3. Use of tools on the website
3.1 Utilised technologies
This website utilises various services and applications (collectively referred to as "Tools"), which are offered by either us or third parties. These tools include technologies that store or access information on the end user's device:
1.
Cookies: Information stored on the end user's device, typically consisting of a name, a value, the domain that stores it, and an expiration date. Session cookies are deleted after the session, while persistent cookies are deleted after the specified expiration date. Cookies can also be manually removed.
2.
Web Storage (local storage / session storage): Information stored on the end user's device, comprising a name and a value. Information in session storage is deleted after the session, whereas information in local storage has no expiration date and is generally retained unless a deletion mechanism is set up (e.g., storing local storage with a timestamp). Information in local and session storage can also be manually removed.
3.
JavaScript: Embedded or invoked programming code (scripts) within the website that may, for example, set cookies and web storage or actively collect information from the end user's device or their usage behaviour. JavaScript can be used for "active fingerprinting" and creating user profiles. Blocking JavaScript can be achieved through a browser setting, though it may disrupt the functionality of most services.
4.
Pixels: Tiny graphics automatically loaded by a service, which may allow for the recognition of visitors by automatically transmitting standard connection data (especially IP address, browser information, operating system, language, accessed address, and time of access). Pixels can be used to recognize visitors and track activities such as opening an email or visiting a website. Pixels can enable "passive fingerprinting" and the creation of user profiles. Blocking the loading of images, such as in emails, can prevent the use of pixels, but it may severely affect display.
With the help of these technologies and the mere connection to a page, so-called "fingerprints" can be created, which are user profiles that can recognize visitors even without the use of cookies or web storage. Fingerprinting due to the connection setup cannot be entirely prevented manually.
Most browsers are initially configured to accept cookies, run scripts, and display images. However, you can usually adjust your browser settings to reject all or certain cookies, block scripts, and images. If you completely block the storage of cookies, the display of images, and the execution of scripts, our services may not function properly or at all.
Below, we provide a categorized list of the tools we use, along with information about the tool providers, the storage duration of cookies or data in local storage and session storage, as well as data sharing with third parties. We also explain the instances where we obtain your voluntary consent to use the tools and how you can revoke this consent.
If - even despite the greatest care - the information in the consent banner contradicts that said in this data privacy policy, the information in this data privacy policy prevails.
3.2.1. Legal basis
We use tools necessary for website operation based on our legitimate interest under Art. 6 para. 1 lit. f GDPR to provide the essential functions of our website. In specific cases, these tools may also be required for the performance of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out under Art. 6 para. 1 lit. b GDPR. Access to and storage of information on the end device is essential in these cases and is based on the implementing acts of the ePrivacy Directive of EU member states, in Germany, pursuant to § 25 para. 2 TDDDG.
All other non-essential (optional) tools that provide additional functions are used with your consent under Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device is then based on the implementing acts of the ePrivacy Directive of EU member states, in Germany, pursuant to § 25 para. 1 TDDDG. Data processing using these tools only takes place when we have obtained your prior consent.
If personal data is transferred to third countries, we refer to Section 6 ("Transfer of Data to Third Countries") also in terms of the potential associated risks. We will inform you if there is an adequacy decision for the respective third country or if standard contractual clauses or other safeguards have been put in place for the use of specific tools. If you have given your consent for the use of specific tools and the associated transfer of your personal data to third countries, we transfer the data processed when using the tools (also) to third countries based on this consent under Art. 49 para. 1 lit. a GDPR.
3.2.2. Obtaining your consent
We use the WordPress plugin "Borlabs Cookie" to obtain and manage your consents. This plugin generates a banner that informs you about data processing on our website and provides you with the option to consent or decline to individual or all data processing activities conducted by optional tools. This banner is displayed on your first visit to our website and when you revisit our site to change your preferences or revoke consents. The banner will also reappear during subsequent visits if you have disabled cookie storage or if the cookies or information stored in the local storage by "Borlabs Cookie" have been deleted or have expired.
