Privacy policy for the cambio website

Definitions

This data protection information is based on the terms used by the European Directive and Ordinance Maker when adopting the General Data Protection Regulation (GDPR). We use the following terms, among others, in this data protection information:
personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing during the legal retention periods. This means that the data is still stored, but can only be used for certain processing, such as auditing by tax authorities.
Profiling
Profiling is any type of automated processing of personal data that consists of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Controller or entity responsible for the processing
The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Processor
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
Recipient
Recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.
Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent
Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

Responsible entity

cambio Mobilitätsservice GmbH & Co.KG
Humboldtstr. 131-137
28203 Bremen
Phone: +49 421 9896943000
Email: info@cambio-CarSharing.com

Data Protection Officer

Stefan Weisfeld
Rutenstr. 8
28203 Bremen
E-Mail: info@weisfeld.it

Categories of personal data processed on the website:

The use of the website of the cambio Mobilitätsservice GmbH & Co.KG is basically possible without any specification of personal data except for your IP address. However, if you wish to use the services of cambio, the processing of personal data is necessary. To do so, you must register as an interested party, customer or authorized driver in the customer area of the website and enter your data.
You can request the data protection information pursuant to Art. 13, Art. 14 and Art. 21 DS-GVO for interested parties, customers and authorized drivers from the cambio company with which you would like to become or are a customer or authorized driver or download it here on our website.

Origin of the personal data

We receive the IP address automatically as part of the http-protocol.

Cookies

Cookies are small text files that are stored on your computer or other terminal device when you visit a website. Cookies are then sent back to the website from which they originated on each future visit. Cookies have the advantage that we can use them to make it easier for you to use our website. We can use the cookies to detect movements on the website and evaluate the use of the website offering. In the long term, this leads to an improvement of the web offer and the user-friendliness of the website.

Cookies can be divided into different categories, e.g. technically necessary cookies. These cookies are mandatory for the provision and proper functioning of the website. The legal basis for the processing of personal data using technically necessary cookies is therefore Art. 6 para. 1 lit. f DS-GVO. The loading of all other non-technically necessary cookies takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a DS-GVO). Should you decide against consent for some of our cookies, it may no longer be possible to fully use all functions of the website, e.g. watching videos or viewing map services on our website. On the subpages concerned, you will be graphically informed if consent is required and you will have the opportunity to provide your consent for the required service on the spot if you wish to do so. All cookies that are not technically necessary will only be used if you have given your consent. Please note, however, that for technical reasons it is not possible for us to guarantee that your IP address will not be visible to third party service providers (e.g. map service providers) by providing required files for the display of external information on our site.
The management as well as change or revocation of their consent to the use of our cookies used is done via our privacy settings, which you can access at any time via the orange fingerprint button on our site. In addition, you can also find more information about the cookies used on the cambio website there.

Most browsers are configured by default to allow cookies. Disabling or restricting the transfer of cookies is possible by changing the settings in your browser. Cookies that you have already stored on your terminal device can be deleted at any time. This can also be done automatically. Instructions on how to deal with cookies can usually be found in the help section of the Internet browser.

In general, cambio Mobilitätsservice GmbH & Co.KG uses two different cookie variants:
Session cookies:
These cookies are temporary, i.e. they remain on your hard drive only for the duration of your visit to the website and are automatically deleted when you close the browser.
We use session cookies to ensure uninterrupted identification during a visit to the cambio customer area and thus its functionality.
If you use the cambio customer area, it is therefore mandatory that your browser accepts session cookies.
Cookies with longer runtime:
We use cookies with longer duration, for example to enable your localization. When you first visit www.cambio-carsharing.de, you land on the homepage of cambio Germany. If you then select a city on the website e.g. at the plan table, the cookies store this information so that the next time you visit www.cambio-carsharing.de you will immediately receive information of this city.
We also use cookies with a longer duration to analyze website usage so that we can constantly improve its performance. We store these cookies for 4 weeks. 
To analyze the surfing behavior of users we use the analysis tool Matomo. We have no way of assigning this data to a specific person. A combination of this data with other data sources is not made.

Collection of general data and information

The website of the cambio Mobilitätsservice GmbH & Co.KG collects a series of general data and information every time a data subject or automated system calls up the website. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, the cambio Mobilitätsservice GmbH & Co.KG does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the content of our website correctly, (2) to optimize the content of our website and the advertising for it, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, the cambio Mobilitätsservice GmbH & Co.KG analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise, to ensure an optimal level of protection for the personal data we process.

Contact possibility via the website

Based on statutory provisions, the website of the cambio Mobilitätsservice GmbH & Co.KG contains data that enable a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or by using a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purpose of processing or contacting the data subject. No disclosure of this personal data to third parties will take place.

Data processing purposes

The personal data processed by us in the course of your use of the cambio website are necessary for the initial consultation, the preparation of the contract documents and a contract conclusion.

Purpose: To fulfill contractual obligations

The data is processed for the initiation and fulfillment of the contract, for the booking and use of the vehicles and for the contract-related support of the customers.
Basis for processing: The processing of personal data is necessary pursuant to Article 6(1)(b) GDPR for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject.

