I. Name and address of the controller
The controller within the meaning of the GDPR and of other national data protection and privacy laws of the EU Member States as well as other data protection provisions is:
Hamburg Südamerikanische Dampfschifffahrts-Gesellschaft A/S & Co KG
Willy-Brandt-Strasse 59-65, 20457 Hamburg, Germany
Telephone: +49 40 37050
Telefax: +49 40 37052400
This also applies to the enterprises of the Hamburg Süd Group listed below:
Maersk Line FMT Hamburg GmbH
Willy-Brandt-Strasse 59-61, 20457 Hamburg, Germany
Telephone: +49 40 37050
Telefax: +49 40 37052400
II. Name and address of the data protection officer
The data protection officer for the above-referenced controller and for the enterprises of the Hamburg Süd Group set out above is:
Your trust is important to us. If you have any questions concerning the collection, processing, or use of your personal data, in the case of withdrawal of consent, information, correction, blocking or erasure of data, please contact:
Hamburg Südamerikanische Dampfschifffahrts-Gesellschaft A/S & Co KG
Willy-Brandt-Strasse 59-65, 20457 Hamburg, Germany
III. General information on the processing of data
1. Scope in which personal data are processed
As a matter of principle, we collect and use the personal data relating to our users only to the extent to which this is necessary in order to make available a functional website, to present our content, and to provide our services. The collection and use of the personal data of our users regularly takes place only on a legal basis. An exception applies in those cases in which no legal basis is apparent and the processing of data can be legitimized only by a consent.
2. Legal basis for the processing of personal data
Insofar as the data subject’s consent is required for the processing of personal data, Article 6 paragraph 1 lit. a of the GDPR serves as the legal basis for such processing.
Where the personal data are to be processed for purposes of performing a contract and where the data subject is a party to said contract, Article 6 paragraph 1 lit. b of the GDPR serves as the legal basis for such processing. This also applies if the processing is necessary in order to take steps prior to entering into a contract.
Where the processing of personal data is necessary in order to comply with a legal obligation to which our enterprise is subject, Article 6 paragraph 1 lit. c of the GDPR serves as the legal basis for such processing.
Where processing is necessary to serve the legitimate interests pursued by our enterprise or by a third party and where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6 paragraph 1 lit. f of the GDPR serves as the legal basis of such processing.
3. Erasure of data and storage period
The personal data relating to the data subject will be erased or blocked as soon as the purpose for which they are being stored has ceased to exist. Furthermore, data may be stored if this has been provided for by the European or domestic legislature in regulations, acts or other rules under Union law to which the controller is subject. The data will be blocked or erased also in those cases in which a storage period lapses that is stipulated by the above-referenced standards, unless there is a need to continue storing the data for purposes of concluding a contract or performing under a contract.
IV. Cookies, Google Analytics, Google Tag Manager, and Google-Marketing-Services, LinkedIn
Fundamentally, it is possible to use our internet presence without providing any personal data.
When you use our website, we use what are known as “cookies.” These are text files that are stored on your hard drive and that enhance the convenience of our internet offering for our users, its effectiveness, and its security. When you next access our website using the same end device, the data stored in the cookies subsequently will either be re-transmitted to our website (“first party cookie”) or to another website to which the cookie belongs (“third party cookie”).
In using cookies, we distinguish between “necessary cookies” that are required in technical terms in order to enable us to make available our online services to you, as well as additional cookies that are suited to optimize the use of the online services or that will enable us to provide personalized content or to analyze user behavior. In line with the stipulations of the law, we will only use “necessary cookies” without having obtained your express consent. All other cookies will be stored on your end device only if you have expressly granted your consent. You are free to change the settings you have opted for at any time, with effect for the future, using the cookie-consent tool on our website.
Further details on the cookies we use are provided below:
List of cookies
2. Google Analytics
Insofar as you have granted your consent in this regard, this website uses Google Analytics, a web analysis service offered by Google LLC. The use comprises the operating mode “Universal Analytics.” This allows data, sessions, and interactions to be allocated across several devices to one pseudonymized user ID and to thus analyze the activities of a user across his or her devices.
Acting on our behalf, Google will use the information collected in this way in order to analyze your usage of our website, to compile reports on website activities for us, and to provide us with other services relating to the use of the website and the internet.
