Privacy Information for the GO! Express & Logistics Deutschland GmbH Website (Art. 13 and 14 GDPR)

We, GO! Express & Logistics Deutschland GmbH, take the protection of personal data and its confidential handling very seriously. We therefore hereby inform you about the processing of your personal data and the rights to which you are entitled.

 

1. Name and Contact Details of the Controller

GO! Express & Logistics Deutschland GmbH

Brühler Straße 9

53119 Bonn

Germany

Phone: +49 228 24393-0

Fax: +49 228 24393-590

info@general-overnight.com

www.general-overnight.com 

 

2. Contact Details of the Data Protection Officer

Mr. Attorney Boris Reibach

Scheja & Partners GmbH & Co. KG

Adenauerallee 136

53113 Bonn

Germany

Phone: (+49) 0228-227 226 0

https://www.scheja-partners.de/kontakt/kontakt.html

www.scheja-partners.de

3. Information on Relevant Processing Purposes

3.1 Performance of a Contract or Pre‑contractual Measures

We process your personal data when this is necessary for fulfilling a contract concluded with you or for carrying out pre‑contractual measures within the scope of a future or existing business relationship.

This concerns the following cases:

  • Inclusion in the master data management of our customer management system
  • Communication with contact persons of our business partners
  • Preparation, conclusion, and execution of contracts
  • Creation of offers, order confirmations, and invoices

 

Within the business relationship with you or your employer, we only process the personal data relating to you that are connected to the business relationship. These may include, in particular:

  • Contact details, including your name, email address, and telephone number
  • Customer history data
  • Contract data

 

Processing is based on Art. 6(1)(b) GDPR where a business relationship with you personally exists or is intended. If you act on behalf of a third party, particularly your employer, processing is based on Art. 6(1)(f) GDPR, provided this is compatible with your fundamental rights and freedoms.

Providing your personal data is contractually required or necessary for concluding a contract. If you do not provide the data, we are not able to fulfil the contract concluded with you or the intended contract cannot be concluded.

We delete the data when they are no longer required for the purposes of contract fulfilment or pre‑contractual measures, unless other legal grounds—particularly statutory or contractual retention periods—apply.

 

3.2 Compliance with Legal Obligations

We also process your personal data to comply with legal obligations to which we are subject. The purposes of processing arise from the respective statutory obligations.

Data processing is based on Art. 6(1)(c) GDPR (legal obligation) in conjunction with the relevant statutory provisions establishing such obligations. For example, if we are required to retain data for commercial and tax reasons, processing is based on Art. 6(1)(c) GDPR in conjunction with Section 257 HGB and Section 147 AO.

We delete your data once the legal obligation no longer applies, unless another legal basis applies. If your data is also processed for other purposes stated in this privacy notice, please also note the storage periods specified for those purposes.

 

3.3 Marketing Activities

We also process your personal data for the purpose of advertising and marketing our products and services. Where marketing is based on your consent, we process your personal data to document your consent.

Processing is based on:

  • Art. 6(1)(a) GDPR (consent), if you have granted it
  • Art. 6(1)(f) GDPR (legitimate interests). Our legitimate interests lie in promoting and marketing our products and services. This may also include sending you direct advertising (direct marketing).

 

You have the right to withdraw your consent at any time at: datenschutz@general-overnight.com. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Retention periods:

  • Data processed based on consent: deleted no later than 24 months after our last marketing communication (expiry of consent), unless you withdraw earlier. If you withdraw your consent earlier, we delete your data immediately.
  • Data processed to document your consent: stored for three years after the end of the year in which you withdrew your consent or it expired.

 

If your data is also processed for other purposes stated in this privacy notice, please note the respective storage periods for those purposes.

Where we request your consent, you are not obliged to grant it or provide the corresponding data. Failure to provide it merely means we cannot inform you about our products and services in the scope covered by the requested consent.

Apart from that, an obligation to provide your personal data exists only to the extent stated in section 3.1.

 

3.4 Establishment, Exercise, or Defence of Legal Claims

We may also process your personal data for the establishment, exercise, or defence of legal claims.

Processing is based on Art. 6(1)(f) GDPR (legitimate interests). Our legitimate interests lie in asserting, exercising, or defending legal claims.

