At Nordic Hamburg Shipmanagement GmbH & Co. KG, we respect your privacy. The protection of your personal data, i.e., your name, email address or telephone number) is therefore of particular importance to us. Our data protection practice complies with the provisions of the General Data Protection Regulations (GDPR) of the European Union, the German Data Protection Act as well as with additional legal requirements.
1. Name and Address of the Controller
The “controller” within the meaning of the General Data Protection Regulations (GDPR) and of other national data protection and privacy laws of the EU Member States as well as other data protection provisions is
Nordic Hamburg Shipmanagement GmbH & Co. KG
2. Contact Details of the Data Protection Officer
We value your trust. Should you have any questions regarding the collecting, processing or use of your personal data, in the case of revocation of consent, information, correction, blocking or deletion of data, please contact our Data Protection Officer:
Nordic Hamburg Shipmanagement GmbH & Co. KG
Data Protection Officer
3. General Information on Data Processing
a. Scope of the processing of personal data
As a matter of principle, we only collect and use the personal data of our users as much as is necessary to provide a functional website as well as our contents and services. The collecting and use of the personal data of our users regularly takes place only on a legal basis. An exception applies in such cases in which a legal basis is not apparent and the processing of the data can only be authorized via a consent.
b. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject to process his or her personal data, Art. 6 para. 1 lit. a of the GDPR serves as legal basis.
Is the processing of personal data required to fulfil a contract whose contracting party is the data subject, Art. 6 para. 1 lit. b of the GDPR serves as legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures and actions.
Insofar as the processing of personal data is necessary in order to fulfil a legal obligation to which our company is subject, Art. 6 para 1 lit. c of the GDPR serves as legal basis.
If the processing of data is necessary to safeguard a legitimate interest of our Company or of a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f of the GDPR serves as legal basis for the processing.
c. Data erasure and storage period
The personal data of the data subject will be erased or blocked as soon as the purpose of storing the data ceases to apply. Furthermore, data may be stored if doing so has been provided for by European or national lawmakers in EU regulations, laws or other provisions to which the controller is subject. The data will likewise be blocked or erased if a storage period stipulated by the aforementioned rules expires, unless it is necessary to continue storing the data in order to conclude or fulfil a contract.
4. Provision of the Website and Creation of Log Files
As a basic principle, you are able to use our internet site without providing your personal data.
a. Webserver log files
Every time our internet pages are accessed, information transmitted from your browser is automatically saved in so-called webserver log files. In particular, this information includes the name of your provider, your anonymized IP address, your browser type, your operating system, internet sites you have previously visited, and the server request time. Neither this data nor other associated personal data of the user are stored.
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f of the GDPR.
The temporary storage of the IP address by the system is necessary in order to make it possible for the website to be delivered to the user’s computer. To do this, the user’s IP address must remain stored for the duration of the session. The log files are stored in order to ensure the functionality of the website. In addition, the data helps us optimize the website and safeguard the security of our information technology systems. In this context, no analysis of the data is conducted for marketing purposes.
These purposes are constituting our legitimate interest as per Art. 6 para. 1 lit. f of the GDPR.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. As relates to the collection of data for the provision of the website, this is the case when the respective session has ended.
The collection of data for the provision of the website as well as the storage of data in log files is absolutely necessary for the operation of the website. For this reason, there is no option to object on the user’s side.
b. Cookies and Web Analysis Services Matomo or Google Analytics
c. Use of Google Maps
Our web site uses Google Maps to display the geographic location of our office. Google Maps is operated by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
We would like to point out that by using Google Maps information about our web site as well as your IP address are being submitted to a server Google hosts, which may be located in the United States of America and which is connected to data protection risks.
5. Third-Party Access and Data Disclosure
The recording, processing and use of personal data is carried out by us as well as other companies in the Corporate Group or by external service providers who are contracted by us and both contractually and legally bound to data protection. In these cases, we ensure that Group companies and these external service providers abide by the relevant legal data protection rules.
Insofar as you request the services of or contact from one of our associated companies from a portal provided by us, we will share the data you have made available to us with this associated company.
