Privacy Notice when our website is visited

This Privacy Notice fulfills the obligation to provide information pursuant to Article 13 et seq. of the General Data Protection Regulation (GDPR) where personal data is collected on our website.

1. Name and contact details of the data controller:

CARFAX Europe GmbH Lindwurmstraße 124 80337 Munich, Germany Email: info@carfax.eu (hereinafter referred to as "CARFAX", “we", "us").

2. Contact details of the data protection officer:

Martin Holzhofer Holzhofer Consulting GmbH Lochhamer Str. 31 82152 Planegg, Germany Tel.: +49 89 125 01 56 00 Email: privacy@carfax.eu Website: https://www.holzhofer-consulting.de

3.1. Data processing on the basis of legitimate interests (Article 6(1)(f) GDPR)

In consideration of your rights and freedoms, processing will be carried out if this is necessary for the purposes of a legitimate interest on our part and this is not overridden by your interests, fundamental rights and fundamental freedoms, which require protection of personal data. Article 6(1)(f) GDPR provides the legal basis in these cases.

3.1.1. Collection of access data/server log files

For technical reasons, we process a limited amount of data (known as connection data) each time the website is accessed. This data is necessary from a technical point of view to establish and implement a connection between your device and our servers. The following data or categories of data can be collected:

  • Name of the file accessed.

  • The date and time of access.

  • Amount of data transferred.

  • Notification indicating whether access was successful.

  • Notification indicating why access may have failed.

  • Name of your Internet service provider.

  • Your computer's operating system and browser software, if applicable.

  • The website which directed you to us.

This log data will only be processed in order to carry out statistical analyses for the purpose of operating, securing and optimizing the site. However, we reserve the right to check the log data retrospectively if there are legitimate grounds for suspecting unlawful use on the basis of concrete evidence. This data is therefore not used to create user profiles.

3.1.2. Cookies required and not required for technical reasons

This website sometimes uses files known as cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our site more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser.

Most of the cookies we use are known as session cookies. They are automatically deleted once you leave our website. Cookies of this kind are essential from a technical standpoint for the website to be able to operate and for the purpose of providing the service requested by the user and therefore cannot be disabled.

3.1.3. Use of the contact form

When using the contact form, we will only collect personal data to the extent to which you provide it. We will only use your email address to process your request.

Third-party services such as advertising and marketing cookies (tracking cookies) and analysis tools may also be used on the website. These are not necessary from a technical standpoint for operation of the website but are used, for example, to record how the user utilizes the Internet, to create a user profile and to send ads to the user which are tailored to the user's profile. These services will only become enabled after you have explicitly given your consent using the consent banner. For an overview of all third-party services which are embedded in the website and which are subject to consent, see point 10.

4. Automated decision-making including profiling

CARFAX Europe GmbH does not employ automated individual decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR.

5. Data transfer to a third country

Data is transferred to countries outside the EU and the European Economic Area ("third countries") as part of administering, developing and operating IT systems. Data shall only be transferred on the basis of:

  • an adequate decision of the European Commission under Article 45 GDPR;

  • an approved certification mechanism pursuant to Article 42 GDPR together with legally binding and enforceable obligations on the part of the controller or the processor in the third country;

  • standard data protection clauses issued by the Commission in accordance with the examination procedure referred to in Article 93(2) GDPR.

Personal data is currently transferred to the United States through the use of analysis and tracking tools (such as Google Analytics, DoubleClick or Microsoft Bing Ads) in the following cases:

  • Transmission of data to Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

  • Transmission of data to New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA.

  • Transmission of data to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

6. Categories of data recipient

To the extent permitted by law, we share personal data with external service providers:

  • IT service providers to maintain our IT infrastructure.

  • Server providers to store and process the data in a confidential manner.

Your data will also be shared as far as we are legally obliged to do so.

7. Retention period and criteria for determining such period

Personal data will only be retained for as long as is necessary in order to fulfill the purposes mentioned here or as stipulated by the statutory retention periods. The data will be deleted in accordance with the statutory regulations once the relevant purpose ceases to apply or after the retention periods have expired.

We will store your data for advertising purposes until you object to such use or we are no longer permitted by law to send promotional material to you.

8. Information about your rights as a data subject

CARFAX Europe GmbH, Lindwurmstr. 124, 80337 Munich, Germany, is responsible for processing your data, unless otherwise stated.

