This Privacy Statement informs you about our handling of your data. In order to make the processing of your data comprehensible to you, we would like to give you an overview of these processing operations with the following information. To ensure fair processing, this Privacy Statement contains general information about our handling of your data as well as information about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
We also inform you in detail about
Responsible for the data processing is shipcloud GmbH, Heinz-Fangman-Strasse 2-4, House 4, 42287 Wuppertal (hereinafter referred to as "we" or "us").
In case of differences between the German and English version or in other cases of doubt, the German version shall be valid.
If you have any questions or suggestions about this information or would like to contact us for enforcing your rights, please submit your request to
Heinz-Fangman-Straße 2-4, House 4, 42287 Wuppertal
Phone +49 (0)40 605906630
The data protection term "personal data" refers to all information that relates to a particular or identifiable person.
We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us takes place only on the basis of a legal permission. We process personal data only with your consent (Article 6 (1) (a) GDPR), to fulfill a contract of which you are a party, or to your request to carry out pre-contractual measures (Article 6 (1) (b) GDPR), for the fulfillment of a legal obligation (Art. 6 (1) c) GDPR) or if the processing is necessary for the protection of our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, the protection of personal data predominate (Article 6 (1) (f) GDPR).
Unless otherwise stated in the following instructions, we only store the data as long as it is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such statutory retention requirements may arise in particular from commercial or tax regulations.
We use commissioned service providers for individual processing. These include e.g. hosting, maintenance and support of IT systems, marketing measures, or file and disk destruction. These service providers process the data only after explicit instructions and are contractually obliged to guarantee appropriate technical and organizational data protection measures. In addition, we may transfer personal data of our customers to bodies such as postal and delivery services, payment and information services, banks, tax consultants / auditors, or the financial administration.
Visiting our website may involve the transfer of certain personal data to third countries, i.e., countries in which the GDPR is not applicable law. Such a transfer is lawful, if the European Commission has determined that the third country ensures an adequate level of data protection. In absence of such an adequacy decision by the European Commission, the personal transfer may only be transferred to a third country if appropriate safeguards in accordance with Art. 46 GDPR are provided or one of the conditions pursuant to Art. 49 GDPR is met.
Unless otherwise stated in the following we use the standard contractual clauses for the transfer of personal data to processors established in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32010D0087.
If you consent to the transfer of your personal data to third countries, the transfer is legally based on Art. 49 para. 1 letter a) GDPR.
If you exercise your rights in accordance with Art. 12 to 22 GDPR, we process the transmitted personal data for the purpose of the implementation of these rights by us and to provide evidence thereof.
We will process data stored for the purpose of providing information and its preparation only for this purpose as well as for purposes of data protection control and otherwise restrict the processing in accordance with Art. 18 GDPR.
These processing operations are based on the legal basis of Article 6 (1) (c) GDPR in conjunction with Art. 15 to 22 GDPR and Par. 34 Abs. 2 BDSG.
As the data subject, you have the right to claim your rights to us. In particular, you have the following rights:
For requests for information, correction, deletion, restriction, recieving, or in any other case related to data protection please contact email@example.com.
In accordance with Article 21 (1) GDPR, you have the right to object to processing based on the legal basis of Article 6 (1) (e) or (f) GDPR for reasons arising from your particular situation. Insofar as personal data about you are processed for the purpose of direct advertising, you may lodge an objection against this processing in accordance with Art. 21 (2) and (3) GDPR.
You can contact our data protection officer via firstname.lastname@example.org.
When you use the website, we collect information that you provide yourself. In addition, during your visit to the wbsite, we automatically collect certain information about your use of the website. In terms of data protection law, the IP address also applies as personal data. An IP address is assigned to each Internet-connected device by the ISP so that it can send and receive data.
In the purely informative use of our website, the first step is to automatically store general information (that is, not via registration) that your browser sends to our server. These include by default: browser type / version, OS used, page visited, the previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code.
The processing is for the protection of our legitimate interests and is based on the legal basis of Art. 6 (1) (f) GDPR. This processing is for the technical management and security of the website. The stored data will be deleted after four weeks, unless there is a justified suspicion of illegal use on the basis of concrete indications and further examination and processing of the information is necessary for this reason.
