, so you do not have access to a customer account.

After registering, you log in by entering your email address and password. Please always ensure that you log out before leaving the website.

When using a password, please take appropriate security measures. A password should be at least 8 characters long and, if possible, always consist of a combination of letters in upper and lower case, numbers and special characters. In this respect, trivial passwords such as “ABC” or keyboard sequences (e.g. “qwert” or “asdfgh”), all kinds of names (e.g. of friends, acquaintances, colleagues, family members, pets), city and building names, cartoon characters, car brands, license plates, terms, dates of birth, telephone numbers, common abbreviations, etc. are problematic.

The processing of your personal data is based on your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR. Please note that in the event of cancellation, any bonus points you may have collected will be lost without replacement. Furthermore, please note the corresponding usage instructions on our website regarding the bonus points.

In addition, as part of the registration process, we store your IP address and the time of registration. This is necessary to ensure the security of our information technology systems. The legal basis for the processing of your data in this case is Article 6 Paragraph 1 Sentence 1 Letter f GDPR.

3.4. Login

If you are registered as a customer, you have access to your customer account via the login function on this website. You log in by entering your email address and password.

Login details must be kept strictly secret. If the data has nevertheless been passed on, for example to enable third parties to access certain data sets in an emergency, the password must be changed immediately. For your own protection, it is prohibited to reuse passwords that have already been used.

In addition, when you log in, we store your IP address and the time of access. This is necessary to ensure the security of our information technology systems.

We also set a session cookie with every login. This session cookie prevents automatic logout during active use of the account or associated services. After you log out, the session cookie is automatically deleted within a few minutes.

The legal basis for the processing of your data is Article 6 Paragraph 1 Sentence 1 Letter f GDPR and, if your contractual relationship is affected, Article 6 Paragraph 1 Clause 1 Letter b and/or f GDPR.

3.5. Wishlist

If you are registered as a customer (see Section 3.4 f.), you can add individual products from the shop to your wish list. Until you unsubscribe, you can access this wish list and see all the products you have added. The legal basis for the processing of your data in this case is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. When you unsubscribe as a customer, the wish list will be automatically deleted.

3.6. Order in the shop

If you place an order with us, we will process the following data about you:

Registration data from the customer account or your guest data,
Purchasing data (order/shopping cart),
Payment data (payment method, account and credit card details, billing addresses)

Your personal data is processed on the basis of Article 6 Paragraph 1 Sentence 1 Letter b GDPR.

3.7. Competitions

If you would like to take part in a competition offered by us via the website, you must first create an account. Providing your data is necessary for the purpose of running the competition. After the competition has ended, this data or the account will be deleted unless there are legal retention requirements.

The processing of your personal data is based on your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR. There is no legal or contractual obligation to provide personal data. Failure to consent will only result in you not being able to take part in the competition. You can revoke your consent at any time with future effect. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.

4. Revell Club

We provide a separate club area on our website for our Revell Club. The data processing in connection with our Revell Club is described in the following paragraphs.

4.1. Registration as a Revell Club member

If you would like to register with us as a club member, you must first order a membership in our online shop. We then collect the required mandatory information from you (name, address, email address, password) to set up your member account so that you can use the club benefits.

After registering, log in by entering your club username and password via the club area on our website. Please always ensure that you log out before leaving the website.

When using a password, please take appropriate security measures. A password should be at least 8 characters long and, if possible, always consist of a combination of letters in upper and lower case, numbers and special characters. In this respect, trivial passwords such as "ABC" or keyboard sequences (e.g. "qwert" or "asdfgh"), all kinds of names (e.g. of friends, acquaintances, colleagues, family members, pets), city and building names, cartoon characters, car brands, license plates, terms, dates of birth, telephone numbers, common abbreviations, etc. are problematic.

Your personal data is processed to fulfill the contract. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter b GDPR.

4.2. Login

If you are a club member, you have the option of accessing special information or functionality in our club area using the login function on this website.

In addition, when you log in, we store your IP address and the time of access. This is necessary to ensure the security of our information technology systems.

