Privacy Policy

In this privacy policy we (the company caralegal GmbH) inform you about the processing of personal data when using our website. You can print or save this privacy statement using your browser's standard functionality.

Contact

Responsible party and contact person

2.1.

Visiting our website / Connection data

2.2.

Making contact

2.3.

Newsletter

2.4.

Email marketing to existing customers

Use of tools on the website

3.1.

Technologies used

3.2.

Legal basis and revocation

3.2.1.

Legal basis

3.2.2.

Obtaining your consent

3.2.3.

Revocation of your consent or changing your selection

3.3.

Necessary tools

3.3.1.

Google Tag Manager

3.4.

Analytics tools

3.4.1.

Google Analytics 4

3.5.

Marketing Tools

3.5.1.

LinkedIn Insight Tag

3.5.2.

Google Ads Conversion Tracking

3.5.3.

Microsoft Conversion Tracking

3.5.4.

Leadfeeder - B2B visitor identification

3.5.5.

Google Ads Remarketing

Social networks

4.1.

Online presence on social networks

4.2.

Forms for inquiries and registrations on LinkedIn

Disclosure of data

Data transfer to third countries

Storage period

Your rights

Right of withdrawal and objection

10.

Changes to this privacy statement

1. Responsible party and contact person

The point of contact and so-called controller for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (GDPR) is

caralegal GmbH
Am Hamburger Bahnhof 4
10557 Berlin

E-Mail: privacy@caralegal.eu

Phone: +49 30 311 938 97

If you have any questions about data protection in connection with our product caralegal or the use of our website, you can also contact our data protection officer at any time. The data protection officer can be contacted at the above-mentioned postal address or by sending an email to the address provided (please mark all correspondence with: “F.A.O. data protection officer”).

2. Data processing on our website

2.1. Visiting our website / Connection data

With every use of our website, we collect the connection data that your browser automatically transmits to enable you to visit the website. This connection data includes the so-called HTTP header information, including the User-Agent, and includes in particular:

IP address of the requesting device;

date and time of the request;

addresses of the website visited and the requesting website;

information about the browser used and the operating system;

online identifiers (e.g. device IDs, session IDs).

The processing of this connection data is necessary to enable the visit of the website, to ensure the permanent functionality and security of our systems, as well as to generally administrate our website. The connection data is also temporarily and restricted to the necessary minimum stored in internal log files for the purposes described above, to create statistical information about the usage of our website, to further develop our website in terms of the usage habits of our visitors (e.g., if the share of mobile devices accessing the pages increases), and to generally administrate our website.

The legal basis is Art. 6 para. 1 lit. b GDPR, provided that the page visit occurs during the initiation or execution of a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in enabling website visits, as well as the permanent functionality and security of our systems. However, the automatic transmission of connection data and the resulting log files does not constitute access to information on the user's end device as defined by the implementation laws of the EU member states for the ePrivacy Directive, and in Germany § 25 TDDDG. Nevertheless, it would be absolutely necessary.

For data protection reasons, log files are not stored or analyzed by us permanently.

2.2. Making contact

You have various options to get in touch with us, such as through the contact form or by phone. In this context, we process data solely for the purpose of communication with you.

The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as your information is required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in enabling you to contact us and allowing us to respond to your inquiry. We only make promotional phone calls if you have given your consent for this. If you are not an existing customer, we will send you promotional emails only with your consent. The legal basis is Art. 6 para. 1 lit. a GDPR in conjunction with § 7 para. 2 No. 1 or 2 UWG.

The data collected by us when using the contact form will be automatically deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations (see section 7 “Storage period”).

2.3. Newsletter

With our newsletter, we primarily aim to inform you about the latest developments in data protection, articles from our specialist areas, as well as events, news, offers, and other important information. To subscribe to the newsletter, we collect your email address and, in the case of events, additionally, your name and, if applicable, your company name.

For newsletter subscriptions, we use the double opt-in procedure, meaning we will only send you newsletters by email if you confirm that you are the owner of the provided email address by clicking a link in our confirmation email. Once you confirm your email address, we will store your email address, the time of registration, and the IP address used for registration until you unsubscribe from the newsletter. This storage serves the sole purpose of sending you the newsletter and being able to verify your registration. The legal basis for processing is your consent under Art. 6 para. 1 lit. a GDPR. You can unsubscribe from the newsletter at any time. An appropriate unsubscribe link is included in each newsletter. A message to the contact details provided above or in the newsletter (e.g., by email or letter) is also sufficient.

