Privacy Statement

shipcloud GmbH

This privacy policy provides you with information about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). shipcloud GmbH (hereinafter referred to as “we” or “us”) is responsible for processing your personal data as the Data Controller.

We also inform you in detail about

I. General Information
II. Data Processing On Our Website
III. Data Processing On Our Social Media Pages
IV. Other Data Processing
V. Data Processing On Our Platform

In case of differences between the German and English version or in other cases of doubt, the German version shall be valid.

I. General Information

1. Contact

If you have any questions or suggestions about the information contained in this Data Protection Policy or would like to contact us to assert your rights, please submit your enquiry or request to

shipcloud GmbH
Heinz-Fangman-Straße 2-4, Haus 4, 42287 Wuppertal
Tel. 040 605906630
Email: info@shipcloud.io

2. Legal basis

Under data protection law, the term “personal data” refers to any information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. We only process data if we have been granted permission to do so by law. We process personal data only with your consent (Section 25.1 TTDSG of the German Telemedia Act and Article 6.1.a of the GDPR), for the performance of a contract to which you are a party or at your request to take steps prior to entering into a contract (Article 6.1.b of the GDPR), to fulfil a legal obligation (Article 6.1.c of the GDPR) or if the processing is necessary for the pursuit of our legitimate interests or the legitimate interests of a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Article 6.1.f of the GDPR).

If you apply for a vacant position within our company, we also process your personal data for the purpose of deciding whether to establish an employment relationship with you (Section 26.1, sentence 1 of the BDSG).

3. Duration of storage

Unless otherwise stated in the information below, we store the data only as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations. Such statutory retention requirements may arise in particular from commercial or tax regulations. From the end of the calendar year in which the data were collected, we shall retain personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we shall retain data in connection with the demonstration of consent and with complaints and claims for the duration of the statutory limitation periods. We shall erase data stored for marketing purposes if you object to processing for this purpose.

4. Categories of the recipients of personal data

We use contract data processors to process your personal data. Processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures and file and data carrier destruction. A contract data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Data Controller. Contract data processors do not use the data for their own purposes, but perform data processing exclusively for the Data Controller and are contractually obliged to ensure appropriate technical and organisational data protection measures are in place. In addition, we may transfer your personal data to bodies such as postal and delivery services, our bank, our tax advisor/auditor, and the tax authorities. Transmission to an appropriate health department may be carried out for infection tracking purposes. Other recipients may result from the following.

5. Data transfer to third countries

Visiting our website may involve transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. In the absence of such an adequacy decision by the European Commission, a transfer of personal data to a third country shall only take place if appropriate safeguards are in place pursuant to Article 46 of the GDPR or if one of the conditions of Article 49 of the GDPR is met.

Unless stated otherwise below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards. You have the right to request a copy of these EU standard data protection clauses or to review them. If you wish to do so, please contact us at the address given in the contact section.

If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Article 49.1.a of the GDPR.

6. Processing when you exercise your rights

If you exercise your rights under Articles 15 to 22 of the GDPR, we process the personal data provided for the purpose of implementing those rights and to demonstrate that we have done so. We shall process data stored for the purpose of providing information and preparing it only for that purpose and for data protection control purposes, and otherwise restrict processing in accordance with Article 18 of the GDPR.

This processing takes place on the legal basis of Article 6.1.c of the GDPR in conjunction with Articles 15 to 22 of the GDPR and Section 34.2 of the BDSG.

7. Your rights

As a data subject, you have the right to exercise your rights as a data subject under data protection law. In particular, you have the following rights:

  • In accordance with Article 15 of the GDPR and Section 34 of the BDSG, you have the right to request information about whether and, if so, to what extent, we process personal data relating to you.
  • You have the right to demand that we rectify your data in accordance with Article 16 of the GDPR.
  • You have the right to demand that we erase your personal data in accordance with Article 17 of the GDPR and Section 35 of the BDSG.
  • You have the right to have the processing of your personal data restricted in accordance with Article 18 of the GDPR.
  • You have the right, in accordance with Article 20 of the GDPR, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer the data to another controller.
  • If you have given us separate consent to data processing, you may revoke that consent at any time in accordance with Article 7.3 of the GDPR. Such revocation shall not affect the lawfulness of the processing that took place on the basis of your consent prior to your revocation.
  • If you believe that processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR.

Please send your questions, objections and requests for information, rectification, restriction of processing, or erasure to privacy@shipcloud.io.

8. Right to object

In accordance with Article 21.1 of the GDPR, you have the right to object to processing on the legal basis of Article 6.1.e or Article 6.1.f of the GDPR on grounds relating to your particular situation. Where your personal data is processed for purposes of direct marketing, you may object to this processing as set out in Article 21.2 and Article 21.3 of the GDPR.

