Data Privacy Statement of Carly Solutions GmbH & Co. KG for Enterprise

The protection of personal data and the responsible handling of information that you entrust to us are important to us. We, Carly Solutions GmbH & Co KG, process personal data in accordance with the statutory regulations, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). 

 

In this privacy policy, we inform you which personal data we process when you visit our website www.enterprise.mycarly.com and which rights you have regarding the processing of your personal data. We therefore ask you to read the following information carefully.


  • Definitions

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, your address data or your e-mail address.

 

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

 

Controller or “controller responsible for the processing” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

With regard to the terms used, we also refer to the definitions in Art. 4 GDPR. The terms used are to be understood as gender-neutral.


  • Responsible person and contact information

The controller within the meaning of the GDPR is the:

 

Carly Solutions GmbH & Co KG

Kolpingring 8

82041 Oberhaching

enterprise@mycarly.com


  • Data protection officer and contact information

You can reach our external data protection officer at

 

PROLIANCE GmbH

Leopoldstr. 21

80802 Munich

www.datenschutzexperte.de

 

datenschutzbeauftragter@datenschutzexperte.de


  • Processing of personal data
  • Scope of data processing
      1. Calling up our website

When you visit our website, your browser transmits certain data to our web server for technical reasons, as is the case with other websites. This involves the following data (“server log file information“):

  1. Browser types and versions used,
  2. The operating system used by the accessing system,
  3. The website from which an accessing system reaches our website (so-called referrer), 
  4. The sub-internet pages that are accessed via an accessing system on our website, 
  5. The date and time of access to the website, 
  6. The Internet Protocol address (IP address), 
  7. The Internet service provider of the accessing system, and 
  8. Other data and information used for security purposes in the event of attacks on our information technology systems.

This collected data and information is statistically evaluated by us. We do not draw any conclusions about you when using this general data and information. The server log file data is stored separately from all personal data provided by you. 

  1. User requests

We process your e-mail address, name and the information you provide to us as part of the inquiry in order to process your requests and inquiries by e-mail or via our contact form.

 

  1. Newsletter and newsletter tracking

If you subscribe to our newsletter, we process the information that you provide to us via the input mask used for this purpose in addition to your e-mail address. (“Newsletter information“).

If you separately agree to newsletter tracking when ordering the newsletter, we use tracking pixels embedded in the newsletter to statistically measure the success of our online marketing campaigns in order to improve our offers. We use the embedded tracking pixel to collect the following information: [if and when you opened the newsletter email and which links in the email you used] (“newsletter tracking information“).

  • Purpose and legal basis of data processing

We process your server log file information in order to:

  1. To deliver the content of our website correctly, 
  2. To optimize the content of our website and the advertising for it, 
  3. to ensure the long-term functionality of our information technology systems and the technology of our website, and 
  4. To provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack, and
  5. To increase data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us.

We process this data on the basis of our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR in order to display our website and ensure its security.

We process your customer, user request and order data for the following purposes:

  1. To perform the contract with you pursuant to Art. 6 para. 1 lit. b) GDPR, including to receive orders, to organize their processing and billing and to answer related inquiries.
  2. On the basis of our legitimate business interests pursuant to Art. 6 para. 1 lit. f) GDPR, to process your inquiries and concerns, to detect and prevent fraud and abuse, to improve our services, the user-friendliness and effectiveness of our offers, to the extent necessary in connection with a merger, acquisition, sale of assets or insolvency of our company, to the extent necessary for the assertion, exercise or defense of legal claims or in the case of actions of the courts in the context of their judicial activity, and to protect the safety of our users, our own safety and that of third parties;
  3. To fulfill our legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR, for example to fulfill our commercial and tax retention obligations.

 

With your separate consent pursuant to Art. 6 para. 1 lit. a) GDPR 

  1. for advertising purposes in order to provide you with information that is even better tailored to you and to optimize our offers and services,
  2. We process your newsletter information in order to inform you about our offers by e-mail at regular intervals. For legal reasons, a confirmation e-mail will be sent to an e-mail address entered for the first time for newsletter dispatch. This confirmation e-mail is used to check whether you are the owner of the e-mail address who has authorized receipt of the newsletter,
  3. We process your newsletter tracking information to statistically measure the success of our online marketing campaigns.


  • Duration of storage

Your data collected and processed by us will be deleted as soon as it is no longer required for its intended purpose. 

 

Server log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

 

Insofar as there are no statutory retention obligations to the contrary, we will delete your data:

  1. Your customer information, if you request this;
  2. Your user request information after 12 months;
  3. Your newsletter and newsletter tracking information after 6 months;

 

Retention obligations arise in particular for commercial and tax law reasons. In accordance with legal requirements, records are stored for 6 years pursuant to Section 257 (1) HGB (e.g. accounting documents) and for 10 years pursuant to Section 147 (1) AO (e.g. accounting documents, commercial and business letters, documents relevant for taxation).

 

If we process your personal data on the basis of your consent, we will delete your personal data if you withdraw your consent to the processing of your personal data.



  • Recipients of your information


  • Cloud provider

  • AWS
    We use the Amazon Web Services service of [Amazon Web Services EMEA Sàrl, Rue Plaetis 5, 2338 Luxembourg, Luxembourg (“AWS“)]. AWS stores our website on its servers (hosting). The use of Amazon Web Services is in accordance with Art. 6 para. 1 lit. f) GDPR due to our legitimate interest in providing our offer on this website. In this context, your personal data, in particular your customer information, is processed by AWS. We have concluded an order processing contract with AWS in accordance with Art. 28 GDPR in order to protect your personal data. The security standards of AWS are certified according to ISO 27001, SOC 1/2/2 and PCI DSS Level 1.

