Data protection declaration
for the website www.combridge.de & www.myfastlane.de
Our data protection information in compact form.
Data protection is a matter of trust and your trust is important to us. We respect your privacy and personality. The protection and legally compliant collection, processing and use of your personal data is therefore an important concern for us. In order for you to feel safe when visiting our websites, we strictly observe the legal provisions when processing your personal data and would like to inform you here about our data collection and data use.
We are committed to complying with the GDPR and the nationally applicable data protection laws. For us, the topic of data protection is a company-wide topic with high priority and we only work with partners who also have a corresponding level of data protection in their processing framework. We process your data only if you have given us your express consent to do so, which relates to a service basis for the purpose of a contract or pre-contractual measures or if the relevant laws allow or oblige data processing. The following data protection information covers both the currently applicable national legal framework and the requirements of the EU General Data Protection Regulation (GDPR), which will apply throughout Europe from 25 May 2018. References to the legal bases of the GDPR will apply from 25 May 2018. Under no circumstances will we sell your data or pass it on to unauthorized third parties. We would be happy to inform you in detail below about the handling of your data in our divisions.
You can print or save this document by using the usual functionality of your browser. The following data protection declaration explains which data is collected on our websites and which data we process and use and how.
I. NAME AND ADDRESS OF THE CONTROLLER
The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
COMbridge IT Consulting
Phone: +49 (0) 5363 / 813018-0
Responsible for web content:
COMbridge IT Consulting GmbH
Tel.: +49 (0) 5363 / 813018-0
Represented by the managing directors:
Rainer Gruhlke, Wolfsburg
Karsten Linse, Sassenburg-Grußendorf
– trade register data and business information
II. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
The data protection officer of the controller is:
GmbHIT Security – Business Security &
PrivacyDepart of Data Protection
Phone: 49 (0) 201 – 8999-899
Fax: +49 (02) 01 – 8999-666
III. GENERAL INFORMATION ON DATA PROCESSING
1. SCOPE OF PROCESSING OF PERSONAL DATA
In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users regularly takes place only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.
2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
For the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit.b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit.c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
3. DATA DELETION AND STORAGE PERIOD
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The data is stored in the log files of our system. This does not affect the IP addresses of the user or other data that enable the assignment of the data to a user. A storage of this data together with other personal data of the user does not take place.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.
3. PURPOSE OF DATA PROCESSING
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
4. DURATION OF STORAGE
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
5. POSSIBILITY OF OBJECTION AND REMOVAL
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
2. HOW CAN YOU PREVENT THE STORAGE OF COOKIES?
Depending on the browser used, you can set that the storage of cookies is only accepted if you agree to this. If you only want to accept the cookies we use, but not the cookies of our service providers and partners, you can select the setting in your browser “Block third-party cookies“. As a rule, the menu bar of your web browser shows you how to reject new cookies and turn off already received cookies via the help function. Detailed information on how to make the settings in the browser you are using can be found under the following link. For shared computers that are set to accept cookies and Flash cookies, we recommend that you always log out completely after completion.
3. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
4. PURPOSE OF DATA PROCESSING
5. DURATION OF STORAGE, POSSIBILITY OF OBJECTION AND REMOVAL
VI. CONTACT FORM AND E-MAIL CONTACT
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
A contact form is available on our website, which can be used for electronic contact. If a user accepts this option, the data entered in the input mask will be transmitted to us and stored. These data are:
At the time of sending the message, the following data is also stored:
- Date and time of registration
- Surname, first name
For the processing of the data, your consent will be obtained as part of the sending process and reference will be made to this data protection declaration.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
In this context, it does not pursue the transfer of data to third parties. The data will be used exclusively for the processing of the conversation.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit.b GDPR.
3. PURPOSE OF DATA PROCESSING
The processing of the personal data from the input mask serves us solely to process the contact. If contacted by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. DURATION OF STORAGE
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. POSSIBILITY OF OBJECTION AND REMOVAL
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail , he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
VII. DISCLOSURE OF YOUR DATA TO THIRD PARTIES
In order to make our website as pleasant and comfortable as possible for you as a user, we occasionally use the services of external service providers. Below you have the opportunity to inform yourself about the data protection provisions about the application and use of the services and functions used in order to be able to exercise your rights with the service providers.
