Orcas Privacy policy

for user of sennder’s Services

sennder GmbH (“we” or “sennder”) is committed to the protection of personal data. This Privacy Policy is addressed to all users of sennder’s worldwide services, including users of sennder's platforms, apps, websites, functions or other online services (“Services”), unless covered by a separate privacy policy. Users within the meaning of this Privacy Policy include in particular carriers, drivers, dispatchers and customers.

With this Privacy Policy we would like to inform you about the type, scope and purpose of the personal data we collect and process. Furthermore, this policy will inform you about your rights.

1. CONTACT DETAILS OF THE DATA CONTROLLER

“Controller” within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other provisions with a data protection nature is:

sennder GmbH
Genthiner Str. 34
10785 Berlin
Deutschland
Tel.: +49 (0) 30 2295 7438
E-Mail: info@sennder.com
Website: www.sennder.com

The data protection officer of sennder can be reached at the above-mentioned address, Attn. Data Protection Officer or at privacy@sennder.com.

2. INFORMATION THAT WE COLLECT ABOUT YOU

We collect your information in a variety of ways, such as when you create a customer account via the internet portal “Orcas” (“Portal”) or otherwise, if you use the Portal or the other Services offered or if you order or execute transport orders for sennder. More details about how your information is collected are listed below.

2.1. Access Data and Log Files

When accessing the Portal or any other of our online Services, a number of general data and information is collected with each access. This general data and information is stored in the log files of the server. The data collected could include the browser types and versions used, the operating system used by the accessing system, the date and time of access, an Internet protocol address (IP address), the Internet service provider of the accessing system and other similar data and information that serve the prevention of attacks on our information technology systems.

2.2. Registration

a) When you log on to the Portal or otherwise register for our Services, we might ask you for the following information: name, company or business name, contact details, registration number, names of authorized representatives.

b) After successful registration on the Portal we might ask you to submit further data and documents, e.g. current trade register excerpt, transport licence, insurance confirmation. We may request information from your insurance company regarding your operational insurance status, including past claims or other claims for insurance benefits, as well as coverage amounts and premium payments.

2.3. Transport orders, credit notes

a) We collect transaction information on the Portal and in connection with the use of our Services, including the nature, scope and timing of the Services requested and provided.

b) We record orders, transport orders executed as well as your remuneration and payment history. We also log any offers you submit to us for the execution of transport orders, any acceptance or rejection of such offers and any prioritisation that may exist for you.

c) In order to be able to settle transport orders, we ask you to provide us with financial and tax information (e.g. bank details, VAT ID) required for the creation of credit notes.

2.4. GPS/ location

a) Our Services require that we record the location data of vehicles during the execution of transports. This recording is done by GPS via telematics integration or via a mobile app. We only record such data if the users have given us permission to do so via the authorization system used by the telematics system or the mobile app.

b) When using the mobile app, the location data is collected by sennder itself. If a telematics integration is used, the data is collected by third party providers who pass this data on to sennder. When using the mobile app sennder also collects data regarding the end device used and the use of the application.

2.5. Customer support

If you interact with our customer support or telephone hotline, also if you report an incident, our team may collect and use information about you. Details about your communication with us will be stored. If you call the customer support or the telephone hotline, your calls can be recorded for internal training and improvement of our Services, provided you have given your consent to such recording.

2.6. Cookies

a) We use cookies to operate the Portal and our other online Services. Cookies are small text files which are stored on a computer system via an Internet browser. The use of cookies enables us to provide users of the Portal and our other online Services with more user-friendly services that would not be possible without the setting of cookies. We use the following technically necessary cookies:

Name: Google Tag Manager Provider: Google Inc. Purpose: Service to manage other cookies Privacy policy: https://support.google.com/tagmanager/answer/9323295?hl=en Name: FontAwesome Provider: Fonticons, Inc Purpose: Standardized display of fonts Privacy policy: https://fontawesome.com/privacy

b) Furthermore we use cookies or similar technologies to enable you to automatically log into the Portal or to our other online-Services, to determine your location (for the purposes set forth in this Policy) and to obtain technical information about your device that may affect the technical functionality, such as certain characteristics of and performance data about your device, the mobile application and operating system, including your device type, network connection type, IP address, app version, phone language, screen size and platform.

