Privacy Statement

This Privacy Statement informs you about our handling of your data. In order to make the processing of your data comprehensible to you, we would like to give you an overview of these processing operations with the following information. To ensure fair processing, this Privacy Statement contains general information about our handling of your data as well as information about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

We also inform you in detail about

  1. General information
  2. Data processing on our website
  3. Data processing on our platform
  4. Data processing on our Facebook Fanpage
  5. Further data protection processing
  6. Data security

Responsible for the data processing is shipcloud GmbH, Heinz-Fangman-Strasse 2-4, House 4, 42287 Wuppertal (hereinafter referred to as "we" or "us").

In case of differences between the German and English version or in other cases of doubt, the German version shall be valid.

I. General information

1. Contact

If you have any questions or suggestions about this information or would like to contact us for enforcing your rights, please submit your request to

shipcloud GmbH
Heinz-Fangman-Straße 2-4, House 4, 42287 Wuppertal
Phone +49 (0)40 605906630
Email: info@shipcloud.io

2. General information about data processing

The data protection term "personal data" refers to all information that relates to a particular or identifiable person.

We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us takes place only on the basis of a legal permission. We process personal data only with your consent (Article 6 (1) (a) GDPR), to fulfill a contract of which you are a party, or to your request to carry out pre-contractual measures (Article 6 (1) (b) GDPR), for the fulfillment of a legal obligation (Art. 6 (1) c) GDPR) or if the processing is necessary for the protection of our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, the protection of personal data predominate (Article 6 (1) (f) GDPR).

3. Duration of storage

Unless otherwise stated in the following instructions, we only store the data as long as it is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such statutory retention requirements may arise in particular from commercial or tax regulations.

4. Receiver of the data

We use commissioned service providers for individual processing. These include e.g. hosting, maintenance and support of IT systems, marketing measures, or file and disk destruction. These service providers process the data only after explicit instructions and are contractually obliged to guarantee appropriate technical and organizational data protection measures. In addition, we may transfer personal data of our customers to bodies such as postal and delivery services, payment and information services, banks, tax consultants / auditors, or the financial administration.

5. Data Transfer to Third Countries

Visiting our website may involve the transfer of certain personal data to third countries, i.e., countries in which the GDPR is not applicable law. Such a transfer is lawful, if the European Commission has determined that the third country ensures an adequate level of data protection. In absence of such an adequacy decision by the European Commission, the personal transfer may only be transferred to a third country if appropriate safeguards in accordance with Art. 46 GDPR are provided or one of the conditions pursuant to Art. 49 GDPR is met.

Unless otherwise stated in the following we use the standard contractual clauses for the transfer of personal data to processors established in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32010D0087.

If you consent to the transfer of your personal data to third countries, the transfer is legally based on Art. 49 para. 1 letter a) GDPR.

6. Processing in the exercise of your rights according to the Articles 15 to 22 GDPR

If you exercise your rights in accordance with Art. 12 to 22 GDPR, we process the transmitted personal data for the purpose of the implementation of these rights by us and to provide evidence thereof.

We will process data stored for the purpose of providing information and its preparation only for this purpose as well as for purposes of data protection control and otherwise restrict the processing in accordance with Art. 18 GDPR.

These processing operations are based on the legal basis of Article 6 (1) (c) GDPR in conjunction with Art. 15 to 22 GDPR and Par. 34 Abs. 2 BDSG.

7. Your rights

As the data subject, you have the right to claim your rights to us. In particular, you have the following rights:

  • In accordance with Art. 15 GDPR and Par. 34 BDSG, you have the right to request information about whether and, if applicable, to what extent we process personal data about you or not.
  • You have the right to request the correction of your data in accordance with Art. 16 GDPR.
  • You have the right to demand the deletion of your personal data in accordance with Art. 17 GDPR and Par. 35 BDSG.
  • You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.
  • You have the right, in accordance with Art. 20 GDPR, to receive the personal data that you have provided us with in a structured, common and machine-readable format and to transmit this data to another person in charge.
  • If you have given us a separate consent in the data processing, you can revoke this consent at any time in accordance with Art. 7 (3) GDPR. Such revocation shall not affect the lawfulness of the processing up to the time of revocation on the basis of the consent.
  • If you believe that the processing of your personal data is in violation of the provisions of the GDPR, you have the right to complain to a supervisory authority in accordance with Art. 77 GDPR.