Additionally, the WordPress plugin "Borlabs Cookie" utilises a necessary cookie (named "borlabs-cookie") to store your granted consents and withdrawals. If you delete your cookies, we will request your consent again when you revisit our site.
The data processing carried out by the WordPress plugin "Borlabs Cookie" is necessary to provide you with the legally required consent management and to fulfill our documentation obligations. The legal basis is Art. 6 para. 1 lit. f GDPR based on our interest in complying with the legal requirements for consent management. Accessing and storing information on your device is essential in these cases and is carried out in accordance with the implementing laws of the ePrivacy Directive of EU member states, or, in Germany, according to § 25 para. 2 TDDDG.
3.2.3. Revocation of your consent or changing your selection
You can revoke your consent for specific tools at any time. To do so, please click on the following link:
. There, you can also adjust your preferences regarding which tools you wish to consent to and find additional information about cookies and their respective storage durations. Alternatively, you can directly exercise your withdrawal for specific tools through the respective providers.
3.3. Necessary tools
We use certain tools to enable the basic functions of our website (referred to as "essential tools"). Without these tools, we would not be able to provide our service. Therefore, essential tools are used without the need for consent.
The legal basis for essential tools is the necessity to fulfill our legitimate interests in providing the respective basic functions and operating our website, as per Art. 6 para. 1 lit. f GDPR. In cases where the provision of specific website functions is necessary to fulfill a contract or to carry out pre-contractual measures, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Access to and storage of information on the user's device is absolutely necessary in these cases and is carried out based on the implementation laws of the EU member states' ePrivacy Directive and in Germany under § 25 para. 2 TDDDG.
In the event of personal data being transferred to third countries (such as the United States), we refer to Section 6 ("Data Transfer to Third Countries") for additional information.
3.3.1. Google Tag Manager
Our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for users from the European Economic Area and Switzerland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively "Google").
The Tag Manager is used solely for the management of website tools through the integration of so-called website tags. A tag is an element embedded in the source code of our website to execute a tool, for example through scripts. If these are optional tools, they are only integrated by Google Tag Manager with your consent. Google Tag Manager uses JavaScript and generally operates without the use of cookies.
The legal basis is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in easily integrating and managing multiple tags on our website.
For the purpose of ensuring stability and functionality in the use of Google Tag Manager, Google collects information about which tags are integrated through our website. However, Google Tag Manager does not generally store personal data beyond the basic connection, particularly not data about user behavior or the pages visited.
We have entered into a data processing agreement with Google Ireland Limited. In the event that personal data is transferred from Google Ireland Limited to the USA or other third countries, Google Ireland Limited and Google LLC have entered into standard contractual clauses (Commission Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR.
For more information, please refer to
Google's information on Tag Manager.
3.4. Analytics tools
To improve our website, we use optional tools for visitor recognition and for the statistical collection and analysis of general usage behaviour, referred to as "analytics tools." We also utilise analytical services to evaluate the use of our various marketing channels. The collected usage information is aggregated and enables us to understand the usage patterns of our visitors. This helps us tailor and optimize the design of our website and enhance the user experience.
The legal basis for the use of Analysis Tools is, unless otherwise specified, your consent under Art. 6 para. 1 lit. a GDPR. Access to and storage of information on your device is based on the implementation laws of the ePrivacy Directive of EU Member States, in Germany, following § 25 para. 1 TDDDG. For withdrawing your consent, please refer to 3.2.3: "Withdrawal of your consent or changing your preferences."
In the event that personal data is transferred to the United States or other third countries, your consent explicitly extends to data transmission (Art. 49 para. 1 lit. a GDPR). Please refer to Section 6 ("Data transfer to third countries") for the associated risks.
3.4.1. Google Analytics 4
Our website uses the Google Analytics 4 service ("Google Analytics 4"), provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for users in Europe, the Middle East, and Africa (EMEA), and for all other users, by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively "Google").
