Terms of Use

Terms of Use Wedolo

Updated: 24.10.2023


Welcome to Wedolo! Wedolo Betriebsgesellschaft mbH (hereinafter “Wedolo”) operates an internet-based platform for companies in the logistics and forwarding industry under “wedolo.de” (hereinafter “online platform”). This online platform bundles the offers of the Bundesverband für Güterkraftverkehr Logistik und Entsorgung (BGL) e.V. and the other affiliated regional organisations, of the KRAVAG-SACH Versicherung des Deutschen Kraftverkehrs VaG, of the SVG Bundes-Zentralgenossenschaft Straßenverkehr eG and the various regional organisations of the Straßenverkehrsgenossenschaft (SVG) as well as of the SVG Akademie GmbH (hereafter „partner portals“) and makes them centrally available to interested parties. Furthermore, Wedolo offers its own digital services (incl. the Driver-App), services and information.

The online platform is aimed at freight forwarders, dispatchers, truck drivers and other employees of commercial freight transport (hereinafter referred to as “users”).

1. Validity of the terms of use

1.1 Regulatory area

These terms of use regulate the rights and obligations between Wedolo and the users in connection with the use of the applications and services offered on the websites “wedolo.de” and “my.wedolo.de” as well as in the Wedolo Driver-App (hereinafter “app”). Conflicting terms and conditions of the user shall not apply unless they are acknowledged by Wedolo. A lack of contradiction of third-party terms and conditions does not constitute consent.

1.2 Amendment of these terms of use             

Wedolo is entitled to change these terms of use at any time with effect for the future with a notice period of four weeks, if the change is reasonable for the user taking into account the interests of Wedolo.

If the user does not object to the change within the period set by Wedolo, the change shall be deemed approved. Wedolo shall draw the user’s attention to this circumstance in the notice of change.

2. Use of the platform

2.1 Registrierte Nutzer

On the one hand, the user can obtain regular access to the closed user area “my.wedolo.de” by registering on “wedolo.de”. On the other hand, this access can also take place via the Driver-App with the help of a company invitation.

Wedolo does not offer services for minors. Registered users can only be persons who have reached the age of 18 and have full legal capacity. As a B2B platform, Wedolo exclusively addresses business customers.

If a person does not act in his own name, he assures Wedolo that he has been authorised by the registered user to perform the respective action.

The contents available to the registered user when using Wedolo depend on the respective access rights of the user and can have different functional scopes (see § 3.1 Account and user profile).

The registered user is obliged to truthfully and completely provide the data collected during registration. In addition, it must also ensure that its data is up to date. The registered user must provide a current e-mail address or a mobile phone number, which is also used for communication between the user and Wedolo.

The contact data stored for the master data record (e-mail address, telephone number, etc.) may be processed by Wedolo Betriebsgesellschaft mbH for the purposes of market research, marketing and analysis. The user can be contacted by Wedolo by telephone and electronic mail (e.g. e-mail, messenger, SMS) and informed about current offers, services and activities relating to Wedolo and the Wedolo partner companies (Bundesverband für Güterkraftverkehr Logistik und Entsorgung e.V., der KRAVAG-Sach Versicherung des Deutschen Kraftverkehrs VaG und der SVG Bundes-Zentralgenossenschaft Straßenverkehr eG). The consent given can be revoked by the user in whole or in part at any time with effect for the future.

The registered user may incur costs or fees for the use of services provided by external partners. The use of these external services is not regulated in these Terms of Use, but requires a separate contract between the external service partner and the registered user in accordance with § 4 of these Terms of Use. Thus, Wedolo does not become a contractual partner of this contract and therefore assumes no responsibility for this contract.

2.2 Deletion of the account

The revocation or deletion of an account takes place on “my.wedolo.de”. After deletion, the registered user no longer has access to his account or user profile and can no longer view data, messages, files or other content stored on the online platform. Wedolo is entitled to delete contents of terminated accounts.

3. Platform operation

3.1 Account and user profile

After initial registration, each registered user receives a standardized rights package that includes generally accessible services.

If the registered user enters the data of his company, he will be assigned the rights package for entrepreneurs. This allows access to all Wedolo services. Entrepreneurs also have the option to individually adjust the rights of their employees or to invite their employees to the protected user area.

Each user may create a maximum of only one account or user profile. This profile is user-bound and may not be transferred to a third party without the express consent of Wedolo.

