Get Started

Privacy Policy for Customers and Cooperation Partners

 

This privacy policy describes how Heylog GmbH (“Heylog” and “we“) processes your personal data that you or your employer or the transport company that delivers products to you provide. Heylog takes the protection of your data very seriously. For this reason, your personal data will be treated confidentially and in accordance with this privacy policy and the statutory provisions. This privacy policy informs you about the nature, scope and purposes of the processing and use of your personal data by Heylog in connection with the provision of Heylog’s cloud-based communication system, which can be used to communicate easily between logistics companies and drivers via existing communication systems such as Email, Viber, WhatsApp (the “Services“).

 

  1. Controller

The controller responsible for processing your data is:

 

Heylog GmbH
Wiedner Gürtel 13
Icon Tower 24-3 Regus
1100 Wien
Austria

tel.: +43 66488664268
e-mail: [email protected]
website: https://www.heylog.com/

 

  1. Personal Data

 

  • Personal data means any information relating to an identified or identifiable natural person (so-called “data subject”). Personal data therefore includes, for example, name, address, e-mail address, telephone number, date of birth, age, gender, social security number. There are also special categories of personal data (so-called “sensitive data”). The GDPR defines this as data that reveals, for example, ethnic origin, political opinions or health status.
  • As part of the provision of the Services, it is necessary for Heylog to process data that Heylog’s customers disclose. This involves processing data that is provided voluntarily (e.g. names and titles of employees, e-mail addresses, treatment and illness data that is fed into the Heylog system), as well as data that is generated due to the fulfilment of the contract (e.g. results from the Services).

2.3. Location Data (Companion App)

If the Companion App is used, GPS location data is processed exclusively to display the driver’s current position on a map and to enable accurate navigation on company premises. The location data is only used during active usage of the app and is not tracked in the background. This processing is based on the user’s consent pursuant to Art 6 para 1 lit a GDPR and can be withdrawn at any time by disabling location services in the device settings.

  1. Data subjects, categories of personal data and origin of the personal data
  • Both for the conclusion of the contract for the Services and for its fulfilment, it is necessary that our customers and cooperation partners provide us with personal data, which will subsequently be processed by us. Failure to provide personal data would mean that the contract cannot be concluded.
  • In principle, a distinction must be made between three groups of data subjects in the data processing operations in question:
  • customers of Heylog and their employees (Group 1)
  • transport companies commissioned by customers and, if applicable, their employees (Group 2)
  • recipients of the transported goods (Group 3)
  • Personal data that we process while providing the Services are:

 

Group 1:

  • name
  • e-mail address, telephone number
  • address
  • access data
  • payment information (such as invoices and bank details)
  • contract data (such as term and subject of the contract)
  • IP address and other communication and meta data
  • results of service provision and order data
  • other related data
  • Driver name
  • Driver Mobile
  • Dispatcher contact details
  • Order details
  • User login
  • Email Messages
  • Whatsapp messages
  • Location

 

Group 2:

  • name
  • e-mail address, telephone number
  • address
  • IP address and other communication and meta data
  • results of service provision and order data
  • other related data
  • Driver name
  • Driver contact details
  • Plate numbers
  • Location

 

Group 3:

  • name driver
  • Mobile number driver
  • Email Address Dispatcher
  • e-mail address, telephone number
  • residential and/or delivery address

 

 

3.4 Heylog receives the data of data subjects either from the data subjects themselves, from their employers (Group 1 in each case) or from their clients (Groups 2 and 3). Under no circumstances, however, are data subjects or contractual partners of Heylog obliged to provide us with data that is not relevant or legally required for the fulfilment of the contractual Those persons who provide Heylog with the relevant personal data must inform the data subjects about this privacy policy and about its accessibility.

 3.5 In the privacy policy on the Heylog website, we provide information about data processing when visiting the website or fan pages of Heylog.

3.6 We only process sensitive data within the meaning of Art 9 GDPR (e.g. health data, religion, trade union membership, etc.) on the basis of the express consent of the data subject or on the basis of another legal basis specified in Art 9 GDPR. However, Heylog does not process any sensitive data by default.

 

  1. Legal Basis for the Processing

 

  • For the Performance of a Contract – Art 6 para 1 lit b GDPR

Insofar as the processing of your personal data is necessary for the performance of the contract (in particular regarding the Services), Art 6 para 1 lit b GDPR serves as the legal basis.