9. Data Protection Officer

You can contact our data protection officer using the following contact information:

Email: dsb@shipcloud.io
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de

II. Data Processing On Our Website

When you use our website, we collect information that you provide. We also automatically collect specific information about how you use our website. Under data protection law, IP addresses are also considered to be items of personal data. Internet Service Providers (ISPs) assign IP addresses to every internet-connected so that they can send and receive data.

1. Processing of server logfiles

If you use our website purely for information purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). These include as standard: browser type/version, operating system used, page visited, the previously visited page (referrer URL), IP address, the date and time of the server request, and the HTTP status code.

Processing is carried out to pursue our legitimate interests and is on the legal basis of Article 6.1.f of the GDPR. The purpose of this processing is the technical management and security of our website. The stored data are deleted after ten days unless there is a justified suspicion of unlawful use based on specific evidence that requires further examination and processing of the data. We are not able to identify you as a data subject from the data we store. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11.2 of the GDPR unless, in order to exercise your rights as set out in those articles, you provide additional information that enables your identification.

2. Contact forms

Our website includes contact forms through which you can send us messages. Your data is encrypted for transfer (recognizable by the “https” in the address bar of the browser). All data fields marked as mandatory are necessary for us to process your request. Failure to provide this information will mean that we are unable to process your request. The provision of additional data to this is voluntary. Alternatively, you can send us a message via the contact email. We process the data for the purpose of responding to your inquiry.

If your inquiry relates to the conclusion or performance of a contract with us, Article 6.1.b of the GDPR is the legal basis for the data processing. In all other cases, we process your personal data based on our legitimate interest in responding to website users who submit inquiries. The legal basis for this data processing is Article 6.1.f of the GDPR.

3. Job applications

You can apply for vacant positions within our company via the “Jobs” section of our website. If you use this function of our website, we collect the personal data you supply, including in particular your name, CV, letter of application and other content you provided in support of your application. In order to screen applications, we use the service provider softgarden, softgarden e-recruiting GmbH (Germany), which is solely bound by our instructions and complies with the legal requirements for order processing.

When you submit an application, we will only process your personal data for purposes related to your interest in current or future employment with our company and to process your application. Your application will only be processed and reviewed by the relevant contacts at our company.

All employees entrusted with processing your application and personal data are obligated to maintain the strictest confidentiality in relation to your data. If we are unable to offer you employment, we will retain the data you have supplied for up to six months after the end of the application process for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to a longer storage period.

The legal basis for collecting your personal data is Section 26.1.1 of the BDSG.

If we retain your application data for longer than six months based on your express consent, we would like to point out that you may revoke your consent at any time in accordance with Article 7.3 of the GDPR. If you do revoke your consent, this does not have any impact on the lawfulness of the processing that was carried out prior to the revocation.

4. Newsletter

Via our website, we offer you the option of registering for our newsletter. Once you are registered, we will send you regular updates about our company’s latest news and offers. In order to register for our newsletter, you will need to provide a valid email address. We will then send you a registration verification email, which asks you to confirm your registration by clicking a link in the email (double opt-in). If you subscribe to the newsletter via our website, we process personal data such as your email address, your title, your name, your company and your language preferences based on the consent you have given. These data are not transferred to third parties. The legal basis for this processing is provided by Article 6.1.a of the GDPR. You can revoke your consent at any time with effect for the future, for example by using the “Unsubscribe” link in the newsletter, or by contacting us via the above channels. The legality of the data processing operations already carried out remains unaffected by your subsequent revocation.

When you register for our newsletter, we will also save your IP address and the date and time of your registration. The processing of these data is necessary to be able to prove that you have granted your consent. The legal basis for this processing results from our legal obligations to document your consent (Article 6.1.c of the GDPR in conjunction with Article 7.1 of the GDPR).

We also analyse the reading behaviour and opening rates of our newsletter. For this purpose, we collect and process usage data, which we merge with your email address or your IP address. The legal basis for this analysis is Article 6.1.f of the GDPR as the processing serves our legitimate interest in optimising our newsletter. You can object to this at any time by contacting us via one of the above channels.

To manage subscriptions, dispatch our newsletter and handle analysis, we employ the Sendinblue service from Sendinblue GmbH (Germany). For these purposes, your email address will be transmitted by us to the service provider. If you do not want your data to be processed by Sendinblue GmbH, you should not subscribe to our newsletter or, if you have already registered for our newsletter, you should cancel your subscription.

5. Cookies

We use cookies and similar technologies (“cookies”) on our website. Cookies are small text files that are stored by your browser when you visit a website. Cookies allow your browser to be identified and recognised by web servers. You have full control over the use of cookies through your browser. You can delete the cookies at any time by means of your browser’s security settings. You can object to the use of cookies through your browser settings, generally or only in certain cases.

