Privacy Policy

LEGAL

Information letter to business partners

Information according to Article 13 and Article 14 of the General Data Protection Regulation (GDPR)

This information letter shall give you an overview on how we are processing your personal data as well as of your rights relating to the processing of personal data. Which personal data is processed in particular and how it is used depends largely on the services requested or agreed upon in every single case. For this reason, not all parts of this information letter will be applicable to you.
Apart from that, this information on data protection may be updated from time to time. You can always access the current version using the link in our mail signature.

1. Who is responsible for data processing and whom can I contact?

The controller for the purpose of GDPR is

For clients of Forwardis GmbH:

Forwardis GmbH
Charlottenstraße 16
D-10117 Berlin
Telefon: +49 30 549 793 30
E-Mail: privacy@forwardis.com

You can reach our external Data Protection Officer at:
c/o activeMind AG
Management- und Technologieberatung
Kurfürstendamm 56
10707 Berlin
Telefon: +49 30 770 19 10 70
E-Mail: datenschutzbeauftragter@forwardis.com

2. We are processing your personal data for the following purposes and on the following legal basis:

We are processing personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG):

2.1 To fulfil the contractual obligations (point (b) of Article 6 (1) GDPR)

The data processing is carried out in order to perform:

• pre-contractual measures (e.g. preparation of offers)
• our contract
• additional contractual services by our subcontractor in charge

2.2 Based on the legal requirements (point (c) of Article 6 (1) GDPR)

We are subject to various legal obligations that imply the processing of personal data. These obligations include among others:

• the control and reporting obligations under the provisions of tax law as well as storage obligations
• the obligations arising from Money Laundering Act
• the processing of enquiries and fulfilment of requirements of supervisory authorities, law enforcement agencies or courts
• the processing of possible enquiries and fulfilment of requirements of the tax office during a company audit

2.3 Within the weighing of interests (point (f) of Article 6 (1) GDPR)

Whenever required, we are processing your personal data beyond the actual performance of the contract in order to protect our legitimate interests or legitimate interests of third parties.
Examples of such cases include:

• direct advertising for our own products and/or services (e.g. in the form of regular email newsletters)
• the assertion of legal claims and defence in case of legal disputes
• the processing of your personal data in our CRM system

3. Who receives your data?

3.1 Within our company

Our employees from the sales, accounting and operational departments, insofar as this is required to maintain the contact with you and to fulfil our contractual and statutory obligations (including the fulfilment of pre-contractual measures). Employees from office management area – for the purpose of internal maintenance of contact data.

3.2 Within the scope of order processing (internal recipients)

Your personal data may be passed on to the service providers acting as data processors on our behalf. These may include other group companies and/or external service providers from the following areas: Support or maintenance of EDP or IT applications:

• Bookkeeping
• Data destruction
• All service providers are contractually bound and especially obliged to treat your personal data as confidential.

3.3 Other recipients (third parties)

Data is only passed on to the recipients outside of our company in compliance with the applicable data protection regulations. The recipients of personal data may include among others:

• public authorities and institutions (e.g. financial authorities or law enforcement agencies) in case of a legal or official obligation
• credit and financial service providers (processing of payment transactions)
• tax advisors or public auditors as well as payroll tax auditors and company auditors (statutory audit assignment)
• lawyers
• external Data Protection Officer
• operational subcontractors commissioned with the performance of your contract, if you need the data for the purpose of order performance.

4. Will personal data be transferred to a third country or to an international organisation?

Personal data is transferred to bodies in the countries outside of the European Economic Area (so-called third countries) insofar as:

• it is required by law (e.g. reporting obligations under the tax law),
• you have given us your consent or
• we have concluded a data processing agreement with our service provider. In this case, a transfer of your personal data may also take place
• where the European Commission has decided that the third country in question ensures an adequate level of protection (Article 45 GDPR) or
• on the basis of suitable guarantees (standard data protection clauses issued by the EU Commission).

Your personal data is currently processed by the following service providers based outside of the European Union and in the countries outside of the European Economic Area (EEA):
CITRIX, United States of America
Apart from that, we have also agreed with our service providers by contract that the data protection guarantees must always be provided also by their contracting parties, in compliance with the European data protection level. We will provide you with a copy of these guarantees upon request.

5. How long is the storage period of your personal data?

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and statutory obligations. If the data is no longer required for the fulfilment of our contractual or statutory obligations, it is deleted on a regular basis.
The following exceptions shall apply,

• insofar as the statutory storage obligations must be fulfilled, e.g. pursuant to the German Commercial Code (Handelsgesetzbuch, HGB) and the German Fiscal Code (Abgabenordnung, AO). The storage or documentation periods specified therein are usually six to ten years;
• for the preservation of evidences within the statutory provisions on the statute of limitations. Pursuant to §§ 195 et seqq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), these limitation periods may add up to a total of 30 years, with the regular limitation period being 3 years.
• If the data processing is carried out in our legitimate interest or in legitimate interest of a third party, personal data will be deleted as soon as this interest will no longer exist. The aforementioned exceptions shall also apply here.

