Back 
Already have an account?
Login
Select a language
Privacy Policy
1. Introduction
1.1. Spotos GmbH (hereinafter “Company” or “we”) respects your privacy and is committed to protecting it through compliance with this Privacy policy (hereinafter “Privacy policy”).
1.2. We are operating Spotos platform via Website, a web-based platform, which goal is to digitalize, automate and simplify logistics process, ensure price transparency, simplify communication and save time.
1.3. The purpose of this Privacy Policy is to inform you of:
1.3.1. The types of personal data which we may collect about you and how it may be processed;
1.3.2. Our use of personal data regarding IP Addresses and our use of cookies;
1.3.3. Any disclosure of personal data to third parties;
1.3.4. Your ability to correct, update and delete your personal data;
1.3.5. The security measures we have in place to prevent the loss, misuse, or alteration of personal data under our control;
1.3.6. Retention period of personal data.
1.4. In this Privacy policy we provide information on how we process data subjects Personal data in the course of carrying out the Company’s business, concluding and executing agreements, managing orders, and providing our services.
1.5. We commit ourselves to be transparent with you by providing clear information about what Personal data we process, the purpose of the processing, the retention period of the Personal data as well as the legal basis for the processing, your data subjects rights, and other information that we are required to provide under to applicable legislation.
1.6. If you use our Services, including, but not limited use the Website and/or the Platform / App, it means you have read this Privacy policy and understood the purposes, methods, and procedures for processing your Personal data specified herein. If you do not agree with the Privacy policy, do not use the Website or the App.
2. Definitions
|
Account |
shall mean a digital account created on the Platform or in the App. |
|
App |
shall mean the Company’s software for smartphones, tablets, and/or other mobile devices, which is used to create the Account and to use it – Spotos driver App. |
|
Company (or we / us) |
Spotos GmbH, business address Goethering 5, 49074 Osnabrück, Germany, legal entity code HRB 218363, phone No +4954193214110, email address: [email protected]. |
|
Consent of the data subject |
any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of Personal data relating to him. |
|
Data controller |
natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of Personal data. In this Privacy policy, the Data controller is the Company. |
|
Data processing |
any operation or set of operations performed with Personal data carried out with or without automated means, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, distribution or otherwise making available, alignment or combination, restriction, erasure or destruction. |
|
Data processor |
a natural or legal person, public authority, agency, or other body which processes Personal data on behalf of and for the account of the Data controller. |
|
Data recipient |
means a natural or legal person, public authority, agency, or another body, to which the Personal data are disclosed, whether a third party or not. |
|
Data subject (or you) |
An identified or identifiable natural person whose Personal data are being processed. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as his or her name, identification number, location, online identifier, or one or more factors specific to the physical, physiological, genetic, religious, economic, cultural or social identity of that natural person. |
|
Direct marketing |
an activity aimed at offering goods or services by post, telephone, or other direct means and/or inquiring their opinion on goods or services offered. |
|
Regulation |
2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation”). |
|
Platform |
web-based platform (https://platform.spotos.eu/login), which goal is to digitalize, automate and simplify logistics process, ensure price transparency, simplify communication and save time. |
|
Website |
the Company’s website https://spotos.eu/.
|
2.1. Other terms shall have the meanings assigned to them and defined in the Regulation.
3. What are personal data and how are they processed?
3.1. Personal data is any information about you that could directly or indirectly identify your identity you by name, surname, personal code, location data, and IP address and other physical, physiological, genetic, mental, economic, cultural, or social aspects of your identity.
3.2. Company manages your personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and other legislation regulating the protection of personal data.