The legal basis for the processing of your data is Article 6 Paragraph 1 Sentence 1 Letter f GDPR and, if your contractual relationship is affected, Article 6 Paragraph 1 Clause 1 Letter b GDPR.

4.3. Member account

If you have purchased a club membership, a member account will be created for you, which can be viewed by other club members. You can use the settings to select which information about you should be visible to other club members.

If you already have a customer account in accordance with Section 2.3 f., the data from your previous customer account will be linked to your member account. This allows you to use the club benefits when ordering from our online shop.

The legal basis for the processing of your personal data is Article 6 Paragraph 1 Sentence 1 Letter b GDPR.

4.4. Payment for club membership

Please note the provisions in this data protection declaration under section 7

4.5. Club newsletter

The provider of the website and the person responsible within the meaning of data protection law is

Carrera Toys GmbH
Rennbahn Allee 1
5412 Puch / Salzburg Austria

Authorized managing director: Mr. Stefan Krings

Tel.: +43 662 88921-0
E-mail:shop@carrera-revell.com

You can reach Carrera Toys GmbH's data protection officer at:

krupna LEGALwww.krupna.legal
E-mail:datenschutz@carrera-revell.com

5. Data processing for needs-based design of the website and tracking

To make your use of our website as pleasant as possible, we use so-called web tracking systems. Cookies are usually used for this purpose, i.e. small text files that are sent to your browser from a web server and stored on your computer's hard drive. This enables us to recognize the device you use when using our shop. In this way it is possible for us, for example, to determine whether you are logged in, have an active shopping cart and what contents the shopping cart has. The session cookies used to use the shop are deleted after the end of the browser session. Other cookies remain on your device and enable us to recognize your device on your next visit.

Details about the cookies used on the website can be found in the cookie banner and in the following provisions. The legal basis for processing your data follows, insofar as the following provisions in section 5.1. ff. not shown differently, from Art. 6 Paragraph 1 Sentence 1 Letter f GDPR. Our legitimate interest lies in the needs-based design of the website. Finally, we would like to point out that if cookies are deactivated, not all functions of this website may be able to be used to their full extent. Please also note that deactivation may have to be done for each browser and for each device.

5.1. Cookie consent with Cookiebot

In order to be able to administer your consent to the use of tracking tools, we use the cookie consent technology “Cookiebot”. The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, website:https://www.cookiebot.com/de/(“Usercentrics”). In this context, in addition to the connection data, the granting or rejection of your consent or the revocation of consent are transmitted to Usercentrics. In order to be able to make the appropriate assignment, Usercentrics also sets a cookie in your browser.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter c GDPR.

5.2. Google Analytics

The provider of the website and the person responsible within the meaning of data protection law is

Carrera Toys GmbH
Rennbahn Allee 1
5412 Puch / Salzburg Austria

Authorized managing director: Mr. Stefan Krings

Tel.: +43 662 88921-0E-mail:shop@carrera-revell.com

You can reach Carrera Toys GmbH's data protection officer at:

krupna LEGALwww.krupna.legal
E-mail: datenschutz@carrera-revell.com

5.3. YouTube

Our website uses plugins from the YouTube site operated by Google. If you visit one of our websites equipped with a YouTube plugin and actively click on the corresponding field, a connection to YouTube's servers will be established. The YouTube server is informed which of our websites you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The legal basis for the use of YouTube is your consent, based on Section 25 Paragraph 1 Sentence 1 TDDDG for the storage and access to information in end devices and Art. 6 Paragraph 1 Sentence 1 Letter a GDPR for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that Google is a US company. Information about the locations of Google's data centers can be found atwww.google.com/about/datacenters/locations/be retrieved. The new EU standard data protection clauses were agreed upon as appropriate safeguards to ensure an adequate level of protection during data transfer. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here:https://www.dataprivacyframework.gov/list.

Further information on how to handle user data can be found in YouTube's privacy policy at:https://www.google.de/intl/de/policies/privacy.

