Privacy Policy
How we handle your personal data on this website and in our customer portal, and your rights under the GDPR.
Last updated: 12 July 2026.
1. Controller
The controller responsible for data processing on this website is:
Skynet Worldwide Express Germany GmbH
Behringstr. 10, 82152 Planegg, Germany
Managing Directors: Bastian Weber, Stefan Weber
Phone: +49 (0)89 7455750 · Email: info@skynetworldwide.de
2. Data Protection Officer
We are not legally required to appoint a Data Protection Officer and have not appointed one. If you have any questions about how we process your personal data, please contact us using the details in section 1.
3. Hosting, infrastructure & server log files
When you visit this website, our hosting provider automatically records technical data in server log files: your IP address, browser type and version, operating system, the page requested, the referring page, and the date and time of access. This is necessary to operate, deliver and secure the website and is processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR). Log data is stored only as long as needed for these purposes.
This website is hosted for us by Vercel Inc., 340 S Lemon Avenue #4133, Walnut, CA 91789, USA, which acts as our processor. Static content is delivered from Vercel's global edge network (visitors in Europe are served from European edge locations), and the website's dynamic functions and our database run in the Frankfurt (Germany) region, within the EU. Because Vercel is a US company, limited data (in particular the server log data described above, and administrative or support access) may be transferred to or accessed from the USA; such transfers are safeguarded by the EU Standard Contractual Clauses concluded with Vercel.
To keep the website reliable, we use an error-monitoring service, Sentry, operated by Functional Software, Inc. (USA), acting as our processor. When a technical fault occurs, limited diagnostic data about the error — such as the error itself, the page or request concerned and the browser and device type — is transmitted to Sentry so that we can detect and fix it. We have configured the service to minimise personal data and not to attach identifiers such as your IP address by default. This is based on our legitimate interest in a secure, reliable website (Art. 6(1)(f) GDPR); any transfer to the USA is safeguarded by the EU Standard Contractual Clauses.
4. Fonts
Fonts on this site are self-hosted and served from our own hosting. No data is transmitted to Google or other third parties in order to display fonts.
5. Customer portal & account data
We operate a customer portal in which registered business customers can manage their account, book shipments and store shipping information. Accounts are created by us — there is no public sign-up. When you use the portal, we process:
- your account details (name, company, email address and role);
- your password, which is never stored in readable form — it is kept only as a salted Argon2id hash;
- billing details you choose to enter (VAT/tax ID, invoicing contact and billing address);
- saved address-book entries and the details of shipments you create (sender and recipient name, company, address, contact details and, where applicable, tax ID, plus package and service information); and
- where a shipping API key is stored for your account, it is held encrypted at rest (AES-256) and is only ever used server-side.
This data is processed to provide the portal and perform our contract with you (Art. 6(1)(b) GDPR) and to keep the service secure (Art. 6(1)(f) GDPR). It is stored in a managed PostgreSQL database provided by Neon on servers located in Frankfurt, Germany (EU). Neon acts as our processor; as the provider is a US company, support access from outside the EU is safeguarded by EU Standard Contractual Clauses. Account and shipment records are retained for the duration of the business relationship and thereafter for as long as statutory commercial and tax retention periods require (generally up to ten years under German law), after which they are deleted.
The portal also sends transactional emails — such as password-reset and email-verification links — through our email delivery provider, Resend (USA), acting as our processor under EU Standard Contractual Clauses. These emails are sent only in response to an action you take and contain no marketing.
To help you complete address forms in the portal, when you enter a postcode we send that postcode and its country code — with no name, street or other identifier — to a postal-reference service to suggest the matching town: Zippopotam.us and, where enabled, GeoNames (both operated in the USA). This is used solely to look up public postal reference data.
We retain account and address-book data for as long as your account is active. Shipment and invoicing records are kept for the retention periods required by German commercial and tax law (generally up to ten years) and are deleted thereafter. You can request erasure at any time; where a legal retention obligation applies, the data is restricted from further processing until the period expires and then deleted.
