Data privacy information - cambio-website and cambio-blog
According to the Data Protection Basic Regulation (DS-GVO) Article 13 (obligation to inform the person concerned about the collection of personal data), Article 14 (obligation to inform when personal data was not collected from the person concerned) and Article 21 (obligation to inform).
We appreciate your interest in our company and our services. The protection of your personal data is very important to us. We are subject to the provisions of the Data Protection Basic Regulation (DS-GVO) of the German National Data Protection Law new (BDSG (neu)) and of the telemedia law. We have taken technical and organisational measures to ensure that we follow the data protection regulations. Here, we describe how we collect, use, process and share your data through this website. Furthermore, we inform you about your rights.
As the controller, the cambio Mobilitätsservice GmbH & Co. KG has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
Definitions | Name and adress of the controller | Name and contact of the company data protection officer | Personal data by category | Sources of data | Cookies | Collection of general data an information | Contact possibility via the website | Comments function in the blog on the website | Purposes of data processing | Duration of data storage | Your rights | Right to object | Right of appeal through an oversight authority | Obligation to provide data | Automated decision-making in individual cases | WorldPress Plugins | Analysis Tools | Internet Advertising | Map services | Social Media | Download
This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). In this data protection declaration, we use, inter alia, the following terms:
Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
cambio Mobilitätsservice GmbH & Co. KG
E-Mail: Stefan Weisfeld
Use of the website of the cambio Mobilitätsservice GmbH & Co.KG is fundamentally possible without providing any personal data beyond your IP address. However, insofar as you would like to take advantage of the services of cambio, the processing of personal data becomes necessary. You must register as an interested party, a customer or an authorized driver in the customer area of the website and enter your data.
You can request the data protection information according to Article 13, Article 14 and Article 21 DS-GVO for interested parties, customers and authorized drivers from the cambio company with whom you are or would like to become a customer or an authorized driver or you can download it here on our website.
We receive your IP-Adresse via http-protocol.
Cookies have the advantage that we can make the use of our website easier for you.
If you use the cambio website, you agree to the use and storage of cookies. Most browsers save cookies automatically.
Of course, you can use the website without accepting cookies. At the moment cambio does not use any tracking tools.
cambio generally uses two different types of cookies:
These cookies are temporary, i.e. they only stay on your hard drive for the duration of your visit to the website and are automatically deleted when the browser is closed. cambio uses session cookies to ensure uninterrupted identification and functionality during a visit to the cambio customer area. If you use the cambio customer area, your browser must accept session cookies.
We use stored cookies to enable localization. As a first-time visitor to www.cambio-carsharing.de, you land on the start page of cambio Germany. If you then visit the page of a cambio city, cookies save this information so that you immediately land on the page of this city the next time you visit www.cambio-carsharing.de.
The website of the cambio Mobilitätsservice GmbH & Co. KG collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, the cambio Mobilitätsservice GmbH & Co. KG does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the cambio Mobilitätsservice GmbH & Co. KG analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The website of the cambio Mobilitätsservice GmbH & Co. KG contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
The cambio Mobilitätsservice GmbH & Co. KG offers users the possibility to leave individual comments on individual blog contributions on a blog, which is on the website of the controller. A blog is a web-based, publicly-accessible portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in so-called blogposts. Blogposts may usually be commented by third parties.
If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information on the date of the commentary and on the user's (pseudonym) chosen by the data subject. In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also logged. This storage of the IP address takes place for security reasons, and in case the data subject violates the rights of third parties or posts illegal content through a given comment. The storage of these personal data is, therefore, in the own interest of the data controller, so that he can exculpate in the event of an infringement. This collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the aim of the defense of the data controller.
The personal data processed by us in the context of your use of the cambio website is required for the initial consultation, the preparation of contractual documents and for wrapping up a contract.
Purpose: for the performance of a contract
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Basis for processing: The processing of personal data is necessary according to Article 6 Paragraph 1 Letter b) GDPR for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Insofar as it is necessary, we process and store your personal data for the duration of the contractual relationship, which can for example also include the initiation and the termination of a contract.
