Privaatsuspoliitika

Privacy policy and information to Data Subjects according to Articles 13 and 14 of the EU-GDPR

sennder GmbH and its affiliated companies ("we" or "sennder") are committed to the protection of personal data. This Privacy Policy is directed at all users of sennder's services worldwide, including users of its websites, platforms, apps, functions or other services offered by sennder ("Services") unless covered by a separate privacy policy. Data subjects within the meaning of this Privacy Policy include, in particular, customers, carriers, drivers, business partners, employees, applicants and users of our online Services.

With this Privacy Policy we would like to inform you about the type, scope and purpose of the personal data we collect, use and process. Furthermore this Privacy Policy will inform you about your rights.

1. CONTACT DETAILS OF THE DATA CONTROLLER

Unless otherwise specified for a specific market or service, “Controller” within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions with a data protection nature is:

sennder GmbH
Genthiner Str. 34
10785 Berlin
Deutschland
Tel.: +49 (0) 30 2295 7438
E-Mail: info@sennder.com
Website: www.sennder.com
Managing Directors: David Nothacker, Nicolaus Schefenacker, Julius Köhler

The data protection officer of sennder can be reached at the above-mentioned address, attn. Data Protection Officer or via a coordinator at privacy@sennder.com.

2. INFORMATION THAT WE COLLECT ABOUT YOU

The personal data we collect from you depends on your specific business relationship with sennder. Below we describe what kind of data we collect and for what purposes:

2.1 Processing when using our Online-Services

a) Data concerned

When accessing our website, one of our internet portals, our app or other services offered online ("Online-Services"), a number of general data and information is collected with each access. This general data and information is stored in the log files of the server. The following data may be collected:

  • the browser types and versions used
  • the operating system used by the accessing system
  • the date and time of an access
  • an Internet Protocol (IP address)
  • the amount of data transmitted
  • the internet service provider of the accessing system
  • other similar data and information that serves the prevention of attacks on our information technology systems
  • Data that you voluntarily transmit to us

b) The purpose of processing and legal basis

We use the collected data to deliver and optimize the content of our Online Services correctly and to ensure the long-term viability and technical security of our systems. The anonymously collected data and information is processed for statistical purposes. These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 para. 1 f GDPR.

Personal data that you voluntarily submit to us, e.g. via our contact form, will be stored for the purpose of processing or for contacting you. The legal basis for such processing is Art. 6 para. 1 f GDPR.

c) Sharing your data

We will share your data with third parties who store your data on their servers. The types of third parties with whom we share your data include:

  • IT service providers: including cloud providers for data storage purposes;
  • External support service providers;
  • Public bodies if the appropriate statutory provisions exist (e.g. tax authorities and customs authorities) on the basis of Art. 6 para 1 c GDPR.

We only share your data with our personnel and with personnel of other companies of the sennder group if this is necessary for the purposes described above.

We may also share your data if we should enter into a joint venture, buy, sell or merge with another company. In such a case, your data may be shared with the target company, our new business partners or owners or their advisors.

d) Cookies

Cookies are small text files which are stored on a computer system via an Internet browser. The use of cookies enables us to provide users of the Online Services with more user-friendly services that would not be possible without the setting of cookies

Before we use analysis or tracking technologies in the context of which cookies are used or processed, we ask users for their consent, which can be revoked at any time. Before the consent has not been given, only those cookies will be used that are necessary for the operation of the Online Services. In the case of consent, the legal basis for the processing of personal data is Art. 6 para. 1 a GDPR.

e) Duration of storage

The duration of the data storage depends on the statutory storage obligations and is generally 10 years.

2.2 Processing of customer/ prospective customer data

a) Data concerned

Personal data provided for the execution of a contract and, if applicable, additional data for processing on the basis of your express consent (e.g. title, first name, surname, address, telephone number, fax number, e-mail address, position, job title, data regarding the contractual relationship, etc. (e.g. type of contract, product interest, bank data).

b) The purpose of processing and legal basis

We collect your data for contract initiation and contract execution (e.g. for offers, orders, sales and invoicing, quality assurance, product and service-related communication) as well as to provide, personalise, maintain and improve our products and Services. The legal basis for this is Art. 6 para. 1 lit. b and f DS-GVO.

c) Sharing your data

We will share your data with third parties who store your data on their servers. The types of third parties with whom we share your data include:

  • external service providers or other contractors (e.g. for data processing and hosting, for order processing and execution, for shipping, transport and logistics, feedback and survey providers, customer service and call centers;
  • other external bodies, provided that the data subject has given his or her consent or if transmission is permitted for reasons of overriding interest, e.g. for creditworthiness information, for the electronic transmission of information, for quality assurance purposes on the basis of Art. 6 Para. 1 letters a and f GDPR.
  • Public bodies if the appropriate statutory provisions exist (e.g. tax authorities and customs authorities) on the basis of Art. 6 para 1 c GDPR.