c) Cookies can also be used to evaluate user behaviour on the Portal or while using our other online Services (“Analysis”), or log the interests of a user or his behaviour (e.g. viewing certain content, use of functions, etc.) in a user profile. Such profiles are used, for example, to display content to users that corresponds to their potential interests. This procedure is also referred to as "Tracking", i.e. tracking the potential interests of users.

d) Before we use analysis or tracking technologies in the context of which cookies are used or processed, we ask users for their consent, which can be revoked at any time. Before the consent has not been given, only those cookies will be used that are necessary for the operation of the Portal and the Services offered. In the case of a consent, the legal basis for the processing of personal data is Art. 6 para. 1 a GDPR. We use the following Analysis or Tracking cookies:

Name: User defined Provider: Hotjar Purpose: Pseudonymous measurement of the use of our online services with A/B tests, web analysis, heat maps, clicktracking. Privacy Policy: https://help.hotjar.com/hc/en-us/articles/115011639887-Data-Safety-Privacy-Security

e) Irrespective of whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data using cookie technologies. This can be done by sending an email to sennder or by making a corresponding setting in the setting-sections of the Portal or the other Services.

2.7. Information about your services

a) We may receive information from our customers, other service providers or other members of the public about your services or any incidents in which you may have been involved.

b) We may collect information about you from the feedback you send us or provide to us.

c) If you use websites, apps or other data connections of third parties when providing services for us, including the use of telematics integration, these third parties may collect and process your data independently of sennder. We encourage you to read the privacy policies of these third parties to understand how your personal information is processed.

3. PURPOSE OF PROCESSING YOUR DATA

We use the information we collect to provide, personalize, maintain and improve our products and Services. This includes, in particular, the following processing operations:

3.1. Where we need to process your information for the fulfillment of a contract with you, or at your request before we enter into a contract, we use your information:

a) to deliver contents correctly, for deploying and managing your login to the Portal, your customer account, and the onboarding process;

b) To enable you to access and use the Portal, including the ability to initiate, conclude as well as execute and settle transportation orders and relationship agreements;

c) to communicate with you about operational information related to our Services;

d) so that customer support and the telephone hotline can communicate with you to assist you with your orders or services.

3.2. As part of our contractual relationship, you have to provide the personal data that is required for the initiation, execution and termination of the contract and for the fulfilment of the associated contractual obligations or if we are legally obliged to collect such data. Without this data, we will generally not be able to conclude or execute a contract with you.

3.3. The legal basis for the processing activities described in sections 3.1 and 3.2 above is Art. 6 Sec. 1 b GDPR.

3.4. We also process your data where we have a legitimate interest in doing so. We have listed these reasons below:

a) Communication

i) to help you complete your registration and the onboarding process;

ii) to contact you for feedback on our Services;

iii) to inform you about available transfer orders or free capacities;

iv) to send you news and information related to the Services of sennder.

b) Onboarding and Operations

i) to check the permits, licenses and insurances required for your services for sennder as well as to check and store these documents;

ii) to ensure that you comply with the law and our internal policies when providing services for sennder, to protect our reputation and reduce our legal risks;

iii) to make the most efficient decisions when submitting offers for transportation orders based on factors such as your location and previous services for us and to determine your internal priority level of access to orders;

iv) to enable our partner or account management, technical and support teams to efficiently and effectively assist you with any problems, inquiries or complaints, including troubleshooting or other technical problems with the Portal;

v) to track the status and location of the load you are carrying and related data, e.g. to determine the time of arrival and departure of a vehicle at the loading and unloading points and to inform our customers of the status of a shipment by providing appropriate GPS data.

c) To develop our business, systems and Services

i) to ensure and improve the efficiency of our Services, for example to understand from your data as well as the data of other customers or carriers, what causes inefficient transports or damage, and use this data to design, develop and test new tools and processes to improve our business, systems and Services;

ii) to train our algorithms to provide the most effective and accurate results;

iii) to interact with you to improve the efficiency of our business operations based on the analysis of our past collaboration;

iv) to monitor and improve customer support responses and processes.

d) Security and protection

i) for the exercise or defence of legal claims and to exercise and protect the rights of sennder, carriers, customers or others, including determining a possible own liability;

ii) to enforce the terms of agreements we have entered with you and to keep logs of such enforcement, including using your data to analyse whether there is any breach of the terms of our agreements, to investigate any complaints or incidents and to prevent fraud or misuse of our systems and Services.

