Information on the General Data Protection Regulation
On May 25, a new European data protection law came into effect, the General Data Protection Regulation (GDPR) http://eur-lex.europa.eu/legal-content/de/TXT/?uri=CELEX%3A32016R0679. Based on this new data protection law we are obliged to provide you with transparent information regarding the data we process when you use our services.
The data controller responsible for data processing in the context of our customer relations is
Konrad Zippel Spediteur GmbH & Co. KG (Konrad Zippel)
Managing directors: Axel Plass and Axel Kröger
Data protection contact
For all data protection enquiries and issues, please contact firstname.lastname@example.org We have appointed an external data protection officer; for reasons of confidentiality, all emails will be forwarded to the officer directly.
The supervisory authority with responsibility for Konrad Zippel is the regional data protection officer for Hamburg [Landesdatenschutzbeauftragte Hamburg]: https://www.datenschutz-hamburg.de/
General information on new data protection law
Personal information is all information that relates to an identified or identifiable natural person (hereafter "Data Subject"). A natural person is regarded as being identifiable if they can be identified directly or indirectly, especially by being matched to a label or sign such as an ID number.
Principle of necessity
An essential principle of data protection law thus far is also enshrined in the GDPR: the necessity principle. This principle states that data processing is permissible only when the data concerned are necessary to achieve a specific purpose – e.g. address data for transport purposes.
Contract processing is not to be confused with contract transport services. Contract processing involves a service provider being commissioned to process personal data.
When we commission contract data processing, we are obliged to form a special agreement with the service provider concerned and to require the service provider to prove that it will handle your data in the proper way (art. 28 GDPR).
However not every deployment of service providers is subject to art. 28 GDPR. The applicability of this provision is assessed on a case-by-case basis.
For service providers based outside of the European Union or those who are not located in one of the countries recognised by the European Commission as being secure non-EU countries (e.g. Iceland, Liechtenstein, Norway, or Canada), we will base our client-supplier (controller-processor) relationship on the current standard contractual clauses stipulated by the European Commission.
Transport and logistics services do not involve contract processing in the sense intended by art. 28 GDPR, as the data are required solely for transport purposes. Nor does the appointment of subcontractors constitute contract processing in the sense intended by that provision.
In your relationship with us, you have the following rights, provided you yourself are the data subject. These rights can also be asserted by your staff. The rights are:
Some of these rights are conditional, however.
The right to data portability does in our view not apply to our customers.
As we provide services on credit and therefore assume a level of risk, we reserve the right to carry out credit checking. This involves our obtaining from credit reference agencies information regarding the statistical likelihood of payment default. The legal basis for this is art. 6 para. 1 p. 1 f GDPR.
Ordering transport services
If you order transport services by phone, the data required for the processing of your order will be entered manually in our despatch software and assigned to your customer account or to a new customer account. You will then receive an automatic order confirmation. If you order via email, the data will be automatically assigned to your customer account or a new account will be set up for you. We have formed a contract processing agreement with the operator of the despatch software, as per art. 28 GDPR.
For logistics services we use a Zippel Group company or an external contractor.
The printing and despatch of invoices, documents, and official warnings is carried out by a service provider with whom we have concluded an appropriate contract processing agreement as per art. 28 GDPR.
If despite issuing an overdue notice we still do not receive payment, our claim will be transferred to an external debt referral agency. The legal basis for this is art. 6 para. 1 p. 1 f GDPR.
Our communication is mainly email-based. We need your email address to send you documents relating to customer service (art. 6 para. 1 p. 1 b GDPR). Communication for customer service purposes does not involve any advertising.
Please note that email communication is generally not secure. If you would like to arrange for attachments (e.g. invoice copies) to be protected (e.g. with a password), please let us know.
If we wish to send you marketing information via email, we will obtain your specific consent. You can at any time and with future effect opt out of marketing emails without having to provide a reason (art. 6 para. 1 p. 1 a and 7 para. 3 GDPR).
You can register for our tariff calculator, Zippix, at https://www.zippel24.net/index.asp?embed=1&directSid=70&directUrl=tom%2Findex%2Easpx
Here you can enquire about our current prices for combined-mode transport and check your quotes and our terms and conditions of carriage. Access is password-protected, so please use a secure password. The legal basis for this is art. 6 para. 1 p. 1 a GDPR.
If you send the telephonnumber when you call us, the number will be saved on the telephone system and will be deleted after 10 calls. Our employees could view the list of their own incoming and outgoing calls for 31 days via the tool "ProCall".
