•   Livstidsgaranti
  •   Anbefalt av eksperter

Privacy Policy

The protection of personal data and the responsible handling of information that you entrust to us are important to us. We, Carly Solutions GmbH & Co KG, process personal data in accordance with the statutory regulations, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

In this privacy policy, we inform you which personal data we process when you visit our website www.mycarly.com, including when you use our community and our repair cost service, and which rights you have regarding the processing of your personal data. We therefore ask you to read the following information carefully.

1. Definitions

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, your address data or your e-mail address.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Controller or "controller responsible for the processing" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

With regard to the terms used, we also refer to the definitions in Art. 4 GDPR. The terms used are to be understood as gender-neutral.

2. Responsible person and contact information

The controller within the meaning of the GDPR is the:

Carly Solutions GmbH & Co KG

Kolpingring 8

82041 Oberhaching

E-mail: interaktion@mycarly.com

3. Data protection officer and contact information

You can reach our external data protection officer at

PROLIANCE GmbH

Leopoldstr. 21

80802 Munich

www.datenschutzexperte.de

E-mail: datenschutzbeauftragter@datenschutzexperte.de

When contacting the data protection officer, please state the company to which your request relates. Please refrain from enclosing sensitive information such as a copy of your ID with your request.

4. Processing of personal data

4.1 Scope of data processing

4.1.1 Accessing our website

When you visit our website, your browser transmits certain data to our web server for technical reasons, as is the case with other websites. This involves the following data ("server log file information"):

 1) Browser types and versions used,

 2) The operating system used by the accessing system,

 3) The website from which an accessing system reaches our website (so-called referrer),

 4) The sub-internet pages that are accessed via an accessing system on our website,

 5) The date and time of access to the website,

 6) The Internet Protocol address (IP address),

 7) The Internet service provider of the accessing system, and

 8) Other data and information that serve to avert danger in the event of attacks on our information technology systems.

This collected data and information is statistically evaluated by us. We do not draw any conclusions about you when using this general data and information. The server log file data is stored separately from all personal data provided by you.

4.1.2 Registration/login

If you register on our website in order to take advantage of our offers, we process registration information, in particular your e-mail address and your password as well as information provided during registration, in particular which brand of car you use and in which country you live ("registration information").

When you log in to our website after registration, we process your e-mail address and password ("login information").

We also offer you the option of registering to use our services via Facebook Login and Google Sign-On. In this case, additional registration is neither necessary nor possible.

To register via Facebook Login, you will be redirected to the Facebook page. There you can log in with your user data. This will link your Facebook profile and our service. As a result of the link, Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta") will automatically send us your email address in particular, depending on your privacy settings. Of this data, we only use your email address ("Facebook login data"), which is mandatory for registration and login in order to be able to identify you.

By linking your Facebook profile to our service, Meta receives event data (in particular information about actions you take on our website, in our app or in our store, such as visits to our website, installation of our app and purchases of our product) depending on your privacy settings ("Facebook Event Data").

To the extent that we are jointly responsible with Meta for the collection and transfer of your personal data in connection with Facebook Login, we have entered into the Controller Addendum with Meta to define the respective responsibilities for fulfilling the obligations under the GDPR as set out in the Terms of Use for Meta Business Tools for Facebook Login. The Controller Addendum states that we are responsible for providing you with this information regarding the processing of your personal data. Meta is responsible for enabling you to exercise your rights as a data subject in accordance with Articles 15-20 of the GDPR with regard to the personal data stored by Meta following joint processing.

For more information about how Meta processes your personal data, including the legal basis on which Meta relies and how you can exercise your rights in relation to Meta's processing of your personal data, please refer to Meta's Privacy Policy.

To log in via Google Sign-On, you will be redirected to the Google page. There you can log in with your user data. This will link your Google profile and our service. As a result of the link, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, ("Google") will automatically send us your email address in particular, depending on your privacy settings. Of this data, we only use your e-mail address ("Google login data"), which is mandatory for registration and login in order to be able to identify you.

By linking your Google profile with our service, Google receives event data (in particular information about actions you take on our website, in our app or in our store, such as visits to our website, installation of our app and purchases of our product) depending on your privacy settings ("Google Event Data").