3.5. The legal basis for the processing activities described in Section 3.4 is Art. 6 Sec. 1 f GDPR.

3.6. If we base the processing of your personal data on our legitimate interest, we will conduct a careful assessment to ensure that our data processing is necessary and that your fundamental rights to privacy are not outweighed by our legitimate interests in data processing.

3.7. Where we are under a legal obligation to do so we may use your information:

a) to keep records of payments made and received;

b) to comply with our legal obligation to cooperate only with contract partners that are permitted to provide services in the contract territory;

c) to comply with our legal obligation to cooperate only with contractors who have duly registered their business; and

d) to comply with any other legal obligation or regulatory requirements to which we are subject.

3.8. The legal basis for the processing activities described in Section 3.7 is Art. 6 Sec. 1 c GDPR.

4. LEGAL BASIS FOR DATA PROCESSING

The data collected about you will only be processed by us if there is a reason for doing so and if this is permissible under data protection legislation. We have a legal basis for the processing of your data, if:

a) we have your consent (Art. 6 Sec. 1 a GDPR);

b) we need to process your data for the performance of a contract with you, or at your request before we enter into a contract (Art. 6 Sec. 1 b GDPR);

c) we are under a legal obligation to do so (Art. 6 Sec. 1. c GDPR);

d) it is in the public interest for us to process your data (Art. 6 Sec. 1 e GDPR) and/or

e) we have a legitimate interest in processing your data (Art. 6 Abs. 1 f GDPR).

5. MARKETING

5.1. If you have given us your express consent or if we have a legitimate interest in (and are legally entitled to do so), we will inform you by e-mail about products and Services from sennder and/or third parties and about news and developments in the logistics industry. The legal basis for these uses would be Art. 6 Sec. 1 a or Art. 6 para. 1 f GDPR.

5.2. Regardless of whether the sending of such e-mails is based on your consent or legal permission, you have the possibility at any time to object to the further receipt of such e-mails.

6. SHARING YOUR DATA

6.1. Sharing your data internally: We only share your data with our personnel and with personnel of other companies of the sennder group if this is necessary for the purposes mentioned in Section 3.

6.2. Sharing your data with third parties: We will share your data with third parties who store your data on their servers. The types of third party service providers with whom we share your data include, but are not limited to

a) IT service providers: including cloud, software, analytics, communications and data storage providers;

b) Operational service providers: including feedback and survey providers, verification and onboarding providers, our support service providers, payment providers, user research partners, professional advisors, financial services providers and other suppliers, business partners, contractors and subcontractors.

c) Customers, other users and third parties: With customers, other users or third parties who need or request this data in connection with sennder's products and Services, e.g. operators of loading or unloading sites;

d) Third party products and services: If you choose to purchase or participate in third party products or services (e.g. insurance, fuel cards), we will share your information with the respective provider so that the provider can provide the products or services to you. We may also need to share your information with our insurers to determine whether we are liable for an incident in which you were involved while you were providing services to us. We may also need to share your information with our insurers to determine whether we are liable for an incident in which you were involved while you were providing your services to us. In addition, sennder may share your insurance information with individuals who are able to analyze and evaluate your existing or required insurance coverage and who may provide you directly or via third parties with alternative or complementary insurance offerings;

e) Anyone who recommends you as a transport company: Anyone who recommends you as a transport company will be informed of the progress made with regard to the recommendation fee, for example, if you have accepted and executed a number of transport orders that are required to receive the fee or if the recommendation was not successful.

6.3. Under certain circumstances we may also share your data:

a) If our company enters into a joint venture with another company, buys it, sells it to another company or merges it with another company, your information may be shared with the target company, our new business partners or owners, or their advisors;

b) if we are required to disclose or share your information in order to comply with a legal obligation or governmental request (and/or if we believe that we are required to do so). This also applies, if we are required by law to respond to police data requests or to share data with other companies and organizations for fraud protection purposes;

c) if, for reasonable reasons, we assume that you or any other person has suffered or is threatened with loss or damage in connection with your transport services for sennder;

d) for the enforcement of our contractual conditions;

e) in the event of any dispute in connection with your services for sennder or to protect the rights of sennder, its customers or third parties, including to prevent fraud; and

f) to such third parties that we reasonably consider necessary to fight crime, e.g. the police.

