1. About us As COMPESO GmbH, we are responsible for the collection, processing and storage of your data. Details about us can always be found in our .
Careful handling of your personal data is a top priority for us. During data procession, we adhere to the relevant legal provisions, for example the General Data Protection Regulation (GDPR) and the associated national regulations.
We would like to give you a comprehensive overview of the processing of personal data in our company. Listed below, you will find of all our services in which we collect and process personal information. Where separate or additional conditions apply to individual services or where we explicitly ask you for your consent, we will point this out to you separately when you start using the respective service.
We also take a variety of security measures to protect your personal information. For example, transmissions between your web browser and our servers always use transport encryption. In addition, we maintain a variety of technical and organisational measures to protect your information at all times.
2. Why we process your data You can use our website without revealing your identity. If you would like to register for one of our personalised services or want to contact us, we will ask for your name and other personal information. It is your free decision whether or not you want to submit this (extended) data. Data that we absolutely need in order to be able to provide our services to you is marked as such.
Collection and processing of your personal data takes place for the following purposes based on the following legal provisions:
Contract initiation pursuant to Art. 6 para. 1 lit. a) and b) GDPR.
Contract execution in accordance with Art. 6 para. 1 lit. b) GDPR.
Customer management in accordance with Art. 6 para. 1 lit. b) and c) GDPR.
Communication and data exchange according to Art. 6 para. 1 lit. a), b), c), f) GDPR.
External presentation and advertising in accordance with Art. 6 para. 1 lit. f) GDPR.
Implementation of declarations of consent in accordance with Art. 6 (1) lit. a) GDPR.
Ensuring the proper operation of a data processing system in accordance with Art. 6 para. 1 lit. c) and f) GDPR.
3. What data we collect and process We collect different categories of personal data from you. Personal data means any information relating to an identified or identifiable natural person; a natural person is regarded as identifiable, either directly or indirectly, in particular by association with an identifier such as a name. Personal information includes, for example, information such as your name, address, telephone number and date of birth (if provided). Statistical information that cannot be directly or indirectly associated with you - such as the popularity of individual websites or the number of users of a page - is not personal information. There is directly and indirectly collected data. In both cases, data is collected only to the extent necessary for the purpose; the data will be processed exclusively for the purposes mentioned under point 2. Whether you want to provide us with data that is not necessary in this sense, but is needed by us for optimising our services for you, is in your discretion. The respective data fields are marked as 'voluntary'.
The data collected directly includes:
Title and name, e.g., to personalize your contact request
E-mail address and, if necessary, a password chosen by you, e.g., to contact us via our contact form.
Address data, e.g., for the purpose of sending offers in printed form.
Data that you actively and consciously transmit in connection with the use of our services, for example information about the POS system used by you.
Other data that you voluntarily submit to us, for example, data fields filled by you and marked as 'voluntary'.
In addition, the use of our services indirectly collects data about you:
Technical connection data, e.g., the page of our web offer, your IP address, shortened by the last three digits, date and time of the call, terminal used.
Data collected as part of website tracking.
Minors: Our website is not intended for minors and we do not knowingly collect personal information from minors.
If we find that a minor under the age of 16 has sent us personal information without the parent's consent or consent to the consent of the minor, we will promptly delete the information.
4.Who has access to your data and to whom do we transmit your data
Access to your personal data stored by us is limited to our employees, and the service providers commissioned by us, who have to deal with these personal data within their remit.
If third parties have access to your data, we have either obtained the permission for this from you or there is a legal basis for it.
We also use service providers to provide some services and to process your data (including for hosting and video delivery). Where special provisions apply to these, we have listed them for each service below. The service providers process the data only in accordance with our instructions and have committed themselves to comply with the applicable data protection regulations. All processors have been carefully selected and will have access to your data only to the extent and for the period required for the provision of the services, or to the extent to which you have consented to the processing and use of the data.
Data exchange within the group of companies
A data exchange within the group of companies to which we belong takes place exclusively within the EU / EEA and serves only internal administrative purposes. By "group of companies" we mean affiliated companies within the meaning of Art. 4 no. 19 GDPR.
