Privacy Policy

1. Information about the collection of personal data

a
• In the following, we will provide information about the collection of personal data when using our website. Personal data is all data which can be directly linked to your person, e.g. name, address, email addresses, user behavior.
• The controller pursuant to Art. 4 (7) of the EU’s General Data Protection Regulation (GDPR) is

Forwardis GmbH
Charlottenstraße 16
10117 Berlin

Telefon: +49 30 549 793 30
E-Mail: privacy@forwardis.com

• You may contact our data protection officer at:

GERMANY :

activeMind AG Management- und Technologieberatung
Kurfürstendamm 56
10707 Berlin

Telelfon: +49 30 770 19 10 70
E-Mail: datenschutzbeauftragter@forwardis.com

FRANCE :

ITNOVEM

1, avenue François Mitterrand

93210 La Plaine Saint-Denis

Tél : +33 09 88 81 66 45

Email : dpo-forwardis@itnovem.com

 

2. Your rights

• We shall grant you the following rights pertaining to your personal data:
  • Right to access (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR),
  • Right to erasure (Art. 17 GDPR),
  • Right to restriction (Art. 18 GDPR),
  • Right to object (Art. 21 GDPR) and
  • Right to data portability (Art. 20 GDPR).
• If you have given us consent, you can revoke this at any time with effect for the future.
• In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

Processing activities

 

3. Contact

• Nature and purpose of processing: A contact form is available on our website, which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

The following data is also stored at the time the message is sent:

• Date and time of the message
• First name and last name
• Name of the company
• Email, telephone number
• The document attached – if there is one

It is also possible to contact us via the e-mail addresses provided. In this case, the user's personal data transmitted with the e-mail will be stored. This includes the date and time the e-mail was sent, e-mail address, IP addresses and information on the servers involved in the e-mail communication.

You can also contact us via the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call.

Regardless of the type of communication selected, we collect the content of your enquiry. Your data will be stored for the purpose of personalised communication with you.

• Legal basis: The processing activity of the data entered in the contact form is based on a legitimate in-terest (Art. 6 (1) (f) GDPR). Our legitimate interest in the processing activity of your data is to enable you to contact us in an uncomplicated manner.

If you contact us to request a quote, the data entered in the contact form will be pro-cessed for the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR).

• Recipients: Recipients of the data may be technical service providers who act as data processors for the operation and maintenance of our website.
• Third country transfer: There is no transfer to third countries. The data is processed exclusively in the EU.
• Storage period: Data will be deleted no later than 6 months after the enquiry has been processed.

If there is a contractual relationship, we are subject to the statutory retention periods. These are generally 6 or 10 years for reasons of proper accounting and tax law require-ments.

• Provision prescribed or required: The provision of your personal data is voluntary. However, we can only process your request if you provide us with the required data and the reason for the request.
• Right to object: Please read the information about your right to object according to Art. 21 GDPR below.

 

4. Collection of general information when visiting our website (server log files)

• Nature and purpose of processing: When you access our website information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address, referrer URL, date and time of access and the like.

In particular, they are processed for the following purposes:

• Ensuring a smooth connection setup of the website,
• Ensuring the smooth use of our website, and
• Ensuring and evaluating system security and stability, in particular for abuse detection as well as
• for the technically error-free presentation and optimization of our website.

We do not use your data to draw conclusions about you personally. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

• Legal basis: The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and abuse detection.
• Recipients: We use service providers for the operation and maintenance of our website, who act as our data processors. All service providers are contractually obligated to treat your data confidentially.
• Third country transfer: There is no transfer to third countries. The data is processed exclusively in the EU.
• Storage period: Data is stored in server log files in a form that allows identification of the data subjects for a maximum period of 7 days; unless a security-related event occurs (e.g. a DDoS attack).

In the event of such an event, server log files are stored until the elimination and complete clarification of the security-related event.

• Provision prescribed or required: The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address and the cookie identifier, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or may be limited.
• Right to object: Please read the information about your right to object according to Art. 21 GDPR below.

