legal

Privacy Policy

Last updated on 27/02/2024

The protection of your privacy when using our website is particularly important to us. In the following, we, therefore, inform you about the collection of anonymous and personal data.

1. Provider / Person responsible within the meaning of data protection

Cardino GmbH
Impact Hub Berlin
Rollbergstrasse 28A
12053 Berlin, Germany

Email: sales@cardino.de

Web: www.cardino.de

Entry in the register court: Berlin-Charlottenburg Register number: HRB 251256 B

2. Data Protection Officer

Henrik Sachs,

Impact Hub Berlin
Rollbergstrasse 28A
12053 Berlin, Germany

3. Competent Regulatory Authority

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61

10555 Berlin

Phone: +49 30 13889-0

Fax: +49 30 2155050

Email: mailbox@datenschutz-berlin.de

4. Basics

Your personal data (e.g., title, name, address, e-mail address, telephone number, bank details, credit card number) will be processed in compliance with the relevant statutory data protection regulations, in particular REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL of 27. April 2016 on the protection of natural persons when processing personal data, on the free movement of data and on the repeal of Directive 95/46/EC (the General Data Protection Regulation - GDPR), the Federal Data Protection Act (BDSG) and other data-related laws [e.g. the Telemedia Act (TMG)] is stored and processed by us.

According to the GDPR and other regulations, data processing and use is only permitted if the GDPR or another legal regulation expressly permits this or if the person concerned consents (prohibition with reservation of permission). According to these legal bases, data processing and use is only permitted if the data subject has given their consent to the processing of the personal data concerning them for one or more specific purposes; the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures which are required at the request of the data subject person; the processing is necessary to fulfill a legal obligation to which the person responsible is subject; the processing is necessary to protect the vital interests of the data subject or another natural person; the processing is necessary for the performance of a task that is public interest or in the exercise of public authority that has been transferred to the person responsible; processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, prevail , especially when the data subject is a child.

Accordingly, we use and process your personal data only within the permissible framework of contract processing or if you have given your informed consent.

In principle, we do not pass on your personal data, including your address and your e-mail address, to third parties. Excluded from this are our service partners who need the transmission of data to process the contractual relationship or if we have expressly pointed this out. In these cases, however, the scope of the transmitted data is always limited to the necessary minimum.

5. Anonymous Data Collection

In principle, you can visit our website without telling us who you are. We only experience the name of your internet service provider, the website from which you are visiting us (referrer URL), the pages of our website that you are visiting, the date and time of retrieval and the amount of data transferred, notification of successful retrieval, browser type and version of the requesting computer/device, the operating system of the requesting computer/device IP addresses of the requesting computer/device

This information is only evaluated for statistical purposes. As an individual user, you remain anonymous, of course, and your personal data will not be merged unless you have expressly consented to this or one of the cases listed below applies.

6. Collection of personal data when visiting our website and using our services in general

We only collect personal data if you provide it to us voluntarily and of your own accord. This can be done, for example, when placing an order or to carry out a contract, a survey or when registering for services that require registration with personal data (e.g. to create a user account, etc.). In such cases, we charge in principle, only the data to which we are legally authorised and which is absolutely necessary for the fulfilment of the services you require (this would be, for example, a registration for the newsletter, for example only your email address). If we collect personal data from you, you only have to provide the necessary data. The data fields that are mandatory in each case are marked with an "asterisk". Any additional data you provide is purely voluntary and you do not have to disclose it. If you do provide this anyway, then with your disclosure you give us your consent that we may also store and process this data from you for the purpose stated in each case; In some cases, we also request your express consent for data protection purposes that require express consent, which you can of course give voluntarily, is not bound by any further conditions and can be revoked at any time for the future.

For the highest possible security of your data, they are transmitted in encrypted form using SSL/TLS encryption. This is to prevent misuse of the data by third parties. Your data will only be stored and processed by us on servers within the European Union. A transfer to third countries does not take place unless we are entitled and/or obliged to do so on the basis of a statutory provision or you have expressly consented to this in advance. These cases are then also clearly marked.

