Privacy Policy
- PROCESSING OF PERSONAL DATA
- When you are using our website webshipper.com, our Webshipper service, contact us, and in a number of other situations, we process personal information concerning you.
- In this Privacy Policy, you can read about how we process your personal data, your legal rights, and how you can contact us if you have any questions about our processing of your personal data.
- In the Privacy Policy, “we”, “us”, and “our” refer to Webshipper and nShift, jointly, cf. below in section 1.
- Personal data processed by us, will be processed in accordance with General Data Protection Regulation (GDPR), and applicable national data protection legislation.
- DATA CONTROLLER
- Due to the nature of our business and our group of businesses, when using the Webshipper services Webshipper ApS and nShift B.V. are joint data controllers, unless otherwise is specifically stated in this Privacy Policy.
- You may at any time contact us, regarding our processing of personal data concerning you, at:
Webshipper ApS or nShift B.V.
Søndergade 2B Ellen Pankhurststraat 1C
DK-8660 Silkeborg NL-5032 MD Tilburg
(“Webshipper”) (“nShift”)
- You may also contact our data protection officer at: dpo@nshift.com, or use the contact form, at our websites.
- PURPOSE AND LEGAL BASIS
- We only collect personal data concerning you, to the extent necessary for us to provide the best possible service to you. Below, we describe situations where we process your personal data.
- Customers – When we enter into an agreement regarding our services through a business entity, where you are a contact or with you personally, we process personal data concerning you in order to perform our business relationship. Such information is your name, position, place of employment, contact information, and information in relation to the nature of our cooperation. When customers use our online resources, we further collect information on IP-address, MAC-address, actions, and time of use, with the purpose of being able to document actions taken. The legal basis for processing such information is GDPR art. 6, sect. 1, lit. b (agreement). We will retain the information for the duration of our agreement and for the legal limitation period thereafter. We will further retain any accounting information for the legally required retention period.
- Suppliers and other cooperation partners – When you cooperate with us, either as a supplier or otherwise, personally or through a business entity, where you are a contact we will process information about you, in order to perform our business relationship. Such information is your name, position, place of employment, contact information, and information in relation to the nature of our cooperation, and payment information The legal basis for processing such information is GDPR art. 6, sect. 1, lit. b (agreement). We will retain the information for as long as our cooperation lasts and for the legal limitation period thereafter. We will further retain any accounting information for the legally required retention period.
- Communication – When you contact us through mail, e-mail, contact forms, phone or otherwise, we will process information on your identity, contact information and any information in your enquiry. The purpose of such processing is for us to handle and or reply to your enquiry. Our legal basis for such processing is GDPR art. 6, sect. 1, lit. f (legitimate interest), or where we have an obligation to reply to you, e.g., in relation to support, or where we become legally bound by the correspondence; GDPR art. 6, sect. 1, lit. b (agreement). We will retain such information for as long as the correspondence is ongoing and 12 months thereafter. If any of such correspondence contain legally binding wording, e.g., offers, contracts etc. we will retain the correspondence for as long as the correspondence is legally binding and 3 years thereafter.
- Newsletters – With your consent, we will forward newsletters to you. In this regard, we will process your name and e-mail address. Our legal basis for the processing is regard is GDPR art. 6, sect. 1, lit. a (consent). We will retain your personal data until such time, where you withdraw your consent. We may also use your personal data collected, when you sign-up for our newsletter for other marketing purposes, which will then be basis on GDPR art. 6, sect. 1, lit. f (legitimate interest).