Google Analytics uses JavaScript and pixels to read information on your device and cookies to store information on your device. This is done to analyze your usage behavior and improve our website. We will process the collected information to evaluate your use of the website and compile reports on website activities for the website operators. In this context, the data generated may be transferred to a server in the USA for analysis and storage by Google.
As part of the analysis, Google Analytics 4 also utilizes artificial intelligence such as machine learning for automated analysis and enrichment of data. This is particularly done for forecasted metrics related to the future behavior of visitors based on structured event data, such as predicted revenue, purchase probability, and churn probability. Forecasted metrics can also be used for forecasted audiences.
For further information, please click
here.
Additionally, Google Analytics 4 models conversions where there is insufficient data to optimize the analysis and reports.
For further information, please click
here.
Data evaluations are performed automatically using artificial intelligence or based on specific individually defined criteria.
For further information, please click
here.
We have made the following privacy setting for Google Analytics 4:
Google Analytics 4 uses the following cookies for the specified purposes with their respective storage durations:
For more information about the cookies used by Google Analytics 4, please click
here.
The legal basis for this data processing is your consent according to Art. 6 para. 1 lit. a GDPR. Access to and storage of information on your device is based on the implementation laws of the ePrivacy Directive of the EU member states, and in Germany according to § 25 para. 1 TDDDG.
We have entered into a data processing agreement with Google Ireland Limited for the use of Google Analytics 4. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (EU Implementing Decision 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR. In addition, we obtain your explicit consent under Art. 49 para. 1 lit. a GDPR for the transfer of your data to third countries.
For more information, please refer to
Google’s privacy policy.
3.5. Marketing Tools
We also use optional tools for advertising purposes ("Marketing Tools"). Some of the access data generated when using our website is used to create user profiles, which store information about your usage behavior, the advertisements you have viewed or clicked on, and, based on that, your categorization into advertising categories, interests, and preferences. Through the analysis and evaluation of this access data, we are able to display personalised advertisements on our website and on the websites and services of other providers, which correspond to your actual interests and needs. We also analyze your usage behavior to recognise you on other sites and address you in a personalised manner based on your use of our site (known as retargeting). Furthermore, we evaluate the effectiveness and success of our advertising campaigns, especially conversions and leads.
Marketing tools also include optional tools from social networks that are used to share posts and content through these networks ("Social Media plugins").
The legal basis for the marketing zools is your consent according to Art. 6 para. 1 lit. a GDPR, which you provide via the consent banner or directly at the respective tool by allowing its use through an overlay banner. Access to and storage of information on your device is then based on the implementation laws of the ePrivacy Directive of EU member states, in Germany, according to § 25 para. 1 TDDDG. For revoking your consent, please see 3.2.3: " Withdrawal of your consent or changing your selection."
In the event that personal data is transferred to third countries (such as the USA), your consent explicitly extends to the data transfer (Art. 49 para. 1 lit. a GDPR). Please refer to section 6 ("Data Transfer to Third Countries") for associated risks.
In the following section, we would like to explain the tools and the providers used in more detail. The collected data may include in particular:
the IP address of the device;
information from cookies and in local or session storage;
device identifiers for mobile devices (e.g., device ID, advertising ID);
referrer URL (previously visited page);
accessed pages (date, time, URL, title, duration);
Clicked links to other websites;
Achievement of specific goals (conversions), if applicable;
Technical information: operating system; browser type, version and language; device type, brand, model and resolution;
Approximate location (country and city, if applicable).
However, the collected data is stored pseudonymously, so no immediate conclusions about individuals are possible.
3.5.1. Linkedin Insight Tag
Our website uses the LinkedIn Insight Tag service provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"). This service allows us to collect and analyze statistical data about your visit and usage of our website. It enables us to display interest-based and relevant offers, recommendations, and advertising on LinkedIn (retargeting). Additionally, it involves an analysis of the effectiveness of advertising (conversion tracking). LinkedIn uses cookies, pixels, and JavaScript for this purpose.
