Privacy policy

This privacy policy describes how we process personal data when you use the door2door portal. Depending on the applicable agreement, you will gain access to some or all of the following services via the portal:

(each, a “Service” or, together, the “Services”).

What is personal data?

Personal data is all information relating to an identified or identifiable natural person. This may involve data that can be personally related to you, for example names, addresses, email addresses, or user behaviour.

Data Controller and Data Protection Officer

The data controller pursuant to Article 4 no. 7 of the General Data Protection Regulation (GDPR) is Door2Door GmbH, Torstraße 109, 10119 Berlin hello@door2door.io.

We have designated a data protection officer. You may contact our data protection officer under the postal address above – for the attention of the „Data Protection Officer“ – and via the email address datenschutzbeauftragter@door2door.io.

What personal data do we collect?

The data and information we collect can be divided into the following categories:

Automatically collected data
When you access and use our website and Services, we automatically collect information, including personal data, about the technologies you are using to access the website:
Log files and device information
Log files contain data that your browser automatically transmits to our web server. These log files contain information about:
  • your IP address;
  • the date and time of the request;
  • the requested URL (the specific webpage);
  • the access status/HTTP status code;
  • the extent of transmitted data;
  • the referrer-⁠URL;
  • the browser type and the browser language settings.
Cookies
We use cookies in our Reporting system, Operational/Dispatch tool and our Telephone Booking system. Cookies are small pieces of information that your browser automatically stores in your computer's memory. Cookies contain various types of information, such as information about the pages you visit, the frequency of page views and the actions you take on our site (such as sharing our sites with one of your social networks). Any data we share with third parties is pseudonymised via technical measures, so that it is not possible to assign the data to a specific user. For more information about which cookies we use and how we use these technologies, please see our cookie policy.
Data and information provided by you
  • Registration data
    The use of the Services requires you to register and then log in with the registered login data. We can register and activate a user after it has entered into an agreement regarding the use of the Services. We do not offer registration via the website. In order to access the user account and use the Services, you must use your registered login data (e-⁠mail address and password).

    If you forget or lose your password, please use the password reset function on the website and follow the reset procedure, which may require that you enter personal data. We will provide you with a provisional password which you can use to log in into your user account.

    If you contact us, e.g. for trouble shooting, we will store and process the information including the personal data you provide. If necessary, we will contact you and request further data and information for proper processing of your inquiry.

  • Statuspage
    Statuspage is a communications tool for status and incidents that helps service providers keep their customers and employees informed during downtime. If you wish to receive such status messages, you can register for this service. You will need to enter your email address. The email address is visible to our developers. It is only used for the purpose of issuing updates. Statuspage is a product of Dogwood Labs, Inc. part of the Atlassian family of companies, 465 Pine Street, Floor 13, San Francisco, CA 94104. You can view their privacy policy at https://www.atlassian.com/legal/privacy-policy.

How do we use the data we collect from you? On what legal basis do we use the data?

We use, store and process information, including personal data, about you, for the following purposes and on the following legal basis:

Provision, improvement, development and security of the websites

We use log files to make the website and its functions available to you. We also use the information and data to optimize our website and to ensure the security of our IT systems. For this purpose, your IP address must remain stored for the duration of the session.

We use log files as part of our legitimate interest in the availability and continuous development of our website. The legal basis for the use of the log files is Article 6 (1) (f) GDPR.

Access to our Services and communication with you
  • The purpose of the use of the login data is to establish the contractual relationship we have with you regarding your use of our services, to design the content, to change or terminate the contractual relationship, to fulfil our contractual obligations, to enable you to log in, and to enable us to contact you, if requested by you or required within the framework of the contractual relationship or permitted by law.

    The legal basis for the processing of personal data is Article 6 (1) (b) GDPR, because the processing is required for the fulfilment of a contract between us and you or for the implementation of pre-⁠contractual measures, which take place at your request.

    If you are not the customer who has concluded the user agreement, but the customer's employee or otherwise authorized by the customer to use the Services, the legal basis for the processing is Article 6 (1) (f) GDPR. Such processing is in the legitimate interest of the customer, namely enabling the user to use the Services in accordance with the user agreement.

  • Your email address is used in relation to Statuspage for the purpose of fulfilling our contractual communication obligations. The legal basis for the processing of personal data is Article 6 (1) (b) GDPR, as the processing is necessary for the performance of a contract between us and the customer or for the implementation of pre-contractual measures which are carried out at the customer's request, or Article 6 (1) (a) GDPR, as you have given your consent to the processing of personal data concerning you for the aforementioned purpose.
Session management
We use the information and data generated by Cookies to ensure the user-friendliness of the Services. This allows a cookie to "remember" the settings you have made so you do not have to re-enter them each time.The legal basis for the use of Cookies for session management purposes is Article 6 (1) (f) GDPR.

Will the data and information about me be shared with others?

Personal data is shared with third-⁠party technical service providers and employees of Door2Door, including outside Europe.

We ensure that the recipient offers an adequate level of data protection (e.g. according to an EU Commission decision on suitability, self-⁠certification by the recipient for the EU-⁠US Privacy Shield or agreement of the EU with the recipient of so-⁠called EU Standard Contract Clauses).

We can provide you with an overview of the recipients in third countries and a copy of the specifically-⁠agreed regulations to ensure the appropriate level of data protection.

How long will my data be stored?

We process and store the personal data for the duration of the contractual relationship or the term of the user agreement, unless the user expressly requests the deletion of his data prior to termination of the user contract. The contractual relationship includes the initiation of a contract (pre-⁠contractual legal relationship) and the process of executing a contract.

In addition, we process and store the personal data insofar as this is necessary according to legal storage and documentation obligations. Such obligations arise from the German Commercial Code and the German Tax Code. The periods for storage or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
In addition, other statutory provisions may require a longer retention period, e.g. the preservation of evidence within the framework of the statutory statute of limitations. The regular limitation period is three years; in certain cases, however, limitation periods of up to 30 years may also be applicable.

If the data are no longer required for the fulfilment of contractual or legal obligations and rights, they are regularly deleted, unless there is an overriding interest of Door2Door, for example, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage and provided that technical and organizational measures are taken to ensure that processing for other purposes is excluded.

Log files are deleted once the respective session has ended. Log files for security purposes and as a precaution against attacks on our websites are automatically erased after up to 7 days. The retention period for cookies varies according to the type of cookie and depends on your browser settings.

What rights do I have?

In accordance with applicable data protection law, you have the right of access, rectification, portability and erasure of your personal data. If the data processing is justified by our legitimate interests, you have the right to object to any future the data processing, unless the data is absolutely necessary for operation of the websites (which is particularly the case with log files).

Your right to lodge a complaint to a supervisory authority
Without prejudice to the rights described above, you have the right to lodge a complaint to a supervisory authority, in particular in the Member State of your place of residence, work or suspected infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR. The supervisory authority to which the complaint has been lodged is required to inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Contact

If you have any questions or suggestions relating to data protection, please contact us or our data protection officer at datenschutzbeauftragter@door2door.io.

Door2Door GmbH
Torstraße 109
10119 Berlin
E-⁠Mail: hello@door2door.io

Version of 30.6.2020