NOTES ON DATA PROCESSING

INTRODUCTION AND TERMS

Introduction
Streck Transport AG takes the protection of your personal data very seriously. With this information on data processing, we want to inform you about the type, scope and purpose of the processing of personal data for our services and offers as well as within the scope of our online offer and the websites and functions connected to it, and explain to you which rights you have as a data subject to safeguard and enforce the protection of your personal data.
This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR") and the Swiss Data Protection Act ("DPA"). However, whether and to what extent these laws apply depends on the individual case. We largely use the terminology of the GDPR below.

Terms
The definitions of the data protection law terms used correspond to those of Art. 4 of the EU General Data Protection Regulation (GDPR). Where the term "data" is used in the notes on data processing, this refers to personal data within the meaning of the GDPR.

RESPONSIBLE AND DATA PROTECTION OFFICER

The person responsible pursuant to Art. 4 (7) DSGVO is:
Streck Transport AG
Industriestrasse 30
CH-4313 Möhlin

Phone: +41 61 855 11 11
E-mail address: info@streck.ch

CONTACT AND YOUR DATA PROTECTION RIGHTS

If you would like to exercise your rights or would like more information about our use of your personal data, please contact us as the data controller or our data protection officer using the contact details provided.

You are entitled to the following rights:

a) Withdrawal of consent pursuant to Art. 7 (3) DSGVO.
If the processing is based on consent, you can revoke your consent to the processing of personal data in accordance with Art. 7 (3) DSGVO at any time with respect to us for the future. This means that the data processing based on this consent may no longer be continued in the future. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

b) Right to information according to Art. 15 DSGVO

You can request information about your processed personal data at any time in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your personal data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or a right to object, the existence of a right to lodge a complaint with a supervisory authority, the origin of your personal data if they have not been collected from you, the existence of automated decision-making including profiling pursuant to Art. 22 (1-4) DSGVO and - at least in these cases - meaningful information about the logic involved as well as the scope and the intended effects of such processing for the data subject. The restrictions pursuant to Section 34 BDSG apply.

c) Right to rectification pursuant to Art. 16 DSGVO

Pursuant to Art. 16 DSGVO, you may demand the immediate correction of incorrect or the completion of stored personal data.

d) Right to erasure pursuant to Art. 17 DSGVO

Pursuant to Art. 17 DSGVO, you may request the erasure of stored personal data, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims. The restrictions according to § 35 BDSG apply.

e) Right to restriction of processing pursuant to Art. 18 DSGVO

Pursuant to Art. 18 DSGVO, you may request the restriction of the processing of your personal data insofar as the accuracy of the data is disputed, the processing is unlawful, but its erasure is refused and your personal data is no longer required, but you need it for the assertion, exercise or defence of legal claims.

f) Right to object to direct marketing

You may object at any time to the processing of your personal data for promotional purposes. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

g) Right of objection according to Art. 21 DSGVO
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1), p. 1 lit. f) DSGVO (data processing on the basis of legitimate interests). When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we have done. If you object, the personal data will no longer be processed unless compelling legitimate grounds for processing can be demonstrated which override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

h) Rights to data portability according to Art. 22 DSGVO
You have the right to receive the personal data you have provided in a structured, common and machine-readable format in accordance with Article 20 DSGVO, provided that the processing is carried out with the aid of automated procedures and is based on consent in accordance with Article 6 (1), sentence 1 a) or Article 9 (2) a) or on a contract in accordance with Article 6 (1), sentence 1 b) DSGVO.

i) Right of appeal
Every data subject also has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

CHILDREN

We do not offer direct services to persons under the age of 16. Persons under the age of 16 are not permitted to submit personal data to us or provide a declaration of consent without the consent of their legal representative.

VISITING OUR WEBSITE

Processing purposes and legal basis

Each time you visit our website, your browser transmits data to our web server (so-called "server log files"), which may enable identification. The data processing is necessary for the course of the website visit. In order to enable delivery of the web pages, a technical connection must be established between your browser and our website. Further processing purposes are the optimisation of the stability and functionality of our websites, the guarantee of the security of our information technology systems, abuse detection and tracking. The legal basis is our legal obligation to ensure data security pursuant to Art. 6 para. 1, p. 1 lit. c) DSGVO as well as our overriding legitimate interest in direct marketing and in the security of our offer pursuant to Art. 6 para. 1 p.1 lit. f) DSGVO, as long as this is done in accordance with data protection law.

Data categories and data origin
Depending on the configuration of your browser, the following data, among others, is processed:

Web page called up
Date and time of the call
Amount of data transferred
Message about successful call
Browser used
Operating system used
Internet service provider
IP address of the calling system of the user
Website from which the user's system accessed the website in question

Recipients of personal data
We use external service providers such as hosting service providers as order processors for the provision of our websites, who may therefore have access to your personal data.

Duration of storage
The data is stored for a period of 30 days. We reserve the right to check the files if concrete evidence justifies the justified suspicion of illegal use or a concrete attack on our website. Data whose further storage is necessary for evidentiary purposes will be deleted as soon as they are no longer required to achieve the purpose of their processing.

Cookies

Processing purposes and legal basis
Our website uses so-called "cookies". Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to evaluate user behaviour or to display advertising.
Cookies that are necessary to carry out the electronic communication process or to optimise the website are stored. We have a legitimate interest in storing cookies for the technically error-free and optimised provision of our offer.
We use all other cookies on the basis of your consent, which you can select in the data protection settings when you first visit our website. Your consent can be revoked at any time for the future.