7. Data processing to fulfil the contract

7.1 Purpose of processing

If you would like to advertise and sell your car with us, you provide your personal data as part of the registration process. The mandatory information marked with an "asterisk" in this context is personal data that is required for the conclusion of a contract with us. Of course, you are not obliged to provide your personal data. However, we cannot provide the service you require without your providing us with the necessary data. For some services (e.g. the creation of an advertisement by an appraiser), we have to pass on your data to service providers commissioned by us in order to be able to provide the service you have requested. The data you enter is always processed for the purpose of fulfilling the contract.

7.2 Legal Basis

The legal basis for this processing is Art. 6 Para. 1 b) GDPR.

7.3 Recipient Categories

In principle, we do not pass on your personal data to third parties. Depending on the desired service, your personal data may be passed on to the following recipients: Buyer of your vehicle, transport service provider for picking up your vehicle if necessary, payment service provider if necessary, partners you may have commissioned (e.g. experts)

Your personal data will not be transmitted to third parties for purposes other than those listed below. In particular, it will not be passed on to third parties, e.g. for advertising purposes, without your express consent.

We only pass on your personal data to third parties if:

You have given your express consent to this in accordance with Article 6 Paragraph 1 Clause 1 Letter a) GDPR; this is required for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 Clause 1 Letter b) GDPR , e.g. to banks for processing the contractually agreed payments or, in the event of non-performance of contractually agreed payments, to lawyers and legal service providers for the purpose of legal enforcement; in the event that for the transfer pursuant to Article 6 (1) sentence 1 lit. c) GDPR there is a legal obligation; or the disclosure is required in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.

7.4. Who we may share your information with

We may give your information to:

Any member of the Cardino GmbH, which means our shareholders, investors, employees. If any of these parties use your information for direct marketing, we will only transfer it to them for that purpose with your prior consent.
Our partner and support businesses, including support services, finance lenders, advertising networks, automotive partners such as Finn or Aviloo, prize draw or competition partners, and analytics providers, as well as car dealers and depots..

7.5 Duration of Storage

We store the data required to process the contract until the statutory warranty and, if applicable, contractual warranty periods have expired.

We store the data required under commercial and tax law for the legally stipulated periods, usually ten years (cf. Section 257 HGB, Section 147 AO).

We delete e-mail addresses that we only receive for sending the newsletter as soon as you unsubscribe from the newsletter.

8. Processing of Applicant Data

The personal data you provide voluntarily as part of a job advertisement will be processed by us exclusively for the advertised position for which you have applied. For carrying out the application process and the associated assessment of an applicant In principle, we only process the personal data that is necessary for this. In addition to the name and address, this also regularly applies to contact details and information that you provide us with in your application documents (cover letter, CV, certificates, etc.). We only process special categories of data (e.g. religious affiliation or health data) if you provide them to us voluntarily or if we have special legal permission or even an obligation to do so. If you are hired, we will only include the data required for the appointment in our personnel file. The legal basis for this is Art. 88 GDPR i. In conjunction with Section 26 BDSG (new) and, if applicable, Article 6 Paragraph 1 Letter b) GDPR (initiation or implementation of contractual relationships).

If the application process does not lead to employment, your data will be deleted after six months (from the end of the application process) unless you have given us your express consent to store your application documents for later consideration. In such a case, your data will be deleted after 24 months at the latest. The legal basis for this is Art. 6 (1) (a) GDPR (consent). Should processing of your personal data be necessary to fulfill a legal obligation, the legal basis is Article 6 (1) (c) GDPR. Furthermore, it may be necessary to process your personal data to defend against legal claims asserted against us. The legal basis is then Article 6 Paragraph 1 Letter f) GDPR.

You can revoke your consent at any time with effect for the future by sending an email to sales@cardino.de. In such a case, we will delete your data immediately after receiving the revocation. Accordingly, it will not be considered for future job advertisements. In this context, please note your rights arising from the GDPR, which you will find below in this data protection declaration (point 38).

9.Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent, unless it is necessary to provide the service you have requested. The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected. You can revoke your consent given in this context at any time with effect for the future. Please address the revocation to sales@cardino.de or to the contact details provided under point 38 of this data protection declaration.