We only share your data with our personnel and with personnel of other companies of the sennder group if this is necessary for the purposes described above.

We may also share your data if we should enter into a joint venture, buy, sell or merge with another company. In such a case, your data may be shared with the target company, our new business partners or owners or their advisors.

d) Duration of storage

The duration of the data storage depends on the statutory storage obligations and is generally 10 years.

2.3 Processing of carrier data

a) Data concerned

We collect your data in various ways, such when you create a customer account with sennder via one of our internet portals or otherwise, when you use our Online-Services or other Services offered by us or if you execute transport orders for sennder. The following data may be collected:

Personal data provided for the execution of the contract as well as any additional data for processing on the basis of your express consent (e.g. title, first name, surname, address, telephone number, fax number, e-mail address, position, job title, data on the contractual relationship, etc. (e.g. type of contract, product interest, bank data), commercial register excerpt, transport license, insurance confirmation, registration number of your vehicles, transaction information in connection with the use of our Services, including type, scope and time of the Services requested and provided, billing data as well as data which you pass on to our customer support for the processing of a request.

b) GPS/ Location

Our services may require that we record the location data of vehicles before, during and after the execution of transports and pass this data on to our customers. This recording is done by GPS via telematics integration or via a mobile app. We only collect such data if the users have given us permission to do so via the authorization system used by the telematics system or mobile app. If you do not want us to collect data as described above, you must switch off the relevant systems. However, this may mean that you will not be able to carry out orders for us.

When using the mobile app, the location data is collected by sennder itself. If a telematics integration is used, the data is collected by third party providers who pass this data on to sennder. If you use websites, apps or other third-party data connections as part of our collaboration, these third parties may collect and process your data independently of sennder. We recommend that you read the data protection information of these third party providers to understand how your personal data is processed.

c) The purpose of processing and legal basis

We collect your data for contract initiation and contract execution (e.g. for offers, orders, sales and invoicing, quality assurance, product and service-related communication), to provide, personalise, maintain and improve our products and services and to provide you with news or information or to contact you for feedback on our Services. The legal basis for this is Art. 6 Para. 1 letters b and f DS-GVO.

We also use your data to track the status and location of the freight you are transporting and related data, e.g. to determine the time of arrival and departure of a vehicle at the loading or unloading points and to inform our customers about the status of a transport by providing appropriate GPS data. The legal basis for this is Art. 6 para. 1 lit. f DS-GVO.

d) Sharing your data

We will share your data with third parties who store your data on their servers. The types of third parties with whom we share your data include:

  • our customers and clients as well as other users or third parties who need or request this data in connection with our products and Services, such as operators of pick-up points or reception facilities;
  • external service providers or other contractors (e.g. for data processing and hosting, for order processing and execution, for shipping, transport and logistics, feedback and survey providers, telematic service providers and call centres);
  • other external bodies, provided that the data subject has given his or her consent or if transmission is permitted for reasons of overriding interest, e.g. for creditworthiness information, for the electronic transmission of information, for quality assurance purposes on the basis of Art. 6 Para. 1 letters a and f GDPR.
  • Public bodies if the appropriate statutory provisions exist (e.g. tax authorities and customs authorities) on the basis of Art. 6 para 1 c GDPR.

We only share your data with our personnel and with personnel of other companies of the sennder group if this is necessary for the purposes described above.

We may also share your data if we should enter into a joint venture, buy, sell or merge with another company. In such a case, your data may be shared with the target company, our new business partners or owners or their advisors.

e) Duration of storage

The duration of the data storage depends on the statutory storage obligations and is generally 10 years.

2.4 Processing of driver data

a) Data concerned

We collect your data when you carry out transport orders for us, your contractor or your employer. The following data may be collected:

Personal data provided by your contractor or employer for the execution of a contract as well as any additional data for processing on the basis of your express consent (e.g. title, first name, surname, telephone number, e-mail address, position, registration number of your vehicle, transaction information in connection with the execution of transports, including place and time of the Services requested and provided, as well as data which you share with our customer support for the processing of a request.

b) GPS/ Standort

Our services may require that we record the location data of vehicles before, during and after the execution of transports and pass this data on to our customers. This recording is done by GPS via telematics integration or via a mobile app. We only collect such data if the users have given us permission to do so via the authorization system used by the telematics system or mobile app. If you do not want us to collect data as described above, you must switch off the relevant systems. However, this may mean that you will not be able to carry out orders for us.

