Object of protection
The object of protection is personal data. This is any information relating to an identified or identifiable natural person ("data subject"). This includes, in particular, information that allows conclusions to be drawn about your identity (e.g., information such as name, postal address, email address and telephone number).
In order for you to connect to our website, your browser transmits certain data to our website’s web server. This is technically necessary so that the website can provide the information you are accessing. To allow this, your IP address, the date and time of your request and the type of operating system you are using, among other information, are stored and used for up to 30 days . We reserve the right to store this data for a limited time to protect our legitimate interests, in order to derive personal data in the event of unauthorized access or an attempt to intentionally harm us via this route (Art. 6 (1) f) GDPR). The data will only be stored or forwarded by us for these purposes and for no other purpose – without us informing you in advance or asking for your permission.
Cookies can usually be disabled or removed with tools offered by most commercial browsers. The settings need to be configured separately and individually for each browser you use. Different browsers offer different functions and options for this purpose.
In order to use our website fully and easily, you should accept the cookies that enable the use of certain functions or make their use more convenient. The following overview lists why we use the cookies and for how long they are stored:
||https://scopeidentityfat.b2clogin.com||For the features of the cookies used in Azure AD B2C, see https://docs.microsoft.com/de-de/azure/active-directory-b2c/cookie-definitions||Until the session is closed|
|x-ms-cpim-cache||Until the session is closed|
|x-ms-cpim-trans||Until the session is closed|
|..||Until the session is closed|
For the features of the cookies used in Azure AD B2C, see https://docs.microsoft.com/de-de/azure/active-directory-b2c/cookie-definitions
Until the session is closed
Until the session is closed
Until the session is closed
Until the session is closed
The storage of your data in the above-mentioned cookies is absolutely necessary in order to provide the login portal for our Scope application. This therefore does not require consent according to Art. 6 (1) a) GDPR.
To help you better understand cookies, we will explain the most common types in greater detail below:
1. Session cookies
Session cookies allows users and the changes they make within a website to be recognized. They allow the website to track their movements across individual pages so that information that has already been entered/saved does not need to be entered/saved again. One example of this is shopping carts in online shops. The session cookie saves the selected products in the shopping cart so that it will contain the correct items when you pay at checkout. Session cookies are deleted when you log out, or they lose their validity once the session has automatically expired.
2. Permanent or protocol cookies
A permanent or protocol cookie stores user information and settings on the user’s computer for the period of time specified by the expiration date. This makes access faster and more convenient, as you do not have to re-enter language settings or login data, for example. The cookie is automatically deleted at the end of the storage period.
3. Third-party cookies
Third-party cookies usually have no influence on the use of the site, as they do not originate from the website operator. For example, they serve the purpose of collecting information for advertising, custom content and web statistics, and passing this information on to the respective third-party provider
4. Tracking cookies
Tracking cookies are special text files that make it possible to collect data about the Internet user’s behavior. The purpose is to obtain information about the user’s main interests, such as for launching tailored advertising offers. Tracking cookies are therefore not only set when you log in but also automatically when you visit the website.
Data processing during Scope web sign-in with Microsoft
If an organization has booked a server instance in our Scope transport management system (hereinafter "Service") as a Software-as-a-Service service, you, as an associated user, can use our web sign-in on our website to access the associated database of the Service. Data processing takes place as part of the sign-in process in Microsoft Azure cloud, which we use for order processing according to Art. 28 GDPR in order to offer the web portal to organizations.
The web sign-in only works if you already have an existing Microsoft Office 365 account, which is known to us as the provider of the service. During the login process, the following personal data (if applicable) will be retrieved from your Microsoft Office 365 cloud and stored by us in Microsoft Azure cloud for mapping to the correct server instance:
last name, first name, company, email, phone number
In addition to the previously mentioned data, the Windows primary key for identifying the user in the organization’s MS Office 365 and the user’s IP address are also processed for diagnostic purposes and possible troubleshooting. Various device and browser information in the Azure cloud sign-ins and audit logs is also stored. For the data involved and how long the data is stored in Azure Active Directory, see the following link: https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-logs-and-reporting
Your personal data is processed both in order to fulfill the contract with the organization associated with you as well as on the basis of the legitimate interest according to. Art. 6 (1) f) GDPR. Our legitimate interest here is primarily to ensure appropriate access control to protect organizational data in our transportation management system.
