according to the General Data Protection Regulation (GDPR) Article 13 (Information to be provided where personal data are collected from the data subject), Article 14 (Information to be provided where personal data have not been obtained from the data subject) and Article 21 (Right to object).
We appreciate your interest in our company and our services. The protection of your personal data is very important to us. We are subject to the provisions of the General Data Protection Regulation (GDPR), the new Federal Data Protection Act (BDSG-neu) and the German Telemedia Acts (TMG, TTDSG). We have taken technical and organizational measures to incorporate these regulations. Here, we describe how we collect, use, process and share your data through this website. Furthermore, we inform you about your rights.
As the controller, the cambio Mobilitätsservice GmbH & Co.KG has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject has the choice to transfer personal data to us via alternative means, e.g. by telephone.
Definitions | Name and adress of the controller of this Website | Name and contact of the company Data Protection Officer | Personal data by category | Source of data | Cookies | Collection of general data and information | Contact options via the website | Comments function in the blog on the website | Purposes of data processing | Duration of data storage | Your rights | Right to object | Right of appeal through a supervisory authority | Obligation to provide data and the consequences of non-provision | Automated decision-making in individual cases | Analysis Tools | Internet Advertising | Map services | Shariff | Social Media | Download
Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Use of the website of the cambio Mobilitätsservice GmbH & Co.KG is fundamentally possible without providing any personal data beyond your IP address. However, insofar as you would like to take advantage of the services of cambio, the processing of personal data becomes necessary. You must register as an interested party, a customer or an authorized driver in the customer area of the website and enter your data.
We receive your IP-Adresse via http-protocol.
Cookies are small text files that are stored on your computer or other devices when you visit a website. Cookies are then sent back to the website from which they originated on each future visit. Cookies have the advantage that we can use them to make it easier for you to use our website. We can use the cookies to detect movements on the website and evaluate the use of the website services. In the long term, this leads to an improvement of our services and the user-friendliness of the website.
Cookies can be divided into different categories, e.g. technically necessary cookies. These cookies are mandatory for the provision and proper functioning of the website. The legal basis for the processing of personal data using technically necessary cookies is therefore Art. 6.1 lit. f GDPR. The provision of all other non-technically necessary cookies is based exclusively on your consent (Art. 6.1 lit. a GDPR). Should you decide against consent for some of our cookies, it may no longer be possible to fully use all functions of the website, e.g. watching videos or viewing map services. On the respective subpages, you will be informed graphically if consent is required and you will have the opportunity to provide your consent for the required service on the spot if you wish to do so. All cookies that are not technically necessary will only be used if you have given your consent. Please note, however, that for technical reasons it is not possible for us to guarantee that your IP address will not be visible to third party service providers (e.g. map service providers) when providing required files for the display of external information on our site.
The management as well as change or revocation of your consent to the use of our cookies can be done via our privacy settings, which you can access at any time via the orange fingerprint button on our site. In addition, you can also find more information about the cookies used on the cambio website there.
Most browsers are configured by default to allow cookies. Disabling or restricting the transfer of cookies is possible by changing the settings in your browser. Cookies that you have already stored on your device can be deleted at any time. This can also be done automatically. Instructions on how to deal with cookies can usually be found in the help section of the Internet browser of your choice.
In general, cambio Mobilitätsservice GmbH & Co.KG uses two different kinds of cookies:
These cookies are temporary, i.e. they only stay on your hard drive for the duration of your visit to the website and are automatically deleted when the browser is closed. cambio uses session cookies to ensure uninterrupted identification and functionality during a visit to the cambio customer area. If you use the cambio customer area, your browser must accept session cookies.
We use stored cookies e.g. to enable localization. As a first-time visitor to www.cambio-carsharing.de, you land on the start page of cambio Germany. If you then visit the page of a cambio city, a cookie saves this information so that you immediately land on the page of this city the next time you visit www.cambio-carsharing.de. Stored cookies are used furthermore for analysis of website use so that we can continue to improve its performance.
In order to analyze user activity on the website, cambio uses the web analytics tool Matomo. The collected data cannot be connected to a particular person and it is not matched with any other data sources.
The website of the cambio Mobilitätsservice GmbH & Co.KG collects a series of general data and information when a data subject or automated system accesses the website. These general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, the cambio Mobilitätsservice GmbH & Co.KG does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the cambio Mobilitätsservice GmbH & Co.KG analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The website of the cambio Mobilitätsservice GmbH & Co.KG contains information that enable fast digital communication with our enterprise, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
The cambio Mobilitätsservice GmbH & Co.KG offers users the possibility to leave comments in response to blogposts on our cambio blog, which is linked on the website of the controller. A blog is a web-based, publicly-accessible portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in so-called blogposts. Blogposts may usually be commented by third parties.