5.4. Google Tag Manager

We use the Google Tag Manager “GTM”. This service from Google allows website tags to be managed via an interface. However, the GTM only implements tags. In this respect, no cookies are used. The GTM only triggers other tags, which in turn may collect data, but the GTM does not access this data. The data is evaluated exclusively in the respective tool (see the tools listed in section 5 for details). However, the GTM collects your IP address and online identifiers (including cookie identifiers), which may also be transmitted to Google in the USA. Additional information about the GTM can be found athttps://support.google.com/tagmanager/answer/6102821?hl=de

The legal basis for the use of GTM is your consent, based on Section 25 Paragraph 1 Sentence 1 TDDDG for the storage and access to information in end devices and Art. 6 Paragraph 1 Sentence 1 Letter a GDPR for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that the provider is a company from the USA. The new EU standard data protection clauses were agreed upon as appropriate safeguards to ensure an adequate level of protection during data transfer. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here:https://www.dataprivacyframework.gov/list

5.5. Address validation

To reduce delivery errors, we use Google's Address Validation API. The Address Validation API can be used to determine whether an entered address refers to a real location or whether it contains errors. For this purpose, your IP address and the content you entered in the address field are transmitted to Google. For example, if the address entered is incomplete, the Address Validation API will make a correction recommendation that you can accept. Alternatively, you will be asked to correct the address you entered.

The legal basis for the use of the Address Validation API is your consent, based on Section 25 Paragraph 1 Sentence 1 TDDDG for the storage and access to information in end devices and Art. 6 Paragraph 1 Sentence 1 lit. a GDPR for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that the provider is a company from the USA. The new EU standard data protection clauses were agreed upon as appropriate safeguards to ensure an adequate level of protection during data transfer. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here:https://www.dataprivacyframework.gov/list.

5.6. AWIN

We have integrated “AWIN” on our website. AWIN is an affiliate marketing software from AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany. Registered providers (“advertisers”) can advertise their online goods and services as part of programs via AWIN. For this purpose, the registered people at AWIN (so-called “publishers”) provide the “advertisers” with their advertising space, such as: B. websites. We are registered with AWIN as a “publisher”, which means we provide “advertisers” with advertising space (through links) on our website.

As part of its tracking services, AWIN stores cookies to document transactions on the devices of users who visit or use advertisers' websites or other online offerings (e.g. when placing an online order). These cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing within the network. The AWIN tracking cookies store an individual number sequence that cannot be assigned to the individual user and is used to document an advertiser's partner program, the publisher and the time of the user's action (click or view). AWIN also collects information about the device from which an action is carried out, e.g. the operating system and the browser.

The legal basis for the use of AWIN is your consent, based on Section 25 Paragraph 1 Sentence 1 TDDDG for storage and access as well as Art. 6 Paragraph 1 Sentence 1 Letter a GDPR for our further processing of your data. You give your corresponding consent via our cookie banner.

Further information on AWIN's use of data can be found in the company's data protection declaration:https://www.awin.com/de/rechtliches

5.7. Country.is

In order to be able to redirect the user to the appropriate web shop (e.g. the US web shop), we use the so-called geo-localization of “Country.is”. Country.is is an open source geolocation API that determines a user's country (and nothing else) based on their IP address. IP-based geolocation is the mapping of an IP address or MAC address to the real geographical location of an Internet-connected computer or mobile device. With geolocation, IP addresses are assigned to the country, region (city), latitude/longitude, internet provider and domain name, among other things. On this basis, the user is automatically redirected to the web shop that suits them locally.

The legal basis for the use of Country.is is your consent, based on Section 25 Paragraph 1 Sentence 1 TDDDG for the storage and access to information in end devices and Art. 6 Paragraph 1 Sentence 1 Letter a GDPR for our further processing of your data. You give your corresponding consent via our cookie banner.

5.8. Azure Content Delivery Network

On our website we use “Azur Content Delivery Network” from Microsoft, a service provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Azur Content Delivery Network allows us to reduce load times and improve performance for our high-bandwidth website content by distributing user requests and delivering them directly from Microsoft servers. When you access website content, you connect to Microsoft servers, whereby your IP address and, if applicable, browser data such as your user agent, but also the time and date of your visit to the website are transmitted. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of Azur Content Delivery Network. The specific storage period of the processed data cannot be influenced by us, but is specified by Microsoft. Additional information can be found at:https://azure.microsoft.com/de-de/support/legal/.

