Legal notice & data privacy

The C-Rent software for car rental companies, fleet management and vehicle scheduling is a product made by:

CX9 Systems GmbH
Grimpenwall 26
32423 Minden

Phone: 0571 97218000
Fax: 0571 97218010
Email: contact@cx9.de

Managing Director:
Dipl. Wirt.-Inf. Sebastian Scholz
Dipl. Wirt.-Inf. Marc Schwarzkopf
Norman Schwarzkopf

Bad Oeynhausen District Court
Commercial Register B 3843
Tax ID number:
335/5712/4668 115

 

The following terms and conditions apply:
General terms and conditions of CX9 GmbH

 

Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the use of the website by the user will generally be transmitted to and stored by Google on a server in the United States.

Google will use this information on our behalf for the purpose of evaluating the use of the website by the user, compiling reports on website activity for us and providing other services relating to website activity and Internet usage. In doing so, usage profiles may be created, whereby the user is given a pseudonym.

We activate IP anonymization when using Google Analytics. This means that the user’s IP address is abbreviated within the member states of the European Union, or any other state party to the Agreement on the European Economic Area, by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and be abbreviated there. Google will not associate the IP address transmitted by the browser with other data held by Google.

The user may refuse the use of cookies by selecting the appropriate settings in their browser; furthermore, the user can also stop any collection of the data generated by the cookie and relating to their use of the website by Google, and prevent any processing of this data by Google, by downloading and installing the browser plug-in available using the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

More information about the use of data by Google for advertising purposes, settings options and opt-out options can be found on the Google websites: https://policies.google.com/technologies/partner-sites?hl=en (“How Google uses information from sites or apps that use our services”), https://www.google.com/policies/technologies/ads (“How Google uses data in advertising”), https://adssettings.google.com (“Control the information Google uses to show you ads”) and https://www.google.com/ads/preferences/ (“Make the ads you see more useful to you”).

As an alternative to the browser add-on, or when using browsers on mobile devices, please click this link to open the cookie settings for this website.

Information on Google Analytics based on a template from attorney-at-law Dr. Thomas Schwenke.

 

Data privacy statement in accordance with the GDPR

I. Name and address of the data controller

The data controller responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, and any other provisions relating to data protection law, is:

CX9 Systems GmbH
Grimpenwall 26
32423 Minden
Germany
Phone: +49 571 9721 8000
Email: contact@cx9.de
Website: www.cx9.de

II: Name and address of the data protection officer and the data protection authority

The data protection officer for the data controller is:

heyData GmbH
Schützenstraße 5
10117 Berlin
Germany
Email: datenschutz@heydata.eu
Website: www.heydata.eu

The data protection authority responsible for us is:

State Commissioner for the Protection of Data and Freedom of Information North Rhine-Westphalia Helga Block, Postfach 20 04 44, 40102 Düsseldorf, www.ldi.nrw.de

III. General information on data processing

1. Extent of processing of personal data

By principle, we only process the personal data of our users to the extent necessary to provide a functional website, along with our content and services. The personal data of our users is only processed regularly when the user has granted his or her consent. An exception applies in those cases in which obtaining consent in advance is not possible for practical reasons, and the data processing is permitted by legal regulations.

2. Legal basis for the processing of personal data

As long as the data subject has given us consent to process personal data, then the legal basis is Article 6, paragraph 1 (a) EU General Data Protection Regulation (GDPR).

When processing personal data necessary for performance of a contract to which the data subject is party, then the legal basis is Article 6 paragraph 1 (b) GDPR. This also applies for any processing necessary prior to entering into a contract.

As long as processing personal data is necessary for compliance with a legal obligation to which our company is subject, then the legal basis is Article 6 paragraph 1 (c) GDPR.

In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, then the legal basis is Article 6 paragraph 1 (d) GDPR.

If processing is necessary for the purposes of the legitimate interests pursued by the our company or by a third party, and the aforementioned interest does not override the interests or fundamental rights and freedoms of the data subject, then the legal bass for processing is Article 6 paragraph 1 (f) GDPR.

3. Data deletion and duration of retention

The personal data of the data subject will be deleted or made unavailable as soon of the retention purpose ceases to apply. Data retention may occur when this is specified by European or national legislation in Directives, laws or other regulations under European Union law to which the data controller is subject. Data will also be made unavailable or deleted when a retention period specified by the aforementioned standards elapses, unless the conclusion of a contract or performance of a contract make further data retention necessary.

IV. Provision of the website and creation of logfiles

1. Description and extent of data processing

Every time you access our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data will be collected:

• Information about the browser type and the version used
• The user's operating system
• The user’s IP address
• Date and time of access
• The website from which the user accessed our website (referrer URL)

The data are also stored in the logfiles of our system. These data are not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the processing of data is Article 6 paragraph 1 (f) GDPR.

3. Purpose of data processing

It is necessary for the system to temporarily store the IP address in order to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

Data are stored in logfiles to ensure the functionality of the website. Furthermore, we use the data to optimize the website and for ensure the security of our information technology systems. The data are not analyzed for marketing purposes in this context.

