This Privacy Statement informs you about our handling of your data. In order to make the processing of your data comprehensible to you, we would like to give you an overview of these processing operations with the following information. To ensure fair processing, this Privacy Statement contains general information about our handling of your data as well as information about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
We also inform you in detail about
Responsible for the data processing is shipcloud GmbH, Heinz-Fangman-Strasse 2-4, House 4, 42287 Wuppertal (hereinafter referred to as "we" or "us").
In case of differences between the German and English version or in other cases of doubt, the German version shall be valid.
If you have any questions or suggestions about this information or would like to contact us for enforcing your rights, please submit your request to
Heinz-Fangman-Straße 2-4, House 4, 42287 Wuppertal
Phone +49 (0)40 605906630
The data protection term "personal data" refers to all information that relates to a particular or identifiable person.
We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us takes place only on the basis of a legal permission. We process personal data only with your consent (Article 6 (1) (a) GDPR), to fulfill a contract of which you are a party, or to your request to carry out pre-contractual measures (Article 6 (1) (b) GDPR), for the fulfillment of a legal obligation (Art. 6 (1) c) GDPR) or if the processing is necessary for the protection of our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, the protection of personal data predominate (Article 6 (1) (f) GDPR).
Unless otherwise stated in the following instructions, we only store the data as long as it is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such statutory retention requirements may arise in particular from commercial or tax regulations.
We use commissioned service providers for individual processing. These include e.g. hosting, maintenance and support of IT systems, marketing measures, or file and disk destruction. These service providers process the data only after explicit instructions and are contractually obliged to guarantee appropriate technical and organizational data protection measures. In addition, we may transfer personal data of our customers to bodies such as postal and delivery services, payment and information services, banks, tax consultants / auditors, or the financial administration.
If you exercise your rights in accordance with Art. 12 to 22 GDPR, we process the transmitted personal data for the purpose of the implementation of these rights by us and to provide evidence thereof.
We will process data stored for the purpose of providing information and its preparation only for this purpose as well as for purposes of data protection control and otherwise restrict the processing in accordance with Art. 18 GDPR.
These processing operations are based on the legal basis of Article 6 (1) (c) GDPR in conjunction with Art. 15 to 22 GDPR and Par. 34 Abs. 2 BDSG.
As the data subject, you have the right to claim your rights to us. In particular, you have the following rights:
For requests for information, correction, deletion, restriction, recieving, or in any other case related to data protection please contact firstname.lastname@example.org.
In accordance with Article 21 (1) GDPR, you have the right to object to processing based on the legal basis of Article 6 (1) (e) or (f) GDPR for reasons arising from your particular situation. Insofar as personal data about you are processed for the purpose of direct advertising, you may lodge an objection against this processing in accordance with Art. 21 (2) and (3) GDPR.
You can contact our data protection officer via email@example.com
When you use the website, we collect information that you provide yourself. In addition, during your visit to the wbsite, we automatically collect certain information about your use of the website. In terms of data protection law, the IP address also applies as personal data. An IP address is assigned to each Internet-connected device by the ISP so that it can send and receive data.
Visiting our website may be associated with the transfer of certain personal data to the United States. For data transmission to the US as a third country, a country in which the GDPR is not applicable law, the European Commission has decided according to Art. 45 GDPR that an adequate level of data protection is achieved as long as companies are certified under the EU-US Privacy Shield. The transmission to the US then takes place in a permissible manner.
In the purely informative use of our website, the first step is to automatically store general information (that is, not via registration) that your browser sends to our server. These include by default: browser type / version, OS used, page visited, the previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code.
The processing is for the protection of our legitimate interests and is based on the legal basis of Art. 6 (1) (f) GDPR. This processing is for the technical management and security of the website. The stored data will be deleted after four weeks, unless there is a justified suspicion of illegal use on the basis of concrete indications and further examination and processing of the information is necessary for this reason.
We are unable to identify you as a data subject based on the information stored. The Art. 15 to 22 GDPR are therefore not applicable in accordance with. Art. 11 (2) GDPR, unless you provide additional information to enable you to exercise your rights under these articles.