3.3. When processing your personal data, Company follows the following principles of personal data processing:
3.3.1. Your personal data are processed only to the extent necessary to achieve the relevant, clearly defined and legitimate purposes, taking into account the protection of your privacy;
3.3.2. Your personal data are processed accurately, fairly and lawfully and only for purposes that are consistent with the purposes for which your personal data were collected prior to collection;
3.3.3. Your personal data are processed strictly in accordance with the statutory requirements for clear and transparent processing of personal data;
3.3.4. Your personal data will be processed only in a form that identifies you for no longer than it is necessary for the purposes for which the personal data are processed;
3.3.5. The processing of your personal data is subject to relevant technical and organisational measures to ensure the security of personal data, including protection against unlawful data processing and unintentional loss, destruction and damage.
4. The purposes, scope, retention period and legal basis of the processing of Personal data in the Company
4.1. For the Company’s service providing:
4.1.1. In order to use the Website, Platform and/or App:
|
Categories of personal data |
Name, surname, bank account, payment card information (card type, card number digits, expiry date), account creation date, position (Carrier / Shipper / Driver), VAT code (if you registered for VAT), business certificate or self-employment certificate, one-man enterprises code, liability insurance data, carrier license data, proof of payment for liability insurance, certificate of entry in the business register, business address, photos taken by the Driver related to the performance of the contract, details of the person delivering the goods and the person picking up the goods, contact details: email address and telephone number, IP address and other related data. |
|
Legal basis of data processing |
Personal data are processed in accordance with point (b) of Article 6 (1) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract). |
|
Retention period |
10 (ten) years after the agreement expires or is terminated. If the agreement provides for a warranty period that exceeds the processing term of 10 (ten) years, then all Personal data relating to the agreement will be stored until the warranty period expires. If the agreement is required during the court proceedings, due to which the specified processing period of 10 (ten) years is extended, then all Personal data related to the concluded agreement will be processed for 1 (one) year from the final decision of the relevant institutions |
When registering for the first time on our Platform, you must provide your personal data (name, surname, contact data, representative company data, etc.) so that we can create access to the Platform for you. You will receive a link to your email address to create a password on the Platform. After creating an Account, you also need to make a 1 cent payment and generate mandatory documents (depending on the position). After successfully completing all these steps, you are approved by Spotos and can use the Platform. With logins, you can connect directly to the Platform. Further processing of personal data for this purpose takes place on the Platform and App.
4.1.2. For conclusion and performance of the agreement (including, but not limited: to supervise the performance of the agreement, to manage the payments under the agreement, to settle the complaints related to concluding, performing, or terminating the agreement, debt recovery):
|
Categories of personal data |
Name, surname, bank account, payment card information (card type, card number digits, expiry date), position (Carrier / Shipper / Driver), VAT code (if you registered for VAT), business certificate or self-employment certificate, one-man enterprises code, liability insurance data, carrier license data, proof of payment for liability insurance, certificate of entry in the business register, business address, contact details: email address and telephone number, payments information, information on debts (if applicable), other service agreement data. |
|
Legal basis of data processing |
Personal data are processed in accordance with: (i) point (b) of Article 6 (1) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract); (ii) point (c) of Article 6 (1) of the Regulation (processing is necessary for compliance with a legal obligation to which the controller is subject); (iii) point (f) of Article 6 (1) of the Regulation (processing is necessary for claiming, enforcing or defending legal claims. |
|
Retention period |
10 (ten) years after the agreement expires or is terminated. If the agreement provides for a warranty period that exceeds the processing term of 10 (ten) years, then all Personal data relating to the agreement will be stored until the warranty period expires. If the agreement is required during the court proceedings, due to which the specified processing period of 10 (ten) years is extended, then all Personal data related to the concluded agreement will be processed for 1 (one) year from the final decision of the relevant institutions |
4.1.3. To ensure the legal requirements applicable for the Company (by issuing invoices and other financial documents on goods and services, to ensure the truthful implementation of the taxation obligations, issuing accounting documentation and declaration to the government institutions):
|
Categories of personal data |
Name, surname, bank account, payment card information (card type, card number digits, expiry date), account creation date, VAT code (if you registered for VAT), business certificate or self-employment certificate, one-man enterprises code, business address and other invoice or financial documents data. |
|
Legal basis of data processing |
Personal data are processed in accordance with point (c) of Article 6 (1) of the Regulation (processing is necessary for compliance with a legal obligation to which the controller is subject).
