We, Hermes Europe GmbH (‘Hermes’), are highly committed to the protection of your privacy and your personal data. We therefore attach great importance to ensuring that your data are secure and that our data processing complies with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). Furthermore, we use technical and organisational measures to ensure that your data are optimally protected against unauthorised access by third parties.
This data protection information applies to the Hermes online services on hermesworld.com and all subdomains (hereinafter the ‘Hermes Website’).
The data controller in accordance with Article 4(7) GDPR is
Hermes Europe GmbH
- legally represented by the Managing Directors - Henning Udo Goldmann, Viviane Reichert-Brown and Kevin Kufs -
Essener Straße 89
D-22419 Hamburg
Telephone: +49 / 40 / 53755 – 0
Fax: +49 / 40 / 53754 – 870
zentrale@hermesworld.com
Personal information – the law also refers to personal data – is personal information that permits others to draw conclusions about your identity. This includes, for example, information such as name, address, telephone number or email address but also information about surfing behaviour, insofar as this information can be directly or indirectly assigned to you. The ‘data subject’ within the meaning of the General Data Protection Regulation (GDPR) is any natural person the personal or factual circumstances of whom the personal information reveals something about.
You can generally use the Hermes Website without disclosing your personal data. However, when you contact us via the Hermes Website, we collect and process your personal data to contact you.
Personal data are transferred to third parties only subject to compliance with the legal requirements. We only pass on the data of the users to third parties if this is necessary, for example, for billing purposes in order to fulfil contractual obligations.
If we use subcontractors for our online services, we have taken appropriate contractual precautions and corresponding technical and organisational measures against these companies.
When we use content or other resources from other providers (hereinafter jointly referred to as ‘third-party providers’) and their named registered office is in a third country, it must be assumed that data are transferred to the countries in which the third-party providers have their registered office. We transfer personal data to third countries only when an adequate level of data protection is ensured, or when user consent or other legal permission has been granted.
We have implemented suitable technical and organisational measures to protect your data from loss, modification or access by third parties. We continuously improve these safety measures in line with technical developments. Our website employs the industry-standard SSL (Secure Sockets Layer) encryption. This safeguards the confidentiality of your personal information in internet activities.
All our employees receive regular training on the subject of data protection and are instructed in the safe and trusting handling of customer data. All our employees are obliged to maintain confidentiality and have accordingly signed an obligation to maintain confidentiality and to comply with data protection as part of their employment contracts.
We collect and process your personal data based on the following legal bases of the General Data Protection Regulation (GDPR):
a.
Consent pursuant to Article 6(1)(a) GDPR. Consent is any statement of intent provided voluntarily and unambiguously by the data subject in a specific case in the form of a statement or other unambiguous confirming act that indicates to the data subject that they have consented to the processing of their personal data.
b.
Necessity for performing a contract or for implementing preparatory measures in accordance with Article 6(1)(b) GDPR. We require your data to prepare the conclusion of the contract with you or to comply with our contractual obligations to you .
c.
Data processing for compliance with a legal obligation pursuant to Article 6(1)(c) GDPR. This means that the processing of your data is required, for example, by law or in accordance with other provisions.
d.
Processing to safeguard legitimate interests in accordance with Article 6(1)(f) GDPR. This means that the processing is necessary to safeguard legitimate interests on our part or on the part of third parties, unless the interests or fundamental rights and freedoms on your part, which require the protection of personal data, prevail.
Your rights
With regard to your personal data, you have the following rights vis-à-vis Hermes:
Exercising your right of access
Processing purposes: The purpose of the data processing is to provide data information in accordance with Art. 15 GDPR and to exercise your rights as a data subject.
Type of data: The processing of your data will be in connection with the provision of postal services and Hermes services.
Legal basis :The legal basis for data processing is Art. 6(1) (c) GDPR.
Duration of storage: If you exercise your right of access and ask us for information, we will store your request for 3 years. Earlier deletion is not possible due to statutory retention periods.
Obligation to provide your personal data: You are not obliged to provide your personal data. It is not possible to provide data information without your personal data.
Right to lodge a complaint
You also have the right to lodge a complaint about our processing of your personal information with a data protection supervisory authority. The competent supervisory authority in relation to postal services shall be:
The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Straße 153, 53117 Bonn
https://www.bfdi.bund.de/EN/
The supervisory authority responsible for us is
the Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22, 20459 Hamburg
https://datenschutz-hamburg.de
The Hermes Group offers a wide range of logistical services. These services are provided by legally independent companies for the purposes of data protection law in Germany or Europe. If you would like information about data protection, please contact the data protection officer of the company concerned.
