Privacy Policy

Scroll To

General Information

We would like to inform you about how we handle your data when you visit our website. Personal data refers to all information that relates or can be related to you as an individual. In the following privacy policy, you will find all details about the processing of your data on our website.

General Information on Legal Bases for Data Processing

“Personal data” means any information relating to an identified or identifiable natural person. We process this data in accordance with applicable data protection laws, particularly the GDPR and the German Federal Data Protection Act (BDSG). We may only process personal data if there is legal permission to do so.

We process personal data only with your consent, to conclude a contract with you, to respond to your inquiry in connection with a potential business relationship, to fulfill legal obligations, or to protect our legitimate interests, provided this does not affect your interests or fundamental rights and freedoms that require the protection of personal data.

Responsibilities

The controller responsible for processing your personal data is:

CARUSO GmbH
Susanne Fischer, Dominik Fischer
Garnstadter Straße 38/39
96237 Ebersdorf
Germany

Phone: +49 (0) 9562 925-0
Email: info@caruso-ebersdorf.de

Data Protection Officer Contact Details

You can reach our Data Protection Officer at:

4All-Group Owner Martin Sailer-Arnold
Martin Sailer-Arnold
Schillerstraße 19a
95703 Plößberg

Email: data-privacy@4all-group.de
Phone: 096365050048

Website Hosting

Our website is hosted by an external service provider (hosting provider). Our selected partner is:

gn2 Hosting I Internet Agency I Coworking
Owner Rüdiger Nitzsche e.K.
Hahnweg 61a
96450 Coburg

Data Processing Through Hosting

Various data is processed during visits to and use of our website. The server automatically records certain technical data in server log files:

  • IP addresses
  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited page)
  • Hostname of the accessing computer
  • Time of server request
  • Technical access data
  • Contact requests
  • Meta and communication data

Storage Duration and Data Usage

  • Server log files are stored for 7 days and then automatically deleted
  • Longer storage only occurs if there is justified suspicion of illegal use for further investigation
  • The collected information is not combined with other data sources
  • Identification of your person is not possible based on this data

Important Note on Identifiability

Since the stored technical information does not allow us to identify you personally, Articles 15 to 22 GDPR do not apply according to Art. 11(2) GDPR. This only changes if you provide us with additional information that enables identification.

Data Security

Our website uses SSL/TLS encryption to protect data transmission. You can recognize this by ‘https://’ in the browser line and the lock symbol. This protects all transmitted data from third-party access.

Legal Bases

Our cooperation with our hosting partner is based on the following legal grounds:

  • Fulfillment of our contractual obligations (Art. 6(1)(b) GDPR)
  • Ensuring secure and efficient operation of our website (Art. 6(1)(f) GDPR)
  • Based on your consent, if obtained (Art. 6(1)(a) GDPR and § 25(1) TTDSG)

Data Protection Security

We have concluded a Data Processing Agreement (DPA) with our hosting partner. This contract ensures that:

  • Your data is processed only according to our instructions
  • All necessary technical and organizational measures are taken to protect your data
  • GDPR requirements are met

The processing of your data by the hosting provider is strictly limited to what is necessary for the operation of the website.

Duration of Data Storage

Basic Rules

We store your personal data only for as long as necessary to fulfill the respective processing purposes. Different retention periods may apply to different types of data, which are specifically mentioned in other sections of this privacy policy.

Deletion of Your Data

Your data will be deleted when:

  • You legitimately request the deletion of your data
  • You withdraw your consent for data processing
  • The original purpose for data processing no longer exists

Exceptions to Deletion

Deletion will not occur if we are legally obligated to retain the data. This may be the case for:

  • Tax law retention obligations
  • Commercial law documentation obligations
  • Other legal obligations for retention

In these cases, your data will be blocked for other purposes and deleted automatically after the legal retention periods expire.

Use of Cookies and Similar Technologies

To provide you with the best possible user experience on our website, we use various technical solutions, including cookies. These technologies help us make our website user-friendly and provide important functions.

Cookies are small text files that your browser automatically creates and stores on your device when you visit our website. We use two different types of cookies:

  • Temporary cookies, known as session cookies, which are automatically deleted when you close your browser
  • Long-term cookies (persistent cookies) that remain on your device even after closing the browser. These enable us to recognize you on your next visit and provide an optimized, customized website experience.

Some of these technologies are essential for basic functions of our website. This includes, for example:

  • Your IP address
  • The time of your visit
  • Information about your device and browser
  • Data about your use of our website

The use of these technically necessary cookies is based on our legitimate interests under Art. 6(1)(f) GDPR. Our legitimate interest lies in providing a functional and user-friendly website and optimized presentation of our offers and services.

