Data Protection Declaration

§ 1 Name and contact details of the person responsible for processing and the company data protection officer

This data protection information applies to data processing by:

Name: Globalworx GmbH
Address: Klammsbosch 10, 77880 Sasbach, Germany


§ 2 Collection and storage of personal data as well as the type and purpose of their use

1. Page access
When you visit our website or applications,,, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and kept until it is automatically deleted:

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the file called up,
  • website from which access is made (referrer URL),
  • browser used and, if applicable, the operating system of your computer and the name of your access provider.

The data mentioned are processed by us for the following purposes:

  • Ensuring a smooth connection to the website and the gwxcloud application,
  • ensuring comfortable use of our website and gwxcloud application
  • Evaluation of system security and stability as well as
  • for further administrative purposes

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f DSGVO (GDPR). Our legitimate interest follows from the purposes of data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about you person.


2. GWX Cloud

If you use our GWX cloud application for the purpose of data collection in the context of temperature monitoring, you will be asked to enter data in a ready-made mask before completion and log in. The following information is recorded:

  • Name and Company Name
  • Address
  • Phone Number
  • E-Mail-Address

The data mentioned are processed by us for the following purposes:

  • Execution of the contract
  • Correspondence with you
  • Invoicing

We use HTTPS encryption for security between the cloud customer and the application

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b and lit. f DSGVO (GDPR). Our legitimate interest lies in carrying out normal business transactions and keeping proper bookkeeping.


3. Cookies

Our website uses cookies. These are small text files that make it possible to save user-specific information on the device while using the website and application. Cookies make it possible to analyse the number of users, the frequency of use and the behaviour of the site users and thus make our offer more customer-friendly. Cookies remain stored after the end of a browser session and can be called up again when you revisit the site. If you do not want this, you can configure your internet browser so that it refuses to accept cookies.
The data mentioned are processed in order to continuously develop our offer based on specific usage data. The legal basis for data processing is Art. 6 I 1 lit. f DGVO (GDPR). Our legitimate interest lies in. Our legitimate interest follows from the purposes of data collection listed above.


§ 3 Deletion periods

The data collected in accordance with § 2 section 2 will be stored for 15 years for tax reasons and then deleted unless otherwise agreed with the customer.


§ 4 Transfer of data

A transfer of your personal data to third parties for purposes other than those listed below does not take place. We will only pass on your personal data to third parties if:

  • According to Art. 6 Para. 1 S. 1 lit. a DSGVO (GDPR) have given express consent to this,
  • the transfer according to Art. 6 Para. 1 S. 1 lit. f DSGVO (GDPR) is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal requirement for the transfer according to Art. 6 Para. 1 S. 1 lit. c DSGVO (GDPR) there is a legal obligation, and
  • this is legally permissible and according to Art. 6 Para. 1 S. 1 lit. b DGSVO (GDPR) is necessary for the processing of contractual relationships with you.


§ 5 Affected Rights

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 DSGVO (GDPR)
  • In accordance with Art. 16 DSGVO (GDPR), to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to request the deletion of your personal data stored by us in accordance with Art. 17 DSGVO (GDPR)
  • to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO (GDPR) or to object to the processing of your personal data in accordance with Art. 21 DSGVO (GDPR)
  • in accordance with Art. 20 DSGVO (GDPR), to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible.
  • To complain to a supervisory authority in accordance with Art. 77 DSGVO (GDPR).

If you would like to make use of one of these rights, it is sufficient to send an email to with your request.


§ 6 Automated decision-making, obligation to provide, and consequences of non-provision

Automated decision-making in accordance with Art. 22 I, IV DSGVO (GDPR) does not take place.
The provision of personal data is contractually stipulated and necessary for the conclusion of a contract. You are obliged to provide this data.
If the data in question is not provided, it is not possible for us to conclude a contract with you. It is also possible that claims for damages may arise against you, especially if you deliberately provide incorrect information.


§ 7 External Services

1. Google Maps

This website uses the product Google Maps from Google Inc. By using this website, you agree to the collection, processing and use of the automatically collected data by Google Inc., their representatives and third parties. You can find the terms of use of Google Maps at


2. Paypal

If PayPal is used for payment, the following rule applies; PayPal is an online payment service provider that allows you to process virtual payments. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the person concerned selects "PayPal" as the payment option during the ordering process, the data of the person concerned will be automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing. The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone numbers or other data that are necessary for payment processing

You have the right to revoke the relevant consent at any time by email to the address mentioned without affecting the legality of the processing carried out on the basis of the consent up to the revocation.

