1. About us
We as Compeso GmbH are responsible for the collection, processing and storage of your data. You can find details about us at any time in our legal notice. Careful handling of your personal data is our top priority. We adhere to the legal provisions during processing, e.g. the General Data Protection Regulation (GDPR) and the associated national provisions. This data protection declaration applies to all of our company’s websites that can be accessed under our domains (i.e. compeso.com, compeso.com, comtrada.de, cloudwash.de). Since we would like to give you a comprehensive overview of the processing of personal data in our company, you will find an overview of all of our services below, within the scope of which we collect and process personal data. In so far separate or additional conditions apply to individual services or we ask you for your consent, we will notify you separately before using the respective service. We also take various security measures to protect your personal data. For example, the transmission between your web browser and our servers is always transport-encrypted; In addition, we maintain a variety of technical and organizational measures to always protect your data.
2. Why we process your data
In principle, you can use our website without revealing your identity. If you register for one of our personalized services or would like to contact us, we will ask you for your name and other personal information. It is up to you to decide whether you want to enter this (extended) data or not. Data that we absolutely need from you to provide our services is marked as such. Your personal data is collected and processed for the following purposes on the basis of the following legal bases:
- Contract initiation according to Art. 6 para. 1 lit. a) and b) GDPR
- Contract processing according to Art. 6 para. 1 lit. b) GDPR
- Customer management in accordance with Art. 6 para. 1 lit. b) and c) GDPR
- Communication and data exchange in accordance with Art. 6 para. 1 lit. a), b), c), f) GDPR
- External presentation and advertising in accordance with Art. 6 para. 1 lit. f) GDPR
- Implementation of declarations of consent in accordance with Art. 6 para. 1 lit. a) GDPR
- Ensuring the proper operation of a data processing system in accordance with Art. 6 para. 1 lit. c) and f) GDPR
3. Which data we might collect and process from you
We might collect different categories of personal data from you. Personal data is all information that relates to an identified or identifiable natural person; A natural person who can be identified directly or indirectly, in particular by association with an identifier such as a name, is regarded as identifiable. Personal data includes, for example. Information such as your name, address, telephone number and date of birth (if given). Statistical information that cannot be directly or indirectly associated with you – such as the popularity of individual websites of our offer or the number of users of a page – are not personal data. There is data collected directly and indirectly. In both cases, data is only collected to the extent necessary; the data will only be processed for the purposes mentioned in section 2. It is up to you to decide whether you want to send us data that optimizes the use of our services for you, but is not necessary for this. Corresponding data fields are marked as ‘voluntary’. The data immediately collected include:
- Salutation and names, e.g. to personalize your contact request
- Email address and, if applicable, a password you have chosen, e.g. to contact us using our contact form
- Address data, e.g. for the purpose of sending offers in printed form
- Data that you actively and consciously transmit through us when using our services, e.g. Information about your POS / box office system used
- Other data that you voluntarily provide to us, e.g. data fields filled in by you, marked as ‘voluntary’
In addition, data about you is indirectly collected when you use our services:
- Technical connection data, e.g. the requested page of our website
- Your IP address, shortened by the last three digits
- Date and hour during the process
- used terminals
- Data collected as part of website tracking
Minors: Our website is not aimed at minors and we do not knowingly collect personal data from minors / non-adults. If persons under the age of 16 transmit personal data to us, this is only permitted if the legal guardian has given his own consent or has given the young person’s consent. According to Art. 8 para. 2 GDPR the contact details of the legal guardian are provided to convince us of the consent or consent of the legal guardian. This data and the data of the minor are then processed in accordance with this data protection declaration. If we determine that a minor under the age of 16 has sent personal data to us without the legal guardian himself or the consent of the minor, we will delete the data immediately.
4. Who has access to your data and to whom we transmit your data
Access to your personal data stored by us is restricted to our employees and the service providers commissioned by us, who have to deal with this personal data due to their tasks. If known third parties have access to your data, we have obtained your permission or there is a legal basis for this. We also use service providers to provide services and to process your data (including hosting and video delivery). In so far these special provisions apply, we have carried them out for you in the following service. The service providers process the data only on our instructions and are obliged to comply with the applicable data protection regulations. All processors have been carefully selected and will only have access to your data to the extent and for the required period of time, which is necessary for the provision of the services or to the extent that you have consented to the data processing and use.