You have control over the use of cookies at all times. You can set how cookies are handled in your browser settings (Microsoft Edge™, Safari™, Chrome™, Firefox™, or Opera™). If you have consented to the use of cookies under Art. 6(1)(a) GDPR, you can revoke this consent at any time. Simply use the contact options provided in this privacy policy or visit: https://caruso-ebersdorf.de/#cmpscreen. Please note that restricting cookies may limit the functionality of our website.

Use of Consentmanager

We use “Consentmanager” on our website to inform you about cookies and other technologies we use, and to obtain, manage, and document your consent for the processing of your personal data through these technologies when required. This is necessary according to Art. 6(1)(c) GDPR to fulfill our legal obligation under Art. 7(1) GDPR to be able to demonstrate your consent to the processing of your personal data. “Consentmanager” is provided by consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden.

Communication and Data Processing for Your Inquiries

Various Contact Methods and Their Data Processing

We offer various ways to communicate with us. You can reach us through forms on our website, send us an email, make a phone call, or send a fax. For each of these contact options, we place the highest value on careful and legally compliant handling of your personal data. Our processing always follows the strict requirements of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

What Data We Collect During Your Contact

The type of data collected depends on the chosen communication method. When using our online forms, we collect the required information such as email address and your first and last name. In optional message fields, you can provide additional information that helps us process your request. For email contact, we store your email address and the information contained in the message. Phone inquiries lead to the recording of your phone number and the discussed matters, while fax communication results in storing your fax number and the transmitted documents. In all cases, the time of contact is documented.

How We Use and Process Your Data

Your transmitted data is used exclusively for processing your inquiries and concerns. We use it to answer your questions, fulfill your wishes, and engage in constructive dialogue. Storage also allows us to refer to previous communication history for later inquiries and provide you with optimal service. For contract-related inquiries, we also use the data to implement pre-contractual measures or fulfill contracts.

Storage and Deletion of Your Data

The storage duration of your data depends on the purpose of processing and legal requirements. Generally, we keep your data as long as necessary for complete processing of your request. After completion of processing, the data remains stored for an appropriate period to accommodate any follow-up inquiries or correspondence. You have the right to request deletion of your data at any time, provided no legal retention obligations prevent this. In such cases, your data will be blocked from further processing and automatically deleted after the legal retention periods expire.

Third-Party Analytics and Advertising Technologies

Use with Your Consent

On our website, we use various analytics and advertising technologies, including third-party cookies. These technologies are only deployed when you have given your explicit consent according to Art. 6(1)(a) GDPR.

Data Deletion and Storage Duration

Data collected through these technologies is stored only as long as needed for the respective purpose. After the use of a technology ends or when the original purpose no longer applies, the collected data is deleted.

Your Control Options

You have the following options to control the use of these technologies:

  • You can revoke your given consent at any time for the future
  • Detailed information about revocation options can be found in the “Cookies and Other Technologies” section
  • Specific settings options for individual services are described under the respective technologies

MyFonts

Service Provider and Function

For a uniform and professional appearance of our website, we use fonts from MyFonts. This service is provided by Monotype Imaging Holdings Inc., located at 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA. The fonts are automatically loaded into your browser when you visit our website.

Data Processing and License Monitoring

The following data is processed when using MyFonts:

  • Your IP address
  • The URL of our website
  • Our contract data with MyFonts
  • Information about monthly page view counts

This data is transferred to servers in the USA for license compliance verification. Monotype assures that your IP address is anonymized immediately after transmission, making it impossible to trace back to you personally.

Privacy Protection and International Data Transfer

Monotype is certified under the EU-US Data Privacy Framework (DPF). This agreement between the EU and USA ensures that European data protection standards are maintained when processing data in the USA. As a certified company, Monotype is committed to adhering to these standards.

For detailed information about data processing by MyFonts, visit:
https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy

You can verify Monotype’s DPF certification at:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2z3d0000001so6AAA&status=Active

Google Maps

Usage and Responsibility

We use the Google Maps service on our website. This service is provided by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland. The integration of Google Maps helps you easily find our location and enables an appealing presentation of geographical information.

Data Processing and Transfer

When using Google Maps, the following data processing occurs:

  • Your IP address is collected and transmitted to Google
  • Data is stored on servers in the USA
  • Google may additionally load Google Fonts for font display
  • Your browser stores the necessary web fonts in its cache

Legal Bases for Usage

The integration of Google Maps is based on:

  • Our legitimate interest (Art. 6(1)(f) GDPR) in user-friendly presentation of our locations
  • Your consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG), if obtained

Data Transfer to the USA

Google processes your data in the USA. The legality of the transfer is ensured through:

  • EU Commission Standard Contractual Clauses
  • Certification under the EU-US Data Privacy Framework (DPF)
  • Binding data protection guarantees from Google

Detailed information about Google’s data protection provisions can be found at:

For Google’s DPF certification, visit:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

hCaptcha

Functionality and Responsibility

To protect our forms from spam and abuse, we use the hCaptcha service provided by Prove Humanity Inc., One Montgomery Street, Suite 2700, San Francisco, CA 94104, USA. hCaptcha analyzes website visitor behavior to distinguish human users from automated access.