The portal login is protected against automated attacks by Cloudflare Turnstile, a bot-detection service provided by Cloudflare, Inc. (USA), acting as our processor. When you sign in, Turnstile processes technical information about your interaction with the login page — including your IP address and browser signals — to tell human users apart from bots. It is designed to be privacy-preserving and is not used for advertising or cross-site tracking. This is based on our legitimate interest in protecting accounts and the login form against abuse (Art. 6(1)(f) GDPR); any transfer to the USA is safeguarded by the EU Standard Contractual Clauses.
6. Shipment tracking
If you enter a tracking number, it is transmitted to our shipping platform provider, PostShipping, in order to retrieve and display the status of your shipment. The data processed is the tracking number you enter and the shipment status and event information returned. PostShipping acts as our processor for this purpose. This processing is carried out to perform our services and on the basis of Art. 6(1)(b) and (f) GDPR, and the data is not used for any other purpose.
7. Contacting us
If you contact us — by email, by telephone, or by sending us an enquiry via the website — we process the details you provide (such as your name, email address, phone number, shipment details and your message) in order to handle your enquiry. The legal basis is Art. 6(1)(b) GDPR (pre-contractual and contractual measures) and, where applicable, our legitimate interest in responding to enquiries (Art. 6(1)(f) GDPR). Enquiries are received and handled by our team by email and are kept until your enquiry has been dealt with and thereafter only for as long as statutory retention periods require.
8. Newsletter
If you subscribe to our newsletter, we process your email address to send you logistics insights and updates about our services. We use a double opt-in procedure: after you enter your address, we send you a confirmation email, and we only add you to the newsletter list once you click the confirmation link. We store your email address, your subscription status and the date of your confirmation as a record of your consent.
The legal basis is your consent (Art. 6(1)(a) GDPR and § 7(2) UWG). You can withdraw your consent at any time with effect for the future — every newsletter contains an unsubscribe link, and unsubscribing removes your address from the list. Newsletter delivery is handled by our email provider, Resend (USA), acting as our processor under EU Standard Contractual Clauses. We keep your subscription data until you unsubscribe, after which it is retained only as needed to document your prior consent and to honour your unsubscribe request.
9. Cookies, local storage & analytics
Strictly necessary cookies. When you sign in to the customer portal, we set an essential, encrypted session cookie so that you stay logged in. It is not used for tracking and is required to provide the service you requested (Art. 6(1)(f) GDPR and § 25(2) TDDDG). Your cookie preference is also stored locally in your own browser.
Web analytics (Google Analytics 4). With your consent, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). It uses cookies and similar technologies to help us understand how visitors use our website — for example which pages are viewed, approximate location, and device and browser type. Google Analytics 4 does not log or store full IP addresses.
Analytics runs only after you actively agree via our cookie banner. The legal basis is your consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG). No analytics cookies are set before you consent, and you can withdraw your consent at any time with effect for the future using the “Cookie settings” link in the footer. In connection with this service, data may be transferred to Google LLC in the USA; such transfers are safeguarded by the EU Standard Contractual Clauses, and Google acts as our processor. Further information is available in Google's privacy policy at policies.google.com/privacy.
10. Recipients & transfers
We do not sell your personal data. We share it only with the processors described in this policy (our hosting, database, email, analytics and shipping-platform providers), each of which processes it on our behalf under a data processing agreement and only as needed to provide their service, and with public authorities where we are legally required to do so. Where a processor is based outside the EU/EEA, transfers are safeguarded by the EU Standard Contractual Clauses.
11. Your rights
Under the GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and to object to processing (Art. 21). Where processing is based on consent, you may withdraw it at any time with effect for the future (Art. 7(3)). To exercise these rights, contact us using the details in section 1.
You also have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.
12. Data security
This website is delivered over an encrypted TLS/SSL connection to protect data transmitted between your browser and our servers. Portal passwords are stored only as salted Argon2id hashes, and stored API keys are encrypted at rest with AES-256. We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse.
13. Changes to this policy
We may update this privacy policy to reflect changes to our processing or legal requirements. The current version always applies and is available on this page.