Data Protection Information

We, Hermes Europe GmbH (‘Hermes’), are highly committed to the protection of your privacy and your personal data. We therefore attach great importance to ensuring that your data are secure and that our data processing complies with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). Furthermore, we use technical and organisational measures to ensure that your data are optimally protected against unauthorised access by third parties.

This data protection information applies to the Hermes online services on hermesworld.com and all subdomains (hereinafter the ‘Hermes Website’).

1 General information

1.1 Data controller

The data controller in accordance with Article 4(7) GDPR is

Hermes Europe GmbH

- legally represented by the Managing Directors - Stephan Schiller, Henning Udo Goldmann, Viviane Reichert-Brown, and Kevin Kufs -

Essener Straße 89
D-22419 Hamburg
Telephone: +49 / 40 / 53755 – 0
Fax: +49 / 40 / 53754 – 870
zentrale@hermesworld.com

1.2 Personal information

Personal information – the law also refers to personal data – is personal information that permits others to draw conclusions about your identity. This includes, for example, information such as name, address, telephone number or email address but also information about surfing behaviour, insofar as this information can be directly or indirectly assigned to you. The ‘data subject’ within the meaning of the General Data Protection Regulation (GDPR) is any natural person the personal or factual circumstances of whom the personal information reveals something about.

You can generally use the Hermes Website without disclosing your personal data. However, when you contact us via the Hermes Website, we collect and process your personal data to contact you.

1.3 Data transfer to third parties, subcontractors and third-party providers

Personal data are transferred to third parties only subject to compliance with the legal requirements. We only pass on the data of the users to third parties if this is necessary, for example, for billing purposes in order to fulfil contractual obligations.

If we use subcontractors for our online services, we have taken appropriate contractual precautions and corresponding technical and organisational measures against these companies.

When we use content or other resources from other providers (hereinafter jointly referred to as ‘third-party providers’) and their named registered office is in a third country, it must be assumed that data are transferred to the countries in which the third-party providers have their registered office. We transfer personal data to third countries only when an adequate level of data protection is ensured, or when user consent or other legal permission has been granted.

1.4. Data security

We have implemented suitable technical and organisational measures to protect your data from loss, modification or access by third parties. We continuously improve these safety measures in line with technical developments. Our website employs the industry-standard SSL (Secure Sockets Layer) encryption. This safeguards the confidentiality of your personal information in internet activities.

All our employees receive regular training on the subject of data protection and are instructed in the safe and trusting handling of customer data. All our employees are obliged to maintain confidentiality and have accordingly signed an obligation to maintain confidentiality and to comply with data protection as part of their employment contracts.

1.5 Legal bases

We collect and process your personal data based on the following legal bases of the General Data Protection Regulation (GDPR):

a.
Consent pursuant to Article 6(1)(a) GDPR. Consent is any statement of intent provided voluntarily and unambiguously by the data subject in a specific case in the form of a statement or other unambiguous confirming act that indicates to the data subject that they have consented to the processing of their personal data.

b.
Necessity for performing a contract or for implementing preparatory measures in accordance with Article 6(1)(b) GDPR. We require your data to prepare the conclusion of the contract with you or to comply with our contractual obligations to you .

c.
Data processing for compliance with a legal obligation pursuant to Article 6(1)(c) GDPR. This means that the processing of your data is required, for example, by law or in accordance with other provisions.

d.
Processing to safeguard legitimate interests in accordance with Article 6(1)(f) GDPR. This means that the processing is necessary to safeguard legitimate interests on our part or on the part of third parties, unless the interests or fundamental rights and freedoms on your part, which require the protection of personal data, prevail.

1.6 Your privacy rights

Your rights

With regard to your personal data, you have the following rights vis-à-vis Hermes:

  • Right to information
  • Right to correction
    If your personal data have been incorrectly collected, you can have them corrected at any time.
  • Right to erasure
    If you wish to have your personal data erased, we may be obliged to store these data for a certain period of time due to statutory retention obligations, for example for tax or accounting purposes. In this case, we will delete the data immediately after expiry of the storage period.
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to revocation
    Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to the revocation.

