Privacy Notice when our website is visited

This Privacy Notice fulfills the obligation to provide information pursuant to Article 13 et seq. of the General Data Protection Regulation (GDPR) where personal data is collected on our website.

1. Name and contact details of the data controller:

CARFAX Europe GmbH Barthstraße 2-10 80339 Munich Email: info@carfax.eu (hereinafter referred to as "CARFAX", “we", "us").

2. Contact details of the data protection officer:

Martin Holzhofer Holzhofer Consulting GmbH Lochhamer Str. 31 82152 Planegg, Germany Tel.: +49 89 125 01 56 00 Email: privacy@carfax.eu Website: https://www.holzhofer-consulting.de

3.1. Data processing on the basis of legitimate interests (Article 6(1)(f) GDPR)

In consideration of your rights and freedoms, processing will be carried out if this is necessary for the purposes of a legitimate interest on our part and this is not overridden by your interests, fundamental rights and fundamental freedoms, which require protection of personal data. Article 6(1)(f) GDPR provides the legal basis in these cases.

3.1.1. Collection of access data/server log files

For technical reasons, we process a limited amount of data (known as connection data) each time the website is accessed. This data is necessary from a technical point of view to establish and implement a connection between your device and our servers. The following data or categories of data can be collected:

  • Name of the file accessed.

  • The date and time of access.

  • Amount of data transferred.

  • Notification indicating whether access was successful.

  • Notification indicating why access may have failed.

  • Name of your Internet service provider.

  • Your computer's operating system and browser software, if applicable.

  • The website which directed you to us.

This log data will only be processed in order to carry out statistical analyses for the purpose of operating, securing and optimizing the site. However, we reserve the right to check the log data retrospectively if there are legitimate grounds for suspecting unlawful use on the basis of concrete evidence. This data is therefore not used to create user profiles.

3.1.2. Cookies required and not required for technical reasons

This website sometimes uses files known as cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our site more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser.

Most of the cookies we use are known as session cookies. They are automatically deleted once you leave our website. Cookies of this kind are essential from a technical standpoint for the website to be able to operate and for the purpose of providing the service requested by the user and therefore cannot be disabled.

3.1.3. Use of the contact form

When using the contact form, we will only collect personal data to the extent to which you provide it. We will only use your name and your email address to process your request.

3.2. Data processing based on your consent (Article 6(1)(a) GDPR)

Third-party services such as advertising and marketing cookies (tracking cookies) and analysis tools may also be used on the website. These are not necessary from a technical standpoint for operation of the website but are used, for example, to record how the user utilizes the Internet, to create a user profile and to send ads to the user which are tailored to the user's profile. These services will only become enabled after you have explicitly given your consent using the consent banner. For an overview of all third-party services which are embedded in the website and which are subject to consent, see point 10.

3.3 Data processing after entering a vehicle identification number (VIN)

By entering a vehicle identification number (VIN) on our website, you can check in advance whether CARFAX has fundamental information available for a specific vehicle at no charge and without the purchase of a used car history.

4. Automated decision-making including profiling

CARFAX Europe GmbH does not employ automated individual decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR.

5. Data transfer to a third country

Data is transferred to countries outside the EU and the European Economic Area ("third countries") as part of administering, developing and operating IT systems. Data shall only be transferred on the basis of:

  • an adequate decision of the European Commission under Article 45 GDPR;

  • an approved certification mechanism pursuant to Article 42 GDPR together with legally binding and enforceable obligations on the part of the controller or the processor in the third country;

  • standard data protection clauses issued by the Commission in accordance with the examination procedure referred to in Article 93(2) GDPR.

Personal data is currently transferred to the United States through the use of analysis and tracking tools (such as Google Analytics, DoubleClick or Microsoft Bing Ads) in the following cases:

  • Transmission of data to Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

  • Transmission of data to New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA.

  • Transmission of data to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

  • Data Transfer to Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

In the event that you order a search for information by entering a valid vehicle identification number, we will transmit the VIN to our parent company CARFAX Inc., 5860 Trinity Parkway, Suite 600, Centreville, VA 20120 in the USA, only in cases where there is no data available in our own database and to therefore allow you full access to the global database.

6. Categories of data recipient

To the extent permitted by law, we share personal data with external service providers:

  • IT service providers to maintain our IT infrastructure.

  • Server providers to store and process the data in a confidential manner.

Your data will also be shared as far as we are legally obliged to do so.

7. Retention period and criteria for determining such period

Personal data will only be retained for as long as is necessary in order to fulfill the purposes mentioned here or as stipulated by the statutory retention periods. The data will be deleted in accordance with the statutory regulations once the relevant purpose ceases to apply or after the retention periods have expired.

We will store your data for advertising purposes until you object to such use or we are no longer permitted by law to send promotional material to you.