You have the right to information in accordance with Article 15 GDPR, the right to be informed according to Article 16 GDPR, the right to deletion according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR and the right to data portability from Article 20 GDPR. In addition, there is a right to appeal through a data protection oversight authority (Article 77 GDPR).Sie haben das Recht auf Auskunft nach Art. 15 DS-GVO, das Recht auf Berichtigung nach Art. 16 DS-GVO, das Recht auf Löschung nach Art. 17 DS-GVO, das Recht auf Einschränkung der Verarbeitung nach Art. 18 DS-GVO sowie das Recht auf Datenübertragbarkeit aus Art. 20 DS-GVO. Darüber hinaus besteht ein Beschwerderecht bei einer Datenschutzaufsichtsbehörde (Art. 77 DS-GVO).
There is a basic right to object to the processing of personal data by cambio according to Article 21 EU GDPR.
However in such a case the use of cambio vehicles is no longer possible.
If you would like to take advantage of this right, please contact:
E-Mail: Stefan Weisfeld
For fundamental concerns/complaints with regard to the processing of your data, you may contact the responsible data protection oversight authorities. You can find an overview of the data protection oversight authorities on the Internet site of the German Data Protection and Freedom of Information Officer (bfdi) www.bfdi.bund.de or https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Within the framework of our business relationship, you must provide only the personal data which is required for registration and for carrying out a business relationship or which we are legally obliged to collect. Without this data, we must refuse to enter into a contractual agreement or to fulfil a contract or we must terminate an existing contract.
We do not make use of any automated processing, including profiling, for causation of a decision on the establishment and conduct of a business relationship (Article 22 GDPR).
Data protection provisions about the application and use of Shariff
On this website, the controller has integrated the component of Shariff. The Shariff component provides social media buttons that are compliant with data protection. Shariff was developed for the German computer magazine c't and is published by GitHub, Inc.
The developers of the component are GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, United States.
Typically, the button solutions provided by the social networks already transmits personal data to the respective social network, when a user visits a website in which a social media button was integrated. By using the Shariff component, personal data is only transferred to social networks, when the visitor actively activates one of the social media buttons. Further information on the Shariff component may be found in the computer magazine c't under http://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html provided.
The use of the Shariff component is intended to protect the personal data of the visitors of our website and to enable us to integrate a button solution for social networks on this website.
Further information and the applicable data protection provisions of GitHub are retrievable under https://help.github.com/articles/github-privacy-policy/.
Data protection provisions about the application and use of PIWIK/Matomo
On this website, the controller has integrated the PIWIK/Matomo component. PIWIK/Matomo is an open-source software tool for web analysis. Web analysis is the collection, gathering and evaluation of data on the behavior of visitors from Internet sites. A web analysis tool collects, inter alia, data on the website from which a data subject came to a website (so-called referrer), which pages of the website were accessed or how often and for which period of time a sub-page was viewed. A web analysis is mainly used for the optimization of a website and the cost-benefit analysis of Internet advertising.
The software is operated on the server of the controller, the data protection-sensitive log files are stored exclusively on this server.
The purpose of the PIWIK/Matomo component is the analysis of the visitor flows on our website. The controller uses the obtained data and information, inter alia, to evaluate the use of this website in order to compile online reports, which show the activities on our Internet pages.
PIWIK/Matomo sets a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, an analysis of the use of our website is enabled. With each call-up to one of the individual pages of this website, the Internet browser on the information technology system of the data subject is automatically through the PIWIK/Matomo component prompted to submit data for the purpose of online analysis to our server. During the course of this technical procedure, we obtain knowledge about personal information, such as the IP address of the data subject, which serves to understand the origin of visitors and clicks.
