The responsible legal person, in the sense of the General Data Protection Regulation and other national data protection rules of the member states as well as other data protection regulations, is:

RHL Reederei Hamburger Lloyd GmbH & CO KG
Brooktorkai 20
20457 Hamburg
Germany

Tel. : +49 (0) 40 380 881 - 300
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: www.hamburger-lloyd.de

Data Protection Officer on behalf of the responsible person is:

Thilo Noack
SharedIT Professional GmbH & Co. KG
Saebystr. 17a
24576 Bad Bramstedt
Germany

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

We generally only process personal user data insofar as this is necessary to provide a functioning website as well as our content and services. Personal user data is only processed with the user's consent. An exception are those cases where prior consent cannot be obtained for practical reasons, and where data processing is permitted by law.

Insofar as we obtain the consent from the affected person for the processing of his or her personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) is to serve as the legal basis.

When processing personal data required for the performance of a contract to which the affected person is a party, Art. 6 para. 1 lit. b GDPR is to serve as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR is to serve as the legal basis.

In the event that the vital interests of the affected person or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is to serve as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights and freedoms of the affected person do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR is to serve as the legal basis for the processing.

The personal data of the affected person will be deleted or blocked as soon as the reason for the storage no longer applies. Furthermore, data can be stored if this was laid down by the European or national legislator in EU regulations, laws, or other provisions to which the responsible person is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires, unless there is a need for further data storage for the conclusion or fulfilment of a contract.

Every time our website is called up, our system automatically records data and information. The following data is collected:

The access logs of the web servers record which page views have taken place at what time. They contain the following data: IP, directory protection user, date, time, accessed pages, protocols, status code, data volume, referrer, user agent, accessed host name.

The IP addresses are stored anonymously for 60 days.

The error logs of the web servers record incorrect page views. The accessing IP address and, depending on the error, the accessed website are stored in addition to the error alerts. Error logs are deleted after 7 days.

The mail logs for sending emails from the web environment are rendered anonymous after one day and then kept for 60 days. Anonymization removes all sender/recipient data, etc. Only data relating to the time of sending and information on how the email was processed are saved. (Queue ID or not sent).

The legal basis for temporary data processing is Art. 6 para. 1 lit. f GDPR.

Temporary storage of user IP addresses by the system is required to enable the website to be delivered to the users' computers. For this purpose, a user's IP address must remain stored for the duration of the session in question.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves to optimise the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also serves these purposes.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collection for the provision of the website, this happens when the respective session has ended.

See also point 1, in which the storage time of log files is explained.

Data collection for the provision of the website and the storage of data in log files is absolutely essential for the operation of the website. Consequently, there is no possibility for the user to object.

Our website uses cookies. Cookies are text files that are stored in the web browser, or by the web browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a unique string of characters that unambiguously identifies the web browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing web browser can be identified even after a page change.

The Joomla system creates a session cookie with a storage duration of 15 minutes for logging on to the backend.

The legal basis for personal data processing using cookies is Art. 6 para. 1 lit. f GDPR.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this purpose, it is necessary that web browsers are identified even after page changes.

The user data collected by technically necessary cookies are not used to create user profiles.

Our legitimate interest in personal data processing according to Art. 6 para. 1 lit. f GDPR also serves these purposes.

Cookies are stored on the user's computer and transmitted to our site from there. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your web browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to make full use of all its functions.

Newsletter data

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided, and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.

The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

CleverReach

This website uses CleverReach for the sending of newsletters. The provider is the CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you have entered for the purpose of subscribing to our newsletter (e.g., e-mail address) are stored on servers of CleverReach in Germany or in Ireland.

Newsletters we send out via CleverReach allow us to analyze the user patterns of our newsletter recipients. Among other things, in conjunction with this, it is possible how many recipients actually opened the newsletter e-mail and how often which link inside the newsletter has been clicked. With the assistance of a tool called Conversion Tracking, we can also determine whether an action that has been predefined in the newsletter actually occurred after the link was clicked (e.g., purchase of a product on this website). For more information on the data analysis services by CleverReach newsletters, please go to: https://www.cleverreach.com/en/features/reporting-tracking/.

The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

If you do not want to permit an analysis by CleverReach, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more details, please consult the Data Protection Provisions of CleverReach at: https://www.cleverreach.com/en/privacy-policy/.

Execution of a contract data processing agreement

We have entered into a contract data processing agreement with the provider of CleverReach and implement the strict provisions of the German data protection agencies to the fullest when using CleverReach.

If your personal data are processed you are an affected person under the GDPR, and you have the following rights vis-à-vis the responsible person:

You can ask the responsible person to confirm whether your personal data is processed by us.