For requests for information, correction, deletion, restriction, recieving, or in any other case related to data protection please contact privacy@shipcloud.io.

8. Right of objection

In accordance with Article 21 (1) GDPR, you have the right to object to processing based on the legal basis of Article 6 (1) (e) or (f) GDPR for reasons arising from your particular situation. Insofar as personal data about you are processed for the purpose of direct advertising, you may lodge an objection against this processing in accordance with Art. 21 (2) and (3) GDPR.

9. Data Protection Officer

You can contact our data protection officer via dsb@shipcloud.io.

II. Data processing on our website

When you use the website, we collect information that you provide yourself. In addition, during your visit to the wbsite, we automatically collect certain information about your use of the website. In terms of data protection law, the IP address also applies as personal data. An IP address is assigned to each Internet-connected device by the ISP so that it can send and receive data.

1. Processing of server log files

In the purely informative use of our website, the first step is to automatically store general information (that is, not via registration) that your browser sends to our server. These include by default: browser type / version, OS used, page visited, the previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code.

The processing is for the protection of our legitimate interests and is based on the legal basis of Art. 6 (1) (f) GDPR. This processing is for the technical management and security of the website. The stored data will be deleted after four weeks, unless there is a justified suspicion of illegal use on the basis of concrete indications and further examination and processing of the information is necessary for this reason.

We are unable to identify you as a data subject based on the information stored. The Art. 15 to 22 GDPR are therefore not applicable in accordance with. Art. 11 (2) GDPR, unless you provide additional information to enable you to exercise your rights under these articles.

2. Contact via our contact form

We use a chat form provided by Zendesk Inc. (1019 Market Street San Francisco, California 94103, USA "Zendesk"). All data fields marked as mandatory are required to process your request. Non-provisioning means that we can not process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail. We process the data for the purpose of answering your request. If your request is directed to the conclusion or the execution of a contract with us, then Art. 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who request information. The legal basis for data processing is then Article 6 (1) (f) GDPR. You can always send us a message via our contact e-mail address. The use of the chat tool is thus of purely voluntary nature.

3. Newsletter

a. Subscribe and unsubscribe

We offer you the possibility to subscribe our newsletter on our website. After subscribtion, we will inform you regularly about the latest news and offers. To subscribe for the newsletter, a valid e-mail address is required. To verify the e-mail address, you will first receive a login e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name on the basis of your consent. The processing is based on the legal basis of Art. 6 (1) (a) GDPR.

The given consent can be withdrawn at any time with effect for the future, for example via the "unsubscribe" link in the newsletter or by contacting us via the channels mentioned above. The legality of the already completed data processing operations remains unaffected by the revocation.

When subscribing for the newsletter, we also store the IP address as well as the date and time of registration. The processing of this data is necessary to be able to prove a given consent. The legal basis results from our legal obligation to document your consent (Art. 6 (1) c) in conjunction with Art. 7 (1) GDPR).

b. Newsletter analysis

We also analyze the reading behavior and opening rates of our newsletter. We collect and process pseudonymised usage data that we do not combine with your e-mail address or IP address.

The legal basis for the analysis of our newsletter is Art. 6 (1) (f) GDPR and the processing serves our legitimate interest in the optimization of our newsletter. You can contradict to this at any time by contacting one of the above mentioned contact channels.

4. Cookies

We use cookies and similar technologies on our website. Cookies are small text files that are stored by your browser when you visit a website. This makes the browser identifiable so it can be recognized by our web server. You as the user have full control over the use of cookies. You can delete the cookies in the security settings of your browser at any time. You may oppose the use of cookies by your browser settings in principle or in certain cases. Further information can be obtained from the German Federal Office for Information Security .

In part, the use of cookies is necessary to maintain functionality and operation of our website and is, therefore, lawful without consent. Apart from that, we use cookies and similar technologies to offer special functions and content or to measure the coverage of our website and analyze the use of our website. This may include cookies by third parties. Cookies which are not necessary to maintain functionality of the website we will only use with your consent pursuant to section 15 para. 1 TMG or Art. 6 para. 1 letter a) GDPR. You can find information on purpose, providers, technologies used, data collected and period of storage of individual cookies in the settings of our consent management tool.