|
|
Retention period |
10 (ten) years after the agreement expires or is terminated. If the agreement provides for a warranty period that exceeds the processing term of 10 (ten) years, then all Personal data relating to the agreement will be stored until the warranty period expires. |
4.1.4. To ensure the protection of assets and the fulfillment of the Company’s contractual obligations to the Company’s customers (GPS tracking):
|
Categories of personal data |
Location and movement data (via Spotos driver App). |
|
Legal basis of data processing |
Personal data are processed in accordance with: (i) point (b) of Article 6 (1) of the Regulation (processing is necessary for the performance of a contract to which the Data subject is party or in order to take steps at the request of the Data subject prior to entering into a contract); (ii) point (f) of Article 6 (1) of the Regulation (processing is necessary for the purposes of the Company’s legitimate interests, i.e. protection of assets). |
|
Retention period |
Real-time data (via Spotos driver App). |
The Company’s services require that we record the location data of Drivers during the execution of transports and in certain cases pass this data on to our clients (in accordance with service providing agreement).
This recording is done by GPS via Spotos Driver App. When using the App, the location data is collected by the Company itself.
4.1.5. Direct marketing:
|
Categories of personal data |
Name, surname (only if you submit the surname), e-mail address, telephone number. |
|
Legal basis of data processing |
Personal data are processed in accordance with point (a) of Article 6 (1) of the Regulation (based on data subject consent). |
|
Retention period |
2 (two) years or until withdrawal of consent. |
We process your Personal data in order to be able to provide general and personal offers (including offers from our partners) and other information. We can send notifications, offers and related information to you in several ways: by e-mail, phone (including call and SMS) and social media.
In order to choose notifications and offers to be sent to you, to know you and your needs better, to improve your experience while using our services, to automate use of marketing tools for the most effective customer engagement, to expand the range of services we offer and to constantly improve them, to give you relevant, interesting and useful offers and other information about our services, we analyze data related to customers’ behavior on the Website (cookies), patterns of use of our services and/or other signs, and will use such data to group customers (profiling). For these purposes, we use advanced data analytics tools, which are based on automated data analysis.
You can unsubscribe from our marketing communications at any time by clicking the appropriate link at the bottom of the messages we send or contacting us by e-mail: [email protected] .
4.1.6. Quality assurance (recording of telephone conversations):
|
Categories of personal data |
Date, time, number, telephone conversations. |
|
Legal basis of data processing |
Personal data are processed in accordance with point (a) of Article 6 (1) of the Regulation (based on data subject consent). |
|
Retention period |
60 days from the day of recording. |
4.1.7. By sending us a message, inquiry, and / or complaint using the communication tool offered by the Website, Platform or otherwise:
|
Categories of personal data |
Name, email and text of the message, request and / or complaint (including personal data therein), your evaluation of the provided service/consultation. |
|
Legal basis of data processing |
By sending us messages, inquiries and/or complaints, you express your consent to the processing of your personal data referred to above (Article 6 (1) (a) of the Regulation). If the message, request and / or complaint relates to the services we provide (as defined in the Germany Consumer protection rules), then we will have a legal obligation to respond to your messages / inquiries / complaints (Article 6 (1) (c) of the Regulation). We may also process your personal data for the purpose of claiming, enforcing, or defending legal claims (Article 6 (1) (f) of the Regulation. |
|
Retention period |
Your messages, inquiries and / or complaints (including mandatory personal data) will be stored at the time of the investigation of the notification and 4 years from the end of the correspondence / closing of the request. Personal data may be stored longer if they are needed to protect our or third party’s legitimate interests, such as in case of the statutory limitation terms or legal disputes. |
4.2. In order to select candidates for job vacancies
|
Categories of personal data |
Personal data that you provide to us in your CV and during the job interview (e.g. full name, contact details, information about education, work experience, foreign language skills and etc.). |
|
Legal basis of data processing |
Personal data are processed in accordance with point (a) of Article 6 (1) of the Regulation (based on the data subject’s consent) and point (f) of Article 6 (1) of the Regulation (based on processing is necessary for the purposes of the legitimate interests, i.e. to ensure the legitimate interest of the employer in selecting a suitable candidate for the job and at the end of the selection). |
|
Retention period |
90 days from the end of the selection of candidate. |
4.3. In order to improve our Website, we may process cookies. You can find more information about the processing of cookies in the Cookie Policy.
