Privacy Statement

This Privacy Statement informs you about our handling of your data. In order to make the processing of your data comprehensible to you, we would like to give you an overview of these processing operations with the following information. To ensure fair processing, this Privacy Statement contains general information about our handling of your data as well as information about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

We also inform you in detail about

  1. General information
  2. Data processing on our website
  3. Data processing on our platform
  4. Data processing on our Facebook Fanpage
  5. Further data protection processing
  6. Data security

Responsible for the data processing is shipcloud GmbH, Heinz-Fangman-Strasse 2-4, House 4, 42287 Wuppertal (hereinafter referred to as "we" or "us").

In case of differences between the German and English version or in other cases of doubt, the German version shall be valid.

I. General information

1. Contact

If you have any questions or suggestions about this information or would like to contact us for enforcing your rights, please submit your request to

shipcloud GmbH
Heinz-Fangman-Straße 2-4, House 4, 42287 Wuppertal
Phone +49 (0)40 605906630
Email: info@shipcloud.io

2. General information about data processing

The data protection term "personal data" refers to all information that relates to a particular or identifiable person.

We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us takes place only on the basis of a legal permission. We process personal data only with your consent (Article 6 (1) (a) GDPR), to fulfill a contract of which you are a party, or to your request to carry out pre-contractual measures (Article 6 (1) (b) GDPR), for the fulfillment of a legal obligation (Art. 6 (1) c) GDPR) or if the processing is necessary for the protection of our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, the protection of personal data predominate (Article 6 (1) (f) GDPR).

3. Duration of storage

Unless otherwise stated in the following instructions, we only store the data as long as it is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such statutory retention requirements may arise in particular from commercial or tax regulations.

4. Receiver of the data

We use commissioned service providers for individual processing. These include e.g. hosting, maintenance and support of IT systems, marketing measures, or file and disk destruction. These service providers process the data only after explicit instructions and are contractually obliged to guarantee appropriate technical and organizational data protection measures. In addition, we may transfer personal data of our customers to bodies such as postal and delivery services, payment and information services, banks, tax consultants / auditors, or the financial administration.

5. Processing in the exercise of your rights according to the Articles 15 to 22 GDPR

If you exercise your rights in accordance with Art. 12 to 22 GDPR, we process the transmitted personal data for the purpose of the implementation of these rights by us and to provide evidence thereof.

We will process data stored for the purpose of providing information and its preparation only for this purpose as well as for purposes of data protection control and otherwise restrict the processing in accordance with Art. 18 GDPR.

These processing operations are based on the legal basis of Article 6 (1) (c) GDPR in conjunction with Art. 15 to 22 GDPR and Par. 34 Abs. 2 BDSG.

6. Your rights

As the data subject, you have the right to claim your rights to us. In particular, you have the following rights:

  • In accordance with Art. 15 GDPR and Par. 34 BDSG, you have the right to request information about whether and, if applicable, to what extent we process personal data about you or not.
  • You have the right to request the correction of your data in accordance with Art. 16 GDPR.
  • You have the right to demand the deletion of your personal data in accordance with Art. 17 GDPR and Par. 35 BDSG.
  • You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.
  • You have the right, in accordance with Art. 20 GDPR, to receive the personal data that you have provided us with in a structured, common and machine-readable format and to transmit this data to another person in charge.
  • If you have given us a separate consent in the data processing, you can revoke this consent at any time in accordance with Art. 7 (3) GDPR. Such revocation shall not affect the lawfulness of the processing up to the time of revocation on the basis of the consent.
  • If you believe that the processing of your personal data is in violation of the provisions of the GDPR, you have the right to complain to a supervisory authority in accordance with Art. 77 GDPR.

For requests for information, correction, deletion, restriction, recieving, or in any other case related to data protection please contact privacy@shipcloud.io.