The cookie is used to store personal information, such as the access time, the location from which access was made, and the frequency of visits to our website. With each visit of our Internet pages, these personal data, including the IP address of the Internet access used by the data subject, are transferred to our server. These personal data will be stored by us. We do not forward this personal data to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the used Internet browser would also prevent PIWIK/Matomo from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by PIWIK/Matomo may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to a collection of data relating to a use of this Internet site that are generated by PIWIK/Matomo as well as the processing of these data by PIWIK/Matomo and the chance to preclude any such. For this, the data subject must set an opt-out cookie. The opt-out cookie that is set for this purpose is placed on the information technology system used by the data subject. If the cookies are deleted on the system of the data subject, then the data subject must call-up the link again and set a new opt-out cookie.
With each setting of the opt-out cookie, however, there is the possibility that the websites of the controller are no longer fully usable for the data subject.
Further information and the applicable data protection provisions of PIWIK/Matomo may be retrieved under https://matomo.org/docs/privacy/.
Data protection provisions about the application and use of Google-AdWords
On this website, the controller has integrated Google AdWords. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google's search results only then displayed, when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords.
The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Google and an insertion of third-party advertising on our website.
If a data subject reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the data subject through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g., the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and the controller can understand whether a person who reached an AdWords ad on our website generated sales, that is, executed or canceled a sale of goods.
The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.
The conversion cookie stores personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, at any time, prevent the setting of cookies by our website, as stated above, by means of a corresponding setting of the Internet browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the information technology system of the data subject. In addition, a cookie set by Google AdWords may be deleted at any time via the Internet browser or other software programs.
The data subject has a possibility of objecting to the interest-based advertisement of Google. Therefore, the data subject must access from each of the browsers in use the link www.google.de/settings/ads and set the desired settings.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/.
The cambio website offers the service to show locations on an interactive map.
To provide this service the cambio-website embeds Google Maps and HERE Maps. Cambio uses this services to improve the use of the website and the offered services. The logo on the map shows whether we use Google Maps or HERE Maps for the respective service.
Data protection provisions about the application and use of Google Maps
When using Google Maps on the cambio website, log information (e.g. the address entered) and a user's IP address will be transferred to die Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google listed in the US Privacy-Shield (Link: https://cloud.google.com/security/compliance/privacy-shield/?hl=de). Social media networks and platforms certified under the Privacy-Shield, commit themselves to comply with European data privacy standards. More information on Google Inc.'s data protection policy: https://www.google.com/intl/de_de/policies/privacy/.
Data protection provisions about the application and use of HERE Maps
When using HERE Maps (API) from HERE Global B.V., Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands (HERE) on the cambio-website log information (e.g. the address entered) and a user's IP address will be transferred to HERE. Processing of this data takes place in the EU and therefor under European Data Protection Regulation. More information on HEREs data protection policy: https://legal.here.com/de-de/privacy/policy.
Data protection provisions about the application and use of YouTube
On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained underhttps://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
YouTube's data protection provisions, available at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google
Data protection provisions on the application and use of Vimeo
The controller has integrated components of Vimeo. Vimeo is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. The integration of videos (unavoidably) calls up the Vimeo server. The publicly available data protection information of Vimeo is available at https://vimeo.com/privacy and provides information on the collection, processing and use of personal data by Vimeo.
Data protection provisions about the application and use of Instagram
On this website, the controller has integrated components of the service Instagram. Instagram is a service that may be qualified as an audiovisual platform, which allows users to share photos and videos, as well as disseminate such data in other social networks.
The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, UNITED STATES.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our website by the data subjectand for the entire duration of their stay on our Internet sitewhich specific sub-page of our Internet page was visited by the data subject. This information is collected through the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, then Instagram matches this information with the personal Instagram user account of the data subject and stores the personal data.
Instagram receives information via the Instagram component that the data subject has visited our website provided that the data subject is logged in at Instagram at the time of the call to our website. This occurs regardless of whether the person clicks on the Instagram button or not. If such a transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before a call-up to our website is made.
Disclaimer: The data privacy statement is in German. This translation of the original German document is exclusively informational and not legally valid.
Status: December 2019