b) Data exchange within the group of companies
Data exchange within the group of companies (even if not particularly signed) to which we belong takes place exclusively within the EU / EEA and only serves internal administrative purposes. By group of companies we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR. Transmission to third countries and legal basis The servers of some of the service providers we use are located in the USA and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the member states of the European Union. If your data is processed in a country that does not have a recognized high level of data protection like the European Union, we use contractual regulations or other recognized instruments to ensure that your personal data is adequately protected. We would like to point this out to you again as part of the individual services. Insofar as personal data is transferred to third countries, this takes place on the basis of the adequacy decision of the EU Commission on the EU-U.S. Privacy Shield in accordance with Art. 45 GDPR or the EU Standard Contract 2010 in accordance with Art. 46 para. 2 lit. c) GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87 / EU) or according to Art. 49 para. 1 lit. a GDPR.
c) Transmission to law enforcement and law enforcement agencies
In exceptional cases, we might have to transmit personal data to law enforcement and law enforcement agencies. This takes place on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Tax Code, the Money Laundering Act or state police law.
5. Storage periods
We store personal data within the framework of the legal regulations or your consent. We use the following criteria to determine the specific storage period: – Legal retention obligations, e.g. according to AO and HGB (German commercial law book) – Existence of consent, e.g. Your consent or their revocation – contractual retention obligations – existence of a contractual relationship, e.g. last activity, if there is no long-term debt relationship – no longer the purpose of data collection and data storage – technological and forensic requirements, e.g. to ward off attacks and their pursuit
You have a number of legal rights, which we would like to draw your attention to below. In addition, our data protection officer is of course available to answer any questions you have about your personal data that we have collected and processed about you at firstname.lastname@example.org . Right to information and data portability you have the right to information about your personal data processed by us at any time. If the data processing is based on your consent or in accordance with Art 6 para. 1 b) GDPR based on a contract, you can in accordance with Art. 20 para. 1 GDPR also require you to receive the personal data stored about you in a structured, common and machine-readable format. At your request, we will also forward the data directly to the recipient you have specified. Furthermore, in accordance with Art. 16 to 18 GDPR, you can request us to correct, restrict (block) or delete your personal data if the data has been processed incorrectly by us, there is a reason for restricting further data processing, or data processing has become illegal for various reasons, or if its storage is not permitted for other legal reasons. We would like to point out that your right to deletion may be restricted by statutory retention periods. Our data processing is based solely on our legitimate interest in accordance with Art 6 para. 1 f) GDPR, you can object to this processing in accordance with Art. 21 para. 1 GDPR. We will then stop processing your data unless we can prove that the processing is worthy of protection, which outweighs your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. If you have allowed us to process your personal data with your consent, you have the right under Art. 7 para. 3 GDPR a right of withdrawal with effect for the future is available. You are free to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the European General Data Protection Regulation or other national and international data protection laws.
To exercise your rights, you can send us an informal message to the contact details below. Please also send your revocation of your consent, stating which declaration of consent you would like to revoke, to the following contact details: Responsible DPO COMPESO GmbH email@example.com
7. Use of our website – profiling, cookies and web tracking
a) Fundamentals of cookies and opt-out options
b) Google Ads
Our website uses the ‘Google Ads’ service, which enables marketers to place ads in the hit lists of Google search and also in the Google advertising network. This takes place on the basis of previously defined keywords, by means of which the hit lists are only displayed if a keyword-relevant search is carried out.
Google Ads aims to advertise our website by displaying relevant advertisements on third-party websites, in the hit lists of Google search and by displaying relevant third-party advertisements on our website.
By clicking on a corresponding Google ad that refers to our website, Google sets a cookie. The cookie enables both us and Google to understand whether you came to our website via an ad and generated sales.
The data obtained in this way is used by Google to generate statistics (e.g. total number of users referred via Google Ads, success of our ads campaign) for our website. Neither we nor any other Google Ads advertiser receives information from Google that could be used to identify you.
However, the cookie is used to store personal information, such as the websites you visit. Google may share this information with third parties.
You can object to interest-based advertising by Google at any time by calling the following opt-out link: https://adssettings.google.com/
Receiver of this data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
c) YouTube Video, embedded via iFrame in the extended data protection mode
d) DoubleClick by Google
8. Additional information and provisions for individual services
Data that you send us via our contact form are processed for the purpose of communication and data exchange, i.e. to respond to your specific request. This data is stored for as long as its processing is necessary for this purpose or until any subsequent retention periods expire.