1. who is responsible for data processing and who can I contact?
The responsible body is:
Carano Software Solutions GmbH
Bornstraße 32, 12163 Berlin
Phone: +49 30 399944-0
Fax: +49 30 399944-99
Responsible data protection officer of Carano:
C. Rocco Wittig
Phone: +49 30 399944-0
Fax: +49 30 399944-99
3. what data do we use?
In principle, you can visit our websites without disclosing your identity to us, unless you wish to send us an e-mail or a message via a contact form, apply for a job with us or use our demo versions. We only process the data required to answer your request or to provide our services. Which data is collected can be seen from the respective input forms. The required data are marked as mandatory fields. If we ask you for further information, this is voluntary information. We use this information to customize our offers or to better tailor them to your needs. In all other cases, we only use the data required to contact you.
4 For what purposes and on what legal basis do we use your data?
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Please also note our information on your right to object in accordance with Article 21 GDPR.
a) Provision of our solutions and services
The processing of personal data is carried out for the performance of a contract, as well as for the implementation of pre-contractual measures, which are carried out upon your request (Art. 6 para.1b DS-GVO).
b) Contact form
If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact data you enter there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent. The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, provided that your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) f DSGVO) or on your consent (Art. 6 (1) a DSGVO) if this has been requested. The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
c) Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not share this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, provided that your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) f DSGVO) or on your consent (Art. 6 (1) a DSGVO) if this has been requested.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
d) Registration on this website
You can register on this site to use additional features on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.
For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you in this way. The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b DSGVO). The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.
e) Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to delete e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to delete or block it.
After you have unsubscribed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
5. who gets my data?
Within Carano, access to your data is granted to those offices that require it in order to fulfill our contractual and legal obligations or within the framework of the balancing of interests. Service providers and vicarious agents employed by us may also receive data for these purposes if they comply with confidentiality and our instructions under data protection law. A transfer to third parties takes place exclusively within the framework of the regulations of the DS-GVO and the BDSG.
6. will data be transferred to a third country?
No data is transferred to countries outside the EU or the EEA (so-called third countries).
7. how long will my data be stored?
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or within the framework of the balancing of interests. If the data is no longer required for the fulfillment of these purposes, it is regularly deleted, unless its – temporary – further processing is required for the fulfillment of retention periods under commercial and tax law, such as the German Commercial Code and the German Fiscal Code. The periods specified there for storage or documentation are six to ten years.
8 What data protection rights do I have?
You have the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. You also have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).
A list of the supervisory authorities and their contact details can be found at the following link:
You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this. Please also note our information on your right to object in accordance with Article 21 GDPR.
To exercise your rights, please use the above contact to our data protection officer.
9. is there an obligation to provide data?
In the context of our business relationship or the ordering of services, you must provide those personal data that are necessary for the implementation of the business relationship or the provision of a service and the fulfillment of the associated contractual obligations or which we are required to collect by law. Without this data, we usually have to refuse to conclude the contract or execute the order, or can no longer perform an existing contract and may therefore have to terminate it.
10. is there automated decision-making including profiling?
We do not use fully automated decision-making including profiling in accordance with Article 22 GDPR.
11. information about your right to object in accordance with Article 21 GDPR
a) Individual right of objection
You have the right to object to the processing of your personal data on grounds relating to your particular situation. The prerequisite for this is that the data processing is carried out in the public interest or on the basis of a balancing of interests. This also applies to profiling. In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing such data that override your interests, rights and freedoms. Or your personal data is used for the assertion, exercise or defense of legal claims.
b) Objection to the processing of your data for direct marketing purposes
If your personal data is processed for our direct marketing, you have the right to object to this at any time; this also applies to profiling if it is connected with direct marketing. In the event of an objection, we will no longer process your personal data for these purposes. The objection can be made form-free and should preferably be directed to the above-mentioned contact to our data protection officer.
12. what data is processed when using the website?
a) Usage-related data
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
- Browser type and version Operating system used Referrer URL
- Host name of the accessing computer Time of the server request
- IP address
This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.
Our Internet pages use so-called “cookies”. Cookies are small text files and do not harm your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.
Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a DSGVO); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in the context of this data protection declaration and, if necessary, request your consent
c) Cookie consent with Borlabs cookie
Our website uses Borlabs Cookie’s cookie consent technology to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter referred to as Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of Borlabs Cookie.
The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
There is a live chat on our website that we can use to answer questions from website visitors can answer. We process the information that you us to communicate with you via live chat. We use the third-party provider
55 2nd Street, 4th Floor
San Francisco, CA 94105
to provide the chat function. Data is also sent to the USA for Intercom and processed there. By using our live chat you agree to this transmission. Alternatively you can You can also contact us by e-mail at any time.
Information on data protection at Intercom can be found here:
13. how secure is my data?
To protect the personal data of our customers and interested parties, we use a secure online transmission method, the so-called “Secure Socket Layer” (SSL) transmission. All information transmitted using this secure method is encrypted before it is sent. Your personal data is processed exclusively on data centers and computers protected by security technologies that meet industry standards (e.g. firewalls, password protection, access controls, etc.).
14. which plugins and tools are used on the website?
a) Google Remarketing
This website uses the services of Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
SendinBlue is a service with which the sending of newsletters can be organized and analyzed. if you enter data for the purpose of receiving the newsletter (e.g. e-mail address), this data is stored on German servers.With the help of Sendinblue we can analyze our newsletter campaigns. If you have one with
When you open an email sent by Sendinblue, a file contained in the email (known as a web beacon) connects to Sendinblue’s servers. This makes it possible to determine whether a newsletter message
opened and which links were clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not want Sendinblue to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can use these You can revoke your consent at any time by unsubscribing from the newsletter. The legality of the already data processing operations carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
After you unsubscribe from the newsletter distribution list, your e-mail address will be stored by us or the
newsletter service provider may be stored in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
Conclusion of a data processing agreement
We have concluded a so-called “Data Processing Agreement” with Sendinblue, in which we oblige Sendinblue to protect our customers’ data and not to pass it on to third parties.
e) Use of the lead generation service Leadinfo
On this website, we use the lead generation service of Leadinfo B.V., Rotterdam, Netherlands, on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. f. GDPR.
This service recognizes visits from companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses.
Further information can be found at www.leadinfo.com.
You can object to the collection and storage of data at any time with effect for the future by clicking on this link: www.leadinfo.com/en/opt-out to prevent Leadinfo B.V. from collecting data on this website in the future by using the opt-out option.
This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. The purpose of data processing is to analyze this website and its visitors. For this purpose, data is collected and stored for marketing and optimization purposes. This data can be used to create user profiles under a pseudonym. Cookies can be used for this purpose. With the web analysis tool Mouseflow, randomly selected individual visits (only with anonymized IP address) are recorded. This creates a log of mouse movements and clicks with the intention of randomly replaying individual website visits and deriving potential improvements for the website. The data collected with Mouseflow will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym. The processing is carried out on the basis of Art. 6 (1) f) GDPR from the legitimate interest in direct customer communication and in the needs-based design of the website. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) f GDPR. To do this, you can globally deactivate recording on all websites that use Mouseflow for the browser you are currently using by clicking on the following link:
If you are interested in contract data processing, you can conclude this with us directly online via RightSignature: