.svg)
At CONROO GmbH ("us", "we", "our" or the "Company") we value your privacy and the importance of safeguarding your data. This Privacy Policy (the "Policy") describes our privacy practices for the activities set out below. As per your rights, we inform you how we collect, store, access, and otherwise process information relating to individuals. In this Policy, personal data ("Personal Data") refers to any information that on its own, or in combination with other available information, can identify an individual.
The office locations of where CONROO GmbH can be found on our website conroo.com.
We are committed to protecting your privacy in accordance with the highest level of privacy regulation. As such, we especially follow the obligations under the below regulations:
This policy applies to the visit of CONROO GmbH websites, domains, as well as the usage of our applications, services, and products (mobile and web applications).
This Policy does not apply to third-party applications, websites, products, services or platforms that may be accessed through (non-CONROO GmbH) links that we may provide to you. These sites are owned and operated independently from us, and they have their own separate privacy and data collection policies. Any Personal Data that you provide to these websites will be governed by the third-party’s own privacy policy. We cannot accept liability for the actions or policies of these independent sites, and we are not responsible for the content or privacy practices of such sites.
This Policy applies when you interact with us by doing any of the following:
When you make a purchase, or attempt to make a purchase, we collect the following types of Personal Data:
This includes:
When you use our products and/or features (our website, mobile application on your smartphone or the web app) we collect the following types of Personal Data:
For your identity verification, we also collect the following sensitive Personal Data:
When collecting this data, we will ensure to get your explicit consent. If you disagree with collecting this data, please contact us by using the information set out in the "Contact us" section below.
The collection of this sensitive Personal Data is necessary because you can authorize access to highly sensitive infrastructure of our contractual partners (e.g. port facilities) by using our applications and our contractual partners must collect this sensitive Personal Data on the basis of the legal provisions for the collection of this sensitive Personal Data about those persons who are granted access to the highly sensitive infrastructure.
We collect Personal Data from the following sources:
From You. You may provide us with your account information, payment information, demographic data, purchase information, content, feedback, product information, etc. by filling in forms, using our products or services, entering information online or by corresponding with us by post, chat, phone, email or otherwise. This includes Personal Data you provide, for example, when you:
Automated technologies or interactions: As you interact with our website and our products or services or have them installed on your devices, we may automatically collect the following types of data (all as described above): device data about your equipment, usage data about your browsing actions and patterns, and contact data where tasks carried out via our website remain uncompleted, such as incomplete orders or abandoned baskets or customer service requests. We collect this data by using cookies, server logs and other similar technologies. Please refer our Cookie policy for further details.
Third parties: We may receive Personal Data about you from various third parties, including:
If you provide us, or our service providers, with any Personal Data relating to other individuals, you represent that you have the authority to do so and acknowledge that it will be used in accordance with this Policy. If you believe that your Personal Data has been provided to us improperly, or to otherwise exercise your rights relating to your Personal Data, please contact us by using the information set out in the "Contact us" section below.
When you visit a CONROO GmbH website, we automatically collect and store information about your visit using browser cookies (files which are sent by us to your computer),or similar technology. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help Feature on most browsers will provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our website and we recommend that you leave them turned on. Please refer our Cookie policy for further details.
We also process information when you use our services and products or have them installed on your devices. This information may include:
We may receive your Personal Data from third parties such as companies subscribing to CONROO GmbH services, partners and other sources. This Personal Data is not collected by us but by a third party and is subject to the relevant third party’s own separate privacy and data collection policies. We do not have any control or input on how your Personal Data is handled by third parties. As always, you have the right to review and rectify this information. If you have any questions, you should first contact the relevant third party for further information about your Personal Data. Where that third party is unresponsive to your rights, you may contact the Data Protection Officer at CONROO GmbH (contact details below).
Our websites and services may contain links to other websites, applications and services maintained by third parties. The information practices of such other services, or of social media networks that host our branded social media pages, are governed by third parties’ privacy statements, which you should review to better understand those third parties’ privacy practices.
We collect and use your Personal Data with your consent to provide, maintain, and develop our products and services, understand how to improve them and to enable you to use our products and services to identify yourself for, and enable access to the premises of our contractual partners (e.g. port facilities).
These purposes include:
Where we process your Personal Data to provide a product or service, we do so because it is necessary to perform contractual obligations. All of the above processing is necessary in our legitimate interests to provide products and services and to maintain our relationship with you and to protect our business for example against fraud. Consent will be required to initiate services with you. New consent will be required if any changes are made to the type of data collected. Within our contract, if you fail to provide consent, some services may not be available to you.