Data Processing by hCaptcha

When using hCaptcha, the following data is processed:

  • Your IP address
  • Device and browser information
  • Data about your behavior when solving the captcha
  • Date and duration of website visit
  • Information about your interaction with the captcha

This data is partially processed on servers in the USA. hCaptcha may also use cookies or similar technologies for user recognition.

Legal Bases

The integration of hCaptcha is based on:

  • Our legitimate interest (Art. 6(1)(f) GDPR) in protecting our website from automated access and abuse
  • Your consent (Art. 6(1)(a) GDPR), if obtained

Data Transfer to the USA

hCaptcha processes data in the USA. Data transfer security is ensured through:

  • EU Commission Standard Contractual Clauses
  • Certification under the EU-US Data Privacy Framework

Detailed information about hCaptcha’s data processing can be found at:
https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms

Handling of Job Application Data

Introduction and Application Methods

We appreciate your interest in employment with our company. You can apply via email, postal mail, or our online application form. Regardless of your chosen method, we take the careful and confidential handling of your personal data very seriously.

Scope of Data Collection in the Application Process

During your application, we process various categories of personal data, primarily including:

  • Personal contact details (name, address, phone number, email)
  • Qualification information (education, work experience, certificates)
  • Application letter and CV
  • Work samples or portfolios
  • Documentation from interviews and assessment tests
  • Correspondence between you and our company
  • Any additional information you voluntarily provide

Purpose and Legal Bases of Data Processing

We process your application data exclusively for recruitment purposes, based on:

1. Contract initiation (Art. 6(1)(b) GDPR):

    • Evaluating your suitability for the position
    • Conducting the application process
    • Preparing a possible employment contract

    2. Consent (Art. 6(1)(a) GDPR):

      • Including you in our applicant pool for future positions
      • Sharing your application with other departments
      • Consent can be withdrawn at any time

      3. Legitimate interests (Art. 6(1)(f) GDPR):

        • Documenting the application process
        • Defending against possible legal claims
        • Optimizing our application process

        Storage and Deletion of Application Data

        For successful applications:

        • Documents are transferred to the personnel file
        • Data is processed as part of the employment relationship

        For unsuccessful applications:

        • Standard retention period of 6 months after conclusion
        • Digital data deletion and physical document destruction after this period
        • Extended retention possible for pending legal disputes
        • Longer storage with your consent for future positions

        Data Security and Confidentiality

        We protect your application data through:

        • Encrypted data transmission for online applications
        • Strict access controls and restrictions
        • Regular staff training on data protection
        • Regular security measure updates

        Your Rights Under GDPR

        The General Data Protection Regulation (GDPR) guarantees you comprehensive rights regarding your personal data:

        Exercise of Your Rights

        When exercising your rights under Articles 15-22 GDPR:

        • We process your submitted data to fulfill your request
        • We store evidence of processing your request
        • We use the data exclusively for information provision and data protection control
        • We restrict further processing according to Art. 18 GDPR

        This processing is based on Art. 6(1)(c) GDPR in conjunction with Arts. 15-22 GDPR and § 34(2) BDSG.

        Your Specific Rights

        1. Right to Information (Art. 15 GDPR)

          • Confirmation of data processing
          • Detailed information about stored data
          • Copies of stored data
          • Free information about sources, recipients, and processing purposes

          2. Right to Rectification (Art. 16 GDPR)

            • Immediate correction of inaccurate data
            • Completion of incomplete data

            3. Right to Erasure (Art. 17 GDPR)

              • Also known as “right to be forgotten”
              • Immediate deletion upon request
              • Subject to legal retention requirements

              4. Right to Restriction of Processing (Art. 18 GDPR)
              Applicable when:

                • Accuracy is contested, pending verification
                • Processing is unlawful but you oppose erasure
                • You need the data for legal claims
                • You have objected to processing

                5. Right to Data Portability (Art. 20 GDPR)

                  • Receive data in structured, common format
                  • Transfer to other controllers on request
                  • In machine-readable form

                  6. Right to Object (Art. 21 GDPR)
                  You can object when:

                    • Processing is based on Art. 6(1)(e) or (f) GDPR
                    • Special personal circumstances exist
                    • Your data is used for direct marketing

                    7. Right to Lodge a Complaint

                      • With the competent supervisory authority
                      • Particularly if you believe processing violates GDPR

                      Supervisory Authority

                      The competent supervisory authority for us is:
                      Bavarian State Office for Data Protection Supervision