The use of cookies is partly necessary for the technical operation of our website and is thus permissible without the consent of the user. We may also use cookies to provide special functions and content and for analytics and marketing purposes. These may also include cookies from third-party providers (third-party cookies). We only use such technically unnecessary cookies with your consent, pursuant to Section 25 of the TTDSG and/or Article 6.1.a of the GDPR. Information about the purposes, providers, technologies used, data stored and the storage period of individual cookies can be found in the settings of our Consent Management Tool.

6. Consent Management Tool

This website uses the consent management tool Consentmanager, provided by consentmanager AB (Sweden), to manage cookies and the processing of personal data.

The consent banner allows users of our website to give consent to certain data processing operations or to withdraw consent that they have already given. By clicking on the “Allow cookies” button, you give us your consent to process the selected cookie categories.
The legal basis is your consent pursuant to Article 6.1.a of the GDPR.

In addition, the consent banner helps us to provide evidence of your declaration of consent. For this purpose, we process data and additional log data related to your declaration of consent. Cookies are also used to collect these data. The processing of these data is necessary in order to be able to prove that consent has been both sought and given. The legal basis results from our legal obligation to document your consent (Article 6.1.c of the GDPR in conjunction with Article 7.1 of the GDPR).

You can revoke your consent for cookies here:
https://www.shipcloud.com/?cmpscreencustom

7. Google Analytics

Our website uses the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU).

Google Analytics is a web analytics service that allows us to collect and analyse data about the behaviour of visitors to our website. Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.

Some of this data is information that is stored on the end device that you are using. Other information is also stored on your end device via the cookies used. Such storage of information by Google Analytics and access to information already stored on your end device takes place only with your consent.

Google Ireland processes the data collected in this way on our behalf to evaluate the use of our website by users, compile reports on the activities on our website and provide us with other services related to the use of our website and the internet. Pseudonymous user profiles can be created from the processed data.

Cookies are set and further processing of personal data is carried out as described here with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Article 6.1.a of the GDPR. You can withdraw this consent at any time with immediate effect.

The personal data processed on our behalf to enable Google Analytics may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. Please refer to the section on “Data transfer to third countries”.

We use Google Analytics only with IP anonymization enabled. This means that Google will abbreviate the IP address of users within member states of the European Union or in other states party to the Agreement on the European Economic Area. The IP address transmitted by a user’s browser will not be merged with other Google data. For more information on the use of data for advertising purposes, please see Google’s privacy policy at: www.google.com/policies/technologies/ads/.

We use Google Analytics 4 to process data, which allows us to track interaction data from different devices and from different sessions. In turn, this enables us to put individual user actions into context and to analyse long-term use of the website. Data concerning user activity is stored for a period of 14 months and then automatically deleted. All other event data are stored for two months and then automatically deleted. The deletion process takes place once a month for all data whose storage period has expired.

We also use the Google Analytics advertising functions (remarketing). This feature, in conjunction with Google’s cross-device functions, allows us to display ads in a more targeted way and present users with ads that are tailored to their interests. Via remarketing, users are shown ads and products for which interest has been identified on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads or Google AdSense. In this way, interest-based, personalized advertising that has been adapted to a user depending on their previous usage and surfing behaviour on one end device (e.g. a cell phone) can also be displayed on another end device of the user (e.g. a tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising can be delivered to every end device on which you log in with your Google account. The aggregation of the collected data in your Google account is based solely on your consent, which you can give to or withdraw from Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects users’ Google-authenticated IDs, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device advertising.

8. Google Ads

We use the online advertising program Google Ads of Google Ireland Limited (Ireland/EU), through which we place advertisements on the Google search engine. If you access our website via a Google ad, Google sets a cookie on your end device (“conversion cookie”). A different conversion cookie is assigned to each Google Ads customer, so that the cookies cannot be tracked across the websites of different Ads customers. The information obtained with the help of the cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our Google ads. However, we do not receive any information that identifies users in person.

Processing takes place only with your consent in accordance with Article 6.1.a of the GDPR.

Cookies are set with your consent, which you can revoke at any time with immediate effect via the Consent Management Tool. With regards to Google Ads, we cannot rule out a transfer of your data to the USA. Please note the information in the section “Data transfer to third countries”. Further information on Google’s data protection policies can be obtained at https://policies.google.com/privacy#infocollect.

9. Meta Pixel

On our website we use the Meta Pixel, a business tool from Meta Platforms Ireland Limited (Ireland, EU). For Meta Platforms Ireland Limited contact details and the contact details for Meta Platforms Ireland Limited data protection officer, please see Meta Platforms Ireland Limited privacy policy at https://www.facebook.com/about/privacy.

The Meta Pixel is a snippet of JavaScript code that allows us to track visitors’ activity on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) for this purpose:

  • Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
  • Specific pixel information such as the pixel ID and the Facebook cookie;
  • Information about buttons clicked on by visitors to the website;
  • Information present in the HTTP header, such as IP addresses, web browser information, page location, and referrer; and
  • Information about the status of disabling/restricting ad tracking.

