1. PROCESSING OF PERSONAL DATA
   • When you are using our website webshipper.com, our Webshipper service, contact us, and in a number of other situations, we process personal information concerning you.
   • In this Privacy Policy, you can read about how we process your personal data, your legal rights, and how you can contact us if you have any questions about our processing of your personal data.
   • In the Privacy Policy, “we”, “us”, and “our” refer to Webshipper and nShift, jointly, cf. below in section 1.
   • Personal data processed by us, will be processed in accordance with General Data Protection Regulation (GDPR), and applicable national data protection legislation.
2. DATA CONTROLLER
   • Due to the nature of our business and our group of businesses, when using the Webshipper services Webshipper ApS and nShift B.V. are joint data controllers, unless otherwise is specifically stated in this Privacy Policy.
   • You may at any time contact us, regarding our processing of personal data concerning you, at:

Webshipper ApS                          or                   nShift B.V.

Søndergade 2B                                                  Ellen Pankhurststraat 1C

DK-8660 Silkeborg                                             NL-5032 MD Tilburg

(“Webshipper”)                                                 (“nShift”)

• You may also contact our data protection officer at: dpo@nshift.com, or use the contact form, at our websites.

3. PURPOSE AND LEGAL BASIS
   • We only collect personal data concerning you, to the extent necessary for us to provide the best possible service to you. Below, we describe situations where we process your personal data.
   • Customers – When we enter into an agreement regarding our services through a business entity, where you are a contact or with you personally, we process personal data concerning you in order to perform our business relationship. Such information is your name, position, place of employment, contact information, and information in relation to the nature of our cooperation. When customers use our online resources, we further collect information on IP-address, MAC-address, actions, and time of use, with the purpose of being able to document actions taken. The legal basis for processing such information is GDPR art. 6, sect. 1, lit. b (agreement). We will retain the information for the duration of our agreement and for the legal limitation period thereafter. We will further retain any accounting information for the legally required retention period.
   • Suppliers and other cooperation partners – When you cooperate with us, either as a supplier or otherwise, personally or through a business entity, where you are a contact we will process information about you, in order to perform our business relationship. Such information is your name, position, place of employment, contact information, and information in relation to the nature of our cooperation, and payment information The legal basis for processing such information is GDPR art. 6, sect. 1, lit. b (agreement). We will retain the information for as long as our cooperation lasts and for the legal limitation period thereafter. We will further retain any accounting information for the legally required retention period.
   • Communication – When you contact us through mail, e-mail, contact forms, phone or otherwise, we will process information on your identity, contact information and any information in your enquiry. The purpose of such processing is for us to handle and or reply to your enquiry. Our legal basis for such processing is GDPR art. 6, sect. 1, lit. f (legitimate interest), or where we have an obligation to reply to you, e.g., in relation to support, or where we become legally bound by the correspondence; GDPR art. 6, sect. 1, lit. b (agreement). We will retain such information for as long as the correspondence is ongoing and 12 months thereafter. If any of such correspondence contain legally binding wording, e.g., offers, contracts etc. we will retain the correspondence for as long as the correspondence is legally binding and 3 years thereafter.
   • Newsletters – With your consent, we will forward newsletters to you. In this regard, we will process your name and e-mail address. Our legal basis for the processing is regard is GDPR art. 6, sect. 1, lit. a (consent). We will retain your personal data until such time, where you withdraw your consent. We may also use your personal data collected, when you sign-up for our newsletter for other marketing purposes, which will then be basis on GDPR art. 6, sect. 1, lit. f (legitimate interest).
   • Events – If you choose to participate in one of our events, online or physical, we will process information about your name, address, place of employment, billing information, and your interest in the event. Such information will be processed for us to arrange and hold the event. Our legal basis is GDPR art. 6, sect. 1, lit. b (agreement). We will retain such information for 12 months after the event has taken place. Your name, e-mail address and place of employment may be shared with third-party organisers of the event, to the extent necessary, and with other participants in the same event. The legal basis is in this regard GDPR art. 6, sect. 1, lit. f (legitimate interest). When holding events, we may on some occasions take pictures and/or record video, for use in marketing materials, on our website or otherwise. To the extent you are recognizable in pictures or video, we will prior to using these for marketing purposes as for your permission, either through consent, GDPR art. 6, sect. 1, lit. a, or through an agreement with you GDPR art. 6, sect. 1, lit. b. If you oppose to us taking pictures and/or recording video even if we do not use the photos or vide for marketing, please inform the photographer.
   • Leads, other marketing – When we collect your personal information through other means of processing, including when you are a customer, cooperation partner, participant in one of our events or receive our newsletter, but not when you apply for a job with us, we will further process your personal data, with the purpose of establishing a business relationship or furthering an already existing business relationship. In this regard we will process your name, position, place of employment, contact information and information on our already existing cooperation, if any, or information on the nature of our relationship, and information on interests you have shown, when in relation with us. The legal basis for such processing is GDPR art. 6, sec. 1, lit. f (legitimate interest). We will retain such information for these marketing purposes for a period of 12 months after any existing business relationship has ended.