It is always the responsibility of the associated organization to monitor a user’s access. An administrator of the organization can assign different users or user groups to the service and also remove them. Therefore, the storage period of your user information ends when you are no longer assigned to an organization as a user or when you are marked as deleted by an administrator. Data in our web portal is automatically deleted when you have been inactive for more than one year and have no longer logged in. If the organization associated with you is removed, your user data will also automatically be deleted.
Further general information
Who is responsible for data processing? (Art. 13 (1) a), b) GDPR)
Riege Software International GmbH ("Riege") is responsible for data processing on our website. You can find the contact details on the About Us page:
You can reach our Data Protection Officer at the address:
Riege Software International GmbH ("Riege")
An den Datenschutzbeauftragten
Tel.: +49 2159 9148-0
Who receives your personal data? (Art. 13 (1) e), f) GDPR)
We keep your personal data confidential and do not pass it on to third parties unless a) you have given your consent, b) where based on a legal or contractual obligation or transfer thereof is necessary for the implementation of pre-contractual measures or c) for fulfilling a contract. In rare cases, we task processors with the processing of your personal data (e.g., for hosting the web server or online portal). This is done in accordance with Art. 28 GDPR and on the basis of a contract data processing agreement.
How long will data be stored? (Art. 13 (2) a) GDPR)
Legislators have enacted a wide range of retention obligations and periods.
On principle we only store your data as long as it is required by law.
Once these periods end, the corresponding data is routinely deleted if it is no longer required for the fulfillment of a contract. We store data that we process on the basis of your consent until you withdraw consent or for as long as the data is required. We store data that we process on the basis of our legitimate interests for as long as our legitimate interests exist.
Commercial or financial data from a closed fiscal year will be deleted in accordance with legal requirements after another ten years, unless longer retention periods are prescribed or required for justified reasons. Unless data is subject to specific retention periods, it will be deleted when the purposes for which it is processed cease to apply.
For what purposes and on what legal basis do we process your personal data? (Art. 13 (1) c), d) GDPR)
We previously explained the purposes and legal bases for data processing. In addition, the following generally applies: If necessary, we will process your data to protect the legitimate interests of us or of third parties in accordance with Art. 6 (1) f) GDPR, such as for asserting legal claims and for defense in legal disputes or for ensuring IT operations and security.
If we have a legitimate interest or have received written consent from you to process your personal data, we will process your data for external communications and marketing purposes on the basis of Art. 6 (1) a) or f) GDPR. You have the right to withdraw your consent at any time.
For the fulfillment of legal requirements, we may be permitted or required to process your data and disclose it to third parties (according to Art. 6 (1) c) GDPR).
We will not use your data in any way for automated decision-making or profiling.
What are your rights and obligations? (Art. 13 (2) b), c), d), e) GDPR)
Every user has the following rights:
- According to Art. 15 GDPR, you have the right to obtain information. This means that you can request confirmation from us as to whether personal data concerning you is being processed by us.
- According to Art. 16 GDPR, you have the right to rectification. This means that you can ask us to correct any inaccurate personal data concerning you.
- According to Art. 17 GDPR, you have the right to erasure ("right to be forgotten"). This means that you can request use to erase personal data relating to you without delay – unless we cannot erase your data to comply with statutory retention obligations, for example.
- According to Art. 18 GDPR, you have the right to restrict processing. This means that we will basically no longer be allowed to process your personal data – apart from storing it.
- According to Art. 20 GDPR, you have the right to data portability. This means that you have the right to request the personal data concerning you and provided by you be given to you in a structured, common and machine-readable format and to transfer this data to another controller.
- According to Art. 7 (3) GDPR, you have the right to withdraw your consent for future effect at any time.
- According to Art. 77 GDPR, you have a right to lodge a complaint with the competent supervisory authority.
If you wish to exercise your rights, please contact the Data Protection Officer (see above for contact information).
Competent supervisory authority
Landesbeauftragte für Datenschutz
Street address: Kavalleriestr. 2-4, 40213 Düsseldorf
Mailing address: Postfach 200444, 40102 Düsseldorf
Tel.: +49 (0) 211 38424 -0
Email address: firstname.lastname@example.org
Information concerning your right to object according to Art. 21 of the General Data Protection Act (GDPR)
You have the right to object against the processing of the personal data related to you for reasons arising from your specific situation at any time on the basis of Art. 6 (1) f) GDPR (data processing on the basis of balanced interests); this also applies to any profiling in support of these provisions in the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing that override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
Please send your written objection (by email or by mail) to our Data Protection Officer (see above for contact information).