The account or user profile is protected by a valid e-mail address or cell phone number and a password (hereinafter referred to as “login data”), which are specified during registration. The registered user must ensure that his login data is not accessible to third parties. In case of loss of the login data or in case of suspicion that a third party has knowledge of them or uses the user’s account, the user is obliged to inform Wedolo immediately and to change his login data in the closed user area “my.wedolo.de”.

The registered user assures that the data used for the creation of his account or his user profile are accurate and complete. The registered user is obligated to immediately change any changes to his account and profile data in his account or user profile on the online platform.

3.2 Single sign-on authentication service

A central service of Wedolo is a single sign-on to the content and services of the participating partner portals and service partners. Regarding the terms of use for this single sign-on, the notes in Appendix I of this user agreement apply.

3.3 Use of the platform

When using Wedolo, the user or registered user undertakes to observe these terms of use as well as applicable law, in particular criminal law, competition law, trademark law, copyright law, personal rights, data protection law and youth protection law and not to violate any rights of third parties.

All rights to the online platform (in particular copyrights) are held by Wedolo.

The user or the registered user must refrain from any activity that is likely to manipulate, impair and/or excessively burden the operation of the online platform or the technical infrastructure behind it and its functions or access options. This includes in particular blocking, overwriting, modifying, copying data and / or other content, unless this is necessary for the proper use of the online platform.

Wedolo is entitled to block the access of the registered user temporarily or permanently if there is a reasonable suspicion of a violation.

If the registered user becomes aware of a misuse of the access data or if there is even a suspicion of such a misuse, the user shall inform Wedolo immediately. In case of misuse or suspected misuse, Wedolo is entitled to block the access immediately. The registered user is liable for all consequences of third party use, insofar as he is responsible for the misuse of the access data. The registered user is responsible for the misuse, in particular, if he has enabled the unauthorized use of the access data even negligently. The liability ends only when the registered user has informed the Wedolo support by e-mail (support@wedolo.de) about the unauthorized use and, if necessary, has changed the password.

The same applies accordingly if the user has selected the option “Stay logged in” while working on a public computer or a computer used by several users and in this way third parties gain access to the online platform.

Within the scope of the product and service offering on Wedolo by the affiliated companies, all rights of use and exploitation remain (intellectual property, Art. 3 Sec. 1 e) of the Regulation (EU) 2019/1150) to the content uploaded to the Platform by the Connected Company at the Connected Company. Wedolo will not make any deletions, additions or edits to the company’s own data.

3.4 Handling of data of employees of the registered user

For the employee facility, the registered user must obtain the consent of the employees to use their data. He is furthermore responsible for the up-to-dateness of this data. These data include name and surname, e-mail address and cell phone number of the employee.

The users of the platform may not use addresses, contact data, e-mail addresses, etc. obtained through the use of the platform for any purpose other than for the purposeful communication between users.


In particular, it is prohibited to resell the data obtained through the platform, to use it for soliciting employees, selling goods or services, or sending advertisements.

4. Services of external partners

Wedolo enables external cooperation partners to offer their products and services on the Wedolo online platform. Which products and services the external partners offer can be seen on the respective product detail page used by the external partners. A contract for these products and services is concluded between the registered user and the external partner. Wedolo is not a contractual partner of this contract and does not assume any responsibility for it. Wedolo also does not act as a representative of the external partner.

The contracts with the external partners can be concluded by the registered users on the respective product detail page of the external partner under the contract terms and conditions stated there by the external partner. The terms and conditions of the external partners apply.

5. Disclaimers

Wedolo shall be liable without limitation insofar as the cause of damage is based on intent or gross negligence.

Furthermore, Wedolo is liable for negligent violation of essential obligations, the violation of which endangers the achievement of the purpose of the contract or the fulfillment of which enables the proper execution of the contract in the first place and on the compliance with which the contractual partner may regularly rely. In this case, however, Wedolo shall only be liable for the foreseeable damage typical for the contract. Wedolo shall not be liable for the slightly negligent breach of obligations other than those mentioned in the preceding sentences.

The above limitations of liability shall not apply in the event of injury to life, limb or health, for a defect following the assumption of a guarantee for the quality of a product and in the event of fraudulently concealed defects. The liability according to the product liability law remains unaffected.

Insofar as the liability of Wedolo is excluded or limited, this also applies to the liability of legal bodies, representatives, employees and other vicarious agents.

6. Malfunctions and maintenance

The online platform may be temporarily unavailable or only available to a limited extent due to maintenance work or other reasons, without the user incurring any claims against Wedolo as a result. Wedolo reserves the right to use technical protection mechanisms that could delay the publication of offers and content on the online platform for security reasons.