We use these third-party tools to store your information:
Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of our website. You can also opt-out of Google storing the data generated by the cookie and associated with your use of our website (including your anonymized IP address) and opt-out of Google using this data by downloading and installing the Google Analytics Opt-out Browser Add-on available here.
Further information about Google Analytics can be found on their terms page and their policies page.
As personal data is transferred to the USA, further protection mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and assurances from the recipient in the USA.
Intercom
We use the contact platform of the service provider Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland. If you contact us via the contact form, email, messaging service, or chat, the information from the contact form or e-mail or well as some information about your activity (e.g., the time when you were first seen, signed up, last seen, last contacted, last heard from) will be stored by us for the purpose of processing the request and in the event of follow-up questions. An e-mail address is required to contact you.
Additionally, if you contact us via messaging service, or chat from your smartphone, the following information will be stored by us for the very same purpose:
We will never pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request. We use the Intercom tool to answer your request.
Intercom only processes the data on our behalf. This data will be deleted 9 months after your last communication with us via Intercom, provided that there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in accordance with Art. 6 para. 1 lit. f GDPR.
Since personal data may be transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and assurances from the recipient in the USA.
For further information, please refer to Intercom's privacy policy here.
Sales Viewer
On our website, the provider Sales Viewer GmbH, Universitätsstraße 60, 44789 Bochum, Germany, collects and stores data for marketing, market research and optimization purposes on the basis of the legitimate interests of the website operator (Art. 6 para. 1 lit. f GDPR).
For this purpose, a javascript-based code is used to collect company-related data and use it accordingly. The data collected with this technology is encrypted using a non-reversible one-way function (so-called hashing). The data is immediately pseudonymized and not used to personally identify the visitor to this website.
The stored data is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.
You can object to the collection and storage of data at any time with effect for the future by clicking on this link to prevent Sales Viewer from collecting data on this website in the future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again.
You can find more information here.
Stripe
We use the payment service provider Stripe, Stripe Inc, 354 Oyster Point Boulevard, South San Francisco, California, 94080, USA, to process payments for our services.
If you use chargeable components of our services, the data required for payment processing will be collected from you (name, address, bank details, credit card number and expiration date).
The use of Stripe is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable payment processing possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art.6 para. 1 lit. a GDPR.
Stripe processes the data only on our behalf. The data will be deleted as soon as you delete your customer account with us, provided that there are no legal storage obligations to the contrary.
Since personal data may be transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and assurances from the recipient in the USA.
For further information, please refer to Stripe's privacy policy.
Webflow
We host our website with Webflow. The provider is Webflow, Inc, 39811th Street, 2nd Floor, San Francisco, CA 94103, USA. When you visit our website, Webflow collects various log files including your IP addresses.
Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that may be required to display the page, to provide certain website functions and to ensure security.
The use of Webflow is based on Art. 6 para. 1 lit. f GDPR. We have alegitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TTDSG.
Consent can be revoked at any time.
Since personal data may be transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and assurances from the recipient in the USA.
For further information, please refer to Webflow's privacy policy.
IDnow
When using our services, your Personal Data will be collected and shared with IDnow GmbH, Auenstrasse 100, 80469 Munich, Germany, or its’ affiliates. In order to help us to verify your identity as part of our services and to fulfil our contractual obligations, IDnow will be processing the data by virtue of contractual agreements including a data processing agreement. For further information with regard to processing and storing of your Personal Data by the above companies, please visit the relevant company’s website and proceed to the relevant company’s privacy policy section which can be currently found here: https://www.identity.tm/download/Datenschutzerklaerung_iTM-ident.html
dbH Logistics
We also share your collected Personal Data with dbh Logistics IT AG, Martinistr. 47-49, 28195 Bremen, Germany. We use this service provider to check your identity against current sanctions’ lists, and ensuring our compliance with the relevant legal requirements and obligations in order to fulfil our contractual and statutory obligations. Compliance with data protection requirements is ensured by relevant contractual agreements including a data processing agreement. For information with regard to processing and storing of your Personal Data by dbh Logistics IT AG, please contact its data privacy officer whose contact data can be currently found here: https://www.dbh.de/datenschutz/.