If a data subject leaves a comment on the cambio blog, the comments made by the data subject are also stored and published, as well as information on the date of the commentary and on the username (pseudonym) chosen by the data subject. In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also logged. Logging the IP address is done for security reasons, and in case the data subject violates the rights of third parties or posts illegal content in a comment. The storage of these personal data is, therefore, in the own interest of the data controller, to exculpate themselves in the event of an infringement. This collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the aim of the defense of the data controller.
The personal data processed by us in the context of your use of the cambio website is required for the initial consultation, the preparation of contractual documents and for wrapping up a contract.
Purpose: For the fulfillment of contractual obligations
The data is processed for the initiation and fulfillment of the contract, for booking and use of the vehicles and for contract-related customer support.
Processing basis: The processing of personal data is necessary according to Article 6.1 lit. b GDPR for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Insofar as it is necessary, we process and store your personal data for the duration of the contractual relationship, which can for example also include the initiation and the termination of a contract.
You have the right of access in accordance with Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right to erasure according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR and the right to data portability according to Article 20 GDPR. In addition, you have the right to lodge a complaint with a supervisory authority (Article 77 GDPR).
In principle, the right to object to the processing of personal data by the controller exists under Article 21 EU GDPR.
However, we would like to point out that it will then no longer be possible to use the cambio website.
If you would like to take advantage of this right, please contact:
For fundamental concerns/complaints with regard to the processing of your data, you may contact the responsible data protection supervisory authority. You can find an overview of the data protection supervisory authorities on the website of the German Federal Commissioner for Data Protection and Freedom of Information (bfdi) www.bfdi.bund.de or https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Within the framework of our business relationship, you must provide only those personal data that are required for registration and for carrying out a business relationship or which we are legally obliged to collect. Without these data, we must refuse to enter into a contractual agreement, to fulfil a contract or we must terminate an existing contract.
We do not make use of any automated processing, including profiling, to reach a decision on the establishment and conduct of the business relationship (Article 22 GDPR).
Data protection provisions about the application and use of Matomo
On this website, the controller has integrated the Matomo component. Matomo is an open-source software tool for web analysis. Web analysis is the collection, gathering and evaluation of data on the behavior of visitors from Internet sites. A web analysis tool collects for example data on the website from which a data subject accessed a website (so-called referrer), which pages of the website were accessed or how often and for which period of time a sub-page was viewed. A web analysis is mainly used for the optimization of a website and the cost-benefit analysis of Internet advertising.
The purpose of the Matomo component is the analysis of the visitor flows on our website. The controller uses the obtained data and information, inter alia, to evaluate the use of this website in order to compile online reports, which show the activities on our Internet pages.
If consent was given by the user Matomo sets a cookie on the information technology system of the data subject. After the cookie was set, an anonymous analysis of the use of our website is enabled. With each call-up to one of the individual pages of this website, the Internet browser on the information technology system of the data subject is automatically prompted by the Matomo component to submit data for the purpose of online analysis to our server. The IP address is thereby only stored in an anonymized format. This means that part of the address is discarded and not stored. This enables us to draw conclusions about the region from which a visitor accesses the website, but not about the device or the person who accessed the page.
The cookie is used to store information, such as the access time, the location from which access was made, and the frequency of visits to our website. With each visit of our Internet pages, these data, including the anonymized IP address of the Internet access used by the data subject, are transferred to our server. These data will be stored by us. We do not share these data with third parties.
The controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads in Google's search engine results as well as in the Google advertising network. Google AdWords enables an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed on topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.
The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine.
If a data subject accesses our website via a Google ad, a so-called conversion cookie is stored by Google on the data subject's information technology system. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. The conversion cookie is used to track whether certain subpages, for example the shopping cart of an online store system, have been called up on our website, provided that the cookie has not yet expired. Through the conversion cookie, both we and Google can track whether a data subject who arrived at our website via an AdWords ad generated a sale, i.e. completed or cancelled a purchase of goods.
The data and information collected through the use of the conversion cookie are used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other advertisers of Google AdWords receive information from Google by means of which the data subject could be identified.
By means of the conversion cookie, personal information, such as the websites visited by the data subject, is stored. If a conversion cookie is active, personal data, including the IP address of the Internet connection used by the data subject, will therefore be transmitted to Google in the United States of America each time our Internet pages are visited. This personal data is stored by Google in the United States of America. Google may disclose this personal data collected via the technical procedure to third parties.
