This Privacy Statement gives you an overview of the processing of your personal data in the context of the use of the offers and online services in connection with the Websites on sendcloud.com (the “Website”). This Privacy Statement also informs you about your rights under the EU Data Protection Regulation (“GDPR”) and the means to control your personal data and protect your privacy. Personal data is defined as all information that makes it possible to identify you as a person.
Responsible for data processing within the framework of the Website is Sendcloud Global, Stadhuisplein 10, 5611 EM Eindhoven, Netherlands, firstname.lastname@example.org (hereinafter “Sendcloud” or “we”). If you have any questions regarding this data protection declaration or data processing within the framework of the Website, you can also contact our company data protection officer, Nathalie Voigt, at the address or e-mail address given above, who can be reached at the above address as well as at email@example.com.
You may not use the Website or use it only to a limited extent if you do not provide us with certain data or if you object to the use of this data.
- Which personal data we process on our Website and from which sources they originate:
When we make our Website available to you, we process personal data from various sources. On the one hand, this is data that we automatically process for each visitor when the Website is accessed. However, this may also include data which you have voluntarily provided to us or which is only processed when you use our services.
Data that we automatically collect when you visit our Website:
As soon as you visit the Website, you send technical information to our web servers, which we store in server log files. This happens regardless of whether you subsequently contact us (e.g. via the contact form). In any case, we collect the following access and web access data (which we call “Usage Data”):
- the date and time of the visit and the duration of the use of the Website;
- the IP address of your device;
- the referral URL (the website from which you may have been referred);
- the visited subpages of the Website; and
- more information about your device (device type, browser type and version, settings, installed plug-ins, operating system).
We process the Usage Data to enable you to use the Website and to ensure the functionality of the Website. In addition, we process Usage Data in order to analyze the performance of the Website, to continuously improve the Website and to correct errors or to personalize the content on the Website for you. For this purpose, data is being shared with our service provider “Convertflow” (more information on the provider can be found below). We also process the Usage Data to ensure IT security and the operation of our systems and to prevent or detect misuse, in particular, fraud. These server log files are deleted after a maximum of 7 days. Our legal basis for the processing of this data is Art. 6 (1) lit. f) GDPR.
Data that you transmit to us yourself:
In addition to the data we receive from all visitors, we also process other data when you use our contact form and/ or download media from our website. You can see the details in the contact form. We process this data in order to process your request and will process the correspondence in accordance with the applicable rules for business letters under German law for a period of 6 years from the end of the calendar year during which your request has been submitted.
The legal basis in each case is Art. 6 (1) GDPR and § 25 TTDSG.
- Data we process when providing the Sendcloud cloud integration to our customers
Please note that the provider who has implemented the integration in her online shop or services is solely responsible for data processing using the Sendcloud integrations. In this case, Sendcloud will only act as an order processor. This means that Sendcloud, according to a contractual agreement, is strictly subject to the customer’s instructions and will process all data as the customer’s technical service provider without its own decision-making authority with regard to the processing of personal data by the customer. In this respect, please access the data protection information of the customer for more information.
- The purposes for which we process your data:
We have already informed you above for which purposes we process your data in individual cases. In addition, we may process your data for other purposes. This includes, for example, passing on your personal data to third parties if we are legally obliged to do so, but also the assertion of legal claims on our part or the defence against legal disputes. The legal basis in these cases is either a legal obligation (Art. 6 (1) lit. c) GDPR) or our legitimate interests.
- To whom we forward your data:
Your personal data will only be passed on to third parties if this is necessary for the provision of the Website or the Sendcloud integration. The data recipients also include the third-party providers mentioned in our overview of cookies and analytics tools. For information about the third parties we use, such as for processing customer inquiries or web analytics, please see the information about cookies, web analytics and other third-party technologies at the end of this Privacy Statement. All third-party providers have made contractual agreements with us to process data exclusively within the scope of our instructions (so-called data processing agreements).
We also transmit your data to our hosting service provider, which enables us to provide the Website. This is Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA (“AWS”).
Your data will also be forwarded to our third-party service “Convertflow”- a service provider.
4.1.Recording of user interaction through ConvertFlow
4.1.1 Recording of contact data by form via ConvertFlow
Your contact data from the forms provided by ConvertFlow will be stored by ConvertFlow for the purpose of processing your request and in case of follow-up questions. The processing of the data entered by you in the ConvertFlow form is thus exclusively based on your consent (Art. 6 para. 1 lit. a GDPR).
4.1.2 You can revoke this consent at any time. All you need to do is send an informal message by e-mail to firstname.lastname@example.org.
4.1.3 The legality of the data processing operations carried out up to the time of revocation shall remain unaffected by the revocation. The data entered by you in the forms of ConvertFlow will remain with Sendcloud until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (e.g. after completion of the processing of your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
- Data processing outside the EEA:
We do not transmit your access and account data to any third parties without implementing appropriate safeguards.