Our legitimate interest in the processing of personal data pursuant to Article 6 paragraph 1 (f) GDPR is also based on these purposes.

4. Means of objection and termination

The collection of data to provide the website and the storage of data in logfiles is imperative for the operation of the website. Consequently, the user has no possibility to object.

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string which enables the browser to be clearly identified when the website is accessed again.

We use cookies to make the website more user-friendly. Some elements of our website require the browser used for access to be able to be identified even after a different site has been accessed.

The following data is stored and transmitted in the cookies:

• Information that the storage of cookies was accepted, if consent was given.

2. Legal basis for data processing

The legal basis for the processing of personal data is Article 6 paragraph 1 (f) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to make it easier for users to use websites. Some functions of our website cannot be offered without using cookies. For these functions, the browser has to be recognized again after accessing a different website.

We require cookies for the following applications:

• Noting the decision to store cookies

The user data collected by the cookies that are technically necessary are not used to create user profiles.

Our legitimate interest in the processing of personal data pursuant to Article 6 paragraph 1 (f) GDPR is also based on these purposes.

4. Duration of storage, means of objection and termination

Cookies are stored on the user’s computer and transmitted from there to our website. For this reason, you as a user maintain full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, you may not be able to use all functions of the website in full.

VI. Contact form and email contact

1. Description and scope of data processing

There is a contact form available on our website which can be used to establish contact electronically. If a user uses this opportunity, the data entered in the entry mask will be transmitted to us and stored. These data are:

• First name and surname
• Company
• Address including street, house number, zip code and place
• Contact data in the form of email and phone number
• Products we make that were selected using check boxes to express interest
• Any free text message entered (comments field)

No data are stored at the point in time at which the message is submitted..

Within the scope of submission, your consent will be obtained for the processing of data and reference will be made to this data privacy statement.

Alternatively, contact can be established using the email address provided.

In both cases, the user’s personal data transmitted with the email will be stored..

In this context, the data will not be provided to third parties. The data will only be used for processing the communication.

2. Legal basis for data processing

The legal basis for the processing of data if the user’s consent has been given is Article 6 paragraph 1 (f) GDPR.

The legal basis for the processing of data transmitted when sending an email is Article 6 paragraph 1 (f) GDPR. If the email contact is aimed at concluding a contract, then the additional legal basis for the processing is Article 6 paragraph 1 (b) GDPR.

3. Purpose of data processing

The sole purpose of processing personal data from the entry mask is to process the contact you established with us. If contact is established by email, the required legitimate interest in the processing of the data is also based thereupon.

The other personal data processed during the submission process serve the purpose of preventing abuse of the contact form and ensuring the security of our information technology systems.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose of its collection. This is the case for the personal data from the input mask for the contact form and those data submitted by email when the respective communication with the user has ended. If the communication ends when the circumstances indicated that the matter concerned has been resolved conclusively.

5. Means of objection and termination

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, communication cannot be continued.

A call or a short email will suffice for the objection.

All personal data that has been stored within the scope of establishing contact will be deleted in this case.

VII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of GDPR and you are entitled to the following rights vis-à-vis the data controller:

1. Right to information

You can request a confirmation from the data controller stating whether personal data that affect you are being processed by us.

If such processing has occurred, you can request information from the data controller about the following information:

• (1) The purposes for which the personal data are processed;
• (2) The categories of personal data that are processed;
• (3) The recipients, or categories of recipients to whom your data were or will be disclosed;
• (4) The planned duration of storage of the personal data that concern you; should specific information on this not be available, criteria for defining the duration of storage;
• (5) The existence of a right to correction or deletion of the personal data that concern you, the existence of a right to restriction of processing by the data controller or an objection to this processing;
• (6) The existence of a right of complaint to a supervisory authority;
• (7) All available information about the origin of your data, if the personal data were not collected from the data subject;
• (8) The existence of an automated decision-making process including profiling as defined by Article 22 paragraph 1 and 4 GDPR and – in these cases at the least – informative information on the logic involved and the scale and intended effects of any such processing for the data subject.

You also have the right to request information stating whether the personal data concerning you are being transmitted to a third country or to an international organization. In this context, you can request to be informed of appropriate safeguards in accordance with Article 46 GDPR in relation to the transmission.

2. Right to correction

You have the right to correction and/or completion vis-à-vis the data controller, as long as the personal data concerning you that were processed are incorrect or incomplete. The data controller must undertake the correction with immediate effect.

3. Right to restriction of processing

You can request the restriction of processing of the personal data concerning you under the following circumstances:

• (1) If you challenge the correctness of the data for a period that allows the data controller to verify the correctness of the personal data;
• (2) Processing is unlawful and you reject the deletion of the personal data and instead request the restriction of use of the personal data;
• (3) The data controller no longer requires the personal data for the purposes of processing, however you need it to assert, exercise or defend legal claims, or
• (4) If you have objected to the processing in accordance with Article 21 paragraph 1 GDPR and have still to determine whether the legitimate interests of the data controller override your reasons.

If the processing of the personal data concerning you was restricted, then these data – apart from their storage – may only be processed with your consent or to assert, exercise or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a member state.