You can obtain information from us at any time (Article 15 GDPR) about the data stored about you and request that it be rectified (Article 16 GDPR) where there are errors. You can also request that processing be restricted (Article 18 GDPR), request that data you give us be provided (Article 20 GDPR) in a machine-readable format (data portability) or that your data be erased (Article 17 GDPR) provided it is no longer required.

Furthermore, you have the right to object to the use of your data, which is based on public or legitimate interests (Article 21 GDPR), at any time.

If you wish to exercise your rights as a data subject, please contact: CARFAX Europe GmbH Lindwurmstraße 124 80337 Munich, Germany privacy@carfax.eu

9. Right to lodge a complaint with a supervisory authority

In addition, you can contact a supervisory authority at any time to lodge a complaint. The Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision), P.O. Box 1349, 91504 Ansbach, Germany, is the competent authority for us. Alternatively, you can contact your local supervisory authority.

10. Privacy notice for all third-party services embedded in the website

10.1. Privacy notice about the use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). Google Analytics uses text files known as cookies that are stored on your computer and enable how you use the website to be analyzed. The information generated by the cookie about how you use the website such as

  • type/version of your browser,

  • operating system used,

  • referrer URL (the page previously visited),

  • host name of the accessing computer (IP address),

  • time of the server request,

is usually transferred to a Google server in the USA, where it will be stored. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. We have also added the code "anonymizeIp" to Google Analytics on this website.

Google will use this data on behalf of CARFAX Europe GmbH to analyze how you use the website, to compile reports about website activities and to provide further services related to website use and Internet use to the website operator. You can prevent cookies from being stored by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and related to how you use the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

The legal basis for processing your personal data is your consent pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner. For more information about how Google Analytics handles user data, please refer to Google's Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en

10.2. Privacy notice about the use of Google Tag Manager

This website uses Google Tag Manager provided by Google Inc. LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). This service allows website tags to be managed via an interface. This application manages JavaScript tags and HTML tags that are used to implement tracking and analysis tools in particular. Data is processed for the purposes of designing and optimizing our website on a needs-oriented basis. Google Tool Manager only implements tags. This means: No cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If disabled at domain or cookie level, this setting remains in place for all tracking tags, insofar as these are implemented with Google Tag Manager.

The legal basis for processing your personal data is your consent pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner. For more information about Google Tag Manager, visit: https://www.google.com/analytics/terms/tag-manager/

10.3. Privacy notice about the use of Doubleclick.net by Google

This website uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to run ads that are relevant to users, improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are placed in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to capture conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later uses the same browser to visit the advertiser's website and buys something from it. According to Google, DoubleClick cookies do not contain any personal data.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google as a result of this tool being used and we are therefore providing you with the following information to the best of our knowledge: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, the provider may learn of and store your IP address.

In addition, the DoubleClick Floodlight cookies used enable us to understand whether you perform certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or on another platform via DoubleClick (conversion tracking). DoubleClick uses this cookie to understand the content that you have interacted with on our website so that targeted ads can subsequently be sent to you.

The legal basis for processing your personal data is your consent pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner. For more information about DoubleClick by Google, visit https://marketingplatform.google.com/about/enterprise/

10.4. Privacy notice about the use of Google Fonts API/gStatic API

This website uses external fonts from Google Inc. such as Google Fonts and gStatic. These are services provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA. ("Google"). These web fonts are embedded via a call to a server, usually a Google server in the USA. This will tell the server which of our websites you have visited. The IP address of the browser on the device of the visitor to these Internet pages is also stored by Google.

The legal basis for processing your personal data is your consent pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner. For more information, visit https://developers.google.com/fonts/faq?tid=331597391040

10.5. Privacy notice about the use of Google Dynamic Remarketing

On our website, we use the remarketing or "similar audiences" function from Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). The purpose of the application is to analyze visitor behavior and visitor interests. Google uses cookies to carry out analysis of website usage, which forms the basis for creating interest-based ads. The cookies are used to record the visits to the website as well as anonymous data about how the website is used. No personal data about visitors to the website is stored. If you subsequently visit another website in the Google Display Network, you will see advertisements that are likely to take into account products and information previously viewed. The legal basis for processing your personal data is your consent pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner. For more information about Google Remarketing and its privacy policy, please visit: https://www.google.com/privacy/ads/

10.6. Privacy notice about the use of Google Audiences

We also use Google Audiences ("GA Audience") from Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"), another web analytics service from Google. This service collects and stores data from which pseudonymized usage profiles are created. This technology allows users who have visited our websites to see targeted advertising from us on other external sites in the Google Partner Network.