6.4. International data transmission: In some cases, the personal data collected from you may be processed outside the European Economic Area ("EEA"). These countries may not have the same level of data protection as the EEA. However, we are obliged to ensure that the personal data processed by us and our partners outside the EEA are protected in the same way as if they were processed within the EEA. Therefore, if your data is processed outside the EEA, there are certain safeguards in place. We ensure similar protection by ensuring that at least one of the following safeguards is in place:

● Your personal data will be transferred to countries whose level of data protection is considered appropriate by the European Commission;

● we use the standard contractual clauses approved by the EU;

● if your personal data is transferred to third parties based in the USA, data may be transferred to these third parties if they are registered under the Privacy Shield.

7. STORAGE AND DELETION OF DATA

7.1. We will not retain your data for any longer than necessary.

7.2. Data that we collect will be retained for as long as necessary to fulfil the purposes set out in Section 3 above, in accordance with our legitimate interests or for a period specifically required by applicable regulations or laws, such as the retention of data for regular reporting purposes.

7.3. When determining the relevant retention periods, we take the following factors into account, among others:

a) our contractual obligations and rights in relation to the data concerned;

b) legal obligation(s) under applicable law to retain data for a specific period of time;

c) the statute of limitations under applicable law;

d) our legitimate interests, if we have carried out a careful assessment (see Section 3 above);

e) (potential) disputes; and

f) Guidelines of the competent data protection authorities.

7.4. If we no longer need your data for the purposes described, we will delete your data securely.

8. SECURITY

8.1. We use strong technologies and policies to ensure that your personal data we hold is appropriately protected.

8.2. We take measures to protect your data from unauthorized access and unlawful processing, accidental loss, destruction and damage.

8.3. Do not disclose the password you have chosen for the Portal to anyone other than any personnel you are working with. In this case, make sure that this personnel knows that they are also aware that they must keep it confidential and secure and not share with any third parties.

8.4. Unfortunately, the transmission of data over the internet is not completely secure. Although we take steps to protect your personal data, we cannot guarantee the security of the information you transmit to us; any transmission is at your own risk. Once we have received your information, we will apply strict procedures and security features to prevent unauthorized access.

9. YOUR RIGHTS

According to data protection legislation, you may have a number of rights regarding the data we hold about you. If you wish to exercise any of these rights, please contact us at the contact details set out above.

a) The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your data and what your rights are. For this reason, we provide you with the information in this privacy statement.

b) The right of access. You have the right to access your data (if we process it). This will enable you, for example, to check that we use your data in accordance with data protection law.

c) The right to rectification. You have the right to have your data corrected if it is inaccurate or incomplete. You may request that we rectify any errors in the data we hold.

d) The right to erasure. This "right to be forgotten" enables you to request the deletion or removal of certain data that we have stored about you. This right is not absolute and only applies in certain circumstances.

e) The right to restrict processing (blocking of data). You have the right to “block” or “restrict” the further use of your data. If processing is restricted, we may still store your data, but will not process it further.

f) The right to data portability. You have the right to obtain your personal data in an accessible and transferable format so that you can re-use it for your own purposes across different service providers. However, this is not an absolute right and there are exceptions.

g) The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with a competent data protection authority.

h) The right to withdraw consent. You have the right to withdraw any consent given to us (if we rely on the consent as a legal basis for the processing of certain data) at any time with effect for the future. The legality of the processing carried out on the basis of the consent prior to the withdrawal remains unaffected.

i) The right to object to processing. You have the right to object to the processing of personal data concerning you based on Art. 6 Sec. 1 e or f GDPR. This also applies, inter alia, to any direct marketing, analysis and tracking based on these provisions.

j) Automated decision in individual cases. You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or that might similarly significantly affect you. This does not apply if the decision

● is necessary for the conclusion or performance of a contract between you and us;

● is authorised by legislation of the Union or of the Member States and contains adequate measures to safeguard your rights and freedoms and your legitimate interests;

● is based on your explicit consent.

10. CHANGES TO THIS PRIVACY STATEMENT

We will inform you of any changes to our Privacy Policy through e-mail notification to the e-mail address stored on the Portal.

This privacy policy was last updated in December 2019.

11. COMPLAINTS

If you should not be satisfied with our response to any complaint or believe our processing of your data does not comply with data protection legislation, you can make a complaint to:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin

Telefonnummer: +49 30 13889-0

E-Mail: mailbox@datenschutz-berlin.de

sennder is headquartered in Berlin. You may also complain to another competent supervisory authority.