Wedolo may temporarily restrict its services if this is necessary with regard to capacity limits, for the security or integrity of the servers or for the implementation of technical measures, and this serves the proper or improved provision of the services (e.g. during maintenance work). In the case of such measures, Wedolo takes into account the maintenance of the service and informs its users in a reasonable period of time in the case of unavoidable restrictions.

7. Linked websites

Wedolo assumes no liability for the topicality, correctness, legality, completeness or quality of the content of websites to which Wedolo provides links and excludes all liability in this connection.

8. Applicable law

The law of the Federal Republic of Germany shall apply to the exclusion of the UN Convention on Contracts for the International Sale of Goods.

If the customer is a merchant or a legal entity under public law, the place of jurisdiction for all disputes arising from contractual relationships between the registered user and Wedolo Betriebsgesellschaft mbH is Hamburg (Germany).

9. Alternative dispute resolution

Wedolo is not obligated or willing to participate in a dispute resolution procedure before a consumer arbitration board. However, the law on alternative dispute resolution in consumer matters requires that we nevertheless refer you to a consumer arbitration board that is responsible for you:

The European Union provides under https://ec.europa.eu/consumers/odr/ a platform for online dispute resolution.

10. Contract for order processing

In order to be able to offer the services developed in-house, personal data of company employees is required. To ensure that this data is processed in accordance with data protection requirements, a contract processing agreement must be concluded between the company as the client and the operator of the Wedolo platform as the contractor. With the consent of the registered user, the contract becomes the subject matter of the contract between the user and the operator of the platform (see Appendix II).

APPENDIX I: Special Terms of Use for the Wedolo Single Sign-On Authentication Service

In addition to the Wedolo Terms of Use, the Special Terms of Use for the Single Sign-on Authentication Service of the Wedolo Logistics Platform apply.

Wedolo provides registered users (hereinafter referred to as “users”) with a single sign-on authentication service (hereinafter referred to as “SSO”). The “SSO” enables users of Wedolo to access protected content of partner portals without having to re-enter the required login data for each access.

The user authenticates once from Wedolo to the corresponding service of the partner portal and receives an access authorization, which is stored by Wedolo as a cryptic, electronic key (hereinafter referred to as “token”) and via which the user is automatically authenticated and authorized in the background during future logins to the corresponding partner service. Access to the use of restricted content and offers of the participating partner portals from Wedolo requires the prior registration of the user on the respective pages of the partners and the assignment and activation of the required access data by the respective instances of the partner services.

Access to the protected areas of the connected portals of the partners is then granted to the user by login on Wedolo. The login process against the Global Login Service (hereinafter referred to as “GLS”) of Wedolo ensures that the user has access to the content relevant to him via the “token” assigned to him after successful authentication and authorization on the partner portal. The login service of the partner portals is responsible for ensuring correct authentication and authorization at their respective portal.

With the “GLS”, Wedolo offers a central registration service for the “SSO” procedure, via which the user can manage the required access data for all participating portals of the Wedolo partners. After registering with Wedolo and logging in once on the respective partner portals, the “GLS” takes over as a central tool for logging in to the participating partner portals.

1. Scope

(1.1) The following Special Terms of Use apply to the use of the Single Sign-on Authentication Service and all services offered and provided by Wedolo in this relationship. The provider of the “SSO” authentication service is Wedolo, operated by Wedolo Betriebsgesellschaft mbH, Heidenkampsweg 102, 20097 Hamburg, Germany, E-mail: kontakt@wedolo.de.

(1.2) For the contractual relationships of the user with the participating partner portals and their online offers, in which the “SSO” authentication service is or can be used, the service providers’ or partner portals’ own general terms and conditions of business or use apply, if applicable.

2. Services

(2.1) “SSO” means, in the case of Wedolo’s “SSO” authentication service, that after a one-time registration and authentication, each user can register (log in) for all access-restricted services, areas and applications on the portals of Wedolo’s partners using the “SSO” authentication service with uniform access data, without having to go through separate login processes for the respective Internet portals, as would otherwise be the case.

(2.2) The “SSO” authentication service provides the user with a cross-portal “identity” that can be recognized and verified by the participating Internet portals.

(2.3) The “SSO” authentication service enables the user to manage his “SSO” account easily and centrally via the “Manage External Services” module. In this way, the user can add possible further accesses to partner portals to his account or delete them again.

(2.4) The “SSO” authentication service itself is free of charge for the Wedolo user.

3. Identification and registration

(3.1) To use the “SSO” authentication service, the user must register on Wedolo.