In our newsletters, we use pixels (tiny, invisible image files) to measure the opening rate, as well as links with which we can measure clicks on the link before being redirected to the target page. Sendinblue collects data at the individual recipient level for this purpose. However, data analysis is carried out exclusively in aggregated form for statistical evaluation and optimization to further develop our content and customer communication. Usage analysis at the individual recipient level does not take place. Furthermore, it is also recorded whether newsletters could be delivered and for which email addresses delivery was not possible. There is no linkage with other data. You can prevent the measurement of the opening rate by disabling the loading of images in your email client.

Once you unsubscribe from the newsletter, your registration data will be deleted. Deletion also occurs promptly if you have not confirmed the newsletter subscription.

We use Sendinblue, a service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany (“Sendinblue”), for sending our newsletter. We have concluded a data processing agreement with Sendinblue. Your data is stored by Sendinblue in encrypted form in the European Union and transmitted in encrypted form. Where Sendinblue works with sub-processors whose parent company is not based in the European Union, Sendinblue and its sub-processors have entered into standard contractual clauses and have taken additional measures to protect the data.

The legal basis for the delivery of the newsletter, the aggregated usage analysis and the determination of deliverability is your consent pursuant to Art. 6(1)(a) GDPR.

Further information on data protection and data security can be found at:

https://de.sendinblue.com/legal/privacypolicy/ and https://www.sendinblue.com/security/

2.4. Existing Customer Advertising

When you enter into a contract with us for the use of the "caralegal" software, we also use your contact information to send you further relevant information about our products and services via email ("customer retention marketing"). This may include updates, promotions, offers, as well as feedback and other surveys.

The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 (3) Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb - UWG), which allows data processing for the legitimate interest of storing and further using data for advertising purposes. You can object to the use of your data for marketing purposes at any time by using the appropriate link in the emails or by notifying us through the contact details provided above (e.g., via email or letter), without incurring any costs other than the transmission fees at basic rates.

We do not perform an evaluation or analysis of user behaviour or open and click rates.

For sending customer retention marketing, we use Sendinblue, a service of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany ("Sendinblue"). We have entered into a data processing agreement with Sendinblue. Your data is stored and transmitted by Sendinblue in encrypted form within the European Union. If Sendinblue collaborates with subcontractors whose parent company is not located in the European Union, Sendinblue and its subcontractors have entered into standard contractual clauses and additional measures for data protection.

For more information on data protection and data security, please refer to:

https://www.sendinblue.com/security/ and https://www.sendinblue.com/legal/privacypolicy/.

3. Use of tools on the website

3.1 Utilised technologies

This website utilises various services and applications (collectively referred to as "Tools"), which are offered by either us or third parties. These tools include technologies that store or access information on the end user's device:

Cookies: Information stored on the end user's device, typically consisting of a name, a value, the domain that stores it, and an expiration date. Session cookies are deleted after the session, while persistent cookies are deleted after the specified expiration date. Cookies can also be manually removed.

Web Storage (local storage / session storage): Information stored on the end user's device, comprising a name and a value. Information in session storage is deleted after the session, whereas information in local storage has no expiration date and is generally retained unless a deletion mechanism is set up (e.g., storing local storage with a timestamp). Information in local and session storage can also be manually removed.

JavaScript: Embedded or invoked programming code (scripts) within the website that may, for example, set cookies and web storage or actively collect information from the end user's device or their usage behaviour. JavaScript can be used for "active fingerprinting" and creating user profiles. Blocking JavaScript can be achieved through a browser setting, though it may disrupt the functionality of most services.

Pixels: Tiny graphics automatically loaded by a service, which may allow for the recognition of visitors by automatically transmitting standard connection data (especially IP address, browser information, operating system, language, accessed address, and time of access). Pixels can be used to recognize visitors and track activities such as opening an email or visiting a website. Pixels can enable "passive fingerprinting" and the creation of user profiles. Blocking the loading of images, such as in emails, can prevent the use of pixels, but it may severely affect display.

With the help of these technologies and the mere connection to a page, so-called "fingerprints" can be created, which are user profiles that can recognize visitors even without the use of cookies or web storage. Fingerprinting due to the connection setup cannot be entirely prevented manually.

Most browsers are initially configured to accept cookies, run scripts, and display images. However, you can usually adjust your browser settings to reject all or certain cookies, block scripts, and images. If you completely block the storage of cookies, the display of images, and the execution of scripts, our services may not function properly or at all.