For more information on how Google processes your personal data, including the legal basis on which Google relies and the options for exercising your rights with regard to the processing of your personal data by Google, please refer to Google's privacy policy. To protect your personal data, we have concluded an order processing contract with Google in accordance with Art. 28 GDPR.

4.1.3 Order processing

As part of order processing, we collect and process your "customer information" (in particular your first and last name, e-mail address, telephone number (optional), billing address and, if different, delivery address, including street, house number, city, zip code, country and address supplement (optional)), your "payment information" (in particular payment method, payment service provider, transaction details, currency information, payment terms), as well as "order information" (in particular information about the products and services you have ordered and the information you have provided in this context, in particular quantity, shipping method, shipping address).

4.1.4 Customer account

We process your registration, login, customer, order and payment information to set up and manage your ongoing customer account.

4.1.5 User requests

To process your requests and inquiries by email or via our contact form, we process your email address, name (optional) and the information you provide to us as part of the inquiry ("user enquiry information").

4.1.6 Newsletter and newsletter tracking

If you subscribe to our newsletter, in addition to your e-mail address, we process the information that you provide to us via the input mask used for this purpose, as well as via a tracking pixel embedded in the newsletter, whether and when you open the newsletter and which links in the e-mail you use ("newsletter information").

4.1.7 Surveys

If you take part in our online survey, we process your e-mail address and the information you provide ("survey information"). If you take part in our customer satisfaction surveys in connection with our support, we process your e-mail address and the information you provide ("customer satisfaction information").

4.1.8 Application

When you apply for a job with us, we process your name, address, e-mail address, CV, cover letter and all other information that you send us in the course of your application ("application information").

4.1.9 Repair cost service

If you use our repair cost service and request to receive the results of the fault and cost analysis by e-mail, we will process your e-mail address and the information you provide on the form about your vehicle, in particular the make, model, fuel, year of manufacture, mileage (range), information on use for short or long journeys and your details about the symptoms you have identified in your vehicle and the information about your fault and cost analysis ("repair cost service information").

4.1.10 Community

When you use our community, we process your user name, e-mail address, posts and related information such as date and time. ("Community Information").

4.2 Purpose and legal basis of data processing

We process your server log file information on the basis of our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR in order to:

 1) To deliver the content of our website correctly;

 2) To optimize the content of our website;

 3) To ensure the long-term functionality of our information technology systems and the technology of our website;

 4) To provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack; and

 5) To increase data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us.

We process your customer, payment, user request, order, repair cost service and community information for the following purposes:

 1) For the performance of the contract with you pursuant to Art. 6 para. 1 lit. b) GDPR, including to accept orders, to organize their processing and billing, to answer related user inquiries, and to offer our services, including the repair cost service and the community. For the provision of the repair cost service and the community, we also process your registration and login data for the execution of the contract with you in accordance with Art. 6 para. 1 lit. b) GDPR;

 2) On the basis of our legitimate business interests pursuant to Art. 6 para. 1 lit. f) GDPR, to process your inquiries and concerns, to detect and prevent fraud and abuse, to check that content published by users in our community does not violate applicable laws, our terms and conditions or our rules of conduct, to improve our services, the user-friendliness and effectiveness of our offers, insofar as this is necessary in connection with a merger, acquisition, sale of assets or insolvency of our company, insofar as this is necessary for the assertion, exercise or defense of legal claims or in the event of actions by us, acquisition, sale of assets or insolvency of our company, to the extent necessary to assert, exercise or defend legal claims or in the event of actions by the courts in the course of their judicial activity, and to protect the safety of our users, our own safety and that of third parties; and

 3) To fulfill our legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR, for example to fulfill our commercial and tax retention obligations and, with regard to our community, our obligations under the Digital Services Act.

