Privacy Information for the Website of GO! Express & Logistics Deutschland GmbH pursuant to Art. 13 General Data Protection Regulation (GDPR)

We, GO! Express & Logistics Deutschland GmbH, hereby inform you about the processing of your personal data and the rights to which you are entitled in connection with the use of our website.

1. Name and contact details of the controller

GO! Express & Logistics Deutschland GmbH

Brühler Straße 9

53119 Bonn

+49 228 24393-0

datenschutz@general-overnight.com

2. Contact details of the Data Protection Officer

Boris Reibach, LL.M.

Scheja & Partners GmbH & Co. KG

Adenauerallee 136

53113 Bonn

Germany

Tel.: +49 228-227 226 0

Contact form: https://www.scheja-partners.de/kontakt/kontakt.html

3. Rights of data subjects

As a data subject, you have the following rights under the General Data Protection Regulation (GDPR), provided that the respective legal requirements are met:

Access (Art. 15 GDPR): You have the right to request confirmation as to whether personal data concerning you is being processed; where that is the case,
- you have the right of access to this processing.
Rectification (Art. 16 GDPR): You may request the rectification of inaccurate data relating to you. In addition, you may request the completion of incomplete data relating to you.
Erasure (Art. 17 GDPR): You may request the deletion of your personal data, among other things if the processing was unlawful or is no longer necessary.
Restriction of processing (Art. 18 GDPR): You may request that the processing of your data be restricted, among other things instead of deletion of the data.
Data portability (Art. 20 GDPR): If you have provided data on the basis of a contract or consent and the processing is carried out by automated means, you may request that you receive the data you have provided in a structured, commonly used and machine-readable format or that it be transmitted to another controller.
Withdrawal of consent (Art. 7(3) GDPR): If you have given consent to the processing of your data, you may withdraw this consent at any time with effect for the future. The lawfulness of the processing of your data up to the time of withdrawal remains unaffected.

Right to object in individual cases:

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(f) GDPR (balancing of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Objection to data processing for direct marketing purposes:

Where we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Exercise of your rights: To exercise all of your aforementioned rights, please contact datenschutz@general-overnight.com or use the contact details of the controller provided above under section 1.

You may withdraw your consent to cookies in the Cookie Center. WhereExercise of your rights: To exercise all of your above-mentioned rights, please contact datenschutz@general-overnight.com or use the contact details of the controller provided above under section 1.

You may withdraw your consent to cookies in the Cookie Center. Where you give consent for individual services on our website, you will receive further information on withdrawal options when giving your consent and under section 5 (“Exercising withdrawal”).

If you are of the opinion that the processing of your personal data violates data protection law, you may also lodge a complaint with a supervisory authority, in particular in the EU Member State or federal state of your habitual residence, your place of work or the place of the alleged infringement complained of.

This also applies to the supervisory authority responsible for us: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, telephone: +49 211 38424-0, email: poststelle@ldi.nrw.de

If postal services are affected, the supervisory authority responsible for us is: The Federal Commissioner for Data Protection and Freedom of Information, Graurheindorfer Str. 153, 53117 Bonn, telephone: +49 228 997799-0, email: poststelle@bfdi.bund.de

4. Details on integrated services and functionalities

4.1. Own services

4.1.1. Provision of the website

Personal data processed	Date and time of access, duration of visit, type of end device, operating system used, functions used, volume of data sent, type of event, IP address, domain name
Purpose(s)	Provision of the website
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(f) GDPR (balancing of interests). Our legitimate interest lies in providing our website.
Recipients	Hosting provider, external service provider for technical support
Drittlandtransfer	No
Storage period	Deletion immediately after delivery by the web server

4.1.2. Log files

Personal data processed	URL accessed, IP address, time and date of access, amount of data transmitted, website from which the user reached the requested page (so-called "referrer"), website pages accessed from the user's system via our website, HTTP status, information about browser type and version used, user's operating system, user's internet service provider
Purpose(s)	Statistical evaluations, improvement of the website, system security (e.g. prevention of misuse), error diagnosis
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(f) GDPR (balancing of interests). Our legitimate interest lies in improving the website, ensuring system security (e.g. prevention of misuse) and diagnosing errors. Art. 6(1)(c) GDPR (compliance with legal obligations). This includes disclosures to public authorities upon request.
Recipients	Hosting provider, external service provider for technical support, public authorities upon request
Drittlandtransfer	No
Storage period	Deletion 7 days after creation

4.1.3. Contact form

Personal data processed	First and last name of the person making contact, salutation, company, telephone number, email address, fax number, message content, IP address, information that the user is classified as a human rather than a bot
Purpose(s)	Receipt and processing of enquiries, complaints or other feedback
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(f) GDPR (balancing of interests). Our legitimate interest lies in receiving and processing enquiries, complaints or other feedback as well as in effective spam protection. Art. 6(1)(c) GDPR (compliance with legal obligations). This includes disclosures to public authorities upon request.
Recipients	Hosting provider, public authorities upon request
Drittlandtransfer	No
Storage period	Deletion after final processing of the matter
Obligation to provide data and consequences of failure to provide it	Mandatory fields in the contact form are marked with “*”; other information does not have to be provided.

4.1.4. Shipment tracking / order tracking

Personal data processed	Shipment number, IP address
Purpose(s)	Enabling shipment tracking
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (compliance with legal obligations). This includes disclosures to public authorities upon request.
Recipients	Hosting provider, IT service providers, public authorities upon request
Drittlandtransfer	No
Storage period	Deletion after final processing of the matter, up to 10 years depending on the content
Obligation to provide data and consequences of failure to provide it	There is no obligation to provide the data; if it is not provided, shipments cannot be tracked online.

