Privacy Policy

Last Updated: 23.01.2025

1. Introduction

Welcome to caard.net! This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and relevant German data protection laws. By using caard.net, you agree to the practices described in this policy.

Data Controller:
Dhairya Shah
Address: Bauerngasse 103, 97421 Schweinfurt, Germany
Contact Email: dhairya@caard.net

2. Data We Collect

2.1 Personal Information Provided by You

Name, email address, phone number, or other details entered during form submissions, waitlist registrations, or inquiries.

2.2 Automatically Collected Information

  • Device and Browser Data: IP address, browser type, operating system, usage patterns, access times, and interactions with the platform.
  • Cookies: Files stored on your device to enhance your user experience.
  • Interaction Data: Pages visited, clicks, and session durations.

3. Legal Basis for Data Processing

We process personal data in compliance with Art. 6 GDPR based on:

  • Consent (Art. 6 para. 1 lit. a GDPR): For waitlist registrations, marketing, and communication.
  • Contractual Necessity (Art. 6 para. 1 lit. b GDPR): To fulfill user requests or agreements.
  • Legitimate Interests (Art. 6 para. 1 lit. f GDPR): For website optimization and user analytics.
  • Legal Obligations (Art. 6 para. 1 lit. c GDPR): To comply with applicable German and EU laws.

4. How We Use Your Data

We use collected data for the following purposes:

  • To provide and improve website functionality.
  • To manage user registrations and respond to inquiries.
  • To analyze website usage and optimize performance.
  • To send updates or marketing materials (with prior consent).
  • To comply with regulatory and legal obligations.

5. Cookies and Tracking

5.1 What Are Cookies?

Cookies are small text files stored on your device to enhance your browsing experience.

5.2 Types of Cookies We Use:

  • Essential Cookies: Required for website operation.
  • Analytics Cookies: Track user behavior for website optimization (e.g., Google Analytics).
  • Preference Cookies: Store user preferences for a personalized experience.

5.3 Managing Cookies:

You can manage or disable cookies through your browser settings. Be aware that disabling cookies may limit certain website functionalities.

6. Data Sharing and Transfer

Your data is not sold or rented to third parties. However, we may share it with:

  • Service Providers: For hosting, analytics, and email communication.
  • Legal Authorities: When required by law or in compliance with German legal obligations.

All third-party services comply with GDPR and ensure secure data handling.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy. Once no longer needed, data is securely deleted in compliance with GDPR and German Federal Data Protection Act (BDSG) requirements.

8. User Rights

As a user of CAARD, you are entitled to the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and relevant information.
  • Right to Rectification (Art. 16 GDPR): You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.
  • Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data. Upon such a request, we will permanently erase your data from our systems, provided there is no legal obligation or overriding legitimate interest to retain it.
  • Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing your personal data under certain conditions.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance.
  • Right to Object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.
  • Right to Lodge a Complaint (Art. 77 GDPR): If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority in your country of residence or where the alleged violation occurred.

Data Deletion Process

If you choose to delete your CAARD profile or account, please be aware of the following:

  • Soft Deletion: When you delete your CAARD profile or account, your data will be deactivated and no longer accessible to you or others. However, we retain your data for 90 days to prevent fraudulent activity, ensure security, and allow for account recovery in case of accidental deletion.
  • Permanent Deletion: After the 90-day retention period, your data will be permanently erased from our systems unless required for legal compliance, dispute resolution, fraud prevention, or enforcing our Terms of Service.
  • Legal Basis for Retention: Our retention of data for 90 days is based on our legitimate interest (Art. 6(1)(f) GDPR) in preventing fraud, ensuring security, and allowing users to recover their accounts if deleted accidentally. After this period, data is permanently deleted unless required for legal or compliance reasons.
  • Immediate Deletion Request: If you wish to have your data permanently deleted before the 90-day period, you can submit a request to our support team. We will process your request in accordance with GDPR’s Right to Erasure.
  • Processing Time for Deletion Requests: We will process permanent deletion requests within 30 days in compliance with GDPR timelines.

Third-Party Data Processing

Some of your data may be processed by third-party service providers (such as hosting services, payment processors, and analytics tools) who act as data processors under GDPR.

We ensure that all third-party service providers handling your data comply with GDPR regulations and use appropriate security measures to safeguard your personal information.

Exercising Your Rights

To exercise any of your rights, including the permanent deletion of your data, please contact us at:

dhairya@caard.net

We will respond to your request without undue delay and in accordance with GDPR requirements.

9. Data Security

We implement strict measures to protect your data:

  • Encryption: SSL/TLS encryption for secure data transmission.
  • Restricted Access: Only authorized personnel have access to personal data.
  • Regular Audits: Continuous monitoring and updates to ensure compliance and security.

10. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review their respective privacy policies before engaging with them.

11. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure it is protected under standard contractual clauses or other legally recognized safeguards.

12. Updates to This Policy

This Privacy Policy may be updated to reflect changes in our practices or legal obligations. The latest version will always be available on this page. Significant updates will be communicated via the email address provided.

13. Contact Information

For questions, feedback, or concerns regarding this Privacy Policy, please contact:

Dhairya Shah
Address: Bauerngasse 103, 97421 Schweinfurt, Germany
Email: dhairya@caard.net