With your separate consent in accordance with Art. 6 para. 1 lit. a) GDPR:

 1)We store your payment information (in particular payment method and payment service provider) in order to facilitate your payment process when using our products and services in the future;

 2) We process your registration, login, customer and order information as well as your Google and Facebook login data to set up and manage your customer account and to identify you for the use of our services;

 3) We pass on your e-mail address to the shipping service provider so that they can inform you about the status of the shipment;

 4) We process customer and order information for advertising purposes in order to provide you with information that is even better tailored to you and to optimize our offers and services;

 5) We collect your Facebook event data and transmit it to Meta to enable contact information for matching;

 6) We collect your Google Event data and transmit it to Google contact information to enable matching;

 7) We process your newsletter information in order to inform you about our offers by e-mail at regular intervals of 1 month and to statistically measure the success of our online marketing campaigns. For legal reasons, a confirmation email will be sent to an email address entered for the first time for the newsletter mailing. This confirmation email is used to check whether you are the owner of the email address that has authorized receipt of the newsletter; and

 8) We process your survey information and customer satisfaction information in order to analyze your user experience and your opinions and wishes with regard to our offer and to improve it.

Unless you have objected to this, we process your customer information, in particular your e-mail address, as an existing customer, including our repair cost service and our community, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f), to inform you at regular intervals of once a month by e-mail about our offers, to inform you about activities in connection with your contributions when using our community (e.g. whether there has been a new answer to your question) and to contact you once a month by e-mail to participate in surveys in order to analyze your user experience, your opinions and wishes with regard to our offer, whether there has been a new answer to your question), and to contact you once a month by e-mail to participate in surveys in order to analyze your user experience, your opinions and wishes with regard to our offer.

If you apply for a job with us, we process your application information in order to check whether we can make you a job offer. In this case, we process your application information on the basis of Art. 6 para. 1 lit. b) GDPR and Section 26 para. 1 BDSG for the implementation of pre-contractual measures that take place at your request or for the decision on the establishment of an employment relationship.

4.3 Duration of storage

Your data collected and processed by us will be deleted as soon as it is no longer required for its intended purpose.

Server log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Insofar as there are no statutory retention obligations to the contrary, we will delete your data:

 1) Your registration, login, customer, payment and order information if you delete your customer account with us or if we close your customer account after prior contact due to prolonged inactivity;

 2) Your Google and Facebook login and event data after a maximum of 6 months;

 3) Your user request information after 12 months;

 4) We will delete your repair cost service information at your request if you delete your customer account with us or if we close your customer account after prior contact due to prolonged inactivity;

 5) Your newsletter information after 6 months, with the exception of your e-mail address, which we will only delete if you unsubscribe from the newsletter or revoke your consent to receive the newsletter;

 6) Your survey information after 6 months;

 7) Your Community Information or any part thereof if you delete your account with us, you as a user request that your question or answer be deleted from the thread, or your post violates applicable laws, our Terms or our Rules of Conduct; and

 8) Your customer satisfaction information after 12 months.

Retention obligations arise in particular for commercial and tax law reasons. In accordance with legal requirements, records are stored for 6 years pursuant to Section 257 (1) HGB (e.g. accounting documents) and for 10 years pursuant to Section 147 (1) AO (e.g. accounting documents, commercial and business letters, documents relevant for taxation).

If we process your personal data on the basis of your consent, we will delete your personal data if you withdraw your consent to the processing of your personal data.

Application information will be deleted after 6 months in the event of a rejection. If you have been accepted for a position as part of the application process, your application information will be stored for the purpose of implementing the employment relationship for a period of 3 years after termination of the employment relationship, unless statutory provisions require longer storage.

4.4 Recipients of your information

(1) Payment service provider

a) Adyen

During the ordering process in our online store, you have the option of selecting a payment method. Payments are processed by the payment service provider Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands ("Adyen"). For payment processing, we process and transmit your payment information (in particular payment method and payment service provider) to Adyen for the execution of the contract with you in accordance with Art. 6 para. 1 lit. b) GDPR. In addition, we transmit your IP address to Adyen for the purposes of fraud prevention and detection in accordance with Art. Art. 6 para. 1 lit. f) GDPR. We have concluded an order processing contract with Adyen in accordance with Art. 28 GDPR to protect your personal data. All data is transmitted in encrypted form. Adyen collects and stores the data and only passes it on to the companies involved in the payment process.

b) Klarna

If you decide to purchase on account or a SEPA direct debit / immediate transfer via Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden ("Klarna") as part of the ordering process, we will transmit the data required for payment processing to Klarna. Klarna is itself responsible for the processing of the personal data that we transmit to Klarna for the execution of the contract with you in accordance with Art. 6 para. 1 lit. b) GDPR. The data that we automatically transmit to Klarna for your payment process is your name, address and payment information (in particular payment method and currency information).

c) PayPal

If you select the PayPal payment method, we will forward the data required for payment processing to PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"). PayPal is itself responsible for the processing of the personal data that we transmit to PayPal for the execution of the contract with you in accordance with Art. 6 para. 1 lit. b) GDPR. The data that we automatically transmit to PayPal for your payment process is your name, address and payment information (in particular payment method and currency information).