10.Use of Cookies

We use cookies to make visiting our website attractive and to enable the use of certain functions. Cookies are small text files that are stored on your computer. Most of the cookies we use are deleted from your hard drive after the end of the browser session or after you log out (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer on your next visit (so-called permanent cookies). These permanent cookies are stored for different lengths of time. When you visit our website for the first time, we will show you a pop-up (a so-called cookie manager) with an overview and explanation of the cookies we use. As soon as you click on "OK", you give us your consent to use all cookies, plugins and services described in this cookie manager and in the associated data protection information. If you would like to select individual data protection settings, click on the "more" button in the cookie manager. You can deactivate the use of cookies via your browser at any time. Please note that our website may then not function properly. If you want to adjust the selection of cookies you have already saved and thus revoke any consent you gave in the past for the future, you can manually manage and delete the settings for the use of cookies in your browser. If you delete all cookies, you will be prompted again to adjust your cookie settings the next time you visit our website. You can find detailed instructions on how to adjust the cookie settings for the most common browsers under the following links:

Mozilla Firefox:

https://support.mozilla.org/en/kb/delete-cookies-and-website-data-in-firefox?redirectlocale=en&redirectslug=Cookies+l%C3%B6schen

Microsoft Edge:

https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies

Microsoft Internet Explorer

https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Google Chrome:

https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en

AppleSafari:

https://support.apple.com/en-us/guide/safari/sfri11471/mac

Opera:

https://help.opera.com/de/latest/web-preferences/‍

11. Advertising Cookies

We use “advertising cookies” to keep records of our users’ browsing history. These cookies are used, for example, for personalised advertising, i.e. advertising tailored to your actual interests and needs, on our platform and on the websites and services of other providers. We may use this information, depending on your choices and preferences, to make the Platform more relevant to you and possibly share data with third-party advertising providers. We also analyse your usage behavior in order to recognize you on other sites and to address you in a personalized manner based on your use of our platform (so-called retargeting). In addition, we evaluate the effectiveness and success of our advertising campaigns (in particular so-called conversions and leads).

Facebook pixels (3rd party)

This cookie is used by Facebook for audience metrics, analytics and advertising, including: (1) tracking user behavior and determining how users arrive at our website, (2) refining and applying audience demographic data (which may include gender and age range) compiled from your Facebook profile information), (3) informing and delivering advertising campaigns on the Facebook website and (4) measuring advertising engagement and reach and determining advertising conversion rates. When you visit our websites for the first time, you will be asked whether you want to allow targeting/advertising cookies. You can update your choices via our cookie banner. If you disable this cookie, you may still see advertising from us on Facebook, but this will be based on our broader Facebook advertising campaign and not a retargeting cookie.

Google Search Ads, Google Display and Video, Google Ad Manager (3rd Party)

We use "Google Ads" (formerly Google AdWords) on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Ads enables us to draw attention to our attractive offers with the help of advertising material on external websites

hen. This enables us to determine how successful individual advertising measures are. These advertising media are delivered by Google via so-called "ad servers". We use so-called ad server cookies for this purpose, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. When you visit this website, you will be asked to define your data protection settings. Here you have the option of agreeing to or rejecting the use of the Google Ads service. Accordingly, the legal basis for this processing is Art. 6 (1) (a) GDPR. As soon as you agree to the use of Google Ads on our website, a connection to the Google servers will be established. The following information is communicated to the Google server:

Ads ViewedCookie IDDate and Time of VisitDevice InformationGeographical LocationIP AddressSearch TermsAdvertisements DisplayedCustomer IDImpressionsOnline IdentifiersBrowser Information

If you are logged into your Google account, you enable Google to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Google account. In addition, when using Google Ads, this data is passed on to the following recipients:

Alphabet Inc.Google LLCGoogle Ireland Limited

ChileSingaporeUnited States of AmericaTaiwan

Furthermore, Google stores various cookies on your end device. With the help of these cookies, Google can obtain information about visitors to our website. This information is used for marketing and analysis purposes. The cookies remain on your end device for up to one year. These are the cookies listed below:

Name: test_cookie

Description: This is set as a test to check if the browser allows cookies to be set. Contains no identifiers.

Type: cookies

Storage duration: 15 minutes

Domain: doubleclick.net

Name: IDE

Description: Contains a randomly generated user ID. With the help of this ID, Google can recognize the user on different websites across domains and display personalized advertising.