5. Children’s personal information
5.1. We do not knowingly request to collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, we will require the user to close his or her Account and will not allow the user to continue to use the Platform/App. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using the Platform/App, so we can take action to prevent access to the Platform/App.
6. The sources of data obtained and processed by the Company
6.1. We receive your Personal data from you when we are concluding the agreement. We shall not enter into the agreement if you won’t provide all the necessary information. In such case, you won’t be able to perform any purchases or orders on our Website, Platform or App.
6.2. When you communicate with the Company, we receive the data from you:
6.2.1. When you use the Company’s services;
6.2.2. When you have a legal relationship with the Company, for example, registration for services, placing or receiving the orders on the Website, Platform or App;
6.2.3. When you submit your request for information.
6.3. We may process your Personal data when we receive the data from legitimate sources:
6.3.1. Parties of the agreement and contracting partners (the data about the representatives and employees);
6.3.2. Public professional social media;
6.3.3. Third persons;
6.3.4. Other legal sources.
7. The cases and grounds for transfer and disclosure of Personal data to the third parties
7.1. In order to ensure a continuous operation and the proper provision of services, we may disclose your personal data to our employees, managers, suppliers, subcontractors, and service providers, if reasonably necessary to achieve those purposes.
7.2. We may also transfer your personal data to subsidiaries (Spotos Companies) and to third parties who process your personal data and / or have access to them, on our behalf and upon our instructions, e.g. to the providers of IT systems and other persons who help us to duly provide you with the services.
7.3. In this case, Company will take appropriate measures to ensure that the processors involved process the personal data assigned to them solely for the purposes we have specified, and only perform the actions we have been instructed to do and ensure appropriate organisational and technical measures for the protection of personal data.
7.4. We can disclose your Personal data to:
7.4.1. Auditors, financial and legal advisers – in order to response to legal proceedings or to obtain legal advice, or disclosure is necessary to establish, exercise or defend our rights;
7.4.2. Processors, such as an archiving company;
7.4.3. Banks or payment service providers (Kevin);
7.4.4. Public authorities and law enforcement agencies (if we are obligated);
7.4.5. Companies for the purposes of debt management or debt recovery (e.g. Transcash, Coface and others). Before transferring this data, the data subject is informed about the indebtedness and about the cases and terms of such transfer of data to debt collection companies.
7.4.6. Credit rating companies (e.g.: Creditinfo and others). For the purpose of creditworthiness assessment. Before transferring this data, the data subject is informed about such data transferring.
7.4.7. Data protection officer service providers.
7.5. In order to secure appropriate security lever, in such a manner that processing Personal data will meet the requirements of the Regulation and ensure the protection of the rights of the Data subject which data is processed, we are cooperating only with those service providers who are obliged to implement necessary technical and organizational measures.
8. Jurisdiction and territory of the processed Personal data
8.1. We process your Personal data in the territory of the European Union, except for the exceptions below. We have no intention to transfer and we are not transferring your Personal data to the third countries.
8.2. Please note, that some of the data we collect when you are browsing our Website, using Platform / App or data generated by visiting our Website or using Platform / App, may be transferred or available to the companies acting by both in the European Economic Area (EEA) and the third countries such as United States of America and other non-EEA countries (such as Google Analytics, Facebook Ads or other similar services, functionalities and goods). The data which we collect when you visit our Website or use the Platform / App in certain cases can be transferred to third countries.