(2) Shipping, logistics and department store service providers

a) DHL, Deutsche Post and Gate56

When you order a product from us, we pass on the data required for shipping to our shipping and warehouse service providers DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn ("DHL"), Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn ("Deutsche Post") and Gate56 GmbH, Rudolf-Diesel-Str. 11, 56220 Urmitz ("Gate56"). The mail order and department store service providers are themselves responsible for the processing of the personal data that we transmit to the mail order and department store service providers for the execution of the contract with you in accordance with Art. 6 para. 1 lit. b) GDPR. The data that we transmit to these shipping and warehouse service providers is in particular your name and address, e-mail address, description of the goods, number of items, weight and value of the delivery). As part of the shipping process, this data may also be transmitted to the authorities of the transit or destination country for customs clearance, to issue a tax clearance certificate or for security checks in accordance with the provisions of the respective country.

b) Shipup

We use the services of Shipup, 47 rue Marcel Dassault 92100 Boulogne-Billancourt, France ("Shipup") for data transmission between the shipping services. We process and share your personal data, in particular your e-mail address, on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in order to continuously improve individual functions and offers as well as the user experience, e.g. through more relevant messages on the shipping status of orders. We have concluded an order processing contract with Shipup in accordance with Art. 28 GDPR to protect your personal data.

(3) Cloud provider

a) AWS

We use the Amazon Web Services service of Amazon Web Services EMEA Sàrl, Rue Plaetis 5, 2338 Luxembourg, Luxembourg ("AWS"). AWS stores our website on its servers (hosting). The use of Amazon Web Services is in accordance with Art. 6 para. 1 lit. f) GDPR due to our legitimate interest in providing our offer on this website. In this context, your personal data, in particular your registration, login, customer, payment, order, community and repair service information, is processed by AWS. We have concluded an order processing contract with AWS in accordance with Art. 28 GDPR to protect your personal data. The security standards of AWS are certified according to ISO 27001, SOC 1/2/2 and PCI DSS Level 1.

b) Chargebee

We use the Chargebee platform for contract management and invoicing. The provider is Chargebee Inc, 909 Rose Avenue, Suite 950, North Bethesda, MD 20852, USA ("Chargebee"). Chargebee is a service that collects and manages personal data online for automated invoicing, among other things. When a contract is concluded, your customer, payment and order information is forwarded via an encrypted interface. The data you enter is stored on Chargebee's servers. Billing takes place automatically at the contractually agreed times. The legal basis for data processing is the execution of the contract with you in accordance with Art. 6 para. 1 lit. b) GDPR. In order to ensure data protection-compliant processing, we have concluded an order processing contract with Chargebee in accordance with Art. 28 GDPR.

c) OpenAI

We use the OpenAI API services of OpenAI Ireland Limited, "The Liffey Trust Centre", 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland ("OpenAI"). We process and share your community information, in particular email address, with OpenAI on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in order to check that content published by users in our community does not violate applicable laws, our terms and conditions or our rules of conduct and thus also to comply with our obligations under the Digital Services Act. If the OpenAI API detects a potential violation, it is forwarded to one of our employees. This employee manually checks the content in question and then decides on how to proceed. We have concluded an order processing contract with OpenAI in accordance with Art. 28 GDPR to protect your personal data. We use OpenAI API without data storage options.