Some of these event data are information that is stored on the end device you are using. In addition, cookies are also used via the Meta Pixel through which information is stored on the end device you are using. Such storage of information by the Meta Pixel and access to information already stored on your end device will only occur with your consent in accordance with Section 25.1 of the TTDSG.

Event data collected through the Meta Pixel are used to target our ads and improve ad delivery, personalize features and content, and improve and secure Meta products such as the social media platforms Facebook and Instagram, to personalise functions and content and to improve and secure Meta products. Event data are collected on our website by means of the Meta Pixel and transmitted to Meta Platforms Ireland Limited for these purposes. This collection and transmission of event data are carried out by us and Meta Platforms Ireland Limited as joint controllers. We have entered into a joint controller agreement with Meta Platforms Ireland Limited, which sets out the allocation of data protection obligations between us and Meta Platforms Ireland Limited. In this agreement, we and Meta Platforms Ireland Limited have agreed, among other things,

  • that we are responsible for providing you with all information according to Articles 13 and 14 of the GDPR about the joint processing of personal data;
  • that Meta Platforms Ireland Limited is responsible for facilitating the rights of data subjects under Articles 15 to 20 of the GDPR with respect to personal data stored by Meta Platforms Ireland Limited after joint processing.

You can access the agreement concluded between us and Meta Platforms Ireland Limited at https://www.facebook.com/legal/controller_addendum.

Meta Platforms Ireland Limited is solely responsible for subsequent processing of the transmitted event data. For more information about how Meta Platforms Ireland Limited processes personal data, including the legal basis on which Meta Platforms Ireland Limited relies and how you can exercise your rights in respect of Meta Platforms Ireland Limited, please see Meta Platforms Ireland Limited’s privacy policy at https://www.facebook.com/about/privacy.

We have also engaged Meta Platforms Ireland Limited to prepare reports on the impact of our advertising campaigns and other online content based on the event data collected through the Facebook Pixel (campaign reports) and to provide analytics and insights about users and their use of our website, products and services (analytics). For this purpose, we transmit personal data contained in the event data to Meta Platforms Ireland Limited. The personal data submitted are processed by Meta Platforms Ireland Limited as our commissioned data processor to provide us with campaign reports and analytics.

The collection and transfer of personal data by us to Meta Platforms Ireland Ltd. and the commissioned processing of personal data by Meta Platforms Ireland Ltd. for the creation of analyses and campaign reports will only take place if you have given your prior consent to this. The legal basis for the processing of personal data is therefore Article 6.1.a of the GDPR.

The data processed on our behalf is transferred to Meta Platforms, Inc. in the USA by Meta Platforms Ireland Ltd. Meta Platforms Ireland Ltd. transfers the data to Meta Platforms, Inc. on the basis of standard processor-to-processor contractual clauses, but reserves the right to use an alternative transfer method recognised by the GDPR and other applicable data protection laws in the European Economic Area, the United Kingdom and Switzerland.

10. Microsoft Advertising

Our website uses the Microsoft Advertising (formerly Bing Ads) service provided by Microsoft Ireland Operations Limited (Ireland, EU). Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted advertisements via the search engines Microsoft Bing, Yahoo, Aol, other search partners (e.g. Ecosia, DuckDuckGo) and the Microsoft Audience Network. Microsoft Advertising uses cookies for this purpose.

Microsoft Advertising collects data via UET that allows us to track target groups thanks to remarketing lists. For this purpose, a cookie is stored on the end device. Microsoft Advertising can thus recognise that our website has been visited and play an advertisement when the above-mentioned services are used at a later date.

The information is also used to create conversion statistics, i.e. to record how many users have reached our website after clicking on an advertisement. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information that personally identifies users.

Processing takes place only with your consent in accordance with Article 6.1.a of the GDPR.

Cookies are set with your consent, which you can revoke at any time with immediate effect via the Consent Management Tool. With regards to Google Ads, we cannot rule out a transfer of your data to the USA. Please note the information in the section “Data transfer to third countries”. Further information Microsoft’s data protection policies can be obtained at https://privacy.microsoft.com/de-de/privacystatement.

11. LinkedIn Insight Tag

Our website uses the LinkedIn Insight tag, a marketing service provided by LinkedIn Ireland Unlimited Company (Ireland/EU). For information on LinkedIn Ireland’s contact details and the contact details of LinkedIn Ireland’s Data Protection Officer, please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.

The LinkedIn Insight tag is a snippet of JavaScript code that is triggered by LinkedIn when you visit our website and stores a cookie on the device you are using. Storage of data by the LinkedIn Insight tag and/or access to information already stored on the device you are using, as well as further processing of your personal data in connection with the LinkedIn Insight tag, will only take place with your consent. The legal basis for the collection and transmission of personal data by us to LinkedIn Ireland is therefore Article 6.1.a of the GDPR.