If such processing has taken place, you can request the following information from the responsible person:

• the purposes for which the personal data are processed;
• the categories of personal data that are processed;
• the recipients and/or categories of recipients to whom your personal data have been or are still being disclosed;
• the planned storage duration of your personal data or, if specific information on this is not possible, criteria for determining the storage duration;
• the existence of a right to correction or deletion of your personal data, of a right to restriction of the processing by the responsible person, or of a right to object to such processing;
• the existence of a right of complaint to a supervisory authority;
• any available information on the origin of the data, if the personal data are not collected from the affected person;
• the existence of automated decision-making including profiling, in accordance with Art. 22 para. 1 and 4 GDPR, and – at least in these cases – meaningful information on the logic involved, as well as the scope and intended effects of such processing for the affected person.

You have the right to request information as to whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.

If your processed personal data are incorrect or incomplete, you have a right to correction and/or completion vis-à-vis the responsible person. The responsible person is to carry out the correction immediately.

You can request that the processing of your personal data be restricted if one of the following conditions are met:

• you dispute the accuracy of your personal data over a period of time that enables the responsible person to verify the accuracy of the personal data;
• the processing is against the law and you refuse the deletion of the personal data and instead demand the restriction of their use;
• the responsible person no longer needs the personal data for processing purposes, yet you need them for asserting, exercising, or defending legal claims, or
• you have filed an objection against the processing according to Art. 21 para. 1 GDPR and it is not yet clear whether the justifiable reasons of the responsible person outweigh your own reasons.

If the processing of your personal data has been restricted, these data may only be processed – apart from their storage – with your consent, or in order to assert, exercise or defend legal rights, or to protect the rights of another natural or legal person, or on the basis of an important public interest of the Union or of a member state.

If the processing restriction has been restricted under the above conditions, you will be informed by the responsible person before the restriction is lifted.

You can request that the responsible person delete your personal data immediately, and the responsible person is under an obligation to delete these data immediately, if one of the following conditions are met:

• Your personal data are no longer required for the purposes for which they were collected or otherwise processed.
• You revoke the consent on which the processing was based, in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
• You file an objection against the processing in accordance with Art. 21 para. 1 GDPR and there are no overriding justified reasons for the processing, or you file an objection against the processing in accordance with Art. 21 para. 2 GDPR.
• Your personal data have been unlawfully processed.
  The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the member states to which the responsible person is subject.
• Your personal data have been collected in relation to information society services provided according to Art. 8 para. 1 GDPR.

If the responsible person has made your personal data public and is obliged to delete them according to Art. 17 para. 1 GDPR, he shall take the appropriate measures, including technical measures, under consideration of the available technology and the cost of implementation, to inform those responsible for personal data processing that you as the affected person have requested the deletion of all links to this personal data or of copies or replications of this personal data.

The right to deletion does not exist if the processing is necessary

• for exercising the right to freedom of expression and information;
• for compliance with a legal obligation that requires such processing under the law of the Union or the member states to which the responsible person is subject, or for the performance of a task in the public interest, or in the exercise of official authority assigned to the responsible person;
• for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i, and Art. 9 para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible, or seriously impair, the attainment of such processing objectives, or
• to assert, exercise, or defend legal claims.

If you have exercised your right vis-à-vis the responsible person to correct, delete, or restrict the processing, the latter is obliged to inform all recipients to whom your personal data have been disclosed of this correction or deletion or restriction, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the responsible person to be informed about these recipients.

You have the right to receive your personal data, which you made available to the responsible person, in a structured, established, and machine-readable format. In addition, you have the right to pass this data on to another responsible person without obstruction by the responsible person to whom the personal data was made available, provided that

• the processing is based on consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract according to Art. 6 para. 1 lit. b GDPR, and
• the processing is carried out using automated procedures.

In exercising this right, you also have the right to ensure that your personal data are transferred directly from one responsible person to the other responsible person, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest, or in the exercise of official authority assigned to the responsible person.

You have the right to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f GDPR, for reasons relating to your particular situation.

The responsible person will no longer process your personal data unless he can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or such processing serves to assert, exercise or defend legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time against the processing of your personal data for such advertising purposes; this also applies to profiling, insofar as it is related to this kind of direct marketing.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the possibility – notwithstanding Directive 2002/58/EC – to exercise your right of objection by means of automated procedures in which technical specifications are used.

Without prejudice to any other administrative or legal remedy, you have the right of appeal to a supervisory authority, in particular in the member state of your residence, place of work, or place of suspected infringement, if you believe that the processing of your personal data is in opposition to the GDPR.

The supervisory authority to which the complaint has been filed must inform the plaintiff of the status and results of the complaint, including the possibility of a legal remedy under Article 78 GDPR.