FUMO Solutions - Compliance Management System

»Industry solution for legal certainty in transport logistics«

Privacy policy

This is the privacy policy (“policy”) for this website which is run and provided by FUMO Solutions GmbH, Lerchenbergstraße 27, 89160 Dornstadt, info(at)fumo-solutions.com, Phone +49 7348 40717220 (we, us and our).

We will only use the personal data gathered over this website as set out in this policy. Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have.

I. Summary of our processing activities

The following summary provides you with a quick overview of the processing activities that are undertaken on our website. You will find more detailed information under the indicated sections below

  • When you visit our website for informational reasons without setting up an account, only limited personal data will be processed to provide you with the website itself (see III)
  • In case you register for one our services (e.g. FUMO web services) or subscribe to our newsletter, further personal data will be processed in the scope of such services (see IV, V and VI).
  • Furthermore, your personal data will be used to provide you with interesting advertising for our services and products (see VIII) and for statistical analysis that helps us to improve our website (see IX). Additionally, we improve your website experience with third party content (see X). 
  • Your personal data may be disclosed to third parties (see XI) that might be located outside your country of residence; potentially, different data protection standards may apply (see XII).
  • We have implemented appropriate safeguards to secure your personal data (see XIII) and retain your personal data only as long as necessary (see XIV).
  • Under the legislation applicable to you, you may be entitled to exercise certain rights with regard to the processing of your personal data (see XV).

II. Definitions

  • Personal data: means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.
  • Processing: means any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or any kind of disclosure or other use. 

III. Informational use of the website

When you visit our website for informational reasons, i.e. without registering for any of our provided services listed under IV and without providing us with personal data in any other form, we may automatically collect additional information about you which will contain personal data only in limited cases and which is automatically recognised by our servers, such as the domain name or your IP address, the date and time of your requests, the requested the data name and url,  the http-answer-code and the page you visited us, as well as the bytes transferred during the connection, search queries, the transmission protocol, and your interaction with the website or source.

We use such information only to assist us in providing an effective service (e.g. to adapt our website to the needs of your device or to allow you to log in to our website), and to collect broad demographic information for anonymised, aggregated use.

The personal data automatically collected is necessary for us to provide the website, Article 6 sec. 1 sent. 1 lit. b GDPR, and for our legitimate interest to guarantee the website’s stability and security, Article 6 sec. 1 sent. 1 lit. f GDPR.

Personal data that is collected automatically is retained for 1 month and properly erased afterwards.

IV. Registration for our services

Our website offers an online-compliance-system. In order to use the aforementioned services you have to set up an account. With regard to the registration of an account and its subsequent use, we process:

  • Your name, private or business postal adress, email address and phone number
  • The content of your orders, as well as data about the paid services you ordered from our website

The information that is necessary for the performance of the service is labelled accordingly. All further information is provided voluntarily. We will process the personal data you provide to:

  • provide you with the services and information offered through the website or which you request as well as your orders
  • communicate with you

For this, the legas basis is Article 6 sec. 1 sent. 1 lit. b GDPR.

We use the personal data and contact data you provide by registration to inform you directly about our additional products and services. The use of your personal data for directly advertising related products and services is a legitimate interest for us as a provider of this website, Article 6 sec. 1 sent. 1 lit. f GDPR.

You can object to the use of your personal data for direct marketing at any time. We will then refrain from any processing to the extent it is related to such purposes. You can inform us about your objection by contacting us at FUMO Solutions GmbH, Lerchenbergstraße 27, 89160 Dornstadt, info(at)fumo-solutions.com.

For some of our services (e.g. newsletter) we offer a notofication service. This service is provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service. You can end this service by opting out via the link provided in each notification email. This notification service is based on your consent, Article 6 sec. 1 sent. 1 lit. a GDPR.

Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your user account is used. After deletion of your account, your personal data will be erased 1 month later. Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.

V. Information about the specific uses that require registration

1. Using FUMO online compliance management system
In order to be able to use our FUMO compliance management system, you have to complete a registration process and create a user account as described under section IV. You can view your personal data and your user account in the menu, Users >> Administration.

The registered user is not able to delete his personal data because we are not able to fulfil our services in regard to our contract without the personal data. Nevertheless you can delete your user account informing us by e-mail to info(at)fumo-solutions.com.