We are unable to identify you as a data subject based on the information stored. The Art. 15 to 22 GDPR are therefore not applicable in accordance with. Art. 11 (2) GDPR, unless you provide additional information to enable you to exercise your rights under these articles.
We use a chat form provided by Zendesk Inc. (1019 Market Street San Francisco, California 94103, USA "Zendesk"). All data fields marked as mandatory are required to process your request. Non-provisioning means that we can not process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail. We process the data for the purpose of answering your request. If your request is directed to the conclusion or the execution of a contract with us, then Art. 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who request information. The legal basis for data processing is then Article 6 (1) (f) GDPR. You can always send us a message via our contact e-mail address. The use of the chat tool is thus of purely voluntary nature.
We offer you the possibility to subscribe our newsletter on our website. After subscribtion, we will inform you regularly about the latest news and offers. To subscribe for the newsletter, a valid e-mail address is required. To verify the e-mail address, you will first receive a login e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name on the basis of your consent. The processing is based on the legal basis of Art. 6 (1) (a) GDPR.
The given consent can be withdrawn at any time with effect for the future, for example via the "unsubscribe" link in the newsletter or by contacting us via the channels mentioned above. The legality of the already completed data processing operations remains unaffected by the revocation.
When subscribing for the newsletter, we also store the IP address as well as the date and time of registration. The processing of this data is necessary to be able to prove a given consent. The legal basis results from our legal obligation to document your consent (Art. 6 (1) c) in conjunction with Art. 7 (1) GDPR).
We also analyze the reading behavior and opening rates of our newsletter. We collect and process pseudonymised usage data that we do not combine with your e-mail address or IP address.
The legal basis for the analysis of our newsletter is Art. 6 (1) (f) GDPR and the processing serves our legitimate interest in the optimization of our newsletter. You can contradict to this at any time by contacting one of the above mentioned contact channels.
Our website uses New Relic, an analysis service of New Relic Inc. (188 Spear Street, Suite 1200 San Francisco, CA 94105, USA, "New Relic"). New Relic is a web analytics tool that collects the user data of a website in order to analyze and monitor the website for performance, for example, to improve the loading times of individual parts of the website. For more information about privacy and cookies, visit http://newrelic.com/privacy. The legal basis for the use of this service is Article 6 (1) (a) GDPR and serves the legitimate interest of optimizing our website.
We use the Google Analytics service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") to evaluate our website visits.
In part this data consists of information stored on your device. Apart from this the cookies will store further information on your device. Such a storage of information by Google Analytics or access to information already stored on your device is only carried out with your consent.
Google Ireland will use this information on our behalf to analyze the interaction with our website by users, to compile reports on the activities on our website and to provide us with further services related to the use of our website and the internet. The processed data can be used to create pseudonymous user profiles.
Setting of cookies and the further processing described above is subject to your consent. Legal basis for processing relating to Google Analytics is, thus, Article 6 (1) (a) GDPR. You may withdraw your consent with effect for the future at any time.
The data processed on our behalf in order to provide Google Analytics can be transferred to any country in which Google Ireland or Google Ireland’s sub processors have subsidiaries. This transfer is legally based on standard contractual clauses in the sense of Article 46 (2) (c) GDPR.
We only use Google Analytics while IP anonymization is activated. This means that the user’s IP address will be shortened within the EU or the European Economic Area. The IP address transferred by the browser of the user is not merged with other data.
We use the Google Ads online advertising program provided by Google Ads Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to display advertisements on the Google search engine. If you access our website via a Google ad, Google will place a cookie on your device ("conversion cookie"). Each Google Ads customer has a different conversion cookie associated with it so that cookies are not tracked through the websites of different Ads customers. The information obtained with the help of the cookie is used to generate conversion statistics. That's how we receive information on the total number of users who clicked on one of our Google ads. However, we do not receive information that personally identifies users. Insofar as personal data is processed, this is based on the legal basis of Art. 6 (1) (a) GDPR.
We use the Facebook Pixel, a Facebook business tool by Facebook Ireland Limited (Ireland, EU) on our website. Information on contact details of Facebook Ireland and the data protection officer of Facebook Ireland are available in the data guideline by Facebook Ireland.