8. Information about your rights as a data subject

CARFAX Europe GmbH, Barthstraße 2-10, 80339 Munich, Germany, is responsible for processing your data, unless otherwise stated.

You can obtain information from us at any time (Article 15 GDPR) about the data stored about you and request that it be rectified (Article 16 GDPR) where there are errors. You can also request that processing be restricted (Article 18 GDPR), request that data you give us be provided (Article 20 GDPR) in a machine-readable format (data portability) or that your data be erased (Article 17 GDPR) provided it is no longer required.

Furthermore, you have the right to object to the use of your data, which is based on public or legitimate interests (Article 21 GDPR), at any time.

If you wish to exercise your rights as a data subject, please contact: CARFAX Europe GmbH Barthstraße 2-10 80339 Munich, Germany privacy@carfax.eu

9. Right to lodge a complaint with a supervisory authority

In addition, you can contact a supervisory authority at any time to lodge a complaint. The Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision), P.O. Box 1349, 91504 Ansbach, Germany, is the competent authority for us. Alternatively, you can contact your local supervisory authority.

10. Privacy notice for all third-party services embedded in the website

10.1. Privacy notice about the use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). Google Analytics uses text files known as cookies that are stored on your computer and enable how you use the website to be analyzed. The information generated by the cookie about how you use the website such as

  • type/version of your browser,

  • operating system used,

  • referrer URL (the page previously visited),

  • host name of the accessing computer (IP address),

  • time of the server request,

is usually transferred to a Google server in the USA, where it will be stored. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. We have also added the code "anonymizeIp" to Google Analytics on this website.

Google will use this data on behalf of CARFAX Europe GmbH to analyze how you use the website, to compile reports about website activities and to provide further services related to website use and Internet use to the website operator. You can prevent cookies from being stored by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and related to how you use the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about how Google Analytics handles user data, please refer to Google's Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en

10.2. Privacy notice about the use of Google Tag Manager

This website uses Google Tag Manager provided by Google Inc. LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). This service allows website tags to be managed via an interface. This application manages JavaScript tags and HTML tags that are used to implement tracking and analysis tools in particular. Data is processed for the purposes of designing and optimizing our website on a needs-oriented basis. Google Tool Manager only implements tags. This means: No cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If disabled at domain or cookie level, this setting remains in place for all tracking tags, insofar as these are implemented with Google Tag Manager.

However, Google Tag Manager records your IP address, which may be transmitted to a Google server in the USA and stored there. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about Google Tag Manager, visit: https://www.google.com/analytics/terms/tag-manager/

10.3. Privacy notice about the use of Doubleclick.net by Google

This website uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to run ads that are relevant to users, improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are placed in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to capture conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later uses the same browser to visit the advertiser's website and buys something from it. According to Google, DoubleClick cookies do not contain any personal data.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google as a result of this tool being used and we are therefore providing you with the following information to the best of our knowledge: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, the provider may learn of and store your IP address.

In addition, the DoubleClick Floodlight cookies used enable us to understand whether you perform certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or on another platform via DoubleClick (conversion tracking). DoubleClick uses this cookie to understand the content that you have interacted with on our website so that targeted ads can subsequently be sent to you.

Your data is generally transmitted to Google LLC servers in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about DoubleClick by Google, visit https://marketingplatform.google.com/about/enterprise/

10.4. Privacy notice about the use of Google Fonts API/gStatic API

This website uses external fonts from Google Inc. such as Google Fonts and gStatic. These are services provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA. ("Google"). These web fonts are embedded via a call to a server, usually a Google server in the USA. This will tell the server which of our websites you have visited. The IP address of the browser on the device of the visitor to these Internet pages is also stored by Google.

Your data can be transferred to the USA, if applicable. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information, visit https://developers.google.com/fonts/faq?tid=331597391040

10.5. Privacy notice about the use of Google Dynamic Remarketing

On our website, we use the remarketing or "similar audiences" function from Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). The purpose of the application is to analyze visitor behavior and visitor interests. Google uses cookies to carry out analysis of website usage, which forms the basis for creating interest-based ads. The cookies are used to record the visits to the website as well as anonymous data about how the website is used. No personal data about visitors to the website is stored. If you subsequently visit another website in the Google Display Network, you will see advertisements that are likely to take into account products and information previously viewed.

Your data is generally transmitted to Google LLC servers in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about Google Remarketing and its privacy policy, please visit: https://www.google.com/privacy/ads/

10.6. Privacy notice about the use of Google Audiences

We also use Google Audiences ("GA Audience") from Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"), another web analytics service from Google. This service collects and stores data from which pseudonymized usage profiles are created. This technology allows users who have visited our websites to see targeted advertising from us on other external sites in the Google Partner Network.

