LogoSIS – Privacy Policy

Privacy Policy for the software “LogoSIS”
provided by ITF Ingenieurbüro Thomas Friedmann

1. Data Controller
All data processed within LogoSIS is controlled solely by the customer.
The provider does not process any personal data on its own behalf and is not a data processor under GDPR or UK-GDPR.

2. Purpose of Data Processing
LogoSIS processes data as part of the customer’s logistics, transport and operational workflows, including but not limited to:

  • master data management

  • order, freight and transport handling

  • internal operational workflows

  • legally required notifications and documents

  • optionally: electronic Safety & Security ENS submissions to HMRC
    The customer defines the concrete purposes of use.

3. Categories of Data Processed
Depending on use, LogoSIS may process:

  • customer, partner and supplier information

  • freight, goods and transport data

  • EORI numbers and regulatory identifiers

  • legally required data for customs or safety filings

4. No Transfer of Data to the Provider
ITF Ingenieurbüro Thomas Friedmann does not receive or access data processed by LogoSIS.
A temporary access is possible only if explicitly granted by the customer (e.g. for support).

5. Recipients of the Data
Recipients may include:

  • internal departments of the customer

  • the customer’s business partners

  • authorities where legally required (e.g. HMRC)
    No data is forwarded by the provider.

6. Legal Basis
Processing is carried out under the customer’s responsibility in accordance with:

  • Art. 6(1)(b) GDPR (performance of a contract)

  • Art. 6(1)(c) GDPR (legal obligations)

  • Art. 6(1)(f) GDPR (legitimate interests of the customer)

7. Storage and Deletion
All data is stored exclusively on the customer’s infrastructure.
The provider does not store or retain any personal data.
Deletion rules are defined by the customer.

8. Security of Processing
The customer is fully responsible for technical and organisational measures to protect the data.

9. Data Subject Rights
Requests for access, correction, deletion, objection or any other GDPR rights must be directed to the customer.
The provider cannot fulfil such requests as it has no access to the data.

10. Changes to this Policy
The provider may update this Privacy Policy. The current version will be made available to the customer.