Cookie consent revocation

5. Analysis of our website

a. New Relic

Our website uses New Relic, an analysis service of New Relic Inc. (188 Spear Street, Suite 1200 San Francisco, CA 94105, USA, "New Relic"). New Relic is a web analytics tool that collects the user data of a website in order to analyze and monitor the website for performance, for example, to improve the loading times of individual parts of the website. For more information about privacy and cookies, visit http://newrelic.com/privacy. The legal basis for the use of this service is Article 6 (1) (a) GDPR and serves the legitimate interest of optimizing our website.

b. Google Analytics

We use the Google Analytics service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") to evaluate our website visits.

Google Analytics is a web analysis service, which enables us to collect and analyze data relating to the behaviour of the visitors to our website. Google Analytics uses cookies which enable an analysis of your use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about the interaction with our website are processed.

In part this data consists of information stored on your device. Apart from this the cookies will store further information on your device. Such a storage of information by Google Analytics or access to information already stored on your device is only carried out with your consent.

Google Ireland will use this information on our behalf to analyze the interaction with our website by users, to compile reports on the activities on our website and to provide us with further services related to the use of our website and the internet. The processed data can be used to create pseudonymous user profiles.

Setting of cookies and the further processing described above is subject to your consent. Legal basis for processing relating to Google Analytics is, thus, Article 6 (1) (a) GDPR. You may withdraw your consent with effect for the future at any time.

The data processed on our behalf in order to provide Google Analytics can be transferred to any country in which Google Ireland or Google Ireland’s sub processors have subsidiaries. This transfer is legally based on standard contractual clauses in the sense of Article 46 (2) (c) GDPR.

We only use Google Analytics while IP anonymization is activated. This means that the user’s IP address will be shortened within the EU or the European Economic Area. The IP address transferred by the browser of the user is not merged with other data.

6. Google Ads

We use the Google Ads online advertising program provided by Google Ads Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to display advertisements on the Google search engine. If you access our website via a Google ad, Google will place a cookie on your device ("conversion cookie"). Each Google Ads customer has a different conversion cookie associated with it so that cookies are not tracked through the websites of different Ads customers. The information obtained with the help of the cookie is used to generate conversion statistics. That's how we receive information on the total number of users who clicked on one of our Google ads. However, we do not receive information that personally identifies users. Insofar as personal data is processed, this is based on the legal basis of Art. 6 (1) (a) GDPR.

7. Facebook Pixel

We use the Facebook Pixel, a Facebook business tool by Facebook Ireland Limited (Ireland, EU) on our website. Information on contact details of Facebook Ireland and the data protection officer of Facebook Ireland are available in the data guideline by Facebook Ireland.

The Facebook Pixel is a JavaScript-Code-Extract enabling us to detect the activities of the visitors to our website. This detection is called conversion tracking. The Facebook Pixel collects and processes the following information (so called event data):

  • Information about actions and activities of the visitors of our website, e.g. searching and clicking on a product or buying a product;
  • Specific Pixel information like the Pixel ID and the Facebook cookie;
  • Information about the buttons clicked by the visitors of our website;
  • Information contained in the HTTP-headers such as IP addresses, information about the web browser, the location of the page and the referrer;
  • Information on the status of deactivation/restriction of the advertisement tracking.

In part this event data is information which is stored in your device. Apart from this the Facebook Pixel uses cookies which will store further information on your device. Such a storage of information by the Facebook Pixel or access to information already stored on your device is only carried out with your consent.

Tracked conversions are shown in the dashboard of our Facebook advertisement manager and of Facebook analytics. We can use the tracked conversions to measure the effectivity of our ads, to determine Custom Audiences for the targeting of ads, for dynamic ad campaigns and to analyze the effectivity of conversion funnels on our website. The functions of Facebook Pixels used by us are described in detail in the following.

Processing of event data for marketing purposes

The event data collected by the Facebook Pixel are used for targeting our ads and for optimization of the delivery of our ads, for the personalization of functions and content as well as for the optimization of Facebook Products.

For this, event data is collected on our website by the Facebook Pixel and transferred to Facebook Ireland. This is subject to your consent. Thus, the legal basis for the collection and transfer of the personal data to Facebook Ireland is Article 6 (1) (a) GDPR.