 

5. Job-Applications

• Nature and purpose of processing: You can send us your application documents by e-mail and via job portals. We will only process the data you provide to assess your professional suitability and to contact you.
• Legal basis: The processing is carried out to establish an employment relationship as part of the implementation of pre-contractual measures that are carried out on request, Art. 6 (1) (b) GDPR.
• Recipients: Within the company, access to your data is granted to those departments that require it to fulfil contractual, legal and regulatory obligations and to protect legitimate interests. In addition, we use service providers who act as processors to manage the application process.
• Storage period: If your application is rejected, it will be deleted six months after notification of the decision.

If an employment relationship is established, the application documents will be stored with us for at least the period of employment.

• Provision prescribed or required: The provision of personal data is not required by law or contract. However, it is not possible to process the application without this information.

 

6. Download and Newsletter

• Nature and purpose of processing: Your data will only be used to send you the respective download and the Forwardis-newsletter you have subscribed to by E-Mail. In order to verify that a registration is actually made by the respective owner of an E-Mail address, we use the "double opt-in" procedure (DOI procedure) for an online registration. This means that you will receive an E-Mail after your newsletter registration in which you must confirm your newsletter registration once again. No further data is collected.

At the time of the DOI confirmation, the following data will also be stored:

• Date and time
• …
• Legal basis: Based on your consent (Art. 6 (1) (a) GDPR), we will regularly send you our newsletter or comparable information by e-mail to your specified e-mail address.
• Recipients: We use a service provider for shipping, who acts as our order processor. We have concluded a data processing agreement with the processor, which guarantees the protection of your data.
• Third country transfer: There is no transfer to third countries. The data is processed exclusively in the EU.
• Storage period: Data will only be processed in this context as long as the corresponding consent is available. In the case of employees, processing takes place as long as the employment relationship exists, or the objection is made.
• Provision prescribed or required: The provision of your personal data is voluntary, based solely on your consent. There will be no disadvantages for you. Without valid consent, we can unfortunately not send you, our newsletter.
• Withdrawal of consent: You can revoke your consent to the storage of your personal data and its use for sending newsletters at any time with effect for the future. Unsubscribing can be requested via the link contained in every email or contact information listed in this privacy policy.

 

7. Cookies

A cookie is a small data set that is created when a website is visited and is temporarily stored on the website user's system. If the server of this website is called up again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server. The server can evaluate the information obtained through this procedure. Cookies can, in particular, make it easier to navigate a website.

Deletion of Cookies:

You can delete individual cookies or the entire cookie inventory via your browser settings. In addition, you will receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you can find the necessary information under the following links:

• Mozilla Firefox: https://support.mozilla.org/kb/clear-cookies-and-site-data-firefox
• Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome: https://support.google.com/accounts/answer/61416
• Opera: http://www.opera.com/help
• Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

Additionally, you can prevent loading of so-called scripts by default. NoScript allows JavaScript, Java and other plugins to run only on trusted domains of your choice. For information and instructions on how to edit this feature, contact your browser vendor (e.g. for Mozilla Firefox: https://addons.mozilla.org/en-GB/firefox/addon/noscript/).

 

7.1. Use of technically necessary cookies

• Nature and purpose of processing: We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

Technically necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The following data is stored and transmitted in the cookies:

• Consent-Management
• Language Settings

You will find an overview of the cookies used below.

• Legal basis: The processing is carried out in accordance with Art. 6 (1) (f) GDPR in conjunction with a balancing pursuant to Section 25 (2) TDDDG on the basis of our legitimate interest in a user-friendly design of our website and in the documentation of consent.
• Recipients: We use technical service providers for the operation and maintenance of our website, who act as our data processors. All service providers are contractually obligated to treat your data confidentially.
• Storage period: Details on the storage duration of cookies can be found in the following overview.
• Provision prescribed or required: The provision of the aforementioned personal data is neither legally nor contractually required. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services and services may not be available or may be limited.
• Right to object: Please read the information about your right to object according to Art. 21 GDPR below.

 

7.2. Use of technically unnecessary cookies

• Nature and purpose of processing: We also use such cookies on the website that enable an analysis of the user's surfing behavior. These cookies are used to make the use of the website more efficient and attractive.