Below, we provide a categorized list of the tools we use, along with information about the tool providers, the storage duration of cookies or data in local storage and session storage, as well as data sharing with third parties. We also explain the instances where we obtain your voluntary consent to use the tools and how you can revoke this consent.

If - even despite the greatest care - the information in the consent banner contradicts that said in this data privacy policy, the information in this data privacy policy prevails.

Legal basis and withdrawal

3.2.1. Legal basis

We use tools necessary for website operation based on our legitimate interest under Art. 6 para. 1 lit. f GDPR to provide the essential functions of our website. In specific cases, these tools may also be required for the performance of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out under Art. 6 para. 1 lit. b GDPR. Access to and storage of information on the end device is essential in these cases and is based on the implementing acts of the ePrivacy Directive of EU member states, in Germany, pursuant to § 25 para. 2 TDDDG.

All other non-essential (optional) tools that provide additional functions are used with your consent under Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device is then based on the implementing acts of the ePrivacy Directive of EU member states, in Germany, pursuant to § 25 para. 1 TDDDG. Data processing using these tools only takes place when we have obtained your prior consent.

If personal data is transferred to third countries, we refer to Section 6 ("Transfer of Data to Third Countries") also in terms of the potential associated risks. We will inform you if there is an adequacy decision for the respective third country or if standard contractual clauses or other safeguards have been put in place for the use of specific tools. If you have given your consent for the use of specific tools and the associated transfer of your personal data to third countries, we transfer the data processed when using the tools (also) to third countries based on this consent under Art. 49 para. 1 lit. a GDPR.

3.2.2. Obtaining your consent

We use the WordPress plugin "Borlabs Cookie" to obtain and manage your consents. This plugin generates a banner that informs you about data processing on our website and provides you with the option to consent or decline to individual or all data processing activities conducted by optional tools. This banner is displayed on your first visit to our website and when you revisit our site to change your preferences or revoke consents. The banner will also reappear during subsequent visits if you have disabled cookie storage or if the cookies or information stored in the local storage by "Borlabs Cookie" have been deleted or have expired.

Additionally, the WordPress plugin "Borlabs Cookie" utilises a necessary cookie (named "borlabs-cookie") to store your granted consents and withdrawals. If you delete your cookies, we will request your consent again when you revisit our site.

The data processing carried out by the WordPress plugin "Borlabs Cookie" is necessary to provide you with the legally required consent management and to fulfill our documentation obligations. The legal basis is Art. 6 para. 1 lit. f GDPR based on our interest in complying with the legal requirements for consent management. Accessing and storing information on your device is essential in these cases and is carried out in accordance with the implementing laws of the ePrivacy Directive of EU member states, or, in Germany, according to § 25 para. 2 TDDDG.

3.2.3. Revocation of your consent or changing your selection

You can revoke your consent for specific tools at any time. To do so, please click on the following link:

. There, you can also adjust your preferences regarding which tools you wish to consent to and find additional information about cookies and their respective storage durations. Alternatively, you can directly exercise your withdrawal for specific tools through the respective providers.

3.3. Necessary tools

We use certain tools to enable the basic functions of our website (referred to as "essential tools"). Without these tools, we would not be able to provide our service. Therefore, essential tools are used without the need for consent.

The legal basis for essential tools is the necessity to fulfill our legitimate interests in providing the respective basic functions and operating our website, as per Art. 6 para. 1 lit. f GDPR. In cases where the provision of specific website functions is necessary to fulfill a contract or to carry out pre-contractual measures, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Access to and storage of information on the user's device is absolutely necessary in these cases and is carried out based on the implementation laws of the EU member states' ePrivacy Directive and in Germany under § 25 para. 2 TDDDG.

In the event of personal data being transferred to third countries (such as the United States), we refer to Section 6 ("Data Transfer to Third Countries") for additional information.

3.3.1. Google Tag Manager

Our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for users from the European Economic Area and Switzerland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively "Google").

The Tag Manager is used solely for the management of website tools through the integration of so-called website tags. A tag is an element embedded in the source code of our website to execute a tool, for example through scripts. If these are optional tools, they are only integrated by Google Tag Manager with your consent. Google Tag Manager uses JavaScript and generally operates without the use of cookies.

The legal basis is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in easily integrating and managing multiple tags on our website.