d) Peaberry Software

With the e-mail tool Customer.io we use the services of Peaberry Software Inc. d/b/a Customer.io 921 SW Washington St, Suite #820, Portland, OR 97205, USA ("Peaberry Software"). In order to send our newsletter and to inform you about offers by e-mail, we process and share your newsletter information, customer information (in particular e-mail address) and repair service information (in particular e-mail address and selected car make, model and year of manufacture) with Peaberry Software on the basis of your consent pursuant to Art. 6 para. 1 lit. a) GDPR or if you are an existing customer and have not objected to this on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. In addition, we process your repair cost service information (in particular e-mail address and selected car brand, model and year of manufacture) on the basis of Art. 6 para. 1 lit. b) GDPR in order to provide our service to you and share this information with Peaberry Software for the purpose of sending the cost and error analysis as part of the use of the repair cost service. We process and share your community information (in particular e-mail address) with Peaberry Software on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to offer you a good user experience in our community and to inform you about activities in connection with your contributions in our community (e.g. if someone has responded to your question). In addition, we process and share newsletter information with Peaberry Software in accordance with Art. 6 para. 1 lit. a) GDPR to statistically evaluate how the newsletters and promotional emails are opened and used if you have subscribed to our newsletter. In order to protect your personal data, we have concluded an order processing contract with Peaberry Software in accordance with Art. 28 GDPR.

e) Salesforce

We use the Tableau platform for data visualization and business intelligence from Salesforce.com, Inc, Salesforce Tower, 415 Mission Street 3rd Floor, San Francisco, CA 94105, USA ("Salesforce"). For the purpose of analysis and user improvements, we process your order information on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. In order to protect your personal data, we have concluded an order processing contract with Salesforce in accordance with Art. 28 GDPR.

f) Sentry

We use the error management tool of Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA ("Sentry") for our website. We process and share your personal data with Sentry, in particular your e-mail address, on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to ensure the functionality and security of our website and our services. We have concluded an order processing contract with Sentry in accordance with Art. 28 GDPR to protect your personal data.

g) Simplesat

We use the services of Duoventures Limited (d/b/a Simplesat), 5/F., Heng Shan Centre, 145 Queen's Road East, Wanchai, Hong Kong ("Simplesat") for customer satisfaction surveys in connection with our support. For this purpose, we process and share data with SimpleSat on the basis of your consent pursuant to Art. 6 para. 1 lit. a) GDPR or, if you are an existing customer and have not objected to this, on the basis of our legitimate interest pursuant to Art. Art. 6 para. 1 lit. f) your customer satisfaction information. In order to protect your personal data, we have concluded an order processing contract with SimpleSat in accordance with Art. 28 GDPR.

h) SurveyMonkey

We use the services of SurveyMonkey Europe UC, 2 Shelbourne Buildings, Second Floor, Shelbourne Rd, Ballsbridge Dublin 4, Ireland ("SurveyMonkey") for online surveys. For this purpose, we process and share data with SurveyMonkey on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR or, if you are an existing customer and have not objected to this, on the basis of our legitimate interest in accordance with Art. Art. 6 para. 1 lit. f) your survey information. In order to protect your personal data, we have concluded an order processing contract with SurveyMonkey in accordance with Art. 28 GDPR.

i) Twilio

We use the customer service platform segment of Twilio Ireland Limited, 70 Sir John Rogerson's Quay, Dublin 2, D02 R296, Ireland ("Twilio"). We process your email address and share it with Twilio on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to continuously improve individual functions and offers as well as the user experience. In order to protect your personal data, we have concluded an order processing contract with Twilio in accordance with Art. 28 GDPR.

j) Zendesk, Inc.

We use the CRM system Zendesk to process user inquiries. The provider is Zendesk, Inc, 1019 Market Street in San Francisco, CA 94103, USA ("Zendesk"). We process your personal data, in particular your customer, payment, customer inquiries and order information, with Zendesk on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to be able to process your inquiries and orders quickly and efficiently for the execution of contracts pursuant to Art. 6 para. 1 lit. b) GDPR. We have concluded an order processing contract with Zendesk in accordance with Art. 28 GDPR to protect your personal data.