   • Technical data – When you use our online resources, including our websites, we collect information on your IP-address, MAC-address, actions, and time. This data may in some instances be personal data. We collect such data with the purpose of logging use of our resources, in order for us document actions taken, and for security purposes. The legal basis for our processing of such data, where it is personal data, is GDPR art. 6, sec. 1, lit. f (legitimate interest). We will retain such information for logging purposes for a period of 12 months.
   • Cookies etc. – When you use our websites, we will, except where the use of specific cookies etc. is necessary for providing our website to you, ask for your consent to make use of cookies or other similar technologies, e.g. pixel-technology (all referred to as “cookies”) Prior to consenting in the use of cookies, you will be able to obtain information on whether we or a third party sets the cookie and the purpose of the specific cookie and for how long the cookie is stored. In general, we use cookies, for providing necessary functionality on our websites, for adapting our content to you, for analysing the use of our website, and for marketing purposes. You can read more on the purpose of each specific cookie in our Cookie Policy.
   • Job applications – when you apply for a job with us, we process the information you provide us with. The data controller in this regard, will be the entity to which you send your application, see section 1 for contact information. Our legal basis for such processing is GDPR art. 6, sect. 1, lit. a (consent), and, if your job application contains sensitive information, which we ask you to not include, GDPR art. 9, sect. 2, lit. a (consent, sensitive information). If you are hired, we will retain your personal data for as long as you work with us and 5 years thereafter. If you are not hired, we will retain your personal information for a period of up to 6 months after having decided to not offer you a position. If you are not hired, but we would like to keep your application for consideration in regard a future position which we may have, we will as for your consent to keep your application for such purpose. If you grant us such consent, we will retain your application, for such period to which you consent. Our legal basis for such processing is GDPR art. 6, sect. 1, lit. a (consent), and, if your job application contains sensitive information; GDPR art. 9, sect. 2, lit. a (consent, sensitive information). You may in such situation of course withdraw your consent at any time, after which we will not retain your job application any longer.
4. TRANSFER / DISCLOSURE OF DATA
   • Personal data concerning you which we process, will not be disclosed to third parties, unless it is necessary for providing our service to you; if we have your consent; where provided for in this Privacy Policy; where we are legally obligated to disclose such personal data; or where we need to disclose such personal data to defend ourselves against or assert legal claims.
   • We use several data processors to provide our services. All such data processors act under our instruction and are not allowed to use personal data processed for us, for other than our purposes. We have entered into data processing agreements with such processors to ensure this. Some of our data processors are located outside the EU/EEA, we have ensured relevant legal basis for such transfer of personal data outside the EU/EEA. Upon request, we can inform you of the data processors in question, and you can obtain a copy of the basis for the transfer in question.
5. SECURITY
   • We have implemented appropriate technical, organisational, and physical security measures to ensure protection of your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, considering the risks involved in the processing as well as the nature of the personal data in question.
   • Our organisational security measures include internal policies on the processing of personal data, ensuring i.a. that only employees having a work-related need, will have access to personal data concerning you.
6. RETENTION PERIOD
   • We will retain your personal data as described above, see section 3, or until it is no longer necessary for us to process your personal data, whichever period is shorter.
   • Besides the above, see section 1, we reserve the right to retain your personal data for a longer period if we need to retain personal data concerning you, in order to protect our legitimate interests, for example, in connection with legal disputes, or if we are legally required to retain such personal data.
7. YOUR PRIVACY RIGHTS
   • In accordance with the GDPR, you have a number of legal rights. Please do not hesitate to contact us if you wish to make use of your legal rights. See our contact information in section 2.
     • You have the right at any time to obtain information as to whether we process personal data concerning you and have access to such information as well as additional information on our processing.
     • You have the right to have personal data concerning you which we process rectified if such personal data is inaccurate.
     • You have in certain situations the right to have your personal data erased or anonymised prior to our usual retention time.
     • In certain situations, you have the right to restrict the processing of your personal data. If you claim such right, we will only store your personal data until your objection has been assessed. If we lift the restriction of our processing of your personal data, you will be notified in advance.
     • You may object to our otherwise legal processing of personal data concerning you in certain situations. You may always object to the use of personal data concerning you for direct marketing.

• In certain situations, you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to have such data transferred from one data controller to another controller.
• To the extent that we process personal data concerning you based on your consent, you may withdraw your consent at any time. Such withdrawal of consent will only take effect regarding subsequent processing of personal data concerning you.

8. COMPLAINT
   • If you are not satisfied with our processing of personal data concerning you, please contact us. Our contact options can be found in section 2.
   • You may also lodge a complaint with The Danish Data Protection Agency (www.datatilsynet.dk), the Dutch Data Protection Agency (www.autoriteitpersoonsgegevens.nl), or another relevant supervisory authority.
9. CHANGES
   • We may change this Privacy Policy from time to time. The at any time current version of this Privacy Policy will be available on our websites.
   • If we have made changes to this Privacy Policy, we will make a notification of this on our website. If we have access to your electronic contact information, we may also, at our prerogative, contact you directly about the updated Privacy Policy.
10. VERSION
    • This Privacy Policy was updated in April 2022.