State: 13 May 2020
Schiffahrtskontor tom Wörden GmbH & Co. KG regards informational self-determination and the protection of personal data as a fundamental asset. We feel committed to process your personal data in a transparent manner and in compliance with the applicable data protection regulations. This Privacy Statement is to inform you in accordance with Art. 13 of the General Data Protection Regulation (EU) about our processing of your data and your rights.
1. “Data controller as defined in Art. 4 (7) GDPR
Schiffahrtskontor tom Wörden GmbH & Co. KG
For any additional information, reference is made to the imprint page www.tomwoerden.com/en/imprint/.
2. Kind of personal data
We process the following categories of personal data:
- master data (e.g. title, names, addresses, date of birth, place of birth, functions/profession, organisational affiliation);
- contact data (e.g. email address, phone and facsimile numbers);
- content data (e.g. text inputs, image files);
- usage data (e.g. access data, accessed websites);
- meta/communication data (e.g. IP addresses, names of the Internet service provider (ISP), website from which you are visiting us (so-called referrer URL), search terms entered by you, operating system, browser software);
- contract data (e.g. contractual relationship, customer history);
- accounting data (e.g. bank details, payment dates, fiscal data).
If you are employed by us, we furthermore process the following personal data:
- data for human resources management (e.g. marital status, nationality, denomination, wage/salary, tax class, allowable deductions, health insurance scheme, pension insurance number, school certificates and job references, time management data, work performance data, performance appraisal) as well as
- in case of nautical staff in addition: health data.
3. Purposes and legal bases for data processing activities
We process personal data
(i) if and to the extent that you have given your consent thereto (Art. 6 (1) sentence 1 letter a GDPR);
(ii) necessary for fulfilling a contract to which you are a party or for carrying out precontractual measures taken upon your request (Art. 6 (1) sentence 1 letter b GDPR); this purpose particularly includes processing activities enabling us
- to communicate with you and to answer your questions;
- to conclude a contract with you or to fulfil an already existing contract; and/or
- to provide you with the agreed services, i.e. particularly to comply with our duties arising from the contracts agreed upon with you;
(iii) in order to be able to comply with our legal obligations (Art. 6 (1) sentence 1 letter c GDPR); such obligations particularly include
- the identity verification;
- the prevention of money laundering and/or
- the compliance with monitoring and reporting rights in terms of taw law;
(iv) to the extent that such processing activities are necessary for protecting our legitimate interests or those of third parties, except where such interests are overridden by your interests or your fundamental rights and freedoms when balancing the various interests (Art. 6 (1) sentence 1 letter f GDPR); particularly for
- asserting legal claims and defend ourselves in case of legal disputes;
- warranting IT and data safety as well as the sound operation of our IT system;
- providing you with our website in a sound and safe manner;
- preparing and analysing statistical data relevant for our company;
- maintaining and expanding the list of our business contacts, and
- providing you with information on new developments in your and our business sector and with invitations to special events.
Our interest in the specific processing activities can be derived from the respective purposes and is furthermore based on economic interests (including the efficient fulfilment of tasks and avoidance of legal risks). To the extent permitted by the specific purpose, data processing is carried out pseudonymously or anonymously.
4. Recipients or categories of recipients of personal data
Within the framework of the purposes indicated in clause 3, it may become necessary to forward personal data to or have them processed by third parties. In this context, we will of course comply with statutory provisions. Depending on necessities, recipients of data particularly include the following persons and/or entities at home and abroad:
- IT service provider, including web hosting and web analysis providers;
- ship brokers and ship agents;
- ship managements;
- credit institutions;
- shipping underwriters and insurance brokers;
- attorneys at law and notaries;
- public authorities and institutions;
- tax consultants, auditors and financial authorities, and
- suppliers, service providers and contract partners.
5. Transfer of personal data to third countries or international organisations
Within the framework of the purposes indicated in clause 3, it may become necessary to forward personal data to and process them in a third country or an international organisation. In this context, too, we will of course comply with statutory provisions. Third countries are states outside the European Community and outside the European Economic Area. A transfer is in any case subject to the existence of an adequate protection level in the respective third country, to your explicit consent or the necessity of the transfer for concluding or fulfilling a contract (further exceptions: compare Art. 49 GDPR).
