Data protection information (information obligations according to Art. 13 DSGVO)

In our opinion, data protection should be transparent, easy to understand and, above all, fair for all parties. Therefore, we would like to inform you in this data protection information on the one hand about which personal data we collect from you and use, whether and, if so, to which third parties this data is passed on, how long we store the data and what rights you have should you not agree with our responsible handling at some point. If you still have questions after reading this detailed data protection information, please do not hesitate to contact us using the contact details below.

Definitions

To start from the same premises, we would like to clarify some definitions at this point. This will ensure that everyone involved knows what we are talking about and assuming in the following note

Personenbezogene Daten: Dies sind alle Informationen, die sich auf eine identifizierte oder identifizierbare natürliche Person (im Folgenden „betroffene Person“) beziehen. Als identifizierbar wird eine natürliche Person angesehen, die direkt oder indirekt, insbesondere mittels Zuordnung zu einer Kennung wie einem Namen, zu einer Kennnummer, zu Standortdaten, zu einer Online-Kennung oder zu einem oder mehreren besonderen Merkmalen identifiziert werden kann, die Ausdruck der physischen, physiologischen, genetischen, psychischen, wirtschaftlichen, kulturellen oder sozialen Identität dieser natürlichen Person sind.

Processing: Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing: This refers to the marking of stored personal data with the aim of restricting their future processing.

Profiling: any automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location is called profiling.

Pseudonymization: Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller: the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Recipient: any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.

Third party: This is a natural or legal person, public authority, agency, or other body, other than the data subject, the controller, the processor, and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent: This is any freely given specific, informed, and unambiguous indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

  1. 1. Name and contact details of the responsible person

The person responsible for data processing is the

Customized Logistics Ideas AG

Am Kaiserkai 10

20457 Hamburg

Germany

Sie erreichen uns postalisch, per E-Mail unter kontakt@cli.ag oder per Telefon 040 360 970 60.

  1. 2. Data Protection Officer

You can reach our data protection officer using the contact details below:

IT-Kanzlei Lutz

Stefan Lutz, LL.M.

Rechtsanwalt & Fachanwalt für IT-Recht

Teerhof 59

28199 Bremen

Germany

lutz@hb-law.de

www.hb-law.de

3. Collection of personal data for informational use

In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):

  • IP address
  • · Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page
  • Access Status/HTTP Status Code
  • Data volume transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

Use of cookies

(1) We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic string of characters and through which certain information flows to the body that sets the cookie. Cookies cannot execute programmes or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the internet offer as a whole more user-friendly and effective, i.e. more pleasant for you.

(2) Cookies may contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user. 

(3) A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:

  • Technical cookies: these are mandatory to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they store which web pages you have visited;
  • Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;
  • Advertising cookies, targeting cookies: These are used to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
  • Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.

(4) Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) sentence 1 lit. a DSGVO. This applies in particular to the use of advertising, targeting or sharing cookies. Furthermore, we only pass on your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Art. 6 (1) sentence 1 lit. a DSGVO.

(5) For more information about which cookies we use and how you can manage your cookie settings and disable certain types of tracking, please see our Cookie Policy [link to Cookie Policy].

(6) You can also determine for yourself whether cookies can be set and accessed through the settings in your browser. You can, for example, completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically informs you as soon as a cookie is to be set and asks you for feedback. You can block or delete individual cookies. However, for technical reasons, this may result in some functions of our website being impaired and no longer functioning fully

(7) If cookies are only used on our website with your consent, you can also make the settings mentioned in paragraph 6 in our Cookie Consent Tool.

5. Use of functions of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide further personal data, which we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly.

(2) When you contact us by e-mail or via the contact form, your e-mail address and, if you provide it, your name and telephone number will be stored by us in order to answer your questions. (Legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO)

6. Data transfer to third parties

(1) We will only pass on your personal data to third parties if participation in promotions, competitions, bookings or the conclusion of contracts are offered by us together with a third-party provider. In this case, you will be informed separately about the transfer to third parties before your data is passed on.