The data we transmit that are linked to cookies automatically will be erased after 14 months have lapsed. The erasure of data, the retention period of which has expired, will be performed automatically once a month.
You may adjust your settings at any time using the cookie-consent tool. Moreover, you can entirely prevent the data generated by the cookie relating to your use of the website from being captured (including your IP address) and from being transmitted to Google, and you may entirely prevent Google from processing such data, by downloading and installing the following browser add-on: https://tools.google.com/dlpage/gaoptout?hl=en .Opt-out cookies prevent data relating to you from being captured in future when you visit this website. In order to prevent data from being captured across various devices, you will have to opt out on all of the systems you use. Please click HERE to navigate to the page on which you can install the opt-out cookie.
3. Google Tag Manager
In order to capture data on our website, we use Google Tag Manager. This is a cookie-free domain that does not itself allow personal data to be captured. However, the tool triggers other tags that may record data under certain circumstances, which the Google Tag Manager does not itself access.
4. Google Marketing Services
We use the marketing and remarketing services (“Google marketing services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). On our websites, Google marketing services are disabled by default and are not enabled unless you have opted into tracking cookies. Data processing is based on your consent pursuant to point (a) of Art. 6(1) of the GDPR.
Google marketing services enable us to display ads on our website in a more targeted manner so that users are only shown ads that potentially match their interests. If the user, for instance, is shown ads for products he or she has been looking for on other websites, this is called remarketing. For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly implements a code from Google and (re)marketing tags (clear GIFs or code, also known as “web beacons”) are embedded in the website. They enable an individual cookie, i.e. a small file, to be placed on the user’s device (similar technologies may be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file records which websites the user visited, what content he/she is interested in and what offerings the user clicked on, as well as technical information on the browser and operating system, referrer URLs, time of visit and other details on the use of the online presence. The user’s IP address is also collected, though we would like to inform you in relation to Google Analytics that in European Union member states or other parties to the Agreement on the European Economic Area the IP address is truncated and only in exceptional cases is the full address transferred to a Google server in the United States and truncated there. The IP address is not merged with user data from other Google offerings. If the user visits other websites afterwards ads tailored to him/her according to his/her interests may be displayed to him/her.
User data are processed pseudonymously as part of Google marketing services. That is, Google does not store and process users’ names or email addresses. Rather, it processes the relevant data based on cookies within pseudonymous user profiles. That is, from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the holder of the cookie, regardless of who that cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymisation. The information collected by “DoubleClick” about users is transmitted to Google and stored on Google’s servers in the United States.
One of the Google marketing services we use is the online advertising platform “Google Ads”. In the case of Google Ads, each Ads customer receives a different “conversion cookie”. Cookies therefore cannot be tracked through the websites of Ads customers. The information collected by the cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Ads customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that personally identifies users.
For more information about Google’s use of data for marketing purposes, please see the summary page: https://www.google.com/policies/technologies/ads
If you wish to object to the collection of data by Google marketing services, you can do so using the settings and opt-out options provided by Google: http://www.google.com/ads/preferences
5. LinkedIn Insight Tag
Insofar as you have given us your consent, we use the LinkedIn Insight Tag, a tracking tool by LinkedIn Ireland Unlimited Company that records and analyses LinkedIn members on a website. Data processing takes place in compliance with Art. 6 (1)(a) of the General Data Protection Regulation (GDPR) on the basis of your consent.
The tool allows us to gain insights regarding the performance of our ad campaigns on LinkedIn and the appeal of our offers. The LinkedIn Insight Tag places a cookie in your browser for this purpose. With this cookie, LinkedIn collects data such as the URL, referrer URL, device characteristics, browser characteristics and IP address, among others. LinkedIn anonymises the data within seven days. Within 90 days, LinkedIn deletes the data. We do not receive any personal data from LinkedIn, but only anonymised reports about the website’s target group and the performance of the ad(s). Via the Insight Tag, LinkedIn also offers the option of a retargeting. With the help of this data, we can show you targeted advertising outside our website, e.g. on LinkedIn, without being able to identify you as a visitor on this or these website(s).
More information on data privacy at LinkedIn is available at: https://www.linkedin.com/legal/privacy-policy .
