PRIVACY POLICY

2. Overview

The processing of data by EVOLOAD DIGITAL S.R.L. (hereinafter referred to as "Supplier") can be essentially divided into two categories:

1. For the purpose of processing contracts by using the online platform "EVOLOAD" (hereinafter referred to as the "Online Platform") all data necessary for the development of a contract with the supplier will be processed. If external service suppliers are also involved in the development of the contract, for example, logistics companies, information agencies or payment service suppliers, your data will be transmitted to them to the extent necessary and processed by them for specific purposes.

2. When you access the supplier's website, various information is exchanged between the terminal and our server. This may also be personal data. The information collected in this way is used, inter alia, to optimize our website or to display advertisements in the browser of your terminal.

3. Accessing our website

When you access our site, the following things are transmitted automatically and without your intervention, through the browser on your terminal

1. the IP address of the requesting internet device,

2. the date and time of access;,

3. the name and URL of the accessed file;

4. the website / application from which the access was made (the reference URL);

5. the browser you use and possibly the operating system of your computer with internet access, as well as the name of your access supplier

to the server of our website and temporarily stored in a so-called log file for the following purposes:

1. Ensuring a trouble-free connection,

2. Ensuring a comfortable use of our website / application,

3. Assessing system security and stability.

The legal basis for the processing of the IP address is Art. 6 Section 1 Para. 1 letter f) GDPR. Our legitimate interest is in the data processing purposes listed above. If the input mask is used to prepare a contract, the legal basis for data processing is Art. 6 Section 1 Para. 1 letter b GDPR.

The operation and provision of the website, the online platform and the database behind them are carried out by our hosting and data center operator Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. The data required to provide our services is transmitted to this hosting operator, which keeps the database on their servers. Our hosting and data center operator is bound by contract to process the data necessary for the operation of the website, the online platform and the database behind them only for a specific purpose. The servers are located in the Federal Republic of Germany.

4. Online presence and website optimization

4.1 Cookies - General Information

We use so-called cookies on our web site under Art. 6 Section 1 Para. 1 letter f GDPR. Our interest in optimizing our website must be considered justified within the meaning of the aforementioned regulation. Cookies are small files that are stored on your device (computer, laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, trojans or other malware. Cookies store the information that results in connection with the specific device used. However, this does not mean that we are immediately aware of your identity. The use of cookies serves on the one hand to make the use of our offer more enjoyable for you. We use so-called session cookies to recognize that you have already visited individual pages on our website or that you have already logged in to your client-protected area on the online platform. These are automatically deleted when you leave our website. In addition, we also use temporary cookies in order to be easy to use, which are stored on your final device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us, what entries / settings you have made, and what type you may have already placed in your shopping cart, so you no longer have to do this again.

If you have a protected area for clients and you are connected to the online platform, the information stored in cookies will be added to your client area.

On the other hand, we use cookies to statistically record the use of our website, in order to optimize our offer and to display information specially customized for you. These cookies allow us to automatically recognize when you visit our website again and that you have already visited us. These cookies are automatically deleted after a defined period of time. Most browsers automatically accept cookies. However, you can configure your browser so that cookies are not stored on your computer or that a message always appears before a new cookie is created. However, if you completely disable cookies, you may not be able to use all the features of our website.

4.2 Google Analytics

For the purpose of a design based on needs and of the continuous optimization of our website, we use Google Analytics pursuant to Art. 6 Section 1 Para. 1 letter f GDPR, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Our legitimate interest results from the purposes presented. In this context, pseudonymized user profiles are created and cookies are used. The cookie generates the following information about your use of this website:

1. Browser type / version,

2. the operating system being used,

3. Referrer-URL (previously visited page),

4. Hostname of the accessing computer (IP address),

5. Server access time

Information is used to evaluate the use of our website, to compile reports on the activity of the website and to provide other services related to the use of the website and the use of the Internet for market research and needs-based design. These internet pages are anonymized, so that assignment is not possible (so-called IP masking).