Right to lodge a complaint

You also have the right to lodge a complaint about our processing of your personal information with a data protection supervisory authority. The competent supervisory authority in relation to postal services shall be:

The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Straße 153, 53117 Bonn

The supervisory authority responsible for us is

the Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22, 20459 Hamburg

1.7 Contact persons

The Hermes Group offers a wide range of logistical services. These services are provided by legally independent companies for the purposes of data protection law in Germany or Europe. If you would like information about data protection, please contact the data protection officer of the company concerned.

If you have any questions about the processing of your personal data and the exercise of your rights as a data subject, please contact:

datenschutz@hermesworld.com

When making your request, please make sure to provide us with your full contact details (first name, surname and address) so that we can uniquely identify you and respond promptly to your request.

2 Processing as part of the use of website functions

2.1 Storage of data in a log file and geolocation

Processing purposes

The purpose of the data processing is to ensure the functionality of the website. The data is also used to ensure the security of our information technology systems.

The IP address is also used for geolocation (IP geolocation). Because we want you to receive the information you are looking for on our websites – in the language that is probably most familiar to you. In order to ensure this, we process your IP address when you visit the webpage to direct you to the internet services of the respective Hermes national company that are suitable for you.

Type of data

Each time you access the Hermes Website, certain data of the accessing device are automatically collected by our web servers and temporarily stored. The following data are collected:

  • the IP address of the accessing device
  • technical request
  • device type
  • type of browser and operating system
  • date and time of visit (timestamp)
  • accessed website (URL)
  • session ID

Legal basis

The legal basis in this connection is Article 6(1)(f) GDPR, section 25(2) No. 2 of the Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG). Our legitimate interest for data processing lies in ensuring the functionality of the website, in securing our systems and in making the language version that is probably most familiar to you available. Your interest in confidentiality is of subordinate importance in this regard. We are technically not able to provide the Website or to operate and save the Website without processing your personal data. Securing our website is also to your benefit.

Duration of storage

The data will be deleted as soon as they are no longer required to fulfil the purpose for which they were collected. The data will be deleted at the earliest after 7 days and at the latest after 32 days. However, they may be retained for a longer period.

Possibility of objection

The collection and processing of the data for the purposes mentioned in this section are absolutely necessary for the operation of the Hermes Website. Hence, there is no possibility of objection.

Further information

This website is operated by:

T-Systems Magdeburg
Am Schiens 10
39221 Biere
Germany

Processing of your personal data in third countries

In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, your personal data may be processed in the United States of America (USA).

Obligation to provide your personal data

You are not obliged to disclose any personal data. However, without the above-mentioned personal data, you will not be able to access this website.

3 Use of cookies and other technologies

The Hermes Website uses cookies. Cookies are small text files that are stored in or by the internet browser on a user's device. Cookies regularly contain a distinctive character string that enables unique identification of the browser or device when the website is accessed again.

Different types of cookies are used on this website. We have to distinguish between:

temporary session cookies that are as a rule deleted when you close your internet browser;

permanent cookies that are stored on your device for a longer period of time and contain certain settings, such as the language selected by you for the use of the Hermes Website;

own cookies (first-party cookies) that are stored by the Hermes Website on your device;

cookies from other internet services authorised and used on this Hermes Website (third-party cookies), which are stored by them on your device.

The cookies used by the Hermes website (first-party cookies) include temporary session cookies and permanent cookies. The website stores information in the permanent cookies to save any personal user settings and to improve the user experience during your next visit (e.g. the selected language settings). In the temporary session cookies, the website stores technical information that is necessary for the functioning of the website. The storage period of these cookies depends on the deadlines specified in this section.

Services offered by third parties are also used on this website to evaluate user behaviour or to provide internet services. The service providers may use cookies (third-party cookies), tracking pixels or comparable analytics technologies. For more information about the internet and analytics technologies used here, please see the sections below.

