Latest Update: 19.07.2023
This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive about users of the ControlPay modules.
By using the ControlPay web-based modules (also referred to as the "system"), you agree to the collection and use of information in accordance with this policy.
We act as a data controller for all personal data collected by ControlPay and we may request to perform processing activities from any of ControlPay divisions depending on the business specifics. We process personal data as safely and reasonably as possible and in strict compliance with the applicable data protection legislation, including the EEA’s General Data Protection Regulation 2016/679 (“GDPR”) and Brazil’s Lei Geral de Proteção de Dados, the Brazilian General Data Protection Law, Federal Law no. 13,853/2019 (“LGPD”).
Data protection queries can be sent to the group data protection officer at Transporeon via e mail to [email protected] or you can send your request by post to the following address:
Data Protection Officer
Heidenheimer Straße 55/1
- which personal data we collect and process;
- how we store and process your personal data while we perform freight audit-related business activities;
- what your rights are and whom you may contact for more information or queries.
Which personal data do we collect?
While performing business-related activities in the system, we may ask you to provide us with personal data that can be used to contact or identify you in terms of freight audit activities.
Your following personal data is collected and processed: your full name; gender (used for salutation); your business contact detail such as e-mail address and phone number, your position («Personal Information»).
How do we obtain your personal data?
We may obtain your personal data:
- due to the fact that you have provided it to us (e.g. via the system, the Service Desk platform, an e-mail you sent to us, via a contract we have with you), or
- in the framework of the execution of our business activities, due to someone else has provided it to us (a colleague of yours or your business partner) to use in the framework of ControlPay business activities
How we store and process your personal data?
Your personal data will be stored on our server in Europe. The defined ControlPay staff members, in all offices, may have an access to your personal data for the business-related purposes described above.
To achieve the objective of our processing, as described above, we may allow to access your personal data outside the European Economic Area (EEA) or outside Brazil ensuring proper technical and organizational measures for the data protection. This ability is granted to ControlPay staff members, including those in our offices outside the EEA or Brazil. The European affiliated companies of ControlPay and the affiliated companies outside of the European Union or the European Economic Area have implemented and transcribed the EU standard contractual clauses in order to ensure an adequate level of data protection and to ensure compliance with the legal requirements of Art. 44 ff. GDPR. The legal basis for access granting is Art. 6 Para. 1 clause 1 lit. f GDPR. Our legitimate interest results from the possibility to support your use of our service worldwide and in a multitude of languages.
According to Article 5 (e) GDPR and Article 16 LGPD, we only retain the personal data collected as long as the user`s account is active or otherwise for a limited period of time as long as we need it to fulfill a reasonable business purpose.
The legal grounds for processing your personal data
We process your personal data for the purposes mentioned in the previous section relying upon the following legal basis: for the purposes of the legitimate interests of our company (Article 6 (f) GDPR and Article 7 (IX) LGPD). The processing of your first name, last name, and business contact details takes place when using the system (including access to the system, communication with users, remote support and onboarding, information on updates and troubleshooting).In this respect, we will always determine whether our interests are not overridden by your interests, fundamental rights and freedoms.
How is your personal data secured?
We employ strict technical and organizational (security) measures to protect your personal data from an access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage, both online and offline. These measures include:
- training relevant staff to ensure they are aware of our privacy obligations when handling personal data;
- administrative and technical controls to restrict access to personal data to ControlPay staff members. We use strict criteria for the access authorization to your personal data (with the approach as few people as possible) and exclusively for the specified purposes;
- technological security measures, including firewalls, encryption and anti-virus software;
- back-up systems;
- login access blocks in case of loss or theft of devices;
- physical security measures.
Our security measures comply with international standards, such as ISO27001 for the data security and availability.
The security of your personal data is important to us, but please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure, thus we cannot guarantee its absolute security.
How do we use your personal data for communication?
We may send you notification letters related to freight audit activities whenever particular changes in the system/related to your account in the system or some informational points appear or in case particular actions are required from your side. We may also use your e-mail or phone number in order to contact you in terms of freight audit related activities within contract obligations fulfillment.
What are your rights regarding personal data?
- You have the right to access the personal data that we use relating to you (Article 15 (1) GDPR and Article18 (II) LGPD). In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the rights to rectification, deletion, limitation of processing, or objection, the existence of a right to complain, the source of the data, if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about the details;
- If your personal data is incorrect or incomplete/outdated, you can demand the correction of incorrect or completion of incomplete personal data stored with us (Article 16 GDPR and Article18 (III) LGPD).
- You can request to erase your personal data unless processing of such data is required for exercising the right of freedom of expression and information; compliance with legal obligations; for reasons of public interest; for the establishment, exercise or defense of legal claims (Article 17 GDPR and Article 18 (VI) LGPD). You can also ask us to restrict the processing of your personal data. This is possible in the following situations: You think that your personal data is incorrect or we no longer require your personal data (Article 18 GDPR and Article 18 (IV) LGPD.
- You have the right to withdraw your previously given consent (Article 7 (3) GDPR and Article 8 (5) LGPD).
- According to Article 20 GDPR, you may receive your personal data provided to us in a structured, standard and machine-readable format or require it to be forwarded to another controller;
- You can pose your complaint to supervising authority (Member state of residence or place of work) (Article 77 GDPR and Article 18 (IX, 1) LGPD).
- Right to object
If your personal data is processed based on legitimate interests in accordance with Art. 6 Para. 1 clause 1 lit. f GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR provided that there are reasons for this arising from your particular situation, or the objection relates to direct advertising. In the latter case, you have a general right of objection, which is implemented by us with no requirement to give a specific reason. If you would like to exercise your right of revocation or objection, please send an e-mail to
How to Contact Us