Privacy policy
STATE: March 2024
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Owner and responsible body
The controller responsible for data processing on this website is
Carmäleon Drive GmbH
Gruberfeldstraße 8
5162 Obertrum
Telephone: +43 6219 20125
E-Mail: office@carmaeleondrive.at
Your rights in relation to our website
Revocation of consent to data processing
Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send us an informal e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)
If the data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims (objection pursuant to Art. 21 (1) GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 para. 2 GDPR).
Right to lodge a complaint with the competent supervisory authority
If you believe that the processing of your data violates Austrian or European data protection law, please contact us. In the event of breaches of data protection law, the data subject naturally has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the Data Protection Authority of the Republic of Austria (https://www.dsb.gv.at/).
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Right to information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given above if you have any further questions on the subject of personal data.
Processor
Even when using processors, we always remain responsible for the protection of your data. The processors we use are contractually obliged to comply with data protection regulations, treat your data confidentially and only process it as part of the provision of services.
Note on data transfer to the USA and other third countries
Among other things, tools from companies based in the USA or other third countries that are not secure under data protection law are integrated on our website. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, analyse and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
Hosting & SSL
Externes Hosting
This website is hosted by an external service provider (hoster). Personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data.
Conclusion of a contract for order processingIn order to guarantee data protection-compliant processing, we have concluded an order processing contract with our hoster.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Data collection on this website
Types of data collected
The types of related data that this website collects, either itself or via third parties, include IP address, cookie, usage data, first name, surname, telephone number, email address, address.
Full details of each type of personal data processed are provided in the dedicated sections of this Privacy Policy or through specific explanatory texts displayed prior to data processing.
The personal data may be provided voluntarily by the user or, in the case of usage data, processed automatically when this website is used.
All data requested by this website is mandatory. Failure to provide this data may result in this website not being able to provide its services. In cases where this website explicitly states that some data is not mandatory, users may choose not to provide this data without any consequences for the availability or functioning of the service.
Users who are unclear about which personal data is mandatory are welcome to contact the owner.
Any use of Cookies – or of other tracking tools – by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.
Users are responsible for any third party personal data obtained, published or shared through this website and confirm that they have the third party’s consent to provide the data to the Owner.
Method of data processing
The controller processes the user data in a proper manner and takes appropriate security measures to prevent unauthorised access and the unauthorised forwarding, modification or destruction of data.
Data processing is carried out by means of computers or IT-based systems, following an organisational procedure and mode strictly related to the purposes indicated. In addition to the Data Controller, access to the Data may be granted to certain categories of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies or communications agencies) appointed, if necessary, as Data Processors by the Owner.
Place of data processing
The data is processed at the operating location of the controller and at all other locations where the parties involved in the data processing are located. For further information, please contact the data controller.
Storage period of the data
The data will be stored for as long as is necessary to provide the services requested by the user or for the purposes specified in this document. The user may request the data controller to block or remove the data at any time.
Utilisation of the collected data
The data about the user is collected so that the owner can provide the services. In addition, data is collected for the following purposes: Analytics, Displaying content from external platforms, Contacting the User, Creating and managing backups, System logs and maintenance, Server logs, Cookies.
How and why do we collect data?
1. Analytics
Google Analytics (Google Ireland Limited)
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable your use of the website to be analysed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
– IP anonymisation –
We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
– Browser Plugin –
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
– Objection to data collection –
You can prevent the collection of your data by Google Analytics here: [borlabs-cookie type=”btn-switch-consent” id=”google-analytics” /]
– Order data processing –
We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
– Storage duration-
Data stored by Google at user and event level that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de
Personal data collected: Cookie and usage data.
Processing location: Irland – Privacy Policy
2. Contacting the user
Booking form
If you send us enquiries via the booking form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
The data entered in the booking form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
We will retain the data you provide on the booking form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.
Personal data collected: First name and surname, telephone number, e-mail address.
Telephone contact
Users who have provided their telephone number may be contacted for commercial or promotional purposes in relation to this website and for processing support enquiries.
Personal data collected: Telephone number, first name and surname.
3. Display content from external platforms
Google Maps (Google Ireland Limited)
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts for the purpose of standardising the display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google’s privacy policy:
YouTube-Video (Google Ireland Limited)
Our website uses plugins from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.
As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can store various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. The cookies remain on your device until you delete them.
After starting a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Further information on the handling of user data can be found in YouTube’s privacy policy at https://policies.google.com/privacy?hl=en.
Personal data collected: Cookie and usage data Processing location: Irland
Content Delivery Network
A Content Delivery Network (CDN) is a service for the optimisation and distribution of data traffic. Due to the way in which the functions are integrated, the service filters all traffic that takes place via this website, i.e. the communication that takes place via this website and the user’s browser, and at the same time enables the collection of analytical data that this website contains.
Stackpath CDN
Our tools use the Stackpath Content Delivery Network (CDN). Stackpath may store web log information of website visitors for 7 days, including IP addresses, UA, referrer, location and ISP information of website visitors. Files and images provided by the CDN may be stored and served in countries other than your own. You can find Stackpath’s privacy policy here.
4. Safety, technology and maintenance
System logs and maintenance
This website and the services of third-party providers may collect files for operational and maintenance purposes that record the interaction taking place via this website (system logs) or use other personal data (e.g. IP address) for this purpose. In particular, this is the case through the use of security tools to protect the website from hacker attacks.
Personal data collected: IP address.
Defender Pro (Incsub, LLC)
This website uses the WPMU DEV third-party cloud storage to store backups of its monitoring logs where personal information is collected.
An activity log is created and stored that records the IP address, user name and email address and records user activity (e.g. when a user makes a comment). The information is stored locally for 30 days and externally for 1 year. Information on remote logs cannot be deleted for security reasons.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
IP address
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
5. Cookies
Cookies
Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this privacy policy.
Consent history
[borlabs-cookie type=”consent-history” /]
Cookie settings
Here you can call up the cookie settings and change the selection you have already made.
[borlabs-cookie type=”btn-consent-preference” title=”Cookie-Einstellungen” /]
Benutzer-ID: [borlabs-cookie type=”uid” /]
[borlabs-cookie type=”service-list” /]
Further information on the collection and processing of data
Information not contained in this privacy policy
Further information on the collection or processing of personal data can be requested at any time from the controller using the contact details provided.
Changes to this privacy policy
The data controller reserves the right to make changes to this privacy policy at any time by informing its users accordingly on this page. Users are therefore advised to visit this page regularly and to check the date of the last change indicated at the top of the page. If a user rejects a change to the privacy policy, they may no longer use this website and may request the controller to delete their personal data. Unless otherwise stated, the current privacy policy applies to all personal data that the controller has stored about a user.
