Data protection

As of April 12, 2021

The following privacy policy applies to the website https://getbyrd.com/ and for online applications that link to this privacy policy, regardless of how these services are accessed or used (including access via mobile devices), as well as for all other services provided by byrd technologies GmbH and byrd technologies Germany GmbH (hereinafter collectively “Services”).

We may change this privacy statement at any time by posting the amended version and specifying the effective date of the amended version. If you have signed up for our services, any significant changes to this privacy policy will be notified to you by email.

1. Responsible person and contact

Joint controllers for processing personal data in connection with the use of the services are

byrd technologies GmbH
Wiedner Hauptstraße 24/12a
1040 Wien, Austria

and

byrd technologies Germany GmbH
Torstraße 99, rear building, 3rd floor
10119 Berlin, Germany

For information and suggestions on the subject of data protection, please contact us at the addresses above and at support@getbyrd.com gladly available. On request, we will also be happy to provide you with the essence of the joint responsibility agreement in accordance with Article 26 (2) sentence 2 GDPR. You can contact our data protection officer via the addendum “Data Protection Officer” and at datenschutz@getbyrd.com.

Information about your rights as a data subject can be found at .

2. Processing purposes and legal bases

We process your personal data for various purposes and on various legal bases.

2.1 Consent

With your consent, we process your personal data for the following purposes:

2.1.1 Newsletters

You have the option to subscribe to our e-mail newsletter, which we use to regularly inform you with updates on our services as well as other company news, e-commerce & logistics news and partner collaborations. In order to measure the interactions of addressees with the newsletter (e.g. measurement of opening and click rates), we use standard market technologies such as small graphics (so-called pixels) and special links that are embedded in the newsletter. We use the personal data collected in this way for general evaluations and to individualize and develop our content and customer communication. They are linked to other personal data about you that we store. If you do not want us to analyze your interactions with the newsletter, you can unsubscribe by using the unsubscribe link at the bottom of the newsletter or by contacting us using the contact details set out under Responsible and Contact. Alternatively, you can also deactivate graphics in your email program by default to prevent your interactions with the newsletter from being analyzed. In this case, however, the newsletter will not be displayed in full. The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

2.1.2 Online presence on social media

We have online presences on various social media to communicate with our customers and interested parties and to provide information about our services. When you interact with these online presences, your personal data is processed for market research and advertising purposes and an interest-based, individual user profile is created by you. For this purpose, cookies and other identifiers, i.e. pseudonymized individual identifiers, are stored on your device. Based on the user profiles created in this way, individualized advertisements are placed within social media but also on third-party websites. The legal basis for this data processing is your consent given to the respective social media operator (Art. 6 para. 1 sentence 1 lit. a GDPR).

We receive aggregated statistics about the use of our online presence from the respective social media operator. These statistics include aggregate data about page activity (actions taken on the page), page views, likes, reach, post interactions, videos, and page subscribers. Insofar as we collect your personal data in our online presence on social media together with the respective social media operator, we are joint controllers with this operator in accordance with Art. 26 GDPR. The legal basis for this data collection is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Under the following links, you will find further data protection information about the social media in which we maintain online presences, including explanations on how you can change your personal advertising settings and withdraw your consent:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Sieblin 2, Ireland)

Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Sieblin 2, Ireland)

LinkedIn (Linkedin Ireland Unlimited Company)

Information about the use of cookies and similar technologies in our own services can be found at Cookies and similar technologies.

2.1.3 Other purposes

In addition, we also process your personal data for other purposes (as stated with the respective consent), provided and to the extent that you have consented to this processing (Art. 6 para. 1 sentence 1 lit. a GDPR).

2.2 Pre-contractual measures and contract performance

When you register for our services or contact us for this purpose, we collect personal data to enter into a contract with you, perform that contract, and bill for our services. If you are already registered for our services and communicate with us on a contract-related basis, we process your data to fulfill the contract with you, including providing customer service (Art. 6 para. 1 sentence 1 lit. b GDPR).

