At Hamburg Südamerikanische Dampfschifffahrts-Gesellschaft ApS & Co KG (“Hamburg Süd”), we respect your privacy. The protection of your personal data (such as your name, email address or telephone number) is therefore of particular importance to us. Our data protection practice complies with the provisions of the General Data Protection Regulations (GDPR) of the European Union as well as with additional legal requirements.
I. Names and Addresses of the Controller
The “controller” within the meaning of the General Data Protection Regulations (GDPR) and of other national data protection and privacy laws of the EU Member States as well as other data protection provisions is:
Hamburg Südamerikanische Dampfschifffahrts-Gesellschaft ApS & Co KG
Willy-Brandt-Str. 59-65, 20457 Hamburg, Germany
Telefon: +49 40 37050
Telefax: +49 40 37052400
II. Names and Addresses of the Data Protection Officer(s)
The data protection officer for the aforementioned controllers and for the aforementioned companies belonging to the Hamburg Süd Group is:
We value your trust. Should you have any questions regarding the collecting, processing or use of your personal data, in the case of revocation of consent, information, correction, blocking or deletion of data, please contact:
Hamburg Südamerikanische Dampfschifffahrts-Gesellschaft ApS & Co KG
Willy-Brandt-Str. 59-65, 20457 Hamburg, Germany
III. General Information on Data Processing
1. Scope of the processing of personal data
As a matter of principle, we only collect and use the personal data of our users as much as is necessary to provide a functional website as well as our contents and services. The collecting and use of the personal data of our users regularly takes place only on a legal basis. An exception applies in such cases in which a legal basis is not apparent and the processing of the data can only be authorized via a consent.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject to process his or her personal data, Art. 6 para. 1 Lit. a of the GDPR serves as legal basis.
In the processing of personal data required to fulfill a contract whose contracting party is the data subject, Art. 6 para. 1 Lit. b of the GDPR serves as legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures and actions.
Insofar as the processing of personal data is necessary in order to fulfill a legal obligation to which our company is subject, Art. 6 para 1 Lit. c of the GDPR serves as legal basis.
If the processing of data is necessary to safeguard a legitimate interest of our Company or of a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 Lit. f of the GDPR serve as legal basis for the processing.
3. Data erasure and storage period
The personal data of the data subject will be erased or blocked as soon as the purpose of storing the data ceases to apply. Furthermore, data may be stored if doing so has been provided for by European or national lawmakers in EU regulations, laws or other provisions to which the controller is subject. The data will likewise be blocked or erased if a storage period stipulated by the aforementioned rules expires, unless it is necessary to continue storing the data in order to conclude or fulfill a contract.
IV. Provision of the Website and Creation of Log Files
As a basic principle, you are able to use our internet site without providing your personal data.
1. Webserver log files
Every time our internet pages are accessed, information transmitted from your browser is automatically saved in webserver log files. In particular, this information includes the name of your provider, your anonymized IP address, your browser type, your operating system, internet sites you have previously visited, and the server request time. Neither this data nor other associated personal data of the user are stored.
The legal basis for the temporary storage of data is Art. 6 para. 1 Lit. f of the GDPR.
The temporary storage of the IP address by the system is necessary in order to make it possible for the website to be delivered to the user’s computer. To do this, the user’s IP address must remain stored for the duration of the session. The log files are stored in order to ensure the functionality of the website. In addition, the data helps us optimize the website and safeguard the security of our information technology systems. In this context, no analysis of the data is conducted for marketing purposes.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. As relates to the collection of data for the provision of the website, this is the case when the respective session has ended.
The collection of data for the provision of the website as well as the storage of data in log files is absolutely necessary for the operation of the website. For this reason, there is no option to object on the user’s side.
2. Cookies and the Matomo web analysis service
We use “cookies” on our internet pages. Cookies are text files stored on your computer that help increase the ease of use, efficacy and safety of our internet service.
In the cookies we use, we store:
- Anonymized user IP
- Date and time of access
- Subject of the sites visited
- URL of the sites visited
- Screen resolution
- User’s time zone
- Files downloaded and clicked on
- Links to external domains (outlink)
- Page generation speed (how long did it take until the visited page was displayed)
- Visitor location: country, region, city (geolocation)
- Browser language
- User’s browser type
The purpose of using technically necessary cookies is to simplify the use of websites for users. We will assess the data stored by the cookies on your machine using “Matomo” web analysis software to constantly improve our internet site. For this purpose, usage information generated by cookies is transferred to our server and stored for usage-analysis purposes. Your IP address is already stored in the cookie simply in anonymized form, and it is only recorded in this form by our web analysis software so that you remain anonymous as a user in the context of the analysis.
The cookies stored by us on your internet browser are automatically deleted after 14 days.