8.3. In order to ensure an adequate level of data security and to guarantee the lawful transfer of data for transfer of data outside the EU and the EEA, we are following the terms and conditions set out in the Regulation.
9. The security of data processed by the Company
9.1. In order to guarantee the security of your data we use appropriate organizational and technical measures to protect your personal information from loss, misuse, alteration or destruction. The security measures in place will, from time to time, be reviewed in line with legal and technical developments.
9.2. The data is stored securely and provided only for those persons who have to access the data to perform their duties and obligations. In order to secure your data, we also demand our business partners to implement necessary technical and organizational measures.
9.3. Occasionally, at our discretion, we may include or offer third party products or services on our Website or Platform. These third-party sites have separate and independent privacy policies. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, of each site that you visit. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
9.4. We do not control those third-party sites or any of the content contained therein, and you agree that we are in no way responsible or liable for any of those third-party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites
10. Data subject’s rights
10.1. You as the Data subject have the rights under the Regulation and law and you can freely exercise your rights. In this Privacy policy we are delivering your rights guaranteed to you by Regulation and the main ways how to implement your rights.
10.2. Your data subject’s rights:
10.2.1. The right to obtain information regarding processing Personal data:
10.2.1.1. At the moment when we collect your data we provide you with information regarding processing your Personal data. You can always find the information on how we process your Personal data in this Privacy policy or by submitting your request by email [email protected] .
10.2.2. The right to access data processed:
10.2.2.1. You have the right to access the Personal data and obtain a confirmation from us on how we process your Personal data, including the basis for processing data, categories, data processors, and other information. We will provide a copy of your data. You have the right to obtain your Personal data in a structured, commonly used, and computer-readable format. However, you will not be able to exercise this right in cases where it may adversely affect the rights and freedoms of third persons. We have the right to refuse to provide the data we process if there are legal grounds set out in the law under which the Personal data are not provided.
10.2.3. The right to rectify your Personal data:
10.2.3.1. You have the right to rectify or modify, amend or correct your Personal data.
10.2.4. The right to request the erasure personal data (right to be forgotten):
10.2.4.1. You can exercise this right when:
10.2.4.1.1. The Personal data are no longer necessary in relation to the objectives for which they were collected or otherwise processed;
10.2.4.1.2. You withdraw consent and there is no other legal ground for the processing;
10.2.4.1.3. You object to the processing pursuant to our legitimate interest or third party interest;
10.2.4.1.4. Data is processed for direct marketing purposes;
10.2.4.1.5. The Personal data have been unlawfully processed;
10.2.4.1.6. Personal data must be erased in accordance with the requirements of the legislation applicable to us. In some cases, you will not be able to exercise the right to be forgotten due to some exceptions. These exceptions cover the cases where the processing of Personal data is necessary in order to:
10.2.4.1.6.1. For exercising the right of freedom of expression and information;
10.2.4.1.6.2. For compliance with our legal obligation;
10.2.4.1.6.3. For the establishment, exercise or defense of legal claims.
10.2.5. Right to restriction of your Personal data processing:
10.2.5.1. You can exercise this right:
10.2.5.1.1. When you challenge data accuracy;
10.2.5.1.2. When Personal data is processed unlawfully, however you don’t want to delete your Personal data;
10.2.5.1.3. When there is no need to process your Personal data, however you request data in order to establish, exercise or defense of legal claims.
10.2.5.2. When you restrict processing your Personal data based on our or third-party legitimate interest, the data will be processed until the ground of your restriction will be verified.
10.2.5.3. We must point out, that because of the restriction of data processing, during the period of such restriction, we may be continuing to store your data, without processing data, except:
10.2.5.3.1. For the establishment, exercise or defense of legal claims;
10.2.5.3.2. To protect the rights of natural or legal persons;
10.2.5.3.3. For important reasons of public interest.
10.2.6. Right to object to data processing.
10.2.6.1. You have the right to object to Personal data processing when Personal data is processed based on our legitimate interests. To exercise the right specified in this paragraph, please submit a written request by e-mail [email protected] .