You can prevent the installation of cookies by setting your browser software accordingly; however, please note that you will not be able to benefit from all the features of this site. You can also prevent the registration of data generated by cookies and related to your use of the website (including the IP address) and the processing of such data by Google by downloading and installing this Browser Add- on. As an alternative to the Browser-Add-on, especially for browsers on mobile devices, you can prevent Google Analytics from recording data. An Opt-Out cookie is set to prevent the collection of your data in the future when you visit this website. The Opt-Out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies from this browser, you will need to set the Opt-Out cookie again. Further information on Google Analytics data protection can be found on the Google Analytics website.

The information generated in the cookie is transmitted to a Google server in the USA and stored there. As far as we know, your IP address will never be combined with other data from Google. Google may also transfer this information to third parties, to the extent required by law or to the extent that third parties process such data on a request basis.

Once the IP address has been anonymized, it is no longer possible to identify you personally. There are no more personal references in reports created based on Google Analytics.

5. Collecting and processing of personal data from clients, suppliers and other business partners

We collect your personal data when you contact us, for example as a potential client or a client, i.e. especially if you are interested in our products and services, you want to position your products and services to the supplier, register for our services online or contact us by e-mail or phone or if you use the products and our services in the context of existing business relationships. We also process personal data from sources accessible to the public, if necessary for our service. We obtain this data permissively for example from the debtors registers or the trade and associations registers. Personal data is also transmitted to us by other third parties (e.g. information agencies).

If you are a client, supplier or a potential client, we may process the following data about you: contact data, client groups / interests, data about sales, data about offers, cost estimates, data about payments, registration data, supply data services, invoice data, protocols.

If you are an employee of a client or supplier, you may have saved your contact information, especially in your role as a contact for a specific process. If you work with vendor applications / programs, the registration data of those applications and the technical data of the systems you work with can also be stored.

6. Legal basis and purposes of processing

6.1 based on your consent (Art. 6 Section 1 Para.1 letter a GDPR)

If you have given your consent for the processing of personal data for certain purposes (e.g. evaluation of data for marketing purposes), the legality of this processing is given on the basis of your consent. This consent may be revoked at any time.

Please note that a revocation is only effective for the future. Processing that took place before the revocation is not affected.

6.2 for the fulfillment of contractual obligations (Art. 6 Section 1 Para. 1 letter b GDPR)

The processing of personal data (Art. 4 No. 2 GDPR) takes place for the provision of our services, especially for the development of our contracts or pre-contractual measures related to you and the performance of services, as well as in the context of administration and client support.

6.3 due to legal requirements (Art. 6 Section 1 Para.1 letter c GDPR) or in the public interest (Art. 6 Section 1 Para.1 letter e GDPR)

Your personal data may be processed by the supplier on the basis of other legal obligations, e.g. a court order.

6.4 within the balance of interests (Art. 6 Section 1 Para. 1 letter f GDPR)

If necessary, the supplier processes your data beyond the actual performance of the contract to protect our legitimate interests or those of third parties. For example, for:

1. better client care,

2. ensuring IT security and IT operations, for example transmission protocols, to suppliers: consulting information agencies (to determine creditworthiness or non-payment risks),

3. checking and optimizing procedures for needs analysis and direct contact with clients

4. advertising or market research and opinion, unless you have objected to the use of your data for these purposes,

5. assertion of legal claims and defense in legal disputes,

6. measures for business management and further development of services and products.

7. Using the online platform "EVOLOAD"

When you register to use the services for the online platform "EVOLOAD", as a client you have accepted our terms and conditions for the use of the online platform "EVOLOAD" (hereinafter referred to as "Online Platform"). To this end, the supplier collects the following data from you:

1. Title

2. First name

3. Last name

4. Street / number

5. Postal code / City / Country

6. Phone number

7. Mobile phone number

8. E-mail address

After the successful completion of the registration, as a client, you have the option to activate your client access to the online platform. For this purpose, an activation link for access to the online platform will be sent to the e-mail address you provided. With this activation link, as a user, confirm the e-mail address specified for a Double-Opt-Ins.

You can access the online portal and your data through a username (your e-mail address) and a password.

The contact ways (address, mobile phone number, e-mail) are also used so we can contact you quickly if you or the supplier have questions about your data or use of your data.