6. What data protection rights do you have?

You have the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR.
Restrictions may apply to the right of access and to the right to erasure in accordance with §§ 34 and 35 BDSG.
Apart from that, there is also a right to lodge a complaint with a supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG). A list of supervisory authorities (for non-public sector) together with the address can be found at:
More information on the BfDI site.

7. Am I obliged to provide my personal data?

Within the framework of the contractual relationship you have to provide those personal data that are necessary for the commencement, performance and termination of the contractual relationship and for the fulfilment of the related contractual obligations or data that we are collecting based on our statutory obligations. Without this data, we will usually not be able to conclude the contract with you or to execute it.
Information about your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR)
Right to object in individual cases
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6 (1) GDPR (data processing based on the weighing of interests).
Should you exercise your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves for the establishment, exercise or defence of legal claims.

8. Having an objection

If you wish to exercise your right to object, it is sufficient to send an e-mail to:
privacy@forwardis.com

LEGAL

Responsible for processing

FORWARDIS, a simplified joint stock company with a capital of €1,556,135  implements various processing operations on personal data collected on the site.

By using the forwardis.com website, Users also collect personal data of their members and are therefore responsible for the processing of such data. The contact information of the Users can be found in their dedicated space.

Data collected

The personal data collected are the following:

• Data related to the structure ;
• Data related to the members, depending on the choice of fields by the User, such as marital status, educational background, legal guardians, contacts in case of emergencies, size.

forwardis.com collects personal data relating to the User's legal representative when the User creates his or her space.

The Users collect personal data relating to the members when using the forwardis.com website; the Users are free to choose the various data collection fields.

Purposes and legal basis of processing

The purpose of the processing of personal data collected is to :

• Contract management, invoicing, accounting;
• The sending of information, events, commercial prospecting;
• Compliance with legal obligations;
• For security and business continuity purposes.
• The legal bases for the processing implemented are:
• The execution of a contract (e.g. to provide the requested service);
• Compliance with a legal obligation (e.g. to keep opposition requests);
• The legitimate interest of the data controller (e.g. the security of the website, its adaptation to the navigation of the website visitor);
• The consent of the data subject (e.g. to send commercial information);

Categories of recipients

The categories of recipients are the persons authorized and acting within the framework of their attributions:

• Within the framework of the usual missions: the personnel in charge of the conclusion, the management, the execution of the contracts, the service providers in particular technical, the subcontractors within the framework of their missions, the persons intervening in the contract such as lawyers, experts, auxiliary of justice and ministerial officers;
• As persons interested in the contract: the signatories, third parties interested in the execution of the contract.
• As authorized third parties: the courts concerned, arbitrators, mediators, the ministries concerned, supervisory and control authorities and all public bodies authorized to receive them, the departments responsible for external and internal control.

Duration of retention

These data are kept for the time of the contractual relationship between the User and FORWARDIS SAS. Beyond, the data are archived for the period where the responsibility of each party could be challenged before final deletion of data.

The data are kept for the duration to comply with the statute of limitations as stipulated in Articles 2224 and following of the Civil Code and the time limits for the retention of accounting records.

The data collected in the context of a request is kept for the time necessary to process the request.

The data collected in the context of commercial prospecting are kept until your consent is withdrawn or deleted in the event of prolonged inactivity.

Cookies are kept for a maximum of 13 months.

Rights of individuals

Any person concerned has the following rights with regard to his or her data:

• Right of access ;
• Right of rectification;
• Right to erasure;
• Right to object;
• Right to withdraw consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal of consent;
• Right to data portability;
• Right to limitation of processing;
• Right to define the directives concerning the fate of his personal data after his death;
• Right to lodge a complaint with a supervisory authority, such as the CNIL in France
• These rights can be exercised directly with the data controller.

Cookies

When consulting the website, information concerning the visitor or relating to the navigation of the terminal (computer, tablet, smartphone, etc.), may be read or recorded in "cookies" files installed on the visitor's terminal, subject to the choices expressed concerning cookies.

Some cookies may be deposited or read without the consent of the persons, namely :

• Cookies whose sole purpose is to enable or facilitate communication by electronic means;
• Cookies that are strictly necessary for the provision of a service expressly requested by the user;
• Certain audience measurement cookies.

Statistical cookies help the website owners, through the collection and communication of information in an anonymous manner, to understand how visitors interact with the websites.

The "Help" section on the menu bar of most Internet browsers tells how to prevent accepting new cookies and how to disable all cookies:

• For Internet Explorer™: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies,
• For Safari™: https://support.apple.com/kb/ph21411?locale=fr_CA
• For Chrome™: http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647,
• For Firefox™: https://support.mozilla.org/fr/kb/activer-ou-desactiver-les-cookies-sur-firefox-pour-android
• For Opera™: http://help.opera.com/Windows/10.20/fr/cookies.html,

To understand mastering cookies, visitors are invited to consult:

• The CNIL website: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser;
• The YouOnlineChoices platform: http://www.youronlinechoices.com/fr/

Disabling cookies may restrict access to certain features of the controller's website.