When using the mobile app, the location data is collected by sennder itself. If a telematics integration is used, the data is collected by third party providers who pass this data on to sennder. If you use websites, apps or other third-party data connections as part of our collaboration, these third parties may collect and process your data independently of sennder. We recommend that you read the data protection information of these third party providers to understand how your personal data is processed.

c) The purpose of processing and legal basis

We collect your data for contract contract execution with your contractor or employer as well as with our contractors and customers (e.g. quality assurance, product and service-related communication), to provide, personalise, maintain and improve our products and services and to contact you for feedback on our Services. The legal basis for this is Art. 6 Para. 1 lit. f GDPR.

We also use your data to track the status and location of the freight you are transporting and related data, e.g. to determine the time of arrival and departure of a vehicle at the loading or unloading points and to inform our customers about the status of a transport by providing appropriate GPS data. The legal basis for this is Art. 6 para. 1 lit. f DS-GVO.

d) Sharing your data

We will share your data with third parties who store your data on their servers. The types of third parties with whom we share your data include:

  • Your contractor or employer and our contractors and customers as well as other users or third parties who need or request this data in connection with our products and Services, such as operators of pick-up points or reception facilities;
  • external service providers or other contractors (e.g. for data processing and hosting, for order processing and execution, for shipping, transport and logistics, feedback and survey providers, telematic service providers and call centres);
  • other external bodies, provided that the data subject has given his or her consent or if transmission is permitted for reasons of overriding interest, e.g. for creditworthiness information, for the electronic transmission of information, for quality assurance purposes on the basis of Art. 6 Para. 1 letters a and f GDPR.
  • Public bodies if the appropriate statutory provisions exist (e.g. tax authorities and customs authorities) on the basis of Art. 6 para 1 c GDPR.

We only share your data with our personnel and with personnel of other companies of the sennder group if this is necessary for the purposes described above.

We may also share your data if we should enter into a joint venture, buy, sell or merge with another company. In such a case, your data may be shared with the target company, our new business partners or owners or their advisors.

e) Duration of storage

The duration of the data storage depends on the statutory storage obligations and is generally 10 years.

2.5 Processing of data in the application process

a) Data concerned

Personal data that you provide us with during the application process. This may include the following data: Personal details (name, address, contact details, date and place of birth and nationality), application documents (letter of application, curriculum vitae, references, certificates, etc.).

As part of the application process, you will have to provide us with the personal data that enables us to assess the possibility of entering into a working relationship with you or which we are legally obliged to collect. Without this data we will generally not be able to conclude a contract with you or process your application.

b) The purpose of processing and legal basis

Conducting the application process on the basis of Art. 6 para. 1 a and f GDPR.

c) Sharing your data

We will share your data with third parties who store your data on their servers. The types of third parties with whom we share your data include:

  • external service providers or other contractors (e.g. for data processing and hosting, for processing your application, recruitment agencies and recruitment software);
  • other external parties, provided the data subject has given his consent or if transmission is permitted for overriding reasons of interest, e.g. to obtain references or for quality assurance purposes;
  • Public bodies if the appropriate statutory provisions exist (e.g. tax authorities and customs authorities) on the basis of Art. 6 para 1 c GDPR.

We only share your data with our personnel and with personnel of other companies of the sennder group if this is necessary for the purposes described above.

We may also share your data if we should enter into a joint venture, buy, sell or merge with another company. In such a case, your data may be shared with the target company, our new business partners or owners or their advisors.

d) Duration of storage

Application data will normally be deleted within four to six months after notification of the decision, unless you have given consent for longer data storage in the context of inclusion your data in our applicant pool or if another legal basis is in place.

2.6 Processing of employee data

a) Data concerned

We process personal data that we receive from our employees and other similar data subjects as part of the working relationship. These personal data include in particular:

  • Your personal and contact details (e.g. name, address, contact details, date and place of birth and nationality);
  • family data (e.g. marital status and details of children);
  • information about your working permit (nationality, passport details, identity card details, national insurance number and details of residence or work permit);
  • Religious affiliation, gender, health data, trade union membership (where permitted by law);
  • Information on qualifications, data on staff development and staff evaluation (e.g. education, work experience, training, promotions, disciplinary measures);
  • Details of the employment relationship (e.g. date of entry, job title and description);
  • Payroll and tax relevant data (e.g. salary payment);
  • Information on working time (e.g. holidays, illness and data relating to business trips);
  • Information on your use of IT systems

as well as other data comparable with the above categories.

b) The purpose of processing and legal basis

Data will be processed for the purpose of establishing, carrying out and terminating of employment relationships or for the purpose of carrying out pre-contractual measures which are conducted on request. The legal basis for this type of processing is Art. 88 GDPR in conjunction with § 26 Sec. 1 FDPA (Federal Data Protection Act).