Detailed information on the subject of cookies and which cookies are used on this website (after consent) can be found below in the cookie settings. Link to the cookie settings

• Legal basis: The storage of information on your end device or access to information already stored in the end device is voluntary, solely on the basis of your consent pursuant to Section 25 (1) TDDDG. If personal data is processed in addition, the provision of your data is also voluntary, solely on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR.
• Recipients: Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
• Storage period: Details on the storage period of the cookies can be found below in the overview of the cookies used.
• Provision prescribed or required: The provision of your data is voluntary, based solely on your consent. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
• Third country transfer: Information on this can be found in the cookie overview and the notes below on the individual tools used.
• Withdrawal of consent: You can revoke your consent in the cookie settings for the future.
• Profiling: With the help of web analytics tools, the behavior of visitors to the website can be evaluated and interests can be analyzed. For this purpose, we create a pseudonymous user profile.

 

7.3. Cookies used

 

8. Google Analytics

• Nature and purpose of processing: If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.

Google Analytics uses cookies that enable us to analyze your use of our website and to draw conclusions about user behavior on our website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of Forwardis, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity.

• Legal basis: The processing of the data is based on the user's consent (Art. 6 (1) (a) GDPR).
• Recipients: Recipients of the data may be technical service providers. Your data will be transmitted to Google. Information of the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 (user conditions, overview of data protection, privacy policy).
• Third country transfer: Google is based in the USA. For the USA, there is an adequacy decision by the European Commission. An adequate level of protection is therefore guaranteed for certified US companies. Google's certification can be viewed at the following link: Certification.
• Storage period: The data is deleted as soon as you have revoked your consent or it is no longer required to achieve the purpose for which it was collected. As a rule, the data is deleted 14 months after it has been made available.
• Provision prescribed or required: The provision of your personal data is voluntary, based solely on your consent. If you prevent access, this may result in functional restrictions on the website.
• Withdrawal of consent: You can prevent tracking by Google Analytics on our website by clicking on this link. This will install an opt-out cookie on your device. This will prevent data collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains stored in your browser.

You can also prevent the collection and processing of the data generated by the cookie and related to your use of the website (including your IP address) by Google by downloading and installing the browser plugin available at the following link: Browser Add On to deactivate Google Analytics.

 

9. Google Tag Manager

Our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a solution that allows us to manage tags used for tracking and marketing through a single interface. It enables JavaScript and HTML tags on our website to be deployed or updated quickly. The Google Tag Manager tool that implements these tags does not set any cookies or collect any personal data. Rather, it merely serves to manage other services, such as Google Analytics. These services may in turn collect data.

For more information, please visit the following website: https://www.google.com/intl/de/tagmanager/use-policy.html.

 

10. Google reCAPTCHA

• Type and purpose of processing: When submitting forms, we use the reCAPTCHA service provided by Google Inc. This serves to distinguish whether the input is made by a natural person or abusively by machine and automated processing.
• Legal basis: The processing of the data is based on the user's consent (Art. 6 (1) (a) GDPR).
• Recipient: For the above-mentioned purpose, the browser you use must connect to Google's servers. This informs Google that our website has been accessed via your IP address. The data protection provisions of Google Inc. apply to this. You can find further information on the data protection guidelines of Google Inc. under data protection provisions or terms and conditions. Information of the third party provider: (user conditions, overview of data protection, privacy policy).
• Third country transfer: Google is based in the USA. For the USA, there is an adequacy decision by the European Commission. An adequate level of protection is therefore guaranteed for certified US companies. Google's certification can be viewed at the following link: Certification.
• Storage period: The data will only be processed in this context for as long as the corresponding consent is available.
• Provision prescribed or required: The provision of your personal data is voluntary, based solely on your consent. If you prevent access, this may result in functional restrictions on the website.
• Withdrawal of consent: You can withdraw your consent to the storage of your personal data and its use for the surveys at any time

 

11. YouTube

• Nature and purpose of processing: We have integrated YouTube videos in our online offerings and these are saved at www.YouTube.com and can be played directly from our website. These are all in the “expanded data protection” mode, i.e. no data about you as a user will be transferred to YouTube if you do not play the videos. Only after you play the videos, will the data listed in paragraph 2 be transferred. We have no influence on this data transfer.