- Events – If you choose to participate in one of our events, online or physical, we will process information about your name, address, place of employment, billing information, and your interest in the event. Such information will be processed for us to arrange and hold the event. Our legal basis is GDPR art. 6, sect. 1, lit. b (agreement). We will retain such information for 12 months after the event has taken place. Your name, e-mail address and place of employment may be shared with third-party organisers of the event, to the extent necessary, and with other participants in the same event. The legal basis is in this regard GDPR art. 6, sect. 1, lit. f (legitimate interest). When holding events, we may on some occasions take pictures and/or record video, for use in marketing materials, on our website or otherwise. To the extent you are recognizable in pictures or video, we will prior to using these for marketing purposes as for your permission, either through consent, GDPR art. 6, sect. 1, lit. a, or through an agreement with you GDPR art. 6, sect. 1, lit. b. If you oppose to us taking pictures and/or recording video even if we do not use the photos or vide for marketing, please inform the photographer.
- Leads, other marketing – When we collect your personal information through other means of processing, including when you are a customer, cooperation partner, participant in one of our events or receive our newsletter, but not when you apply for a job with us, we will further process your personal data, with the purpose of establishing a business relationship or furthering an already existing business relationship. In this regard we will process your name, position, place of employment, contact information and information on our already existing cooperation, if any, or information on the nature of our relationship, and information on interests you have shown, when in relation with us. The legal basis for such processing is GDPR art. 6, sec. 1, lit. f (legitimate interest). We will retain such information for these marketing purposes for a period of 12 months after any existing business relationship has ended.
- Technical data – When you use our online resources, including our websites, we collect information on your IP-address, MAC-address, actions, and time. This data may in some instances be personal data. We collect such data with the purpose of logging use of our resources, in order for us document actions taken, and for security purposes. The legal basis for our processing of such data, where it is personal data, is GDPR art. 6, sec. 1, lit. f (legitimate interest). We will retain such information for logging purposes for a period of 12 months.
- Cookies etc. – When you use our websites, we will, except where the use of specific cookies etc. is necessary for providing our website to you, ask for your consent to make use of cookies or other similar technologies, e.g. pixel-technology (all referred to as “cookies”) Prior to consenting in the use of cookies, you will be able to obtain information on whether we or a third party sets the cookie and the purpose of the specific cookie and for how long the cookie is stored. In general, we use cookies, for providing necessary functionality on our websites, for adapting our content to you, for analysing the use of our website, and for marketing purposes. You can read more on the purpose of each specific cookie in our Cookie Policy.
- Job applications – when you apply for a job with us, we process the information you provide us with. The data controller in this regard, will be the entity to which you send your application, see section 1 for contact information. Our legal basis for such processing is GDPR art. 6, sect. 1, lit. a (consent), and, if your job application contains sensitive information, which we ask you to not include, GDPR art. 9, sect. 2, lit. a (consent, sensitive information). If you are hired, we will retain your personal data for as long as you work with us and 5 years thereafter. If you are not hired, we will retain your personal information for a period of up to 6 months after having decided to not offer you a position. If you are not hired, but we would like to keep your application for consideration in regard a future position which we may have, we will as for your consent to keep your application for such purpose. If you grant us such consent, we will retain your application, for such period to which you consent. Our legal basis for such processing is GDPR art. 6, sect. 1, lit. a (consent), and, if your job application contains sensitive information; GDPR art. 9, sect. 2, lit. a (consent, sensitive information). You may in such situation of course withdraw your consent at any time, after which we will not retain your job application any longer.
- TRANSFER / DISCLOSURE OF DATA
- Personal data concerning you which we process, will not be disclosed to third parties, unless it is necessary for providing our service to you; if we have your consent; where provided for in this Privacy Policy; where we are legally obligated to disclose such personal data; or where we need to disclose such personal data to defend ourselves against or assert legal claims.
- We use several data processors to provide our services. All such data processors act under our instruction and are not allowed to use personal data processed for us, for other than our purposes. We have entered into data processing agreements with such processors to ensure this. Some of our data processors are located outside the EU/EEA, we have ensured relevant legal basis for such transfer of personal data outside the EU/EEA. Upon request, we can inform you of the data processors in question, and you can obtain a copy of the basis for the transfer in question.
- SECURITY
- We have implemented appropriate technical, organisational, and physical security measures to ensure protection of your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, considering the risks involved in the processing as well as the nature of the personal data in question.