For the purpose of ensuring stability and functionality in the use of Google Tag Manager, Google collects information about which tags are integrated through our website. However, Google Tag Manager does not generally store personal data beyond the basic connection, particularly not data about user behavior or the pages visited.

We have entered into a data processing agreement with Google Ireland Limited. In the event that personal data is transferred from Google Ireland Limited to the USA or other third countries, Google Ireland Limited and Google LLC have entered into standard contractual clauses (Commission Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR.

For more information, please refer to Google's information on Tag Manager.

3.4. Analytics tools

To improve our website, we use optional tools for visitor recognition and for the statistical collection and analysis of general usage behaviour, referred to as "analytics tools." We also utilise analytical services to evaluate the use of our various marketing channels. The collected usage information is aggregated and enables us to understand the usage patterns of our visitors. This helps us tailor and optimize the design of our website and enhance the user experience.

The legal basis for the use of Analysis Tools is, unless otherwise specified, your consent under Art. 6 para. 1 lit. a GDPR. Access to and storage of information on your device is based on the implementation laws of the ePrivacy Directive of EU Member States, in Germany, following § 25 para. 1 TDDDG. For withdrawing your consent, please refer to 3.2.3: "Withdrawal of your consent or changing your preferences."

In the event that personal data is transferred to the United States or other third countries, your consent explicitly extends to data transmission (Art. 49 para. 1 lit. a GDPR). Please refer to Section 6 ("Data transfer to third countries") for the associated risks.

3.4.1. Google Analytics 4

Our website uses the Google Analytics 4 service ("Google Analytics 4"), provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for users in Europe, the Middle East, and Africa (EMEA), and for all other users, by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively "Google").

Google Analytics uses JavaScript and pixels to read information on your device and cookies to store information on your device. This is done to analyze your usage behavior and improve our website. We will process the collected information to evaluate your use of the website and compile reports on website activities for the website operators. In this context, the data generated may be transferred to a server in the USA for analysis and storage by Google.

As part of the analysis, Google Analytics 4 also utilizes artificial intelligence such as machine learning for automated analysis and enrichment of data. This is particularly done for forecasted metrics related to the future behavior of visitors based on structured event data, such as predicted revenue, purchase probability, and churn probability. Forecasted metrics can also be used for forecasted audiences.
For further information, please click here.

Additionally, Google Analytics 4 models conversions where there is insufficient data to optimize the analysis and reports.
For further information, please click here.

Data evaluations are performed automatically using artificial intelligence or based on specific individually defined criteria.
For further information, please click here.

We have made the following privacy setting for Google Analytics 4:

IP anonymization;

Retention period of 2 months (and no reset of retention period on new activity);

disabled data sharing (especially Google products and services, benchmarking, technical support, account specialist).

The following data is processed by Google Analytics:

IP address;

User-ID and device-ID;

Referrer-URL (previous visited page);

pages visited (date, time, URL, title, time spent);

downloaded files;

clicked links to other websites;

cross-device and cross-page tracking (Google Signals);

achievement of specific goals (conversions);

technical information (operating system; browser type, version and language; device type, brand, model and resolution);

approximate location (country, region and city, if applicable, based on anonymized IP address).

Google Analytics 4 uses the following cookies for the specified purposes with their respective storage durations:

“_ga” (2 years) und “_gid” (24 hours): recognition and differentiation of visitors by a user-ID;

“_ga_[GA4-ID]” (2 years): retention of current session information;

“_gac_UA-[GA4-ID]” (90 days): storing campaign-related information and potentially linking it to Google Ads Conversion Tracking.

For more information about the cookies used by Google Analytics 4, please click here.

The legal basis for this data processing is your consent according to Art. 6 para. 1 lit. a GDPR. Access to and storage of information on your device is based on the implementation laws of the ePrivacy Directive of the EU member states, and in Germany according to § 25 para. 1 TDDDG.

We have entered into a data processing agreement with Google Ireland Limited for the use of Google Analytics 4. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (EU Implementing Decision 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR. In addition, we obtain your explicit consent under Art. 49 para. 1 lit. a GDPR for the transfer of your data to third countries.

For more information, please refer to Google’s privacy policy.