The legal basis for our use of Azur Content Delivery Network is your consent, based on Section 25 Paragraph 1 Sentence 1 TDDDG for the storage and access to information in end devices and Art. 6 Paragraph 1 Sentence 1 lit. a GDPR for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that Microsoft is a US company. Information about Microsoft data center locations can be found at:https://www.microsoft.com/de-de/privacy/privacystatement#mainwherewestoreandprocessdatamodule. The new EU standard data protection clauses were agreed upon as appropriate safeguards to ensure an adequate level of protection during data transfer. Microsoft is also an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here:https://www.dataprivacyframework.gov/listand here:https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

5.9. Meta pixels

The so-called “meta pixel” is an invisible pixel embedded on our website, through which the online behavior of each website visitor is analyzed by Meta Platforms Ireland Limited (formerly Facebook Ireland Limited), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). The Meta Pixel makes it possible to transmit customer data such as first name, last name, email address, etc. to Meta and enrich it with existing tracking data. This makes it possible to collect data from non-users of the social network Facebook or to record users who are not logged in to Facebook while visiting a website. This means that website visitors are tracked via Meta, which deliberately prevents the storage of third-party cookies. We have the opportunity to specifically address you on Facebook with an advertisement. Using the meta pixel, it is also possible to specifically attract new customers and address new people who are similar to website visitors.

In addition to us, Meta itself is also responsible for data processing. Meta processes the data in accordance withPrivacy Policyby Meta. Details can be found in thePrivacy Policyby Meta. You can find specific information and details about the meta pixel and how it worksHelp sectionby Meta.

In this respect, we and Meta are jointly responsible for the processing of your personal data within the meaning of Art. 26 GDPR. In this case, you can generally assert your rights (see section 12) both against us and against Meta. However, Meta serves as the first port of call. We have entered into a joint responsibility agreement with Meta for the processing of personal data. You can view these at the following link:https://www.facebook.com/legal/controller_addendum.

The legal basis for the use of the Meta-Pixel is your consent, based on Section 25 Paragraph 1 Sentence 1 TDDDG for the storage and access to information in end devices and Art. 6 Paragraph 1 Sentence 1 lit. a GDPR for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that Meta is a US company. The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an adequate level of protection during data transfer. Meta is also an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here:https://www.dataprivacyframework.gov/list.

5.10. TikTok conversion tracking

We use the TikTok Pixel for conversion tracking, an analysis service provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”).

The TikTok pixel is a JavaScript code snippet that allows us to analyze the activities of visitors to our website. For this purpose, the TikTok Pixel collects certain information from the respective visitors (so-called “event data”), which is then forwarded to TikTok. This includes user content, date of birth, profile information, profile picture, usage data, device information, smartphone-related information, last name, first name, Internet service provider, IP address, email address and browser history.

Further information and TikTok's data protection declaration can be found at:https://www.tiktok.com/legal/page/eea/privacy-policy/de

Tik Tok also offers users the opportunity to view their profile:https://support.tiktok.com/de/account-and-privacy/personalized-ads-and-data/requesting-your-data

The legal basis for the use of the TikTok Pixel is your consent, based on Section 25 Paragraph 1 Sentence 1 TDDDG for the storage and access to information in end devices and Art. 6 Paragraph 1 Sentence 1 lit. a GDPR for the processing of your data. You give your corresponding consent via our cookie banner. Please note that TikTok is a company from China. TikTok uses the so-called standard contractual clauses as the basis for data processing outside the EU. For this see:https://www.tiktok.com/legal/page/eea/privacy-policy/de

5.11. Pinterest conversion tracking

Our website uses the Pinterest tag as a pixel from Pinterest Europe Ltd., Palmerston House, 2nd FloorFenian Street, Dublin 2, Ireland (“Pinterest”) for remarketing purposes in order to be able to contact you again on the social network Pinterest within 180 days. This means that users of our website can be shown interest-based advertisements (so-called “Pinterest ads”) when they visit Pinterest.