Facebook and we are joint controllers of the collection and transfer of the event data. We have concluded an agreement with Facebook regarding joint controllership in which the respective responsibilities for the data protection obligations are determined between Facebook and us. Inter alia we have agreed with Facebook

  • that we are responsible for providing you with all information in accordance with Article 13, 14 GDPR about the joint controllership of processing personal data;
  • that Facebook Ireland is responsible for safeguarding the rights of the data subject pursuant to Article 15-20 GDPR in regard to the personal data stored by Facebook after the joint controllership.

The agreement concluded between Facebook and us is available here.

Facebook Ireland is the controller of processing of event data after the transfer. Further information on how Facebook Ireland processes your data including the legal basis Facebook Ireland relies on and the opportunity to assert your rights against Facebook Ireland is available in the data guideline by Facebook Ireland.

Processing of event data for analysis purposes

In addition, we have commissioned Facebook Ireland to create reports on the effectivity of our marketing campaigns and other online content (campaign reports) and to provide analysis and insight about the users of our website, products and services (analysis) based on the event data collected by the Facebook Pixel. For this, we transfer the personal data contained in the event data to Facebook Ireland. The personal data transferred to Facebook Ireland is processed by Facebook Ireland on our behalf in order to provide us with campaign reports and analysis.

The processing of personal data for the purpose of providing analysis and campaign reports is subject to your consent. Thus, the legal basis for this is Article 6 (1) (a) GDPR.

A transfer of data to Facebook Inc. in the USA cannot be ruled out. This transfer is legally based on the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section ‘Data transfer to third countries’ in this regard.

8. LinkedIn Marketing Solutions

We use services of LinkedIn Marketing Solutions by LinkedIn Ireland Unlimited Company (Ireland/EU). For this purpose, the LinkedIn Insight tag is implemented on our website which is triggered by LinkedIn upon opening our website and sets a cookie on your device. Thereby, we are able to use the following functions described in detail below.

Function: Conversion Tracking

LinkedIn Conversion Tracking is an analysis tool which is supported by the LinkedIn Insight tag. The LinkedIn Insight tag enables the collection of information about visits to our website, including URL, referrer URL, IP address, device and browser characteristics (User Agent) as well as timestamps. The IP addresses are shortened or (if they are used to reach members across different devices) hashed. LinkedIn does not provide us with personal data but gives us reports (in which you are not identified) about the target audience of the website and the ad performance. In this way, we can learn about the effectivity of the LinkedIn ads for statistical and marketing purposes.

The direct member IDs are removed by LinkedIn within seven days in order to pseudonymize the data. LinkedIn deletes the remaining pseudonymized data within 180 days.

This processing activity serves the purpose of gathering information about the target audience of our website and receive reports about the effectivity of our LinkedIn campaigns.

Function: Target audience marketing

In addition, we use the service ‘Matched Audiences’ to align our marketing campaigns with certain target audiences.

LinkedIn Matched Audiences and the related data integration enables us to align our marketing to certain target audiences based on the data we provide to LinkedIn (e.g. company lists, hashed contact details, device identifiers or event data such as websites visited).

This processing activity serves the purpose of marketing for our products through targeted advertisement.

Further information on the processing activities relating to LinkedIn Marketing Solutions, the technologies used, the data stored, and the period of storage can be found in the settings of our consent management tool. We only use LinkedIn Marketing Solutions with your consent pursuant to section 15 para. 3 TMG or Article 6 . (1) (a) GDPR.

Members of LinkedIn can also control the use of their personal data for marketing purposes in the settings of their account. In order to deactivate the Insight tag on our website click (‘opt-out’) here.

A transfer of data to the USA cannot be ruled out when using LinkedIn services. Please note the information in the section ‘Data transfer to third countries’ in this regard. Details of how LinkedIn handles your data as well as about your rights and options for the protection for your personal data are available in LinkedIn’s privacy notice.

9. Embedded Services and Third Party Content

We use third-party services and content (hereinafter collectively referred to as "content") on our website. For such an integration, a processing of your IP address is technically necessary, so that the contents can be sent to your browser. Your IP address will therefore be transmitted to the respective third party providers.

In each case, these data processing is used to safeguard our legitimate interests in the optimization and economic operation of our website and are based on the legal basis of Art. 6 (1) (f) GDPR.

You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Such an extension is, for example, the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.

We have included content from the following third-party services on our website:

  • "Amazon Cloudfront" by Amazon Web Services Inc. (410 Terry Avenue North, Seattle WA 98109, USA; "Amazon) for content delivery.