(3.2) If the user logs on to an Internet portal of a participating partner portal and visits such a portal for the first time, the access authorization is requested on a login screen of the partner portal.

(3.3) The entry of the login data on the login screen of the partner portal constitutes the user’s declaration of offer to conclude the agreement on the use of the “SSO” authentication service (hereinafter also referred to as “user agreement”). Wedolo accepts this offer by enabling the User to access the protected content of the Partner Portal. The usage agreement is thus concluded in each case.

(3.4) The user has no right to activation and admission to the partner portals.

(3.5) Wedolo is entitled to refuse individual registrations without stating reasons.

4. Use of the access data, access to the portals

(4.1) If the user has registered with Wedolo’s “SSO” authentication service for the use of a partner portal, the user will be granted access to the restricted content and offers of the participating partner portals by simply entering his login data, e-mail address and password, on the login screen on Wedolo.

(4.2) The Global Login Service (hereinafter referred to as “GLS”) of Wedolo has no knowledge of the access data of individual users to the partner portals at any time. Accordingly, no access data can or will be stored in the “GLS”. In case of positive authentication and authorization at a partner portal, the “GLS” only gets back “token”, which is stored by the “GLS” to the user. This “token” is transmitted with all further calls to the partner portals from Wedolo and can be evaluated by the login services of the partner portals.

(4.3) The access data to Wedolo are exclusively intended for personal use by the respective user. The user may not disclose the data, in particular his password, to third parties, including family members or colleagues. The user is obliged to keep the access data, in particular the password, secret at all times and to prevent unauthorized use of the participating portals by third parties. The user must ensure that access data does not become known to third parties unlawfully and must keep this data secret from third parties.

(4.4) The scope of access granted by the access data on the partner portals depends on the terms of use of the respective portal.

(4.5) Wedolo points out that the Internet portals of the partners are each operated by the company named in the provider identification of the portal. Wedolo is not responsible for the contents and offers there.

5. Termination and withdrawal of the access authorization to the partner portals

(5.1) Wedolo reserves the right to revoke the user’s access data in case of violations of these terms of use, in particular due to

  •     • false information during or after registration and/or
  •     • unauthorized disclosure or disclosure of the access data, in particular the password, temporarily or permanently block and/or permanently withdraw the user’s access with immediate effect or with a period of time at our discretion and/or terminate the user agreement extraordinarily and without notice. After such an event, the user may not register again without our prior express consent from Wedolo.

(5.2) Furthermore, the access authorization to partner portals expires automatically as soon as the user no longer belongs to the group of persons registered on the partner portal. In this case, the “token” is not positively identified and the user is rejected by the login service of the partner portal.

6. Termination of the user agreement

The Special User Agreement for “SSO” is part of the General User Agreement. It ends with the end of the user’s registration for the single sign-on authentication service.

7. Data privacy

The protection and security of our users’ personal data is very important to us. All information on this can be found in the Wedolo privacy policy.

8. Changes to the Special Terms of Use for the Single Sign-On Authentication Service

Wedolo ist berechtigt, diese Nutzungsbedingungen jederzeit mit Wirkung für die Zukunft aus folgenden Gründen zu ändern:

    – for legal and regulatory reasons,

    – for security reasons,

    – to further develop existing services and/or introduce new services as well as

    – to make technical adjustments and ensure the functionality of the Services.

APPENDIX II: Contract for order processing

                                                                                    Contract for order processing


Ordering party:

The clients of this contract are the respective companies that use the Wedolo platform



Wedolo Betriebsgesellschaft mbH
Heidenkampsweg 102
20097 Hamburg

1. Subject, type and purpose of the assignment

The Contractor shall act as a processor pursuant to Art. 28 of the General Data Protection Regulation (“GDPR”) in connection with the following services:

    • Service: Vehicle Inspection incl. Reports
    • Service: Emergency Support
    • Service: Employees

Further information on these services can be found in the user agreement and the data protection declaration for the Wedolo platform.

2. Duration of the assignment

The term of this Agreement corresponds to the term of the User Agreement with respect to the above Services.

3. Type of personal data

The following categories of personal data shall be processed by the Contractor within the scope of this Agreement.

    • Service: Vehicle Inspection incl. Reports
        Surname, Name, GPS – Locating
    • Service: Emergency Support
         GPS – Locating
    • Service: Employees
        Surname, Name, Mobile number, Mail address

4. Categories of affected persons

The personal data of the following data subjects are processed:

    • personal data of the employees created by the client

5. Processing of personal data on the instructions of the client

The Contractor shall process personal data exclusively within the scope of the Client’s instructions. The provisions of this contract annex and the other underlying contracts shall constitute the final instructions of the Customer. The Contractor shall inform the Customer immediately if it is of the opinion that an instruction violates the GDPR or other data protection provisions.