If you have any questions about the processing of your personal data and the exercise of your rights as a data subject, please contact:
datenschutz@hermesworld.com
When making your request, please make sure to provide us with your full contact details (first name, surname and address) so that we can uniquely identify you and respond promptly to your request.
Processing purposes
The purpose of the data processing is to ensure the functionality of the website. The data is also used to ensure the security of our information technology systems.
The IP address is also used for geolocation (IP geolocation). Because we want you to receive the information you are looking for on our websites – in the language that is probably most familiar to you. In order to ensure this, we process your IP address when you visit the webpage to direct you to the internet services of the respective Hermes national company that are suitable for you.
Type of data
Each time you access the Hermes Website, certain data of the accessing device are automatically collected by our web servers and temporarily stored. The following data are collected:
Legal basis
The legal basis in this connection is Article 6(1)(f) GDPR, section 25(2) No. 2 TDDDG. Our legitimate interest for data processing lies in ensuring the functionality of the website, in securing our systems and in making the language version that is probably most familiar to you available. Your interest in confidentiality is of subordinate importance in this regard. We are technically not able to provide the Website or to operate and save the Website without processing your personal data. Securing our website is also to your benefit.
Duration of storage
The data will be deleted as soon as they are no longer required to fulfil the purpose for which they were collected. The data will be deleted at the earliest after 7 days and at the latest after 32 days. However, they may be retained for a longer period.
Possibility of objection
The collection and processing of the data for the purposes mentioned in this section are absolutely necessary for the operation of the Hermes Website. Hence, there is no possibility of objection.
Further information
This website is operated by:
T-Systems Magdeburg
Am Schiens 10
39221 Biere
Germany
Processing of your personal data in third countries
In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, your personal data may be processed in the United States of America (USA).
Obligation to provide your personal data
You are not obliged to disclose any personal data. However, without the above-mentioned personal data, you will not be able to access this website.
Usercentrics is a consent management platform that uses technically necessary cookies. This is done by an entry in the local storage in your specific browser.
Processing purposes
This is a consent management service. The storage of the consent serves to comply with the legal obligations.
Type of data
This list contains the following (personal) data collected by or through the use of this service.
Legal basis
The legal basis for the storage of the data is Article 6(1)(c) in conjunction with Article 7(1) GDPR.
Duration of storage
The consent data (consent and revocation of consent) will be stored for three years. After the retention period has expired, the collected data will be erased.
Possibility of revocation, objection and erasure
The collection of data based on a legal obligation precludes the raising of an objection.
Further information
The processing company is:
Usercentrics GmbH
Sendlinger Str. 7
80331 Munich
Germany
For further information about the processed data, please see:
https://usercentrics.com/privacy-policy/
Processing of your personal data in third countries
In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, your personal data may be processed in the United States of America (USA). The European Commission has not issued a decision on adequacy for the USA. We have therefore secured the level of data protection with suitable guarantees within the meaning of Article 46 GDPR.
Obligation to provide your personal data
The provision of your personal data is necessary to fulfil a legal obligation.
Processing purposes
The purpose of data processing is to analyse the surfing behaviour of our users. The data are collected by a tracking pixel that is integrated in the Hermes Website (and the subpages) as well as by means of cookies set by Webtrekk.
We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to ensure the integrity of our website and to continuously improve its user-friendliness. The usage analysis is carried out in such a way that neither we nor the analytics service can identify individual users.
Type of data
When using the Hermes Website, the following data are collected and processed by our analytics service, Webtrekk GmbH:
Legal basis
The legal basis for the collection and processing of data is Article 6(1)(a) GDPR, provided that you consented to the use of cookies on the Hermes Website. In the absence of your consent, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest is to improve the user-friendliness of our website.
Duration of storage
The data will be deleted as soon as they are no longer needed for our analytical purposes. The session cookie with the session ID will be invalid and deleted after the end of the visit duration of the website. The permanent cookie with the long-term ID will become invalid and be deleted after 6 months. All data collected by the analytics service will be blocked after 14 months at the latest.
Possibility of revocation, objection and erasure
You can object to the usage analysis by Webtrekk at any time by clicking on the following button:
By clicking on the button above, you can open a window with the data protection settings. Uncheck the box for ‘Statistics and analysis’ to object to the usage analysis by Webtrekk.