Among other things, GA Audience uses cookies, which are stored on your computer and other mobile devices (such as smartphones, tablets etc.) and enables how the respective devices are used to be analyzed. In this respect, the data is, in part, analyzed across devices. GA Audience will have access to the cookies created in the context of Google Analytics being used. In the context of such use, data such as the IP address and activities of the users, can be transferred to a Google LLC server, where it will be stored. Google LLC may transfer this information to third parties if required by law or if such data is processed by third parties. The legal basis for processing your personal data is your consent pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about privacy when GA Audience is being used, please visit: https://support.google.com/analytics/answer/2700409?hl=en&ref_topic=2611283.

10.7. Privacy notice about the use of New Relic

Our website uses a web analytics service from New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA ("New Relic"). New Relic uses cookies. The information generated by the cookie about how the site is utilized by users is usually transferred to a New Relic server in the USA, where it will be stored.

New Relic will use this information on our behalf to evaluate how our site is utilized by users, to compile reports about the activities within the site and to provide us with further services associated with how this site is used and Internet use. In this case, pseudonymized usage profiles of users can be created from the processed data.

The IP address provided by the user's browser will not be merged with other New Relic data. The legal basis for processing your personal data is your consent pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner.

For more information about how New Relic uses data, see the New Relic privacy statement at https://newrelic.com/termsandconditions/cookie-policy and at https://newrelic.com/termsandconditions/cookie-policy.

10.8. Privacy notice about the use of Microsoft Bing Ads

On our website we use conversion tracking by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In this respect, Microsoft Bing Ads will store a cookie on your computer if you have accessed our website via a Microsoft Bing advertisement. In this way, we and Microsoft Bing can see that someone clicked on an ad, was redirected to our website and arrived at a previously designated landing page (conversion page). We are told the total number of users who clicked on a Bing ad and were then redirected to the conversion page.

In addition, Microsoft may be able to track your usage behavior across several of your electronic devices through cross-device tracking, which allows Microsoft to display personalized advertising on or in Microsoft websites and apps. You can disable such tracking of your behavior via https://account.microsoft.com/privacy/ad-settings/signedout. If you do not want information about your behavior to be used by Microsoft as explained above, you may opt out of a cookie being set, for example by using a browser setting that generally disables cookies being set automatically.

The legal basis for processing your personal data is your consent pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner. For more information about Microsoft's privacy policy and the cookies used by Microsoft and Bing Ads, please visit the Microsoft website at https://privacy.microsoft.com/en-gb/privacystatement.

10.9. Privacy notice about the use of Hotjar

Our website uses Hotjar, analysis software from Hotjar Ltd. ("Hotjar"), 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe. Hotjar can be used to measure and analyze usage behavior on our website in the form of clicks, mouse movements, scroll depths, etc. The information generated by the "tracking code" and the "cookie" is transmitted to and stored on the Hotjar servers in Ireland. The following information is collected:

  • The IP address of your device (collected and stored in an anonymized format)

  • Screen size of your device

  • Device type and browser information

  • Geographical location (country only)

  • The preferred language for displaying our website

In addition, the following data will be logged on our server when Hotjar is used:

  • Referring domain

  • Pages visited

  • Geographical location (country only)

  • The preferred language for displaying our website

  • Date and time website accessed

Hotjar will use this information to analyze how you use our website, to create reports as well as other services concerning website use and Internet analysis of the website. Hotjar also uses third-party services such as Google Analytics to provide services. These third-party companies may store information that your browser sends during the visit to the site, such as cookies or IP requests. For more information about how Google Analytics stores and uses data, please refer to their respective privacy notices.

The legal basis for processing your personal data is your consent pursuant to Article 6(1)(a) GDPR. You give your corresponding consent via the consent banner. For more information about privacy when using Hotjar, please visit www.hotjar.com/privacy and www.hotjar.com/legal/policies/privacy Munich, Germany, May 3rd, 2021