If you have consented (as described below), your browser will automatically establish a direct connection to the Pinterest server. By integrating the Pinterest pixel, Pinterest receives the information that you have accessed the corresponding website on our website or clicked on one of our advertisements. If you are registered with Pinterest, Pinterest can assign the visit to your account.

In addition to the IP address and marketing identifier, Pinterest also receives information about the device used, the website visited and the time and can assign this data to your Pinterest account. Pinterest processes this data under its own responsibility. We have no influence on data collection and further processing by Pinterest. We only have access to conversion reports and event history.

In order to set directly on Pinterest which types of advertisements are shown to you within Pinterest, you can go to the page set up by Pinterest and thereEdit your personalization settings. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices. You can also use cookies, which are used to measure reach and for advertising purposes, via theNetwork Advertising Initiative opt-out pageand additionally theUS website aboutads.infoor theEuropean website youronlinechoices.comcontradict.

Further information on data processing by Pinterest can be found in thePinterest Advertising Guidelines. You will also find general information on the display of Pinterest advertisements in theAd Data Policy.

The legal basis for the use of the Pinterest Pixel is your consent, based on Section 25 Paragraph 1 Sentence 1 TDDDG for the storage and access to information in end devices and Art. 6 Paragraph 1 Sentence 1 lit. a GDPR for the processing of your data. You give your corresponding consent via our cookie banner. Please note that Pinterest is a US company. Pinterest uses the so-called standard contractual clauses as the basis for data processing outside the EU. For this see:https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea

5.12. Snapchat conversion tracking

Our website uses the Snapchat Pixel, an analysis tool from Snap Inc., 2772 Donald Douglas Loop N, Danta Monica (HQ), CA USA (“Snapchat”). The Snapchat pixel allows us to track the behavior of users who come to our website through Snapchat ads. This allows us to measure the effectiveness of our advertising efforts, track conversions, and better tailor our ads to your interests. The Snapchat pixel is a JavaScript code that transmits the following data to Snapchat:

HTTP header information (including IP address, web browser information, page location, document, web page URL and web browser user agent, and day and time of use), pixel-specific data;
this includes the Pixel ID and your hashed email address (this data is used to link events to a specific Snapchat advertising account and associate them with a Snapchat user),
additional information about visits to our websites, as well as standard and custom data events,
orders placed (purchases), the completion of registrations and purchases, additions to the shopping cart and the access to product information.

The aforementioned data processing only affects users who have a Snapchat account. If the email address can be assigned to a Snapchat user, Snapchat will assign this user to a target group (“Custom Audience”) based on the rules we have set, provided the rules are relevant. We use the information obtained in this way to present our advertising content via Snapchat.

Please note that it cannot be ruled out that Snapchat processes the data concerned here for its own purposes and under its own responsibility and thereby combines this information with the data already available on Snapchat, such as user profiles (if available).

The legal basis for our use of the Snapchat pixel is your consent, based on Section 25 Paragraph 1 Sentence 1 TDDDG for the storage and access to information in end devices and Art. 6 Paragraph 1 Sentence 1 lit. a GDPR for the processing of your data. You give your corresponding consent via our cookie banner.

You also have the option to object to data collection by the Snapchat pixel by adjusting the data protection settings in your Snapchat account or deactivating the use of cookies. For further information and setting options to protect your privacy for advertising purposes, please see Snapchat's privacy policy, which includes: onhttps://support.snapchat.com/en-US/a/advertising-preferencescan be found.

Please note that Snapchat is a US company. Pinterest uses the so-called standard contractual clauses as the basis for data processing outside the EU. For this see:https://www.snap.com/terms/standard-contractual-clauses?lang=en-US

5.13. Vimeo

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our sites equipped with Vimeo videos, a connection is established to Vimeo's servers. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. However, we have set Vimeo so that Vimeo will not track your user activity and will not set cookies.

The use of Vimeo is in the interest of an attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f of the GDPR. If appropriate consent has been requested, processing is carried out exclusively on the basis of Article 6 Paragraph 1 Letter a of the GDPR; consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here:https://vimeo.com/privacy.