(2) In some cases, we use external service providers to process your data. These have been carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly monitored by us. The service providers will not pass on this data to third parties. Insofar as these service providers are located in the USA, we will inform you of this in connection with the respective functions. This data processing also takes place in accordance with the applicable legal situation. We would like to point out that there is currently no adequate level of data protection in the USA and there is also no adequacy decision on the part of the EU Commission. We would also like to point out that due to the CLOUD Act and other regulations (e.g. intelligence collection powers under Section 702 FISA and Executive Order 12 333), US authorities can access this data and you are not entitled to the data subject rights in the USA as is the case within the EU.

7. Recipients or categories of recipients

If we pass on your personal data to third parties, you will be explicitly informed of this in the description of the respective data processing (e.g. when using our contact form). Of course, we also use external service providers for the technical and organisational processing, with whom we have concluded corresponding order processing contracts within the meaning of Art. 28 DSGVO. These are, for example, service providers for web hosting, sending emails, maintenance and care of our IT systems etc.

8. Storage period

Your data will be stored for as long as it is absolutely necessary to achieve the respective purpose, at the longest, however, for as long as any statutory provisions require us to do so (e.g. under commercial law we are obliged to keep business letters, which may also include emails, for 10 years).

As soon as the purpose of storage ceases to apply or a storage period prescribed by the regulations expires, the personal data is routinely blocked or deleted.

9. Your rights

In this section we would like to inform you comprehensively about the rights you are entitled to.

  • 9.1. Right to information

You have the right to request information from us at any time as to whether personal data relating to you is being processed by us. If this is the case, you have the right to information regarding the information specified in Art. 15 (1) 2nd HSGVO.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer

  • 9.2. Right of rectification

Furthermore, in accordance with Art. 16 of the GDPR, you have the right to demand that we correct any inaccurate personal data relating to you without delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

  • 9.3. Right to erasure ("right to be forgotten")

You also have the right to request that we delete personal data relating to you without delay. We are obliged to comply with this request and to delete personal data unless we are legally obliged or entitled to continue processing your data. For details, please refer to Art. 17 of the GDPR.

  • 9.4. Right to restrict processing

You have the right to demand that we restrict processing, provided that the legal requirements under Section 18 of the GDPR are met.

  • 9.5. Right to information

Pursuant to Art. 19 DSGVO you have asserted the right to rectification, erasure or restriction of processing to us, we are obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.

  • 9.6. Right to data portability

If your data is processed by us with your consent or based on a contract, you have the right to receive the personal data concerning you in a structured, common and machine-readable format. You also have the right to transfer this data to another controller, provided that the legal requirements pursuant to Art. 20 DSGVO are met.

  • 9.7. Right to object

Right to object on a case-by-case basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.

We will no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Right to object to processing of data for direct marketing purposes

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

  • 9.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

  • 9.9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decisio

  1. is necessary for the conclusion or performance of a contract between you and the responsible person,
  2. is authorised by legislation of the Union or the Member States to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. is done with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

Regarding the cases referred to in a. and c. above, the controller shall take reasonable steps to safeguard the rights and freedoms of, and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

  • 9.10. Right of appeal

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The supervisory authority responsible for us is:

The Hamburg Commissioner for Data Protection and Freedom of Information of the Free and Hanseatic City of Hamburg
der Freien und Hansestadt Hamburg

Ludwig-Erhard-Str 22, 7. OG

20459 Hamburg

Tel.: 040 / 428 54 – 4040

Fax: 040 / 428 54 – 4000

E-Mail: mailbox@datenschutz.hamburg.de

10. Legal bases of the processin

Unless already mentioned in the individual processing operations under the previous sections, we show below the legal bases on which we carry out the data processing

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis. In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) lit. d DSGVO serves as the legal basis.

Für den Fall, dass lebenswichtige Interessen der betroffenen Person oder einer anderen natürlichen Person eine Verarbeitung personenbezogener Daten erforderlich machen, dient Art. 6 Abs. 1 lit. d DSGVO als Rechtsgrundlage.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

11. No obligation to provide personal dat

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case within the scope of the products presented and offered by us, you will be informed of this separately.