V. Press Info and Newsletter
1. Press Info Service
If you use our Press Info Service, the personal data supplied by you for this purpose (in particular, the email address provided) is used exclusively for sending the desired press info. The consent given for your data and email address to be stored and used to send press info can be revoked at any time. In particular, you can unsubscribe from the Press Info Service using the following link. Unsubscribe
2. Hamburg Süd newsletter
You have the opportunity to sign up for the free Hamburg Süd newsletter. In order to send out our email newsletter, we work together with a service provider to which we need to pass on your address details. We take care to ensure that the data is only used for the purposes of sending the requested emails to you. If you have signed up for our newsletter, you are also consenting to the collection of data upon receipt of the email newsletter (opening, click and unsubscribe rates, bouncebacks, devices, geotracking). Such data will be used solely for the purposes of performing internal analyses. You are free to subscribe to or unsubscribe from the Hamburg Süd newsletter at any time.
3. Login data for the customer and service provider portals
Should you wish to register for one of the customer or service provider portals provided by us with user information and a password, enter your email address into the relevant input screen for the specific portal. We will initially use this email address to process your request. You will then be requested by email to provide additional necessary personal information on our service provider portal. After your registration has been verified, you will be activated on the relevant portal with your user data. Once this approval has been granted, you will receive an email notification to this effect.
Following approval, your user data will be used to identify you on your chosen portal. Moreover, you will make your data available to us in order for us to fulfil the portal tasks requested by you (i.e., for contact and implementation and subsequent assessment of the intended or executed contractual relationship).
VI. Third-Party Access and Data Disclosure
The recording, processing and use of personal data is carried out by us as well as other companies in the Corporate Group or by external service providers who are contracted by us and both contractually and legally bound to data protection. In these cases, we ensure that Group companies and these external service providers abide by the relevant legal data protection rules.
Insofar as you request the services of or contact from one of our associated companies from a portal provided by us (cf. Section V 3), we will share the data you have made available to us with this associated company.
Otherwise, no third parties have access to your personal data. We will only forward data to the responsible authority in the event of official or legal demands as well as legal obligations to transmit data. This also applies in the event of a court order for transmission. In the case of an official, legal or judicial obligation to transmit data, we will examine in each individual case whether the transmission complies with the basic principles of the GDPR and/or the applicable national law.
We have implemented extensive security provisions and measures to protect personal data stored by us from unauthorized access, misuse, altering, misappropriation, destruction and loss. However, we must point out that unencrypted data transfer via the internet cannot provide any guarantee that access to your data by third parties is prohibited. Complete protection of your data during unencrypted transfer from your system to our server is not possible in technical terms.
VIII. Rights of the data subject
If your personal data is processed, then you are a “data subject” within the meaning of the GDPR. You have the following rights vis-à-vis the controller:
1. Right of access: You may request information about your data processed by us, in particular about the purposes of processing, the category of personal data, the categories of recipients to whom the data have been or will be disclosed by us, the envisioned period of storage, the existence of a right of rectification, erasure, restriction of processing or objection to it, the existence of a right to lodge a complaint, where your data are collected from (if these are not collected by us), and the existence of automated decision-making, including profiling.
2. Right to rectification: You have the right to demand without undue delay the rectification of inaccurate personal data stored by us as well as to have incomplete personal data stored by us completed.
3. Right to erasure: You have the right to demand that personal data stored by us be erased as long as the processing of this data is not necessary to fulfill a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
4. Right to block data: You have the right to demand that your personal data be blocked. Data that is blocked will not be deleted from our databases, but they will not be processed as long as the block is in effect.
5. Right to data portability: You have the right to receive the personal data on you that you have provided us in a structured, commonly used and machine-readable format or to demand that it be transmitted to another controller.
6. Right to object: Consent given to process your personal data can be revoked at any time. As a result of this, we will no longer be permitted to continue processing data based on this consent in the future.
7. Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. To do so, you can contact the supervisory authority of the place of business of our company.
In order to exercise your rights as a data subject, please contact our Data Protection Officer (cf. Section I of this Data Privacy Statement). As an alternative, you may also contact a customer service representative or other contact person you know at Hamburg Süd.
If an individual exercises his or her rights in accordance with the GDPR, we will not charge any fees. However, a reasonable fee may be charged if your inquiry is demonstrably abusive improper or if you make a repeated inquiry without relevant justification.
We may need to collect information on you that will enable us to clearly identify you as a data subject. In doing so, we will endeavor not to complicate or even hinder your request. Rather, we want to make sure that none of your personal data falls into the hands of unauthorized persons.
Our internet sites may contain hyperlinks (i.e., electronic cross-references) with which internet sites from other companies can be called up. This Data Privacy Statement does not apply to these linked internet sites belonging to other companies.
X. Amendment of this Data Privacy Statement
It may be necessary to adapt our Data Protection Statement to changing framework conditions of a factual and legal nature. The Data Privacy Statement published on our pages is kept up to date.
As of: May 2018