sennder announces the successful closing of the acquisition of the European Surface Transportation operations of C.H. Robinson.

We care about your privacy
We use cookies on our website. Some of them are essential, while others help us to improve our services and your online experience. For detailed information and your individual settings, please click below. We kindly ask you to consent to the not technically necessary cookies as described under the link below. You can call up these settings and subsequently deselect not technically necessary cookies at any time through the link "Cookie Settings" on the bottom of every page. Further information can be found in our Privacy Policy & Imprint
sennder Information & Legal

Whistleblowing Platform Privacy Policy

Whistleblowing Platform Privacy Policy outlines how we collect, use, and safeguard your personal data when you use our whistleblowing reporting platform.

sennder Technologies GmbH and its affiliated companies ("sennder") are committed to protecting your privacy and ensuring the confidentiality of any personal information you may provide.

This Whistleblowing Platform Privacy Policy outlines how we collect, use, and safeguard your personal data when you use our whistleblowing reporting platform. 

1. Controller and Contact Details

The controller of your personal data is sennder Technologies GmbH, Genthiner Str. 34, 10785 Berlin, Germany, or one or several of the affiliates of sennder that are involved in the report you are submitting:

sennder offices

sennder Technologies GmbH and all these affiliates are joint controllers for this processing. This means that sennder Technologies GmbH and its affiliates determine the purposes and means of processing jointly.

All entities have selected sennder Technologies GmbH to be your main contact for any enquiries. You can address your request to one of the entities directly, but your request will be internally forwarded to sennder Technologies GmbH.

The data protection officer of sennder can be reached at the above-mentioned address of sennder Technologies GmbH, attn. Data Protection Officer, or via a coordinator at privacy@sennder.com.

2. Personal data we may process about you, purposes of the processing and legal basis

a. Reporting person

You can report a case anonymously or non-anonymously.

If you decide to report a case anonymously, we will not process personal data of you.

If you decide, however, to report a case non-anonymously, you will have to provide at least your name and your email address. Apart from the report itself, you will have the option to provide further information such as your country, your job title, your work address, your home address, your phone number and the name of your closest manager. We will only process your personal data in these aspects if you decide to communicate it to us.

In addition, we may process any personal data contained in the file(s) you may upload to our platform. If you choose to record an audio of your voice, we will additionally process a recording of your voice. Personal data that is manifestly not relevant for the handling of the report will be deleted.

The legal basis for this processing is to fulfil our legal obligation (Art. 6(1)(c) of the GDPR), in particular the applicable national whistleblowing regulations.

In cases where reported cases contain information about special categories of personal data, the processing of such information is necessary to prepare, file or defend a legal claim in accordance with Art. 9(2)(b) of the GDPR.

b. Witnesses and subjects of the whistleblowing report 

If your personal data is included in a report that has been submitted on our platform, we may process your personal data, either as a witness or as a subject of the whistleblowing report. 

As a result, we may process your name and surname, contact details, description of the allegations, time and place and all other information that the reporting person considered relevant and that contains your personal data.

We may process your personal data to operate the platform and to process the reports received, to monitor and investigate irregularities and, if necessary, to prepare, bring or defend a legal claim.

In the rare case where information is found to be manifestly not relevant for the handling of the report, we will delete it. 

The legal basis for this processing is to fulfil our legal obligation (Article 6(1)(c) of the GDPR), in particular the applicable national whistleblowing regulations. We are further relying on our legitimate interests (Art. 6(1)(f) of the GDPR) if we consider pressing charges by demonstrating compelling legitimate grounds for the establishment, exercise or defence of legal claims (Art. 21(1) of the GDPR).

In cases where reported cases contain information about special categories of personal data, the processing of such information is necessary to prepare, file or defend a legal claim in accordance with Art. 9(2)(b) of the GDPR. 

3. Recipients of your personal data 

a. General rule 

We will not share the identity (with other persons other than those responsible for receiving and following up on the reports) of the reporting person without their express permission. 

We may only disclose the identity of the reporting person without their prior permission if we are compelled to do so by law. In the latter case, we will do our best to inform the reporting person in advance that their identity is to be disclosed, except if such disclove may impair the investigation of the accuracy of the report or the related primary investigation.  

We may forward personal data of the witnesses and subjects of the reports to anyone that must be involved in the investigation of the reported case. 

b. External parties 

To the extent necessary, we may share your personal data with external lawyers and other experts for the purpose of investigating the facts reported in the case. In addition, we may share your personal data with competent authorities in particular if we are compelled to do so by law, for instance in the context of a criminal investigation. 

c. Processors 

We use a service provider to host our whistleblowing reporting platform, Euronext Corporate Services Sweden AB, who is a processor to us. Your personal data will be processed by this service provider for the purpose of providing and operating the whistleblowing platform, on our behalf. 

For internal purposes, we use certain tools of other service providers which are also processors to us. 

As far as those processors are outside the EU, we have ensured that appropriate and suitable safeguards are in place when no adequacy decision of the European Commission exists. You may contact us through the information provided above to obtain a copy of the relevant safeguards. Please specify in your request which safeguards are or could be relevant to you.

4. Retention periods 

The data that we collect will be retained for as long as necessary to fulfil the purposes set out in Section 2 above, in accordance with our legitimate interests or for a period specifically required by applicable regulations or laws, such as the retention of data for regular reporting purposes. For instance, in Germany, this duration is of 3 years after the conclusion of the relevant proceeding (Sect. 11(5) of the German Whistleblower Protection Act).  

5. Security 

Our whistleblowing platform is encrypted, and password protected to ensure the anonymity of the reporting person. Notifications received through the platform are only received and handled by authorised personnel. No IP addresses are registered in the platform, and the system does not use cookies. 

All data communication and storage of personal data is encrypted to prevent them from being distorted or disclosed to unauthorised persons.

6. Your rights

According to data protection legislation, you may have a number of rights regarding the data we process about you. If you wish to exercise any of these rights, please contact us at the contact details set out above.

a. Right of access. You have the right to access your data (if we process it). This will enable you, for example, to check that we use your data in accordance with data protection law. The right of access does not apply to data that can reveal the identity of the reporting person. Note also that according to Article 14(5)(b) the right to access is limited if the information is likely to render impossible or seriously impair the achievement of the objectives of that processing (to investigate a case).

b. Right to rectification. You have the right to have your data corrected if it is inaccurate or incomplete. You may request that we rectify any errors in the data we hold.

c. Right to erasure (“right to be forgotten”). You have the right to request that we erase personal data of you, for example if the data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or if there is no legal basis for processing the data. Note that this right is not absolute and only applies in certain circumstances.

d. Right to restrict processing. You are entitled to request that the processing of your personal data should be limited until inaccurate or incomplete information about you has been corrected, or until an objection from you has been handled.

e. Right to object. You have the right to object to processing based on legitimate interest. This means that we may no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests.

f. Right to lodge a complaint. You always have the right to lodge a complaint to a competent data protection authority.