We do host your data on AWS. Although the servers of AWS are located in Frankfurt, Germany, your data are still legally transmitted to the USA, i.e. a country outside the EEA (a so-called “Third Country”).For some of the services of our other service providers (the list can be found at the end of this Privacy Statement), a transfer to the USA is required as well. In all cases, we will ensure that an adequate level of data protection is guaranteed at all times. However, for some specific services, SendCloud may use data processors or business partners located outside of the EU. Some of your Personal Data may therefore be transferred to them for the strict purposes of their services. In such cases and in accordance with the regulations in force, SendCloud requires its data processors to provide the necessary safeguards to ensure regulated, secure transfers, mainly by requiring them to sign the European Commission’s standard contractual clauses. Where required, an applicable Transfer Impact Assessment will be conducted to ensure the security of the data transferred.
- Storage duration:
We process and store your personal data to the extent necessary to fulfil our contractual or legal obligations. Therefore, we store the data as long for as our contractual relationship with you exists and after termination only to the extent and for as long as legally required. If data is no longer required to fulfil legal obligations (e.g. under tax or commercial law), it is deleted regularly unless further processing is necessary to preserve evidence or defend against legal claims against us. For the preservation of evidence necessary is e.g. your IP address and the exact time of the granting, if you have given us a consent.
- User profiles:
We use your data to create a user profile. This means that we use your information to provide you with a personalized Website based on your personal preferences and interests and to provide you with customized offers based on your previous behaviour. However, we will never process and analyse your personal data within the framework of this user profile in such a way that this leads to an automated decision which is legally valid for you or which similarly significantly affects you.
- Your legal rights under the GDPR:
You can assert the following rights against us within the framework of the GDPR with regard to your personal data:
Your right to information and access pursuant to Article 15 GDPR,
Your right to rectification pursuant to Article 16 GDPR,
Your right to erasure pursuant to Article 17 GDPR,
Your right to restriction of processing pursuant to Article 18 GDPR and
Your right to data portability pursuant to Article 20 GDPR.
You also have the right to lodge a complaint with the competent data protection supervisory authority (Article 77 GDPR).
In addition, you can also revoke your consent to the processing of your personal data at any time. However, this revocation only applies for the future. Any processing that took place before the revocation remains unaffected by this. If you would like to exercise your rights as a data subject, you can also do so (as well as receive further information) by referring to: https://support.sendcloud.com/hc/nl/articles/360024837752-Privacy-Security.
Information about your right of objection according to article 21 GDPR
In addition to the rights already mentioned, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which takes place on the basis of Article 6 (1) lit. f) GDPR (Data Processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweighs your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
You also have the right at any time to object to the processing of your personal data for the purpose of direct marketing (including the subscription to our newsletter) without incurring any costs other than the transmission costs according to the basic tariffs; this also applies to the creation of a user profile (so-called “profiling”), insofar as this is associated with direct marketing. If you object, we will no longer process your personal data in the future.
Please note that if you do not provide us with certain data or if you object to the use of this data, you will not use the Website or only use it to a limited extent.
The objection can be filed informally and is to be addressed to: email@example.com
- Modification of this Privacy Statement
In order to keep this information up to date, this Privacy Statement will be modified when the underlying data processing is changed. We will publish any intended changes to this Privacy Statement in advance if its content changes and not only editorial changes (e.g. to correct typographical errors) are made.
The Website uses the following types of cookies, the scope and functionality of which are explained below: Transient cookies and persistent cookies.
Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our Website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are also initially stored when you close your browser and then automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can reset your browser before or after your visit to our Website so that all cookies are rejected, or to indicate when a cookie is being sent. By default, the setting of cookies can be managed by the browser program of your browser, even so that no cookies may be set at all or that cookies are deleted again. Your browser may also have a feature for anonymous browsing. You can use these functions of your browser yourself at any time. If you deactivate the setting of cookies in your browser by default, it is possible, however, that our web pages do not function correctly.
The legal basis for the processing of personal data using cookies and other technologies is Art. 6 (1) lit. f) GDPR and § 25 TTDSG unless otherwise stated below.
You can receive comprehensive information on every cookie we use by referring to our cookie preference manager here.
The information generated by the cookie about your use of our Website (identifier, browser type/version, operating system used, referrer URL, shortened IP address, time of server request) is generally transmitted to a Google server in the U.S. and stored there. However, in the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, your IP address will initially be truncated by Google on our Website. For this purpose, we have implemented the code “gat._anonymizeIp() ;” in order to ensure anonymous collection of IP addresses (so-called IP masking).
Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and abbreviated there. If, exceptionally, personal data is transferred to the USA, Googles signed Standard contractual clauses and an applicable Transfer impact assessment ensure a level of data protection corresponding to the data protection level in the EU.
Google will use the information about your use of the Website on our behalf in the context of Google Analytics to evaluate your use of the Website, to compile reports on Website activity and to provide other services relating to Website activity and internet usage. The IP address transmitted by your browser in the context of Google Analytics and Google Tag Manager is not combined with other data from Google by us.
In addition to generally deactivating cookies, you can prevent Google from collecting and processing data about your use of our Website (including your abbreviated IP address) by downloading and installing the browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout.