Data categories and data origin
Cookies are data records that are stored either temporarily for the duration of a session or permanently on the hard disk of your end device and are assigned to the browser you are using so that certain information can flow to the body that sets the cookie. Cookies are primarily used to make our website faster and more user-friendly. When you call up our website and at any time later, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select.

Recipients of personal data
We use external service providers, such as hosting service providers, as processors for the provision of our websites and they may therefore have access to your personal data. When you visit our website, third-party cookies (External Content) may also be stored on your terminal device. These enable us or you to use certain services of the third-party provider.

Duration of storage, revocation of consent
Session cookies are automatically deleted at the end of your visit to our website. Permanent cookies remain stored on your terminal device until you delete them or until they are automatically deleted by your web browser. Information on the storage period of cookies can be found in the
data protection settings. In the data protection settings, you can also change the cookie settings and thus revoke the consent you have given, with the exception of the "Essential" category, as these are technically necessary cookies for the correct display of our web pages. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. Stored cookies can be deleted in the system settings of your browser. Deactivating cookies may lead to a restriction of the functionality of this website.

Web analysis with Matomo Analytics

Processing purposes and legal basis

We use the open source web analytics service Matomo on our websites to analyse visitor flows. No data is transmitted to Matomo. Matomo enables us to determine, among other things, from which internet page you have come to our website and how often or how long you have visited a sub-page. It is not possible to assign the web statistics to your terminal device or your access point. Only an allocation to individual regions is visible. With the evaluation of the data obtained, we would like to further improve our websites and their user-friendliness and adapt them even more to the needs of website visitors. If you consent to the web analysis by ticking "Analytics & Performance" in the data protection settings (Art. 6 para. 1, p.1 lit. a) in conjunction with Art. 7 DSGVO), you will be informed of this. Art. 7 DSGVO), your usage behaviour will be recorded anonymously. Consent is voluntary and not required for the use of our websites.

Data categories and data origin
We use Matomo without setting cookies on your terminal device. Instead, Matomo uses the visitor config_id, a randomly set, time-limited hash of a limited set of the visitor's settings and attributes. The config_id is a string calculated for a visitor based on their operating system, browser, browser plugins, IP address and browser language. The config_id is only valid for a maximum of 24 hours and only for a specific website domain. The calculation of the config_id changes randomly every 24 hours, so that the same visitor has a different config_id every day. The config_id is completely anonymised every 24 hours. The randomly generated seed is discarded every day and cannot be recovered. The website ID is used to process the config_id, which means that a given user/visitor will always have a different config_id when visiting different websites and domains. Furthermore, we have configured Matomo to only collect your IP address in an abbreviated form by masking the last two bytes (e.g. 192.168.xxx.xxx). This anonymised IP address is also used to calculate the config_id. We therefore process your personal usage data anonymously; it is not possible for us to draw any conclusions about your person.

Duration of storage, revocation of consent
The data is deleted as soon as it is no longer required for our recording purposes. We have set Matomo so that collected analysis data is deleted after 6 months. You can revoke your consent to data processing using Matomo at any time for the future by unchecking "Analytics & Performance" here.

Login options

Processing purposes and legal basis
We offer our customers the possibility to log in to closed areas in order to use additional services such as shipment registration, shipment tracking. As a rule, registration takes place via us.
The data is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating or implementing further contracts. The legal basis is Art. 6 para. 1, p. 1 lit. b) DSGVO.

Data categories and data origin
If you use closed areas, we collect and process your personal data required for the performance of the contract, such as name, contact data, address data and the data required for your identification and use.

Recipients of personal data
If we use external service providers as order processors for the provision of these services, they may have access to your personal data.

Duration of storage
We process and store your personal data as long as it is necessary for the fulfilment of the above-mentioned purposes. In this context, personal data may be retained for the period of assertion, exercise or defence of legal claims (statutory limitation periods of three to thirty years). In addition, we store your personal data insofar as we are legally obliged to do so. Corresponding obligations to provide proof and to store data result, for example, from commercial, tax and social security regulations. The storage period under tax and commercial law is generally 10 years at the end of a financial year.

Newsletter service, newsletter analysis

Processing purposes and legal basis
We offer you the option of using our free e-mail newsletter service to regularly send you e-mails with information about our services to the e-mail address you have provided. The legal basis for the processing of your personal data is your consent in accordance with Art. 6 para. 1, p.1 lit. a) DSGVO. The consent can be revoked at any time for the future. When you register for the newsletter, we document the consent given on the basis of Art. 6 para. 1, p. 1 lit. f) DSGVO. Newsletter analysis by means of link tracking enables us to analyse the success of our newsletter campaigns, for example, whether the newsletter was opened at all or whether links were clicked. In this way, we can determine, for example, which content particularly appealed to our newsletter recipients. The newsletter analysis is carried out with anonymised data, so that it is impossible to relate it to a specific person. Unfortunately, it is not possible to separately object to the newsletter analysis. Please unsubscribe from our newsletter service if you do not wish to receive newsletter analysis.

Data categories and data origin
When you register for the newsletter service on our website, the data from the input mask is transmitted to us. To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter your title, first and last name as well as your company in order to address you personally in the newsletter. We use the so-called double opt-in procedure for the registration process. Once you have registered, you will receive an e-mail with a confirmation link. Only when this link has been clicked will you be included in the newsletter distribution list. In this way, we prevent unauthorised third parties from registering using your email address. We log the registration process in order to be able to prove the process in accordance with legal requirements. The data from the input mask as well as the date and time of the registration confirmation are saved.

Recipients of personal data
For the provision of newsletters and for newsletter analysis, we use an external service provider as an order processor, who processes your personal data on our behalf.