2.3 Fulfilment of legal obligations

We process your personal data to fulfill our legal obligations (Art. 6 para. 1 sentence 1 lit. c GDPR). This includes the following processing purposes:

Participation in proceedings (including court proceedings) carried out by government agencies, in particular to investigate, and prosecute illegal acts
Prevention, detection and containment of illegal activities, provided that we are legally obliged to do so
Ensuring the information security of our services
Fulfilment of legal storage obligations
Fulfilment of data protection obligations (e.g. when exercising data subject rights)

2.4 Safeguarding legitimate interests

We process your personal data as described in more detail below to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms that require the protection of your personal data prevail (Art. 6 para. 1 sentence 1 lit. f GDPR).

2.4.1 Log files

When using our services, your device automatically transmits certain information and stores it by us in so-called log files. The log files are stored by us for 90 days exclusively to identify faults and for security reasons (e.g. to investigate attack attempts) and then delete them. Log files, the further storage of which is necessary for evidentiary purposes, are excluded from deletion until the respective incident has been finally clarified.

The following information is stored in the log files:

IP address (Internet protocol address) of the terminal device from which the services are accessed
Internet address of the website from which the online offer was accessed (so-called origin or referrer URL)
Name of the retrieved files or information
Date and time as well as duration of the retrieval
Operating system and information about the Internet browser used, including installed add-ons (e.g. for the Flash Player)
HTTP status code (e.g. “Request successful” or “Requested file not found”)

2.4.2 Preventing illegal acts

We process your personal data to prevent, detect and contain illegal activities, unless there is already a legal obligation to do so.

2.4.3 Information security

We process your personal data to secure our online access and to prevent security threats, unless there is already a legal obligation to do so.

2.4.4 Support from each other society

Insofar as processing of personal data to fulfill a contract or to fulfill a legal obligation is justified by only one of the two BYRD companies, the corresponding processing by the other company is carried out as part of joint responsibility on the basis of our legitimate interests.

3. Transfer of data

Your personal data will only be transferred under the following conditions:

You have expressly consented to this (Art. 6 para. 1 sentence 1 lit. a GDPR);
The transfer is necessary to process the existing contract with you or to carry out pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b GDPR). On this basis, we share personal data with the following recipients:

Payment service provider
other external service providers who are not contract processors;

We are legally obliged to transfer data (Art. 6 para. 1 sentence 1 lit. c GDPR). On this basis, we share personal data with the following recipients:

Law enforcement agencies, courts, other government agencies, intergovernmental or supranational bodies
third parties, if they provide us with a legal order, a court order or an equivalent legal order;

The transfer is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms that require the protection of your personal data prevail (Art. 6 para. 1 sentence 1 lit. f GDPR). On this basis, we share personal data with the following recipients:

byrd technologies GmbH/ byrd technologies Germany GmbH
Debt collection service provider
other external service providers who are not contract processors
Law enforcement agencies, courts or other government agencies, intergovernmental or supranational bodies, unless there is already a legal obligation to do so
other companies as part of a company purchase
Third parties involved in legal proceedings
other third parties

In addition, we work with service providers who work for us as so-called contract processors. These include, for example, data centers, software providers and IT service providers. These service providers are carefully selected and commissioned by us. You are contractually bound to our instructions and are required to protect your personal data through appropriate technical and organizational measures.

4. International data transfers

We transfer some of your personal data to countries outside the European Economic Area (EEA). Your personal data may also be transferred to third countries by our service providers. Third countries that offer an adequate level of data protection currently include Andorra, Argentina, Canada (with regard to companies covered by the Personal Information Protection and Electronic Documents Act), Switzerland, the Faroe Islands, Guernsey, Israel, the Isle of Man, Japan, Jersey, New Zealand and Uruguay. In other cases, we ensure that the service providers concerned contractually or otherwise guarantee an equivalent level of data protection, e.g. by concluding data protection agreements issued by the European Commission (standard data protection clauses), or through other measures provided for by law. A copy of the documentation of the measures we have taken is available at Enquire with us available.