10.2.7. Right to object to data processing, when direct marketing is the basis for processing.
10.2.7.1. When you withdraw your consent of processing your Personal data for direct marketing purpose, we won’t process data based on your consent for this purpose.
10.2.8. Right to data portability.
10.2.8.1. You can exercise this right when we process your data by automated measures (computers, etc.) and the legal basis for processing is:
10.2.8.1.1. Your consent;
10.2.8.1.2. The performance of the agreement or our actions made with your request before concluding the agreement.
10.2.8.2. With your request and where technically possible we will move your data to another data controller.
10.2.9. Right to withdraw the consent to process your Personal data.
10.2.9.1. In those cases, where we process your data on the basis of your consent, you have the right to withdraw your consent at any time and data processing based on your consent will be stopped. Withdrawal of consent will not affect the lawfulness of the processing prior to the withdrawal.
10.2.10. Right to lodge a complaint to the supervisor authority.
10.2.10.1. If you think that we process your data in breach of the requirements of Personal data protection legal acts, we always ask that you contact us directly at first. If you are not satisfied with a problem solution, you will have the right to lodge a complaint with the The German Federal Data Protection Authority (Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit), (www.bfdi.bund.de), phone: +49(0)228 997799-0, email: [email protected].
10.2.10.2. Spotos Companies that act as data processors concerned Supervisory Authority are: State Data Protection Inspectorate (www.vdai.lrv.lt), address L. Sapiegos str. 17, LT-10312 Vilnius, Lithuania, phone (+370 5) 271 2804, 279 1445, fax. (+370 5) 261 9494, e-mail [email protected]).
11. Company contacts and communication methods
11.1. If you will have any questions how we process data or if you will have any requests or remarks, please contact us: [email protected].
12. Examination procedure of requests
12.1. In order to protect our client’s Personal data from illegal disclosure, upon receipt of your request to present data or implement other rights of yours, we will have to verify your identity.
12.2. In those cases, when you didn’t register on the Platform, in order to verify your identity, we may ask you to indicate relevant data (e.g. name, date of birth, e-mail address, or telephone number). In the performance of this verification, we may also send a control notification at the last contact (SMS or e-mail), asking to take an authorization action, we may also request additional documents or data. If the verification procedure fails, we will be forced to state that you are not the Data subject of the requested data and we will have to reject your request.
12.3. Upon receipt of your request regarding implementation of any right of yours and having successfully performed the above-indicated verification procedure, we undertake without undue delay, but in any case no later than within one month after receipt of your request and completion of the verification procedure, to give you information about actions we took with regard to your request. With regard to complexity and number of requests, we have the right to extent the period of one month for two more months, informing you about it before the end of the first month and indicating reasons for such an extension.
12.4. If your request is submitted electronically, we will give the answer to you electronically, too, unless it is impossible (e.g. due to a particularly large scope of information) or when you request to answer you in some other way.
12.5. We have the right to refuse to satisfy your request by our reasoned written response under the conditions and grounds provided for in legal acts. We will provide you with information free of charge, however, if the requests are manifestly unfounded or disproportionate, in particular because of their repetitive content, we may require a reasonable fee to cover administrative costs or may refuse to act upon your request.
13. Final provisions
13.1. We have the right to change this Privacy policy periodically in order to properly reflect how we process your Personal data.
13.2. If we made significant changes we shall inform you by publishing on the Website/ Platform / App or otherwise, for example by email, so that you would be able to review changes before you visit our Platform / App.
13.3. If any provision of the Privacy policy shall be found to be invalid or unenforceable, this provision does not affect the legality and validity of the remaining provisions of the Privacy policy.
13.4. Privacy policy is valid from 2023/01/02.