The purpose of transmitting the data is to process payments and prevent fraud. The person responsible for processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the person responsible for processing may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness.

PayPal may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary to fulfil the contractual obligations or the data is to be processed on behalf of.

PayPal's current privacy policy can be found at


3. Google Analytics

Our website uses Google Analytics. Google Analytics is a web analysis service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies (see above) to analyse the use of our website. The information recorded by the cookie (including your IP address) is usually transferred to a Google server in the USA and stored there. Google complies with the data protection provisions of the "Privacy Shield" agreement of the US Department of Commerce.

Google uses the information collected to evaluate the use of our website, to write reports for us on this and to provide us with other related services. Find out more.

To deactivate Google Analytics, Google provides a browser plug-in.


4. Postmark

We use Postmark for reliable delivery of our applications emails. Postmark meet our obligations as a processor under Article 28 of GDPR.

To this end:

  • Postmark process our and end user data per our instructions.
  • Postmark have implemented appropriate technical and organizational measures to protect the data with which we entrust them. You can view a detailed description of our security controls in Exhibit B (Security Measures) of our DPA
  • Postmark have provided a list of our sub-processors and will give us the opportunity to object if they engage a new one. You can access this list here
  • Postmark have instituted a policy informing and obligating their employees to maintain the confidentiality of our information.
  • Postmark have instituted a procedure to assist us in complying with requests for access, amendment or deletion that we may get from our customers or end users.
  • Postmark are able to inform us without delay in the event of a data breach
  • Postmark will delete our customer/end user information at the end of our agreement with us, if we ask them.
  • Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Wildbit Inc. has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by:

Postmark have also updated our terms of service and privacy policy to provide greater transparency about our practices and help us pass that forward to our customers and end-users.


Postmark have addressed cross border data transfers

Like the Data Protection Directive that preceded it, GDPR includes provisions on international data transfer mechanisms. In order to comply with these provisions, Postmark meet with GDPR requirements for agreements between Data Controllers (you) and Data Processors (us). Postmark DPA includes the Standard Contractual Clauses (SCC) for cross border transfers. It also outlines in detail our current security practices.



We use SMSAPI for reliable delivery of our applications SMS. The SMSAPI ensures the confidentiality of the content of the messages sent through SMSAPI service, as well as of the information on the entity through and to which the messages are sent, unless such information is in the public domain as a matter of principle or its disclosure is necessary for the correct provision of the services. The Information as referred to above may be revealed only in the cases specified in legal regulations.

  • The SMSAPI take the matters of protection and security of Personal Data seriously and will process such information in accordance with applicable Data Protection Legislation and the Agreement. In order to provide the Services, Service Provider may process Personal Data about Users and others who access the Services. SMSAPI may disclose Personal Data to third parties as set out in the Agreement.
  • The way of dealing with Personal data, scope and responsibilities of the SMSAPI in the processing of personal data are described in the Data Processing Agreement for entrusting the processing of personal data between the SMSAPI and the Globalworx which constitutes a documented processing order in accordance with art. 28 paragraph 3.a) of GDPR.


§7 International Data Transfer

Data transfers to other jurisdictions that are not within the European Economic Area (the EEA) can only take place if the transfer is to an „Adequate Jurisdiction “, the business has implemented one of the required safeguards as specified by the GDPR, or one of the derogations specified in the GDPR applies to the relevant transfer.

When transferring personal data to a country other than an Adequate Jurisdiction, we must ensure that there are appropriate safeguards on the data transfer. The GDPR offers a number of ways to ensure compliance for international data transfers, of which the most common for German businesses is the use of EU Standard Contractual Clauses (SCC). We have adopted the SCC drafted by the EU Commission – these are available for transfer between controllers, and transfers between a controller (as exporter) and a processor (as the importer). 

Transfer of personal data to the USA is also possible if the data importer has signed up to the EU-ES Privacy Shield Framework.

International data transfers may also take place on the basis of contracts agreed between the data exporter and importer, provided they conform to the protection outlined in the GDPR.