Type: cookies

Storage period: 1 year

Domain: doubleclick.net

If necessary, the use of Google Ads can trigger further data processing operations over which we have no influence. If you want to prevent data transfer, you can opt out of the Google Ads functions. Irrespective of this, we recommend that you regularly log out of your user account there after using a social network, but especially before activating integrated content, as this way you can avoid being assigned to your profile with the respective provider. According to Google, any data transfer to the USA takes place in compliance with the provisions of the underlying standard data protection clauses of the EU Commission. Further information on data protection and data use by Google can be found on the following Google website: http://www.google.de/intl/de/policies/privacy

We use the Reddit pixel, which is a piece of code provided by Reddit that allows us to track conversions and analyse the effectiveness of our advertising campaigns on Reddit. It works by placing and triggering cookies on users' browsers when they interact with our ads on Reddit.

The LinkedIn Insight Tag is a piece of code provided by LinkedIn that allows us to track conversions and analyze the effectiveness of our advertising campaigns on LinkedIn. It works by placing and triggering cookies on users' browsers when they interact with our ads on LinkedIn.

12.Google Tag Manager

We use the “Google Tag Manager” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). The Google Tag Manager is a tag management system. It allows the user to update measurement codes and associated code snippets, collectively referred to as "tags", on the user's website or mobile app. The Google Tag Manager tool, which implements the tags, is a cookie-free domain and does not collect any personal data itself. The Google Tag Manager triggers other tags, which in turn may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager. When you visit this website, you will be asked to define your data protection settings. Here you have the option of agreeing to or rejecting the use of the Google Tag Manager service. Accordingly, the legal basis for this processing is Art. 6 (1) (a) GDPR. The following data is processed when using the Tag Manager:

Aggregated data about tag firing

If you are logged into your Google account, you enable Google to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Google account. In addition, when using Google Analytics, this data is passed on to the following recipients:

Google Ireland Limited Alphabet Inc. Google LLC

United States of AmericaSingaporeChileTaiwan

If you want to prevent data from being passed on, you can opt out of the Google Analytics functions. Irrespective of this, we recommend that you regularly log out of your user account there after using a social network, but especially before activating integrated content, as this way you can avoid being assigned to your profile with the respective provider. According to Google, any data transfer to the USA takes place in compliance with the provisions of the underlying standard data protection clauses of the EU Commission. Further information on data protection and data use by Google can be found on the following Google website:

Google Tag Manager Terms of Use: https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/FAQ

Google Tag Manager: https://support.google.com/tagmanager/?hl=de#topic=3441530

Google privacy policy: https://policies.google.com/privacy?hl=de&gl=de

13. Google Web Fonts

We use fonts provided by Google on our website for uniform presentation. "Google Fonts" is a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). When you visit this website, you will be asked to define your data protection settings. Here you have the option of agreeing to or rejecting the use of the "Google Fonts" service. Accordingly, the legal basis for this processing is Art. 6 (1) (a) GDPR.

If you agree to the use of Google Fonts, a connection to the Google servers will be established and the corresponding font will be loaded into your browser cache. The following data is processed here:

IP AddressAggregated User DataReferrer URLCSS RequestFont Requests

If you are in your Google account are logged in, you enable Google to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Google account. In addition, when using Google Fonts, this data is passed on to the following recipients:

Alphabet Inc. Google LLC Google Ireland Limited

Google can also forward the collected data to another country. Please note that Google can transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly being entitled to any legal remedies. It may also happen that you do not even receive any information about it. According to Google, your data can be transferred worldwide. This can be the case for various purposes, e.g. B. for storing or processing. According to Google, any data transfer to the USA takes place in compliance with the provisions of the underlying standard data protection clauses of the EU Commission. If your browser does not support web fonts or you decline their use, a standard font will be used by your computer. You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

14. Usercentrics Consent Management Platform

We use the Usercentrics Consent Management Platform (Usercentrics) from Usercentrics GmbH, Rosental 4, 80331 Munich. Usercentrics collects log file data and consent data using JavaScript. This JavaScript enables us to inform, obtain, manage and document the user's consent to certain cookies and other technologies on our website.

The legal basis for processing the data is Article 6 (1) (c) GDPR. The aim is to know the preferences of the users and to act accordingly.