Among other things, GA Audience uses cookies, which are stored on your computer and other mobile devices (such as smartphones, tablets etc.) and enables how the respective devices are used to be analyzed. In this respect, the data is, in part, analyzed across devices. GA Audience will have access to the cookies created in the context of Google Analytics being used.

In the context of such use, data such as, in particular, the IP address and activities of the users, can be transferred to a Google LLC server in the USA, where it will be stored. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Google is certified under the DPF and thus committed to complying with European data protection principles.

Google LLC may transfer this information to third parties if required by law or if such data is processed by third parties.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about privacy when GA Audience is being used, please visit: https://support.google.com/analytics/answer/2700409?hl=en&ref_topic=2611283.

10.7. Privacy notice about the use of New Relic

Our website uses a web analytics service from New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA ("New Relic"). New Relic uses cookies. The information generated by the cookie about how the site is utilized by users is usually transferred to a New Relic server in the USA, where it will be stored.

New Relic will use this information on our behalf to evaluate how our site is utilized by users, to compile reports about the activities within the site and to provide us with further services associated with how this site is used and Internet use. In this case, pseudonymized usage profiles of users can be created from the processed data. The IP address provided by the user's browser will not be merged with other New Relic data.

Your data is generally transmitted to the New Relic Inc. servers in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. New Relic is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about how New Relic uses data, see the New Relic privacy statement at https://newrelic.com/termsandconditions/cookie-policy and at https://newrelic.com/termsandconditions/cookie-policy.

10.8. Privacy policy notice for the use of Google reCaptcha

In addition to the conventional function of Google reCaptcha (for example, within an ordering process to be able to differentiate between input by a natural person or misuse by a bot or other spam software), we are also using the new reCAPTCHA v3 on our website (called the invisible reCAPTCHA). This is a function of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google) to detect abusive traffic—especially spam—on a website without user interaction. By spam, we mean any unsolicited, unwanted information sent electronically. The reCAPTCHA is therefore used to secure our website and ultimately also for your security.

The reCAPTCHA service is a JavaScript element integrated into the source text and the application runs in the background and analyzes your user behavior.

The invisible reCAPTCHA does not conduct any classic CAPTCHA test, but rather makes an assessment to allow us to select the most suitable action for our website ourselves. Google does not disclose exactly which data it collects and stores in this process. In addition, we also use the classic CAPTCHAS, in which you generally have to solve a text or image puzzle or check a box to confirm that you are not a bot. The classic reCAPTCHA is only used as a fallback solution if the invisible reCAPTCHA identifies a user as a bot in order to still give real users the opportunity to access the website.

According to our information, the following information is collected in relation to your terminal and your browser and transmitted to Google:

  • Referrer URL (the address of the site from which the visitor is coming)

  • User’s IP address

  • User’s operating system

  • Mouse and keyboard behavior

  • Language set in the browser

  • Screen and window resolution

  • Timezone

  • Installation of browser plugins

  • Limited location and usage data

Furthermore, Google reCAPTCHA also uses cookies (small text files in which your data is stored in your browser).

The Captcha window uses "Google Fonts" for the visual display, i.e. the fonts loaded from the Internet by Google. There is no processing of information other than that mentioned above, which is already transmitted to Google via the functionality of reCAPTCHA.

The use of Google reCAPTCHA occurs in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in establishing individual ownership on the Internet and preventing misuse and spam, and thereby ensuring the security of our website. Information is stored and accessed in accordance with Article 25 (1 and 2) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act).

As part of this use of Google reCAPTCHA, personal data may be transmitted to the server at Google LLC. in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. The service provider Google is certified under the DPF and thus committed to complying with European data protection principles.

For further information on data privacy at Google, please visit: https://www.google.com/intl/de/policies/privacy/

For further information on Google reCAPTCHA Version 3 can be found at https://developers.google.com/recaptcha?hl=de

10.9. Privacy notice about the use of Microsoft Bing Ads

On our website we use conversion tracking by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In this respect, Microsoft Bing Ads will store a cookie on your computer if you have accessed our website via a Microsoft Bing advertisement. In this way, we and Microsoft Bing can see that someone clicked on an ad, was redirected to our website and arrived at a previously designated landing page (conversion page). We are told the total number of users who clicked on a Bing ad and were then redirected to the conversion page.

In addition, Microsoft may be able to track your usage behaviour across several of your electronic devices through cross-device tracking, which allows Microsoft to display personalized advertising on or in Microsoft websites and apps. You can disable such tracking of your behaviour via https://account.microsoft.com/privacy/ad-settings/signedout. If you do not want information about your behaviour to be used by Microsoft as explained above, you may opt out of a cookie being set, for example by using a browser setting that generally disables cookies being set automatically.

When using Microsoft Bing Ads, personal data may also be transmitted to Microsoft's servers in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Microsoft is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about Microsoft's privacy policy and the cookies used by Microsoft and Bing Ads, please visit the Microsoft website at https://privacy.microsoft.com/en-gb/privacystatement.