6. Third country transfer

If data transfer to third countries is necessary for the fulfillment of the purpose of the order, the Contractor shall comply with the special requirements of Article 44 et seq. GDPR. In particular, the Contractor shall only use subcontractors with data processing in third countries if an adequacy decision of the EU Commission exists for the third country, the respective appropriate EU standard contractual clauses have been agreed with the subcontractors or approved binding internal data protection regulations (so-called Binding Corporate Rules) exist for them.

7. Confidentiality

The Contractor shall impose confidentiality obligations on the persons authorized to process the personal data.

8. Safety of processing

The Contractor shall implement sufficient technical and organizational measures.

The measures taken are described in the annex “Description of technical and organizational measures”. The Contractor shall always further develop and adapt the technical and organizational measures based on the state of the art, the implementation costs and the type, scope, circumstances and purposes of the Processing as well as the varying probability and severity of the risk to the rights and freedoms of the Data Subjects. In doing so, the standard of protection of the technical and organizational measures described in the contract must not be undercut.

Upon request, the Contractor shall provide the Customer with all necessary information to prove the contractual obligations, in particular with regard to compliance with the technical and organizational measures (e.g. by means of a written confirmation of compliance by the Contractor’s company data protection officer).

The Contractor shall be entitled to check compliance with the contractual obligations by means of inspections, either itself or through inspectors commissioned by it. The Contractor shall only make use of this right if information and documentation provided by the Contractor are not sufficient to form a conviction in the individual case.

9. Subcontractor

The Contractor is generally entitled to engage subcontractors for the provision of the contractually agreed services.

The client agrees with the assignment of the following subcontractors:

Subcontractor Location of Subcontractor Type of Assignment
Microsoft Deutschland GmbH
(Azure Cloud Services)
München Order processing
P&M Agentur Software+Consulting GmbH Hamburg Order processing
SendGrid / Twilio Inc. Redwood City, California (USA) Order processing

The Contractor shall inform the Customer in the event of an adjustment of the Terms of Use of any intended change with regard to the involvement or replacement of other Processors acting as subcontractors. The Customer may object to such changes if there are justified reasons. In the event of an objection by the Customer, the Contractor shall have the choice of continuing to perform the contractual service without the intended engagement of the subcontractor or of terminating the contract extraordinarily with immediate effect.

The Contractor shall contractually ensure that the regulations agreed with its subcontractors guarantee a level of data protection comparable to this Agreement. This applies in particular with regard to the technical and organizational measures implemented at the subcontractor.

10. Support services of the contractor

The Contractor shall support the Client if data subjects submit requests to exercise the rights set forth in Chapter III of the GDPR in connection with the contractual performance. The response to the requests regarding the data subjects shall in principle be made by the Client.

The Contractor shall support the Client in complying with the obligations regulated in Art. 32 – 36 GDPR.

In particular, the Contractor shall notify the Client without undue delay of such breaches of the protection of personal data of data subjects where notification obligations pursuant to Art. 33, 34 GDPR cannot be excluded.

11. Return or deletion of personal data

Upon completion of the provision of the Processing Services, the Contractor shall delete or return all Personal Data at the discretion of the Customer, unless there is a legal obligation to store the Personal Data.

Description of technical and organizational measures

The technical and organizational measures required under Art. 32 GDPR are implemented as described below:

I. Organizational measures

1. Wedolo has implemented a comprehensive data security concept for the processing of its own data and within the scope of commissioned data processing, which contains all necessary precautions in terms of construction, personnel, organization and technology in order to guarantee the security of the data to be processed and the data stock as well as the undisturbed operational process.

2. A data protection officer (DPO) has been appointed to advise the management and ensure compliance with the statutory and more extensive company data protection regulations. His responsibilities include monitoring the proper development of application programs and the use of IT systems and programs, maintaining the procedure directory, carrying out prior checks in the case of particularly high-risk automated processing, and familiarizing employees with the requirements of data protection by means of suitable measures (in part through information, electronic and personal training events), as well as advising the management or employees on data protection issues. In the performance of his or her duties, the DPO has unrestricted control rights.

3. All employees are bound to data secrecy and, insofar as they are involved in electronic communication for third parties, to telecommunications secrecy.

