With the following Privacy Policy, we would like to inform you about the types of personal data (hereinafter also referred to as \u201cdata\u201d) we process, the purposes for which we process it, and the scope of such processing. This Privacy Policy applies to all processing of personal data carried out by us, both in connection with the provision of our services and, in particular, on our websites, on mobile devices, and within external online platforms, such as our social media profiles (hereinafter collectively referred to as the \u201cOnline Offer\u201d). <\/p>\n
The terms used are not gender-specific.<\/p>\n
As of December 23, 2024<\/p>\n
Carpsounder Braunfels, Sole Proprietorship
\nOwner: Joachim Flauger
\n6 Josef-L\u00fccker-Weg
\n35619 Braunfels
\nGermany<\/p>\n
Email address:<\/strong> info@carp-sounder.com<\/p>\n Phone:<\/strong> +49 (0) 6442 – 51 52<\/p>\n Legal Notice:<\/strong> https:\/\/carp-sounder.com\/de\/impressum\/<\/p>\n Joachim Flauger, Carpsounder Braunfels e.K. Email address:<\/strong> flauger@carp-sounder.com<\/p>\n The following overview summarizes the types of data processed and the purposes of such processing, and identifies the data subjects.<\/p>\n Below, we outline the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations in your country of residence or our country of incorporation may apply. Furthermore, should more specific legal bases apply in individual cases, we will inform you of these in the Privacy Policy. <\/p>\n We implement technical and organizational measures appropriate to the circumstances and the purposes of the processing, as well as the varying likelihoods and severity of threats to the rights and freedoms of natural persons, in accordance with legal requirements and taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihoods and severity of threats to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.<\/p>\n These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, and disclosure of the data, ensuring its availability, and maintaining its separation. Furthermore, we have established procedures that ensure the exercise of data subjects\u2019 rights, the deletion of data, and responses to data breaches. Furthermore, we take the protection of personal data into account from the very beginning of the development and selection of hardware, software, and procedures, in accordance with the principle of data protection through technical design and privacy-friendly default settings. <\/p>\n SSL Encryption (https)<\/strong>: To protect the data you submit through our online services, we use SSL encryption. You can recognize such encrypted connections by the prefix https:\/\/ in your browser\u2019s address bar. <\/p>\n As part of our processing of personal data, the data may be transferred to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, payment institutions in connection with payment transactions, service providers contracted to perform IT tasks, or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to ensure the protection of your data. <\/p>\n If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if processing occurs in connection with the use of third-party services or the disclosure or transfer of data to other individuals, entities, or companies, this is done only in accordance with legal requirements.<\/p>\n Subject to express consent or where transfer is required by contract or law, we process or allow the processing of data only in third countries with a recognized level of data protection, contractual obligations through the European Commission\u2019s so-called Standard Data Protection Clauses, or where certifications or binding internal data protection policies are in place (Articles 44\u201349 of the GDPR; European Commission information page: https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection\/international-dimension-data-protection_de<\/a> ). <\/p>\n Under the so-called \u201cData Privacy Framework\u201d (DPF), the European Commission has also recognized the level of data protection provided by certain U.S. companies as adequate pursuant to the Adequacy Decision of July 10, 2023. You can find the list of certified companies as well as further information on the DPF on the U.S. Department of Commerce\u2019s website at https:\/\/www.dataprivacyframework.gov\/<\/a> (in English). In our privacy policy, we inform you which of the service providers we use are certified under the Data Privacy Framework. <\/p>\n Cookies are small text files or other storage mechanisms that store information on end devices and retrieve information from them. For example, to save a user\u2019s login status in an account, the contents of a shopping cart in an online store, the content accessed, or the features used on a website. Cookies can also be used for various purposes, such as ensuring the functionality, security, and user-friendliness of online services, as well as analyzing visitor traffic. <\/p>\n Information on Consent: We <\/strong>use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless such consent is not required by law. In particular, consent is not required if the storage and retrieval of information\u2014including cookies\u2014are strictly necessary to provide users with a telemedia service (i.e., our online offering) that they have expressly requested. The revocable consent is clearly communicated to users and includes information regarding the specific use of cookies. <\/p>\n Information on the Legal Basis for Data Protection: <\/strong>The legal basis under data protection law on <\/strong>which we process users\u2019 personal data using cookies depends on whether we ask users for their consent. If