Within the framework of our cookie consent tool, you are able to revoke your consent to the use of your data for the application of the LinkedIn tool at any time with effect from that date forwards, or you can adjust your consent. Moreover, you can block cookies by changing the setting of your browser add-ons. For detailed information about LinkedIn’s opt-out guidelines see the specific information on the LinkedIn website:
V. Data processing in the context of our transport services
The contractual partner often provides personal data to Hamburg Süd that relate to recipients (consignees), employees of recipients, or other parties involved in the transport. In this context, the responsibility for ensuring that the data are made available in compliance with applicable data-protection laws lies with the contractual partner. We will further process these data in compliance with the GDPR and other applicable laws governing data protection.
On instruction of the contractual partner, we may forward information, including personal data, to portals used in international logistics in order to more efficiently structure the exchange of information at the local or international levels (in particular INTTRA or TradeLens).
On the basis of Article 6 paragraph 1 lit. f) of the GDPR, we may also process personal data, without having been expressly instructed to do so by a contractual partner, in order to facilitate the exchange of information in logistics. However, such processing will be performed only if our detailed assessment shows that our legitimate interests are not overridden by the interests, rights, and freedoms of the data subjects concerned.
Under certain circumstances, the international nature of our business may also necessitate the transmission of personal data to countries that do not feature the same data protection standards as are in place in the country in which you have your seat or in which you reside. Insofar as we transmit data into other states, we observe the applicable statutory requirements and conclude the corresponding agreements (in particular the standard contractual clauses made available by the European Commission for the transmission of data to third countries as well as potentially supplementary measures) in order to protect the personal data and in order to ensure an adequate level of data protection within the meaning of the GDPR.
VI. Press information and newsletter
1. Press information service
Should you be using our press information service, the personal data that you provide for this purpose (specifically the email address you make available in signing up for the service) will be used exclusively for sending the press information desired. You are free at any time to withdraw the consent granted to storing the data and the email address, and to their being used for purposes of sending the press information. In particular, you may unsubscribe from the press information service HERE .
2. Hamburg Süd-Newsletter
You are welcome to subscribe to the Hamburg Süd-Newsletter “ Red Notes ” at no cost. In transmitting the email newsletter, we work together with a service provider to whom we will make available your contact details for this purpose. We ensure that the data are used only for purposes of the email transmission you have opted for. If you have signed up for the newsletter, this means that you concurrently have granted your consent to data being collected when you receive the email newsletter (opening rate, click-through rate, and unsubscribe rate, bounces, devices, geo-tracking); these data will be used exclusively for purposes of internal analysis. You have the opportunity to subscribe to the Hamburg Süd Newsletter or to unsubscribe from it at any time.
3. Portals serving our customers or service providers; log files
Should you wish to register for a customer portal or service provider portal that we offer, in which context you will provide user data and create a password, you will need to enter your email address into the input screen for the relevant portal. We will initially use this email address in order to process your inquiry. You will receive a request by email to provide further necessary data on our service provider portal. Once we have reviewed your registration, we will activate your user data for the respective portal. We will notify you by email of this activation.
Following the activation, your user data will serve to identify you on the portal you have opted for. Moreover, your data will serve to fulfill the various purposes of the portal that you have opted for, this being the initiation of contact, the implementation of the respectively intended or performed contract and, subsequently, its evaluation. Any information that is collected from users within these portals may also be used for marketing purposes within the limits of the law.
Every time you access the aforementioned portals or related services on our website, information transmitted by your browser is automatically stored in so-called log files. In detail, these are the name of your provider, your anonymized IP address, the type of your browser and your operating system, previously visited web pages and the time of the server inquiry. This data is not stored together with other personal data that can be assigned to you.
The legal basis for the temporary storage of data is Art. 6 paragraph 1 lit. f of the GDPR.
The data is temporarily stored for the purposes of ensuring the security of our information technology systems, troubleshooting and optimizing the delivery of the website. An evaluation of the data for marketing purposes does not take place in this context. The aforementioned purposes also include our legitimate interest in data processing in accordance with Art. 6 paragraph 1 lit. f of the GDPR.
The collection of data as well as the storage of data in log files in the course of using the aforementioned portals and related services is mandatory for the operation of this area of the website. Consequently, there is no possibility of objection on the part of the user in this respect.
The data will be deleted as soon as they are no longer required for the purpose of their collection.