10.10. Privacy notice about the use of Hotjar

Our website uses Hotjar, analysis software from Hotjar Ltd. ("Hotjar"), 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe. Hotjar can be used to measure and analyze usage behavior on our website in the form of clicks, mouse movements, scroll depths, etc. The information generated by the "tracking code" and the "cookie" is transmitted to and stored on the Hotjar servers in Ireland. The following information is collected:

  • The IP address of your device (collected and stored in an anonymized format)

  • Screen size of your device

  • Device type and browser information

  • Geographical location (country only)

  • The preferred language for displaying our website

In addition, the following data will be logged on our server when Hotjar is used:

  • Referring domain

  • Pages visited

  • Geographical location (country only)

  • The preferred language for displaying our website

  • Date and time website accessed

Hotjar will use this information to analyze how you use our website, to create reports as well as other services concerning website use and Internet analysis of the website. Hotjar also uses third-party services such as Google Analytics to provide services. These third-party companies may store information that your browser sends during the visit to the site, such as cookies or IP requests. For more information about how Google Analytics stores and uses data, please refer to their respective privacy notices.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give corresponding consent via the consent banner.

For more information about privacy when using Hotjar, please visit www.hotjar.com/privacy and www.hotjar.com/legal/policies/privacy

10.11. Privacy policy on the use of Meta Pixel and Meta Custom audience 

Our website uses a "Meta pixel" created by the social network Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta"). The Meta pixel makes it possible to track users' behavior after they click on a Meta ad. Using this Meta pixel helps us to understand how our marketing campaigns are received by users on Meta's platforms, such as Facebook and Instagram, and enables us to devise action improvement plans, if necessary. While visiting one of Meta's social networks or any other website that also utilizes this tool, users of our website are shown targeted ads ("Meta ads" or "Facebook ads" and "Instagram ads"). Accordingly, we also use the Meta pixel to display Meta ads placed by us only to those Meta users who have also shown an interest in our online offering or to those who have certain characteristics (e.g. interest in certain topics or products determined on the basis of the web pages they have visited), which we share with Meta (Meta "Custom Audiences" or "Lookalike Audiences"). 

Your browser uses the Meta pixel to automatically establish a direct connection to the Meta server. We have no influence on the scope and further use of the data collected by Meta, as a result of this tool being used, and we are therefore providing you with the following information to the best of our knowledge:  

The integrated Meta Pixel notifies Meta that you have clicked on an ad from us or called up the corresponding page of our website. If you are registered with a Meta service, Meta can assign the visit to your account. Even if you are not registered with Meta or you have not logged in, the provider may learn a store your IP address and other identifying information. 

Your data is generally transmitted to the Meta Platforms Inc. servers in the USA. For the USA, the European Commission has issued an adequacy decision according to Article 45(3) GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the USA that are certified according to the DPF, the level of data protection is thus considered adequate. Meta is certified under the DPF and thus committed to complying with European data protection principles.

Information in the end user's terminal is stored and accessed in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for your personal data being further processed is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner. 

Meta processes data in line with Meta's Privacy Policy. You can also find specific information and details about Meta pixel and how it works in the Meta Business Help Centre

10.12. Privacy notice regarding the use of Optimizely

Our website uses the web analysis and optimization service "Optimizely," which is provided by Optimizely Inc., 119 Fifth Avenue, 7th Floor, New York, NY 10003, USA. We use Optimizely to enhance the appeal, content and functionality of our website by using the service to publish new functions and content and by using the service to display these functions and content to a percentage of our users and then perform statistical analysis of the differences in website use. This is known as A/B testing.

Optimizely uses tools such as cookies, which you can enable to help optimize and analyze the use of our website. The information generated by these cookies about how you use our website is usually transferred to an Optimizely server in the USA, where it will be stored.

The following data may be collected and processed as part of optimization tests:

  • IP address (the user's IP address is automatically anonymized)

  • Any specific identifiers such as cookie IDs or similar identifiers, as well as event data connected to these identifiers (such as device type, browser and operating system, time of access and the characteristics of the website tested)

Optimizely uses this information on our behalf to evaluate your usage of our website, to compile reports regarding optimization tests and the associated website activities and to provide us with additional services related to the use of the website and the Internet.

The storage of and access to information on the end user's device is carried out on the basis of informed consent, in accordance with Article 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutzgesetz — German Telecommunications and Telemedia Data Protection Act). The legal basis for any further processing of your personal data is the informed consent that you have freely given pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

We have concluded a data processing agreement (DPA) and additional standard contractual clauses (SCC) with the service provider Optimizely.

Additional information regarding data protection can be found in Optimizely's privacy policy

Munich, January 2024