10. Plugins of social networks

We use buttons on our website for social networks and comparable offers from third parties (hereinafter referred to as "plugin"). These plugins allow you to distribute the contents of our website in the respective social network. To integrate the plugin into our website, its program code is transmitted directly from the servers of the respective provider when our website is accessed. For this purpose, a transmission of the IP address used is technically necessary. This transfer takes place regardless of whether you click on the plugin or not. If you are logged in to the social network when you visit our website or if you interact with the plugin, you may receive further information. For more information, please contact the provider of the plugin. In each case, the data processing takes place in order to safeguard our legitimate interests in increasing the awareness and scope of our website and is based on the legal basis of Art. 6 (1) (f) GDPR.

We have included plugins from the following third parties in our website:

  • The twitter.com by the Twitter International Company (One Cumberland Place Fenian Street Dublin 2 Ireland, "Twitter")
  • facebook.com by Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland, "Facebook")
  • linkedin.com by LinkedIn Ireland Unlimited Company (Ireland/EU).

III. Data processing on our platform

If you, as a customer or developer, use our platform, we will process your data provided to us as part of the provision of services, as described below.

1. Registration and login for customers and developers

In order to be able to use our offer as a customer or developer and to be able to use certain functions of the website, a registration via the website is required. The required information can be seen from the registration form. Providing the information marked as mandatory is mandatory in order to qualify for our offer. The provided data will be processed for the purpose of service provision and contract execution. The processing is based on the legal basis of Article 6 (1) (b) GDPR.

2. Payment

If you choose a paid plan, we offer you the option of paying by credit card. Please note that the respective payment information is collected and processed by the respective payment service providers on their own responsibility. The payment service providers merely transmit us your name and the expiry date of the credit card, which is stored for us to fulfill the contract. The legal basis is Article 6 (1) (b) GDPR.

You also have the possibility to pay via Paypal. Please note that the relevant payment information is provided and processed by PayPal (Europe) S.à r.l. et Cie, S.C.A. domiciled in Luxembourg on its own responsibility. Paypal transfers the name of your PayPal account and of the account holder, which we process exclusively for the execution of the contract. The legal basis is Article 6 (1) (b) GDPR. With PayPal payment we only save the name of the PayPal account. Find more information about privacy at Paypal, please visit: here.

Furthermore, there is the possibility to pay by electronic direct debit in case of an explicit individual agreement with us. After we unlocked the payment by electronic direct debit following an explicit individual agreement with us, the account holder, the IBAN, and the BIC are required as well as issuing a SEPA mandate to us. When paying by electronic direct debit, we store the name of the account holder, the IBAN, the BIC, and the SEPA mandate.

3. Chat

We use Intercom Inc.'s chat tool on our platform (55 2nd Street, 4th Floor, San Francisco, California 94105, United States "Intercom"). If you send us inquiries via chat, your details from the chat history, including the contact details you provided there, will be stored for the purpose of processing the request and in case of follow-up questions. Our chat feature stores the IP addresses with the location of the users who write messages. The legal basis for the use of this service is Art. 6 (1) (f) GDPR. You can always send us a message via our contact e-mail address. The use of the chat tool is thus of purely voluntary nature.

4. E-Mail communication

Important changes and innovations regarding our platform will be sent to our customers by e-mail. This information is for the sole purpose of ensuring the contractually agreed performance. The legal basis for sending these e-mails is Art. 6 (1) (b) GDPR, since the information is required for performing the contract. We also analyze the reading behavior and opening rates of these e-mails. The legal basis for the analysis of these e-mails is Art. 6 (1) (f) GDPR and the processing serves our legitimate interest in knowing whether our customers have received the information. You can object to the analysis at any time by contacting one of the above mentioned contact channels.

To manage subscribers, send, and analyze these emails, we use the Mandrill service of The Rocket Science Group LLC, d/b/a MailChimp (US).

5. Data Processing Agreement

In the context of the provision of services, it is also necessary for us as a data processor in terms of Art. 4 (8) GDPR to deal with personal data for which you are responsible in terms of Art. 4 No. 7 GDPR. A Data Processing Agreement pursuant to Art. 28 GDPR specifies the data protection rights and obligations of both of us in connection with our handling of your clients’ data for the provision of services. We make our Data Processing Agreement available to customers/data processors when registering on our platform. For informational purposes, a non-signable version can be accessed on our website.