Therefore, the processing serves to fulfill the contract concluded with you (Art. 6 Section 1 Para. 1 letter b GDPR).

You have the option to end the registration process at any time. You can also change the stored data at any time. You can also revoke any consent given during registration at any time for the future.

However, if the data is necessary to fulfill a contract or to perform pre-contractual measures, premature deletion may take place only if the contractual or legal obligations so allow.

8. Processing (accessing) of your data by registered clients

Based on the data entered on and after registration, clients contractually associated with us who are registered on the online platform may be accessed in accordance with the procedure described in our conditions of using the online platform “EVOLOAD ”.

Therefore, the processing serves to fulfill the contract concluded with you (Art. 6 Section 1 Para. 1 letter b GDPR).

9. Recipient of personal data

Within the supplier, those departments that need to process the purposes mentioned above will have access to your data. Order processors employed by the supplier (Art. 28 GDPR) and other service suppliers may also receive data for these purposes. These are companies within the categories of IT services, logistics, telecommunications, marketing, client satisfaction surveys and address research.

In addition, an essential feature for the provision of our services is to provide registered clients with the opportunity to view and access online the data of the desired service, information about goods and merchandise and the recipient of delivery for the initiation of logistics contracts.

Any other transfer of data to recipients outside the supplier will only take place if the provisions allow or require this, if you have consented or we are otherwise authorized to transfer data. Under these conditions, the recipients of personal data may be, for example:

1. Public bodies and institutions, if there is a legal or official obligation.

2. In rare individual maintenance or fault analysis cases, hardware or software support partners may be used. The legally stipulated contractual provisions regarding the purpose limitation and confidentiality are being concluded with them.

Other recipients of data may be those bodies for which you have given us your consent to the transfer of data.

10. Payment details

Payment data is collected as part of the registration process. As a client, you have the option to choose between different payment methods.

10.1 Bank transfer

If you decide to pay the amount by bank transfer, the following payment details will be collected by your payment service supplier:

1. The name of the bank account holder:

2. IBAN

If a service supplier is ordered for a direct debit, it will have knowledge only of the order number and invoice value in addition to the specified payment dates, without being able to assign this information to other information (such as your address or e-mail address).

The legal basis for data processing is Art. 6 Section 1 Para.1 letter b GDPR, because data processing is necessary for payment by bank transfer and thus for the development of the contract.

11. Transfer of data to third countries

If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the EU Commission has confirmed an adequate level of data protection for the third country and an adequate level of data protection has been agreed with the recipient of the data (for example through the standard EU contractual clauses) or you have given us your consent to this.

12. Duration of data storage

If your personal data is no longer needed for the purposes mentioned above, it is deleted on a regular basis, unless its retention - limited - is still necessary to fulfill contractual or legal obligations. The reasons for this can be, for example:

1. Obtaining evidence for legal disputes within the legal prescription: The statute of limitation under civil law can be up to 30 years, the regular statute of limitation being three years.

2. The recorded data is stored for up to 2 years and your requests to our client service for up to 3 years.

3. After these deadlines, the data will be deleted after a post-processing period.

13. Contact forms

We provide a form on our platform that you can use to send us questions and complaints.

The following data is collected and saved:

1. E-mail address

2. Last name, first name

3. Title

4. optional: contact options (mailing address, phone number)

5. Date and time the message was sent

6. Your message

Legal basis for processing your data in the context of the contact form are our legitimate interests (facilitating contact) (Art. 6 Section 1 Para. 1 letter f GDPR) and, if you are or want to become a client, obtaining or fulfilling the contract (Art. 6 Section 1 Para.1 letter b GDPR).

We delete your data as soon as it is no longer needed for the original purpose for which it was collected or after the expiry of the legal retention periods.

14. Newsletter Sign-up

When you sign up for our newsletter, you consent to us and our affiliate companies sending you information about our products and services, as well as information about events and campaigns.