users give their consent, the legal basis for processing their data is their explicit consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g., the business operation of our online service and improving its usability) or, if this occurs in the context of fulfilling our contractual obligations, when the use of cookies is necessary to fulfill our contractual obligations. We explain the purposes for which we process cookies in this Privacy Policy or as part of our consent and processing procedures. <\/p>\n Storage Duration: With <\/strong>regard to storage duration, the following types of cookies are distinguished:<\/p>\n General Information on Withdrawal and Objection (Opt-Out): <\/strong> Depending on whether the processing is based on consent or legal authorization, you have the option at any time to withdraw your consent or object to the processing of your data through cookie technologies (collectively referred to as \u201copt-out\u201d). You can initially exercise your right to object through your browser settings, for example, by disabling cookies (although this may also limit the functionality of our website). You can also object to the use of cookies for online marketing purposes through a variety of services\u2014particularly in the case of tracking\u2014via the websites https:\/\/optout.aboutads.info<\/a> and https:\/\/www.youronlinechoices.com\/<\/a>. In addition, you can find further information on how to object in the details provided about the service providers and cookies used. <\/p>\n Processing of Cookie Data Based on Consent:<\/strong> We use a cookie consent management process through which users can grant, manage, and revoke their consent to the use of cookies, as well as to the processing activities and providers specified within the cookie consent management process. The declaration of consent is stored so that users do not have to be asked for consent again and so that we can provide proof of consent in accordance with legal requirements. Storage may occur on the server and\/or in a cookie (a so-called opt-in cookie, or using comparable technologies) to enable the consent to be associated with a user or their device. Subject to specific information provided by cookie management service providers, the following applies: Consent may be stored for up to two years. In this process, a pseudonymous user identifier is generated and stored along with the time of consent, details regarding the scope of consent (e.g., which categories of cookies and\/or service providers), as well as the browser, operating system, and device used. <\/p>\n Cookie Settings\/Opt-Out Option:<\/strong><\/p>\n If you use a cookie consent banner (which is recommended), you can enter the option to display it here (e.g., a link or a so-called [shortcode], which your software automatically converts into a button or link).<\/span><\/p>\n Notes on the processing of cookie data based on consent: You should only leave this option selected (and otherwise deselect it) if you have a “true” opt-in, i.e., obtain users\u2019 consent to the use of cookies (e.g., using so-called \u201ccookie consent\/opt-in banners\u201d or as part of a registration process).<\/span><\/p>\n Since, according to the European Court of Justice, a cookie opt-in is generally required when using marketing tools commonly employed in e-commerce (e.g., Google Analytics or Facebook Pixel), this option is preselected.<\/span><\/p>\n In other words, until users have given their consent, you do not use cookies (and do not use third-party services on your websites that themselves use cookies). The only exception is the use of necessary cookies that users expect, such as a shopping cart feature in an online store or local audience measurement using the Matomo tool. <\/span><\/p>\n We process data from our contractual and business partners, such as customers and prospective customers (collectively referred to as \u201ccontractual partners\u201d), in connection with contractual and similar legal relationships, as well as related measures and communications with contractual partners (or on a pre-contractual basis), e.g., to respond to inquiries.<\/p>\n We process this data to fulfill our contractual obligations, to safeguard our rights, and for the purposes of administrative tasks associated with this information as well as for business organization. We disclose the data of our contractual partners to third parties in accordance with applicable law only to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations, or with the consent of the data subjects (e.g., to involved telecommunications, transportation, and other support services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contractual partners are informed about other forms of data processing\u2014such as for marketing purposes\u2014in this Privacy Policy. <\/p>\n We inform our contractual partners of which data is required for the aforementioned purposes either before or during the data collection process\u2014for example, in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks or similar), or in person.<\/p>\n We delete the data once statutory warranty obligations and similar obligations have expired, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving purposes (e.g., for tax purposes, typically 10 years). If a period does not expressly begin on a specific date and lasts at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the time limit is the date on which the termination or other termination of the legal relationship takes effect. We delete data disclosed to us by the contractual partner in connection with an order in accordance with the terms of the order, generally upon completion of the order. <\/p>\n To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply to the relationship between users and those providers.