The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions for the website www.sharemac.com together with its sub-pages (in particular the platform website at https://platform.sharemac.de/en) (hereinafter the “Website(s)”) is:
Sharemac GmbH, represented by the managing directors Manuel Kimanov, Rezi Chikviladze
Am Wall 146, 28195, Bremen
Phone: +49 421 836 797 00
We process personal data of our users only to the extent permitted by data protection law. This is the case in particular in accordance with the following legal bases:
We store your data for as long as this is necessary for the provision of our online offer and the associated services or for the provision of our services or we have a legitimate interest in the continued storage. In all other cases, we delete your personal data with the exception of data that we must retain in order to comply with contractual or statutory (e.g. tax or commercial) retention periods (e.g. invoices). Contractual retention periods may also result from contracts with third parties (e.g. holders of copyrights and ancillary copyrights). We block data that is subject to a retention period until the period expires.
We will only pass on your personal data to third parties if this is necessary for the fulfillment of the contract, if we or the third party have a legitimate interest in passing on the data or if we have your consent to do so. If data is transferred to third parties on the basis of a legitimate interest, this will be explained in these data protection provisions. In addition, data may be transferred to third parties if we are required to do so by law or by enforceable governmental or court order.
We reserve the right to use service providers for the collection or processing of data. Service providers only receive the personal data from us that they require for their specific activities. For example, your e-mail address may be passed on to a service provider so that they can deliver a newsletter that you have ordered. Service providers may also be commissioned to provide server capacity. Service providers are usually integrated as so-called order processors, who may only process personal data of the users of this online offer according to our instructions.
Insofar as service providers are not already named in these data protection provisions, these are the following categories of service providers:
We also disclose personal data to third parties or processors located in non-EEA countries. If this is the case and the European Commission has not issued an adequacy decision (Article 45 GDPR) for these countries, we ensure before the transfer that either an adequate level of data protection exists at the recipient (e.g., the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or that sufficient consent has been obtained from our users. You can obtain from us an overview of the recipients in third countries and a copy of the specifically agreed arrangements to ensure the appropriate level of data protection. Please use the information in the Contact section for this purpose.
During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
(1) Information about the browser type and version used.
(2) The user’s operating system
(3) The user’s Internet service provider
(4) Date and time of access
(5) Websites from which the user’s system accesses our website
(6) IP address of the user
(7) Websites that are accessed by the user’s system via our website
The data may also be stored in the log files of our system. This data will not be stored together with any other personal data of the user than those mentioned in this section V. 1. The legal basis for the temporary storage of the data and the log files is Article 6 (1) point (f) GDPR. The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer. For this purpose, your IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Article 6 (1) point (f) GDPR.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
In addition, cookies are set with the help of Zendesk. These cookies are technically necessary to ensure the technical functionality of the website and to protect the website from bot-controlled attacks.
The following data may be collected and processed as part of the contact forms that are integrated using Zendesk:
– E-mail address
– Company name
– Phone number
Insofar as the data collected as part of the contact forms is used to provide contractual services to data subjects, the legal basis for processing is Article 6 (1) point (b) GDPR. Furthermore, Article 6 (1) point (a) GDPR serves as the legal basis if you have consented to the data processing.
The data processing that takes place via the cookies is based on Article 6 (1) point (f) GDPR – a legitimate interest. Our legitimate interest is that we need to ensure the functionality and security of our website. The personal data is kept as long as it is necessary to fulfill the purpose of the processing. The data will be deleted as soon as they are no longer necessary to achieve the purpose.
As part of the processing via Zendesk, data may be transferred to the USA. The security of the transfer is regularly ensured via standard contractual clauses and Binding Corporate Rules. If these standard contractual clauses and Binding Corporate Rules are not sufficient to ensure an adequate level of security, Article 49 (1) point (a) of the GDPR may serve as a legal basis.
To obtain and manage your consent, we use the consent management tool of the company Cookie Hub. You can also revoke your consent – insofar as you have given it to us – at any time for the future by clicking on the “Cookie Settings” cogwheel at the bottom left.