In general, you can set your web browser so as to prevent the storage of cookies or the execution of analytics technologies. However, some features of this website may then no longer be available. As a compromise, you can also set your browser to notify you as soon as a cookie or a similar analytics technology is used. In addition, all cookies can be deleted manually at any time.

3.1 Usercentrics

Usercentrics is a consent management platform that uses technically necessary cookies. This is done by an entry in the local storage in your specific browser.

Processing purposes

This is a consent management service. The storage of the consent serves to comply with the legal obligations.

Type of data

This list contains the following (personal) data collected by or through the use of this service.

  • Opt-in and opt-out data
  • Referrer URL
  • User agent
  • User settings
  • Consent ID
  • Time of consent
  • Type of consent
  • Template version
  • Banner language

Legal basis

The legal basis for the storage of the data is Article 6(1)(c) in conjunction with Article 7(1) GDPR.

Duration of storage

The consent data (consent and revocation of consent) will be stored for three years. After the retention period has expired, the collected data will be erased.

Possibility of revocation, objection and erasure

The collection of data based on a legal obligation precludes the raising of an objection.

Further information

The processing company is:

Usercentrics GmbH
Sendlinger Str. 7
80331 Munich
Germany

For further information about the processed data, please see:
https://usercentrics.com/privacy-policy/

Processing of your personal data in third countries

In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, your personal data may be processed in the United States of America (USA). The European Commission has not issued a decision on adequacy for the USA. We have therefore secured the level of data protection with suitable guarantees within the meaning of Article 46 GDPR.

Obligation to provide your personal data

The provision of your personal data is necessary to fulfil a legal obligation.

3.2 User analysis (Webtrekk)

Processing purposes

The purpose of data processing is to analyse the surfing behaviour of our users. The data are collected by a tracking pixel that is integrated in the Hermes Website (and the subpages) as well as by means of cookies set by Webtrekk.

We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to ensure the integrity of our website and to continuously improve its user-friendliness. The usage analysis is carried out in such a way that neither we nor the analytics service can identify individual users.

Type of data

When using the Hermes Website, the following data are collected and processed by our analytics service, Webtrekk GmbH:

  • technical device data (device type, operating system version, browser type, screen resolution, colour depth, Javascript on/off, etc.);
  • anonymised IP address;
  • the website from which the respective user visits us (referrer URL);
  • visited subpages on the Hermes website (clicks made by the user);
  • randomly generated session ID by setting a session cookie;
  • randomly generated long-term ID by setting a permanent cookie;
  • the date, time and duration of the visit;
  • geolocation (country, region, city).

Legal basis

The legal basis for the collection and processing of data is Article 6(1)(a) GDPR, provided that you consented to the use of cookies on the Hermes Website. In the absence of your consent, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest is to improve the user-friendliness of our website.

Duration of storage

The data will be deleted as soon as they are no longer needed for our analytical purposes. The session cookie with the session ID will be invalid and deleted after the end of the visit duration of the website. The permanent cookie with the long-term ID will become invalid and be deleted after 6 months. All data collected by the analytics service will be blocked after 14 months at the latest.

Possibility of revocation, objection and erasure

You can object to the usage analysis by Webtrekk at any time by clicking on the following button:

WebtrekkOptOut

By clicking on the button above, you can open a window with the data protection settings. Uncheck the box for ‘Statistics and analysis’ to object to the usage analysis by Webtrekk.

Here you can also reactivate the usage analysis by Webtrekk and thus make a valuable contribution to the improvement of our website.

Further information

The data are collected by a tracking pixel that is integrated in the Hermes Website (and the subpages) as well as by means of cookies set by Mapp Intelligence (Webtrekk).

The data are processed by the following company:

Mapp Digital Germany GmbH
Dachauer Straße 63
80335 Munich
Germany

For further information about the processed data, please see:
https://mapp.com/privacy/

Processing of your personal data in third countries

In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, your personal data may be processed in the United States of America (USA). The European Commission has not issued a decision on adequacy for the USA. We have therefore secured the level of data protection with suitable guarantees within the meaning of Article 46 GDPR.