We store your data as long as necessary for these purposes, generally for three years after fulfilment of the contract. If your data is also processed for other purposes stated in this privacy notice, please note the corresponding storage periods.

 

3.5 Protection and Security of IT Resources

We also process your personal data to protect and safeguard our IT resources.

Processing is based on Art. 6(1)(f) GDPR (legitimate interests). Our legitimate interests lie in protecting our IT resources from potential attacks or security incidents.

We store your data for as long as required for the purpose of protecting and securing IT resources, generally up to six months after collection. If your data is also processed for other purposes, the storage periods outlined for those purposes apply.

 

4. Recipients or Categories of Recipients

Internal recipients:

Only those departments and employees who require access to fulfil the purposes listed in section 3.

External recipients:

  • Processors, e.g., companies maintaining our IT systems. All processors are carefully selected and regularly reviewed.
  • Contracted companies: We commission additional companies to deliver or collect shipments. These companies have access only to the data required for performing their assignment.
  • Public authorities: Authorities such as prosecutors, courts, or tax authorities to whom we may transfer personal data if required by law.
  • Private entities: Private entities to whom we transfer data based on a legal authorisation, such as lawyers or tax advisors.

 

5. Data Processing in Third Countries

We use service providers for IT services and IT infrastructure whose registered office is not located within the European Union or European Economic Area. Before any transfer—except in cases permitted by law—we ensure that the recipient either provides an adequate level of data protection or appropriate safeguards are in place.

You may request an overview of the recipients in third countries and a copy of the applicable safeguards. Please use the contact details provided in section 1. Apart from that, no transfer of your personal data to third countries takes place.

 

6. Sources of Personal Data in Case of Third‑party Collection

We do not only process personal data that we collect directly from you. In certain cases, we also obtain your personal data from third parties. These sources include:

  • Our business partners or the business partners of your employer
  • Where applicable, your employer

If necessary, we will provide additional information separately.

 

7. Automated Decision‑Making Including Profiling

We do not use automated decision‑making or profiling under Art. 22 GDPR.

 

8. Rights of Data Subjects

As a data subject you have the following rights:

  • To request confirmation as to whether we process personal data relating to you; if so, you have the right to access this data.
  • To request rectification of inaccurate personal data concerning you and completion of incomplete data.
  • To request erasure of your personal data under the conditions of Art. 17 GDPR, e.g., if processing is unlawful or no longer necessary.
  • To request restriction of processing under Art. 18 GDPR, e.g., instead of erasure.
  • To receive personal data concerning you that you have provided to us in a structured, commonly used, and machine‑readable format or to request that it be transmitted to another controller (data portability), where processing is automated and based on your consent or a contract with you.
  • To withdraw your consent at any time with effect for the future (withdrawal of consent). Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Right to Object

Individual Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6(1)(e) GDPR (performance of a task carried out in the public interest or in the exercise of official authority) or Art. 6(1)(f) GDPR (legitimate interests), including profiling based on these provisions.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defence of legal claims.

 

Objection to processing for Direct Marketing Purposes

If we process your personal data for direct marketing (see above), you have the right to object at any time to such processing; this also applies to profiling related to direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

 

Exercising Your Rights

To exercise your rights, you may contact us at any time using the contact details provided in section 1.

If you believe that processing of your personal data violates data protection law, you may lodge a complaint with a supervisory authority, in particular in the EU member state or federal state of your habitual residence, workplace, or the location of the alleged infringement.

 

Supervisory Authority for Postal Services

The competent supervisory authority for postal services is: 

 

Federal Commissioner for Data Protection and Freedom of Information (BfDI)

Graurheindorfer Str. 153

53117 Bonn

Phone: +49 (0)228 997799-0

E-Mail: poststelle@bfdi.bund.de

De-Mail: poststelle@bfdi.de-mail.de

 

Otherwise Competent Supervisory Authority:

State Commissioner for Data Protection and Freedom of Information North Rhine‑Westphalia

Kavalleriestr. 2-4

40213 Düsseldorf

Phone: 0211/38424-0

Fax: 0211/38424-999

E-Mail: poststelle@ldi.nrw.de