Duration of storage
If you do not confirm your subscription to our newsletter service after receiving the corresponding registration email, your information will be automatically deleted after 30 days. We process your personal data for the duration of the newsletter subscription. You can cancel the subscription at any time with effect for the future and thus revoke your consent to receive newsletters or object to the processing of your personal data for advertising purposes. For this purpose, you will find a corresponding unsubscribe option on our website and in each newsletter. After revocation of your consent or objection to advertising, you will not be sent any further newsletters and your personal data will be removed from our active distribution list.

External links

Our websites contain links to websites of third parties. By clicking on the link, you leave our sphere of influence. The responsibility for the processing of personal data lies with the respective operator of the linked website. We recommend that you read the information on data processing applicable to linked websites before using them.

OpenStreetMap

We integrate maps of the open source service "OpenStreetMap" of the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom, as external content on our websites in order to make our websites appealing and interesting.
If you consent to this in the data protection settings by ticking the "External content" box (Art. 6 para. 1, p. 1 lit. a) in conjunction with Art. 7 DSGVO), we will use your data for this purpose. Art. 7 DSGVO), a connection to the provider's servers is established and your IP address is automatically transmitted to the provider for the display of the maps and the map functions. We have no influence on the data processing procedures at OpenStreetMap. You can find more information on data processing by Open Street Maps at wiki.osmfoundation.org/wiki/Privacy_Policy.
Consent is voluntary. However, we would like to point out that you cannot use this function without consent.
You can revoke your consent for the future at any time, e.g. by unchecking "External content" in the data protection settings.

Social media

The logos of LinkedIn, Xing and Instagram displayed on our websites are linked to our respective profile on the social network without any data being transmitted to these social networks when the logos are integrated. If you click on one of the logos, you will be redirected to the external website of the respective social network. Information on data processing via our profiles within the social networks can be found under "Social media data protection".

YouTube

Within our website, we use the YouTube embedding function of Google Ireland Limited with your consent to display and play YouTube videos. The processing of your personal data associated with the embedding is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) DSGVO. Pursuant to Art. 49 (1) sentence 1 lit. a) DSGVO, your declaration of consent also expressly includes the possible global transfer and processing of data by other group companies of Google LLC. In this regard, we would like to expressly point out any risks, for example, the far-reaching access rights of investigating authorities and the more difficult enforcement of data protection rights.
By displaying the video content, the user's IP address and other browser-related information is transmitted to Google. By embedding the videos in extended data protection mode, no further personal data is processed. Only when the video is clicked on for viewing is additional information transmitted to Google so that the video content can be displayed. If you are logged in as a YouTube user, Google will assign this information to your personal user account.Please refer to Google's privacy policy for the purpose and scope of data processing by Google as well as your rights in this regard and setting options for protecting your privacy. Consent is voluntary. However, we would like to point out that you cannot use this function without consent. You can revoke your consent for the future at any time, e.g. by unchecking "External content" in the privacy settings.

myStreck

Under the name myStreck, Streck Transportgesellschaft mbH provides a platform for tracking and recording consignments.
In principle, myStreck consignment tracking can be used without registration and login. However, registration and login are required in order to be able to use the consignment recording and extended functionalities of the consignment tracking. This service is only available to entrepreneurs within the meaning of § 14 of the German Civil Code (BGB) who are business partners of Transportgesellschaft mbH or legal entities who are business partners of Streck Transport AG.

Information on joint responsibility according to Art. 26 Para. 2 S. 2 DSGVO

Streck Transportgesellschaft mbH and we, Streck Transport AG, Industriestrasse 30, CH-4313 Möhlin, work closely together on the myStreck platform. This also applies to the processing of your personal data. Streck Transportgesellschaft mbH and Streck Transport AG have jointly determined who fulfils which obligation under the GDPR, in particular with regard to the exercise of the rights of the data subject, and who fulfils which information obligations under Articles 13 and 14 of the GDPR. Both are therefore jointly responsible for the protection of your personal data within the processes described below (Art. 26 DSGVO).

Within the scope of their joint responsibility under data protection law, Streck Transportgesellschaft mbH and Streck Transport AG (hereinafter jointly referred to as "we") have agreed that each party is separately responsible, within the scope of the personal data collected by it in each case, for the performance of the information obligations pursuant to Art. 13 and 14 of the GDPR, respectively, and for the provision of the essential content of this Agreement pursuant to Art. 26 (2) of the GDPR. They shall make the information required under Articles 13 and 14 of the GDPR available to the data subjects free of charge in a precise, transparent, comprehensible and easily accessible form in clear and simple language. In this regard, Streck Transportgesellschaft mbH and Streck Transport AG shall provide each other with all the necessary information from their sphere of activity.

All other obligations under the GDPR are fulfilled by Streck Transportges. mbH. The central contact point for the assertion of data subject rights pursuant to Art. 15 to 22 DSGVO is Streck Transportges. mbH.
The contact details are:

Streck Transportges. mbH
represented by the managing directors Bernd Schäfer (chairman), Ralph Diringer, Gerald Penner
Brombacher Str. 61
D-79539 Lörrach
Phone: +49 (0) 7621 177 0
E-mail address: info@streck.de

Streck Transport AG shall inform Streck Transportgesellschaft mbH without delay of any legal positions asserted by data subjects pursuant to Articles 15 to 22 of the GDPR and shall provide Streck Transportgesellschaft mbH with all information necessary for the fulfilment of the rights of data subjects pursuant to Articles 15 to 22 of the GDPR.
Pursuant to Article 26 (3) of the GDPR, data subjects may exercise their data protection rights pursuant to Articles 15 to 22 of the GDPR both at Streck Transportgesellschaft mbH and at Streck.