The LinkedIn Insight tag allows us to perform various functions, which we describe in detail below.

LinkedIn conversion tracking is an analytics function powered by the LinkedIn Insight tag. The LinkedIn Insight tag allows us to collect data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. IP addresses are truncated or hashed (if used to reach members across devices). LinkedIn does not provide us with any personally identifiable information, but only provides reports (in which you are not identified) about site audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes.

Members’ direct identifiers are removed by LinkedIn within seven days to pseudonymize the data. LinkedIn then erases this remaining pseudonymized data within 180 days.

This processing is carried out for the purpose of obtaining information about our website audience and to generate reports on the effectiveness of LinkedIn campaigns.

We also use LinkedIn Matched Audiences to target our advertising campaigns to specific audiences. LinkedIn Matched Audiences and related data integrations allow us to target advertising to specific audiences based on data we provide to LinkedIn (e.g. company lists, hashed contact information, device identifiers and event data such as websites visited).

This processing is carried out for the purpose of marketing our services via targeted display of advertising.

We have entered into a joint controller agreement with LinkedIn, which sets out the allocation of data protection obligations between us and LinkedIn. You can view this agreement at: https://legal.linkedin.com/pages-joint-controller-addendum.

Please note that according to the LinkedIn Privacy Policy, personal data are also processed by LinkedIn in the USA and/or other third countries. LinkedIn only transfers personal data to countries for which the European Commission has issued an adequacy decision in accordance with Article 45 of the GDPR or on the basis of appropriate guarantees in accordance with Article 46 of the GDPR.

12. Heap

Our website uses the Heap service from Heap, Inc. (USA) to analyse user behaviour on our website. This includes information such as page views, user actions such as clicks and interactions with controls, browser details and IP addresses.
Processing takes place only with your consent in accordance with Article 6.1.a of the GDPR.
Cookies are set on the device you are using to integrate the service. Cookies are set with your consent, which you can revoke at any time with immediate effect via our Consent Management Tool. When using the service, we cannot rule out that your personal data will not be transferred to the USA. Please note the information in the section “Data transfer to third countries”. Further information on data protection at Heap is available in Heap’s Privacy Policy at https://heap.io/privacy.

13. YouTube

We use the YouTube service of Google Ireland Limited (Ireland/EU) on our website to integrate videos. The processing of your IP address is technically necessary to enable this integration so that the content can be sent to your browser. Your IP address is therefore transmitted to Google, and Google may set its own cookies. We use YouTube in “privacy-enhanced mode” so that no cookies are set by YouTube to analyse user behaviour.
The processing of your data in this way is based on your consent according to Article 6.1.a of the GDPR.
Your consent is managed via our Consent Management and can be revoked at any time.
When using the service, we cannot rule out that your personal data will not be transferred to the USA. Please note the information in the section “Data transfer to third countries”. For more information on data protection at Google, please refer to Google’s privacy policy at https://www.google.com/policies/privacy.

14. Amazon Cloudfront

We have integrated Amazon Cloudfront into our website as a content delivery network (CDN) for displaying content. This CDN processes your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Amazon. You can object to this data processing at any time via your browser’s settings or certain browser extensions. Please note that this may restrict the functionality of our website.

When using the service, we cannot rule out that your personal data will not be transferred to the USA. Please note the information in the section “Data transfer to third countries”.

III. Data Processing On Our Social Media Pages

We have company pages on several social media platforms. These allow us to provide further information about our company and create additional opportunities for users to interact with us. Our company has pages on the following social media platforms:

  • Facebook
  • Instagram
  • LinkedIn

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile usually constitutes personal data. This also covers messages and posts made using the profile. When you visit to a social media profile, certain information is often collected automatically, which may also constitute personal data.

1. Visiting a social media page

a) Facebook and Instagram
When you visit our Facebook or Instagram page through which we present our company and individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Meta Platforms Ireland Limited (Ireland/EU – “Meta”). For more information about Meta’s processing of personal data, please visit https://www.facebook.com/privacy/explanation. Meta provides the option to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.

Meta provides us with anonymized statistics and information about our Facebook and Instagram pages that help us gain insights into the types of actions people take on our page (so-called “Page Insights”). These Page Insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings. The processing of your data in this way is based on Article 6.1.f of the GDPR.

We cannot associate the information obtained through Page Insights with individual user profiles that interact with our Facebook and Instagram page. We have entered into a joint controller agreement with Meta, which sets out the distribution of data protection obligations between us and For details about the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta, please refer to https://www.facebook.com/legal/terms/information_about_page_insights_data. In relation to this data processing, you also have the option to assert your rights as a data subject in respect of Meta (see “Your rights”). Further information about this can be found in Meta’s Privacy Policy at https://www.facebook.com/privacy/explanation.