3.5. Marketing Tools

We also use optional tools for advertising purposes ("Marketing Tools"). Some of the access data generated when using our website is used to create user profiles, which store information about your usage behavior, the advertisements you have viewed or clicked on, and, based on that, your categorization into advertising categories, interests, and preferences. Through the analysis and evaluation of this access data, we are able to display personalised advertisements on our website and on the websites and services of other providers, which correspond to your actual interests and needs. We also analyze your usage behavior to recognise you on other sites and address you in a personalised manner based on your use of our site (known as retargeting). Furthermore, we evaluate the effectiveness and success of our advertising campaigns, especially conversions and leads.

Marketing tools also include optional tools from social networks that are used to share posts and content through these networks ("Social Media plugins").

The legal basis for the marketing zools is your consent according to Art. 6 para. 1 lit. a GDPR, which you provide via the consent banner or directly at the respective tool by allowing its use through an overlay banner. Access to and storage of information on your device is then based on the implementation laws of the ePrivacy Directive of EU member states, in Germany, according to § 25 para. 1 TDDDG. For revoking your consent, please see 3.2.3: " Withdrawal of your consent or changing your selection."

In the event that personal data is transferred to third countries (such as the USA), your consent explicitly extends to the data transfer (Art. 49 para. 1 lit. a GDPR). Please refer to section 6 ("Data Transfer to Third Countries") for associated risks.

In the following section, we would like to explain the tools and the providers used in more detail. The collected data may include in particular:

the IP address of the device;

information from cookies and in local or session storage;

device identifiers for mobile devices (e.g., device ID, advertising ID);

referrer URL (previously visited page);

accessed pages (date, time, URL, title, duration);

downloaded files;

Clicked links to other websites;

Achievement of specific goals (conversions), if applicable;

Technical information: operating system; browser type, version and language; device type, brand, model and resolution;

Approximate location (country and city, if applicable).

However, the collected data is stored pseudonymously, so no immediate conclusions about individuals are possible.

3.5.1. Linkedin Insight Tag

Our website uses the LinkedIn Insight Tag service provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"). This service allows us to collect and analyze statistical data about your visit and usage of our website. It enables us to display interest-based and relevant offers, recommendations, and advertising on LinkedIn (retargeting). Additionally, it involves an analysis of the effectiveness of advertising (conversion tracking). LinkedIn uses cookies, pixels, and JavaScript for this purpose.

The following cookies are set and read by LinkedIn:

“lang” (Session): stores the language setting;
“lidc” (24 hours): optimises the selection of the data center;
“lissc” (180 days): a cookie that ensures all cookies in the same browser use the same SameSite attribute;
“bcookie” (2 years): prevents misuse;
“UserMathHistory” (30 days): usage analysis, synchronisation of IDs with LinkedIn Ads;
“li_gc” (2 years): stores user consent;
“AnalyticsSyncHistory” (30 days): stores information synchronisation for LinkedIn members.

For more information about cookies, please visit: https://www.linkedin.com/legal/l/cookie-table.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information on your device is based on the implementation laws of the ePrivacy Directive of EU member states, in Germany, according to § 25 para. 1 TDDDG.

If you are logged into LinkedIn while visiting our website, LinkedIn may link the collected information to your member account and use it for targeted advertising on LinkedIn. You can view and adjust your privacy settings on LinkedIn at the following link: https://www.linkedin.com/psettings/enhanced-advertising.

We have entered into a data processing agreement with LinkedIn in accordance with Article 28 of the GDPR. In the context of this agreement, data that is collected may be transferred to a server in the United States and stored there. In the event that personal data is transferred to the USA or other third countries, we have also concluded Standard Contractual Clauses with LinkedIn, as provided for in Implementing Decision (EU) 2021/914, Module 2, in accordance with Art. 46 para. 2 lit. c GDPR. In addition to this, we obtain your explicit consent, as required by Art. 49 para. 1 lit. a GDPR, for the transfer of your data to third countries.

For further information, please refer to LinkedIn's privacy policy.

3.5.2. Google Ads Conversion Tracking

Our website uses the "Google Ads Conversion Tracking" service, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for individuals from the European Economic Area and Switzerland, and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for all other individuals ("Google").

This service allows us to track and analyse defined customer actions, such as clicking on a button and subsequently submitting a form. This helps us evaluate the success of campaigns and advertisements and optimize the design of our website. Additionally, we use and analyse parameters in the URL (such as the source of the visitor, e.g., a domain, the type and name of the campaign) to better measure campaigns and attribute them to users.

The service uses cookies, JavaScript, pixels, and other technologies for this purpose. Google processes the data to improve the quality and accuracy of conversions. Data collected in this context may be transferred to a server in the USA and stored there.