Visit the "myStreck" website

Processing purposes, legal basis, data categories
When calling up the website "mystreck.streck.de", your browser transmits "server log files" to the server, which may enable identification. The information on processing purposes, legal bases, data categories and data origin corresponds to the information provided above under "Visiting our website".

Duration of storage
This data is deleted as soon as it is no longer required for the stated purposes. Currently, the deletion of the log files takes place after 7 days. We also reserve the right to check the files in this respect if concrete indications justify the justified suspicion of illegal use or a concrete attack on our website. Data whose further storage is necessary for evidentiary purposes will be deleted as soon as they are no longer required to achieve the purpose of their processing.

Cookies

Processing purposes, legal basis, data categories
Information on the processing purposes, legal basis, data categories and data origin of cookies can be found above under "Visiting our website" under the subheading "Cookies". Streck Transportgesellschaft mbH uses the cookie "X-ENV-ClientLocale", which is technically necessary for website operation, to provide your preferred language selection. When using "myStreck", another technically necessary cookie "X-ENV-SessionToken" is set to determine whether it is a recurring user.

Duration of storage
Both cookies are session cookies and are automatically deleted at the end of your visit to the website.

myStreck shipment tracking without login

Processing purposes, legal basis, data categories
We process contract-related data on your consignment, such as the name and address data of the principal, consignor and consignee, current working status, time of delivery as well as consignment-related data such as number of packages, content, weight, length, width, height, volume from the transport management systems in order to display the status of the consignment to you. The data processing is carried out in order to implement the transport contract concluded with the client in accordance with Art. 6 Para. 1 S. 1 lit. b) DSGVO. We receive this data from the client, our system partners and carriers.

Duration of storage
The data is usually retained in the platform for 90 days.

myStreck for registered business partners
Processing purposes, legal basis, data categories

With the myStreck platform, we offer our business partners the possibility of logging into the closed area of myStreck after registration in order to be able to use additional services of the myStreck shipment tracking in addition to the simple shipment tracking, for which no registration and log-in is required, or in order to prepare and process transport orders with the shipment registration.

Within the framework of the user relationship, we process your personal data required for the initiation and execution of the contract, such as name, e-mail address and, if applicable, the assignment to the business partner for whom you work. Your personal data is processed for the purpose of initiating and implementing the user relationship established by the registration and, if applicable, for initiating or implementing further contracts. The legal basis is Art. 6 para. 1, p. 1 lit. b) DSGVO.

If you use myStreck for registered business partners, we also process the following usage data in addition to your access data: Date and time of the call, IP address, name and version of the web browser you are using in order to ensure and optimise the stability and security of the myStreck shipment tracking platform. The legal basis is Art. 6 para. 1 p. 1 lit. f) DSGVO.

We process personal data of business partners, consignors and consignees including their contact persons for the transport contract/order: contract or order-related data such as name and address data, current work status, time of delivery, proof of delivery as well as consignment-related data such as number of packages, content, weight, length, width, height, volume for the initiation and processing of the transport contract/order pursuant to Art. 6 para. 1 p. 1 lit. b) DSGVO.

As a user with login, you can add a profile picture to your user account. By uploading a picture of yourself, you declare your consent pursuant to Art. 6 para. 1 p. 1 lit. a) in conjunction with Art. 7 DSGVO. Art. 7 DSGVO for the processing of your picture for the aforementioned purpose. Insofar as the image reveals information about your ethnic origin, religion or health (e.g. skin colour, headgear, glasses) and/or the image contains metadata (date, time, GPS data), your consent also includes this information within the scope of the stated purpose. The granting of consent is voluntary. You can revoke your consent at any time without giving reasons with effect for the future, e.g. by deleting your profile picture from your user account. You will not suffer any disadvantages from refusing consent or revoking it.

Duration of storage

We process and store your personal data as long as it is necessary for the fulfilment of the user relationship and legal obligations. In the process, personal data may be retained for the period of assertion, exercise or defence of legal claims (statutory limitation periods of three to thirty years). Corresponding obligations to provide proof and to retain data result, for example, from commercial and tax law regulations.
Currently, the storage period of your log data processed when using myStreck is a maximum of 90 days.
Data on a transport contract/order is available in myStreck for 90 days.

Recipients of personal data
Your personal data will only be passed on internally to the persons in the specialist departments who require it for the fulfilment of the purposes stated. Furthermore, clients, our system partners, carriers and, if applicable, other third parties involved in the execution of the transport contract, such as customs authorities, insurance companies, may receive personal data for these purposes.
Streck Transportges. mbH uses external service providers as order processors for the provision, maintenance and support of myStreck, who may therefore have access to your personal data. External service providers are carefully selected by Streck Transportges. mbH and Streck Transportges. mbH concludes commissioning contracts with all service providers who process personal data on its behalf in accordance with Art. 28 DSGVO.

CONTACT

Processing purposes and legal basis
When contacting us (e.g. via contact form, e-mail, telephone), the personal data you provide will be processed and stored for the purpose of handling your request or contacting you. If your enquiry requires the involvement of another company in our group of companies in order to process it in the best possible way, it may be necessary to exchange your enquiry-related data with this company.

The legal basis in the context of contractual/pre-contractual relationships is Art. 6 para. 1, p. 1 lit. b) DSGVO, in the case of other requests your consent pursuant to Art. 6 para. 1, p. 1 lit. a) DSGVO or our overriding legitimate interest in efficient, customer-friendly processing of your request pursuant to Art. 6 para. 1, p. 1 lit. f) DSGVO, as long as this is done in accordance with the data protection regulations.