  • Legal Obligations – Art 6 para 1 lit c GDPR

Insofar as we are subject to a legal obligation that requires the processing of personal data, Art 6 para 1 lit c GDPR serves as the legal basis. This includes, in particular, retention obligations under company and tax law.

  • Legitimate Interest – Art 6 para 1 lit f GDPR

If the processing of personal data is necessary to safeguard a legitimate interest of Heylog or a third party, Art 6 para 1 lit f GDPR serves as the legal basis. A legitimate interest of Heylog is, in particular,

  1. i) to ensure network and data security, but only to the extent that the legitimate interest is consistent with applicable law and with the rights and freedoms of data subjects;
  2. ii) to be able to fulfil contracts with customers and cooperation partners;

iii) to be able to assert, exercise or defend legal claims; and

  1. iv) to be able to ensure a publicly effective advertising presence.
  • Consent – Art 6 para 1 lit a GDPR

For those processing operations for which we obtain consent for a specific processing purpose, Art 6 para 1 lit a GDPR serves as the legal basis. Consent that has been granted can be revoked at any time with effect for the future by notifying Heylog of the revocation at any time by e-mail or post.

 

  1. Automated Individual Decision-Making in Accordance with Art 22 GDPR

Heylog does not use automated decision-making in accordance with Art 22 GDPR.

 

  • Transfer of Data to Third Parties

 

  • Only those departments or employees within Heylog that need your data to fulfil our contractual and legal obligations will receive it. In addition, we use processors to whom your data is made available. Processors are companies or persons who process personal data on our behalf, e.g. service providers such as hosting or cloud providers, payment or newsletter providers. All processors are contractually obliged to treat your data confidentiality  in accordance with Art 28 GDPR and are only authorised to process your data as part of their service provision.
  • The transfer of the data relevant in the respective individual case takes place on the basis of the statutory provisions or contractual agreement to the following bodies:

please see Heylog DPA

In addition, the data relevant in the respective individual case may be transmitted to the following bodies:

  • courts
  • legal representatives and tax consultants
  • tax office
  • Accountancy firms
  • The potential recipient of your personal data may be located outside the European Union or may process your personal data there. The level of data protection in other countries may not be the same as in Austria. However, Heylog will only transfer your personal data to countries that have an adequate level of data protection according to the EU Commission. Alternatively, Heylog takes measures to ensure that all recipients have an adequate level of data protection, such as the conclusion of agreements within the meaning of the standard contractual clauses (Implementing Decision (EU) 2021/914) with appropriate measures.
  • In certain circumstances, Heylog may be required by law to disclose your data to e.g. supervisory authorities and law enforcement agencies, but only to the extent necessary to prevent and/or detect fraud and other criminal offenses or to ensure network and data security.

 

  1. Storage of Data and Data Security
  • We take appropriate organisational and technical precautions to protect your personal data. These precautions relate in particular to protection against unauthorised, unlawful or accidental access, processing, loss, use and manipulation of your personal data. Please note that we therefore accept no liability whatsoever for the disclosure of information due to errors in data transmission not caused by Heylog and/or unauthorised access by third parties (e.g. hacking of e-mail accounts or telephones, interception of faxes).
  • The data will be processed as long as this is necessary to fulfil Heylog’s contractual or legal obligations (in particular retention periods under company law) and to defend against any liability claims. As soon as the legal basis is no longer fulfilled, Heylog deletes or anonymises the personal data. Heylog will ensure that your personal data is treated in accordance with this privacy policy for the entire period of time.

 

  1. Your Rights as a Data Subject
  • As a data subject, you have the right to information about your stored personal data, its origin and recipients and the purpose of the data processing at any time. You also have the right to rectification and data portability and, if necessary, to object, to restrict the processing or to erasure of inaccurate or inadmissibly processed data.
  • Your request for information, erasure, rectification, objection and/or data portability can be sent to the addresses provided by the data protection officer.
  • If you are of the opinion that the processing of your personal data by Heylog violates the applicable data protection law or your data protection claims have been violated in any other way, you have the option of complaining to the data protection authority. In Austria, the data protection authority (Datenschutzbehörde) is responsible for this (https://www.dsb.gv.at/).

 

  1. Changes to the Privacy Policy

Heylog reserves the right to amend this privacy policy if necessary, for example due to technical developments or legal changes. The updated privacy policy will be made available after each update.