When you register, we collect the following information:

1. E-mail address

2. Last name, first name

3. Title

4. Date and time of registration

We use your e-mail address only to send you the newsletter. We use the additional data collected to personalize your newsletter and verify your registration

The legal basis for the processing of your data in the context of registration for the newsletter is your consent (Art. 6 Section 1 Para. 1 letter a GDPR)

We store your data until you withdraw your consent. You can revoke your consent at any time by clicking on the "Unsubscribe" link in each newsletter.

15. Rights of the person concerned

15.1 Overview

In addition to the right to revoke the consent you have given us, you have the following additional rights if those legal requirements are met:

1. The right to information about your personal data stored by us in accordance with Art. 15 GDPR and § 34 BDSG (Federal Data Protection Act),

2. The right to correct incorrect data or to fill in incomplete data in accordance with Art. 16 GDPR,

3. The right to delete your data stored by us in accordance with Art. 17 GDPR and § 35 BDSG (Federal Data Protection Act),

4. The right to limit the processing of your data in accordance with Art. 18 GDPR,

5. The right to data portability according to Art. 20 GDPR,

6. The right of opposition according to Art. 21 GDPR.

15.2 The right to information in accordance with Art. 15 GDPR

In accordance with Art. 15 Section 1 GDPR, you have the right to freely request information about the personal data we have stored about you. This includes in particular:

1. the purposes for which the personal data is processed;

2. the categories of personal data that are processed;

3. the recipients and the categories of recipients, respectively, to whom the personal data concerning you has been disclosed or is still disclosed;

4. the planned duration of the storage of your personal data or, if no specific information is available, the criteria for determining the storage period;

5. the existence of a right to correct or delete your personal data, a right to restrict processing by the responsible person or a right to object to such processing;

6. the existence of a right of complaint to a supervisory authority;

7. all available information on the origin of the data if personal data is not collected from the person concerned;

8. the existence of automated decision-making, including profiling in accordance with Art. 22 Sections 1 and 4 GDPR and - at least in these cases - significant information about the logic involved as well as the scope and expected effects of such processing for the person concerned.

If personal data is transmitted to a third country or to an international organization, you have the right to be informed of the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transmission.

15.3 The right to correction in accordance with Art. 16 GDPR

You have the right to request that we correct any incorrect personal data without delay. In view of the purposes of the processing, you have the right to request the completion of incomplete personal data - also by an additional statement.

15.4 The right to deletion in accordance with Art. 17 GDPR

You have the right to ask us to immediately delete the personal data concerning you, if one of the following reasons applies:

1. personal data is no longer necessary for the purposes for which it was collected or processed in any way.

2. You revoke the consent on which the processing was based in accordance with Art. 6 Section 1 letter a) or Art. 9 Section 2 letter a GDPR and there is no other legal basis for processing;

3. you oppose the processing in accordance with Art. 21 Section 1 or Section 2 GDPR and, in the case of Art. 21 Section 1 GDPR, there are no legitimate imperative reasons for processing;

4. personal data has been processed illegally;

5. the deletion of personal data is necessary for the fulfillment of a legal obligation;

6. personal data was collected in connection with the services provided by the information company in accordance with Art. 8 Section 1 GDPR.

If we have made your personal data public and we are required to delete it, we will take appropriate action, taking into account available technology and implementation costs, to inform third parties processing your data that you have requested that they delete all links to such personal data or copies or reproductions of such personal data.

15.5 The right to limit the processing in accordance with Art. 18 GDPR

You have the right to request the limitation of processing if one of the following conditions is met:

1. you contest the correctness of personal data;

2. the processing is illegal and instead of deleting you request the limitation of the use of personal data;

3. the responsible person no longer needs the personal data for the purpose of processing, but the data subject needs it to assert, exercise or defend legal claims or

4. you oppose the processing in accordance with Art. 21 Section 1 GDPR, as long as it is not certain whether the legitimate reasons of the responsible person exceed those of the person concerned.

15.6 The right to data portability in accordance with Art. 20 GDPR

You have the right to receive personal data concerning you, which you have provided to us, in a structured, accessible and machine-readable format and you have the right to transfer this data to another responsible person without obstacles on our part, provided that:

1. the processing is based on consent in accordance with Art. 6 Section 1 Para. 1 letter a or Art. 9 Section 2 letter a or on a contract according to Art. 6 Section 1 Para. 1 letter b GDPR and

2. processing to be performed using automated procedures.