Duration of data storage

To the extent necessary, we process and store your personal data for the duration of the business relationship, which includes, for example, the initiation and execution of a contract.

Your rights

You have the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR and the right to data portability under Article 20 of the GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DS-GVO).

Right of objection

In principle, there is a right to object to the processing of personal data by the controller in accordance with Article 21 EU DS-GVO.
However, we would like to point out that it will then no longer be possible to use the cambio website.
Should you wish to assert these rights, please contact:

Stefan Weisfeld
Rutenstr. 8
28203 Bremen
Germany
Email: info@weisfeld.it

Right of complaint to a supervisory authority

In the event of fundamental concerns/complaints regarding the processing of your data, you can contact the competent data protection supervisory authority. An overview of the data protection supervisory authorities can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information (bfdi) at www.bfdi.bund.de or www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.

Obligation to provide data and consequences of non-provision

Within the scope of our business relationship, you only have to provide those personal data that are necessary for the establishment and execution of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or will no longer be able to perform an existing contract and may have to terminate it.

Automated decision-making in individual cases (including profiling)

We do not use automated processing, including profiling, to reach a decision on the establishment and performance of the business relationship (Art.l 22 DS-GVO).

Analysis tools

Privacy policy on the use and application of Matomo
The controller has integrated the MATOMO component on this website. MATOMO is an open source software tool for web analysis. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to websites. Among other things, a web analysis tool collects data about the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used for optimizing a website and for cost-benefit analysis of internet advertising.
The purpose of the MATOMO component is to analyze the flow of visitors to our website. The controller uses the data and information obtained, among other things, to evaluate the use of this website in order to compile online reports showing the activities on our internet pages.
MATOMO sets a cookie on the information technology system of the data subject, if user consent has been given. The setting of the cookie enables us to anonymously analyze the use of our website. Each time one of the individual pages of this website is called up, the internet browser on the information technology system of the data subject is caused by the MATOMO component to transmit data to our server for the purpose of online analysis. The IP address is only stored in anonymized form. This means that part of the address is discarded and not stored. This enables us to draw conclusions about the region from which a visitor accesses the website, but not about the end device or the person who accessed the page.
By means of the cookie, information such as the access time, the location from which an access originated and the frequency of visits to our website are stored. Each time you visit our website, this data, including the anonymized IP address of the Internet connection used by the person concerned, is transmitted to our server. This data is stored by us. We do not pass this data on to third parties.
Further information and the applicable data protection provisions of MATOMO can be found at https://matomo.org/privacy/.

Internet advertising

Privacy policy on the use and application of Google AdWords
The controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads in Google's search engine results as well as in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed on topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.
The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine.
If a data subject accesses our website via a Google ad, a so-called conversion cookie is stored by Google on the data subject's information technology system. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. The conversion cookie is used to track whether certain subpages, for example the shopping cart of an online store system, have been called up on our website, provided that the cookie has not yet expired. Through the conversion cookie, both we and Google can track whether a data subject who arrived at our website via an AdWords ad generated a sale, i.e. completed or cancelled a purchase of goods.
The data and information collected through the use of the conversion cookie are used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other advertisers of Google AdWords receive information from Google by means of which the data subject could be identified.
By means of the conversion cookie, personal information, such as the websites visited by the data subject, is stored. If a conversion cookie is active, personal data, including the IP address of the internet connection used by the data subject, will therefore be transmitted to Google in the United States of America each time our internet pages are visited. This personal data is stored by Google in the United States of America. Google may disclose this personal data collected via the technical procedure to third parties.
The data subject can prevent the setting of cookies, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must call up the link www.google.de/settings/ads from any of the internet browsers he or she uses and make the desired settings there.
Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/.

Map services

The cambio website offers the possibility to display information such as our stations on a map. For this purpose, the cambio website embeds Google Maps and HERE Maps. Cambio uses these services to facilitate and improve the use of the website and the service offered. You can recognize in each case by the logo in the map whether we use Google Maps or HERE Maps for the respective service.
Privacy policy on the use and application of Google Maps
When using Google Maps on the cambio website, log data (e.g. the address entered) and your IP address are transmitted to Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Please note that your data is thereby processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. The use of this service therefore requires your consent. The transfer of data to an unsafe third country occurs on the basis of Art. 49 (1) lit. a DS-GVO. You can view the data protection information of google here: https://policies.google.com/privacy
Privacy policy on the use and application of HERE Maps
When using HERE Maps from HERE Global B.V., Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands ("HERE") on the cambio website, log data (e.g. the address entered) and your IP address are transmitted to HERE. The processing of this data takes place within the EU and consequently according to the rules of the EU General Data Protection Regulation. You can view HERE's data protection information here: https://legal.here.com/de-de/privacy/policy.