Here you can also reactivate the usage analysis by Webtrekk and thus make a valuable contribution to the improvement of our website.
Further information
The data are collected by a tracking pixel that is integrated in the Hermes Website (and the subpages) as well as by means of cookies set by Mapp Intelligence (Webtrekk).
The data are processed by the following company:
Mapp Digital Germany GmbH
Dachauer Straße 63
80335 Munich
Germany
For further information about the processed data, please see:
https://mapp.com/privacy/
Processing of your personal data in third countries
In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, your personal data may be processed in the United States of America (USA). The European Commission has not issued a decision on adequacy for the USA. We have therefore secured the level of data protection with suitable guarantees within the meaning of Article 46 GDPR.
Obligation to provide your personal data
You are not obliged to provide your personal data. If tracking by Webtrekk is activated by the above-mentioned function, your personal data will be processed when you access this website.
By presenting our company on YouTube, we would like to offer you the opportunity to obtain information about our company's products and services through this channel. In addition, we use YouTube to carry out marketing measures.
The YouTube video platform is not operated by us, but by the respective service providers at their own responsibility. Given the platform, the product sovereignty and product design of YouTube lies with Google LLC. We have no influence on the data collected by YouTube and data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods.
The data are processed by the following company:
Google Ireland Limited
Google Building Gordon House
4 Barrow St, Dublin, D04 E5W5, Ireland
For more information, please see:
https://policies.google.com/privacy?hl=en&gl=en#infocollect
We would like to point out that we cannot exclude the processing of personal data in countries outside the European Union and the European Economic Area, in particular in the USA. This may be associated with the risk of impeded enforcement, which poses a risk to the individual user.
To allow for the practical sharing of content on the Twitter, Facebook, Google Plus, XING and/or WhatsApp social networks and messenger services, we use privacy-protected ‘Shariff’ buttons on the Hermes Website. This button only establishes a direct contact between you and the respective social network if you actively click on the button. As soon as you click on the button of the respective network, a pop-up window appears, which you can use to log in to the social network. After that, you can conveniently share the desired content.
No user tracking can be take place via the social media unless you interact with the button.
If you contact us via a contact form, by telephone, email or through an online, your personal data will be collected and stored.
Processing purposes
We use the collected data exclusively for the purpose of answering your request as well as for other purposes specified during the collection of the data. If this is necessary to answer your request, we will transmit the data to the Hermes company concerned (for example, data will be transmitted to Hermes Logistik GmbH & Co KG, based in Austria, if you would like information about Hermes services in Austria). If you contact us via a contact form, by telephone or email, your personal data will be collected and stored.
Type of data
The following data may be collected: Whether these data are collected depends on your request:
Legal basis
The legal basis for data processing is Article 6(1)(b) GDPR, if the contact aims at the conclusion of a contract. If there is no contractual relationship between you and Hermes, the legal basis in this regard is Article 6(1)(f) GDPR. The legitimate interest of Hermes in this case outweighs your legitimate interest. The reason for this is that it is not possible to process your request without processing your personal data. The use of the contact form or contacting is moreover voluntary.
Duration of storage
We delete the data collected in this context as soon as storage for the purpose of contact is no longer necessary or – in the case of statutory retention obligations – limit their processing.
Possibility of revocation, objection and erasure
If the contact was not made to initiate the conclusion of a contract, you have the right to object to the processing of your personal data at any time. In the event of an objection, the correspondence cannot be continued. All personal data collected in this context will be deleted in the event of a legitimate objection.
Obligation to provide your personal data
You are not obliged to disclose your personal data. The fields marked in the input mask are mandatory fields without which your request cannot be processed.
Our website and our Data Protection Information may contain links to external websites of third parties, the content of which is beyond our control. Thus, we cannot assume any liability for such third-party content.
The respective provider or operator of the website is always responsible for the contents of the linked pages. The external linked website was checked for possible violations of the law at the time of linking. At the time of linking, no illegal contents were evident. The permanent monitoring of the content of the linked website is not possible and unreasonable without concrete evidence of a violation of the law. If we become aware of a violation of the law, we will remove such links immediately.
Parts of the Data Protection Information may be changed or updated by us without prior notice to you. Please check the Data Protection Information before using our internet services to be aware of any recent changes or updates.
Current status of the Data Protection Information: April 2022