We use an encrypted communication process (https – secure hypertext transfer protocol) to transfer data securely so that you can enjoy uninterrupted access to the information on our website.
In accessing our site, you consent to the placing of cookies on your computer.
You can adjust your browser settings according to your preferences and, for example, reject third-party cookies or all cookies.
We use Google Analytics, a service based on cookies (see Cookies section above). Information produced by the cookies is usually transferred to a Google server in the US and stored there. This is done as part of contract processing (see Contract Processing section above).
Also transferred to Google is the IP address of your browser. On this website we use IP anonymisation. This means that, within the European Union and in Liechtenstein, Iceland, and Norway, your IP address will be abbreviated by Google. Only in exceptional cases will your full IP address be transferred to a Google server in the US and stored there. We do not combine IP addresses transmitted from browsers with other data.
The IP address transferred from your browser as part of the Google Analytics service will not be combined by Google with other data – or at least not at our behest.
You can prevent Google from capturing and processing these data by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=de
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in their abbreviated format and cannot be used for personal identification purposes, so insofar as the data gathered about you can be used to identify you personally, the possibility of such identification will be immediately excluded and the personal data concerned immediately deleted.
The legal basis for the use of Google Analytics is art. 6 para. 1 p. 1 f GDPR and § 15 Telemedia Act [Telemediengesetz – TMG].
The data concerned will be evaluated by us via a service provider with whom we have formed an appropriate contract processing agreement (art. 28 GDPR).
This website uses Google Maps, a service from Google Ltd. In using this website you consent to the capture, processing, and use of automatically collected data by Google Ltd. and their agents as well as by third parties. The new data protection regulations for Google's services can be found at https://policies.google.com/privacy?hl=de.
This website uses Google Fonts, a product from Google Ltd. enabling the use of typefaces on the Internet. Via these typefaces information is transmitted to a Google server. The new data protection regulations for Google's services can be found at https://policies.google.com/privacy?hl=de We embed typefaces in a way that helps to protect data and that does not allow for the creation of a connection to a Google server.
Social media plug-ins
We currently use the following social media plug-ins: Facebook, YouTube, and Twitter. Use of these plug-ins is subject to the two-click rule. This means that, when you visit our website, there is no initial sharing of your personal data with the plug-in providers. Social media plug-ins can be recognised via their logo or via their initial letter encased in a button. If you click on the button, you communicate directly with the plug-in provider concerned. Only if you click on this marked field and thereby activate it will the plug-in provider be informed that you have visited our website. In the case of Facebook, the company's German branch has stated that your IP address will be anonymised immediately on capture. When the plug-in is activated, your personal data will be transferred to the plug-in provider concerned and saved in the US.
The plug-in provider collects data, especially via cookies (see Cookies above). We ourselves have no influence on the data collected or how it is processed. Nor do we know the full extent to which it is collected, the purposes for which it is processed or how long it is held for. Nor do we have any information regarding the deletion of the data collected via the plug-in provider.
If you are logged in to your social media account with the provider of the plug-in, your personal data as collected by us will be assigned directly to your account with the plug-in provider. If you click on the activated button and, for example, link to another page, the plug-in provider will save this information in your user account as well and share it publicly with your contacts. We recommend regularly logging out of your social media accounts after using them, and especially before activating the button, as by doing so you can avoid data being assigned to your profile at the plug-in provider concerned.
The new data protection regulations drawn up by Twitter can be found at https://twitter.com/privacy?lang=de#update. In the Data Protection and Security section of your account settings you can find a passage headed Individualisation and Data. This passage contains a link marked "change", which opens another page. It is here that you can adjust your settings.
The new data protection regulations drawn up by Facebook can be found at https://www.facebook.com/about/privacy/update.
Our videos are embedded in our site in compliance with data protection regulations.
Our staff receive regular data protection training to ensure they implement GDPR regulations.
Technical and administrative measures
We have created and implemented a security concept that we regularly update to ensure it is sustainable.
Under trade law and tax law regulations (e.g. § 14b Sales Tax Act [Umsatzsteuergesetz], see (https://www.gesetze-im-internet.de/ustg_1980/__14b.html), we have to save your invoicing, payment, and order data for a period of ten years. We nonetheless restrict the processing of your data after three years, which means that it will be used only for the purposes of complying with statutory obligations.
This version of our data protection statement is valid from May 25 2018.