<\/p>\n Customer Account<\/strong>: Contracting parties may create an account within our online service (e.g., a customer or user account, referred to as a \u201ccustomer account\u201d for short). If registration of a customer account is required, contracting parties will be notified of this requirement as well as of the information needed for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration process, as well as subsequent logins and use of the customer account, we store customers\u2019 IP addresses along with the times of access in order to verify the registration and prevent any misuse of the customer account. <\/p>\n If customers have closed their accounts, the data associated with those accounts will be deleted, unless retention is required by law. It is the customers\u2019 responsibility to back up their data once their accounts have been closed. <\/p>\n Economic Analyses and Market Research<\/strong>: For business reasons and to identify market trends as well as the preferences of our contractual partners and users, we analyze the data available to us regarding business transactions, contracts, inquiries, etc., whereby the group of data subjects may include contractual partners, prospective customers, customers, visitors, and users of our online services.<\/p>\n The analyses are conducted for the purposes of business evaluations, marketing, and market research (e.g., to identify customer groups with different characteristics). In doing so, we may take into account\u2014where available\u2014the profiles of registered users, including their information, such as the services they have used. The analyses are used solely by us and are not disclosed externally, unless they are anonymous analyses based on aggregated\u2014and thus anonymized\u2014data. Furthermore, we respect users\u2019 privacy and process the data for analytical purposes in a pseudonymous manner whenever possible and, where feasible, anonymously (e.g., as aggregated data). <\/p>\n Shop and E-Commerce<\/strong>: We process our customers\u2019 data to enable them to select, purchase, or order the products, goods, and related services of their choice, as well as to facilitate payment and delivery or fulfillment. If necessary to fulfill an order, we engage service providers\u2014in particular postal, freight, and shipping companies\u2014to carry out the delivery or fulfillment for our customers. We use the services of banks and payment service providers to process payments. The required information is clearly marked as such during the ordering process or similar purchase process and includes the details necessary for delivery, provision, and billing, as well as contact information to facilitate any necessary communication. <\/p>\n In the context of contractual and other legal relationships, in accordance with legal obligations, or otherwise based on our legitimate interests, we offer data subjects efficient and secure payment options and, to this end, engage not only banks and credit institutions but also other payment service providers (collectively, \u201cpayment service providers\u201d).<\/p>\n The data processed by payment service providers includes personal information, such as name and address; banking information, such as account numbers or credit card numbers; passwords, TANs, and checksums; as well as details related to the contract, transaction amounts, and recipients. This information is required to process the transactions. However, the data entered is processed and stored solely by the payment service providers. This means that we do not receive any account- or credit card-related information, but only information confirming or rejecting the payment. Under certain circumstances, the payment service providers may transmit the data to credit bureaus. The purpose of this transmission is to verify identity and creditworthiness. For more information, please refer to the terms and conditions and privacy policies of the payment service providers. <\/p>\n Payment transactions are subject to the terms and conditions and privacy policies of the respective payment service providers, which are available on their respective websites or within their transaction applications. We also refer you to these documents for further information and to exercise your rights of withdrawal, access, and other data subject rights. <\/p>\n Services Used and Service Providers:<\/strong><\/p>\n In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online services can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, and database services, as well as security and technical maintenance services. <\/p>\n The data processed in connection with the provision of the hosting service may include any information relating to users of our online service that is generated during their use of the service and their communications. This typically includes the IP address, which is necessary to deliver the content of online services to browsers, and all data entered within our online service or on websites. <\/p>\n Email Sending and Hosting<\/strong>: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, we process the addresses of the recipients and senders, as well as other information related to email transmission (e.g., the providers involved) and the content of the respective emails. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails are generally not sent in encrypted form over the Internet. Although emails are typically encrypted during transmission, they are not encrypted on the servers from which they are sent and received (unless a so-called end-to-end encryption method is used). We therefore cannot assume any responsibility for the transmission of emails between the sender and our server. <\/p>\n Collection of Access Data and Log Files<\/strong>: We (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, the date and time of the request, the amount of data transferred, a notification of a successful request, the browser type and version, the user\u2019s operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. <\/p>\n Server log files can be used, on the one hand, for security purposes\u2014for example, to prevent server overload (particularly in the case of malicious attacks, known as DDoS attacks)\u2014and, on the other hand, to ensure server performance and stability.<\/p>\n When you contact us (e.g., via the contact form, email, phone, or social media), we process the information provided by the person making the inquiry to the extent necessary to respond to the inquiry and take any requested actions.<\/p>\n We respond to contact requests made in the context of contractual or precontractual relationships to fulfill our contractual obligations or to respond to (pre)contractual inquiries, and in all other cases based on our legitimate interests in responding to such inquiries.<\/p>\n Services Used and Service Providers:<\/strong><\/p>\n We send newsletters, emails, and other electronic notifications (hereinafter \u201cnewsletters\u201d) only with the recipients\u2019 consent or when permitted by law. If the content of a newsletter is specifically described during the sign-up process, that description is decisive for the users\u2019 consent. In addition, our newsletters contain information about our services and our company. <\/p>\n To subscribe to our newsletters, all you need to do is provide your email address. However, we may ask you to provide a name\u2014so we can address you personally in the newsletter\u2014or additional information, if it is necessary for the purposes of the newsletter. <\/p>\n Double opt-in process:<\/strong> Signing up for our newsletter generally follows a so-called double opt-in process. This means that after signing up, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can sign up using someone else\u2019s email address. Newsletter subscriptions are logged to provide proof of the subscription process in accordance with legal requirements. This includes storing the time of subscription and confirmation, as well as the IP address. Changes to your data stored with the email service provider are also logged. <\/p>\n Deletion and Restriction of Processing: We <\/strong> may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for erasure may be submitted at any time, provided that the prior existence of consent is confirmed at the same time. In the event of obligations to permanently honor objections, we reserve the right to store the email address solely for this purpose in a block list (so-called \u201cblacklist\u201d). <\/p>\n We log the registration process based on our legitimate interests for the purpose of verifying that it was carried out properly. If we engage a service provider to send emails, we do so based on our legitimate interests in having an efficient and secure email delivery system. <\/p>\n Notes on Legal Bases:<\/strong> Newsletters are sent based on the recipients\u2019 consent or, if consent is not required, based on our legitimate interests in direct marketing, provided that such marketing is permitted by law\u2014for example, in the case of marketing to existing customers. To the extent that we engage a service provider to send emails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests in order to demonstrate that it was carried out in accordance with the law. <\/p>\n Contents:<\/strong> Information about us, our services, promotions, and special offers.<\/p>\n Services Used and Service Providers:<\/strong><\/p>\n Web analytics (also referred to as \u201caudience measurement\u201d) is used to analyze visitor traffic to our online platform and may include pseudonymized data on visitor behavior, interests, or demographic information, such as age or gender. With the help of audience measurement, we can, for example, determine at what times our online platform, its features, or its content are used most frequently, or encourage repeat visits. We can also identify which areas require optimization. <\/p>\n In addition to web analytics, we can also use testing methods to, for example, test and optimize different versions of our online offering or its components.<\/p>\n For these purposes, so-called user profiles may be created and stored in a file (known as a \u201ccookie\u201d), or similar methods with the same purpose may be used. This information may include, for example, content viewed, websites visited, and elements used on those sites, as well as technical details such as the browser and computer system used, and information regarding usage times. If users have consented to the collection of their location data, this data may also be processed, depending on the provider. <\/p>\n We also collect users\u2019 IP addresses. However, we use an IP masking method (i.e., pseudonymization by truncating the IP address) to protect users. In general, no personally identifiable user data (such as email addresses or names) is stored in the context of web analytics, A\/B testing, and optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software we use know the actual identity of the users; we only know the information stored in their profiles for the purposes of the respective processes. <\/p>\n Notes on Legal Bases:<\/strong> If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., our interest in providing efficient, cost-effective, and user-friendly services). In this context, we would also like to draw your attention to the information regarding the use of cookies in this Privacy Policy. <\/p>\n Services Used and Service Providers:<\/strong><\/p>\n We process personal data for online marketing purposes, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as \u201ccontent\u201d) based on users\u2019 potential interests, as well as the measurement of their effectiveness.