Tracked conversions are shown in the dashboard of our Facebook advertisement manager and of Facebook analytics. We can use the tracked conversions to measure the effectivity of our ads, to determine Custom Audiences for the targeting of ads, for dynamic ad campaigns and to analyze the effectivity of conversion funnels on our website. The functions of Facebook Pixels used by us are described in detail in the following.
The event data collected by the Facebook Pixel are used for targeting our ads and for optimization of the delivery of our ads, for the personalization of functions and content as well as for the optimization of Facebook Products.
For this, event data is collected on our website by the Facebook Pixel and transferred to Facebook Ireland. This is subject to your consent. Thus, the legal basis for the collection and transfer of the personal data to Facebook Ireland is Article 6 (1) (a) GDPR.
Facebook and we are joint controllers of the collection and transfer of the event data. We have concluded an agreement with Facebook regarding joint controllership in which the respective responsibilities for the data protection obligations are determined between Facebook and us. Inter alia we have agreed with Facebook
The agreement concluded between Facebook and us is available here.
Facebook Ireland is the controller of processing of event data after the transfer. Further information on how Facebook Ireland processes your data including the legal basis Facebook Ireland relies on and the opportunity to assert your rights against Facebook Ireland is available in the data guideline by Facebook Ireland.
In addition, we have commissioned Facebook Ireland to create reports on the effectivity of our marketing campaigns and other online content (campaign reports) and to provide analysis and insight about the users of our website, products and services (analysis) based on the event data collected by the Facebook Pixel. For this, we transfer the personal data contained in the event data to Facebook Ireland. The personal data transferred to Facebook Ireland is processed by Facebook Ireland on our behalf in order to provide us with campaign reports and analysis.
The processing of personal data for the purpose of providing analysis and campaign reports is subject to your consent. Thus, the legal basis for this is Article 6 (1) (a) GDPR.
A transfer of data to Facebook Inc. in the USA cannot be ruled out. This transfer is legally based on the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section ‘Data transfer to third countries’ in this regard.
We use services of LinkedIn Marketing Solutions by LinkedIn Ireland Unlimited Company (Ireland/EU). For this purpose, the LinkedIn Insight tag is implemented on our website which is triggered by LinkedIn upon opening our website and sets a cookie on your device. Thereby, we are able to use the following functions described in detail below.
LinkedIn Conversion Tracking is an analysis tool which is supported by the LinkedIn Insight tag. The LinkedIn Insight tag enables the collection of information about visits to our website, including URL, referrer URL, IP address, device and browser characteristics (User Agent) as well as timestamps. The IP addresses are shortened or (if they are used to reach members across different devices) hashed. LinkedIn does not provide us with personal data but gives us reports (in which you are not identified) about the target audience of the website and the ad performance. In this way, we can learn about the effectivity of the LinkedIn ads for statistical and marketing purposes.
The direct member IDs are removed by LinkedIn within seven days in order to pseudonymize the data. LinkedIn deletes the remaining pseudonymized data within 180 days.
This processing activity serves the purpose of gathering information about the target audience of our website and receive reports about the effectivity of our LinkedIn campaigns.
In addition, we use the service ‘Matched Audiences’ to align our marketing campaigns with certain target audiences.
LinkedIn Matched Audiences and the related data integration enables us to align our marketing to certain target audiences based on the data we provide to LinkedIn (e.g. company lists, hashed contact details, device identifiers or event data such as websites visited).
This processing activity serves the purpose of marketing for our products through targeted advertisement.
Further information on the processing activities relating to LinkedIn Marketing Solutions, the technologies used, the data stored, and the period of storage can be found in the settings of our consent management tool. We only use LinkedIn Marketing Solutions with your consent pursuant to section 15 para. 3 TMG or Article 6 . (1) (a) GDPR.
Members of LinkedIn can also control the use of their personal data for marketing purposes in the settings of their account. In order to deactivate the Insight tag on our website click (‘opt-out’) here.
A transfer of data to the USA cannot be ruled out when using LinkedIn services. Please note the information in the section ‘Data transfer to third countries’ in this regard. Details of how LinkedIn handles your data as well as about your rights and options for the protection for your personal data are available in LinkedIn’s privacy notice.