Please note that, according to Meta’s Privacy Policy, user data is also processed in the USA and other third countries. Meta transfers user data only to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.

b) LinkedIn
LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is the sole controller for processing of personal data when you visit our LinkedIn page. For further information about processing of personal data by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit, follow or interact with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and information. This provides us with insights into the types of actions people take on our site (so-called Page Insights). For this purpose, LinkedIn processes in particular the data that you have already provided to LinkedIn via the information in your profile, such as data about your role, country, industry, seniority, company size and employment status. In addition, LinkedIn processes information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any personally identifiable information about you through Page Insights. We only have access to the summarized Page Insights. It is also not possible for us to draw conclusions about individual members via the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these findings. The legal basis for this processing is Article 6.1.f of the GDPR.

We have entered into a joint controller agreement with LinkedIn, which sets out the allocation of data protection obligations between us and LinkedIn. The agreement can be accessed at: https://legal.linkedin.com/pages-joint-controller-addendum. According to the agreement, the following applies:

  • We have agreed with LinkedIn that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn about this via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) online or contact LinkedIn using the contact information in the privacy policy. You can contact the data protection officer at LinkedIn Ireland via the following link https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at the contact details we have provided regarding exercising your rights in connection with the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn.
  • We have agreed with LinkedIn und that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.

Please note that according to LinkedIn’s privacy policy, personal data may also be processed by LinkedIn in the USA or other third countries. LinkedIn transfers personal data only to countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR or on the basis of appropriate safeguards pursuant to Article 46 of the GDPR.

2. Comments and direct messages

We also process information that you have provided to us via our company page on any social media platform. Such information may include the username, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data based on our legitimate interest in contacting persons who make inquiries to us. The legal basis for the data processing is Article 6.1.f of the GDPR. Further data processing may take place if you have consented (Article 6.1.a of the GDPR) or if this is necessary for the fulfilment of a legal obligation (Article 6.1.c of the GDPR).

IV. Other Data Processing

1. Contacting us via email

If you send us a message via email, we will process the data transmitted for the purpose of responding to your inquiry. We process these data based on our legitimate interest in contacting persons who send us inquiries.

The legal basis for the data processing is Article 6.1.f of the GDPR.

2. Data from customers and prospective customers

If you contact our company as a customer or potential customer, we process your data to the extent necessary to establish or implement the contractual relationship. This usually includes processing of personal master data, contract data and payment data provided to us and contact and communication data for our contacts at commercial customers and business partners. The legal basis for this processing is Article 6.1.f of the GDPR.

We also process customer and prospective customer data for evaluation and marketing purposes. This processing is carried out on the legal basis of Article 6.1.f of the GDPR and serves our interest in further developing our service and informing you specifically about our services.

Further data processing may take place if you have consented (Article 6.1.a of the GDPR) or if this is necessary for the fulfilment of a legal obligation (Article 6.1.c of the GDPR).

3. Use of email addresses for marketing purposes

We may use the email address you provide when you register or place an order to contact you about similar products and services that we offer.

The legal basis is Article 6.1.f of the GDPR in conjunction with Section 7.3 of the German Act Against Unfair Competition (UWG). You may object to this at any time without incurring any costs other than the transmission costs at the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link included in each mailshot or by sending an email to privacy@shipcloud.io.

V. Data Processing On Our Platform

When you use our website, we collect information that you provide. We also automatically collect specific information about how you use our website. Under data protection law, IP addresses are also considered to be items of personal data. Internet Service Providers (ISPs) assign IP addresses to every internet-connected so that they can send and receive data.

1. Registration and login for customers and developers

In order to make use of our services as a customer or developer, and to be able to use certain functions of our website, it is necessary to register via our website. The required information can be seen in the registration input mask. Information marked as mandatory must be provided in order for you to be able to take advantage of our services. The data provided are processed for the purpose of providing services and processing contracts. The legal basis for this processing is Article 6.1.b of the GDPR.

2. Payment options

If you select a fee-based plan, we offer you the option of paying by credit card. Please note that the respective payment information is collected and processed solely by the respective payment service providers. The payment service provider only provides us with your name and the validity date of your credit card, which we store for the purpose of fulfilling the contract. The legal basis for this processing is Article 6.1.b of the GDPR.
You also have the option to pay via PayPal. Please note that the payment information in this regard is collected and processed solely by PayPal (Europe) S.à r.l. et Cie, S.C.A., which is based in Luxembourg. PayPal sends us the address data you have set up with PayPal, which we process exclusively for fulfilment of the contract. The legal basis for this processing is Article 6.1.b of the GDPR. In the case of PayPal payments, we only store the name of the PayPal account. For more information about PayPal’s privacy policy, please see https://www.paypal.com/us/webapps/mpp/ua/privacy-full. In addition, we also offer the option of paying via electronic direct debit. This requires our advance individual agreement with us. Once the payment by electronic direct debit procedure has been activated as a result of an express individual agreement with us, we will also need the account holder’s name, IBAN and BIC, together with a SEPA mandate. In the case of payment by electronic direct debit, we will store the name of the account holder, the IBAN, the BIC and the information on the granting of the SEPA mandate.