The following cookies are set and read by LinkedIn:
“
lang” (Session): stores the language setting;
“
lidc” (24 hours): optimises the selection of the data center;
“
lissc” (180 days): a cookie that ensures all cookies in the same browser use the same SameSite attribute;
“
bcookie” (2 years): prevents misuse;
“
UserMathHistory” (30 days): usage analysis, synchronisation of IDs with LinkedIn Ads;
“
li_gc” (2 years): stores user consent;
“
AnalyticsSyncHistory” (30 days): stores information synchronisation for LinkedIn members.
For more information about cookies, please visit:
https://www.linkedin.com/legal/l/cookie-table.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information on your device is based on the implementation laws of the ePrivacy Directive of EU member states, in Germany, according to § 25 para. 1 TDDDG.
If you are logged into LinkedIn while visiting our website, LinkedIn may link the collected information to your member account and use it for targeted advertising on LinkedIn. You can view and adjust your privacy settings on LinkedIn at the following link:
https://www.linkedin.com/psettings/enhanced-advertising.
We have entered into a data processing agreement with LinkedIn in accordance with Article 28 of the GDPR. In the context of this agreement, data that is collected may be transferred to a server in the United States and stored there. In the event that personal data is transferred to the USA or other third countries, we have also concluded Standard Contractual Clauses with LinkedIn, as provided for in Implementing Decision (EU) 2021/914, Module 2, in accordance with Art. 46 para. 2 lit. c GDPR. In addition to this, we obtain your explicit consent, as required by Art. 49 para. 1 lit. a GDPR, for the transfer of your data to third countries.
For further information, please refer to
LinkedIn's privacy policy.
3.5.2. Google Ads Conversion Tracking
Our website uses the "Google Ads Conversion Tracking" service, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for individuals from the European Economic Area and Switzerland, and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for all other individuals ("Google").
This service allows us to track and analyse defined customer actions, such as clicking on a button and subsequently submitting a form. This helps us evaluate the success of campaigns and advertisements and optimize the design of our website. Additionally, we use and analyse parameters in the URL (such as the source of the visitor, e.g., a domain, the type and name of the campaign) to better measure campaigns and attribute them to users.
The service uses cookies, JavaScript, pixels, and other technologies for this purpose. Google processes the data to improve the quality and accuracy of conversions. Data collected in this context may be transferred to a server in the USA and stored there.
The following cookies are set and read by Google:
"
_gcl_au" (90 days): conversion tracking, storage of ad clicks;
"
IDE" (1 year): a cookie for recognising and distinguishing visitors through a user ID across different pages, tracking interactions with advertisements, and displaying personalised ads.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information on your device is based on the implementation laws of the ePrivacy Directive of EU member states, in Germany, according to § 25 para. 1 TDDDG. The transfer of your data to the USA is based on an adequacy decision (Google LLC is certified under the EU-US Data Privacy Framework).
For further information, please refer to
Google's privacy policy.
3.5.3. Microsoft Conversion Tracking
Our website uses Microsoft Conversion Tracking, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland ("Microsoft").
This service allows us to track and analyse defined customer actions, such as clicking on a button and subsequently submitting a form. This helps us evaluate the success of campaigns and advertisements and optimise the design of our website. Additionally, we use and analyse parameters in the URL (such as the source of the visitor, e.g., a domain, the type and name of the campaign) to better measure campaigns and attribute them to users. The service uses cookies, JavaScript, and local storage for this purpose. Data collected in this context may be transferred to a server in the USA and stored there.