We use a chat form provided by Zendesk Inc. (1019 Market Street San Francisco, California 94103, USA "Zendesk"). All data fields marked as mandatory are required to process your request. Non-provisioning means that we can not process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail. We process the data for the purpose of answering your request. If your request is directed to the conclusion or the execution of a contract with us, then Art. 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who request information. The legal basis for data processing is then Article 6 (1) (f) GDPR. You can always send us a message via our contact e-mail address. The use of the chat tool is thus of purely voluntary nature.
Zendesk is certified under the EU-US Privacy Shield
We offer you the possibility to subscribe our newsletter on our website. After subscribtion, we will inform you regularly about the latest news and offers. To subscribe for the newsletter, a valid e-mail address is required. To verify the e-mail address, you will first receive a login e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name on the basis of your consent. The processing is based on the legal basis of Art. 6 (1) (a) GDPR.
The given consent can be withdrawn at any time with effect for the future, for example via the "unsubscribe" link in the newsletter or by contacting us via the channels mentioned above. The legality of the already completed data processing operations remains unaffected by the revocation.
When subscribing for the newsletter, we also store the IP address as well as the date and time of registration. The processing of this data is necessary to be able to prove a given consent. The legal basis results from our legal obligation to document your consent (Art. 6 (1) c) in conjunction with Art. 7 (1) GDPR).
We also analyze the reading behavior and opening rates of our newsletter. We collect and process pseudonymised usage data that we do not combine with your e-mail address or IP address.
The legal basis for the analysis of our newsletter is Art. 6 (1) (f) GDPR and the processing serves our legitimate interest in the optimization of our newsletter. You can contradict to this at any time by contacting one of the above mentioned contact channels.
We use so-called "session cookies", which are deleted when the browser session ends. Other cookies ("persistent cookies") are automatically deleted after a specified period, which may differ depending on the cookie.
Our website uses New Relic, an analysis service of New Relic Inc. (188 Spear Street, Suite 1200 San Francisco, CA 94105, USA, "New Relic"). New Relic is a web analytics tool that collects the user data of a website in order to analyze and monitor the website for performance, for example, to improve the loading times of individual parts of the website. For more information about privacy and cookies, visit http://newrelic.com/privacy. The legal basis for the use of this service is Article 6 (1) (f) GDPR and serves the legitimate interest of optimizing our website.
New Relic is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active).
We only use Google Analytics with activated IP anonymization. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The IP address submitted by the user's browser will not be merged with other data provided by Google.
Information about the cookies used by Google can be found at https://policies.google.com/technologies/types?hl=en.
You can prevent the storage of cookies by Google Analytics via a corresponding setting of your browser software. You can also prevent the collection of information generated by the cookie by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout. If you visit our website via a mobile device, you can deactivate Google Analytics by clicking on this link
The legal basis for the data processing in connection with the Google Analytics service is Art. 6 (1) (f) GDPR and the processing operations serve the legitimate interest of analyzing the user behavior on our website and the possible needs-based design.
When using Google Analytics, we can not exclude the transmission of the processed data to the US-based Google LLC. Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the Google Ads online advertising program provided by Google Ads Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") to display advertisements on the Google search engine. If you access our website via a Google ad, Google will place a cookie on your device ("conversion cookie"). Each Google Ads customer has a different conversion cookie associated with it so that cookies are not tracked through the websites of different Ads customers. The information obtained with the help of the cookie is used to generate conversion statistics. That's how we receive information on the total number of users who clicked on one of our Google ads. However, we do not receive information that personally identifies users.
Insofar as personal data is processed, this is based on the legal basis of Art. 6 (1) (f) GDPR and the data processing serves our legitimate economic interests. You can opt-out of conversion tracking by stopping cookies from being set by your browser.
When using Google Ads, we can not exclude the transmission of the processed data to the US-based Google LLC. Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use third-party services and content (hereinafter collectively referred to as "content") on our website. For such an integration, a processing of your IP address is technically necessary, so that the contents can be sent to your browser. Your IP address will therefore be transmitted to the respective third party providers.
In each case, these data processing is used to safeguard our legitimate interests in the optimization and economic operation of our website and are based on the legal basis of Art. 6 (1) (f) GDPR.
You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Such an extension is, for example, the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.
We have included content from the following third-party services on our website:
"Amazon Cloudfront" by Amazon Web Services Inc. (410 Terry Avenue North, Seattle WA 98109, USA; "Amazon) for content delivery.