The data subject can prevent the setting of cookies, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.
Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must call up the link http://www.google.de/settings/ads from any of the Internet browsers he or she uses and make the desired settings there.
Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/.
The cambio website offers the service to show locations such as our stations on an interactive map. To provide this service the cambio-website embeds Google Maps and HERE Maps. Cambio uses this services to improve the use of the website and the offered services. The logo on the map shows whether we use Google Maps or HERE Maps for the respective service.
Data protection provisions about the application and use of Google Maps
When using Google Maps on the cambio website, log information (e.g. the address entered) and a user's IP address will be transferred to Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Please note that this means that your data will be processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. The use of this service therefore requires your consent. The transfer of data to an unsafe third country occurs on the basis of Art. 49.1 lit. a GDPR. You can view the data protection information of google here: https://www.google.com/intl/de_de/policies/privacy/.
Data protection provisions about the application and use of HERE Maps
When using HERE Maps (API) from HERE Global B.V., Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands (HERE) on the cambio-website log information (e.g. the address entered) and a user's IP address will be transferred to HERE. Processing of this data takes place in the EU and therefor under European Data Protection Regulation. More information on HEREs data protection policy:https://legal.here.com/de-de/privacy/policy.
Data protection provisions about the application and use of Shariff on the cambio blog
On the websites blog, the controller has integrated the component Shariff. The Shariff component provides social media buttons that are compliant with data protection. Shariff was developed for the German computer magazine c't (Heise Medien GmbH & Co. KG) and is provided via the GitHub platform under the MIT license.
Typically, the button solutions provided by the social networks already transmits personal data to the respective social network, when a user visits a website in which a social media button was integrated. By using the Shariff component, personal data is only transferred to social networks, when the visitor actively activates one of the social media buttons. Further information on the Shariff component may be found on the website of the computer magazine c't. The use of the Shariff component is intended to protect the personal data of the visitors of our blog while enabling us to integrate a button solution for social networks on that site.
We communicate via social media networks and platforms with social media users. Some social media networks and platforms are based outside the European Union. Therefore, the processing of personal data takes place outside the European Union. This can, for example, make it more difficulties to enforce the rights of the data subject. Furthermore, social media networks and platforms usually use personal data for the purposes of market research and advertising.
Legal basis of processing: Art. 6. 1 lit. f. GDPR. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. If the user has consented to processing of his or her personal data the legal basis of processing is Art. 6.1 lit. a., Art. 7 GDPR.
Following you will find detailed information about the social media networks and platforms that we use.
Data protection provisions about the application and use of Facebook
On this website, the controller has integrated components of the enterprise Facebook. The processing of data bases upon an agreement of joint processing: https://www.facebook.com/legal/terms/page_controller_addendum
Facebook is a social network that allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download and display the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed via https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject and for the entire duration of their stay on our website which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the "Like" button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.
The data protection guideline published by Facebook, which is available at https://www.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook.
Data protection provisions about the application and use of Twitter
On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly accessible microblogging service on which users may publish and spread so-called tweets, e.g. short messages, which are limited to 280 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.
With each call-up to one of the individual pages of this website, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download and display the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.
If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site, which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.
Twitter receives information via the Twitter component that the data subject has visited our website, if the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.
The applicable data protection provisions of Twitter may be accessed via: https://about.twitter.com/de/resources/buttons.
Data protection provisions about the application and use of YouTube
On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to upload video clips and other users to view, review and comment on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
With each call-up to one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download and display the corresponding YouTube component if consent by the user was given. Further information about YouTube may be obtained via https://www.youtube.com. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
YouTube's data protection provisions, available athttps://www.google.de/intl/de/policies/privacy, provide information about the collection, processing and use of personal data by YouTube and Google
Data protection provisions about the application and use of Instagram
On this website, the controller has integrated components of the service Instagram. Instagram is a service that may be qualified as an audiovisual platform, which allows users to share photos and videos, as well as share such data in other social networks.
The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, UNITED STATES.
With each call-up to one of the individual pages of this website, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download and display the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, then Instagram matches this information with the personal Instagram user account of the data subject and stores the personal data.
Instagram receives information via the Instagram component that the data subject has visited our website provided that the data subject is logged in at Instagram at the time of the call to our website. This occurs regardless of whether the person clicks on the Instagram button or not. If such a transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before a call-up to our website is made.
Further information and the applicable data protection provisions of Instagram may be retrieved via https://www.instagram.com/about/legal/privacy/.