- Our organisational security measures include internal policies on the processing of personal data, ensuring i.a. that only employees having a work-related need, will have access to personal data concerning you.
- RETENTION PERIOD
- We will retain your personal data as described above, see section 3, or until it is no longer necessary for us to process your personal data, whichever period is shorter.
- Besides the above, see section 1, we reserve the right to retain your personal data for a longer period if we need to retain personal data concerning you, in order to protect our legitimate interests, for example, in connection with legal disputes, or if we are legally required to retain such personal data.
- YOUR PRIVACY RIGHTS
- In accordance with the GDPR, you have a number of legal rights. Please do not hesitate to contact us if you wish to make use of your legal rights. See our contact information in section 2.
- You have the right at any time to obtain information as to whether we process personal data concerning you and have access to such information as well as additional information on our processing.
- You have the right to have personal data concerning you which we process rectified if such personal data is inaccurate.
- You have in certain situations the right to have your personal data erased or anonymised prior to our usual retention time.
- In certain situations, you have the right to restrict the processing of your personal data. If you claim such right, we will only store your personal data until your objection has been assessed. If we lift the restriction of our processing of your personal data, you will be notified in advance.
- You may object to our otherwise legal processing of personal data concerning you in certain situations. You may always object to the use of personal data concerning you for direct marketing.
- In accordance with the GDPR, you have a number of legal rights. Please do not hesitate to contact us if you wish to make use of your legal rights. See our contact information in section 2.
- In certain situations, you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to have such data transferred from one data controller to another controller.
- To the extent that we process personal data concerning you based on your consent, you may withdraw your consent at any time. Such withdrawal of consent will only take effect regarding subsequent processing of personal data concerning you.
- COMPLAINT
- If you are not satisfied with our processing of personal data concerning you, please contact us. Our contact options can be found in section 2.
- You may also lodge a complaint with The Danish Data Protection Agency (www.datatilsynet.dk), the Dutch Data Protection Agency (www.autoriteitpersoonsgegevens.nl), or another relevant supervisory authority.
- CHANGES
- We may change this Privacy Policy from time to time. The at any time current version of this Privacy Policy will be available on our websites.
- If we have made changes to this Privacy Policy, we will make a notification of this on our website. If we have access to your electronic contact information, we may also, at our prerogative, contact you directly about the updated Privacy Policy.
- VERSION
- This Privacy Policy was updated in April 2022.
Privacy Policy
The data responsible company is:
Webshipper ApS
Søndergade 2B
DK-8600 Silkeborg
CVR No. 35668934
Contact: Aksel Alrø Kruhøffer
Phone: +45 52 34 04 10
Email: akr@webshipper.com
1. Processing of personal data and purposes
Webshipper processes personal data about you when you contact us by email, letter, website, social media and in connection with the purchase or fulfilment of contracts and agreements. Also, we process personal data about you if you are applying for vacancies, are employed, work as an intern, or are a member of the Board of Directors.
The personal data you send to us, digitally or on paper, is processed by our employees according to purpose and relevance. Thus, your personal data is processed and stored confidentially and securely, and only the relevant employees have access to your personal data and any files. We delete your personal data when it is no longer necessary to process it.
1.1 Attending events
When signing up for one or more of our events, you consent to us processing your personal data. The data is shared with instructors and facilitators at the specific event.
The data will be deleted within 12 months of the event.
At courses and events, we take pictures and record video to be used on the website, in printed material, on social media, or other marketing. If you do not wish photos/videos of you for the purposes mentioned, you must notify the photographer or person responsible for this at the event.
Legal basis for the processing: Point (b) and (f) of Article 6(1) of the General Data Protection Regulation. Point (b) concerns contract/agreement and point (f) concerns photos.
1.2 Customers
We use your personal data to fulfil the obligations in our contractual relationship with you/your company.