By statutory law we are required to retain the provided financial data in relation to transactions (including address, payment and order information) for ten years. However, after 2 years we will restrict the processing of your personal data to comply with the statutory requirements and will not process the personal data any further. Regarding this, the retention of your personal data is based on Article 6 sec. 1 sent. 1 lit. c GDPR.

In addition to the extent of processing described under IV, when you use the FUMO online compliance management system we will retain your IP address and additional metadata, e.g. log time or time of action. This is necessary to ensure your legal certainty and protect you from possible liability claims due to unlawful behavior.

For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR.

2. Add new users or user accounts
You are able to create new users as user accounts that are able to access the FUMO compliance management system.

You can delete your user account by yourself or informing us by e-mail to info(at)fumo-solutions.com.

For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR.

3. Add personal data of employees
You are able to add personal data of employees that can be managed by the FUMO online compliance management system.

You can delete data of employees by yourself or informing us by e-mail to info(at)fumo-solutions.com.

For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR.

4. Publication of personal data of employees
You are able to publish contacts and contact details of employees on the FUMO online compliance management system (FUMO profile). This personal information is visible to anyone who has the URL of your FUMO profile.

You can delete personal data of employees by yourself or informing us by e-mail to info(at)fumo-solutions.com.

For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR. If the employee's agreement is required, Article 6 sec. 1 sent. 1 lit. a GDPR.

VI. Newsletter

With your email address you can subscribe to our newsletter that provides you with the latest news about our products and services if you consent to receiving such newsletters.

The legal basis for this processing is Article 6 sec. 1 sent. 1 lit. a GDPR. Your email address will be retained as long as you subscribe to our newsletter.


This service is provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service. When your subscription is not confirmed within 96 hours after the confirmation mail has been requested, the personal data you provided will not be processed for any purpose and it will be automatically erased.

You can unsubscribe from this service by opting out via the link provided in each newsletter.

VII. Automated decision making

We do not use your personal data for automated decision making which produces legal effects concerning you or similarly significantly affects you.

VIII. Analysis

1. Cookies
Our website uses cookies. Cookies are text files that are send from a web server sends to your browser and that are stored under a randomly generated identifier on your device. A cookie receives only the data that a server issues and / or the user enters on request. We do not aggregate the data stored in cookies with identifying data about a user.

The purpose of these cookies is to control the connection during your visit to our websites and to provide more effective support when you re-visit our website. Without this temporary caching, some applications would have to make entries again. Profile information on using our website is created in pseudonymous form and for system and website management, improvement and support of user guidance and optimization of the offer for user interests.

The legal basis for this processing is Art. 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to analyse our website’s traffic to improve the user’s experience and to optimise the website in general.

You can choose whether you want to restrain the storage of cookies via your web browser or decide individually if you want to save cookies with or without any notice. Please be aware that the non-acceptance of cookies may cause some display errors and some pages colud not be displayed correctly.

2. Web-analysis
For statistical analyses we use a tool called Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to collect information about the use of this site.

The tool collects information such as users visiting the website, what content pages are accessed etc.. We use the information we get from Google only to determine the most useful information you are looking for, and to improve and optimise this website. We do not combine the information collected through the use of Google analytics with personal data. 

The information generated about your use of the website will be transmitted to and stored by Google on servers in the United States. For further information about the potential risks of a cross border data transfer refer to XI. Google collects only the IP address assigned to you on the date you visit this site, rather than your name or any other identifying information. The provider will use this information in order to evaluate your use of the website, to compile reports on website activities and to provide other services relating to website and internet use to us.

We have activated the IP-anonymisation within the Google Analytics service, and your IP address will be truncated within the area of member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP-address your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google.

The legal basis for this processing is Art. 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to analyse our website’s traffic to improve the user’s experience and to optimise the website in general. The transfer to Google is based on a data processing agreement, and Google only acts on our behalf and according to our instructions. Google will retain the personal data that is collected for statistical analyses for 6 months.

We use Klaro! Cookie Consent technology on our website. This allows the visitor to decide for himself which cookies are saved. These settings can be revoked and changed at any time. The provider of this technology is KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin (hereinafter Klaro!). Only when you agree to its use in the "opt-in" procedure will a Klaro! cookie ("Klaro") be saved in your browser, in which the consent you have given or the revocation of this consent is saved. This data will not be passed on to the Klaro! provider.

The recorded data is stored until you ask us to delete it or delete the Klaro! cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Klaro! can be found at https://kiprotect.com/resources/privacy.