3. Chat

Our platform uses the chat tool from the provider Intercom Inc. (55 2nd Street, 4th Floor, San Francisco, California 94105, USA – “Intercom”). If you submit an enquiry via the chat tool, we will store your data from the chat process, including the contact data you provide, for the purpose of processing your enquiry and dealing with follow-up questions. Our chat function stores details of your IP address and location. The legal basis for the use of this service is Article 6.1.f of the GDPR. Alternatively, you can send us a message at any time via our contact email address. The use of the chat tool is thus of a purely voluntary nature.
When using the chat tool, we cannot rule out that your personal data will not be transferred to the USA. Please note the information in the section “Data transfer to third countries”.

4. Communication via email

We send emails to our customers to let them know about important changes and innovations to our platform. We send this information for the sole purpose of being able to guarantee the provision of contractually agreed services. The legal basis for sending these emails is Article 6.1.b of the GDPR, as the information they contain is necessary for the performance of contracts with our customers. We also analyse the reading behaviour and opening rates of these emails. The legal basis for the analysis of these emails is Article 6.1.f of the GDPR and the processing serves our legitimate interest to know whether our customers have received the information. You can object to the analysis at any time by contacting us via one of the above channels.
For the management of subscription lists, as well as to send and analyse these emails, we use the Mandrill service from The Rocket Science Group LLC d/b/a MailChimp (USA).

When using this service, we cannot rule out that your personal data will not be transferred to the USA. Please note the information in the section “Data transfer to third countries”.

5. Order processing

In the context of providing our services, we also need to process personal data as a processor within the meaning of Article 4.8 of the GDPR, in which case our client acts as a Data Controller within the meaning of Article 4.7 of the GDPR. An agreement on contract data processing pursuant to Article 28 of the GDPR specifies the rights and obligations of the parties under data protection law in connection with the contractor’s handling of client data for the provision of services. We make this agreement available to our clients during the registration process. For information purposes, a non-signable version can be accessed on our website.
We use electronic media for order processing, including proof of delivery. In his context, we also store digitised signatures. The reproduction of the digital signature applies as proof of delivery when combined with an electronic date and time stamp. We do not assume any guarantee for the permanent availability/usability of electronic data provided to us.

6. Processing of server log files

If you use our website purely for information purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). These include as standard: browser type/version, operating system used, page visited, the previously visited page (referrer URL), IP address, the date and time of the server request, and the HTTP status code.

Processing is carried out to pursue our legitimate interests and is on the legal basis of Article 6.1.f of the GDPR. The purpose of this processing is the technical management and security of the website. The stored data are deleted after ten days unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the information stored. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11.2 of the GDPR unless, in order to exercise your rights as set out in those articles, you provide additional information that enables your identification.

7. Cookies

We use cookies and similar technologies (“cookies”) on our website. Cookies are small text files that are stored by your browser when you visit a website. Cookies allow your browser to be identified and recognised by web servers. You have full control over the use of cookies through your browser. You can delete the cookies at any time by means of your browser’s security settings. You can object to the use of cookies through your browser settings, generally or only in certain cases.

The use of cookies is partly necessary for the technical operation of our website and is thus permissible without the consent of the user. We may also use cookies to provide special functions and content and for analytics and marketing purposes. These may also include cookies from third-party providers (third-party cookies). We only use such technically unnecessary cookies with your consent, pursuant to Section 25 of the TTDSG and/or Article 6.1.a of the GDPR. Information about the purposes, providers, technologies used, data stored and the storage period of individual cookies can be found in the settings of our Consent Management Tool.

8. Consent Management Tool

This website uses the consent management tool Consentmanager, provided by consentmanager AB (Sweden), to manage cookies and the processing of personal data.

The consent banner allows users of our website to give consent to certain data processing operations or to withdraw consent that they have already given. By clicking on the “Allow cookies” button, you give us your consent to process the selected cookie categories.
The legal basis is your consent pursuant to Article 6.1.a of the GDPR.

In addition, the consent banner helps us to provide evidence of your declaration of consent. For this purpose, we process data and additional log data related to your declaration of consent. Cookies are also used to collect these data. The processing of these data is necessary in order to be able to prove that consent has been both sought and given. The legal basis results from our legal obligation to document your consent (Article 6.1.c of the GDPR in conjunction with Article 7.1 of the GDPR).

You can revoke your consent for cookies here: https://app.shipcloud.io/?cmpscreencustom.

9. Google Analytics

Our website uses the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU).

