Data protection | Privacy Policy

The protection of your personal data, we take seriously, because we want you to feel comfortable when you visit our website. Therefore we treat your personal data strictly confidential and do not pass them on to unauthorized third parties. As soon as you transmit us your personal data, these will always be processed in accordance with the terms of the General Data Protection Regulation (GDPR) and the specific national data protection legislation in force and they will be used only for the purpose intended as well as for the business interests of KOLBUS and in particular for the technical administration of the websites. Read on to learn how we collect data, what data we collect and why and how we use your data.

General information Name and address of controller as to the GDPR:

KOLBUS Italia Srl
Via Tre Re, 9
20861 Brugherio (MB)
Phone: ++39 0392874343
Fax:     ++39 0399660065

Contact for Data protection issues

If you have any questions about issues relating to data protection, please contact us under the following email:

Legal basis for personal data processing

Insofar as we obtained your consent for the processing of your personal data for one or more specific purposes, Art. 6 (1) a of the EU General Data Protection Regulation (GDPR, or DSGVO in German) is the legal basis.
The legal regulation which governs the processing of personal data necessary for the fulfilment of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract, is Art. 6 (1) b of the GDPR.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, Art. 6 (1) c is the legal basis.
In case that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 (1) d of the GDPR is the legal basis.
The legal regulation which governs the processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, is Art. 6 (1) f.

SSL/TLS Encryption

This website uses a SSL or TLS encryption to ensure confidentiality and security of processing of data as e.g. orders, log-in data or contact requests, you send us as controller of this website. You can see that you have an encrypted connection by „https://“ instead of „http://“ in the browser and a lock symbol in your browser line.
If a SSL or TLS encryption is activated, third parties will not be able to read data you transmit to us.

Collecting and processing data

Every time you access our website or download a file from it, some non-personal data is recorded. We store this data for internal system-related and statistical purposes. We record the following data: name of the file, date and time, data volume, whether the download was successful, the name of the web browser and domain requesting the download. We also record the IP address of the requesting computer. We collect other personal data only when it is supplied voluntarily by website users and/or customers, for example when they register, when they enter into a contract or adjust their browser settings.
The legal regulation which governs the processing of data is Art. 6 (1) f of the GDPR. The above mentioned purposes describe our legitimate interest in data processing.


Our website and applications use cookies. A cookie is a text file that is sent to your computer when you visit a website and stored on the hard disk of the website user and/or customer. If the user and/or customer revisits this website server, their browser sends the cookie back to the server. The server will use the data acquired by this procedure in various ways. For example, cookies can be used to blend in relevant advertising or to facilitate navigation on a website. Data processed by cookies are necessary for the purposes of the legitimate interests pursued by the controller or by a third party as to Art. 6 (1) f of the GDPR..
If a website user and/or customer prefers not to allow cookies, they can change the settings on the web browser installed on their computer. The web browser is the program used to open and display websites (for example, Internet Explorer, Mozilla Firefox, Opera or Safari). However, the blocking of cookies could bar you from using some products or services on our website.

Contacting/ Contact form

When contacting us (e.g. per contact form or via email) personal data will be processed.
Which data are being processed in detail can be seen from the specific contact form.
These data will exclusively be processed to answer your request or to contact you by the related technical administration.

The legal regulation which governs processing of data to answer your request is
Art. 6 (1) f of the GDPR.
If contacting you is prior to the completion of a contract, then the additional legal basis is Art. 6 (1) b of the GDPR.
Your data will be deleted after final completion of your request. This will be the case if it is apparent that the respective issue is conclusively clarified and that there is no legal obligation to retain such data.

Use of Social Media Plugins of Facebook, Youtube, Xing and Linkedin

Our website uses so-called Social Plugins („Plugins“) of the social networks Facebook, Google+ and Youtube as well as Xing and LinkedIn. These services are provided by Facebook Inc., Google Inc., Youtube LLC, XING SE and LinkedIn Inc. („Provider“).

Google+ is run by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). An overview of the Google Plugins and how they look you will find here:

Facebook is run by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA („Facebook“). An overview of the Facebook Plugins and how they look you will find here:

Youtube is run by Google Inc., 1600 Amphitheatre Parkway, Mountainview,
 CA 94043, USA („Youtube“). An overview of the Youtube Plugins and how they look you will find here:

XING is run by XING SE, Dammtorstrasse 30, 20354 Hamburg („XING“). An overview of the XING Plugins and how they look you will find here:

LinkedIn is run by LinkedIn Inc., LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland („LinkedIn“). An overview of the LinkedIn Plugins and how they look you will find here:

Twitter is run by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA („Twitter“). An overview of the Twitter Plugins and how they look you will find here:

Instagram is run by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA („Instagram“). An overview of the Instagram Plugins and how they look you will find here:

If you visit a page on our website, containing this type of plugin, your browser will automatically connect with Facebook's, Google+’s, Youtube’s, Twitter’s or Instagram’s servers. The content of the plugin will be passed by the provider directly to your browser and it will be integrated into the website. By integrating the plugins, the providers receive the information that your browser opened the corresponding page of our website even if you do not have a profile or are not logged in. This information (including your IP address) will be sent by your browser directly to the server of the corresponding provider in the USA and will be stored there. If you are logged-in to one of these services, the providers will be able to assign your visit of our website to your Facebook, Google+, Youtube, Twitter or Instagram network account. If you interact with the plugins, such as by pressing the "Like" button, the „+1“-, the „Youtube“-, the „Twitter“- or the „Instagram“-button, the corresponding information will also be sent directly to a server of the provider and will be stored there. The information will as well be published in the social network, on your Twitter or Instagram account and will be added to your contacts there.

To learn more about the purpose and extent of data collection, processing and the use of this data by the providers as well as all your rights and options for privacy, please refer to the data protection notes of the providers. Data protection notices by Facebook:
Data protection notices by Google:
Data protection notices by Youtube:
Data protection notices by Twitter:
Data protection notices by Instagram:
Data protection notices by XING:
Data protection notices by LinkedIn:

If you want to avoid that these services are able to assign your visit on our website to your network account, please log out of your account before visiting our website.

Links to other websites

KOLBUS websites contain links to third-party websites or affiliated companies. If you click on these links, you leave the KOLBUS website and the scope of validity of our data protection declaration. KOLBUS is not responsible to ensure compliance with the legal provisions for third-party websites. Responsibility for data protection rests exclusively with the providers of these websites.

Data security

We point out that at the current state of technology, personal data protection during internet data communication (for example at communication per email) could show security flaws. It could be technically possible, under certain circumstances, for third parties to access the network security without authorization and to control data communication. Please also take into account that all data which are sent by email are basically unencrypted.

Your rights as data subject Right to obtain confirmation

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data.

Right of access to information Art. 15 GDPR

You have the right to obtain from us free of charge information as to what personal data concerning you are being stored and to obtain a copy of these data.

Right to rectification Art. 16 GDPR

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed.

Right to erasure Art. 17 DS-GVO

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the given legal grounds applies and insofar as the processing is not necessary.

Right to restriction of processing Art. 18 GDPR

You have the right to obtain from the controller restriction of processing where one of the legal grounds applies.

Right to data portability Art. 20 GDPR

You have the right to receive personally identifiable information you have provided to the controller in a structured, standard and machine-readable format. You also have the right to transfer these data to another person without hindrance by the controller to whom the personal data were supplied, provided that the processing is based on consent in accordance with Art. 6 (1)a of the GDPR or Art. 9 (2) of the GDPR or on a contract in accordance with Art. 6 (1) b of the GDPR and the processing is performed using automated procedures. The right of data portability does not apply in the case of processing personal data necessary to carry out a task in the public interest or in the exercise of public authority which has been delegated to the controller. In exercising this right (Art. 20 (2)), you also have the right to ensure that the personal data relating to you are transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected through this action.

Right to object Art. 21 GDPR

You have the right at any time, for reasons relating to your own particular situation, to raise an objection against any processing of your personal data in accordance with Art. 6 (1) e (processing is carried out in public interest) or f (processing is necessary for the purposes of the legitimate interests pursued by the controller) of the GDPR; this also applies to profiling based on such provisions as to Art. 4 (4). The controller will no longer be entitled to process the personal data concerning you unless it can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or where the purpose of the processing is to enforce, exercise or defend legal claims. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art.89 (1), you, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest. Regardless of Directive 2002/58/EC, you have the option, within the context of the use of information society services, of exercising your right to object by means of automated procedures that use technical specifications.

Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time with effect for the future. Revocation of this consent does not affect the legality of any processing carried out subject to that consent until your revocation.

Right of complaint to a supervisory authority

You have the right to complain to a supervisory authority if you believe that the processing of the personal data concerning you is in violation of the GDPR.

How we use your personal data

When personal data is provided to KOLBUS, it only will be used to the purpose of answering requests. In general, we process personal data provided exclusively to maintain customer relationships. Your personal data will not be disclosed to any third party. The employees of KOLBUS are obligated to maintain confidentiality.

Routine storage, deletion and blocking of personal data

We process and store personal data concerning you only for the period necessary for the purpose of storage or insofar as this is required by the legislation in force our company is subject to. If the specific purpose of storage does no longer apply or a storage period required by law expires, personal data concerning you will be routinely and according to legal regulations deleted or blocked.

Storage duration

The respective period required by law is the criterion for the storage duration of personal data. After the expiry of applicable periods, corresponding data will routinely be deleted if they are no longer necessary for contractual fulfilment or business purposes such as contract preparations.

Data transmission to third countries

No personal data transfer to third countries is planned.

Validity and updating of the data protection declaration

This data protection declaration is valid and is current as of May 2018.