Through your visit to the website, YouTube will be informed that you have opened on the corresponding subpage of our website. In addition, the data named in Section 4 of this declaration will be transmitted. This will happen regardless of whether you are logged in to a YouTube user account, or if there is not user account at all.

• Legal basis: The processing of the data entered in the survey form is based on your consent in accordance with Art. 6 (1) (a) GDPR.
• Recipients: Recipients of the data may be technical service providers. Your data will be transmitted to YouTube (Google LLC). Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and privacy settings.
• Drittlandstransfer: Google LLC is based in the USA. The European Commission has issued an adequacy decision for the USA. An adequate level of protection is therefore guaranteed for certified US companies. The certification of Google LLC can be viewed at the following link: Certification.
• Storage period: The data will only be processed in this context as long as the relevant consent has been given.
• Provision prescribed or required: The provision of your personal data is voluntary, based solely on your consent.
• Withdrawal of consent: You can revoke your consent to the storage of your personal data and its use for the surveys at any time with effect for the future.
• Profiling: If you are logged into Google, your data will be assigned directly to your account. If you do not want your data immediately assigned to your account, you must log out before activating the button. YouTube will store the data as a user profile and use it for promotional purposes, market research and/or the user-friendly design of its website. Such assessments are primarily made to provide tailored advertisements (even for users who are not logged in) and to inform other users in the social network about your activities on our website. You have the right to object to the creation of a user profile; however, you must address these objections to YouTube.

 

12. Information regarding your right to object in terms of Art. 21 GDPR

• Right to object on a case-by-case basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

• Recipients of an objection

The objection can be made informally with the subject "Objection", stating your name, address or other identifying information to the above-mentioned contact information.

 

13. Data security

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. TLS).

 

14. Change to our privacy policy

We reserve the right to change this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g., when introducing new services. The new privacy policy will then apply to your next visit.

Questions about data protection: If you have any questions about data protection, please send us an e-mail to: datenschutzbeauftragter@forwardis.com

 

LEGAL

Information letter to business partners

Information according to Article 13 and Article 14 of the General Data Protection Regulation (GDPR) This information letter shall give you an overview on how we are processing your personal data as well as of your rights relating to the processing of personal data. Which personal data is processed in particular and how it is used depends largely on the services requested or agreed upon in every single case. For this reason, not all parts of this information letter will be applicable to you. Apart from that, this information on data protection may be updated from time to time. You can always access the current version using the link in our mail signature.

1. Who is responsible for data processing and whom can I contact?

The controller for the purpose of GDPR is For clients of Forwardis GmbH: Forwardis GmbH Charlottenstraße 16 D-10117 Berlin Telefon: +49 30 549 793 30 E-Mail: privacy@forwardis.com You can reach our external Data Protection Officer at: c/o activeMind AG Management- und Technologieberatung Kurfürstendamm 56 10707 Berlin Telefon: +49 30 770 19 10 70 E-Mail: datenschutzbeauftragter@forwardis.com

2. We are processing your personal data for the following purposes and on the following legal basis:

We are processing personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG): 2.1 To fulfil the contractual obligations (point (b) of Article 6 (1) GDPR) The data processing is carried out in order to perform:

• pre-contractual measures (e.g. preparation of offers)
• our contract
• additional contractual services by our subcontractor in charge

2.2 Based on the legal requirements (point (c) of Article 6 (1) GDPR) We are subject to various legal obligations that imply the processing of personal data. These obligations include among others:

• the control and reporting obligations under the provisions of tax law as well as storage obligations
• the obligations arising from Money Laundering Act
• the processing of enquiries and fulfilment of requirements of supervisory authorities, law enforcement agencies or courts
• the processing of possible enquiries and fulfilment of requirements of the tax office during a company audit