Google Analytics is a web analytics service that allows us to collect and analyse data about the behaviour of visitors to our website. Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.

Some of this data is information that is stored on the end device that you are using. Other information is also stored on your end device via the cookies used. Such storage of information by Google Analytics and access to information already stored on your end device takes place only with your consent.

Google Ireland processes the data collected in this way on our behalf to evaluate the use of our website by users, compile reports on the activities on our website and provide us with other services related to the use of our website and the internet. Pseudonymous user profiles can be created from the processed data.

Cookies are set and further processing of personal data is carried out as described here with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Article 6.1.a of the GDPR. You can withdraw this consent at any time with immediate effect.

The personal data processed on our behalf to enable Google Analytics may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. Please refer to the section on “Data transfer to third countries”.

We use Google Analytics only with IP anonymization enabled. This means that Google will abbreviate the IP address of users within member states of the European Union or in other states party to the Agreement on the European Economic Area. The IP address transmitted by a user’s browser will not be merged with other Google data. For more information on the use of data for advertising purposes, please see Google’s privacy policy at: www.google.com/policies/technologies/ads/.

We use Google Analytics 4 to process data, which allows us to track interaction data from different devices and from different sessions. In turn, this enables us to put individual user actions into context and to analyse long-term use of the website. Data concerning user activity is stored for a period of 14 months and then automatically deleted. All other event data are stored for two months and then automatically deleted. The deletion process takes place once a month for all data whose storage period has expired.

We also use the Google Analytics advertising functions (remarketing). This feature, in conjunction with Google’s cross-device functions, allows us to display ads in a more targeted way and present users with ads that are tailored to their interests. Via remarketing, users are shown ads and products for which interest has been identified on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads or Google AdSense. In this way, interest-based, personalised advertising that has been adapted to a user depending on their previous usage and surfing behaviour on one end device (e.g. a cell phone) can also be displayed on another end device of the user (e.g. a tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalised advertising can be delivered to every end device on which you log in with your Google account. The aggregation of the collected data in your Google account is based solely on your consent, which you can give to or withdraw from Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects users’ Google-authenticated IDs, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device advertising.

10. New Relic

Our website uses the New Relic service from New Relic, Inc (USA). New Relic is a web analytics tool that collects user data from a website in order to analyse and monitor the website’s performance, for example to improve the loading times of individual parts of the website.

Processing takes place only with your consent in accordance with Article 6.1.a of the GDPR.

Integrating this service into our platform requires cookies to be set on the device you are using. The setting of cookies and access to information stored on your device are carried out with your consent, which you can revoke at any time with immediate effect via our Consent Management Tool. When using this service, we cannot rule out that your personal data will not be transferred to the USA. Please note the information in the section “Data transfer to third countries”. For more information on data protection at New Relic, please refer to New Relic’s privacy policy at http://newrelic.com/privacy.

11. Heap

Our website uses the Heap service from Heap, Inc. (USA) to analyse user behaviour on our website. This includes information such as page views, user actions such as clicks and interactions with controls, browser details and IP addresses.
Processing takes place only with your consent in accordance with Article 6.1.a of the GDPR.
Cookies are set on the device you are using to integrate the service. Cookies are set with your consent, which you can revoke at any time with immediate effect via our Consent Management Tool. When using the service, we cannot rule out that your personal data will not be transferred to the USA. Please note the information in the section “Data transfer to third countries”. Further information on data protection at Heap is available in Heap’s Privacy Policy at https://heap.io/privacy.

12. Google reCAPTCHA

We use the reCAPTCHA tool from Google Ireland Limited (Ireland, EU) in connection with certain features on our website. For the tool to work, it is technically necessary to process your IP address so that content can be sent to your browser. Your IP address is therefore transmitted to Google Ireland. In addition, Google Ireland collects additional data, e.g. about your browser and your click behaviour. We use the service for security reasons to check whether the data input on this website (e.g. in a contact form) is made by a human being or by an automated programme. This allows us to identify and block automated access attempts and attacks. We are required by law to take certain technical and commercially reasonable measures to ensure the security of our website.

The processing of your data is based on Article 6.1.c and Article 32 of the GDPR and Section 19.4 of the TTDSG.

When using the service, we cannot rule out that your personal data will not be transferred to the USA. Please note the information in the section “Data transfer to third countries”. For more information on data protection at Google, please refer to Google’s privacy policy at https://www.google.com/policies/privacy.

13. Amazon Cloudfront

We have integrated Amazon Cloudfront into our website as a content delivery network (CDN) for displaying content. This CDN processes your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Amazon. You can object to this data processing at any time via your browser’s settings or certain browser extensions. Please note that this may restrict the functionality of our website.

When using the service, we cannot rule out that your personal data will not be transferred to the USA. Please note the information in the section “Data transfer to third countries”.

Last revised: January 2023