The following cookies are used by us:
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called cookies and similar technologies that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
This website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures an anonymization of the IP address by shortening and excludes a direct personal reference. Through the extension, your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Article 6 (1) point (f) GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
As an alternative to the browser plugin or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again):
This website uses the web analytics service Hotjar to analyze usage. Hotjar Ltd (St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) complies with the Data Protection Act, Chapter 440 of the Laws of Malta, which implements all relevant European Union directives on data protection. Hotjar is a service that analyzes user behavior and feedback on websites through a combination of analytics and feedback tools. Through Hotjar, Sharemac GmbH obtains an “overall picture” of how to improve the end user experience and website performance. For this purpose, the following information is collected: The IP address of the end device (it is collected and stored in anonymized format), screen/display resolution, type of end device, operating system, browser type, geographic location (country only), preferred language, and mouse events (movements, position, and clicks). The collected data is transferred and stored via an encrypted connection to servers located in Ireland (EU). The sole purpose of this data collection is to improve the user experience on Hotjar-based websites. Personal data is neither collected nor stored. More information about Hotjar’s privacy compliance is available here: www.hotjar.com/privacy. You can opt-out of the collection of your data by Hotjar when visiting the Sharemac Websites at any time on Hotjar’s opt-out page and by clicking on “Disable Hotjar” at https://www.hotjar.com/legal/compliance/opt-out. The legal basis is Article 6 (1) point (f) GDPR.
Our website also uses the Google Tag Manager, which is offered for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”). The Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in the source code of our website, for example, to record specified usage data. The Google Tag Manager takes care of triggering other tags, which in turn may collect data. In some cases, the data is stored on a Google server in the USA. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
The legal basis for the use of Google Tag Manager is Article 6 (1) point (f) GDPR, justified by our interest in efficient management of the tools we use.
You can find more detailed information in addition in Google’s information on the Tag Manager.
We use the offer of Google Adwords to draw attention to our services with the help of advertising media (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of displaying advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.
These advertisements are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider learns your IP address and stores it.
You can prevent participation in this tracking process in various ways:
a) By adjusting your browser software accordingly; in particular, the suppression of third-party cookies will result in you not receiving ads from third-party providers;
b) By disabling conversion tracking cookies by setting your browser to block cookies from the domain https://adssettings.google.com/authenticated, https://www.google.com/settings/ads, which setting will be deleted when you delete your cookies;
c) By disabling the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads”, through the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies;
d) By permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer in full.
We use social plugins (hereinafter “social plugins” or also “plugins“) from the following providers for our website presence:
Plugins from Facebook; Facebook is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook“). The plugins are marked with a Facebook logo or the addition “Social Plug-in from Facebook” or “Facebook Social Plugin”. An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins
Information on data protection at Facebook can be found here: http://www.facebook.com/policy.php
Plugins from Instagram; Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram“). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. You can find an overview of the Instagram plugins and their appearance here:
Information on data protection at Instagram can be found here: https://help.instagram.com/155833707900388/
Plugins from Twitter; Twitter is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter“). An overview of the plugins from Twitter and their appearance can be found here: https://developer.twitter.com/en
Information on data protection at Twitter can be found here: https://twitter.com/privacy
Plugins from LinkedIn; LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA (“LinkedIn“). An overview of the plugins from LinkedIn and their appearance can be found here: https://developer.linkedin.com/plugins
Information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy
Plugins from Xing; Xing is operated by XING AG, Dammtorstraße 30, 20354 Hamburg, Germany (Xing). You can find an overview of the XING buttons and their appearance here: https://dev.xing.com/
Information on data protection at Xing can be found here: https://dev.xing.com/plugins/share_button/privacy_policy
With the aforementioned social plugins, we want to give you the opportunity to communicate directly with the provider of the respective plugin, for example, by linking this website there.
When using the plugins, your internet browser establishes a direct connection to the servers of the respective social network. This provides the respective provider with the information that your internet browser has accessed the corresponding page of our online offer, even if you do not have a user account with the provider or are not currently logged in to it. Log files (including the IP address) are transmitted directly from your Internet browser to a server of the respective provider and may be stored there. If you are logged in to the plugin provider, your data collected from us will be directly assigned to your account with the plugin provider – if you do not want this, log out of the respective provider.
The provider or its server may be located outside the EU or EEA (e.g. in the USA). Insofar as the providers of the social plugins transmit data to servers in the USA, we will only permit such transmission if you have consented to such data transmission to the USA when visiting this website in accordance with Article 49 (1) point (a) GDPR.
If you do not want the plugin providers to receive and possibly store or further use the data collected via this Internet portal, you should not use the respective plugins. In principle, you can also completely prevent the loading of the plugins using add-ons for your browser, so-called script blockers.