7. Right of objection

In accordance with Article 21 (1) GDPR, you have the right to object to processing based on the legal basis of Article 6 (1) (e) or (f) GDPR for reasons arising from your particular situation. Insofar as personal data about you are processed for the purpose of direct advertising, you may lodge an objection against this processing in accordance with Art. 21 (2) and (3) GDPR.

8. Data Protection Officer

You can contact our data protection officer via dsb@shipcloud.io

II. Data processing on our website

When you use the website, we collect information that you provide yourself. In addition, during your visit to the wbsite, we automatically collect certain information about your use of the website. In terms of data protection law, the IP address also applies as personal data. An IP address is assigned to each Internet-connected device by the ISP so that it can send and receive data.

1. Data transmission to the US

Visiting our website may be associated with the transfer of certain personal data to the United States. For data transmission to the US as a third country, a country in which the GDPR is not applicable law, the European Commission has decided according to Art. 45 GDPR that an adequate level of data protection is achieved as long as companies are certified under the EU-US Privacy Shield. The transmission to the US then takes place in a permissible manner.

2. Processing of server log files

In the purely informative use of our website, the first step is to automatically store general information (that is, not via registration) that your browser sends to our server. These include by default: browser type / version, OS used, page visited, the previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code.

The processing is for the protection of our legitimate interests and is based on the legal basis of Art. 6 (1) (f) GDPR. This processing is for the technical management and security of the website. The stored data will be deleted after four weeks, unless there is a justified suspicion of illegal use on the basis of concrete indications and further examination and processing of the information is necessary for this reason.

We are unable to identify you as a data subject based on the information stored. The Art. 15 to 22 GDPR are therefore not applicable in accordance with. Art. 11 (2) GDPR, unless you provide additional information to enable you to exercise your rights under these articles.

3. Contact via our contact form

We use a chat form provided by Zendesk Inc. (1019 Market Street San Francisco, California 94103, USA "Zendesk"). All data fields marked as mandatory are required to process your request. Non-provisioning means that we can not process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail. We process the data for the purpose of answering your request. If your request is directed to the conclusion or the execution of a contract with us, then Art. 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who request information. The legal basis for data processing is then Article 6 (1) (f) GDPR. You can always send us a message via our contact e-mail address. The use of the chat tool is thus of purely voluntary nature.

Zendesk is certified under the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active.

4. Newsletter

a. Subscribe and unsubscribe

We offer you the possibility to subscribe our newsletter on our website. After subscribtion, we will inform you regularly about the latest news and offers. To subscribe for the newsletter, a valid e-mail address is required. To verify the e-mail address, you will first receive a login e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name on the basis of your consent. The processing is based on the legal basis of Art. 6 (1) (a) GDPR.

The given consent can be withdrawn at any time with effect for the future, for example via the "unsubscribe" link in the newsletter or by contacting us via the channels mentioned above. The legality of the already completed data processing operations remains unaffected by the revocation.

When subscribing for the newsletter, we also store the IP address as well as the date and time of registration. The processing of this data is necessary to be able to prove a given consent. The legal basis results from our legal obligation to document your consent (Art. 6 (1) c) in conjunction with Art. 7 (1) GDPR).

b. Newsletter analysis

We also analyze the reading behavior and opening rates of our newsletter. We collect and process pseudonymised usage data that we do not combine with your e-mail address or IP address.

The legal basis for the analysis of our newsletter is Art. 6 (1) (f) GDPR and the processing serves our legitimate interest in the optimization of our newsletter. You can contradict to this at any time by contacting one of the above mentioned contact channels.

5. Cookies

We use cookies on our website. Cookies are small text files that are saved by your browser when you visit a website. This marks the used browser and can be recognized by our webserver. Insofar as the use of cookies results in the processing of personal data, this is based on the legal basis of Art. 6 (1) (f) GDPR. This processing serves our legitimate interest in making our website more user-friendly, effective, and secure.

We use so-called "session cookies", which are deleted when the browser session ends. Other cookies ("persistent cookies") are automatically deleted after a specified period, which may differ depending on the cookie.