The following cookies are set and read by Google:

"_gcl_au" (90 days): conversion tracking, storage of ad clicks;
"IDE" (1 year): a cookie for recognising and distinguishing visitors through a user ID across different pages, tracking interactions with advertisements, and displaying personalised ads.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information on your device is based on the implementation laws of the ePrivacy Directive of EU member states, in Germany, according to § 25 para. 1 TDDDG. The transfer of your data to the USA is based on an adequacy decision (Google LLC is certified under the EU-US Data Privacy Framework).

For further information, please refer to Google's privacy policy.

3.5.3. Microsoft Conversion Tracking

Our website uses Microsoft Conversion Tracking, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland ("Microsoft").

This service allows us to track and analyse defined customer actions, such as clicking on a button and subsequently submitting a form. This helps us evaluate the success of campaigns and advertisements and optimise the design of our website. Additionally, we use and analyse parameters in the URL (such as the source of the visitor, e.g., a domain, the type and name of the campaign) to better measure campaigns and attribute them to users. The service uses cookies, JavaScript, and local storage for this purpose. Data collected in this context may be transferred to a server in the USA and stored there.

The following cookies are set and read by Microsoft Conversion Tracking for the specified purposes, along with their respective storage durations:

"_uetsid" (24 hours): session ID;
"_uetvid" (13 months): visitor recognition, usage analysis, displaying personalised ads;
"MUID" (13 months): visitor recognition, usage analysis, displaying personalised ads.

he following information is stored and read in local storage by Microsoft Conversion Tracking:

"_uetsid", "_uetvid": used for the same purposes as the corresponding cookies;
"_uetsid_exp", "_uetvid_exp": information about the expiration date of the information in local storage.

The legal basis for this data processing is your consent in accordance with Art. 6 (1) lit. a GDPR. Access to and storage of information on your device is based on the implementation laws of the ePrivacy Directive of EU member states, in Germany, according to § 25 para. 1 TDDDG. The transfer of your data to the USA is based on an adequacy decision (Microsoft Corporation is certified under the EU-US Data Privacy Framework).

Further information can be found in Microsoft's privacy policy: Microsoft Privacy Statement.

3.5.4. Leadfeeder - B2B visitor identification

On our website, we utilise the service Leadfeeder from Finnish company Liidio Oy / Leadfeeder, located at Keskuskatu 6 E, 00100 Helsinki, Finland ("Leadfeeder"). This service allows us to identify the names of companies visiting our website, enabling us to implement more targeted B2B marketing initiatives. It involves recording the behaviour of website visitors, such as the pages they visit, their origin, and the duration of their stay on our website. Additionally, the IP addresses of visitors are recorded to determine the company and geographic location. To achieve this, cookies and local storage are also used.

Leadfeeder performs the service as a subcontractor of Pipedrive OÜ Mustamäe tee 3a 10615 Tallinn Estonia, with whom we have concluded a contract for processing. All data is stored by Leadfeeder in encrypted form in the European Union and transmitted in encrypted form.

The following cookies are set and read by Leadfeeder for the specified purpose with the respective storage period:

"_lfa" (24 months): Visitor recognition

The following information in local storage is stored and read by Leadfeeder:

"_lfa_expiry": Contains the expiry date for the cookie described above.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

3.5.5. Google Ads Remarketing

Our websites use the "Google Ads Remarketing" service, which is offered to individuals from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other individuals by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google").

Google Ads Remarketing is used to display targeted advertising for caralegal to users of caralegal.eu after their visit to our website on pages of the Google Partner Network or in Google search. For this purpose, the collected and analysed usage information, including through Google Ads Conversion Tracking, is collected in an audience list in Google Analytics. These can also be used by Google Ads Remarketing. Audience lists for the Display Network contain at least 100 people and for Google Search, at least 1000 people. Therefore, advertising is not personalised to individual persons but rather to audience segments. The data collected in this context may be transmitted to a server in the USA and stored there.

Google Ads Remarketing uses cookies, JavaScript, and pixels, with the following cookies being stored and read:

"_gcl_au" (90 days): Conversion tracking, storing ad clicks;

"_gcl_aw" (90 days): Conversion tracking, storing ad clicks;

"_gac_UA-[GA4-ID]" (90 days): Storing campaign-related information and linking with Google Analytics;

"IDE" (13 months): Identification and differentiation of users by a user ID, capturing interaction with advertising, displaying personalised ads.