Google Analytics advertising functions and Google Ads
We also use Google Ads to advertise on the Websites of third parties. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We pursue with it the interest to show you advertisement which is of interest for you and to make our web page more interesting for you.
Google uses so-called “ad servers” for this purpose, through which our ads are delivered. For this purpose we use Ad Server Cookies, which can be used to measure certain parameters such as the display of ads or clicks by users. If you access our Website via a Google advertisement, Google Adwords stores a cookie in your PC. These cookies lose their validity after 30 days and cannot be used by us to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
These cookies enable Google to recognize your Internet browser for advertising purposes. If a user visits certain pages of an AdWords customer’s Website and the cookie stored on his or her computer has not yet expired, Google can track whether the user clicked on the ad and was directed to that page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be traced via the Websites of Adwords customers. We can never personally identify you with the information we collect and only receive aggregated reports about user behavior. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media, in particular we cannot identify the users on the basis of this information.
You can also opt out of
participating in this tracking process via Google’s preferences at https://www.google.de/settings/ads, or as part of the About Ads self-regulatory campaign via the link https://www.aboutads.info/choices, where this setting will be deleted if you delete your cookies. You can also disable it in your browser by installing a plugin if you click on the following link https://www.google.com/settings/ads/plugin.
Further information on data processing within the framework of Google Ads can be found at https://policies.google.com/technologies/ads?hl=en and https://www.google.de/intl/de/policies/privacy/.
Using the Facebook plugin
The Facebook plugin “Like Button” is installed on our Website. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/. These are services of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook EU”), which also transmit data to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook USA”; together with Facebook EU as a whole “Facebook”). Like Google, Facebook USA is certified under the Privacy Shield Agreement, providing an appropriate level of data protection outside the EU.
When you visit our Website, a direct connection is established between your device and the Facebook server. Facebook receives information that you have visited our Website, including your IP address. If you click the “Like” button in your Facebook account, you can link the content of our Website to your Facebook profile. In this way, Facebook can connect the visit with the visitor and use it to advertise on Facebook according to the interests of the visitor.
The tracking pixel transmits to Facebook your IP address and other information when you use our Website, including device information (operating system, hardware version, device settings, file and software names and types, battery and signal strength), device identifiers, device locations, including specific geographic locations such as GPS, Bluetooth or WiFi signals, connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number) and information about your activities. When you later sign in to Facebook, an irrevocable, non-personal checksum (profile) of your Usage Data is sent to Facebook for analysis and marketing purposes.
For more information, see Facebook’s Privacy Statement at https://de-de.facebook.com/policy.php and https://www.facebook.com/business/help/651294705016616. If you do not want Facebook to associate your visit to our Website with your Facebook account, please log out of your Facebook account. Further settings and objections to the use of the data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g. with the “Facebook Blocker“.
Use of LinkedIn
Our Website uses functions of the network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). Each time you visit one of our Websites, a connection is established to LinkedIn servers. LinkedIn will be informed that you have visited our Website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our Website with you and your user account. Thus, LinkedIn can place targeted advertising and content on the LinkedIn platform for you.
For more information, please see LinkedIn’s Privacy Statement at: https://www.linkedin.com/legal/privacy-policy. LinkedIn is also certified under the Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). If you wish to object to the processing of your data by LinkedIn, you can do so here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Use of Twitter
If you have a Twitter account, we may use a cookie from Twitter Inc, 1355 Market Street, Suite 900, San Francisco, with your permission. CA 94103, USA (“Twitter”) to track your user behavior if you have reached our website through an advertisement placed by us on Twitter. In this case, Twitter places a cookie on your computer, through which we as a Twitter customer and Twitter can recognize that you have visited our website by clicking on a Twitter ad.
The information obtained by the tracking cookie is transmitted to us under a pseudonym and does not give us any information about the person of the user. They serve for statistical purposes, but are connected to your Twitter account by Twitter in accordance with its data protection guidelines (available at https://twitter.com/privacy?lang=en), stored and used for our own advertising purposes, whereby your data may also be transmitted to Twitter’s partners.
Use of Hotjar
Use of Kissmetrics
This Website also features Kissmetrics, a web analytics service provided by Space Pencil, Inc. 847 Sansome Street, San Francisco, CA 94111, USA (“Kissmetrics”). Kissmetrics only uses first-party cookies that can be removed by deleting your browser cookies. You can disable Kissmetrics tracking by using the opt-out link on the Kissmetrics Website: http://www.neilpatel.co/private-policy/
Use of Intercom as a communication medium
Use of Zendesk
We use Zendesk, a product of the company Zendesk Inc, 410 Townsend St, San Francisco CA, 94107, USA (“Zendesk”), to process support requests and for the help center (https://support.sendcloud.com). The data required for this is transferred to a Zendesk server in the USA and stored there. The following data will be transmitted: Your user login data, consisting of user name, email address and password. Your account will be regularly synchronized with Zendesk. Our legal basis in this case is Art. 6 (1) lit. b) GDPR, as the data transfer is necessary in order to be able to process your request effectively.