Cookies consist of text information stored by your browser on your terminal with the aim to optimise our website, the user experience and our offers. Personal data are either retained for the duration of your visit of our website only or permanently, i.e. also after you have closed your browser and until you delete such cookies. Even if we process personal data by means of cookies, the principles included in this Privacy Statement continue to apply. Processing activities are either carried out on the basis of your consent or due to a legitimate interest in economic and user-friendly services.
As a rule, you may also use our offers without cookies. In this case, however, individual functions may be impaired. Most browsers are configured in a way that cookies are automatically accepted. But the majority of browsers makes it possible to deactivate the storage of cookies and to configure the browser in a way that any storage of cookies is subject to your confirmation. In addition, most browsers also offer the possibility to delete cookies.
7. Additional information on transparent personal data processing
(a) Period of data retention
Personal data are retained by us for different time periods, depending on the type of data.
The data automatically transmitted to us upon your access to our website are saved in our log files and will be automatically deleted after 30 days.
In the event that we maintain a business relationship to you, we retain the personal data for the duration of such business relationship. Furthermore, data are deleted when their retention is no longer necessary.
In addition, we are bound to several retention and documentation duties which are, inter alia, set forth in the HGB [German Commercial Code], the AO [German Fiscal Code] and the GWG [German Money Laundering Act]. The periods set forth there for retention and/or documentation amount to up to ten years. In the end, the retention period also depends upon statutory limitation periods which as a rule amount to three years but may, in certain cases, last even longer.
(b) Your rights with respect to your personal data
In connection with our processing of your personal data, statutory regulations provide you with the following rights:
Right of access (Art. 15 GDPR)
You have the right to obtain a confirmation as to whether or not personal data relating to you are being processed by us. Where this is the case, you are entitled to access the personal data as well as additional information. Apart from that, you have the right to obtain a copy of the data.
Right to rectification (Art. 16 GDPR)
You have the right to request the immediate rectification of your personal data if they fail to be correct. As a rule, you are also entitled to have incomplete personal data completed.
Right to erasure (Art. 17 GDPR)
You have the right to request the immediate erasure of your personal data, unless their processing is necessary for executing the right of freedom of expression and information, for complying with a legal obligation, for reasons of public interest or for asserting, executing or defending legal claims.
Right to restriction of processing(Art. 18 GDPR)
You have the right to request a restriction of the processing of your personal data if a) you contest their accuracy; b) the processing is unlawful and you request the restriction of their use instead of the erasure of the personal data; c) we are no longer in need of the data, but you need them for asserting, executing or defending legal claims, or d) you have objected their processing.
Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data you have submitted to us in a structured, commonly used and machine-readable format or to request us to transmit such data to another data controller.
Right to object
If your personal data are processed for protecting legitimate interests pursuant to Art. 6 (1) letter f GDPR, you are at any time entitled to file an objection against the processing of your personal data if this request is supported by reasons which relate to your particular situation.
If your personal data are processed by us for direct marketing purposes, you are at any time entitled to file an objection against the processing of your personal data for such advertising purposes.
For exercising your right to object, an email to our aforementioned email address by indicating your name and address will be sufficient in each case.
Right of revocation (Art. 7 GDPR)
If you have given your consent to a processing of your personal data, you may revoke this consent for the future at any time. The lawfulness of the processing carried out until such revocation shall remain unaffected.
For executing your right of revocation, an email to our aforementioned email address by indicating your name and address will be sufficient in each case.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you believe that the processing of your personal data infringes data protection law, we kindly ask you to contact us as a first step. We will be ready to solve your concerns to your satisfaction.
Irrespective thereof, you are at any time entitled to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority competent for your habitual residence, for your place of work or for our registered office. The supervisory authority for our registered office is: Landesbeauftragte für den Datenschutz Niedersachsen, Postfach 221, 30002 Hannover.
(c) Consequences when failing to submit your personal data
If the submission of personal data is necessary for us in order to be able to offer you our services or to perform a contract with you or if such submission is obligatory, we will give you a notice to this effect. In the event that we ask you to complete your personal data and you fail to come up to our request, such failure may affect the volume of our services offered to you or our communication with you.
Art. 4 GDPR defines numerous terms used in data protection law and such terms are also used in this Privacy Statement, such as particularly “personal data”, “processing”, “data controller”, “recipient”, “third party”, “consent”. According to such definitions, “personal data” are all information relating to an identified or identifiable natural person. A natural person is deemed to be identifiable if such person may be identified either directly or indirectly, especially by allocating this person to an identifier such as a name or an identification number or to site data, to online identification data or to one or more special features specific to such natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.