<\/p>\n For these purposes, so-called user profiles are created and stored in a file (known as a \u201ccookie\u201d), or similar methods are used to store user information relevant to the display of the aforementioned content. This information may include, for example, content viewed, websites visited, online networks used, as well as communication partners and technical details such as the browser and computer system used, and information regarding usage times. If users have consented to the collection of their location data, this data may also be processed. <\/p>\n We also collect users\u2019 IP addresses. However, we use available IP masking methods (i.e., pseudonymization by truncating the IP address) to protect users. In general, no personally identifiable information (such as email addresses or names) is stored as part of online marketing procedures; instead, pseudonyms are used. This means that neither we nor the providers of the online marketing services know the actual identities of users, but only the information stored in their profiles. <\/p>\n The information in the profiles is typically stored in cookies or using similar methods. These cookies can generally be read later on other websites that use the same online marketing method; they can be analyzed for the purpose of displaying content, supplemented with additional data, and stored on the server of the online marketing provider. <\/p>\n In exceptional cases, personal data may be associated with profiles. This is the case, for example, when users are members of a social network whose online marketing methods we use, and the network links the users\u2019 profiles to the aforementioned information. Please note that users may enter into additional agreements with the providers, such as by giving consent during registration. <\/p>\n As a general rule, we only have access to aggregated information regarding the performance of our advertisements. However, through what is known as conversion tracking, we can determine which of our online marketing methods have led to a so-called conversion\u2014that is, for example, the signing of a contract with us. Conversion tracking is used solely to analyze the success of our marketing efforts. <\/p>\n Unless otherwise specified, please assume that the cookies we use will be stored for a period of two years.<\/p>\n Notes on Legal Bases:<\/strong> If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., our interest in providing efficient, cost-effective, and user-friendly services). In this context, we would also like to draw your attention to the information regarding the use of cookies in this Privacy Policy. <\/p>\n Services Used and Service Providers:<\/strong><\/p>\nContact the Data Protection Officer<\/h2>\n
\n6 Josef-L\u00fccker-Weg
\n35619 Braunfels
\nGermany<\/p>\nOverview of Processing Steps<\/h2>\n
Types of Data Processed<\/h3>\n
\n
Categories of Data Subjects<\/h3>\n
\n
Purposes of Processing<\/h3>\n
\n
Automated Decisions on a Case-by-Case Basis<\/h3>\n
\n
Relevant Legal Bases<\/h3>\n
\n
Safety Measures<\/h2>\n
Transfer and Disclosure of Personal Data<\/h2>\n
Data Processing in Third Countries<\/h2>\n
Use of Cookies<\/h2>\n
\n
Commercial and Business Services<\/h2>\n
\n
Payment service provider<\/h2>\n
\n
\n
Provision of the Online Service and Web Hosting<\/h2>\n
\n
Contact Us<\/h2>\n
\n
\n
Newsletters and Electronic Notifications<\/h2>\n
\n
\n
Web Analytics, Monitoring, and Optimization<\/h2>\n
\n
\n
\nIn this process, pseudonymous user profiles are created using information from the use of various devices, and cookies may be used for this purpose. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based equivalents). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for any other purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website <\/span>: https:\/\/marketingplatform.google.com\/intl\/de\/about\/analytics\/<\/a>; Security measures: IP masking (pseudonymization of the IP address); Privacy policy: https:\/\/policies.google.com\/privacy<\/a>; Data processing agreement: https:\/\/business.safety.google\/adsprocessorterms\/<\/a>; Basis for transfers to third countries: Data Privacy Framework (DPF); Right to object (opt-out): Opt-out plugin: https:\/\/tools.google.com\/dlpage\/gaoptout?hl=de<\/a>, Settings for displaying advertisements: https:\/\/myadcenter.google.com\/personalizationoff<\/a>; Further information: https:\/\/business.safety.google\/adsservices\/<\/a> (types of processing and the data processed). <\/li>\n
\nhttps:\/\/business.safety.google\/adsprocessorterms<\/a>; Basis for transfers to third countries: Data Privacy Framework, Standard Contractual Clauses (https:\/\/business.safety.google\/adsprocessorterms<\/a>); Further information: https:\/\/privacy.google.com\/businesses\/adsservices<\/a> (types of processing and the data processed).<\/li>\n<\/ul>\nOnline Marketing<\/h2>\n
\n
\nb) Canada: https:\/\/www.youradchoices.ca\/choices<\/a>.
\nc) USA: https:\/\/www.aboutads.info\/choices<\/a>.
\nd) Cross-regional: https:\/\/optout.aboutads.info<\/a>. <\/li>\n<\/ul>\n\n