Privacy Notice

Privacy Notice THEA – The Alliance according to Art. 13 GDPR and selected privacy terms for particular countries

Four of the leading global shipping companies with the mission to realize your shipments worldwide, reliable, and fast – that is THE Alliance. These Privacy Terms govern the collection, processing, and use (hereinafter all together referred to as "processing") of personal data if such data relating to you is processed when using our website. Personal data may also be processed if you contact THE Alliance to receive information from us. Hapag-Lloyd AG is providing this website as member of THE Alliance and is based in the European Union. We adhere primarily to the rights of data subjects under the EU General Data Protection Regulation but will also follow stricter national laws and regulations as they apply to the data processing. When handling personal data, we act in strict compliance with the relevant legal data protection regulations and the following principles. Please note the sections for the countries that have a deviating regulation from the EU General Data Protection Regulation (GDPR). You will find the specific details in Section 9 with the sub-heading of the particular country name or name of the law; e.g. California. We may revise these Privacy Terms from time to time, so please check back regularly for updates and revisions.

1. Identity and contact details of the controller

Hapag-Lloyd AG
Ballindamm 25
20095 Hamburg
Germany

2. Contact details of the data protection officer

Hapag-Lloyd AG
Corporate Data Protection
Ballindamm 25
20095 Hamburg
Germany
E-mail: dataprotection@hlag.com

3. Collection and Processing of Personal Data

3.1. Collection and processing of personal data when visiting our website

When visiting and using our website we already collect personal data. You can find within this section more information about website specific processes and tools especially from external partners.

3.1.1. Hosting

Purpose/Information: When visiting and using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security. Used Cookies/Tools: Type A. More information can be found in the “Cookies/Tools” section.

3.1.2. Recipients

Deletion: The deletion of the log files takes place after 7 days. Legal basis: Art. 6 (1) f GDPR (legitimate interest)

3.1.3. Cookies

If you use our website, small text files will be used which are stored on your computer (so-called "cookies"). We use cookies to facilitate and to improve the use of our website. We distinguish between “necessary cookies” that are technically required to provide you with our online services, and other cookies that may either improve your user experience on our websites, or that may help Hapag-Lloyd to provide you with more personalized content and to understand your behavior, both on our website and on third-party websites, better. We use “necessary cookies” without your explicit informed consent (type A).
Through the information saved and returned, the respective website can recognize that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device.
This website uses the following types of cookies/tools, the scope and functionality of which are explained below:

  • Type A: Technical/Audience Measurement – to ensure that the demanded service can be provided including basic analysis. (No consent necessary acc. to ePrivacy Directive 2002/58 EC).

Please note that the tools listed in the following subsection might not be constantly in use.

3.1.4. Tools: Matomo

This site uses Matomo to analyse and regularly improve the usage of our website. It helps us to ensure that the website operates correctly especially by checking the functionalities of the website (e.g. to detect website navigation problems or to ensure enough server capacities). The statistics obtained also allow us to improve our website and make it more interesting for you as a user. Your IP-address will be automatically anonymised.

Recipients: Platform/hosting provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en.

Further recipients can be found in the general recipients section 4.

Deletion/withdrawal: Your IP-address will be anonymised immediately.

Legal basis: Art. 6 (f) (legitimate interest ensuring the website operation and statistical usage)

3.2. Collection and processing of personal data for contacting/communication/collaboration

Purpose/Information:

When communicating and/or collaboration with us, e.g. by email or via contact form on our website, data exchange platform, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence.

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request.

Recipients and sources:

  • THE Alliance members
  • Customer/Consumer service providers
  • Platform/hosting provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. More information on this topic is published here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en.

Further recipients can be found in the general recipients section 4.

Deletion /Objection: We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist, or periods of limitation must be observed.

You can object to these processes according to the requirements under section 7.

Legal basis:

  • Art. 6 (1) b GDPR (when processing in the context of a contract or a situation similar to a contract)
  • Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)
  • Art. 6 (1) f GDPR (when processing according to the legitimate interest described above)

4. Recipients / categories of recipients of the personal data (general information)

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies, as well as members of THE Alliance or to external service providers, contract processors in accordance with the purposes required. We also forward the data to the following recipients:

  • Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en.
  • IT support service providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en.
  • Authorities: In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies acc. to: Art. 6 (1) c GDPR (legal obligation).

Further information can be found within the recipients paragraph of each section.

5. Hyperlinks

The website may contain hyperlinks, which refer you to content provided on websites operated by THE Alliance partners or third parties. As Hapag-Lloyd is not legally responsible for the content and the data protection compliance of such websites, we kindly ask you to closely pay attention to the respective privacy terms of these websites.

6. Rights according to GDPR

According to the GDPR, the data subject has the following rights:

  • Access, Art. 15 GDPR
  • Rectification, Art. 16 GDPR
  • Erasure, Art. 17 GDPR
  • Restriction of processing, Art. 18 GDPR
  • Right to object, Art. 21 GDPR
  • Data portability, Art. 20 GDPR
  • Withdrawal of consent, Art. 7(3) GDPR

When we work on your above-mentioned right, we may ask you for proof of your identity. For more information on how we process your data, see 3 and following.