II. Safety of processing

1. Confidentiality (Art. 32 (1) (b) GDPR)

• Entry control

Measures that prevent unauthorized persons from accessing data processing systems with which personal data are processed:

1. The operating areas are divided into several areas with differentiated access authorizations.

2. Access to data centers and other sensitive areas is only permitted to authorized persons.

3. As far as possible, access is controlled via electronic access control systems, e.g. card readers, transponders, hybrid systems (key with transponder). Access to the data centers is logged via the electronic access control system.

4. Access to the production area of the data center is reserved for system engineering and system programming staff. The granting of further authorizations for access takes place only after written application and approval.

5. Video cameras monitor the accesses of the data center areas.

• Access control
Measures that prevent data processing systems from being used by unauthorized persons:

1. User access

Suitable technical measures ensure that systems and applications can only be accessed after successful authentication. Authentication to IT resources and the handling of authentication data are subject to binding regulations. The minimum standard is an individual ID and a password known only to the user. User passwords stored on IT systems are cryptographically protected against unauthorized access.

After 5 unsuccessful login attempts, access is automatically blocked. The reset is carried out by bindingly regulated processes that ensure the verification of the user.

A binding policy regulates the handling of user IDs and passwords for all users and IT systems.

2. Network access

All network accesses from and to external networks (such as the Internet, business partners, contractors, customers) are secured by firewalls. The transmission of sensitive data via foreign networks is protected by suitable encryption.

Communication with mobile workstations is secured by additional measures based on cryptographic procedures.

3. Systems Controls

The cleaning of security-relevant errors in software (vulnerabilities) is carried out regularly according to agreed criteria.

Malware protection (e.g. anti-virus, anti-spyware) is established on all systems that are vulnerable to it. Multi-level malware protection is used for data exchange with the Internet (e.g. e-mail, web). All malware protection solutions are kept up to date on a regular basis.

Conspicuous system and network events are automatically recorded and regularly evaluated. Anomalies are analyzed and necessary measures are initiated.

Access is automatically blocked if the user is inactive for more than 15 minutes. Workstation systems are used without administrative authorizations by default. Systems are only administered via encrypted connections or protocols.

All data is stored encrypted on workstations.

• Usage control

Measures to ensure that those authorized to use a data processing system can only access the data subject to their access authorization and that personal data are not read, copied, modified or removed without authorization during processing:

  1. 1. IT systems and applications can only be accessed by authorized users. Within the applications, access restrictions can be defined on a role-specific basis. Each user has access only to the data he or she needs to perform his or her tasks.

  1. 2. The authorization roles are managed in the access protection systems of the applications or centrally by the authorization management. Authorization roles are assigned by application and after approval, with at least the 4-eyes principle or further approval levels depending on criticality.

  1. 3. Access to systems for processing data is granted via authorization profiles and authorization groups. The group of system programmers and administrators responsible for this is managed via a separate authorization procedure. In addition, downstream controls are carried out (verification of the control inherent in the system, access protection and the assignment of rights).

  1. 4. The network is protected against unauthorized access from the Internet by a multi-level firewall system. Access to services on the Internet is also controlled by the firewall system and is secured by additional authentication mechanisms. The data transmission of personal data is encrypted.

• Separation control

Measures to ensure that data collected for different purposes are processed separately:

1. The principle of functional separation exists in all important areas; this means that all departments concerned with data processing are functionally and organizationally separated.

2. The authorization concept as well as the existing user profiles ensure a logical separation of the data, which are collected for different purposes and are to be processed separately according to these purposes.

3. There is a fundamental separation between test and production operation.

• Pseudonymization (Art. 32 (1) (a) GDPR)

  • The processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to appropriate technical and organizational measures.

If pseudonymization is possible according to the purpose of the order, the data of the data subjects will be pseudonymized in whole or in part.

2. Integrity (Art. 32 (1) (b) GDPR)

• Transfer control

Measures to ensure that personal data cannot be read, copied, altered or removed by unauthorized persons during electronic transmission or while being transported or stored on data media, and that it is possible to verify and establish to which entities personal data are intended to be transmitted by data transmission equipment:

1. The transport of data carriers is generally avoided. Should transport be necessary in exceptional cases, it is ensured that data cannot be read, copied, changed or removed without authorization during the transport of data carriers. Data carriers are shipped in sealed containers and/or encrypted form in accordance with the state of the art. The labels on the data carriers do not allow any conclusions to be drawn about the data they contain.

2. Lines, connections and distributors for remote data transmission in the operating facilities are located in safety areas that are not freely accessible.