Data categories and data origin
We process the data you provide (e.g. your e-mail address, your name, your telephone number). Please only send us the data and information that is necessary to process your request.

Recipients of personal data
In individual cases, your request may concern a company of our group of companies outside the EU/EEA (Switzerland). In these cases, we will only forward your data with your consent (Art. 49 para. 1, p. 1 lit. a) DSGVO) or if this expressly results from the contract with you or your company (Art. 49 para. 1, p. 1 lit. b,c) DSGVO).

Duration of storage
We delete your personal data after the time limits for the duration of the contract, if your request is assigned to a contract. Otherwise, we delete your personal data if you revoke your consent, we no longer have a legal obligation or a legitimate interest in processing.

CUSTOMERS, SUPPLIERS AND BUSINESS PARTNERS

Processing purposes and legal basis
We process personal data in accordance with the provisions of the DSG:

a) Based on your consent (Article 6 para. 1, p. 1 lit. a) DSGVO).
Insofar as you have given us consent in individual cases to process personal data for specific purposes (e.g. film and photo shoots, newsletter subscription), the lawfulness of this processing is based on your consent. You can revoke your consent at any time with effect for the future.

b) In the context of the performance of a contract or for the implementation of pre-contractual measures
(Art. 6 para. 1, p. 1 lit. b) DSGVO).
We process personal data primarily for the fulfilment of contractual obligations and the provision of related services or in the context of a corresponding contract initiation (e.g. contract negotiations, preparation of offers). The specific purposes here depend on the respective service to which the business relationship or the contract initiation relates, in particular in connection with orders from customers. We also process personal data in the processing of services rendered, in particular invoicing, accounts receivable management, dunning and debt collection.

The data processing serves the following purposes in particular:

Initiation, implementation and processing of transport, forwarding and logistics services, including in the area of land transport, air and sea freight, logistics and outsourcing, supply chain management and customs management.
Within the scope of the services provided, in particular transport and logistics services, personal data are processed on the basis of contracts concluded with you, the senders or the recipients. This data is used, for example, to execute a (transport) contract, to manage customer data, to process payments and, if necessary, to check creditworthiness. Certain shipping data is provided to the authorities of the transit or destination country - depending on the relevant legal regulations - for the purpose of customs clearance and taxation or for security checks. Such data usually includes the name and address of the sender, name and address of the recipient, description of goods, number of pieces, weight and value of the shipment.
Communication with customers, service providers, subcontractors, business partners as well as public authorities.
Support, in particular answering enquiries from our contact persons, interested parties, customers or partners
Organisation, planning, implementation and administration of the business relationship between us and our customers, suppliers and business partners as well as our affiliated companies and cooperation partners.

c) Due to legal obligations (Art. 6 para. 1, p. 1 lit c) DSGVO).
The purposes of the processing include, among others, the fulfilment of control and reporting obligations under tax and social law. This also includes statutory reporting obligations in the provision of services and posting under A1 procedures. Likewise, the processing of personal data insofar as this is necessary for the implementation of technical and organisational measures in accordance with Art. 32 DSGVO.

d) For the protection of legitimate interests (Article 6 para. 1, p. 1 lit. f) DSGVO)
Where necessary, we process your data beyond the actual performance of the contract to safeguard legitimate interests of us or third parties, namely:

Data processing for security, quality assurance and process optimisation: we process, to the extent permitted by law, personal data collected in the course of the performance of the contract for (data) security purposes (e.g. for the purpose of detecting criminal offences or misuse), for compliance measures, for the preparation of statistics as well as for quality assurance, process optimisation and planning security on the basis of our legitimate interest in relation to ensuring smooth operations as well as the continuous improvement of the respective products and services. According to our assessment, there is no predominant interest of the data subjects worthy of protection, as the processing is carried out with as little intrusion as possible, e.g. by using pseudonyms. The legal basis for this data processing is Art. 6 para. 1, p. 1 lit. f) DSGVO.
Settling legal disputes, enforcing existing contracts and asserting, exercising and defending legal claims
Maintaining and protecting the security of our systems and IT operations
Building and facility security measures (e.g. access control or video surveillance)
Exchange of control and planning data
Credit assessment
Sales and marketing activities
Interested party and customer support

Categories of data and origin of data
a) The categories of personal data processed include:

Master data (title, first and last names, address, function, department).
Contact data (telephone number, mobile phone number, fax number and e-mail address)
Company-related data
Contractual data (services used, contents of the contract, contractual communication, names of contact persons)
Data necessary for processing an enquiry, creditworthiness data if applicable
CRM data, in particular customer history, customer statistics
Advertising and sales data and other data from comparable categories
support requests
Other information required to process our contractual relationship or a project with our customers or sales partners (such as payment data, order data, etc.)
in the context of using our online services IP address, the data required for your identification and use, time of the respective user action
in the context of access control, photo for identification purposes and access zones, if applicable.

b) We process personal data which we have obtained from business relationships (for example with customers or suppliers) or enquiries. As a rule, we receive this data directly from the contractual partner or a person making an enquiry. However, personal data may also come from public sources (e.g. commercial register), provided that the processing of this data is permitted. Personal data may also have been legitimately transmitted to us by other companies. Depending on the individual case, we may also store our own information on this data (e.g. as part of an ongoing business relationship).