If the restriction of processing was restricted in accordance with the aforementioned conditions, then you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

a) Deletion obligation

You may request the data controller to delete the personal data concerning you immediately, and the data controller is obliged to delete these data immediately if one of the following reasons applies:

• (1) The personal data concerning you are no longer required for the purposes for which they were collected or otherwise processed.
• (2) You revoke your consent on which the processing was based in accordance with Article 6 paragraph 1 (a) or Article 9 paragraph 2 (a) GDPR, and there is no other legal basis for the processing.
• (3) You file an objection against processing in accordance with Article 21 paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing in accordance with Article 21 paragraph 2 GDPR.
• (4) Your personal data has been processed unlawfully.
• (5) The deletion of your personal data is required to fulfill a legal obligation under European Union law or the law of the member states to which the data controller is subject.
• (6) Your personal data have been collected in relation to information society services offered in accordance with Article 8 paragraph 1 GDPR.

b) Information to third parties

If the data controller has made your personal data public and is obliged to delete it in accordance with Article 17 paragraph 1 GDPR, he/she shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those who process the personal data that you, as the data subject, have requested the deletion of all links to this personal data or of copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary

• (1) To exercise freedom of expression and information.
• (2) To fulfill a legal obligation required for processing under the law of the European Union or of member states to which the data controller is subject, or to carry out a task in the public interest or in the exercise of official authority conferred on the data controller.
• (3) For reasons of public interest in the area of public health in accordance with Article 9 paragraph 2 (h) and (i) and Article 9 paragraph 3 GDPR.
• (4) For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Article 89 paragraph 1 GDPR, insofar as the law referred to under section a) is likely to render impossible or seriously impair the attainment of the objectives of such processing.
• (5) To assert, exercise, or defend legal claims.

5. Right to be informed

If you have exercised your right to have the data controller correct, delete, or restrict data processing, he/she is obliged to inform all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the data controller about such recipients.

6. Right to data transferability

You have the right to receive such personal data as relates to you and that you provided to the data controller in a structured, commonplace, and machine-readable format. In addition, you have the right to pass this data on to another data controller without obstruction by the data controller to whom the personal data was made available, provided that

• (1) Processing is based on consent in accordance with Article 6 paragraph 1 (a) GDPR or Article 9 paragraph 2 (a) GDPR or on a contract in accordance with Article 6 paragraph 1 (b) GDPR.
• (2) Processing is carried out using automated methods.

In exercising this right, you also have the right to request that your personal data be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data transferability shall not apply to the processing of personal data required for the performance of a task in the public interest or in the exercise of an official authorization conferred on the data controller.

7. Right to objection

You have the right to file an objection at any time, for reasons arising from your particular situation, to the processing of your personal data in accordance with Art 6. paragraph 1 (e) or (f) GDPR; this also applies to profiling based on these provisions.

The data controller shall no longer process your personal data unless he/she can prove compelling and legitimate grounds for processing, which outweigh your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims.

If your personal data is processed for direct marketing purposes, you have the right to file an objection at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the option to exercise your right of objection in relation to the use of information society services – Directive 2002/58/EC notwithstanding – by means of automated processes using technical specifications.

8. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of processing carried out on the basis of the consent until revocation.

9. Automated decisions in individual cases, including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effects against you or significantly impairs you in a similar manner. This is not the case if the decision

• (1) is necessary for the conclusion or performance of a contract between you and the data controller.
• (2) is admissible under European Union legal regulations or those of the member states to which the data controller is subject and where such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests.
• (3) is made with your express consent.

However, these decisions may not be based on special categories of personal data in accordance with Article 9 paragraph 1 GDPR, unless Article 9 paragraph 2 (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state his/her own position, and to challenge the decision.

10. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the member state where you reside, your place of work, or the location of the suspected infringement, if you believe that the processing of your personal data is contrary to the GDPR.

The supervisory authority to which the appeal is submitted will inform the appellant about the status and the results of the appeal, including the option of effective judicial remedy in accordance with Article 78 GDPR.

Updates to this data privacy statement

This “data protection statement” will be updated should we introduce new products or services, change Internet procedures, or Internet and IT security technology are further developed. We therefore reserve the right to change this statement, or amend it, to the extent necessary. We will publish the changes here. We therefore recommend that you access this website regularly to remain informed about the current status of the data protection statement.

Liability

All information contained on this website was checked with great diligence. However, we assume no guarantee that the contents of our own websites are correct, complete and up-to-date at all times.

Data security

In general, the Internet is considered an insecure medium. In comparison to a telephone line, for example, the transmission of data in the Internet can be more easily intercepted, recorded or even modified.

Final remarks

We guarantee the confidentiality and security of your personal data in the following ways:

• We will only use your personal data, insofar as you shared them with us using this website or within the scope of email communication, to fulfill your request or respond to your concern.
• Our employees are obliged to maintain confidentiality.
• Our security measures correspond to the current state of technology to an appropriate extent.
• We perform security checks of our system at regular intervals to ensure we can protect the data we retain from any damage, loss and access to them.
• Our data protection officer ensures compliance with the “data privacy statement”.