Privacy Policy
Last updated: 14 januari 2026
1. Introduction
Routix respects your privacy and attaches great importance to the protection of personal data. In this privacy policy we explain how personal data is processed when using the Routix Transport Management System (the "Platform"). This privacy policy is drawn up in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy legislation.
2. Roles and Responsibilities
Routix acts in most cases as a processor within the meaning of the GDPR, whereby the customer acts as the controller. The customer determines the purpose and means of processing personal data within the Platform. Routix processes personal data solely on behalf of and on the instructions of the customer. For personal data that Routix processes for its own business operations, such as invoicing, support, security and compliance with legal obligations, Routix acts as the controller.
3. Legal Bases
Personal data is only processed on the basis of one or more of the following legal bases: (a) the performance of a contract (Article 6(1)(b) GDPR); (b) compliance with legal obligations (Article 6(1)(c) GDPR); (c) legitimate interest, such as security, fraud prevention and product improvement (Article 6(1)(f) GDPR); (d) consent, only where legally required (Article 6(1)(a) GDPR).
4. Categories of Personal Data
Within the Platform, the following categories of personal data may be processed: account and company data, user and access data, operational data such as orders, routes and schedules, vehicle and equipment information, communication data and log and audit data. Location and telematics data is only processed on behalf of the customer.
5. Location and Telematics Data
Location and telematics data is only processed on behalf of the customer and for operational purposes such as planning, safety, compliance with contractual obligations and legal requirements. The customer is responsible for informing data subjects and establishing a valid legal basis for processing. Routix has no independent control over this processing. Routix does not make automated decisions within the meaning of Article 22 GDPR that have legal effects on data subjects or similarly significantly affect them.
6. Sharing Personal Data
Routix never sells personal data to third parties. Personal data may be shared with sub-processors necessary for the delivery of the Platform, such as cloud hosting providers and communication and payment services. Processor agreements have been concluded with these parties. In addition, data may be shared if legally required.
7. Cookies and Similar Technologies
The Platform uses essential and functional cookies that are necessary for the operation of the Platform. Analytical cookies are only used with appropriate safeguards. Marketing and tracking cookies are only placed after explicit consent via a cookie banner. More information can be found in the cookie statement.
8. Security
Routix takes appropriate technical and organizational measures to secure personal data, including encryption, access restrictions, logging, monitoring and incident response procedures. Despite these measures, absolute security cannot be guaranteed. In the event of a data breach concerning personal data processed by Routix on behalf of the customer, Routix will inform the customer without undue delay in accordance with Article 33 GDPR.
9. Rights of Data Subjects
Data subjects have rights under the GDPR such as the right to access, rectification, erasure, restriction of processing, data portability and objection. Requests are in principle handled by the customer as the controller. Routix will support the customer in this where legally required.
10. Retention Periods
Personal data is not retained longer than necessary for the purposes for which it was processed. Retention periods are primarily determined by the customer. Routix may retain data longer if legally required. Routix applies internal retention periods for its own processing activities, including administration, security logs and support, in accordance with legal obligations and legitimate interests.
11. International Transfer
Personal data is processed primarily within the European Economic Area. If transfer outside the EEA takes place, this is done on the basis of standard contractual clauses approved by the European Commission and additional appropriate safeguards.
12. Data of Minors
The Platform is not intended for use by persons under the age of 16. Routix does not knowingly collect personal data from minors.
13. Changes
Routix may change this privacy policy. Changes will be communicated via the Platform or by email. The most current version is always available.
14. Contact and Complaints
For questions about this privacy policy, you can contact us via privacy@routix.nl. For requests concerning personal data processed within the Platform, the data subject should primarily contact the customer as the data controller. If you have a complaint, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).