3. Automated as well as manual remote data transfers of personal data take place in a protected way, e.g. by encrypted file transfer, encrypted communication channels (line encryption), by encrypted e-mail or by means of encrypted e-mail attachments.

4. Confidential or personal data on paper as well as waste with contents worthy of protection are destroyed via special security containers by external disposal companies in compliance with a high security level. If the disposal of confidential or personal data on paper is not possible via security containers, these are shredded with shredders of at least protection class 3 according to DIN 66399.

5. Data carriers for data backup (magnetic tapes, tape cassettes) are stored in a special security area.

• Input control

1. It is logged whether and when a user has logged on to an IT application.

2. Entries in the IT application are logged by the system, including the time of entry and the user ID of the entry.

3. It is ensured that users and processes can only access data by means of the tested and released program version.

3. Availability and resilience (Art. 32 (1) (b) and (c) GDPR)

• Availability control and rapid recoverability

Measures to ensure that personal data is protected against destruction or loss:

1. Extensive fire protection, loss prevention and disaster prevention measures have been implemented for the data centers. These include securing all areas in the data centers and their surroundings with fire alarm and stationary fire extinguishing systems, data backup measures and the outsourcing of data backup inventories.

2. A complete backup and recovery concept is installed with daily backup and disaster-proof storage of the data media in the sense of business continuity management.

4. Procedures for regular review, assessment and evaluation (Art. 32(1) (d) GDPR)

• Data protection management

1. The data protection officer is integrated into the relevant operational processes by the data protection organization.

2. Regular audits are carried out by the internal audit department.

• Order control

Measures to ensure that personal data processed on behalf of the client are only processed in accordance with the client’s instructions:

It is ensured in the IT application that the data stored for processing is only processed within the scope of the instructions of the respective client in accordance with the statutory regulations and, in particular, is not passed on to unauthorized third parties.

APPENDIX III: Special terms of use for the PartnerCheck service

In addition to the Wedolo Terms of Use, the Special Terms of Use for the PartnerCheck service apply.

1. Scope

Wedolo provides registered users (“clients”) with verified company data (such as contact data, VAT ID, bank details) for a fee via the PartnerCheck service. The verified company data is intended to facilitate the targeted selection of suitable business partners (“contractors”).

2. Contractor registration and verification

(2.1) The use of the PartnerCheck service is restricted to companies as defined by § 14 (1) BGB (German Civil Code).

(2.2) When using the PartnerCheck service, registered users (“contractors”) are obliged to provide truthful and complete information on the data collected, to provide current certificates (proof of insurance, proof of licence to carry out commercial road haulage, general terms and conditions of the companies used) and to make declarations (agreement to comply with § 7 GüKG (road haulage law), declaration by the contractor to comply with the Minimum Wage Act).

(2.3) Contractors are obliged to inform Wedolo immediately of any changes if one or more details and/or certificates are no longer current. This applies regardless of the reason for discontinuation – e.g. lapse of time, revocation, withdrawal or other. Wedolo has the right to request further proof or certificates at any time.

3. Provision of the service and retrieval by the client

(3.1) Wedolo provides the PartnerCheck service to contractors free of charge, for clients the retrieval of the verified company data is subject to a charge.

(3.2) Excluded from the provision of the PartnerCheck service are times when the servers used by Wedolo are not accessible due to technical reasons or other reasons beyond Wedolo’s control or when Wedolo carries out necessary maintenance work on the servers for the provision of the online platform, during which disruptions or interruptions of access may be unavoidable according to the state of the art. Wedolo shall reasonably take into account the justified interests of the contractors and clients.

(3.3) Wedolo is entitled to further develop and optimise the PartnerCheck service. This may lead to changes in the PartnerCheck service.

(3.4) User data is stored for the use of the PartnerCheck service. The storage and filing of the necessary data takes place in the European Union (EU).

4. Scope of permitted use

(4.1) Clients are not entitled to provide third parties with access to the PartnerCheck service and/or the direct or indirect possibility of use or to pass on the company data verified via the PartnerCheck service to third parties.

(4.2) Clients and contractors are prohibited from taking actions which could impair the function of the PartnerCheck service and which conflict with its intended use.

(4.3) The client and contractor shall be liable to Wedolo for any damage resulting from an unauthorised or illegal use of the PartnerCheck service, unless he is not responsible for the improper use.

5. Remuneration

(5.1) The clients undertake to pay the agreed fee for the retrieval of the verified company data depending on the selected subscription (one-time retrieval: 2.99 euros; monthly subscription: 9.99 euros).