Further information on how we handle user data can be found in Vimeo's privacy policy at:https://vimeo.com/privacy.

6. Links to other websites

Our website contains links to other websites such as the Carrera Club website or to social networks (Facebook or Meta, YouTube, Instagram). These websites are partly operated by us and partly by third parties. In the latter case, if you follow the links, information may be transmitted to these third parties. The purpose and scope of data collection by third-party websites as well as the further processing and use of your data there, as well as your related rights and setting options to protect your privacy, can be found in the operators' respective data protection information.

7. Data transfer

We only pass on your personal data to third parties or other recipients if this is necessary to provide the service, you have given your consent, there is a legal obligation or the data transfer is permitted on another legal basis.

Data is passed on, for example, to the respective payment or shipping service provider, service provider for the provision of marketing services (e.g. email marketing), technical service providers or - in the case of a corporate transaction - to interested parties/buyers, etc. If necessary, we have made agreements with the recipients of your data regarding order processing in accordance with Art. 28 GDPR.

If you choose a payment method offered via the payment service provider Shopify Payments, payment will be processed via the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will send the information you provided during the ordering process, along with the information about your order (name, address, account number, Bank sort code, possibly credit card number, invoice amount, currency and transaction number).

Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information about Shopify Payments’ data protection can be found at the following internet address:https://www.shopify.com/legal/privacy. Data protection information about Stripe Payments Europe Ltd. can be found here:https://stripe.com/de/privacy

Please also note the separate data protection provisions of the payment methods you have selected.

Klara:

It is possible to use the payment options of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Payment is then made to Klarna. The use of the payment methods invoice and direct debit/immediate transfer requires a positive credit check. If you would like to use Klarna, your data will be forwarded to Klarna for the purpose of address and creditworthiness checks as part of the purchase initiation and processing of the purchase contract. Based on the credit check, not all payment methods may be available to you.

Please note that we have no influence on this. You can find further information and Klarna’s terms of use here. You can find Klarna’s data protection regulations here.

Paypal:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. as part of the payment processing. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal.

For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

Further data protection information, including information about the credit agencies used, can be found in PayPal's data protection declaration:https://www.paypal.com/de/webapps/mpp/ua/privacy-fullYou can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

VISA:

www.visaeurope.com

MasterCard:

https://www.mastercard.de/de-de.html

8. Social media appearances

8.1. Data processing by Carrera and legal basis

Our social media presence (Facebook or Meta, X, TikTok, YouTube, LinkedIn, Xing and Instagram) serves the purpose of informing you about Carrera and our new developments, services and products. Depending on the offer of the respective provider, you have the opportunity to have different interactions (comments, recommendations, etc.), for example in connection with our social media presence.

User interaction is an important criterion for us in order to conduct targeted marketing. For example, we can determine which articles are preferred to be read. We therefore also use the statistics determined by the providers in this regard for our own purposes. If we process users' personal data, the legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. Our legitimate interest then lies in particular in targeted information/advertising. The providers will inform you separately about the legal basis on which the providers process your data for their own purposes.

8.2. Shared responsibility

In individual cases, we and the social media providers are jointly responsible for processing your personal data. In this case, you can exercise your rights (see section 12) in relation to both. us as well as against to the social media provider. However, the first point of contact is the social media provider.

We have entered into a joint responsibility agreement with Meta for the processing of personal data. This applies to the processing of so-called “insights data”. These are page statistics, particularly on the interactions of Facebook users. Details of the Insights data can be found here:https://www.facebook.com/business/pages/manage#page_insights.

You can view our agreement with Meta at the following link:www.facebook.com/legal/terms/page_controller_addendum. Please note that Meta is a US company. Meta is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here:https://www.dataprivacyframework.gov/list

We have also concluded an agreement on shared responsibility with LinkedIn Ireland with regard to so-called “page insights”. With the page insights, LinkedIn Ireland does not provide us with any personal data about you, but only aggregated data. It is not possible for us to draw conclusions about individual users from the information provided in the page insights. Details of Page Insights and our agreement with LinkedIn Ireland can be found at the following link:https://legal.linkedin.com/pages-joint-controller-addendum.