Amazon is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active).
We use buttons on our website for social networks and comparable offers from third parties (hereinafter referred to as "plugin"). These plugins allow you to distribute the contents of our website in the respective social network. To integrate the plugin into our website, its program code is transmitted directly from the servers of the respective provider when our website is accessed. For this purpose, a transmission of the IP address used is technically necessary. This transfer takes place regardless of whether you click on the plugin or not. If you are logged in to the social network when you visit our website or if you interact with the plugin, you may receive further information. For more information, please contact the provider of the plugin. In each case, the data processing takes place in order to safeguard our legitimate interests in increasing the awareness and scope of our website and is based on the legal basis of Art. 6 (1) (f) GDPR.
We have included plugins from the following third parties in our website:
The twitter.com by the Twitter International Company (One Cumberland Place Fenian Street Dublin 2 Ireland, "Twitter").
Twitter is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
If you, as a customer or developer, use our platform, we will process your data provided to us as part of the provision of services, as described below.
In order to be able to use our offer as a customer or developer and to be able to use certain functions of the website, a registration via the website is required. The required information can be seen from the registration form. Providing the information marked as mandatory is mandatory in order to qualify for our offer. The provided data will be processed for the purpose of service provision and contract execution. The processing is based on the legal basis of Article 6 (1) (b) GDPR.
If you choose a paid plan, we offer you the option of paying by credit card. Please note that the respective payment information is collected and processed by the respective payment service providers on their own responsibility. The payment service providers merely transmit us your name and the expiry date of the credit card, which is stored for us to fulfill the contract. The legal basis is Article 6 (1) (b) GDPR.
You also have the possibility to pay via Paypal. Please note that the relevant payment information is provided and processed by PayPal (Europe) S.à r.l. et Cie, S.C.A. domiciled in Luxembourg on its own responsibility. Paypal transfers the name of your PayPal account and of the account holder, which we process exclusively for the execution of the contract. The legal basis is Article 6 (1) (b) GDPR. With PayPal payment we only save the name of the PayPal account. For more information about privacy at Paypal, please visit: https://www.paypal.com/web/sapps/mpp/ua/privacy-full?locale.x=en_DE#r5.
Furthermore, there is the possibility to pay by electronic direct debit in case of an explicit individual agreement with us. After we unlocked the payment by electronic direct debit following an explicit individual agreement with us, the account holder, the IBAN, and the BIC are required as well as issuing a SEPA mandate to us. When paying by electronic direct debit, we store the name of the account holder, the IBAN, the BIC, and the SEPA mandate.
We use Intercom Inc.'s chat tool on our platform (55 2nd Street, 4th Floor, San Francisco, California 94105, United States "Intercom"). If you send us inquiries via chat, your details from the chat history, including the contact details you provided there, will be stored for the purpose of processing the request and in case of follow-up questions. Our chat feature stores the IP addresses with the location of the users who write messages. The legal basis for the use of this service is Art. 6 (1) (f) GDPR. You can always send us a message via our contact e-mail address. The use of the chat tool is thus of purely voluntary nature.
Intercom is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt0000000TNQvAAO&status=Active).
Important changes and innovations regarding our platform will be sent to our customers by e-mail. This information is for the sole purpose of ensuring the contractually agreed performance. The legal basis for sending these e-mails is Art. 6 (1) (b) GDPR, since the information is required for performing the contract. We also analyze the reading behavior and opening rates of these e-mails. The legal basis for the analysis of these e-mails is Art. 6 (1) (f) GDPR and the processing serves our legitimate interest in knowing whether our customers have received the information. You can object to the analysis at any time by contacting one of the above mentioned contact channels.
To manage subscribers, send, and analyze these emails, we use the Mandrill service of The Rocket Science Group LLC, d/b/a MailChimp (US).
The Rocket Science Group LLC is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
In the context of the provision of services, it is also necessary for us as a data processor in terms of Art. 4 (8) GDPR to deal with personal data for which you are responsible in terms of Art. 4 No. 7 GDPR. A Data Processing Agreement pursuant to Art. 28 GDPR specifies the data protection rights and obligations of both of us in connection with our handling of your clients’ data for the provision of services. We make our Data Processing Agreement available to customers/data processors when registering on our platform. For informational purposes, a non-signable version can be accessed on our website.