Transmission to third countries and legal basis
The servers of some of the service providers we use are located in the US and other countries outside the European Union. Companies in these countries are subject to a data protection law that generally does not protect personal data to the same extent as is the case in the member states of the European Union. If your information is processed in a country that does not have a recognized level of data protection such as the European Union, we will use contractual or other recognized means to ensure that your personal information is adequately protected. We will expressly inform you of this in the context of the individual services.
If a transfer of personal data takes place in third countries, this is done on the basis of the adequacy decision of the EU Commission on the EU-US Privacy Shield pursuant to Art. 45 GDPR or the EU Standard Contract 2010 pursuant to Art. 46 para. 2 lit. c GDPR in conjunction. with the decision of the European Commission dated 05.02.2010 (2010/87 / EU) or according to Art. 49 para. 1 lit. a GDPR.
Transmission to law enforcement agencies
In exceptional cases, we provide personal information to law enforcement agencies. This happens by virtue of the relevant statutory provisions, for example the Code of Criminal Procedure, the Tax Code, the Money Laundering Act or the State Police Act.
5. Retention periods
We store personal data within the scope of statutory provisions or your consent.
To determine the actual storage period, we use the following criteria:
Legal storage obligations e.g., according to Transfer Regulations (Abgabenordnung) and German Commercial Code (HGB).
Presence of consent e.g., your consent or withdrawal of consent.
Contractual retention requirements.
Existence of a contractual relationship e.g., last activity, if there is no continuing obligation.
Lapse of the purpose for data collection and data storage.
Technological and forensic requirements, for example to ward off attacks and to persecute these attacks.
6. Your Rights You have a number of statutory rights to which we would like to refer you below. In addition, for all questions regarding personal data collected and processed by us, contact our data protection officer at any time at email@example.com.
Right to information and data portability
You have the right to information about your personal data processed by us at any time.
If the data processing is based on your agreement or in accordance with Art. 6 (1) (b) GDPR, you may also request, pursuant to Art. 20 (1) GDPR, to receive your personal data stored in a structured, common and machine-readable format. At your request, we will also forward the data directly to a recipient of your choice.
Right to rectification, restriction and deletion
Furthermore, in accordance with Art. 16 to 18 GDPR, you may request that we correct, restrict (block) or delete your personal data if the data has been processed incorrectly by us, if there is a reason for restricting further data processing, or if data processing has become unlawful for various reasons or if its storage is unlawful for other legal reasons. We point out that your right to deletion may be restricted by statutory retention periods.
Right to object
If our data processing is based exclusively on our legitimate interest in accordance with Art. 6 (1) (f) GDPR, you can object to this processing in accordance with Art. 21 (1) GDPR. Then we will cease processing your data unless we can demonstrate legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending a legal claim.
Right of withdrawal
If you have allowed us to process your personal data by consent, you have a right of revocation with future effect in accordance with Art. 7 para. 3 GDPR.
Right to complain to the supervisory authority
You are free to lodge a complaint with a regulator if you believe that our processing of your personal data is in breach of the European Data Protection Regulation or other national and international data protection laws.
To exercise your rights, you can send us an informal message to the following contacts. Likewise, please direct the revocation of your consent by stating which declaration of consent you wish to revoke to the following contacts:
7. Use of our website - profiling, cookies and web tracking
Basic information on cookies and opt-out options
Please also keep in mind that deleting all cookies will result in opt-out cookies being deleted as well. You may have to reset this if necessary. Cookies are also browser-bound, i.e. they must always be set separately for each browser you use on each device you use. The necessary links can be found below in the description of the respective service.
The following cookies are used by us - if you permit this and have not set one or more opt-out cookies - for a specific purpose:
This Cookie is used by Google Analytics to manage request rates.
YouTube videos, embedded via iFrame in the extended privacy mode
We use YouTube, a service provided by Google, to show you video content. To protect your privacy, we have activated the extended privacy mode.
Data Recipient: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
DoubleClick by Google
8. Additional information and provisions for individual services
Data that you submit to us via our contact form will be processed for the purposes of communication and data exchange, so as to respond to your specific request. This data is stored as long as its processing is required for these purposes or until expiration of any subsequent retention periods.