Obligation to provide data
In the context of initiating or executing a contract, you must provide the personal data that is required to carry out pre-contractual measures and to fulfil the contract and the associated obligations. Without providing this data, we will not be able to conclude or fulfil a contract with you. Furthermore, you must provide those personal data that we are legally obliged to collect. In cases of data collection based on consent, the provision of data by you is voluntary and not obligatory.

Recipients of personal data
Within our company, access to your personal data is granted to those persons who need it to fulfil our contractual and legal obligations or to safeguard legitimate interests. Personal data will be disclosed to third parties involved in the respective order insofar as this is necessary to achieve the processing purposes or we are obliged to disclose the data for legal reasons. We may transfer personal data to courts, authorities or law firms to the extent legally permissible and necessary to comply with applicable law or to assert, exercise or defend legal claims. Furthermore, service providers and vicarious agents employed by us may receive data for these purposes. We may only disclose information about you if this is required by law, if you have consented, if we are legally authorised to provide information or to disclose information and/or if processors commissioned by us equally guarantee compliance with confidentiality and legal requirements. External service providers who process data on behalf of Streck provide sufficient guarantees that appropriate technical and organisational measures are implemented in such a way that the processing is carried out in compliance with data protection requirements. In accordance with Art. 28 DSGVO, they are contractually bound to strict confidentiality, among other things, and are bound by instructions. In these cases, we remain responsible for the protection of your personal data.

Under these conditions, the following recipients may receive data in the process

Affiliated companies in the context of financial controlling or processing of data as order processors
customers, suppliers, business and cooperation partners as well as authorities in the context of order processing and cooperation
Order processors, in particular cloud services
IT service providers in the context of (remote) maintenance of IT systems
Subcontractors, sub-subcontractors for order fulfilment, in particular transport and logistics
Customers in the context of business correspondence and order documentation
auditors
Credit assessment service providers
Compliance screening service providers
Public authorities for the fulfilment of legal notification obligations, e.g. tax authorities, competent authorities in A1 procedures
Data destruction service providers
Lawyers, tax consultants and auditors
Collection service providers
Banks, payment card processors (credit cards) and payment service providers
Telephony providers
Insurance companies

Data transfers to a third country
The recipients are partly domestic, but can be anywhere in the world. In particular, you should expect your data to be transferred to all countries where the Streck Group is represented by group companies, branches or other offices, as well as to other countries in Europe and the USA where the service providers we use are located (such as [Microsoft], [SAP], [Amazon], [Salesforce.com]) or where we provide services.
If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: eur-lex.europa.eu/eli/dec_impl/2021/914/oj, unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

Duration of storage
We process and store your personal data as long as it is necessary for the fulfilment of the above-mentioned purposes, in particular contractual and legal obligations. In this context, personal data may be retained for the period of assertion, exercise or defence of legal claims (statutory limitation periods of three to thirty years). In addition, we store your personal data insofar as we are legally obliged to do so. Corresponding obligations to provide proof and to store data result, for example, from commercial, tax and social security regulations. The storage period under tax and commercial law is generally 10 years. If the processing of your personal data is based on your consent, we delete it if the consent is revoked by you and no other legal basis applies.

Automated decision-making and profiling
As a matter of principle, we do not use fully automated decisionﬁndings in accordance with Article 22 DSGVO to establish and implement the business relationship. Profiling does not take place.

APPLICANT

The personnel administration of Streck Transport AG processes your application centrally. You can apply, for example, by e-mail, by post or via the applicant portal on our website.

Processing purposes and legal basis
We process your personal data only for the purpose of and within the scope of the application process in accordance with the legal requirements of the Data Protection Regulation (DSGVO), the DSG and other relevant laws. Your personal data is processed for the purpose of carrying out the application procedure and deciding on the establishment of an employment relationship on the legal basis of Art. 6 para. 1 sentence 1 lit. b) DSGVO. Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are processed in the context of the application procedure, this is done on the basis of § 26 (3), (4) BDSG, insofar as the processing does not require separate consent in accordance with Art. 9 para. 2 lit. a), Art. 7 DSGVO, Art. 88 para. 1 DSGVO. The processing of data that you provide to us voluntarily and that is not absolutely necessary for the application process is based on your consent expressed through the transmission in accordance with Art. 6 Para. 1 S. 1 lit a) in conjunction with Art. 7 DSGVO for the above-mentioned purposes. Art. 7 DSGVO for the above-mentioned purposes. You may revoke your consent at any time and without stating reasons with effect for the future. Your personal data is also processed for the fulfilment of legal obligations according to Art. 6 para. 1 p. 1 lit. c) DSGVO (e.g. sanctions list check based on Art. 6 para. 1 p. 1 lit. c) DSGVO ) as well as, if necessary, for the protection of legitimate interests according to Art. 6 para. 1 p. 1 lit. f) DSGVO. These are, for example: Ensuring compliance with safety regulations, requirements, customary industry standards and contractual obligations, asserting, exercising or defending legal claims. If you participate in the "Employees recruit employees" programme, we process your personal data for the implementation of the "Employees recruit employees" programme and for the settlement of the advertising premium with the employee who referred us, pursuant to Art. 6 para. 1 sentence 1 lit. b), f) DSGVO. Our legitimate interest in this processing is the implementation of the "Employees recruit employees" programme, the expansion of the circle of potential applicants and the increase of our level of awareness as an employer.

Categories of data and data origin
The categories of personal data processed include in particular:

Master data, contact data and communication data,
Data on the content of former/current employment relationships, e.g. work tasks, performance data, positions held. (This data may be derived from your cover letter/resume/attached job references),
various other details such as earliest starting date, regional mobility, desired number of hours and duration of employment, previous employment, additional qualifications, references or information on how you became aware of the position,
other voluntary information such as data on non-professional interests: hobbies, voluntary work
other data that you voluntarily provide to us during the application process, such as in your letter of application, curriculum vitae or certificates, photo.