The legal basis for this data processing is your consent under Art. 6 (1) lit. a GDPR. Access to and storage of information on the user's device is based on the implementation laws of the ePrivacy Directive of EU member states, and in Germany, according to § 25 (1) TDDDG. The transfer of your data to the USA is based on an adequacy decision (Google LLC is certified for the EU-US Data Privacy Framework).

If you use a Google account, Google, depending on the settings in your Google account, can link your web and app browser history with your Google account and use information from your Google account to personalise ads. If you do not wish this association with your Google account, it is necessary to log out of Google before accessing our website.

If you have not consented to the use of Google Ads Remarketing, Google will only display general advertising that was not selected based on the information collected about you on this website. In addition to withdrawing your consent, you also have the option to disable personalized advertising in the Google Ads settings: https://adssettings.google.com/notarget.

For more information, please see Google's Privacy Policy: https://policies.google.com/privacy.

4. Social Networks

4.1. Online presence on social networks

We maintain an online presence on social networks to communicate with customers and interested parties and to provide information about our products and services.

User data is typically processed by the respective social networks for market research and advertising purposes. This allows user profiles to be created based on user interests. For this purpose, cookies and other identifiers are stored on users' computers. Based on these user profiles, advertisements can be displayed within the social networks and on third-party websites.

As part of operating our online presences, we may have access to information such as statistics on the usage of our online presences provided by the social networks. These statistics are aggregated and may include demographic information (e.g., age, gender, region, country), as well as data on interaction with our online presences (e.g., likes, subscriptions, shares, viewing of images and videos), and the content and posts shared on them. This information can also provide insights into the interests of users and which content and topics are particularly relevant to them. We may use this information to adapt the design and content of our online presence and optimize it for our audience. Details and links to the data provided by the social networks that we can access as operators of the online presences can be found in the list below. The collection and use of these statistics is usually subject to joint responsibility. If applicable, the respective contract is listed below.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 para. 1 lit. b GDPR, to stay in contact with our customers, inform them, and conduct pre-contractual activities with future customers and interested parties.

If you have an account with the social network, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you under certain circumstances. This can be done through direct messages or through posted posts. The content communication via the social network and the processing of content data is the responsibility of the social network as a messenger and platform service. Once we import or further process your personal data into our own systems, we are independently responsible for it, and this is done to perform pre-contractual activities and fulfill a contract in accordance with Art. 6 para. 1 lit. b GDPR.

Please refer to the data protection information of the respective social network for the legal basis of data processing carried out by the social networks in their own responsibility. You can also find more information about the respective data processing and how to object to it through the links below.

We would like to point out that data protection inquiries are most efficiently addressed to the respective provider of the social network, as only these providers have access to the data and can directly take corresponding measures.

Below is a list of information about the social networks on which we maintain online presences::

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

Operation of the LinkedIn company page in joint responsibility based on an agreement on the joint processing of personal data (the Page Insights Joint Controller Addendum):
https://legal.linkedin.com/pages-joint-controller-addendum

Information about the processed Page Insights data and contact options in case of data protection inquiries: https://legal.linkedin.com/pages-joint-controller-addendum

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing (XING SE, Dammtorstraße 30, 20354 Hamburg)

4.2. Forms for inquiries and registrations on LinkedIn.

On the social network LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, we use LeadGen Forms. These are advertisements on LinkedIn with integrated form fields. LeadGen Forms allow you to directly sign up for our services and events or make inquiries through the advertisements. This includes the request for a demo of our software in particular.

In the provided form field, you can voluntarily enter your contact information, such as your name, company, and email address, so that we can contact you. This allows us to send you the date and link for the demo or the information to participate in our events.

Data processing in this context is LinkedIn's own responsibility as the platform operator and as a telecommunications service provider for sending and receiving messages on LinkedIn. You can voluntarily choose to enter your contact information via the LeadGen Forms. We expressly point out that you can also contact us at any time through the contact options on our website.

If we process the data you entered in the LeadGen Forms for the purposes mentioned above on our own responsibility, this is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, to inform you about our services and to contact you through our ads, or based on Art. 6 para. 1 lit. b GDPR , to initiate a contract with you.

For further information regarding data processing on LinkedIn, please refer to their privacy policy: https://de.linkedin.com/legal/privacy-policy.