The data will be deleted as soon as they are no longer required for our logging. The shelf life of the cookie is 60 days. The consent data must be kept for 6 years in accordance with § 257 HGB. The certificate of revocation of a previously given consent will be kept for three years. On the one hand, the storage is based on our accountability according to Art. 5 Para. 2 DSGVO. This obliges to comply with the processing of personal data in accordance with the General Data Protection Regulation. In contrast, the retention period in the regular limitation period according to § 195 BGB is three years.

You can permanently prevent the execution of JavaScript at any time by making the appropriate settings in your browser, which would also prevent Usercentrics from executing the JavaScript.

For more information about Usercentrics' privacy practices, visit: https://usercentrics.com/de/datenschutzerklarung/

15. TrustPilot

We use the TrustPilot review portal operated by TrustPilot A/S, Pilestraede 58, 5th floor, 1112 Copenhagen, Denmark (hereinafter referred to as "TrustPilot"). In order to constantly improve our service, we offer our customers the opportunity to inform us about this independent portal, without us being able to influence this in any way. In this context, we do not pass on your data to TrustPilot. If you want to submit a rating, you will be forwarded via a link directly to our rating on TrustPilot. Leave this link we will send you by e-mail. In order to submit a rating or collect customer feedback, it is necessary to create/open a user profile on TrustPilot. In addition to a rating for the inviting company, ratings for any company can then also be posted on the TrustPilot rating portal If a rating is submitted by clicking on the link contained in the invitation, a user profile is automatically created on TrustPilot after entering the personal data (name and email address for verification). According to TrustPilot, data processing takes place within the European Union. The legal basis for this processing is Article 6 (1) (a) GDPR. Further information on data protection can be found in TrustPilot's data protection declaration, which you can find under the following link: http://de.legal.trustpilot.com/end-user-privacy-terms‍

16. Newsletters & E-mail promotion

If you register for our newsletter, or if you give us your explicit consent (opt in) for marketing and sales communication in the Lead collection form, we only collect the data required for this purpose in order to regularly send you our e-mail newsletter in accordance with your consent. Accordingly, the legal basis for processing is Article 6 (1) (a) GDPR. We do not pass on the data you provide here to third parties; processing takes place exclusively in Germany. The registration takes place via a secure and established double opt-in procedure. After registering for the newsletter, you will receive an e-mail to the e-mail address you entered. This e-mail contains a confirmation link that you must click on so that you can complete the registration process for the newsletter. This procedure is intended to prevent your e-mail address from being used by a third party without authorization. You can revoke your voluntarily given consent at any time, free of charge and with effect for the future. A corresponding message to sales@cardino.de is sufficient for this, alternatively you can unsubscribe from the newsletter via the link provided for this purpose in the newsletter.

16.1 Our promotional updates and communications

Where permitted in our legitimate interests (explained below) or with your prior consent if required by law, we may

send you marketing and promotional updates about our products and services, by email and SMS, if you have opted-in to receiving these.
we will also use your personal information for marketing analysis.

You can object to further marketing at any time by selecting the "unsubscribe" link at the end of all our marketing and promotional update communications to you, or by sending us an email to sales@cardino.de

17. Microsoft Clarity

We use "Microsoft Clarity" on our website, a web analytics service provided by Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Telephone: +353 1 706 3117, (hereinafter referred to as “Microsft Clarity”). Among other things, Microsft Clarity uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your device and that enable an analysis of your use of our website, as well as a so-called tracking code. The cookies used by Microsft Clarity are stored on your end device for different lengths of time, sometimes only during your visit, sometimes 365 days. When you visit this website, you will be asked to define your data protection settings. Here you have the opportunity

Opt-in or opt-out of using the Microsft Clarity service. Accordingly, the legal basis for this processing is Art. 6 (1) (a) GDPR. As soon as you agree to the use of Microsft Clarity on our website, a connection to the Microsft Clarity servers will be established. In doing so, the following personal data is processed:

Device-dependent data collected by your end device and web browser:

IP address of your end device (collected and stored in an anonymous format) E-mail address including your first and last name, if you have made them available to us via our website Screen size of your end device Device type and browser information Geographical data (only country) Language to display our WebsiteUser interactionsMouse commands (movement, position and clicks)KeystrokesLog data used automatically by our server when using Microsft Clarity:Reference domainVisited websitesGeographic data (country only)Language used to display our websiteDate and time of access

Microsft Clarity uses this information to evaluate your use of our website, to create reports on the use and to provide other services in connection with the evaluation of our website.