7. OBJECTION OR WITHDRAWAL OF YOUR CONSENT TO THE PROCESSING OF PERSONAL DATA

If you have given your consent (Art. 6 (1) a GDPR) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have given it to us.

If we base the processing of your personal data on the weighing of interests (Art. 6 (1) f GDPR), you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the description of the functions / services. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details for the controller.

8. Right to lodge a complaint with a supervisory authority

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

The competent authority of the Free and Hanseatic City of Hamburg is responsible, which can be contacted at:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Ludwig-Erhard-Str 22, 7.OG, 20459 Hamburg, Germany

Tel.: +49 (40) 4 28 54 - 40 40
E-Fax: +49 (40) 4 279 - 11811
E-Mail: mailbox@datenschutz.hamburg.de

9. Selective Privacy Terms of particular countries

As Hapag-Lloyd AG is based in the European Union, it adheres primarily to the rights of data subjects under the EU General Data Protection Regulation but will also follow stricter national laws and regulations as they apply to the data processing. When handling personal data, we act in strict compliance with the relevant legal data protection regulations and the following principles.

In the following, we list selective privacy terms of particular countries and the contact details of local Data Protection Officers. Please be aware that some jurisdictions may use a different terminology for the data protection function. Such nomenclature may include, inter alias: Data Information Officer; Information Officer, Information Security Officer, Privacy Officer, Grievance Officer etc.

9.1. Brazil

Hapag-Lloyd AG as a headquartered company in the European Union complies globally with the GDPR but in Brazil as well with the LGPD. We guarantee you all rights under GDPR as well as LGPD.

Non-discrimination:

You will never be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.

Right to withdraw consent:

You have always the right to withdraw your consent if the data processing based on your consent with immediate effect for the future. Upon receipt of your message, we will delete your data unless we are legally obliged or authorized to retain personal data relating to you. Please send your revocation notice to the address of our Data Protection Officer in Brazil.

For further information you can contact our

Data Protection Officer:

Data Protection Officer: Ms. Gizely Horsth
Email: intimacoes@hlag.com
Telephone: +55 11 3306-9000

Right to contact Data Protection Authority:

You have the right to complain about Hapag-Lloyd. You can find the contact to the responsible supervisory authority here:

ANPD – Autoridade Nacional de Proteção de Dados

ANPD’s webesite: ANPD — Português (Brasil) (www.gov.br)

9.2. California Privacy Policy (CCPA) California Residents

Hapag-Lloyd AG is headquartered in the European Union and complies globally with the EU General Data Protection Regulation as a minimum standard. Insofar, we invite you to carefully read all sections above in order to familiarize yourself with these minimum standards. You should particularly study the section on the rights of data subject as both regulations overlap in terms of these rights.

You may contact us either using the dedicated mail address and/or phone number:

Toll Free number: 1-833-Privacy (833-774-9229)
E-Mail: RNAPRIVACY@hlag.com

or you may contact us either using the contact information mentioned in section 2 or via our offices based in California:

HAPAG-LLOYD (AMERICA) LLC
555 EAST OCEAN BLVD
SUITE 300
LONG BEACH, CA 90802
USA
Phone +1 888 513-2180

HAPAG-LLOYD (AMERICA) LLC
180 GRAND AVENUE, SUITE 1535
OAKLAND, CA 94612
USA
Phone +1 510 286 1940

Specifically for the data access request, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you our services.
  • Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of our services.
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.

The CCPA is very specific about the “sale” of person identifiable information. In our industry this is a particularly difficult aspect of data processing, and it is connected to the international transfer of person identifiable information. If we ship cargo, we must process person identifiable information in order to provide you with our service. As such, we may have to share such information with third parties, e.g., consignees, public authorities, or other partners in the logistics supply chain.

These third parties may use such information for their own, legitimate business purposes, and Hapag-Lloyd may not be in the position that we can control the use of such person identifiable information through a third party.

As stated before, we do not intend to discriminate anybody based on the CCPA, but please bear in mind that we may not be permitted, for regulatory reasons, to provide you with our service if you partly or fully object to the processing of person identifiable information relating to you.

Please also consider that personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994, is not subject to the CCPA.

We value and honor your right to privacy, and we will always carefully assess how we can protect your personal information to the highest attainable standards.

9.3. South Africa

Hapag-Lloyd AG is headquartered in the European Union and complies globally with the EU General Data Protection Regulation (GDPR) as a minimum standard. Insofar, we invite you to carefully read all sections above in order to familiarize yourself with these minimum standards. You should particularly study this section as it relates to the Hapag-Lloyd entities based in South Africa (“Hapag-Lloyd SA”) to which the Protection of Personal Information Act 4 of 2013 (“POPIA”) applies:

  • Personal data that is protected in South Africa includes the personal information of existing legal (juristic) persons such as companies, where applicable.
  • Any reference to personal data in the privacy terms shall have the same meaning as “personal information” defined under POPIA.

For further information please contact our Information Officer in South Africa

Further countries please check the local pages:

Pixel