5. Disclosure of data

The disclosure of the data we collect generally only occurs when there is a legal basis for data protection, especially in cases where:

you have given your explicit consent according to Art. 6 para. 1 lit. a GDPR;

the disclosure under Art. 6 para. 1 lit. f GDPR is necessary for the establishment, exercise, or defense of legal claims, and there is no reason to believe that you have an overriding legitimate interest in not having your data disclosed;

we are legally obligated to disclose data under Art. 6 para. 1 lit. c GDPR, especially in response to official inquiries, court orders, and legal proceedings for the enforcement or defense of legal rights;

it is legally permissible and necessary for the performance of a contract with you or for the initiation of pre-contractual measures at your request under Art. 6 para. 1 lit. b GDPR.

Some data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, data centers storing our website and databases, software providers, IT service providers maintaining our systems, agencies, market research companies, corporate entities, as well as consulting firms may be included. When we disclose data to our service providers, they are allowed to use the data solely for the purpose of fulfilling their tasks. These service providers have been carefully selected and commissioned by us. They are contractually bound to follow our instructions, have appropriate technical and organizational measures in place to protect the rights of data subjects, and are regularly monitored by us.

6. Data transfers to third countries

As explained in this privacy policy, we use services provided by entities located in so-called third countries (outside the European Union or the European Economic Area) or where personal data is processed in such countries. These are countries whose data protection standards may not be equivalent to those of the European Union. Where this is the case, and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. These measures include, among others, the European Union's standard contractual clauses or binding corporate rules.

Where this is not possible, we base the data transfer on exceptions provided in Article 49 GDPR, especially your explicit consent or the necessity of the transfer for the performance of a contract or the implementation of pre-contractual measures.

If a transfer to a third country is planned and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g., intelligence agencies) may gain access to the transferred data to collect and analyse it, and that the enforceability of your data subject rights may not be guaranteed. You will also be informed about this when obtaining your consent through the consent banner.

7. Storage period

In general, we only store personal data for as long as it is necessary to fulfill the purposes for which the data was collected. Afterwards, we delete the data without delay, unless we need the data for evidence purposes in civil law claims, due to legal retention requirements, or there is another legal basis for continued data processing in the specific individual case.

For evidence purposes, we must retain contract data for three years from the end of the year in which our business relationship with you ends. Any claims become time-barred no earlier than this point, following the statutory general statute of limitations.

Even after this period, we may still need to retain some of your data for accounting purposes. We are legally obligated to do so due to documentation requirements outlined in the Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act, and the Securities Trading Act. The retention periods for documents stipulated there can range from two to ten years.

8. Your rights

You have the data subject rights as formulated in Art. 15 – 21, Art. 77 GDPR at any time, provided the respective legal conditions are met:

Right to withdraw your consent;

Right to object to the processing of your personal data (Art. 21 GDPR);

Right of access to your personal data processed by us (Art. 15 GDPR);

Right to rectify your personal data stored by us if it is incorrect (Art. 16 GDPR);

Right to erase your personal data (Art. 17 GDPR);

Right to restrict the processing of your personal data (Art. 18 GDPR);

Right to data portability of your personal data (Art. 20 GDPR);

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise your rights as described here, you can contact us at the contact details provided above. This also applies if you want to receive copies of safeguards to demonstrate an adequate level of data protection. If the respective legal conditions are met, we will comply with your data protection request.

Your requests for the exercise of data protection rights and our responses to them will be retained for documentation purposes for up to three years. In individual cases, they may also be kept beyond that duration for the purpose of asserting, exercising, or defending legal claims. The legal basis for this is Art. 6 para. 1 lit. f GDPR, based on our interest in defending against potential civil law claims under Article 82 GDPR, avoiding fines under Article 83 GDPR, and fulfilling our accountability obligations under Art. 5 (2) GDPR.

Finally, you have the right to lodge a complaint with the data protection supervisory authority responsible for us. You can exercise this right with a supervisory authority in the member state of your residence, your place of work, or the place of the alleged infringement. In Berlin, where our headquarters are located, the competent supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin, Germany.

9. Right of withdrawal and objection

You have the right to withdraw your consent at any time. This withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If we process your data based on legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. If the objection concerns data processing for direct marketing purposes, you have a general right to object, which we will implement without requiring reasons.

If you wish to exercise your right of withdrawal or objection, a simple notification to the contact details provided above is sufficient.

10. Changes to this privacy statement

Occasionally, we update this privacy policy, for example, when we make changes to our website or when there are changes in legal or regulatory requirements.

Last amendment: June 2024