We use third-party services and content (hereinafter collectively referred to as "content") on our website. For such an integration, a processing of your IP address is technically necessary, so that the contents can be sent to your browser. Your IP address will therefore be transmitted to the respective third party providers.
In each case, these data processing is used to safeguard our legitimate interests in the optimization and economic operation of our website and are based on the legal basis of Art. 6 (1) (f) GDPR.
You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Such an extension is, for example, the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.
We have included content from the following third-party services on our website:
We use buttons on our website for social networks and comparable offers from third parties (hereinafter referred to as "plugin"). These plugins allow you to distribute the contents of our website in the respective social network. To integrate the plugin into our website, its program code is transmitted directly from the servers of the respective provider when our website is accessed. For this purpose, a transmission of the IP address used is technically necessary. This transfer takes place regardless of whether you click on the plugin or not. If you are logged in to the social network when you visit our website or if you interact with the plugin, you may receive further information. For more information, please contact the provider of the plugin. In each case, the data processing takes place in order to safeguard our legitimate interests in increasing the awareness and scope of our website and is based on the legal basis of Art. 6 (1) (f) GDPR.
We have included plugins from the following third parties in our website:
If you, as a customer or developer, use our platform, we will process your data provided to us as part of the provision of services, as described below.
In order to be able to use our offer as a customer or developer and to be able to use certain functions of the website, a registration via the website is required. The required information can be seen from the registration form. Providing the information marked as mandatory is mandatory in order to qualify for our offer. The provided data will be processed for the purpose of service provision and contract execution. The processing is based on the legal basis of Article 6 (1) (b) GDPR.
If you choose a paid plan, we offer you the option of paying by credit card. Please note that the respective payment information is collected and processed by the respective payment service providers on their own responsibility. The payment service providers merely transmit us your name and the expiry date of the credit card, which is stored for us to fulfill the contract. The legal basis is Article 6 (1) (b) GDPR.
You also have the possibility to pay via Paypal. Please note that the relevant payment information is provided and processed by PayPal (Europe) S.à r.l. et Cie, S.C.A. domiciled in Luxembourg on its own responsibility. Paypal transfers the name of your PayPal account and of the account holder, which we process exclusively for the execution of the contract. The legal basis is Article 6 (1) (b) GDPR. With PayPal payment we only save the name of the PayPal account. Find more information about privacy at Paypal, please visit: here.
Furthermore, there is the possibility to pay by electronic direct debit in case of an explicit individual agreement with us. After we unlocked the payment by electronic direct debit following an explicit individual agreement with us, the account holder, the IBAN, and the BIC are required as well as issuing a SEPA mandate to us. When paying by electronic direct debit, we store the name of the account holder, the IBAN, the BIC, and the SEPA mandate.
We use Intercom Inc.'s chat tool on our platform (55 2nd Street, 4th Floor, San Francisco, California 94105, United States "Intercom"). If you send us inquiries via chat, your details from the chat history, including the contact details you provided there, will be stored for the purpose of processing the request and in case of follow-up questions. Our chat feature stores the IP addresses with the location of the users who write messages. The legal basis for the use of this service is Art. 6 (1) (f) GDPR. You can always send us a message via our contact e-mail address. The use of the chat tool is thus of purely voluntary nature.
Important changes and innovations regarding our platform will be sent to our customers by e-mail. This information is for the sole purpose of ensuring the contractually agreed performance. The legal basis for sending these e-mails is Art. 6 (1) (b) GDPR, since the information is required for performing the contract. We also analyze the reading behavior and opening rates of these e-mails. The legal basis for the analysis of these e-mails is Art. 6 (1) (f) GDPR and the processing serves our legitimate interest in knowing whether our customers have received the information. You can object to the analysis at any time by contacting one of the above mentioned contact channels.
To manage subscribers, send, and analyze these emails, we use the Mandrill service of The Rocket Science Group LLC, d/b/a MailChimp (US).
In the context of the provision of services, it is also necessary for us as a data processor in terms of Art. 4 (8) GDPR to deal with personal data for which you are responsible in terms of Art. 4 No. 7 GDPR. A Data Processing Agreement pursuant to Art. 28 GDPR specifies the data protection rights and obligations of both of us in connection with our handling of your clients’ data for the provision of services. We make our Data Processing Agreement available to customers/data processors when registering on our platform. For informational purposes, a non-signable version can be accessed on our website.