To the extent necessary, we process your data beyond the actual fulfilment of our contract where we have a legitimate interest in doing so. The legal basis for such processing activities is Art. 6 Sec. 1 f GDPR. Examples for such processing activities are:

  • Measures for personnel development planning;
  • Measures to protect employees and customers and to protect the property of the company;
  • Evaluation of workflows for work control and improvement of processes;
  • Publication of official contact details on the intranet;
  • Written records of appraisal interviews.

If you have given us your consent to process your personal data, we will process your data only accordance with and to the extent agreed in the declaration of consent. A given consent can be revoked at any time with effect for the future. The revocation of the consent does not affect the legality of the data processed until the revocation. The legal basis for processing on the basis of your consent is Art. 88 GDPR in conjunction with § 26 Sec. 2 FDPA.

As a company we are subject to various legal obligations (e.g. social security law, work safety regulations, tax laws). Processing on the basis of such legal requirements is done, among other things, to verify identity, to fulfil social security and tax law control, reporting or documentation obligations and to manage risks within the company. The legal basis for this is Art. 6 (1) lit. c GDPR.

Insofar as special categories of personal data are processed in accordance with Art. 9 Para. 1 GDPR, this serves the exercise of rights or the fulfilment of legal obligations arising from labour law, social security law and social protection (e.g. provision of health data to the health insurance funds, recording of severe disability due to additional leave and calculation of the severely disabled levy). Such processing is carried out on the basis of Art. 88 GDPR in conjunction with § 26, paragraph 3 FDPA.

c) Sharing your data

We will share your data with third parties who store your data on their servers. The types of third parties with whom we share your data include:

  • external service providers or other contractors (e.g. for data processing and hosting, payroll accounting, HR software providers, training providers);
  • other external parties, provided that the data subject has given his or her consent or transmission is permitted for reasons of overriding interest, e.g. to provide references and for quality assurance purposes on the basis of Art. 6 para. 1 lit. a and f GDPR.
  • Public bodies if the appropriate statutory provisions exist (e.g. tax authorities and customs authorities) on the basis of Art. 6 para 1 c GDPR.

We only share your data with our personnel and with personnel of other companies of the sennder group if this is necessary for the purposes described above.

We may also share your data if we should enter into a joint venture, buy, sell or merge with another company. In such a case, your data may be shared with the target company, our new business partners or owners or their advisors.

d) Duration of storage

The duration of the data storage depends on the statutory storage obligations and is generally 10 years.

2.7 Processing of supplier data

a) Data concerned

Data communicated for the execution of the contract as well as any additional data for processing on the basis of your express consent

b) The purpose of processing and legal basis

Contract execution, including enquiries, purchasing, quality assurance on the basis of Art. 6 (1) lit. a and f GDPR.

c) Sharing your data

We will share your data with third parties who store your data on their servers. The types of third parties with whom we share your data include:

  • External service providers or other contractors, e.g. for data processing and hosting, bookkeeping, payment processing;
  • Other external parties provided that the data subject has given his or her consent or transmission is permitted for reasons of overriding interest.
  • Public bodies if the appropriate statutory provisions exist (e.g. tax authorities and customs authorities) on the basis of Art. 6 para 1 c GDPR.

We only share your data with our personnel and with personnel of other companies of the sennder group if this is necessary for the purposes described above.

We may also share your data if we should enter into a joint venture, buy, sell or merge with another company. In such a case, your data may be shared with the target company, our new business partners or owners or their advisors.

d) Duration of storage

The duration of the data storage depends on the statutory storage obligations and is generally 10 years.

2.8 Conducting telephone/video conferences

a) Data concerned

Data provided for the use of telephone/video conference software (in particular first name, surname, e-mail address; optional: sound transmission; optional: image transmission; optional: questions when using chat functions); to the extent technically necessary, processing of data from your system to establish the connection with the provider of the conference software.

b) The purpose of processing and legal basis

Conducting telephone/video conferences; using the recorded telephone/video conferences for training and quality assurance purposes (only if prior consent has been given). The legal basis for this is Art. 6 para 1 lit. a and f GDPR.

c) Sharing your data

We will share your data with third parties who store your data on their servers. The types of third parties with whom we share your data include:

  • External service providers or other contractors, e.g. for data processing and hosting.
  • Other external parties, provided that the data subject has given his or her consent or if transmission is permitted for reasons of overriding interest.
  • Public bodies in the event of overriding legal provisions.