Please note that LinkedIn Ireland may also process your data outside the EU/EEA. LinkedIn Corporation is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here:https://www.dataprivacyframework.gov/list.

We use the analysis functions of “TikTok Insights”. Through TikTok Insights we receive an aggregated analysis of visitor behavior on our profile. For example, likes or sharing videos, the age and gender of visitors can be recorded. We use this analysis via TikTok Insights to improve our profile, reach and audience reach. To the extent that the data you provide to us via TikTok is processed exclusively by TikTok, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok Ireland”), TikTok Information Technologies UK Limited WeWork, 125 Kingsway, London, WC2B 6NH (“TikTok UK”) are also responsible for data processing. If we process data together with TikTok, we have also entered into a shared responsibility agreement with TikTok. Details can be found at:https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms, Part B 1, Numbers 3 and 4). A summary of the essential contents of this agreement can be found at:https://www.tiktok.com/legal/page/global/information-about-tiktok-analytics/en.

With regard to the storage period of the data we process from you for our own purposes, we refer to our statements under section 10. Otherwise, please note the data protection regulations of the respective social media provider.

9. Data transfer to countries outside the EU

To the extent necessary for our purposes, we will also transmit your data to recipients outside the EU if you have given your consent, there is a legal obligation or the data transfer is permitted on the basis of another legal basis. As part of data processing, your data will also be transmitted to recipients who are based in the USA. An adequate level of data protection is achieved through the conclusion of the new so-called EU standard contractual clauses and/or the participation of the service provider in the USA in the EU-U.S. Data Privacy Framework ensured. An overview of the participants in the EU-U.S. Data Privacy Framework can be found here:https://www.dataprivacyframework.gov/s/participant-search

10. Duration for which personal data will be stored / criteria for determining the duration

In principle, we will store your personal data for as long as it is necessary for the aforementioned purposes of processing, in the event of an objection there are no compelling legitimate reasons on the part of Carrera or in the event of a revocation there is no other legal basis for data processing. Otherwise, please note the information in the cookie banner.

In certain cases, e.g. if there is a legal retention requirement, your personal data will not be deleted immediately but will first be blocked.

11. Security measures to protect your personal data

We protect your data from unauthorized access, loss or destruction using technical and organizational measures. Our security measures are continuously improved in line with technological developments. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to handle personal data confidentially. Our employees are trained accordingly.

To protect our users' personal data, we use a secure online transmission process, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" is appended to the address component http:// ("https://") or a green, closed lock symbol is displayed. By clicking on the symbol you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption ensures the encrypted and complete transmission of your data.

11.1. Provider and data protection officer

Within the framework of the legal requirements, you are generally entitled to claim from Carrera

Confirmation as to whether personal data concerning you is being processed by Carrera,
Information about this data and the circumstances of processing,
Correction if this data is incorrect,
Deletion if there is no justification for the processing and no obligation to store it (any longer),
Restriction of processing in special cases determined by law,
Objection in the event of data processing based on Art. 6 Para. 1 Sentence 1 Letter f. GDPR and
Transmission of your personal data – if you have provided it – to you or a third party in a structured, common and machine-readable format.

To the extent that the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time, with the result that the processing of your personal data will be inadmissible in the future. However, this does not affect the lawfulness of the processing carried out based on consent until its revocation.

Please address your specific request in writing or by email to our data protection officer, clearly identifying yourself:

krupna LEGAL
E-mail:datenschutz@carrera-revell.com

To the extent that we process your data with third parties under joint responsibility within the meaning of Art. 26 GDPR, the third party is centrally responsible for exercising all rights of those affected. However, you are free to assert your rights against us.

Finally, we would like to remind you of your right to lodge a complaint with the supervisory authority (Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna,dsb@dsb.gv.at) point out

13. No automated individual decision

We do not use your personal data for automated individual decisions.

14. Changes to the privacy policy

New legal requirements, business decisions or technical developments may require changes to our data protection declaration. The data protection declaration will then be adjusted accordingly. You can always find the latest version on our website.