When you exercise your right to data portability, you have the right to have your personal data transmitted directly from us to another responsible person, as far as this is technically possible.

15.7 The right of opposition in accordance with Art. 21 GDPR

Under the conditions of Art. 21 Section 1 GDPR, you may object to the processing of data for reasons arising from your particular situation.

The general right of opposition above applies to all purposes of processing described in these provisions on data protection, which is processed on the basis of Art. 6 Section 1 Para. 1 letter f GDPR. Unlike the special right to object to the processing of data for advertising purposes, according to the GDPR we are obliged to implement such a general objection only if you provide us with reasons of major importance, such as a possible danger to life or health.

15.8 The right to make a complaint

In case of complaints, you can contact a supervisory authority. The Bavarian State Office for Data Protection Supervision is the supervisory authority responsible for the supplier.

16. Profiling and automatic decision-making

We process your data partially automatically, in order to evaluate certain personal aspects (profiling). However, we do not make automated decisions based on them that have legal effect on you or significantly affect you in a similar manner without the participation of a person.

If we use automated decisions only in individual cases in the future, we will inform you separately about this, provided that this is required by law.

17. Protection of your personal data

The supplier uses security standards that are generally recognized from a technological point of view to secure the data of visitors entered and stored client data on the online platform, to protect the data of visitors and clients on the site from abuse, loss and forgery. In addition, only certain employees of the supplier are allowed to access personally identifiable visitor and client data. As part of the purpose of the transfer, these employees ensure that the confidentiality of such sensitive data is maintained. This principle also applies to employees and the bodies in charge of them, to whom the data entered by the client on the online platform is transmitted and made available for access as part of the purpose of the transfer.

All the information that you entrust to us in the contact forms and / or when you register and after you authenticate in your client area and that you want to transmit via the Internet is encrypted with a special encryption algorithm. This procedure prevents unauthorized reading. The supplier uses the SSL (Secure Socket Layer) protocol with 256-bit encryption. You can recognize this by the fact that the lock symbol on your browser's status bar is closed and the address line starts with https://.

In order for your browser to transmit data in encrypted form, it must support SSL Version 3 or TLS. Additional information can be found in the documentation for your browser software.

It should be noted that the links (electronic "references") on our website lead to other websites and information from third parties. Unless expressly provided above, the supplier assumes no responsibility for the content on third party websites, not even in terms of compliance with certain security standards or compliance with the General Data Protection Regulation.

Without prejudice to the above statements regarding visitor and client data on our websites and our online platform, we use various physical, electronic and operational measures to ensure that your personal data is generally secure, accurate and updated. These measures include, but are not limited to:

1. educating and training relevant employees to ensure that they are aware of their data protection obligations when handling personal data,

2. administrative and technical inspections to restrict access to personal data to persons who need to be aware of it ("Need to Know" principle),

3. technological security measures, including firewalls, encryption and antivirus software,

4. physical security measures, such as security badges for employees to access our headquarters.

Although we use reasonable security measures, once we have received your personal data, the transmission of information on the Internet (including by e-mail) is never completely secure. We strive and do everything we can to protect personal data, but we cannot guarantee the security of the data transmitted to or by us.

18. The obligation to provide data

As part of the business relationship, we need the following personal information from you:

1. Data needed to establish and implement a business relationship.

2. Data necessary to fulfill the associated contractual obligations.

3. Data that we are legally obliged to collect.

Without this personal data we cannot conclude or develop a contract with you.

19. Linked pages

It is ensured that the supplier has no influence on the design and content of the linked pages. Therefore, we expressly distance ourselves from all content on all linked pages on the entire supplier's website, including all subpages. Unless expressly provided above, the supplier assumes no responsibility for the content on third party websites, not even in terms of compliance with certain security standards or compliance with the General Data Protection Regulation. This statement applies to all links on these pages and to the entire content of the pages to which links or banners on our web pages lead.

20. Amendments

We may adapt the data protection information from time to time. All amendments to the data protection notification will be published on this subpage of our website.