Klaro! uses cookie consent technology to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6, Paragraph 1, Sentence 1, Letter c GDPR.

IX. Third party content and social media plug-ins

1. Social media plug-ins
We use the following social media plug-in:

  • Facebook: Buttons regarding social network facebook. The buttons are recognizable to the Facebook logos (white "on" blue tile or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin".

This allows you to communicate with such services and like or comment from our website. Social media plug-ins enable a direct communication between your device and the servers of the social media provider, allowing the social media provider to communicate with you and collect information about you browsing our website.

This processing is based on Article 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to improve your website experience and to optimise our services.

Your personal data will be transferred to and processed in the United States. For further information about the potential risks of a cross border data transfer refer to XII. Please note that we neither have the control of the extent of personal data that is collected by the respective plug-in provider nor do we know the processing’s purpose or the period your personal data will be retained. Further information about the processing of your personal data in the provider’s course of operation is provided via their respective privacy policy. Moreover, you will be provided with further information with regard to your rights and setting concerning privacy:

Facebook: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA: http://www.facebook.com/policy.php

2. YouTube
We use the YouTube service in order to play videos directly from our website. YouTube is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you visit a page with an embedded YouTube player on our website, you will be connected to a YouTube server. In doing so, your IP address and referring URL will be transmitted to the YouTube server. When you're logged in to Google, YouTube/Google may associate this information with you and process it in your personal profile.

This processing is based on Article 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to improve your website experience and to optimise our services.

3. Links to third party websites
This website may contain links to third party websites. We are not responsible for the content and the data collection on respective third party websites; please check the privacy policy of respective websites for information of respective websites’ data processing activities.

X. Information sharing

Your personal data will be disclosed to the following third parties for the purposes mentioned above:

  • Facebook: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
  • Google: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

If you order services, we may instruct external service providers to fulfill the contract, e.g. in payment transactions via payment service providers.

Legal basis for the transfer of your personal data is Article 6 sec. 1 sent. 1 lit. b and f GDPR and represents our legitimate interest to improve your website experience and to optimise our services.

Some of the recipients mentioned above reside outside the EEA. For further information about cross border transfer in general and transfers outside of the EEA see XII.

We may disclose anonymous aggregate statistics about users of the website in order to describe our services to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics will include no personal data.

We may disclose your personal data to following contractors who assist us in providing the services we offer through the website:

  • 1&1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Deutschland

In the event that we undergo re-organisation or are sold to a third party, any personal data we hold about you may be transferred to that re-organised entity or third party in compliance with applicable law. We may disclose your personal data if legally entitled or required to do so (for example if required by law or by a court order).

XI. Cross border data transfers

Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the EEA) which may have different data protection standards from your country of residence. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures to maintain an adequate level of data protection when sharing your personal data with such countries.

In the case of a transfer outside of the EEA, this transfer is safeguarded by the Commission’s adequacy decision named the EU-US-Privacy-Shield. You can find further information about the aforementioned safeguards at https://www.privacyshield.gov.

XII. Security

We have reasonable state of the art security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our website whilst it is in transit over the internet and any such submission is at your own risk.

XIII. Data retention

We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.

XIV. Your rights

Under the legislation applicable to you, you may be entitled to exercise some or all of the following rights:

  • require (i) information as to whether your personal data is retained and (ii) access to and/or duplicates of your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
  • request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
  • refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
  • object, on grounds relating to your particular situation, that your personal data shall be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing;
  • take legal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators;
  • require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller; and/or
  • not to be subject to any automated decision making, including profiling (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or affects you with similar significance.

You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us using the contact details set out below.

XV. Contacting us

Please submit any questions, concerns or comments you have about this privacy policy or any requests concerning your personal data by email to our Group Data Protection Officer. You can contact our Group Data Protection Officer via Springer Nature Group Data Protection Officer, Gewerbestrasse 11, 6330 Cham, Switzerland, dataprotection(at)springernature.com.

The information you provide when contacting us (e.g. your name email address) will be processed to handle your request and will be erased when your request is completed. Alternatively, we will restrict the processing of the respective information in accordance with statutory retention requirements.

XVI. Amendments to this policy

We reserve the right to change this policy from time to time by updating our website respectively. Please visit the website regularly and check our respective current privacy policy. This policy was last updated on 21.05.2018.