We only share your data with our personnel and with personnel of other companies of the sennder group if this is necessary for the purposes described above.

We may also share your data if we should enter into a joint venture, buy, sell or merge with another company. In such a case, your data may be shared with the target company, our new business partners or owners or their advisors.

d) Duration of storage

Video conferences will only be recorded with the prior documented consent of the participants. The technical data will be deleted if they are no longer required. The duration of data storage is otherwise governed by the statutory storage obligations and is generally 10 years.

2.9 Social Media

We maintain online presences within social networks and process user data in this context in order to communicate with the active users or offer information about us.

When you visit or interact with a profile on a social media platform, personal data about you may be processed. Also information associated with a social media profile regularly represent personal data. This also includes messages and statements made using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected, which may also represent personal data.

a) Data concerned

Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

b) The purpose of processing and legal basis

Contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors). The legal basis for this is Art. 6 (1) lit. f GDPR.

c) Sharing your Data

For a detailed presentation of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection policies and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we advise that these can most effectively be asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly.

We operate company websites on the following social media platforms:

3. INTERNATIONAL DATA TRANSMISSION

In some cases, the personal data collected from you may be processed outside the European Economic Area ("EEA"). These countries may not have the same level of data protection as the EEA. However, we are obliged to ensure that the personal data processed by us and our partners outside the EEA are protected in the same way as if they were processed within the EEA. Therefore, if your data is processed outside the EEA, there are certain safeguards in place. We ensure similar protection by ensuring that at least one of the following safeguards is in place:

  • Your personal data will be transferred to countries whose level of data protection is considered appropriate by the European Commission;
  • we use the standard contractual clauses approved by the EU.

4. SECURITY

a) We use strong technologies and policies to ensure that your personal data we hold is appropriately protected.

b) We take measures to protect your data from unauthorized access and unlawful processing, accidental loss, destruction and damage.

c) Unfortunately, the transmission of data over the internet is not completely secure. Although we take steps to protect your personal data, we cannot guarantee the security of the information you transmit to us; any transmission is at your own risk. Once we have received your information, we will apply strict procedures and security features to prevent unauthorized access.

5. YOUR RIGHTS

According to data protection legislation, you may have a number of rights regarding the data we hold about you. If you wish to exercise any of these rights, please contact us at the contact details set out above.

a) The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your data and what your rights are. For this reason, we provide you with the information in this privacy statement.

b) The right of access. You have the right to access your data (if we process it). This will enable you, for example, to check that we use your data in accordance with data protection law.

c) The right to rectification. You have the right to have your data corrected if it is inaccurate or incomplete. You may request that we rectify any errors in the data we hold.

d) The right to erasure. This "right to be forgotten" enables you to request the deletion or removal of certain data that we have stored about you. This right is not absolute and only applies in certain circumstances.

e) The right to restrict processing (blocking of data). You have the right to “block” or “restrict” the further use of your data. If processing is restricted, we may still store your data, but will not process it further.

f) The right to data portability. You have the right to obtain your personal data in an accessible and transferable format so that you can re-use it for your own purposes across different service providers. However, this is not an absolute right and there are exceptions.

g) The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with a competent data protection authority.

h) The right to withdraw consent. You have the right to withdraw any consent given to us (if we rely on the consent as a legal basis for the processing of certain data) at any time with effect for the future. The legality of the processing carried out on the basis of the consent prior to the withdrawal remains unaffected.

i) The right to object to processing. You have the right to object to the processing of personal data concerning you based on Art. 6 Sec. 1 e or f GDPR. This also applies, inter alia, to any direct marketing, analysis and tracking based on these provisions.

j) Automated decision in individual cases. You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or that might similarly significantly affect you. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and us;
  • is authorised by legislation of the Union or of the Member States and contains adequate measures to safeguard your rights and freedoms and your legitimate interests;
  • is based on your explicit consent.

sennder does not use any of the automatic decision making or profiling described above.

6. JOINT CONTROLLERS

sennder GmbH and its affiliated companies are jointly responsible for compliance with the provisions of the EU-GDPR. sennder GmbH has concluded appropriate agreements with its respective affiliated companies in accordance with Art. 26 of the EU-GDPR.

7. COMPLAINTS

If you should not be satisfied with our response to any complaint or believe our processing of your data does not comply with data protection legislation, you can make a complaint to:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin

Telephone: +49 30 13889-0

E-Mail: mailbox@datenschutz-berlin.de

sennder is headquartered in Berlin. You may also complain to another competent supervisory authority.