  • Peaberry Software

With the e-mail tool Customer.io we use the services of [Peaberry Software Inc. d/b/a Customer.io 921 SW Washington St, Suite #820, Portland, OR 97205, USA (“Peaberry Software“)]. In order to send our newsletter and to inform you about offers by e-mail, we process and share your newsletter information and customer information (in particular e-mail address) with Peaberry Software on the basis of your consent pursuant to Art. 6 para. 1 lit. a) GDPR or, if you are an existing customer and have not objected to this, on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. We also process and share newsletter tracking information with Peaberry Software in order to statistically evaluate how the newsletters and advertising emails are opened and used if you have given us your consent to do so in accordance with Art. 6 para. 1 lit. a) GDPR when registering for the newsletter. In order to protect your personal data, we have concluded an order processing contract with Peaberry Software in accordance with Art. 28 GDPR. 


  • Sentry

We use the error management tool of [Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA (“Sentry“)] for our website. We process and share your personal data with Sentry, in particular your e-mail address, on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to ensure the functionality and security of our website and our services. We have concluded an order processing contract with Sentry in accordance with Art. 28 GDPR to protect your personal data.


  • Hubspot 

We use the Hubspot CRM system to process user inquiries. The provider is Hubspot, Inc, 25 First Street, Cambridge, MA 02141, USA (“Hubspot“). We process your personal data, in particular your [customer and order information] with Hubspot on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to be able to process your inquiries and orders quickly and efficiently pursuant to Art. 6 para. 1 lit. b) GDPR. We have concluded an order processing contract with Hubspot in accordance with Art. 28 GDPR to protect your personal data


  • International data transfers

As part of the services used by Peaberry Software, Sentry, Hubspot and in the case of the services used by AWS, your personal data may be transferred to locations in the USA. The aforementioned companies participate in the EU-US Data Privacy Framework and are actively certified under it. The European Commission has determined in an adequacy decision that personal data transferred to companies participating in the EU-US Data Privacy Framework is adequately protected. The effect of such a decision is that personal data can be transferred from the European Economic Union (“EEA“) to that third country without the need for further safeguards. In other words, data transfers to these companies will be treated in the same way as data transfers within the EU.


  • Cookies

When you visit our website, information may be stored on your device in the form of cookies. Cookies are small text files that are sent to your browser by a web server and stored on your device. The cookies are transmitted back to our web server when you visit our website at a later date. This enables us, for example, to recognize you when you return to our website. Cookies can be divided into so-called “first-party cookies” (used by us) and so-called “third-party cookies” (used by third parties). A basic distinction can be made between 3 categories of cookies, namely 

 

  • Category 1: Technically necessary cookies that are absolutely essential to ensure the technical functionality of the website,
  • Category 2: Functional cookies, which serve to create the most pleasant surfing experience possible and to optimize the website, and
  • Category 3: Tracking and advertising cookies (so-called marketing cookies), which are used to analyze user behavior on the website and thus enable interest-based advertising. 

 

The legal basis for the use of category 1 cookies is our legitimate interest in providing and ensuring the technical functionality of our website and online platform in accordance with Art. 6 para. 1 lit. f) GDPR and Section 25 para. 2 of the Telecommunications Digital Services Data Protection Act (“TDDDG“). The legal basis for the use of cookies of categories 2 and 3 is your consent in the cookie management tool on our website in accordance with Art. 6 para. 1 lit. a) GDPR and Section 25 para. 1 TDDDG. 

 

Detailed information on the individual cookies used on our website www.enterprise.mycarly.com and information on the associated processing of your personal data can be found in our cookie management tool on our website.


  • Data security

We take technical, contractual and organizational measures for the security of data processing in accordance with the state of the art. In this way, we ensure that the provisions of the data protection laws, in particular the GDPR, are complied with and that the data processed by us is protected against destruction, loss, alteration and unauthorized access. 


  • Automated decision making.

Automated decision-making within the meaning of Art. 22 GDPR does not take place. 

  • Your rights as a data subject

As a data subject, you have the right to obtain confirmation as to whether or not personal data concerning you is being processed by us and, where that is the case, the right to access the personal data concerning you and to receive a copy of that data (Art. 15 (1) and (3) GDPR).

 

If we process incorrect personal data, you have the right to rectification (Art. 16 GDPR).

 

In some cases provided for by law, you may request the erasure of personal data concerning you or the restriction of processing (Art. 17 and 18 GDPR).

 

If the processing is based on your consent within the meaning of Art. 6 para. 1 lit. a) GDPR, you can withdraw your consent at any time (Art. 7 para. 3 GDPR) without affecting the lawfulness of processing based on consent before its withdrawal. We will inform you separately if we require your consent for the processing of personal data concerning you for specified, explicit and legitimate purposes that are not covered by this privacy notice.

 

If the processing is based on your consent within the meaning of Art. 6 para. 1 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and is carried out by automated means, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Art. 20 GDPR).

 

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you on the basis of Art. 6 (1) (e) or (f) GDPR (Art. 21 (1) GDPR). You can object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. f) GDPR for direct marketing purposes (Art. 21 para. 2 GDPR), without having to give reasons relating to your particular situation.

 

You also have the right to lodge a complaint with the competent data protection supervisory authority. For example, you can contact the supervisory authority in the EU Member State in which you have your habitual residence or place of work or where the infringement is alleged to have taken place. The data protection supervisory authority responsible for us is the Bavarian State Commissioner for Data Protection and Freedom of Information.

 

If you wish to assert your rights, please contact us [using the contact details under point 2 of this privacy policy].


  • Changes to this data protection notice

New legal requirements, corporate decisions or technical developments may lead to changes to this notice and require us to adapt this data protection notice accordingly. The current version can be found on our website. Please note that external links to third-party websites or their contact information may change over time. If you find information that is no longer up to date, please let us know.