← Back to homeCARS23

Privacy Policy

Privacy Policy – CARS23

Version: October 2025

Operator: free communication GmbH

Address: Fritz-Vomfelde-Str. 34, 40547 Düsseldorf, Germany

Email: service@cars23.io

1. Introduction

Welcome to CARS23!

Protecting your personal data is very important to us. This Privacy Policy explains how we collect, process, and protect your information when you use our website (cars23.io) and our mobile applications (CARS23 for Apple iOS and Google Android).

CARS23 complies with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Data Controller

The responsible entity (controller) for all data processing is:

free communication GmbH
Fritz-Vomfelde-Str. 34
40547 Düsseldorf, Germany
Email: service@cars23.io

Managing Director: Markus Frank

3. Data We Collect

We collect and process the following categories of personal data when you use CARS23:

3.1 Account Data

  • Name, email address, password
  • Profile and contact information (e.g., phone number, company name, location, profile image)

3.2 Usage Data

  • Browsing activity (e.g., pages viewed, searching queries, time of access)
  • Referrer URL and session information
  • Log files for technical operation and security

3.3 Communication Data

  • Messages and inquiries sent through contact forms or in-app chat
  • Customer support interactions (email, fax, or phone)

3.4 Listing / Dealer Data

  • Vehicle listings and related descriptions, images, videos
  • Business verification documents (e.g., trade register entries, VAT ID)

3.5 Payment Data (for Paid Services)

  • Billing address, payment method, and transaction details via certified payment providers (e.g., Stripe or PayPal)
  • No credit-card data are stored directly on CARS23 servers

4. Purposes of Data Processing

We process your data to:

  • Provide, operate, and improve the CARS23 platform
  • Verify user accounts and dealer profiles
  • Facilitate communication between buyers and sellers
  • Process payments for paid services
  • Ensure technical security and prevent fraud
  • Comply with legal obligations (e.g., tax records, KYC verification)

5. Legal Basis

Data processing is carried out on the following legal grounds:

  • Art. 6 (1) b GDPR – Performance of a contract or pre-contractual measures
  • Art. 6 (1) a GDPR – User consent (e.g., for marketing emails, cookies)
  • Art. 6 (1) c GDPR – Legal obligation
  • Art. 6 (1) f GDPR – Legitimate interests (e.g., platform security, fraud prevention)

6. Cookies and Tracking

CARS23 uses cookies and similar technologies to:

  • Enable website and app functionality
  • Save language and login preferences
  • Analyze usage to improve performance

You can manage or disable cookies at any time in your browser or device settings. Analytics and tracking tools are implemented in GDPR-compliant mode (e.g., anonymized IP, opt-out options).

7. Third-Party Services

We may use selected third-party providers to support platform operations, including:

  • Hosting & Cloud: Vercel, AWS, Supabase
  • Email & Notifications: Resend Inc.
  • Payment: Stripe, PayPal, Adyen Inc.
  • Analytics: Google Analytics (GDPR-compliant mode)

All partners process data under signed Data Processing Agreements (DPAs) in accordance with Art. 28 GDPR.

8. Data Retention

We store personal data only as long as necessary for the purposes stated above or as required by law. After the retention period expires, your data will be deleted or anonymized.

9. Data Sharing and International Transfers

Data may be transferred to service providers within the EU / EEA or, if necessary, to countries with adequate data protection standards. For transfers outside the EU/EEA, Standard Contractual Clauses (SCCs) approved by the EU Commission are used.

10. Your Rights under the GDPR

You have the right to:

  • Request access to your stored data (Art. 15 GDPR)
  • Request correction of incorrect data (Art. 16 GDPR)
  • Request deletion ("right to be forgotten") (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (receive your data in a digital format) (Art. 21 GDPR)
  • Data portability (Art. 20 GDPR)

To exercise these rights, contact us at: privacy@cars23.io

You also have the right to lodge a complaint with your local Data Protection Authority, e.g. the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

11. Data Security

CARS23 uses industry-standard encryption (SSL/TLS) and secure server infrastructure. Access to personal data is restricted to authorized employees and contractual partners bound by confidentiality agreements.

12. Children's Privacy

CARS23 is not directed at children under 16 years of age. We do not knowingly collect data from minors. If we become aware that a user is under the age of 16, such data will be deleted immediately.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect technical or legal changes. Users will be notified of significant updates. The current version is always available at: www.cars23.io/privacy

14. Contact

free communication GmbH
Fritz-Vomfelde-Str. 34
40547 Düsseldorf, Germany
Email: service@cars23.io