Further information on data protection at Microsft Clarity can be found in Microsft Clarity's data protection declaration, which you can view under the following link: https://privacy.microsoft.com/en-gb/privacystatement

18.Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"). Google Analytics uses so-called "cookies", which are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. When you visit this website, you will be asked to define your data protection settings. Here you have the option of agreeing to or rejecting the use of the Google Analytics service. Accordingly, the legal basis for this processing is Art. 6 (1) (a) GDPR. As soon as you agree to the use of Google Analytics on our website, a connection to the Google servers will be established. The following information is communicated to the Google server:

App UpdatesClick PathDate and Time of VisitDevice InformationDownloadsFlash VersionLocation InformationIP AddressJavaScript SupportPages VisitedPurchasing ActivityReferrer URLUsage DataWidget InteractionsBrowser Information

If you are logged into your Google account, you enable Google to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Google account. In addition, when using Google Analytics, this data is passed on to the following recipients:

Google Ireland Limited Alphabet Inc. Google LLC

United States of AmericaSingaporeChileTaiwan

Name: _ga

This is used to distinguish users.

Type: cookies

Storage period: 2 years

Name: _gid

This is used to distinguish users.

Type: cookies

Storage period: 1 day

Name: _gat

This is used to throttle the request rate.

Type: cookies

Storage duration: 1 minute

Name: _dc_gtm_xxx

This is used to distinguish users.

Type: cookies

Storage duration: 1 minute

Name: _gat_gtag_xxx

This is used to distinguish users.

Type: cookies

Storage duration: 1 minute

Name: _gac_xx

This contains information about which ad was clicked on.

Type: cookies

Storage period: 2 months, 29 days

Name: IDE

Google can use this ID to recognize the user across different websites and domains and display personalized advertising.

Type: cookies

Storage period: 1 year

If necessary, the use of Google Analytics can trigger further data processing operations over which we have no influence. If you want to prevent data from being passed on, you can opt out of the Google Analytics functions. Irrespective of this, we recommend that you regularly log out of your user account there after using a social network, but especially before activating integrated content, as this way you can avoid being assigned to your profile with the respective provider. According to Google, any data transfer to the USA takes place in compliance with the provisions of the underlying standard data protection clauses of the EU Commission. Further information on data protection and data use by Google can be found on the following Google website: http://www.google.de/intl/de/policies/privacy‍

19. Mailchimp

Mailchimp acts as a data processor on our behalf and is contractually obligated to use your email address only for the purposes of providing the email automation services to us. Mailchimp is also required to maintain the confidentiality and security of your information.

20. Zendesk

We may collect the following types of personal information in our CRM system:

Contact Information: such as your name, email address, phone number.
Communication History: including records of your interactions with our customer support team, such as emails.

We use the personal information collected through Zendesk for the following purposes:

Providing Support: We use your contact information and communication history to provide customer support and respond to your inquiries, requests, and tickets.
Improving Services: We analyze the communication history and feedback provided by customers to improve our products, services, and customer support processes.
Communication: We may use your contact information to send you important notifications, updates, and promotional communications related to our products and services, provided you have opted in to receive such communications.

21. Airtable

We utilize Airtable as our data platform to manage certain aspects of our business operations, including storing information related to deal history. This may include details such as customer names, contact information and other relevant data necessary for managing our business relationships. We take appropriate measures to ensure the security and confidentiality of the information stored in Airtable, including implementing access controls and encryption protocols. Your privacy and the protection of your personal information are of utmost importance to us, and we handle all data stored in Airtable in accordance with this Privacy Policy and applicable laws and regulations.

22. Withdrawing Your Consent

If you have given us your consent under data protection law for certain data uses and/or services, you can of course revoke this at any time with effect for the future. A simple message to the address given below is sufficient:

Cardino GmbH
Impact Hub Berlin
Rollbergstrasse 28A
12053 Berlin, Germany

Email: sales@cardino.de

23. Your rights as a data subject

As the data subject, you have various rights with regard to your personal data. As the person responsible, we have taken appropriate measures to provide you, the data subject, with all information pursuant to Articles 13 and 14 of the GDPR and all communications pursuant to Articles 15 to 22 and Article 34 GDPR relating to the processing in a precise, transparent, in an intelligible and easily accessible form, using clear and plain language; this applies in particular to information that is specifically aimed at children. The information is transmitted in writing or in another form, possibly also electronically. If requested by you, the information can also be provided verbally, provided that your identity as the data subject has been proven in some other way.