In addition, we collect and process data in the course of the application process as part of personnel screening (e.g. police clearance certificate, sanction list check, background check if applicable) as well as data on health suitability if applicable.

As a rule, your personal data will be collected directly from you as part of the application process. If you wish, you can send us your application via the applicant portal on our website. The data will be transmitted to us in encrypted form in accordance with the state of the art. If you send us your application by e-mail, please note that e-mails are generally not sent in encrypted form and you must ensure that they are encrypted yourself. We assume no responsibility for the transmission path of the application until it is received on our server and therefore recommend that you either use the applicant portal or send it by post. The necessary data are marked when using the applicant portal, otherwise they result from the job descriptions. In certain constellations, your personal data may also be collected from other offices due to legal regulations. In addition, we may receive personal data from third parties (e.g. job placement agencies), who pass it on to us on their own responsibility.

Obligation to provide
You are not obliged to provide us with personal data. However, the application process requires that you provide us with the personal data that is necessary to carry out the application process and to assess your suitability. Without this personal data, we cannot consider your application.

Recipients of personal data
Your personal data will only be passed on to those persons and departments (e.g. specialist departments) who need it to carry out the application process, to make the recruitment decision and to fulfil our (pre-)contractual and legal obligations and requirements. Furthermore, service providers and vicarious agents employed by us may receive personal data for these purposes. We only pass on your personal data if this is required by law, if you have given your consent, if we are legally authorised to pass on the data and/or if the processors commissioned by us equally guarantee compliance with confidentiality and the provisions of the GDPR.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), insofar as it is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

Further processing
In the event of a successful application, your personal data may be further processed by us for the purposes of the employment relationship. In the context of the application, we offer you the opportunity to be included in our "talent pool" for a period of two years on the basis of your consent within the meaning of Art. 6 Para. 1, S.1 lit. a) in conjunction with Art. 7 DSGVO. Art. 7 DSGVO. The application documents in the talent pool will be processed exclusively in the context of future job advertisements and the employee search and will be destroyed at the latest after the expiry of the period. Your consent to be included in the talent pool is voluntary and has no influence on the current application process: You can revoke your consent at any time for the future.

Duration of storage
If the application for a job offer is unsuccessful or the personal data is not required for the establishment, implementation and termination of the employment relationship, your personal data will be deleted. Your personal data will also be deleted if an application is withdrawn, which you are entitled to do at any time.

Unless we are legally obliged or entitled to retain data beyond this, the data will be deleted at the latest after the expiry of a period of six months after the end of the application process so that we can answer any follow-up questions about the application, unless you have expressly consented to the further storage of your personal data for the purpose of contacting you in the event of future job advertisements. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

Automated decision-making and profiling
As a matter of principle, we do not use automated decisionﬁndings in accordance with Article 22 DSGVO to justify and carry out application procedures. Profiling does not take place.

COMPETITION

Processing purposes and legal basis
We collect, process and use your personal data in accordance with the applicable data protection regulations exclusively to the extent that this is necessary for the implementation and processing of the competition or with the consent of the persons concerned. The personal data to be provided in the context of the competition is used for the implementation and processing of the competition, the determination and notification of the winner, the exercise of the rights of use granted and the sending of the prize. The legal basis for this is the consent of the participants in accordance with Art. 6 para. 1, p. 1 lit. a) DSGVO.

Furthermore, we process personal data pursuant to Art. 6 para. 1 sentence 1 lit. f) DSGVO to ensure the proper implementation of the competition (e.g. for age verification) and pursuant to Art. 6 para. 1 sentence 1 lit. c) DSGVO, insofar as this is necessary for the fulfilment of legal obligations. This includes, for example, retention periods under commercial and tax law.

Data categories and data origin
The following data is collected by us from the data subjects within the scope of participation in the competition: User ID, contact details if applicable. In the event of a win, it is necessary to collect the first and last name and address data, and possibly the date of birth. The data subjects send us this information by direct message or e-mail.

Recipients of data transfers
Within our company, only those persons and offices receive the personal data that need them to carry out and process the competition and, if applicable, to publish the winners.

Personal data will only be passed on to third parties if and insofar as this is necessary for the implementation and processing of the competition or the transfer or provision of the prize.

Duration of storage
We process and store the personal data of the data subjects for as long as it is necessary for the fulfilment of the above-mentioned purposes, in particular contractual and legal obligations. If the data are no longer required for the fulfilment of the purposes, they are regularly deleted, unless their temporary further processing is necessary (intervention of legal retention periods or safeguarding of our legal claims). However, posts on the social media platform remain and can still be viewed by the public. If data processing is based on consent, we delete the personal data concerned if the consent is revoked by the person concerned and no other legal basis applies.

SOCIAL MEDIA

In order to actively communicate with users and to provide information about our company, we maintain a number of different social media presences, partly in joint responsibility with the social network operators listed below.

Use of the social media presences is not required in order to communicate with us or to receive information about our company. Information that we publish via these services can also be accessed in the same or similar way here: www.streck-transport.ch. You can contact us at any time via kommunikation@streck.ch. We would like to point out that you use the services offered here and their functionalities on your own responsibility.