Based on our legitimate interest, and in order to allow us to tailor our services to your needs and to optimize them, we will perform customer satisfaction surveys at regular intervals, and will select respondents based on a random sampling method. In implementing these surveys, we will forward the necessary personal data (first name, last name, location, email address, function within the enterprise) of the randomly selected customers, respectively of the employees of the respective customers, to the parties involved in the survey, these being internal bodies, affiliated enterprises, and external service providers. In the context of the survey, the customer voluntarily taking part in it after having been invited to do so, respectively the customer’s employee, may select whether his or her feedback subsequently is to be made available to us in anonymized form or such that it relates to the respondent, allowing our customer controllers to contact the respondent at a later time. In performing such surveys, we observe the applicable statutory requirements and conclude the corresponding agreements (particularly agreements on data processing performed by a processor on behalf of the controller or, on an as-needed basis, using the standard contractual clauses made available by the European Commission for the transmission of data to third countries); we do so in order to protect the personal data and to ensure an adequate level of protection of personal data within the meaning of the GDPR.
VII. Access by third parties and forwarding of data
The collection, processing, and use of personal data is performed by ourselves as well as by other enterprises forming part of our group of companies, or by external service providers under contract with us, who are under obligation under contract and by law to protect personal data. In these cases, we ensure that enterprises forming part of our Group and external service providers comply with the relevant rules of data-protection law.
Should you request the services of one of the enterprises forming part of our group of companies, or the contact data, via one of the portals we are making available (see Section V 3), we will notify this affiliated enterprise of the data you have made available to us.
Otherwise, no third party has access to personal data relating to you. Only if requirements are made of us by the authorities or if we are obligated to do so by law or by statutory transmission duties will we transmit data to the competent body. This applies also to any court order instructing us to transmit data. If the duty to transmit data is imposed on us by an authority or a judge, or if this duty is incumbent on us by law, we will review on a case-by-case basis whether the transmission is compliant with the principles of the GDPR and / or applicable national law.
We have put in place far-reaching security provisions and protective measures in order to safeguard the personal data we store against unauthorized access, improper use, alteration, theft, destruction, and loss. Nonetheless, we must note that it is not assured, when data are transferred via the internet without encryption, that third parties will be prevented from accessing these data. For technical reasons, it is not possible to protect your data absolutely while they are being transmitted from your system to our server without encryption.
IX. Rights of data subjects
If personal data relating to you are processed by us or by service providers to whom we have awarded a corresponding contract, then you are a data subject within the meaning of the GDPR. You are entitled to the following rights vis-à-vis the controller:
1. Right to request information: You have the right to request information about the personal data relating to you, in particular: the purposes of the processing; the categories of personal data concerned; the categories of recipients to whom the personal data have been or will be disclosed; the envisaged period for which the data will be stored; the existence of a right to request the rectification or erasure of personal data or the restriction of their processing, or a right to object to such processing; the existence of a right to lodge a complaint; the source of the personal data if they were not collected by us, as well as on the existence of automated decision-making, including profiling.
2. Right to rectification: You have the right to obtain, without undue delay, the rectification of incorrect data, or to demand that the personal data relating to you we are storing be completed.
3. Right to erasure: You have the right to obtain the erasure of the personal data relating to you we are storing, unless the processing is necessary in order to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
4. Right to blockage: You have the right to demand that a block or restriction be placed on the processing of the personal data relating to you. Data that have been blocked will not be erased from our databases; however, the processing of such data will cease for the duration of the block or restriction.
5. Right to data portability: You have the right to obtain the personal data relating to you that you have provided to us in a structured, commonly used, and machine-readable format, or to demand that such data be transmitted to some other controller.
6. Right to withdraw: Any consents granted may be withdrawn at any time. The consequence will be that in future, we are not permitted to continue to process the data as we previously did based on this consent.
7. Right to object: You have the right to lodge an objection with a supervisory authority. To this end, you may turn to the supervisory authority that is competent for the location at which our enterprise has its registered seat.
In the event of a data-subject right being exercised under the GDPR, we will not charge a fee. However, a fee may be charged in a suitable amount if your enquiry manifestly was made in abuse, or if you file the request repeatedly without this being justified by any reasons in fact.
Under certain circumstances, we may be forced to collect information from you that will enable us to uniquely identify you as a data subject. In this context, we will endeavor to not impede or even prevent your concerns. Instead, we wish to ensure that no unauthorized parties gain access to any personal data relating to you.
Status: October 2020