We use electronic media for order processing, including proof of delivery. Therefore, we also store digitized signatures. The reproduction of the electronic signature applies as proof of delivery when combined with date and time. We do not assume any guarantee for the permanent availability/usability of electronic data provided to us.
We use Google's reCaptcha service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our platform when using certain features to determine whether a person or computer makes a particular entry. Thereby, only if you use the feature of the return portal or register as a developer for our slack channel will reCaptcha be used. Google uses the following data to determine whether you are a human being or a computer: IP address of the terminal used, the website you visit on our site where the captcha is embedded (return portal), the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha surfaces and tasks in which you have to identify images.
As far as personal data is processed, this is based on the legal basis of Art. 6 (1) (f) GDPR and the data processing serves our legitimate economic interests to ensure the security of our website and to protect us from automated entries (attacks).
When using Google reCaptcha, we cannot exclude the transmission of the processed data to the US-based Google LLC. Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
When you visit our Facebook page, where we represent our company or individual products from our offer, certain information about you will be processed. The one responsible for the processing of personal data is Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland, "Facebook"). Further information about the processing of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation.
Facebook provides us with anonymous statistics and insights for our Facebook page which help us gain insights into the types of actions people take on our page (so-called "page insights"). These page insights are created based on specific information about people who visited our page. This processing of personal data is done by Facebook and us as jointly responsible persons. Processing serves our legitimate interest in evaluating the types of actions taken on our page and improving our page based on these findings. The legal basis for this processing is Art. 6 (1) (f) GDPR. We will never associate the information obtained from the page insights with a specific Facebook profile by referring to "Like" information for our page.
We have an agreement with Facebook for the processing of the data as jointly responsible, which determines the distribution of data protection obligations between us and Facebook. Details of how personal data is processed to create page insights and the Agreement entered into between us and Facebook are available at https://www.facebook.com/legal/terms/information_about_page_insights_data.
We also process information that you provide us through our Facebook page. Such information may be the Facebook name, contact information, or a message to us. We process this personal data only if we have previously asked you explicitly to inform us about this data, for example in the context of a survey or a raffle. This data processing is carried out by us as the sole person in charge.
If your request is directed to the conclusion or the execution of a contract with us, then Art. 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who request information. The legal basis for data processing is then Art. 6 (1) (f) GDPR.
For the establishment or implementation of the contractual relationship with our customers, the processing of the personal master, contract, and payment data provided to us is required on a regular basis. The legal basis for this processing is Art. 6 (1) (b) GDPR. In addition, we process customer and prospect data for evaluation and marketing purposes. These processing operations are based on the legal basis of Art. 6 (1) (f) GDPR and serve our interest in further developing our offer and informing you specifically about offers of the shipcloud GmbH. Further data processing can take place if you have consented (Art. 6 (1) (a) GDPR) or if this serves to fulfill a legal obligation (Art. 6 (1) (c) GDPR).
When you apply to our company, we process your application data solely for purposes related to your interest in working with us today or in the future and processing your application. Your application will only be processed and taken note of by the relevant contact persons. All data controllers are required to protect the confidentiality of your information. If we are unable to provide you employment, we will retain the information you provide for up to six months after any rejection for the purpose of answering questions related to your application and disapproval. This does not apply insofar as statutory provisions preclude deletion, further storage is necessary for the purpose of providing evidence or you have expressly consented to a longer storage period. The legal basis for the data processing is Par. 26 (1) (p 1) BDSG. If we retain your applicant data for a period of six months and have expressly consented to it, we would point out that this consent is freely revocable at any time pursuant to Art. 7 (3) GDPR. Such revocation shall not affect the lawfulness of the processing up to the time of revocation on the basis of the consent.
We use the popular SSL (Secure Socket Layer) method within the website visit, in conjunction with the highest level of encryption supported by your browser. Usually, this is a 2048 bit encryption. If your browser does not support 2048 bit encryption, we will instead use the maximum possible encryption according to your browser. Whether a single site on our website is transmitted using encryption is shown by the key icon or the lock icon in the status bar of your browser.
We also make appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.