We also use your personal data to improve our services and to be able to target our messages to you and your business, including targeting advertising and content to you/your business.
We store your personal data as long as we have an active contractual relationship with you/your company.
Once the contractual relationship has ended, we will store your personal data as long as we are obliged to do so under the legislation, including bookkeeping legislation.
In some cases, we will also collect and process other personal data in connection with ongoing communication between the parties.
Legal basis for the processing: Point (b) of Article 6(1) of the General Data Protection Regulation. Point (b) concerns contract/agreement.
1.3 Suppliers and other business partners
At Webshipper, we use several suppliers and partners for different purposes.
In order for us to fulfil our payment obligations and receive our services under the various agreements, we collect and process a number of personal data about employees of these suppliers and business partners.
In this connection, we collect data such as the name, phone number, email address, job title, and place of work.
In some cases, we collect and process other personal data in connection with ongoing communication between the parties.
Legal basis for the processing: Point (b) of Article 6(1) of the General Data Protection Regulation. Point (b) concerns contract/agreement.
1.4 Contact by email, website, and social media
Customers, suppliers, and business partners can contact us through different channels. The purpose of the inquiries varies greatly but most often concern services or clarifications related to customer/supplier relations.
When you contact us, we collect and process personal data about you. This will typically be your name, phone number and email address. Please note that we will also store the information in the message you send to us.
Legal basis for the processing: Point (f) of Article 6(1) of the General Data Protection Regulation. Point (f) concerns legitimate interest in the form of service optimisation and communication.
1.5 Newsletter subscribers
When signing up for our newsletter, you consent to us processing your personal data and sending you newsletters. You can always unsubscribe from the newsletter via the “unsubscribe” feature at the bottom of each newsletter.
When you submit information via forms from our website, this is transmitted using a secure connection (SSL encryption).
Legal basis for the processing: Point (a) of Article 6(1) of the General Data Protection Regulation. Point (a) concerns consent.
2. Disclosure of personal data
In connection with the fulfilment of customer agreements/contracts, third parties may need to use your personal data to provide the services that you have ordered. This may include business partners who need your personal data to perform certain transactions, such as freight, repairs, installations, credit checks, and payment service.
Our data processors also process data in connection with the operation of IT systems and related services.
Also, we only disclose personal data to third parties, including public authorities, if you have expressly consented to this or we have a statutory obligation to do so – for example, in connection with salary payments to employees.
Some of our data processors are located in the United States, and data is thus transferred to third countries. The transfer is based on the European Commission’s Standard Agreements (SCC).
3. Consent
In most cases, our processing of your personal data is based on a legal basis other than consent. To the extent that we may have obtained your consent for certain processing of your personal data, you have the right to withdraw your consent at any time. You can do this by contacting using the contact information listed above. If you choose to withdraw your consent, your withdrawal does not affect the legality of our processing of your personal data on the basis of your previously granted consent and up to the time of withdrawal. Therefore, if you withdraw your consent, it will only take effect from that point on.
4. Storage and deletion of personal data
We delete your personal data according to the general statute of limitations that apply in Denmark. We continually delete personal data that is not necessary when we have fulfilled our obligations in relation to one or more of the purposes for which the data was collected.
If you want to know more about how long we store your personal data, you can always contact us.
5. Security
To secure the personal data we are responsible for as the data controller, we have established a wide range of technical, physical, and organisational security measures.
We have internal procedures for the correct handling of personal data; only employees with work-related need have access to data. We have also adopted an IT and security policy.
The above procedures and policies are reviewed regularly and at least once a year.
6. Your rights
You are at any time entitled to access the data we process about you. However, there are some statutory exceptions. You also have the right to object to the collection and the further processing of your personal data. In addition, you have the right to have your personal data rectified (corrected), deleted, or blocked in accordance with the rules on this. Finally, you have the right to receive the data about yourself that you have provided to us.
You can read more about your rights in the Danish Data Protection Agency’s guide to the rights of data subjects, which you can find here.