4.1.5. Shipping request

Personal data processed	Company, salutation, first and last name, postcode, email address, telephone number, destination and type of shipment, IP address
Purpose(s)	Assistance in finding a suitable shipping solution for the purpose of initiating a contract
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (compliance with legal obligations). This includes disclosures to public authorities upon request.
Recipients	Internal departments, IT service providers
Drittlandtransfer	No
Storage period	After final processing of the matter; up to 10 years depending on the content
Obligation to provide data and consequences of failure to provide it	There is no obligation to provide the data; if it is not provided, no assistance can be given in finding a suitable shipping solution.

4.1.6. Shipping materials

Personal data processed	Company, GO! customer number, salutation, first and last name, postal address, email address, telephone number, IP address, requested shipping materials
Purpose(s)	Sale of shipping materials
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (compliance with legal obligations).
Recipients	Internal departments, IT service providers
Drittlandtransfer	No
Storage period	After final processing of the matter; up to 10 years depending on the content
Obligation to provide data and consequences of failure to provide it	There is no obligation to provide the data; if it is not provided, no contract for shipping materials can be concluded via this route.

4.1.7. Registration for customer portal / web portal

Personal data processed	Company, GO! customer number, salutation, first and last name, postcode, IP address
Purpose(s)	Enabling use of the web portal for transport management
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(b) GDPR (contract).
Recipients	Internal departments, IT service providers
Drittlandtransfer	If, when using IT services and IT infrastructure, service providers are used whose registered office is not located in the European Union or the European Economic Area, then outside legally permitted exceptions we ensure before transfer that either an adequate level of data protection exists at the recipient or suitable safeguards are in place. You may request an overview of recipients in third countries and a copy of the suitable or appropriate safeguards. Please use the contact details under section 1 for this purpose.
Storage period	You may delete your account at any time and request deletion directly. If this does not occur, deletion takes place automatically after 90 days.
Obligation to provide data and consequences of failure to provide it	There is no obligation to provide the data; if it is not provided, the web portal cannot be used.

4.1.8. Station search

Personal data processed	Manually entered address or postcode, country, language, IP address
Purpose(s)	Enabling the search for a GO! station near the entered postcode
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(f) GDPR (balancing of interests); our legitimate interest lies in giving you the opportunity to view the nearest GO! station and thereby provide a service.
Recipients	Internal departments, IT service providers
Drittlandtransfer	No
Storage period	We store the data only for as long as is necessary to achieve the purpose.
Obligation to provide data and consequences of failure to provide it	There is no obligation to provide the data; if it is not provided, station search is not possible.

4.1.9. Load news

Personal data processed	Country, language, page number/offset, IP address
Purpose(s)	Enabling retrieval of current posts for the newswall
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(f) GDPR (balancing of interests); our legitimate interest lies in giving you the opportunity to take note of news from us and to provide information about our company and our products
Recipients	Internal departments, IT service providers
Drittlandtransfer	No
Storage period	We store the data only for as long as is necessary to achieve the purpose.
Obligation to provide data and consequences of failure to provide it	There is no obligation to provide the data; if it is not provided, no news can be loaded.

4.1.10. Unsolicited application

Personal data processed	First and last name, salutation, telephone number, email address, content of the cover letter, other application documents (CV, certificates), IP address, location for the application
Purpose(s)	Receipt and processing of unsolicited applications via the website; initiation of an employment relationship
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(b) GDPR (contract), where applicable Section 26 para. 3 sentence 1 BDSG, Art. 9(2)(b) GDPR, where applicable Art. 6(1)(f) GDPR (legitimate interest: evidence of the lawful course of the application procedure in any potential legal dispute; special categories of personal data are then processed on the basis of Art. 9(2)(f) GDPR). See also the privacy information of GO! Express & Logistics Deutschland GmbH for applicants (Privacy Policy for Applicants).
Recipients	Internal departments, processors, where applicable another GO! company to which the application is to be directed (if the application is not addressed to GO! Express & Logistics Deutschland GmbH)
Drittlandtransfer	No
Storage period	If your application is unsuccessful, the application data will be deleted six months after completion of the application procedure. If we wish to retain the data for future positions, we will contact you and ask for your consent. See also the privacy information of GO! Express & Logistics Deutschland GmbH for applicants (Privacy Policy for Applicants).
Obligation to provide data and consequences of failure to provide it	There is no obligation to provide the data; if it is not provided, no unsolicited online application can be made.

4.1.11. Application for an advertised position

Personal data processed	First and last name, salutation, contact data (e.g. telephone number, email address), content of the cover letter, other application documents (CV, cer-tificates), IP address
Purpose(s)	Receipt and processing of online applications; initiation of an employment relationship
Legal basis/bases	Section 25 para. 2 no. 2 TDDDG, Art. 6(1)(b) GDPR (contract), where applicable Section 26 para. 3 sentence 1 BDSG, Art. 9(2)(b) GDPR. See also the privacy information of GO! Express & Logistics Deutschland GmbH for applicants (Privacy Policy for Applicants).
Recipients	Internal departments, processors, the posting GO! company (if the vacancy is not from GO! Express & Logistics Deutschland GmbH)
Drittlandtransfer	No
Storage period	Applicant data will be deleted no later than six months after completion of the application proce-dure if the application was unsuccessful. See also the privacy information of GO! Express & Logistics Deutschland GmbH for applicants (Privacy Policy for Applicants).
Obligation to provide data and consequences of failure to provide it	There is no obligation to provide the data; if it is not provided, no unsolicited online application can be made.

4.2. Cookies and similar technologies

Information on cookies and similar technologies can be accessed by clicking on the red banner icon, which is displayed at all times on the left-hand side of the screen.