Privacy Information for Business Customers, Business Partners, and Their Employees pursuant to Art. 13 and 14 GDPR

We, GO! Express & Logistics Deutschland GmbH, take the protection of personal data and its confidential handling very seriously. We therefore hereby inform you about the processing of your personal data and the rights to which you are entitled.

 

1. Name and Contact Details of the Controller

GO! Express & Logistics Deutschland GmbH

Brühler Straße 9

53119 Bonn

Deutschland

Phone: +49 228 24393-0

Fax: +49 228 24393-590

info@general-overnight.com

www.general-overnight.com

 

2. Contact Details of the Data Protection Officer

Mr. Attorney Boris Reibach

Scheja & Partners GmbH & Co. KG

Adenauerallee 136

53113 Bonn

Deutschland

Phone.: (+49) 0228-227 226 0

https://www.scheja-partners.de/kontakt/kontakt.html

www.scheja-partners.de

3. Information on Relevant Processing Purposes

3.1 Performance of a Contract or Pre-contractual Measures

We process your personal data when this is necessary for the fulfilment of a contract concluded with you or for carrying out pre-contractual measures within the scope of a future or existing business relationship.

This concerns the following cases:

  • Inclusion in the master data management of our customer management system
  • Communication with contact persons of our business partners
  • Preparation, conclusion, and execution of contracts
  • Creation of offers, order confirmations, and invoices

 

Within the business relationship with you or your employer, we only process the personal data relating to you that are connected to the business relationship. These may include, in particular:

  • Contact details, including your name, email address, and telephone number
  • Customer history data
  • Contract data

 

Processing is based on Art. 6(1)(b) GDPR where a business relationship with you personally exists or is intended. If you act on behalf of a third party, particularly your employer, processing is based on Art. 6(1)(f) GDPR, provided this is compatible with your fundamental rights and freedoms.

Providing your personal data is contractually required or necessary for concluding a contract. If you do not provide the data, we are not able to fulfil the contract concluded with you or the intended contract cannot be concluded.

We delete the data when they are no longer required for the purposes of contract fulfilment or pre-contractual measures, unless other legal grounds—particularly statutory or contractual retention periods—apply.

 

3.2 Compliance with Legal Obligations

We also process your personal data to comply with legal obligations to which we are subject. The purposes of processing arise from the respective statutory obligations.

Processing is based on Art. 6(1)(c) GDPR in conjunction with applicable statutory provisions. For example, where we are obliged to retain data for commercial or tax purposes, processing occurs on the basis of Art. 6(1)(c) GDPR in conjunction with Section 257 HGB and Section 147 AO.

We delete your data once the legal obligation no longer applies, unless another legal basis applies. If your data is processed for additional purposes listed in this privacy notice, please also note the respective retention periods.

 

3.3 Marketing Activities

We also process your personal data for the purpose of advertising and marketing our products and services. Where marketing is based on your consent, we also process your personal data to document such consent.

Processing is based on:

  • Art. 6(1)(a) GDPR (consent), if you have granted it
  • Art. 6(1)(f) GDPR (legitimate interests). Our legitimate interest lies in promoting and marketing our products and services. This may include direct marketing.

 

You have the right to withdraw consent at any time at: datenschutz@general-overnight.com. Withdrawal does not affect the lawfulness of processing performed before withdrawal.

Retention periods:

  • Consent-based data: deleted no later than 24 months after our last marketing communication unless withdrawn earlier
  • Documentation of consent: retained for three years after the end of the year in which consent expired or was withdrawn

 

Where we request your consent, you are not obliged to grant it. Not providing consent merely means we cannot inform you about products and services within the scope of the requested consent.

 

3.4 Establishment, Exercise, or Defence of Legal Claims

We may also process your personal data to assert, exercise, or defend legal claims.

Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in asserting or defending legal claims.

We store your data as long as necessary for these purposes, generally three years after fulfilment of the contract.

 

3.5 Protection and Security of IT Resources

We process your personal data to protect and safeguard our IT resources.

Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in protecting our IT infrastructure against attacks and security incidents.

We store your data for as long as required for this purpose, generally up to six months after collection.

 

4. Recipients or Categories of Recipients

Internal recipients:

Only departments and employees who require your personal data for the purposes listed in section 3 have access to it.

External recipients:

  • Processors, e.g., IT system maintenance providers
  • Contracted companies that handle shipment delivery or collection (limited access only)
  • Public authorities, such as prosecutors, courts, or tax authorities, where legally required
  • Private entities, such as lawyers or tax advisors, were legally authorized

 

5. Data Processing in Third Countries

We engage service providers for IT services and IT infrastructure whose headquarters are located outside the EU/EEA. Except in legally permissible cases, we ensure prior to transfer that the recipient ensures an adequate level of data protection or that suitable safeguards are in place.

You may request an overview of recipients in third countries and a copy of the relevant safeguards using the contact details listed in section 1. Other than this, no transfer to third countries occurs.

 

6. Sources of Personal Data in Case of Third‑party Collection

We do not only process personal data obtained directly from you. In some cases, we obtain your data from third parties. These include:

  • Our business partners or your employer’s business partners
  • Where applicable, your employer

If necessary, we will provide more detailed information separately.

 

7. Automated Decision-Making Including Profiling

We do not use automated decision-making or profiling pursuant to Art. 22 GDPR.

 

8. Rights of Data Subjects

You have the following rights:

  • Access to your personal data
  • Rectification of inaccurate or incomplete personal data
  • Erasure under the conditions of Art. 17 GDPR
  • Restriction of processing under Art. 18 GDPR
  • Data portability for data you have provided when processing is automated and based on consent or a contract
  • Withdrawal of consent at any time with future effect

Right to Object

Individual Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6(1)(e) or (f) GDPR, including profiling.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.

Objection to Direct Marketing

If we process your data for direct marketing, you have the right to object at any time. We will then cease processing for such purposes.

Exercising Your Rights

You may contact us at any time using the contact details provided in section 1.

If you believe that processing of your personal data violates data protection law, you may lodge a complaint with a supervisory authority, particularly in the EU Member State or federal state of your habitual residence, workplace, or the location of the alleged violation.

 

If postal services are affected, the competent authority is: 

Federal Commissioner for Data Protection and Freedom of Information (BfDI)

Graurheindorfer Str. 153

53117 Bonn

Phone: +49 (0)228 997799-0

E-Mail: poststelle@bfdi.bund.de

De-Mail: poststelle@bfdi.de-mail.de

 

Otherwise, the competent authority is: 

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestr. 2-4

40213 Düsseldorf

Phone: 0211/38424-0

Fax: 0211/38424-999

E-Mail: poststelle@ldi.nrw.de