Privacy policy
The protection of your personal data is of utmost importance to us, hence we process your data exclusively based on the statutory provisions. In this privacy policy, we inform you of the most important aspects of data processing on our website and within our online shop.
Controller
Carletto Deutschland GmbH
Kressengartenstraße 2
90402 Nuremberg
Germany
Email: datenschutz@carletto.de
Categories of processed data:
- inventory data (e.g., names, addresses)
- contact data (e.g., email addresses, phone numbers)
- content data (e.g., texts)
- usage data (e.g., web pages visited, interest in content, access times)
- meta/communication data (e.g., device information, IP addresses).
Purposes of data processing:
- provision of online offers, their functions and contents
- response to contact requests and communicating with users
- safety measures
- reach measurement/marketing (e.g., dispatch of catalogues and advertising)
Cooperation with order processors and third parties
Should we, in the course of our processing, disclose or transmit data to other persons and/or companies (order processors or third parties) or otherwise grant access to data, then this will only take place based on lawful processing to which you have consented, a legal obligation that provides for this or our legitimate interests (e.g., when authorized representatives, web hosts, etc. are deployed).
Transmission of data to third countries
The data we collect from our customers is stored in the European Economic Area (EEA), but may also be transmitted to and processed in a country outside of the EEA. Personal data is transmitted pursuant to the applicable laws.
Customer rights
You have a right to information on your data, to its rectification and erasure in addition to data portability. Furthermore, you have the right to restrict the processing of your data.
You have the right to have your data processed by us deleted at any time, except in the following instances:
- ongoing case with customer services
- open order that has not yet been delivered or only in part
- open account at Carletto, regardless of the method of payment
- abuse (or suspected abuse) of our services in the past four years
- sale of the data subject’s debt to a third party within the last three years (within one year in the case of deceased customers)
- rejected credit application within the last three months
- obligation to maintain records due to a purchase and personal data must be stored.
You can contact Carletto at the following email address to exercise these rights: datenschutz@carletto.de
In the event of non-compliance by Carletto with the applicable data protection laws, you have the right to lodge a complaint with the responsible supervisory authority.
Credit checks
We reserve the right to review payment transactions to prevent fraud and other payment-related abusive usage. Both internal and external sources of information are used for this. Should we suspect and/or detect any abuse, we moreover reserve the right to share relevant information (including personal data) with other companies, which may also review the data.
Cookies
We use browser cookies on our website. These small text files enable the storage of specific, user-related information on a user’s device while they are using the website. In particular, using cookies allows us to determine the frequency of use and number of webpage users, analyze page usage behavior patterns, and further improve the user friendliness. Cookies continue to be stored after a browser session ends and can be retrieved when you revisit a webpage. Should you not want this, you can adjust your browser settings to refuse the use of cookies.
Manage cookies
You are able to manage which cookies are allowed for yourself and, if necessary, to prevent this by adjusting your browser settings as indicated by your browser provider:
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
Microsoft Edge: http://windows.microsoft.com/de-de/windows-vista/block-or-allow-cookies
Chrome: https://support.google.com/chrome/answer/95647?hl=en
Safari: http://support.apple.com/kb/PH5042
Opera: http://help.opera.com/Linux/9.00/de/cookies.html
You can object to the use of cookies for online advertising purposes in general for a variety of services, especially in the case of tracking, either via the US website www.aboutads.info/choices or the EU website www.youronlinechoices.com. The storage of cookies can moreover be deactivated in the browser settings. Bear in mind that not all functions of the website can then be used. This evaluation is anonymous, i.e., does not draw on any personal data.
The data is not assigned to a specific person, nor is it merged with other data sources.
You can also learn more about how cookies work on www.allaboutcookies.org.
SSL encryption
Our webpages use SSL encryption for security reasons and to provide protection during the transmission of confidential content such as queries that you send to us as the site operator. You can recognize an encrypted connection by the change in browser address from “http://” to “https://” and appearance of the lock symbol in the browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Retention of customer data
For accounting reasons, we generally retain personal data collected from customers for the processing of orders for a period of ten (10) years from the time of final processing. We retain other data for as long as this is necessary for performance of the contract and to safeguard our rights. We reserve the right to retain data for longer due to legal and/or operational obligations/reasons.
Business-related processing
We additionally process:
- contract data (e.g., subject of the contract, term, customer category)
- payment data (e.g., bank details, payment history)
from our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
Collection of access data and log files
We/our hosting provider, collect/s data on every access to the server on which this service is located (server log files) based on our legitimate interests. Access data includes the name of the website visited; file accessed; date and time of access; volume of data transmitted; report on successful access; browser type and version; user operating system; referrer URL (website previously visited); IP address; and requesting provider.
Log file information is stored for security reasons (e.g., to investigate abuse or fraud) for a maximum of seven (7) days, then deleted. Data that must be retained for longer for evidence purposes is exempt from deletion until the respective incident has been definitively resolved.
