Privacy Policy

We treat your personal data that you provide to us when using our offers and services on gokarla.io ("Karla Website") and in the mobile app ("Karla Mobile App" hereinafter jointly referred to as "Karla") confidentially and in accordance with the legal data protection regulations and this privacy policy. In the following, we would like to inform you about which personal data we collect when using Karla, for what purposes we use it, with whom we share your personal data and what rights you have.

1. Controller

Karla is provided by GoKarla GmbH, Gormanstraße 19a, 10119 Berlin, Germany ("we"), which is the controller in terms of data protection law for the processing of your personal data when using Karla.

2. Contact

If you have any questions about this privacy policy or the processing of your personal data, you can contact us at [email protected].

3. Collection of personal data, purposes of processing and legal bases

We offer various tools or services with Karla (e.g. support services, user account, shipment tracking, newsletter, push notifications, return services, in-app purchases, marketing of products). When using them, we ask you for personal data such as name or email address and, if necessary, for further personal information. Accordingly, required information is always marked as mandatory fields. Without this information, we may not be able to provide you with the desired service or respond to your requests. In the following, we will give you an overview of the associated processing operations and legal bases.

4. Cookies

When operating Karla, we use cookies and similar technologies. The use of cookies helps us make Karla user-friendly and continuously optimize it. In addition, we analyze how you use Karla to improve our services so that they better meet your interests.

For example, session cookies show us when you visited individual pages of our website. Session cookies are automatically deleted when you leave our website. We also use temporary cookies that are stored on your computer or device for a limited period of time. These cookies show us which data you entered during a previous visit to our website and which settings you chose so that you do not have to enter or choose them again. Furthermore, we use tracking cookies to statistically record the use of our website and optimize our website.

By using cookies, we can process your personal data, such as your IP address and information about how you interact with Karla. The processing of your data in connection with the use of cookies for the above-mentioned purposes is based on our legitimate interest in fulfilling the purposes mentioned above and below, in particular optimizing Karla and providing content on Karla, and/or, where required by law, on your consent.

On your first visit to the Karla website or as part of the login process of the Karla web version of the app, you will be prompted to explicitly accept the use of cookies through an "Accept" button that is activated in the cookie notification. Please note that you can block or disable cookies by configuring your browser to block the installation of some or all cookies. Almost all browsers allow you to be notified of the presence of cookies or to automatically block them. If you block cookies, you can still use Karla, although some services may be restricted and your experience with Karla may be less satisfactory.

5. Rights of Data Subjects

Depending on the circumstances of the specific case, you have the following rights with regard to your data:

• Right to information and access to your relevant personal data;
• Right to correction or deletion or restriction of processing of your personal data;
• Right to refuse and withdraw consent;
• Right not to be subject to a decision based solely on automated processing;
• Right to data portability;
• Right to file a complaint with the competent supervisory authority;
• Right to object to the processing of your personal data, especially if the data processing is based on our legitimate interests.

You can (i) exercise the above-mentioned rights, (ii) ask questions, or (iii) object to the processing of data by contacting us as indicated in Section 3 above.

6. Disclosure of personal data to third parties

Except as mentioned in this privacy policy, your personal data will not be disclosed to third parties. Personal data may be disclosed to third parties acting on our behalf in order to further process the personal data in accordance with your original purpose, such as for the provision of services offered, for the evaluation of user behavior on Karla, or for technical support. These third parties are contractually obligated by us, by means of legally prescribed agreements, to use personal data only for the agreed purpose and not to disclose your personal data to other parties without permission, unless required by law. If other categories of recipients of personal data arise in the context of future data collection, we will inform you of this at the time of collection of this information for this purpose.

Your personal data will be disclosed to the following third parties for the above-mentioned purposes:

• Webflow Inc., 398 11th St., Floor 2, San Francisco, CA 94103 for Hosting Karla Website;
• Heroku, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA for Hosting Feedback Backend/Container Hosting;
• DigitalOcean LLC, 101 Avenue of the Americas 10th Floor New York, NY 10013 United States for Hosting Backend of the Karla App;
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (user tracking and analytics) provider of tools like Google Analytics, Google Cloud and Firebase, Big Query;
• Parcel Perform Pte Ltd., 138 Cecil Street, Singapore 069538 for parcel Tracking/ matching of shipment data;
• Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, California 94104 USA for Webhosting of the Karla App frontends;
• HubSpot, Inc. 25 First Street, 2nd Floor Cambridge, MA 02141 USA for sales and marketing;
• Twilio Inc. 101 Spear Street, Ste 500 San Francisco, CA 94105 for E-Mail notification to users of Karla;
• Shopify Inc., 151 O'Connor Street, Ground floor, Ottawa, ON, K2P 2L8 Canada for the hosting and provision of the Karla Online Shop;
• Deutsche Post AG, Headquarters, Platz der Deutschen Post 53113 Bonn, Germany, for parcel shipments of online orders and matching of tracking and parcel data;
• DPD group Headquarters: 11-13 rue René Villerme, 59800 Lille, France, for parcel shipments of online orders and matching of tracking and parcel data;
• UPS Corporate Headquarters: 55 Glenlake Parkway, NE, Atlanta, GA 30328, USA for parcel shipments of online orders and matching of tracking and parcel data;
• Hermes Corporate Headquarters: Essener Strasse 89, 22419 Hamburg, Germany, for parcel shipments of online orders and matching of tracking and parcel data;
• Logtail (https://betterstack.com/logtail) logging service calls and operations between our services for debugging purposes. Data retained for 7 days;
• Mailchimp (https://mailchimp.com/) / Intuit Inc. 2700 Coast Avenue Mountain View, CA 94043, USA, sending out campaigns, newsletters and general communications to subscribed users;
• Automizely Pte. Ltd. 120 Robinson Road #13-01, Singapur, for parcel Tracking/ matching of shipment data;
• AfterShip, Inc. 2711 Centerville Road Wilmington, Delaware 19808, County of New Castle, United States for parcel Tracking/ matching of shipment data;
• TYPEFORM US LLC, Spaces 95, 3rd St. 2nd Floor - San Francisco, CA 94103 United States for customer surveys;
• Notion Labs, Inc. 2300 Harrison St, San Francisco, CA 94110, for product and process documentation;
• Figma, Inc. 760 Market Street Floor 10 San Francisco, California 94102 United States for design files, product designs/ customer feedback;
• Lempire SAS a company incorporated under the laws of France with its registered office 128 rue la Boétie, 75008, Paris, for automated outreach;
• Make/ Celonis Inc. Headquarters One World Trade Center, Floor 87, 10007, New York, US-NY for process automation.

The transmission of your personal data is based either on your consent, the fulfillment of our contract with you and/or our legitimate interest, as described in the respective section of the processing in more detail.

7. Social Media Pages

We maintain social media pages on the social media platforms Facebook (https://www.facebook.com/gokarla.io) and Instagram (instagram.com/gokarla_delivery) as well as LinkedIn (linkedin.com/company/gokarla) and TikTok. (collectively referred to as "Fanpages"). In doing so, we process your personal data. Through our Fanpages on social networks, you can communicate with us and receive information about Karla. If you use the contact options via the Fanpages, we process the data you provide to us in order to process your request, the reason for your contact, and to answer your questions. The Fanpages provide our company with statistical data that informs us about user activities on our Fanpages.

The social media pages on Facebook and Instagram are provided by Meta Platforms Ireland Limited ("Meta"), 4 Grand Canal Square, Dublin 2, Ireland, and are subject to Meta's data protection regulations (see https://privacycenter.instagram.com/policy/ and https://www.facebook.com/about/privacy/update). Information on data collection by Meta as well as a one-sided consent granted by Meta within the meaning of Art. 26 GDPR can be found at: https://www.facebook.com/legal/terms/page_controller_addendum.

LinkedIn is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Information on data protection regulations can be found at: https://www.linkedin.com/legal/privacy-policy.

TikTok is offered by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380. Information on data protection regulations can be found at: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.

The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interests are to communicate with you and to introduce Karla and its services to you.

8. Transfer of personal data to third countries

In the course of using the third-party providers listed above, it is possible that your personal data may be transmitted to other countries outside the EU or the EEA where different data protection standards may apply.

Please note that data processed in other countries may be subject to foreign laws and may be accessible to the respective governments, courts, law enforcement and supervisory authorities upon request. However, when transferring your personal data to third countries, we will take appropriate measures to secure your data adequately.

The transmission of personal data to a third country is generally protected by the conclusion of so-called EU standard contractual clauses (for more information, see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en). Corresponding evidence or further details on this can be obtained by contacting us as described in section 3.

9. Storage period

We only store your personal data for as long as it is necessary to fulfill the purpose for which the data was originally collected, or if the data storage is required or justified by law.

10. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy in accordance with updates to Karla. Please review this Privacy Policy regularly to stay informed of any changes. This Privacy Policy was last updated in November 2022.

Google API Services User Data Policy

GoKarla uses data obtained from the Google API in compliance with the Google API Services User Data Policy.