You can delete the cookies in the security settings of your browser at any time. You may oppose the use of cookies by your browser settings in principle or in certain cases. Further information can be obtained from the German Federal Office for Information Security at https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.

6. Analysis of our website

a. New Relic

Our website uses New Relic, an analysis service of New Relic Inc. (188 Spear Street, Suite 1200 San Francisco, CA 94105, USA, "New Relic"). New Relic is a web analytics tool that collects the user data of a website in order to analyze and monitor the website for performance, for example, to improve the loading times of individual parts of the website. For more information about privacy and cookies, visit http://newrelic.com/privacy. The legal basis for the use of this service is Article 6 (1) (f) GDPR and serves the legitimate interest of optimizing our website.

New Relic is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active).

b. Google Analytics

We use the Google Analytics service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") to evaluate our website visits. Google uses cookies that allow an analysis of your use of our website. It processes personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers, and information about how you interact with our site. The information generated by the cookie about the use of our website by users is usually transmitted to a Google server in the US and stored there. Google will use this information on our behalf to evaluate the use of our online offer by users to compile reports on the activities within our website and to provide us with further services related to the use of our website and internet usage. In this case, pseudonymous user profiles of the processed data can be created.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The IP address submitted by the user's browser will not be merged with other data provided by Google.

Information about the cookies used by Google can be found at https://policies.google.com/technologies/types?hl=en.

You can prevent the storage of cookies by Google Analytics via a corresponding setting of your browser software. You can also prevent the collection of information generated by the cookie by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout. If you visit our website via a mobile device, you can deactivate Google Analytics by clicking on this link

The legal basis for the data processing in connection with the Google Analytics service is Art. 6 (1) (f) GDPR and the processing operations serve the legitimate interest of analyzing the user behavior on our website and the possible needs-based design.

When using Google Analytics, we can not exclude the transmission of the processed data to the US-based Google LLC. Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

7. Google Ads

We use the Google Ads online advertising program provided by Google Ads Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") to display advertisements on the Google search engine. If you access our website via a Google ad, Google will place a cookie on your device ("conversion cookie"). Each Google Ads customer has a different conversion cookie associated with it so that cookies are not tracked through the websites of different Ads customers. The information obtained with the help of the cookie is used to generate conversion statistics. That's how we receive information on the total number of users who clicked on one of our Google ads. However, we do not receive information that personally identifies users.

Insofar as personal data is processed, this is based on the legal basis of Art. 6 (1) (f) GDPR and the data processing serves our legitimate economic interests. You can opt-out of conversion tracking by stopping cookies from being set by your browser.

When using Google Ads, we can not exclude the transmission of the processed data to the US-based Google LLC. Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

8. Embedded Services and Third Party Content

We use third-party services and content (hereinafter collectively referred to as "content") on our website. For such an integration, a processing of your IP address is technically necessary, so that the contents can be sent to your browser. Your IP address will therefore be transmitted to the respective third party providers.

In each case, these data processing is used to safeguard our legitimate interests in the optimization and economic operation of our website and are based on the legal basis of Art. 6 (1) (f) GDPR.

You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Such an extension is, for example, the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.

We have included content from the following third-party services on our website:

9. Plugins of social networks

We use buttons on our website for social networks and comparable offers from third parties (hereinafter referred to as "plugin"). These plugins allow you to distribute the contents of our website in the respective social network. To integrate the plugin into our website, its program code is transmitted directly from the servers of the respective provider when our website is accessed. For this purpose, a transmission of the IP address used is technically necessary. This transfer takes place regardless of whether you click on the plugin or not. If you are logged in to the social network when you visit our website or if you interact with the plugin, you may receive further information. For more information, please contact the provider of the plugin. In each case, the data processing takes place in order to safeguard our legitimate interests in increasing the awareness and scope of our website and is based on the legal basis of Art. 6 (1) (f) GDPR.