5. International data transfers

As part of the services used by Chargebee, Peaberry Software, Salesforce, Sentry and Zendesk, and in the case of the services used by AWS, Google, Meta, SurveyMonkey and Twilio, your personal data may be transferred to locations in the USA. The aforementioned companies participate in the EU-US Data Privacy Framework and maintain active certification under it. The European Commission has determined in an adequacy decision that personal data transferred to companies participating in the EU-US Data Privacy Framework is adequately protected. The effect of such a decision is that personal data can be transferred from the European Economic Union ("EEA") to that third country without the need for further safeguards. In other words, data transfers to these companies will be treated in the same way as data transfers within the EU.

We have also concluded suitable guarantees with PayPal and Simplesat in the form of standard contractual clauses to ensure the security of your data insofar as it is transmitted to locations in the USA in the case of PayPal and Hong Kong in the case of SimpleSat.

6. Cookies

When you visit our website, information may be stored on your device in the form of cookies. Cookies are small text files that are sent to your browser by a web server and stored on your device. The cookies are transmitted back to our web server when you visit our website at a later date. This enables us, for example, to recognize you when you return to our website. Cookies can be divided into so-called "first-party cookies" (used by us) and so-called "third-party cookies" (used by third parties). A basic distinction can be made between 3 categories of cookies, namely

Category 1: Technically necessary cookies that are absolutely essential to ensure the technical functionality of the website,

Category 2: Functional cookies, which serve to create the most pleasant surfing experience possible and to optimize the website, and

Category 3: Tracking and advertising cookies (so-called marketing cookies), which are used to analyze user behavior on the website and thus enable interest-based advertising.

The legal basis for the use of category 1 cookies is our legitimate interest in providing and guaranteeing the technical functionality of our website, repair services and community in accordance with Art. 6 para. 1 lit. f) GDPR and Section 25 para. 2 of the Telecommunications Digital Services Data Protection Act ("TDDDG"). The legal basis for the use of cookies of categories 2 and 3 is your consent in the cookie management tool on our website in accordance with Art. 6 para. 1 lit. a) GDPR and Section 25 para. 1 TDDDG.

Detailed information on the individual cookies used on our website www.mycarly.com and information on the associated processing of your personal data can be found in our cookie management tool on our website.

7. Data security

We take technical, contractual and organizational measures for the security of data processing in accordance with the state of the art. In this way, we ensure that the provisions of the data protection laws, in particular the GDPR, are complied with and that the data processed by us is protected against destruction, loss, alteration and unauthorized access.

8. Automated decision making

Automated decision-making within the meaning of Art. 22 GDPR does not take place.

9. Your rights as a data subject

As a data subject, you have the right to obtain confirmation as to whether or not personal data concerning you is being processed by us and, where that is the case, the right to access the personal data concerning you and to receive a copy of that data (Art. 15 (1) and (3) GDPR).

If we process incorrect personal data, you have the right to rectification (Art. 16 GDPR).

In some cases provided for by law, you may request the erasure of personal data concerning you or the restriction of processing (Art. 17 and 18 GDPR).

If the processing is based on your consent within the meaning of Art. 6 para. 1 lit. a) GDPR, you can withdraw your consent at any time (Art. 7 para. 3 GDPR) without affecting the lawfulness of processing based on consent before its withdrawal. We will inform you separately if we require your consent for the processing of personal data concerning you for specified, explicit and legitimate purposes that are not covered by this privacy notice.

If the processing is based on your consent within the meaning of Art. 6 para. 1 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and is carried out by automated means, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Art. 20 GDPR).

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you on the basis of Art. 6 (1) (e) or (f) GDPR (Art. 21 (1) GDPR). You can object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. f) GDPR for direct marketing purposes (Art. 21 para. 2 GDPR), without having to give reasons relating to your particular situation.

You also have the right to lodge a complaint with the competent data protection supervisory authority. For example, you can contact the supervisory authority in the EU Member State in which you have your habitual residence or place of work or where the infringement is alleged to have taken place. The data protection supervisory authority responsible for us is the Bavarian State Commissioner for Data Protection and Freedom of Information.

If you wish to assert your rights, please contact us using the contact details under point 2 of this privacy policy.

10. Changes to this data protection notice

New legal requirements, company decisions or technical developments may lead to changes to this notice and require us to adapt this data protection notice accordingly. The current version can be found on our website. Please note that external links to third-party websites or their contact information may change over time. If you find information that is no longer up to date, please let us know.