The following cookies are set and read by Microsoft Conversion Tracking for the specified purposes, along with their respective storage durations:
"
_uetsid" (24 hours): session ID;
"
_uetvid" (13 months): visitor recognition, usage analysis, displaying personalised ads;
"
MUID" (13 months): visitor recognition, usage analysis, displaying personalised ads.
he following information is stored and read in local storage by Microsoft Conversion Tracking:
"
_uetsid", "
_uetvid": used for the same purposes as the corresponding cookies;
"
_uetsid_exp", "
_uetvid_exp": information about the expiration date of the information in local storage.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) lit. a GDPR. Access to and storage of information on your device is based on the implementation laws of the ePrivacy Directive of EU member states, in Germany, according to § 25 para. 1 TDDDG. The transfer of your data to the USA is based on an adequacy decision (Microsoft Corporation is certified under the EU-US Data Privacy Framework).
Further information can be found in Microsoft's privacy policy:
Microsoft Privacy Statement.
3.5.4. Leadfeeder - B2B visitor identification
On our website, we utilise the service Leadfeeder from Finnish company Liidio Oy / Leadfeeder, located at Keskuskatu 6 E, 00100 Helsinki, Finland ("Leadfeeder"). This service allows us to identify the names of companies visiting our website, enabling us to implement more targeted B2B marketing initiatives. It involves recording the behaviour of website visitors, such as the pages they visit, their origin, and the duration of their stay on our website. Additionally, the IP addresses of visitors are recorded to determine the company and geographic location. To achieve this, cookies and local storage are also used.
Leadfeeder performs the service as a subcontractor of Pipedrive OÜ Mustamäe tee 3a 10615 Tallinn Estonia, with whom we have concluded a contract for processing. All data is stored by Leadfeeder in encrypted form in the European Union and transmitted in encrypted form.
The following cookies are set and read by Leadfeeder for the specified purpose with the respective storage period:
"_lfa" (24 months): Visitor recognition
The following information in local storage is stored and read by Leadfeeder:
"_lfa_expiry": Contains the expiry date for the cookie described above.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
3.5.5. Google Ads Remarketing
Our websites use the "Google Ads Remarketing" service, which is offered to individuals from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other individuals by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google").
Google Ads Remarketing is used to display targeted advertising for caralegal to users of caralegal.eu after their visit to our website on pages of the Google Partner Network or in Google search. For this purpose, the collected and analysed usage information, including through Google Ads Conversion Tracking, is collected in an audience list in Google Analytics. These can also be used by Google Ads Remarketing. Audience lists for the Display Network contain at least 100 people and for Google Search, at least 1000 people. Therefore, advertising is not personalised to individual persons but rather to audience segments. The data collected in this context may be transmitted to a server in the USA and stored there.
Google Ads Remarketing uses cookies, JavaScript, and pixels, with the following cookies being stored and read:
"_gcl_au" (90 days): Conversion tracking, storing ad clicks;
"_gcl_aw" (90 days): Conversion tracking, storing ad clicks;
"_gac_UA-[GA4-ID]" (90 days): Storing campaign-related information and linking with Google Analytics;
"IDE" (13 months): Identification and differentiation of users by a user ID, capturing interaction with advertising, displaying personalised ads.
The legal basis for this data processing is your consent under Art. 6 (1) lit. a GDPR. Access to and storage of information on the user's device is based on the implementation laws of the ePrivacy Directive of EU member states, and in Germany, according to § 25 (1) TDDDG. The transfer of your data to the USA is based on an adequacy decision (Google LLC is certified for the EU-US Data Privacy Framework).
If you use a Google account, Google, depending on the settings in your Google account, can link your web and app browser history with your Google account and use information from your Google account to personalise ads. If you do not wish this association with your Google account, it is necessary to log out of Google before accessing our website.
If you have not consented to the use of Google Ads Remarketing, Google will only display general advertising that was not selected based on the information collected about you on this website. In addition to withdrawing your consent, you also have the option to disable personalized advertising in the Google Ads settings:
https://adssettings.google.com/notarget.
For more information, please see Google's Privacy Policy:
https://policies.google.com/privacy.