We use electronic media for order processing, including proof of delivery. Therefore, we also store digitized signatures. The reproduction of the electronic signature applies as proof of delivery when combined with date and time. We do not assume any guarantee for the permanent availability/usability of electronic data provided to us.
We use Google's reCaptcha service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our platform when using certain features to determine whether a person or computer makes a particular entry. Thereby, only if you use the feature of the return portal or register as a developer for our slack channel will reCaptcha be used. Google uses the following data to determine whether you are a human being or a computer: IP address of the terminal used, the website you visit on our site where the captcha is embedded (return portal), the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha surfaces and tasks in which you have to identify images.
As far as personal data is processed, this is based on the legal basis of Art. 6 (1) (f) GDPR and the data processing serves our legitimate economic interests to ensure the security of our website and to protect us from automated entries (attacks).
When using Google reCaptcha, we cannot exclude the transmission of the processed data to the US-based Google LLC.
When you visit our Facebook page, where we represent our company or individual products from our offer, certain information about you will be processed. The one responsible for the processing of personal data is Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland, "Facebook"). Further information about the processing of personal data by Facebook can be found here.
Facebook provides us with anonymous statistics and insights for our Facebook page which help us gain insights into the types of actions people take on our page (so-called "page insights"). These page insights are created based on specific information about people who visited our page. This processing of personal data is done by Facebook and us as jointly responsible persons. Processing serves our legitimate interest in evaluating the types of actions taken on our page and improving our page based on these findings. The legal basis for this processing is Art. 6 (1) (f) GDPR. We will never associate the information obtained from the page insights with a specific Facebook profile by referring to "Like" information for our page.
We have an agreement with Facebook for the processing of the data as jointly responsible, which determines the distribution of data protection obligations between us and Facebook. Details of how personal data is processed to create page insights and the Agreement entered into between us and Facebook are available here.
We also process information that you provide us through our Facebook page. Such information may be the Facebook name, contact information, or a message to us. We process this personal data only if we have previously asked you explicitly to inform us about this data, for example in the context of a survey or a raffle. This data processing is carried out by us as the sole person in charge.
If your request is directed to the conclusion or the execution of a contract with us, then Art. 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who request information. The legal basis for data processing is then Art. 6 (1) (f) GDPR.
For the establishment or implementation of the contractual relationship with our customers, the processing of the personal master, contract, and payment data provided to us is required on a regular basis. The legal basis for this processing is Art. 6 (1) (b) GDPR. In addition, we process customer and prospect data for evaluation and marketing purposes. These processing operations are based on the legal basis of Art. 6 (1) (f) GDPR and serve our interest in further developing our offer and informing you specifically about offers of the shipcloud GmbH. Further data processing can take place if you have consented (Art. 6 (1) (a) GDPR) or if this serves to fulfill a legal obligation (Art. 6 (1) (c) GDPR).
When you apply to our company, we process your application data solely for purposes related to your interest in working with us today or in the future and processing your application. Your application will only be processed and taken note of by the relevant contact persons. All data controllers are required to protect the confidentiality of your information. If we are unable to provide you employment, we will retain the information you provide for up to six months after any rejection for the purpose of answering questions related to your application and disapproval. This does not apply insofar as statutory provisions preclude deletion, further storage is necessary for the purpose of providing evidence or you have expressly consented to a longer storage period. The legal basis for the data processing is Par. 26 (1) (p 1) BDSG. If we retain your applicant data for a period of six months and have expressly consented to it, we would point out that this consent is freely revocable at any time pursuant to Art. 7 (3) GDPR. Such revocation shall not affect the lawfulness of the processing up to the time of revocation on the basis of the consent.
We use the widespread SSL method (Secure Socket Layer) with the highest encryption level supported by your browser. Usually this is a 2048-bit encryption. If your browser does not support 2048-bit encryption, we will instead use the maximum encryption possible with your browser. You can tell whether an individual site on our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.
Apart from this, we rely on appropriate technical and organizational measures to protect your data against random or wilful manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with the newest technological developments.