Among other things, you have the right at any time to request written or electronic information about the data stored about you and its origin, the recipient or recipients to whom the data is passed on and the purpose of the storage. You also have the right to request that incorrect data be corrected and, if the legal requirements are met, that your data be deleted or blocked. A simple message to the address given below is sufficient:

Cardino GmbH
Impact Hub Berlin
Rollbergstrasse 28A
12053 Berlin, Germany

Email: sales@cardino.de

In detail, you have stated the following rights:

23.1 Right to Confirmation and Information

You can request confirmation from us as to whether personal data relating to you is being processed by us.

If we process your data, you can request information from us about the following:

the purposes for which the personal data are processed; the categories of personal data that are processed; the recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed; the planned duration of the storage of the Personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period; the existence of a right to correction or deletion of the personal data concerning you, a right to restriction of processing by us or a right to object to this processing; the existence of a right of appeal to a supervisory authority; all available information about the origin of the data if the personal data is not collected from the data subject; the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in In these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You also have the right to request information as to whether the personal data concerning you is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission

to become.

23.2 Right to Rectification

You have a right to correction and/or completion if the processed personal data concerning you is incorrect or incomplete. We must of course make the correction immediately.

23.3 Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data:

if you dispute the accuracy of the personal data concerning you for a period of time that enables us to verify the accuracy of the personal data; if the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data ; if we no longer need the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or if you have lodged an objection to the processing pursuant to Art. 21 Para. 1 DSGVO and it is not yet certain whether the legitimate reasons to which we are entitled outweigh your reasons.

If the processing of the personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed by us or authorized third parties.

If the restriction of processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.

23.4 Right to Erasure

Obligation to delete

You can demand that the personal data concerning you be deleted immediately, and we are obliged to delete this data immediately if one of the following reasons applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed. You revoke your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 Paragraph 2 lit. a GDPR and there is no other legal basis for the processing. You object to the processing in accordance with Article 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR. The personal data relating to you were processed unlawfully. The deletion of the personal data relating to you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

information to third parties

If we have made the personal data concerning you public and we are obliged to delete them in accordance with Art. 17 (1) GDPR, we shall take appropriate measures, including technical ones, to inform the data controllers, taking into account the available technology and the implementation costs , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

exceptions

The right to erasure does not exist if processing is necessary

to exercise the right to freedom of expression and information; to fulfill a legal obligation which requires processing under Union or Member State law to which we are subject, or to perform a task carried out in the public interest or in the exercise of official authority that has been transferred to us; for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 lit. h and i and Article 9 Paragraph 3 GDPR; for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the law mentioned under Section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or to assert, exercise or defend legal claims.

23.5 Right to Information

If you have asserted the right to correction, deletion or restriction of processing against us, we are obliged to inform all recipients to whom your personal data has been disclosed of this correction or deletion

increase of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.

23.6 Right to data portability

You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance, provided that

the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and processing using automated procedures he follows.

In exercising this right, you also have the right to have your personal data transmitted directly from us to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.

The right to data portability does not apply to the processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been delegated to us.

23.7 Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

We will then no longer process the personal data relating to you, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

23.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

23.9 Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

a.) is necessary for the conclusion or performance of a contract between you and us,

b.) is permissible on the basis of legal provisions of the Union or the Member States to which we are subject and these legal provisions contain appropriate measures to protect your rights and freedoms and your legitimate interests or

c.) with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases mentioned in a.) and c.), we take appropriate measures to protect your rights and freedoms as well as your legitimate interests.

23.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.

The supervisory authority to which the complaint was lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial redress

legal remedy according to Art. 78 GDPR.

24. Further information

If you have any further questions or suggestions on the subject of "data protection" from us or if you would like information about your data or its correction or deletion, please write an e-mail or letter to:

Cardino GmbH
Impact Hub Berlin
Rollbergstrasse 28A
12053 Berlin, Germany

Email: sales@cardino.de

‍