1. GOOGLE MAPS
2. SOCIAL PLUGINS
Our website uses social plugins (“plugins”) from various social networks. With the help of these plugins, you can, for example, share content or recommend products. The plugins are deactivated by default on our websites and therefore do not send any data. By clicking on the “Activate social media” button, you can activate the plugins. Of course, the plugins can be deactivated with one click.
If these plugins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you access a website of our website. The content of the plugin is transmitted by the social network directly to your browser and integrated by it into the website.
By integrating the plugins, the social network receives the information that you have accessed the corresponding page of our website. If you are logged in to the social network, it can assign the visit to your account. If you interact with the plugins, for example by clicking the Facebook “Like” button or making a comment, the corresponding information is transmitted directly from your browser to the social network and stored there.
The purpose and scope of the data collection and the further processing and use of the data by social networks as well as your rights in this regard and setting options for the protection of your privacy can be found in the data protection information of the respective networks or websites. The links can be found below.
Even if you are not logged in to the social networks, websites with active social plugins can send data to the networks. An active plugin sets a cookie with an identifier each time the website is accessed. Since your browser sends this cookie with every connection to a network server without being asked, the network could in principle create a profile of which websites the user belonging to the identifier has accessed. And it would then also be quite possible to assign this identifier to a person later – for example when logging in to the social network later.
If you do not want social networks to collect data about you via active plugins, you can either simply deactivate the social plugins with a click on our websites or select the “Block third-party cookies” function in your browser settings. In this case, the browser does not send cookies to the server for embedded content from other providers. With this setting, however, other cross-page functions in addition to the plugins may no longer work.
VIII. RIGHTS OF THE DATA SUBJECT
According to Art. 15 GDPR in conjunction with § 34 BDSG.m you have the unrestricted right to free information about your data stored by us and according to § 35 BDSG the right to delete or block inadmissible data or the right to correction of incorrect data.
Upon request, we are happy to inform you in writing whether and which personal data we have stored about you. As far as possible, we will take appropriate measures to update or correct your data stored by us at short notice. All requests for information, requests for information or objections to data processing should be addressed directly to our data protection officer by e-mail, stating your full postal address.
If personal data is processed by you, you are a data subject within the meaning of GDPR and you have the following rights vis-à-vis the controller:
1. RIGHT TO INFORMATION
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing exists, you can request information from the controller about the following information:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the origin of the data, if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling , pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
2. RIGHT TO RECTIFICATION
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
3. RIGHT TO RESTRICTION OF PROCESSING
Under the following conditions, you can request the restriction of the processing of your personal data:
- if you contest the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or
- if you have objected to the processing pursuant to Article 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of your personal data has been restricted, this data may only be processed – apart from its storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. RIGHT TO ERASURE
1. OBLIGATION TO DELETE
You may request from the controller that the personal data concerning you be deleted without undue delay and the controller is obliged to delete this data without undue delay if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.
- The personal data concerning you have been unlawfully processed.
- The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you have been collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
2. INFORMATION TO THIRD PARTIES
Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase them, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to them. have requested personal data or copies or replications of such personal data.
The right to erasure does not exist if the processing is necessary
- to exercise the right to freedom of expression and information;
- to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
- to assert, exercise or defend legal claims.
4. RIGHT TO INFORMATION
If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.
5. RIGHT TO DATA PORTABILITY
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that
(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit.b GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
6. RIGHT TO OBJECT
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In connection with the use of information society services, you have the possibility – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.
7. RIGHT TO REVOKE THE DECLARATION OF CONSENT UNDER DATA PROTECTION LAW
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
8. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.
VIIII. OTHER INFORMATION
Insofar as parts of the website are also offered in languages other than german, this is exclusively a service for our customers, interested parties and employees who do not speak German.
Our information obligations according to Article 13 GDPR can be found here.