We use electronic media for order processing, including proof of delivery. Therefore, we also store digitized signatures. The reproduction of the electronic signature applies as proof of delivery when combined with date and time. We do not assume any guarantee for the permanent availability/usability of electronic data provided to us.

6. Captcha service

We use Google's reCaptcha service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our platform when using certain features to determine whether a person or computer makes a particular entry. Thereby, only if you use the feature of the return portal or register as a developer for our slack channel will reCaptcha be used. Google uses the following data to determine whether you are a human being or a computer: IP address of the terminal used, the website you visit on our site where the captcha is embedded (return portal), the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha surfaces and tasks in which you have to identify images.

As far as personal data is processed, this is based on the legal basis of Art. 6 (1) (f) GDPR and the data processing serves our legitimate economic interests to ensure the security of our website and to protect us from automated entries (attacks).

When using Google reCaptcha, we cannot exclude the transmission of the processed data to the US-based Google LLC.

IV. Data processing on our Facebook page

When you visit our Facebook page, where we represent our company or individual products from our offer, certain information about you will be processed. The one responsible for the processing of personal data is Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland, "Facebook"). Further information about the processing of personal data by Facebook can be found here.

1. Processing of page insights

Facebook provides us with anonymous statistics and insights for our Facebook page which help us gain insights into the types of actions people take on our page (so-called "page insights"). These page insights are created based on specific information about people who visited our page. This processing of personal data is done by Facebook and us as jointly responsible persons. Processing serves our legitimate interest in evaluating the types of actions taken on our page and improving our page based on these findings. The legal basis for this processing is Art. 6 (1) (f) GDPR. We will never associate the information obtained from the page insights with a specific Facebook profile by referring to "Like" information for our page.

We have an agreement with Facebook for the processing of the data as jointly responsible, which determines the distribution of data protection obligations between us and Facebook. Details of how personal data is processed to create page insights and the Agreement entered into between us and Facebook are available here.

2. Processing of data communicated to us through our page

We also process information that you provide us through our Facebook page. Such information may be the Facebook name, contact information, or a message to us. We process this personal data only if we have previously asked you explicitly to inform us about this data, for example in the context of a survey or a raffle. This data processing is carried out by us as the sole person in charge.

If your request is directed to the conclusion or the execution of a contract with us, then Art. 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who request information. The legal basis for data processing is then Art. 6 (1) (f) GDPR.

V. Further data processing

1. Contractual Relationship

For the establishment or implementation of the contractual relationship with our customers, the processing of the personal master, contract, and payment data provided to us is required on a regular basis. The legal basis for this processing is Art. 6 (1) (b) GDPR. In addition, we process customer and prospect data for evaluation and marketing purposes. These processing operations are based on the legal basis of Art. 6 (1) (f) GDPR and serve our interest in further developing our offer and informing you specifically about offers of the shipcloud GmbH. Further data processing can take place if you have consented (Art. 6 (1) (a) GDPR) or if this serves to fulfill a legal obligation (Art. 6 (1) (c) GDPR).

2. Applications

When you apply to our company, we process your application data solely for purposes related to your interest in working with us today or in the future and processing your application. Your application will only be processed and taken note of by the relevant contact persons. All data controllers are required to protect the confidentiality of your information. If we are unable to provide you employment, we will retain the information you provide for up to six months after any rejection for the purpose of answering questions related to your application and disapproval. This does not apply insofar as statutory provisions preclude deletion, further storage is necessary for the purpose of providing evidence or you have expressly consented to a longer storage period. The legal basis for the data processing is Par. 26 (1) (p 1) BDSG. If we retain your applicant data for a period of six months and have expressly consented to it, we would point out that this consent is freely revocable at any time pursuant to Art. 7 (3) GDPR. Such revocation shall not affect the lawfulness of the processing up to the time of revocation on the basis of the consent.

VI. Data security

We use the widespread SSL method (Secure Socket Layer) with the highest encryption level supported by your browser. Usually this is a 2048-bit encryption. If your browser does not support 2048-bit encryption, we will instead use the maximum encryption possible with your browser. You can tell whether an individual site on our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

Apart from this, we rely on appropriate technical and organizational measures to protect your data against random or wilful manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with the newest technological developments.