Obligation to provide your personal data

You are not obliged to provide your personal data. If tracking by Webtrekk is activated by the above-mentioned function, your personal data will be processed when you access this website.

3.3 YouTube

By presenting our company on YouTube, we would like to offer you the opportunity to obtain information about our company's products and services through this channel. In addition, we use YouTube to carry out marketing measures.

The YouTube video platform is not operated by us, but by the respective service providers at their own responsibility. Given the platform, the product sovereignty and product design of YouTube lies with Google LLC. We have no influence on the data collected by YouTube and data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods.

The data are processed by the following company:

Google Ireland Limited
Google Building Gordon House
4 Barrow St, Dublin, D04 E5W5, Ireland

For more information, please see:
https://policies.google.com/privacy?hl=en&gl=en#infocollect

We would like to point out that we cannot exclude the processing of personal data in countries outside the European Union and the European Economic Area, in particular in the USA. This may be associated with the risk of impeded enforcement, which poses a risk to the individual user.

4 Use of ‘Shariff’ buttons

To allow for the practical sharing of content on the Twitter, Facebook, Google Plus, XING and/or WhatsApp social networks and messenger services, we use privacy-protected ‘Shariff’ buttons on the Hermes Website. This button only establishes a direct contact between you and the respective social network if you actively click on the button. As soon as you click on the button of the respective network, a pop-up window appears, which you can use to log in to the social network. After that, you can conveniently share the desired content.

No user tracking can be take place via the social media unless you interact with the button.

5 Contact

If you contact us via a contact form, by telephone, email or through an online, your personal data will be collected and stored.

Processing purposes

We use the collected data exclusively for the purpose of answering your request as well as for other purposes specified during the collection of the data. If this is necessary to answer your request, we will transmit the data to the Hermes company concerned (for example, data will be transmitted to Hermes Logistik GmbH & Co KG, based in Austria, if you would like information about Hermes services in Austria). If you contact us via a contact form, by telephone or email, your personal data will be collected and stored.

Type of data

The following data may be collected: Whether these data are collected depends on your request:

  • First name
  • Name
  • Company name
  • Address
  • Phone number
  • Email address
  • Etc.

Legal basis

The legal basis for data processing is Article 6(1)(b) GDPR, if the contact aims at the conclusion of a contract. If there is no contractual relationship between you and Hermes, the legal basis in this regard is Article 6(1)(f) GDPR. The legitimate interest of Hermes in this case outweighs your legitimate interest. The reason for this is that it is not possible to process your request without processing your personal data. The use of the contact form or contacting is moreover voluntary.

Duration of storage

We delete the data collected in this context as soon as storage for the purpose of contact is no longer necessary or – in the case of statutory retention obligations – limit their processing.

Possibility of revocation, objection and erasure

If the contact was not made to initiate the conclusion of a contract, you have the right to object to the processing of your personal data at any time. In the event of an objection, the correspondence cannot be continued. All personal data collected in this context will be deleted in the event of a legitimate objection.

Obligation to provide your personal data

You are not obliged to disclose your personal data. The fields marked in the input mask are mandatory fields without which your request cannot be processed.

6. Liability and currency

6.1 Liability for links

Our website and our Data Protection Information may contain links to external websites of third parties, the content of which is beyond our control. Thus, we cannot assume any liability for such third-party content.

The respective provider or operator of the website is always responsible for the contents of the linked pages. The external linked website was checked for possible violations of the law at the time of linking. At the time of linking, no illegal contents were evident. The permanent monitoring of the content of the linked website is not possible and unreasonable without concrete evidence of a violation of the law. If we become aware of a violation of the law, we will remove such links immediately.

6.2. Updating and modification

Parts of the Data Protection Information may be changed or updated by us without prior notice to you. Please check the Data Protection Information before using our internet services to be aware of any recent changes or updates.

Current status of the Data Protection Information: April 2022