(5.2) Wedolo shall send invoices to the clients for the agreed remuneration. The invoices are also available to the clients in the closed user area “my.wedolo.de”.

(5.3) If the clients are in arrears with payments, Wedolo has the right to refuse the fulfilment of due services towards the clients and to block access to the account.

6. Liability

(6.1) Wedolo shall not be liable for damages resulting from the culpable breach of obligations on the part of the contractors that require the proper implementation of the user agreement.

(6.2) Furthermore, Wedolo shall not be liable for damages that contractors and clients inflict on each other when using the PartnerCheck service, whether through loss or transmission errors of data or in any other way. Furthermore, Wedolo shall not be liable for malware or program codes (viruses, Trojans, worms, etc.) which are transferred to the platform by the contractor and/or client.

(6.3) Contractor and/or customer shall be directly liable to Wedolo for this in the event of the transfer of harmful software and shall indemnify Wedolo against any claims of third parties arising from this.

(6.4) Liability on the part of Wedolo is excluded. This does not apply to damages that

    • were caused intentionally or through gross negligence by Wedolo or its vicarious agents.
    • fulfil the statutory liability for injury to life, body or health by Wedolo or its vicarious agents.
    • result from the assumption of guarantees or other strict liability as well as in the case of claims under the Product Liability Act.
    • from the culpable breach of obligations that make the proper implementation of the Special Agreement on Use possible in the first place (so-called cardinal obligations).

7. Termination and transfer of the service

(7.1) The Special Terms of Use for the PartnerCheck service run as part of the Wedolo Terms of Use for an indefinite period after registration. The right to extraordinary termination for good cause remains unaffected.

(7.2) Wedolo shall be entitled to transfer its rights and obligations arising from the use of the Service and the services offered therein in whole or in part to a third party with a notice period of four weeks.

(7.3) Wedolo ist berechtigt, den Service sowie die bereitgestellten Dienstleistungen mit einer Frist von einem Monat zum Monatsende einzustellen. Wedolo wird die Auftragnehmer und Auftraggeber über die Einstellung per E-Mail hierüber unterrichten.

(7.4) Wedolo is entitled to exclude contractors or clients from the use of the service as well as the services contained therein with immediate effect for good cause, i.e. to block them, in particular insofar as they

    • provides or has provided incorrect information on the existence of permits, certificates or other criteria relevant for the                performance of the specific contract.
    • provides or has provided third parties with an unauthorised opportunity to use the Application in breach of clause 4 (1) of            this Agreement.
    • has committed a serious breach of the law or a serious breach of the provisions in Clause 8.
    • has breached the confidentiality agreement in clause 8 (1).

8. Compliance

(8.1) All information which Wedolo or contractors disclose to clients in writing, electronically, orally, digitally embodied or in any other form, or of which clients become aware in any other way, shall be treated confidentially by the clients. “Information” is in particular trade secrets, know-how, business relationships, operational procedures, business strategies, personnel matters, digitally embodied information (data), prices or costs.
Clients may only use information and pass it on to employees to the extent necessary to fulfil the obligations arising from this usage agreement or from contracts concluded via this application. Information may only be disclosed to third parties with the prior written consent of the Principal. Contractors shall ensure that all persons to whom information is disclosed have been bound to confidentiality in advance in accordance with this agreement. The obligations referred to in this clause shall continue after termination of the agreement.

(8.2) Contractors undertake to comply with the applicable laws and other binding legal provisions. This applies in particular to regulations on employee protection. The contractor shall therefore comply with the respective applicable minimum wage regulations. If the contractor uses other contractors, so-called subcontractors, he shall ensure compliance with the minimum wage regulations. The contractor must report violations of minimum wage regulations or the assertion or assertion of claims arising from violations without delay. The contractor undertakes to indemnify Wedolo or the clients for all claims resulting from the violation.

(8.3) Contractors shall report violations of the obligations and specifications assumed in Clause 8 (2) to Wedolo immediately after becoming aware of them.

9. Data protection

Information on data protection can be found in the privacy policy of the online platform.

10. Final clauses

(10.1) The use of the PartnerCheck service is subject to German law. The application of the UN Convention on Contracts for the International Sale of Goods is excluded. Hamburg is agreed as the place of jurisdiction for any legal disputes, unless a further or different place of jurisdiction is legally obligatory.

(10.2) Should individual provisions of these Special Terms of Use be or become invalid in whole or in part, the validity of the remaining provisions shall not be affected. In place of the invalid provision, consideration shall be given to agreeing a valid provision which comes as close as possible to the economic effect intended by the parties.