Data Protection Declaration
§ 1 Name and contact details of the person responsible for processing and the company data protection officer
This data protection information applies to data processing by:
Name: Globalworx GmbH
Address: Klammsbosch 10, 77880 Sasbach, Germany
§ 2 Collection and storage of personal data as well as the type and purpose of their use
1. Page access
When you visit our website or applications auth.gwxcloud.com, app.gwxcloud.com, globalworx.eu, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and kept until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the file called up,
- website from which access is made (referrer URL),
- browser used and, if applicable, the operating system of your computer and the name of your access provider.
The data mentioned are processed by us for the following purposes:
- Ensuring a smooth connection to the website and the gwxcloud application,
- ensuring comfortable use of our website and gwxcloud application
- Evaluation of system security and stability as well as
- for further administrative purposes
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f DSGVO (GDPR). Our legitimate interest follows from the purposes of data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about you person.
2. GWX Cloud
If you use our GWX cloud application for the purpose of data collection in the context of temperature monitoring, you will be asked to enter data in a ready-made mask before completion and log in. The following information is recorded:
- Name and Company Name
- Phone Number
The data mentioned are processed by us for the following purposes:
- Execution of the contract
- Correspondence with you
We use HTTPS encryption for security between the cloud customer and the application
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b and lit. f DSGVO (GDPR). Our legitimate interest lies in carrying out normal business transactions and keeping proper bookkeeping.
The data mentioned are processed in order to continuously develop our offer based on specific usage data. The legal basis for data processing is Art. 6 I 1 lit. f DGVO (GDPR). Our legitimate interest lies in. Our legitimate interest follows from the purposes of data collection listed above.
§ 3 Deletion periods
The data collected in accordance with § 2 section 2 will be stored for 15 years for tax reasons and then deleted unless otherwise agreed with the customer.
§ 4 Transfer of data
A transfer of your personal data to third parties for purposes other than those listed below does not take place. We will only pass on your personal data to third parties if:
- According to Art. 6 Para. 1 S. 1 lit. a DSGVO (GDPR) have given express consent to this,
- the transfer according to Art. 6 Para. 1 S. 1 lit. f DSGVO (GDPR) is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- in the event that there is a legal requirement for the transfer according to Art. 6 Para. 1 S. 1 lit. c DSGVO (GDPR) there is a legal obligation, and
- this is legally permissible and according to Art. 6 Para. 1 S. 1 lit. b DGSVO (GDPR) is necessary for the processing of contractual relationships with you.
§ 5 Affected Rights
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 DSGVO (GDPR)
- In accordance with Art. 16 DSGVO (GDPR), to immediately request the correction of incorrect or incomplete personal data stored by us;
- to request the deletion of your personal data stored by us in accordance with Art. 17 DSGVO (GDPR)
- to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO (GDPR) or to object to the processing of your personal data in accordance with Art. 21 DSGVO (GDPR)
- in accordance with Art. 20 DSGVO (GDPR), to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible.
- To complain to a supervisory authority in accordance with Art. 77 DSGVO (GDPR).
If you would like to make use of one of these rights, it is sufficient to send an email to firstname.lastname@example.org with your request.
§ 6 Automated decision-making, obligation to provide, and consequences of non-provision
Automated decision-making in accordance with Art. 22 I, IV DSGVO (GDPR) does not take place.
The provision of personal data is contractually stipulated and necessary for the conclusion of a contract. You are obliged to provide this data.
If the data in question is not provided, it is not possible for us to conclude a contract with you. It is also possible that claims for damages may arise against you, especially if you deliberately provide incorrect information.
§ 7 External Services
1. Google Maps
If PayPal is used for payment, the following rule applies; PayPal is an online payment service provider that allows you to process virtual payments. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the person concerned selects "PayPal" as the payment option during the ordering process, the data of the person concerned will be automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing. The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone numbers or other data that are necessary for payment processing
You have the right to revoke the relevant consent at any time by email to the address mentioned without affecting the legality of the processing carried out on the basis of the consent up to the revocation.
The purpose of transmitting the data is to process payments and prevent fraud. The person responsible for processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the person responsible for processing may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness.
PayPal may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary to fulfil the contractual obligations or the data is to be processed on behalf of.
3. Google Analytics
Google uses the information collected to evaluate the use of our website, to write reports for us on this and to provide us with other related services. Find out more.
To deactivate Google Analytics, Google provides a browser plug-in.
We use Postmark for reliable delivery of our applications emails. Postmark meet our obligations as a processor under Article 28 of GDPR.
To this end:
- Postmark process our and end user data per our instructions.
- Postmark have implemented appropriate technical and organizational measures to protect the data with which we entrust them. You can view a detailed description of our security controls in Exhibit B (Security Measures) of our DPA
- Postmark have provided a list of our sub-processors and will give us the opportunity to object if they engage a new one. You can access this list here
- Postmark have instituted a policy informing and obligating their employees to maintain the confidentiality of our information.
- Postmark have instituted a procedure to assist us in complying with requests for access, amendment or deletion that we may get from our customers or end users.
- Postmark are able to inform us without delay in the event of a data breach
- Postmark will delete our customer/end user information at the end of our agreement with us, if we ask them.
- Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Wildbit Inc. has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by:
- Using EDPO’s online request form: https://edpo.com/gdpr-data-request
- Writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
Postmark have addressed cross border data transfers
Like the Data Protection Directive that preceded it, GDPR includes provisions on international data transfer mechanisms. In order to comply with these provisions, Postmark meet with GDPR requirements for agreements between Data Controllers (you) and Data Processors (us). Postmark DPA includes the Standard Contractual Clauses (SCC) for cross border transfers. It also outlines in detail our current security practices.
We use SMSAPI for reliable delivery of our applications SMS. The SMSAPI ensures the confidentiality of the content of the messages sent through SMSAPI service, as well as of the information on the entity through and to which the messages are sent, unless such information is in the public domain as a matter of principle or its disclosure is necessary for the correct provision of the services. The Information as referred to above may be revealed only in the cases specified in legal regulations.
- The SMSAPI take the matters of protection and security of Personal Data seriously and will process such information in accordance with applicable Data Protection Legislation and the Agreement. In order to provide the Services, Service Provider may process Personal Data about Users and others who access the Services. SMSAPI may disclose Personal Data to third parties as set out in the Agreement.
- The way of dealing with Personal data, scope and responsibilities of the SMSAPI in the processing of personal data are described in the Data Processing Agreement for entrusting the processing of personal data between the SMSAPI and the Globalworx which constitutes a documented processing order in accordance with art. 28 paragraph 3.a) of GDPR.
§7 International Data Transfer
Data transfers to other jurisdictions that are not within the European Economic Area (the EEA) can only take place if the transfer is to an „Adequate Jurisdiction “, the business has implemented one of the required safeguards as specified by the GDPR, or one of the derogations specified in the GDPR applies to the relevant transfer.
When transferring personal data to a country other than an Adequate Jurisdiction, we must ensure that there are appropriate safeguards on the data transfer. The GDPR offers a number of ways to ensure compliance for international data transfers, of which the most common for German businesses is the use of EU Standard Contractual Clauses (SCC). We have adopted the SCC drafted by the EU Commission – these are available for transfer between controllers, and transfers between a controller (as exporter) and a processor (as the importer).
Transfer of personal data to the USA is also possible if the data importer has signed up to the EU-ES Privacy Shield Framework.
International data transfers may also take place on the basis of contracts agreed between the data exporter and importer, provided they conform to the protection outlined in the GDPR.