For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the data protection declarations of the respective providers communicated above. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.
The integration of the social plug-ins on our website is done in the interest of an appealing and up-to-date online presentation of our company. This represents a legitimate interest within the meaning of Article 6 (1) point (f) GDPR.
We have used videos from the video platform of YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA (“YouTube“) into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in “extended data protection mode”, which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned below be transmitted.
Already by visiting our website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, log files (including the IP address) are transmitted from your Internet browser directly to a YouTube server and may be stored there. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website.
Insofar as YouTube transmits data to servers in the USA, we will only permit such transmission if you have consented to such data transmission to the USA in accordance with Article 49 (1) point (a) GDPR when visiting this website.
The integration of YouTube is done in the interest of presenting essential product information to the customer and an appealing presentation of our online offer. This represents a legitimate interest within the meaning of Article 6 (1) point (f) GDPR.
On this website we use the offer of Google Maps. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. (“Google“). This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.
Already by visiting our website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, log files (including the IP address) are transmitted from your Internet browser directly to a Google server and may be stored there. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Insofar as Google transmits data to servers in the USA, we will only permit such transmission if you have consented to such data transmission to the USA in accordance with Article 49 (1) point (a) GDPR when visiting this website.
The integration of Google Maps is in the interest of an appealing and up-to-date online presentation of our company. This represents a legitimate interest within the meaning of Article 6 (1) point (f) GDPR.
In order to use the services of our sharing platform, it is necessary for you to create and register a user account. For this purpose, you must provide your personal data, which we need to process our service with you. The corresponding mandatory information is marked separately, further information is voluntary (if at all possible). We process the data you provide to process your registration. The legal basis for this is Article 6 (1) point (b) GDPR. In the context of contract processing, the data of tenants or landlords of machines will be passed on by us to the tenant or landlord.
We offer you the option to register and log in to our sharing platform with Google Sign-In. This is done exclusively with your consent pursuant to Article 6 (1) point (a) GDPR by clicking the corresponding button. Google Sign-In is a service of Google Ireland Limited (“Google Ireland“), Gordon House, Barrow Street, Dublin 4, Ireland. An additional registration or login is therefore not necessary. To log in or register, you will be redirected to the Google page, where you can log in with your usage data. This links your Google profile or your Google e-mail address and our service. Through the link, we automatically receive the following data from Google Ireland:
First and last name
Your Google user ID (if different from your email address)
Of this data, we use only that which is used to complete the user profile. This information is mandatory for our services to be able to identify you.
We offer you the option to register and log in to our sharing platform with Facebook Login. This is done exclusively with your consent pursuant to Article 6 (1) point (a) GDPR by clicking the corresponding button. Facebook Login is a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. An additional registration or login is therefore not necessary. To log in or register, you will be redirected to the Facebook page, where you can log in with your user data. This links your Facebook profile and our service. Through the link, we automatically receive the following data from Facebook Inc:
First and last name
Your Facebook user ID
We process your payment data in order to process your payment. We offer you various payment methods, these are in particular payment by invoice, Mangopay and credit card. Depending on the payment method you have chosen, we will pass on your payment data to the payment service provider entrusted with your payment and, if applicable, also to the payment service provider entrusted by us. The legal basis for the aforementioned data processing is Article 6 (1) point (b) GDPR.
The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
In particular, you have the right to obtain information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period and/or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing that concern you, as well as your right to be informed about what guarantees exist in accordance with Article 46 GDPR when your data is transferred to third countries;
You have the right to have any inaccurate data relating to you corrected without delay and/or to have any incomplete data stored by us completed;
You have the right to request the deletion of your personal data if the conditions of Article 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data disputed by you is being verified, if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data for the assertion, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved, or if you have objected on the grounds of your particular situation as long as it has not yet been determined whether our legitimate grounds prevail;
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
You have the right to revoke consent to the processing of data, once given, at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
If you believe that the processing of personal data concerning you violates the GDPR, you have – without prejudice to any other administrative or judicial remedy – the right to lodge a complaint with the supervisory authority responsible for us. Alternatively, you can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.
Due to our location in Bremen, the supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information, Arndtstraße 1, 27570 Bremerhaven.
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
If you have any further questions about data protection, please contact us at the contact address given in section I above.