5. Duration of data storage

We store your data for as long as is necessary to provide our services or as long as we have a legitimate interest in continuing to store it. In all other cases, we delete your personal data with the exception of data that we must continue to keep in order to fulfill contractual or legal (e.g. tax or commercial) retention periods (e.g. invoices). Contractual retention periods may also result from contracts with third parties (e.g. owners of copyright and ancillary copyright rights). We will block data that is subject to a retention period until the period expires. This applies in particular in cases where we may still need the relevant data for further contract processing or legal prosecution or legal defense. The decisive criterion for the duration of the restriction of processing is then the statutory limitation or retention periods. After expiry of the relevant limitation or retention periods, the relevant data will be deleted.

6. Your rights

Subject to legal requirements and restrictions, you have the following rights with regard to the processing of your personal data.

To assert these rights, please use the information in the section Responsible person and contact and make sure that we are able to uniquely identify you. You can either contact byrd technologies GmbH or byrd technologies Germany GmbH to assert your rights. Your application will generally be processed free of charge. For obviously unfounded or excessive requests, we reserve the right in individual cases to demand an appropriate fee (up to the amount of our actual costs) or to refuse to process the request in accordance with applicable legal regulations.

6.1 Rights to information and correction

You can request that we confirm to you whether we process personal data relating to you and you have the right to information about your data processed by us. If your data is incorrect or incomplete, you can request that your data be corrected or completed immediately. If we have passed on your data to third parties, we will inform them of the correction, insofar as this is required by law.

6.2 Right to deletion

You may request the deletion of your personal data stored by us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. If we have passed on your data to third parties, we will inform them of the deletion, insofar as this is required by law.

6.3 Right to restrict processing

You can request that the processing of your personal data be restricted if you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing.

6.4 Right to data portability

You have the right to receive personal data that you have provided to us in order to fulfill the contract or on the basis of consent, in a structured, commonly used and machine-readable format. In this case, you can also request that we transfer this data directly to a third party, insofar as this is technically feasible.

6.5 Right to withdraw consent

If you have given us consent to process your data, you can withdraw this consent at any time with effect for the future. The lawfulness of processing your data until you withdraw your consent remains unaffected.

6.6 Right of objection

If your personal data is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data, provided that there are reasons for this arising from your particular situation. This also applies to related profiling. If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

6.7 Right to lodge a complaint with the supervisory authority

You have the right to file a complaint with a data protection authority. To do so, you can contact a data protection authority of your choice, such as the data protection authority of your usual place of residence, your place of work or the data protection authorities responsible for us. These are:

For byrd technologies GmbH:

Austrian data protection authority
Barichgasse 40-42
1030 Vienna

For byrd technologies Germany GmbH:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin

7. Data security

We protect your personal data through technical and organizational security measures to minimize risks associated with its loss, misuse, unauthorized access, transmission and alteration. For this purpose, we use firewalls and data encryption, for example, but also physical access restrictions and authorization controls for data access.

8. Cookies and similar technologies

When you use our online offerings, we and selected third parties use cookies and similar technologies (e.g. pixel/web beacons) to offer you a better, faster and more secure user experience or to show you personalized advertising. Cookies are small text files that your browser automatically creates and that are stored on your device when you use the services. Web beacons are “single-pixel images” that enable recording or analysis.

Our cookies and similar technologies have various functions:

They are technically necessary for the operation of our online offerings. If you are already registered with us, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. In other cases, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, where our legitimate interest is to present our online offerings to you.
They help us to analyse and improve the use of our online offers and newsletters by creating appropriate statistics. The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
They help us improve your user experience (e.g. saving the font size and entered form data). The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
They enable us to display personalized advertising to you on our online offerings and on websites and apps from other providers. The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

We use cookies and similar technologies that only remain on your device as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device for longer (persistent cookies). Where possible, we take appropriate security measures to prevent unauthorised access to our cookies and similar technologies. A unique ID ensures that only we and/or selected third parties have access to cookie data.

Detailed information about our use of cookies and similar technologies and your choices can be found in our explanation to use cookies and similar technologies.

9. Other information

9.1 No obligation to provide personal data

If we collect personal data from you, you are not legally obliged to provide this data. However, without this data, we may not be able to conclude a contract with you and provide our services.

9.2 Services are not aimed at children

Our services are not directed at children and we also do not knowingly collect information from children under 16 years of age.

9.3 No automated decisions

We do not use your personal data for automated decisions, including profiling, in accordance with Article 22 (1) GDPR.