2.3 Within the weighing of interests (point (f) of Article 6 (1) GDPR) Whenever required, we are processing your personal data beyond the actual performance of the contract in order to protect our legitimate interests or legitimate interests of third parties. Examples of such cases include:

• direct advertising for our own products and/or services (e.g. in the form of regular email newsletters)
• the assertion of legal claims and defence in case of legal disputes
• the processing of your personal data in our CRM system

3. Who receives your data?

3.1 Within our company Our employees from the sales, accounting and operational departments, insofar as this is required to maintain the contact with you and to fulfil our contractual and statutory obligations (including the fulfilment of pre-contractual measures). Employees from office management area – for the purpose of internal maintenance of contact data. 3.2 Within the scope of order processing (internal recipients) Your personal data may be passed on to the service providers acting as data processors on our behalf. These may include other group companies and/or external service providers from the following areas: Support or maintenance of EDP or IT applications:

• Bookkeeping
• Data destruction
• All service providers are contractually bound and especially obliged to treat your personal data as confidential.

3.3 Other recipients (third parties) Data is only passed on to the recipients outside of our company in compliance with the applicable data protection regulations. The recipients of personal data may include among others:

• public authorities and institutions (e.g. financial authorities or law enforcement agencies) in case of a legal or official obligation
• credit and financial service providers (processing of payment transactions)
• tax advisors or public auditors as well as payroll tax auditors and company auditors (statutory audit assignment)
• lawyers
• external Data Protection Officer
• operational subcontractors commissioned with the performance of your contract, if you need the data for the purpose of order performance.

4. Will personal data be transferred to a third country or to an international organisation?

Personal data is transferred to bodies in the countries outside of the European Economic Area (so-called third countries) insofar as:

• it is required by law (e.g. reporting obligations under the tax law),
• you have given us your consent or
• we have concluded a data processing agreement with our service provider. In this case, a transfer of your personal data may also take place
• where the European Commission has decided that the third country in question ensures an adequate level of protection (Article 45 GDPR) or
• on the basis of suitable guarantees (standard data protection clauses issued by the EU Commission).

Your personal data is currently processed by the following service providers based outside of the European Union and in the countries outside of the European Economic Area (EEA): CITRIX, United States of America Apart from that, we have also agreed with our service providers by contract that the data protection guarantees must always be provided also by their contracting parties, in compliance with the European data protection level. We will provide you with a copy of these guarantees upon request.

5. How long is the storage period of your personal data?

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and statutory obligations. If the data is no longer required for the fulfilment of our contractual or statutory obligations, it is deleted on a regular basis. The following exceptions shall apply,

• insofar as the statutory storage obligations must be fulfilled, e.g. pursuant to the German Commercial Code (Handelsgesetzbuch, HGB) and the German Fiscal Code (Abgabenordnung, AO). The storage or documentation periods specified therein are usually six to ten years;
• for the preservation of evidences within the statutory provisions on the statute of limitations. Pursuant to §§ 195 et seqq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), these limitation periods may add up to a total of 30 years, with the regular limitation period being 3 years.
• If the data processing is carried out in our legitimate interest or in legitimate interest of a third party, personal data will be deleted as soon as this interest will no longer exist. The aforementioned exceptions shall also apply here.

6. What data protection rights do you have?

You have the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. Restrictions may apply to the right of access and to the right to erasure in accordance with §§ 34 and 35 BDSG. Apart from that, there is also a right to lodge a complaint with a supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG). A list of supervisory authorities (for non-public sector) together with the address can be found at: More information on the BfDI site.

7. Am I obliged to provide my personal data?

Within the framework of the contractual relationship you have to provide those personal data that are necessary for the commencement, performance and termination of the contractual relationship and for the fulfilment of the related contractual obligations or data that we are collecting based on our statutory obligations. Without this data, we will usually not be able to conclude the contract with you or to execute it. Information about your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR) Right to object in individual cases You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6 (1) GDPR (data processing based on the weighing of interests). Should you exercise your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves for the establishment, exercise or defence of legal claims.  

8. Having an objection

If you wish to exercise your right to object, it is sufficient to send an e-mail to: privacy@forwardis.com