Order processing in the online shop and customer accounts
We process our customers’ data during the order procedure in our online shop to enable them to select and order products and services, pay for these and have them delivered or activated.
The data we process includes inventory data, communication data, contract data, payment data and our customers count among the data subjects of processing. Processing is carried out for the purpose of providing contractual services within the scope of operation of an online shop, invoicing, delivery and customer services. We use session cookies to store the contents of the shopping basket and permanent cookies to store the login status.
The information marked as necessary to establish and perform the contract is required. We only disclose this data to third parties as part of delivery and payment or within the scope of legal permissions and obligations vis-à-vis legal advisors and authorities.
Contact
When we are contacted (e.g., via the contact form, email, or telephone), the user’s information is processed for the purpose of responding to and processing their query. The user’s information may be stored in our system.
We delete queries insofar as these are no longer needed. The statutory archiving obligations moreover apply.
reCAPTCHA
To protect queries submitted via online forms, we use the reCAPTCHA service of Google Inc. (Google). This service serves to determine whether data is being input by a human or improperly by automated machine processing. The query includes sending of the IP address and potentially also further data required by Google for the reCAPTCHA service to Google. The information you provide is transmitted to Google for this purpose and used there further. However, within member states of the European Union and other countries party to the Agreement on the European Economic Area (EEA), Google will truncate your IP address prior to transmission. Only in exceptional cases will the full IP address first be transmitted to a Google server in the USA and truncated there. Google will use this information to evaluate your use of this service on behalf of the operator of this website. The IP address transmitted by your browser as part of the reCAPTCHA procedure will not be merged with any other data held by Google. Google’s deviating privacy policy applies for this data. For more information on Google’s privacy policy, see: https://policies.google.com/privacy
Newsletter
If you would like to receive the newsletter offered on the website, we need your email address in addition to information that will allow us to verify that you are the owner of the email address provided and that you agree to receive the newsletter.
We use the double opt-in procedure to ensure your consent. In the course of this two-step procedure, potential newsletter recipients register for a mailing list. They subsequently have the opportunity to provide legally-binding confirmation of their registration by confirming their consent via email. The email address is only actively added to the mailing list once it has been confirmed.
We use this data exclusively to send the information and offers requested.
We use the newsletter software Newsletter2Go. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data or for using it for any purposes other than sending newsletters. Newsletter2Go is a certified German provider, which was selected according to the requirements of the General Data Protection Regulation and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
For more information, see: www.newsletter2go.de/informationen-newsletter-empfaenger
You can revoke your consent to the storage of your data, email address and their use for sending the newsletter at any time, for example by clicking on the “Unsubscribe” link available in every newsletter.
The data protection measures are always subject to technical innovations. Hence we ask that you inform yourself of our data protection measures at regular intervals by consulting our privacy policy.
Analysis tools
Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses cookies, which are text files that are stored on your computer and enable an analysis of your website usage. The information generated by the cookies on your use of this website is usually transmitted to a Google server in the USA and stored there.
The legal basis for the storage of Google Analytics cookies is Article 6(f) GDPR. Our legitimate interest lies in the analysis of user behavior, optimization, and the business operation of our online offers and advertising measures.
We have activated the IP anonymization function on this website. This means that within the European Union and other countries party to the Agreement on the European Economic Area, Google will truncate your IP address prior to its transmission to the USA. Only in exceptional cases will your full IP address first be transmitted to a Google server in the USA and then truncated there. Google will use this information on behalf of the website operator to evaluate your use of the website, compile reports on website activity, and provide the website operator with further services relating to the use of this website and the internet. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
Objecting to data collection: You can prevent the collection of data by Google Analytics by adjusting your cookie settings.
Demographic characteristics in Google Analytics: This website uses the demographic characteristics function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of visitors to the website. The data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or prevent the collection of your data by Google Analytics in general, as described in the section entitled “Objecting to data collection”.
For more information on how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en&sjid=12298206418805077562-EU.
Privacy policy for the use of Google Web Fonts
This website uses the web fonts provided by Google for the uniform display of fonts. When you access a webpage, your browser loads the required fonts into its browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font from your computer will be used.
For more information on Google Web Fonts, see https://developers.google.com/fonts/faq and Google’s privacy policy: www.google.com/policies
Google Tag Manager
Google Tag Manager provides us with a solution for managing website tags via an interface and thus integrating Google Analytics and other Google marketing services into our online offer. The tag manager itself that implements the tags does not process any of users’ personal data. Please refer to the following information on Google Tag Manager regarding the processing of users’ personal data. Use policy: www.google.com/intl/de/tagmanager/use-policy.html
YouTube
We integrate videos into our website from the “YouTube” platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: www.google.com/policies/privacy
Opt out options: https://adssettings.google.com/authenticated
Links
Our websites contain links to other websites over which we have no control. We cannot accept any responsibility whatsoever for the protection of data or content on these websites.
Final provision
We reserve the right to modify our privacy policy at any time, naturally in compliance with the applicable data protection laws.
Last updated: August 2023