We have included plugins from the following third parties in our website:

III. Data processing on our platform

If you, as a customer or developer, use our platform, we will process your data provided to us as part of the provision of services, as described below.

1. Registration and login for customers and developers

In order to be able to use our offer as a customer or developer and to be able to use certain functions of the website, a registration via the website is required. The required information can be seen from the registration form. Providing the information marked as mandatory is mandatory in order to qualify for our offer. The provided data will be processed for the purpose of service provision and contract execution. The processing is based on the legal basis of Article 6 (1) (b) GDPR.

2. Payment

If you choose a paid plan, we offer you the option of paying by credit card. Please note that the respective payment information is collected and processed by the respective payment service providers on their own responsibility. The payment service providers merely transmit us your name and the expiry date of the credit card, which is stored for us to fulfill the contract. The legal basis is Article 6 (1) (b) GDPR.

You also have the possibility to pay via Paypal. Please note that the relevant payment information is provided and processed by PayPal (Europe) S.à r.l. et Cie, S.C.A. domiciled in Luxembourg on its own responsibility. Paypal transfers the name of your PayPal account and of the account holder, which we process exclusively for the execution of the contract. The legal basis is Article 6 (1) (b) GDPR. With PayPal payment we only save the name of the PayPal account. For more information about privacy at Paypal, please visit: https://www.paypal.com/web/sapps/mpp/ua/privacy-full?locale.x=en_DE#r5.

Furthermore, there is the possibility to pay by electronic direct debit in case of an explicit individual agreement with us. After we unlocked the payment by electronic direct debit following an explicit individual agreement with us, the account holder, the IBAN, and the BIC are required as well as issuing a SEPA mandate to us. When paying by electronic direct debit, we store the name of the account holder, the IBAN, the BIC, and the SEPA mandate.

3. Chat

We use Intercom Inc.'s chat tool on our platform (55 2nd Street, 4th Floor, San Francisco, California 94105, United States "Intercom"). If you send us inquiries via chat, your details from the chat history, including the contact details you provided there, will be stored for the purpose of processing the request and in case of follow-up questions. Our chat feature stores the IP addresses with the location of the users who write messages. The legal basis for the use of this service is Art. 6 (1) (f) GDPR. You can always send us a message via our contact e-mail address. The use of the chat tool is thus of purely voluntary nature.

Intercom is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt0000000TNQvAAO&status=Active).

4. E-Mail communication

Important changes and innovations regarding our platform will be sent to our customers by e-mail. This information is for the sole purpose of ensuring the contractually agreed performance. The legal basis for sending these e-mails is Art. 6 (1) (b) GDPR, since the information is required for performing the contract. We also analyze the reading behavior and opening rates of these e-mails. The legal basis for the analysis of these e-mails is Art. 6 (1) (f) GDPR and the processing serves our legitimate interest in knowing whether our customers have received the information. You can object to the analysis at any time by contacting one of the above mentioned contact channels.

To manage subscribers, send, and analyze these emails, we use the Mandrill service of The Rocket Science Group LLC, d/b/a MailChimp (US).

The Rocket Science Group LLC is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

5. Data Processing Agreement

In the context of the provision of services, it is also necessary for us as a data processor in terms of Art. 4 (8) GDPR to deal with personal data for which you are responsible in terms of Art. 4 No. 7 GDPR. A Data Processing Agreement pursuant to Art. 28 GDPR specifies the data protection rights and obligations of both of us in connection with our handling of your clients’ data for the provision of services. We make our Data Processing Agreement available to customers/data processors when registering on our platform. For informational purposes, a non-signable version can be accessed on our website.

We use electronic media for order processing, including proof of delivery. Therefore, we also store digitized signatures. The reproduction of the electronic signature applies as proof of delivery when combined with date and time. We do not assume any guarantee for the permanent availability/usability of electronic data provided to us.