Shariff

Privacy policy on the use and application of Shariff
The controller has integrated the Shariff component on this website. The Shariff component provides social media buttons that are privacy-compliant. Shariff was developed for the German computer magazine c't (Heise Medien GmbH & Co. KG) and is provided via the GitHub platform under the MIT license.
Usually, the button solutions provided by social networks already transmit personal data to the respective social network when a user visits a website in which a social media button has been integrated. By using the Shariff component, personal data is only transmitted to social networks when the visitor to a website actively clicks one of the social media buttons. Further information on the Shariff component is provided by the computer magazine c't on its website. The purpose of using the Shariff component is to protect the personal data of visitors to our website and, at the same time, to enable us to integrate a button solution for social networks on this website.

Social media

We communicate by means of our presences in social networks and platforms with their users. Since some of the social networks and platforms are based outside the European Union, the users' data is processed outside the European Union. This may, for example, make it more difficult to enforce the rights of data subjects. Furthermore, user data is usually processed for market research and advertising purposes.
Purposes of data processing
We process the personal data we process in the context of social networks and platforms to communicate with users in order to inform them about our service and to obtain information to improve the service.
Basis for processing: Article 6 para. 1 lit. f. DS-GVO. The processing of personal data is based on a legitimate interest. If the users are asked by the providers of the platforms for consent to the data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DS-GVO.
In the following, we provide detailed information about the social networks and platforms that we use.

Privacy policy on the use and application of Facebook
The controller has integrated components of the company Facebook on this website. The processing of data takes place on the basis of an agreement on joint processing of personal data: https://www.facebook.com/legal/terms/page_controller_addendum
Facebook is a social network that allows users, among other things, to create private profiles, upload photos and network via friend requests.
The operating company of Facebook is Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. The controller of personal data, if a data subject lives outside the USA or Canada, is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time one of the individual pages of this website operated by the data controller is called up and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically caused by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/. Within the scope of this technical procedure, Facebook receives knowledge of which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to Facebook at the same time, Facebook recognizes which specific sub-page of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is simultaneously logged into Facebook at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, he or she can prevent the transmission by logging out of his or her Facebook account before accessing our website.
The data policy published by Facebook, which can be accessed at https://www.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. Furthermore, it explains which setting options Facebook offers to protect the privacy of the data subject.

Privacy policy on the use and application of Twitter
The controller has integrated components of Twitter on this website. Twitter is a multilingual publicly accessible microblogging service on which users can publish and distribute so-called tweets, i.e. short messages limited to 280 characters. These short messages can be accessed by anyone, including people who are not registered with Twitter. However, the tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow the tweets of a user. Furthermore, Twitter makes it possible to address a broad audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
By each call of one of the individual pages of this website, which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Twitter component to download a representation of the corresponding Twitter component from Twitter. Further information on the Twitter buttons can be found at https://about.twitter.com/de/resources/buttons. Within the scope of this technical procedure, Twitter receives knowledge of which specific sub-page of our website is visited by the data subject. The purpose of integrating the Twitter component is to enable our users to disseminate the content of this website, to make this website known in the digital world and to increase our visitor numbers.
If the data subject is logged into Twitter at the same time, Twitter recognizes which specific subpage of our website the data subject is visiting with each call to our website by the data subject and for the entire duration of the respective stay on our website. This information is collected by the Twitter component and assigned by Twitter to the respective Twitter account of the data subject. If the data subject activates one of the Twitter buttons integrated on our website, the data and information thus transmitted will be assigned to the personal Twitter user account of the data subject and stored and processed by Twitter.
Twitter always receives information via the Twitter component that the data subject has visited our website if the data subject is simultaneously logged into Twitter at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Twitter component or not. If the data subject does not want this information to be transmitted to Twitter, he or she can prevent the transmission by logging out of his or her Twitter account before accessing our website.
The applicable data protection provisions of Twitter are available at https://twitter.com/de/privacy.

Privacy policy on the use and application of YouTube
The controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
By each call of one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube, if the user has consented to this. Further information on YouTube can be found at https://www.youtube.com/. Within the scope of this technical procedure, YouTube and Google receive knowledge of which specific sub-page of our website is visited by the data subject.
If the data subject is logged into YouTube at the same time, YouTube recognizes which specific sub-page of our website the data subject is visiting by calling up a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is simultaneously logged into YouTube at the time of calling up our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, he or she can prevent the transmission by logging out of his or her YouTube account before accessing our website.
The privacy policy published by YouTube, which can be found at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.

Privacy policy on the use and application of Instagram
The controller has integrated components of the service Instagram on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and, moreover, to redistribute such data in other social networks.
The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each time one of the individual pages of this website operated by the controller is called up and on which an Instagram component (Insta button) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Instagram component to download a representation of the corresponding component from Instagram. Within the scope of this technical procedure, Instagram receives knowledge about which specific subpage of our website is visited by the data subject.
If the data subject is logged into Instagram at the same time, Instagram recognizes which specific sub-page the data subject is visiting with each call to our website by the data subject and for the entire duration of the respective stay on our website. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on our website, the data and information thus transmitted will be assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.
Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is simultaneously logged into Instagram at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, he or she can prevent the transmission by logging out of his or her Instagram account before accessing our website.
Further information and the applicable data protection provisions of Instagram can be found at https://www.instagram.com/about/legal/privacy/.