Otherwise, no third parties have access to your personal data. We will only forward data to the responsible authority in the event of official or legal demands as well as legal obligations to transmit data. This also applies in the event of a court order for transmission. In the case of an official, legal or judicial obligation to transmit data, we will examine in each individual case whether the transmission complies with the basic principles of the GDPR and/or the applicable national law.
We have implemented extensive security provisions and measures to protect personal data stored by us from unauthorized access, misuse, altering, misappropriation, destruction and loss. However, we must point out that unencrypted data transfer via the internet cannot provide any guarantee that access to your data by third parties is prohibited. Complete protection of your data during unencrypted transfer from your system to our server is not possible in technical terms.
7. Rights of the data subject
If your personal data is processed, then you are a “data subject” within the meaning of the GDPR. You have the following rights vis-à-vis the controller:
a. Right of access: You may request information about your data processed by us, in particular about the purposes of processing, the category of personal data, the categories of recipients to whom the data have been or will be disclosed by us, the envisioned period of storage, the existence of a right of rectification, erasure, restriction of processing or objection to it, the existence of a right to lodge a complaint, where your data are collected from (if these are not collected by us), and the existence of automated decision-making, including profiling.
b. Right to rectification: You have the right to demand without undue delay the rectification of inaccurate personal data stored by us as well as to have incomplete personal data stored by us completed.
c. Right to erasure: You have the right to demand that personal data stored by us be erased as long as the processing of this data is not necessary to fulfil a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
d. Right to block data: You have the right to demand that your personal data be blocked. Data that is blocked will not be deleted from our databases, but they will not be processed as long as the block is in effect.
e. Right to data portability: You have the right to receive the personal data on you that you have provided us in a structured, commonly used and machine-readable format or to demand that it be transmitted to another controller.
f. Right to object: Consent given to process your personal data can be revoked at any time. As a result of this, we will no longer be permitted to continue processing data based on this consent in the future.
g. Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. To do so, you can contact the supervisory authority of the place of business of our company.
In order to exercise your rights as a data subject, please contact our Data Protection Officer (cf. Section I of this Data Privacy Statement). As an alternative, you may also contact a customer service representative or other contact person you know at Nordic Hamburg Shipmanagement GmbH & Co. KG.
If an individual exercises his or her rights in accordance with the GDPR, we will not charge any fees. However, a reasonable fee may be charged if your inquiry is demonstrably abusive improper or if you make a repeated inquiry without relevant justification.
We may need to collect information on you that will enable us to clearly identify you as a data subject. In doing so, we will endeavour not to complicate or even hinder your request. Rather, we want to make sure that none of your personal data falls into the hands of unauthorized persons.
8. Hyperlinks and Social Plugins
Our internet sites may contain hyperlinks (i.e., electronic cross-references) with which internet sites from other companies can be called up. This Data Privacy Statement does not apply to these linked internet sites belonging to other companies.
Furthermore, our web site contains hyperlinks directing to external social media (“social plugins”). The functions associated with such links, in particular the transmission of information and user data are not being activated by visiting our web site, but by clicking on the respective links. After choosing these links the plugins of the particular media are being activated and your browser connects to the servers of such social media providers. This Data Privacy Statement does not apply to these linked internet sites belonging to other companies. Purpose and extent of data processing through social media (“networks”) as well as the further processing and use of your data as well as your respective rights and setting possibilities for protection of your privacy please gather from the privacy notices of the respective network. The responsibility for data processing which starts by clicking the link, is solely with the respective social network.
Should you, during visiting our web site, click on a link of the social plugins, there might be a transmission of your user data to the corresponding social network and its processing through the network. This is the case, if you while visiting our web site, click on the link and are connected to your personal user account of the social network at the same time. In such cases, the information on your visit of our web site may be transmitted to the social network and stored accordingly. To prevent an assignment of your account of the respective network, you should log out prior clicking the link to the social media network.
9. Changes to this Privacy Notice
It may be necessary to adapt our Data Protection Statement to changing framework conditions of a factual and legal nature. The Data Privacy Statement published on our pages is kept up to date.
As of: May 2018