In the context of the user-side use of our presences in the social networks mentioned below, we would like to point out that personal data of the users can also be processed by the operators of the social networks outside the European Union and outside the European Economic Area. This may result in possible risks for users, for example in more difficult enforcement of data protection rights. At the same time, however, we would like to point out that if the operators of the social networks support this, we will work towards the conclusion of joint responsibility agreements pursuant to Article 26 of the GDPR and standard data protection clauses pursuant to Article 46(2)(d) of the GDPR.

In addition, we would like to draw your attention to the fact that the personal data of users is usually also processed by the operators of the social networks for their own market research and advertising purposes. Any usage profiles generated from the usage behaviour can also be used to display interest-based advertisements outside of the social networks. For this purpose, the operators of the social networks usually place cookies on the users' computers so that device information, usage behaviour and interests of users can be processed even if the user does not have a profile in the respective network.

For more information on this and on possible objection options, please refer to the data protection information and further notes of the respective social network operators, which we have linked for you below.

The following also applies to the processing of personal data:

Processing purposes and legal basis
Data processing is carried out, insofar as we are responsible for it, for the purposes of providing information, communication, marketing and measuring reach. The operation of the social media presences results from our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO, whereby the respective interests result from the aforementioned purposes.

Data categories
The categories of data processed include inventory data (e.g. names), contact data (e.g. email addresses), content data (e.g. text entries), usage data (e.g. interest in content) and meta and communication data (e.g. device information and IP addresses).

Storage period
Storage of the data categories processed by us takes place solely within the respective social network. In most cases, we have no influence on the specific storage period, as this is determined by the providers of the social networks. Information on this can be found in the data protection information of the respective provider. If the storage period can be influenced by us in individual cases, it will be deleted after the purpose has been fulfilled in compliance with the statutory retention obligations.

Services and service providers used by us as well as network-specific information
In the following, we inform you about the services and service providers we use as well as about network-specific information, naming the respective responsible bodies within the EU / EEA as well as those outside. We do not transfer any data beyond this.

Instagram, Facebook Ireland Limited / Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA

Datenschutzinformation

LinkedIn, LinkedIn Ireland Unlimited Company / LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA

Datenschutzinformation
Widerspruchsmöglichkeit bezüglich zielgerichteter Werbeanzeigen

YouTube, Google Ireland Limited / Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Datenschutzinformation
Widerspruchsmöglichkeit bezüglich zielgerichteter Werbeanzeigen
Browser-Add-on zur Deaktivierung von Google Analytics

Xing / kununu, New Work SE

Data protection information
Possibility to object to tracking and other analyses of user data

Information on data subject rights
With regard to the assertion of data subject rights, we would like to point out that these should be addressed directly to the respective operator of the social network in order to obtain comprehensive measures. Only the operators have access to all of the collected personal data of the users and can accordingly provide more comprehensive information and take any measures. If you require assistance in this regard, you can of course contact our data protection officer at any time.

DATA SUBJECT ENQUIRIES AND DATA BREACHES

Processing purposes, legal bases, data categories

Data subject requests
If you exercise your data protection rights with us under Art. 12-22 of the GDPR, we will need to process your personal data to deal with your request, for example, to verify your identity, search our database or correspond with you. This usually involves processing and documenting your details, any information you have given us and correspondence. The legal basis for processing the data subject request is Art. 6 para. 1 p. 1 lit. c DSGVO. If we need to process special categories of personal data to process your request, this is done on the basis of Art. 9 (2) lit. g DSGVO. The legal basis for documenting the processing of data subject requests in accordance with the law is Art. 6 para. 1 p. 1 lit. f) DSGVO. Our legitimate interests are the fulfilment of our accountability, enforcement of legal claims, legal defence.

Data protection breaches
In the course of investigating and handling a possible data protection breach, we process the data records that may be affected. When notifying the supervisory authority of a data protection breach, we process the personal data to be submitted in accordance with the notification form, and when notifying data subjects, we process their contact data. We also process the data to document the data protection breach. The processing is carried out for the fulfilment of our legal obligations pursuant to Art. 6 para. 1 p. 1 lit. c) in connection with Art. 33,34 DSGVO. Art. 33,34 DSGVO. The legal basis for the documentation of the data protection breach is Art. 6 para. 1 p. 1 lit. f) DSGVO. Our legitimate interests are fulfilment of our accountability, enforcement of legal claims, legal defence.

Obligation to provide
You are not obliged to provide us with personal data. However, the implementation of your request requires that you provide us with the personal data that is necessary for this purpose. Without this personal data, we may not be able to process your request in the legally required manner.

Recipients of personal data
Your personal data will only be passed on internally to those persons and bodies who require it for the examination and implementation of the asserted data subject right. Furthermore, service providers, vicarious agents, order processors as well as authorities, legal advisors or courts used by us may receive personal data for these purposes. However, we only pass on your personal data if we are legally authorised or obliged to do so, and/or if the processors commissioned by us equally guarantee compliance with the relevant data protection regulations.

Data transfers to a third country
The recipients are partly domestic, but can be anywhere in the world. In particular, you must expect your data to be transferred to all countries in which the Streck Group is represented by group companies, branches or other offices, as well as to other countries in Europe and the USA where the service providers we use are located (such as [Microsoft], [SAP], [Amazon], [Salesforce.com]) or where we provide services.

Duration of storage
Communications and documentation are generally retained for 3 years, beginning at the end of the year in which the processing of the request is completed.

Automated decision-making and profiling
We generally do not use automated decisionﬁndings for this purpose. Profiling does not take place.

MODIFICATION OF THE DATA PROCESSING NOTICE

We reserve the right to amend our data processing policy at any time to reflect changes in our services, the processing of your personal data or applicable law. Please therefore refer to the latest version of our data processing information.