6. Captcha service

We use Google's reCaptcha service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our platform when using certain features to determine whether a person or computer makes a particular entry. Thereby, only if you use the feature of the return portal or register as a developer for our slack channel will reCaptcha be used. Google uses the following data to determine whether you are a human being or a computer: IP address of the terminal used, the website you visit on our site where the captcha is embedded (return portal), the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha surfaces and tasks in which you have to identify images.

As far as personal data is processed, this is based on the legal basis of Art. 6 (1) (f) GDPR and the data processing serves our legitimate economic interests to ensure the security of our website and to protect us from automated entries (attacks).

When using Google reCaptcha, we cannot exclude the transmission of the processed data to the US-based Google LLC. Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

IV. Data processing on our Facebook page

When you visit our Facebook page, where we represent our company or individual products from our offer, certain information about you will be processed. The one responsible for the processing of personal data is Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland, "Facebook"). Further information about the processing of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation.

1. Processing of page insights

Facebook provides us with anonymous statistics and insights for our Facebook page which help us gain insights into the types of actions people take on our page (so-called "page insights"). These page insights are created based on specific information about people who visited our page. This processing of personal data is done by Facebook and us as jointly responsible persons. Processing serves our legitimate interest in evaluating the types of actions taken on our page and improving our page based on these findings. The legal basis for this processing is Art. 6 (1) (f) GDPR. We will never associate the information obtained from the page insights with a specific Facebook profile by referring to "Like" information for our page.

We have an agreement with Facebook for the processing of the data as jointly responsible, which determines the distribution of data protection obligations between us and Facebook. Details of how personal data is processed to create page insights and the Agreement entered into between us and Facebook are available at https://www.facebook.com/legal/terms/information_about_page_insights_data.

2. Processing of data communicated to us through our page

We also process information that you provide us through our Facebook page. Such information may be the Facebook name, contact information, or a message to us. We process this personal data only if we have previously asked you explicitly to inform us about this data, for example in the context of a survey or a raffle. This data processing is carried out by us as the sole person in charge.

If your request is directed to the conclusion or the execution of a contract with us, then Art. 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who request information. The legal basis for data processing is then Art. 6 (1) (f) GDPR.

V. Further data processing

1. Contractual Relationship

For the establishment or implementation of the contractual relationship with our customers, the processing of the personal master, contract, and payment data provided to us is required on a regular basis. The legal basis for this processing is Art. 6 (1) (b) GDPR. In addition, we process customer and prospect data for evaluation and marketing purposes. These processing operations are based on the legal basis of Art. 6 (1) (f) GDPR and serve our interest in further developing our offer and informing you specifically about offers of the shipcloud GmbH. Further data processing can take place if you have consented (Art. 6 (1) (a) GDPR) or if this serves to fulfill a legal obligation (Art. 6 (1) (c) GDPR).

2. Applications

When you apply to our company, we process your application data solely for purposes related to your interest in working with us today or in the future and processing your application. Your application will only be processed and taken note of by the relevant contact persons. All data controllers are required to protect the confidentiality of your information. If we are unable to provide you employment, we will retain the information you provide for up to six months after any rejection for the purpose of answering questions related to your application and disapproval. This does not apply insofar as statutory provisions preclude deletion, further storage is necessary for the purpose of providing evidence or you have expressly consented to a longer storage period. The legal basis for the data processing is Par. 26 (1) (p 1) BDSG. If we retain your applicant data for a period of six months and have expressly consented to it, we would point out that this consent is freely revocable at any time pursuant to Art. 7 (3) GDPR. Such revocation shall not affect the lawfulness of the processing up to the time of revocation on the basis of the consent.

VI. Data security

We use the popular SSL (Secure Socket Layer) method within the website visit, in conjunction with the highest level of encryption supported by your browser. Usually, this is a 2048 bit encryption. If your browser does not support 2048 bit encryption, we will instead use the maximum possible encryption according to your browser. Whether a single site on our website is transmitted using encryption is shown by the key icon or the lock icon in the status bar of your browser.

We also make appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.