Where possible, we store and process data on servers within the general geographical region where you reside (note: this may not be within the country in which you reside). Specifically, for European based companies, we have servers in the European Economic Area (EEA). Your Personal Data may also be transferred to, and maintained on, servers residing outside of your state, province, country or other governmental jurisdiction where the data laws may differ from those in your jurisdiction. We will take appropriate steps to ensure that your Personal Data is treated securely and in accordance with this Policy as well as applicable data protection law. Data may be kept in other countries that are considered adequate under your laws. In regions that are not considered adequate, we will enter into EU standard contractual clauses (or equivalent measures) with parties outside the EEA and ensure adequate controls are in place for the security of your data. More information about these clauses can be found here: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914
We will share your Personal Data with third parties only in the ways set out in this Policy or set out at the point when the Personal Data is collected.
If you use our services to identify yourself to third parties for access authorization to highly sensitive infrastructure (e.g., port facilities), we must forward the personal data collected from you to the parties responsible for the respective infrastructure on the basis of the statutory provisions(e.g., the ISPS regulations).
When you use our Gate Pass solution to access secure areas of our partners (like port facilities), we share your personal data collected during identity verification with those partners. This data is processed jointly by CONROO and the specific partner. Our joint responsibility covers everything from verifying your identity with a third-party service to generating the QR code for accessing these areas.
CONROO and the partner are only jointly responsible for your data while you use the Gate Pass to enter and move around that partner’s facilities. Different contractual operators are not jointly responsible for processing your data; each operator is individually responsible.
We handle the duty to inform you about data processing as required by Articles 13 and 14 of the GDPR and respond to your information requests under Article 15 of the GDPR. Both we and our partner share the responsibility for processing and responding to your requests to exercise other rights under Articles 16 and following of the GDPR.
The processing of your data during identity verification is based on your consent, as per Article 6 (1) (a) of the GDPR. The partner’s subsequent storage and use of your data is based on legal obligations under Article 6 (1) (c) of the GDPR and Article 3 (1) of Regulation (EC) 725/2004.
We may use or disclose your Personal Data in order to comply with a legal obligation, in connection with a request from a public or government authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. Where possible and practical todo so, we will tell you in advance of such disclosure.
We may use a third-party service provider, independent contractors, agencies, or consultants to deliver and help us improve our products and services. We may share your Personal Data with marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others but only to maintain and improve our products and services. For further information on the recipients of your Personal Data, please contact us by using the information set out in the "Contact us" section below.
A cookie is a small file with information that your browser stores on your device. Information in this file is typically shared with the owner of the site in addition to potential partners and third parties to that business. The collection of this information may be used in the function of the site and/or to improve your experience?
So long as the cookie is not strictly necessary, you may opt in or out of cookie use at anytime. To alter the way in which we collect information from you, visit our Cookie Manager.
We will only retain your Personal Data for as long as necessary for the purpose for which that data was collected and to the extent required by applicable law. When we no longer need Personal Data, we will remove it from our systems and/or take steps to anonymize it.
If we are involved in a merger, acquisition or asset sale, your personal information maybe transferred. We will provide notice before your personal information is transferred and becomes subject to a different Privacy Policy. Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
We have appropriate organizational safeguards and security measures in place to protect your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
The communication between your browser and our website uses a secure encrypted connection wherever your Personal Data is involved.
We require any third party who is contracted to process your Personal Data on our behalf to have security measures in place to protect your data and to treat such data in accordance with the law.
In the unfortunate event of a Personal Data breach, we will notify you and any applicable regulator when we are legally required to do so.
Unless a shorter storage period is specified in this Privacy Policy, we will storepersonal data for (i) as long as necessary to provide the services to you and/or (ii) as long as necessary for the performance of the contract; thereafter, the data will only be stored if and to the extent that we are required to do so by law. If we no longer need the corresponding personal data for the purposes described above, this personal data will only be stored for the duration of the respective statutory retention obligations and will not be processed for other purposes.
Depending on your geographical location and citizenship, your rights are subject to local data privacy regulations. These rights may include:
If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge, such as where you wish to opt out from marketing messages that you receive from us. If you wish to withdraw your consent, please contact us by using the information set out in the "Contact us" section below.
You can make a request to exercise any of these rights in relation to your Personal Data by contacting us by using the information set out in the "Contact us" section below.
For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information.
We may modify this Policy at any time. If we make changes to this Policy, then we will post an updated version of this Policy at this website. When using our services, you will be asked to review and accept our Privacy Policy. In this manner, we may record your acceptance and notify you of any future changes to this Policy.
To request a copy for your information, unsubscribe from our email list, request for your data to be deleted, or ask a question about your data privacy, we've made the process simple:
To us, please contact us through our chat tool here.
Write to us at:
Data Privacy Officer of CONROO GmbH
Zollhof 7, 90443 , Nürnberg , Bayern