Data Protection Statement
I. Name and Address of the Controller and the Competent Supervisory Authority
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
SCC Container Carrier Spedition GmbH & Co. KG
Albert Bote Str. 14
28197 Bremen, Germany
Tel.: +49 (421) 520 53 -0
Fax: +49 (421) 520 53 -80
Online: www.scc-bremen.com and www.scc-rotterdam.com
The supervisory authority responsible is:
The State Commissioner for Data Protection and Freedom of Information of the Free Hanseatic City of Bremen
27570 Bremerhaven, Germany
Tel.: +49 (471) 596 2010 or +49 (421) 361 2010
Fax: +49 (421) 496 18495
II. Name and Address of the Data Protection Officer
The data protection officer for the controller is:
28195 Bremen, Germany
Tel.: +49 (421) 3378413
Our data protection statement should be easy to read and understand. For this reason, the terms used in this statement are explained here.
In our data protection statement, we use the following terms, among others, on our website:
- Personal data
"Personal data" means any information relating to an identified or identifiable natural person (hereafter referred to as the "data subject"). An identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data subject
The "data subject" is any identified or identifiable natural person whose personal data is processed by the controller.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- Controller or the controller responsible for processing
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of processing are determined by European Union law or member state law, the controller or the specific criteria for nomination may be provided for by European Union or member state law.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or member state law shall not be regarded as recipients.
"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
IV. General Information About Data Processing
1. Scope of the processing of personal data
In principle, we collect and use personal data of our users only to the extent necessary to provide a functioning website including our content and services. The collection and use of our users' personal data takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained on factual grounds and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
In so far as we obtain the consent of the data subject for the processing of personal data, Art. 6, para. 1, lit. (a) EU General Data Protection Regulation (hereafter “GDPR”) will serve as the legal basis for the processing of personal data.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6, para. 1, lit. (b) GDPR will serve as a legal basis. This also applies to processing required prior to entering into a contract.
In so far as processing is necessary for compliance with a legal obligation to which our company is subject, Art. 6, para. 1, lit. (c) GDPR will serve as a legal basis.
If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6, para. 1, lit. (d) GDPR will serve as a legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6, para. 1, lit. (f) GDPR will serve as a legal basis for processing.
3. Data erasure and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the standards above expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
V. Provision of the Website and Creation of Log Files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
(1) The IP address of the user
(2) Information about the browser type and version used
(3) The operating system of the user
(4) The Internet service provider of the user
(5) Websites visited (domain and URI)
(6) Date and time of access
(7) Return status and number of bytes of the response
(8) Websites from which the user's system reaches our website
The data is also stored in the log files of our system. This does not affect other data that enables the data to be assigned to a user. This data is not stored together with other personal data from the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data is covered by Art. 6, para. 1, lit. (f) GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the IP address of the user must remain stored for the duration of the session. For these purposes, our legitimate interest in the processing of data is covered by Art. 6, para. 1, lit. (f) GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this will be at the end of the respective session. Entries in the log files are deleted after 30 days.
5. Possibility of objection and elimination
The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
- Description and scope of data processing
Some elements of our website require that the calling browser can be identified even after a page change. The cookies we use are known as session cookies and they contain only a unique session ID.
- Legal basis for data processing
The legal basis for the processing of personal data using cookies is covered by Art. 6, para.1, lit. (f) GDPR.
- Purpose of data processing
- Duration of storage; possibility of objection and elimination
Session cookies are automatically deleted at the end of the session.
VII. Mail Contact
1. Description and scope of data processing
It is possible to contact us via the e-mail addresses provided. You can also apply for a job in this way. In such a case, the user's personal data transmitted by e-mail will be stored, but no data is disclosed to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6, para 1, lit. (f) GDPR. If the purpose of the e-mail contact is to conclude a contract, then the additional legal basis for processing is covered by Art. 6, para 1, lit. (b) GDPR.
3. Purpose of data processing
The processing of personal data is solely for the purposes of establishing contact.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data transmitted by e-mail, this happens when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts of the matter have been finally clarified.
If an employment contract is concluded with an applicant, the data transmitted will be processed for the purpose of handling the employment relationship in compliance with statutory regulations. Otherwise, the application documents will be deleted automatically six months after notification of the rejection decision, provided there are no other legitimate conflicting interests. A legitimate interest in this sense would be, for example, a burden of proof in proceedings under the General Equality Act (AGG).
VIII. Rights of the Data Subject
If personal data is processed by you, you are affected within the meaning of GDPR and you have the following rights vis-à-vis the controller:
1. Right to information
You can ask the controller to confirm whether personal data concerning you will be processed by us. If such processing takes place, you can request the following information from the controller:
(1) the purposes for which the personal data is being processed;
(2) the categories of the personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to have personal data concerning you corrected or deleted, a right to have processing restricted by the controller, or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data has not been collected from the data subject;
(8) the existence of automated decision-making, including profiling in accordance with Art. 22, para. 1 and 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is being transferred to a third country or an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.
2. Right to rectification
You have a right of rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must rectify the matter without delay.
3. Right to restrict processing
Under the following conditions, you may request that the processing of personal data concerning you is restricted:
(1) you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
(2) the processing is unlawful, and you refuse the deletion of the personal data and instead demand the restriction of the use of your personal data;
(3) the controller no longer requires the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims; or
(4) you have objected to the processing pursuant to Art. 21 para 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your objections.
If the processing of personal data concerning you has been restricted, such data may only be processed - other than being stored - with your consent or for the purpose of asserting, exercising, or defending rights or protecting the rights of another natural or legal person, or on grounds of an important public interest on the part of the European Union or a member state.
If the processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to deletion
a) Obligation to delete
You may request the controller to delete the personal data relating to you without delay, and the controller is obliged to delete this data without delay if one of the following reasons applies:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent on which the processing was based pursuant to Art. 6, para. 1 lit. (a) or Art. 9, para. 2, lit. (a) GDPR and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to Art. 21, para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21, para. 2 GDPR.
(4) The personal data concerning you has been processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under European Union law or the law of the member state to which the controller is subject.
(6) The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8, para. 1 GDPR.
- b) Information to third parties
If the controller has made your personal data public and is obliged to delete it pursuant to Art. 17, para. 1 GDPR, he/she shall take appropriate measures including technical measures, taking into account the available technology and the implementation costs, to inform data processors who handle the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
- c) Exceptions
The right to deletion does not exist if the processing is necessary:
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation required by European Union law or that of the member state to which the controller is subject, or to carry out a task which is in the public interest, or in the exercise of official authority conferred on the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2, lit. (h) and (i), and Art. 9, para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89, para. 1 GDPR, in so far as the law referred to under a) above is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.
5. Right to information
If you have exercised your right to have the controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of data or restriction on processing, unless this proves impossible or involves disproportionate expenditure.
The controller is obliged to disclose these recipients to you.
6. Right to data transferability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, established, and machine-readable format. In addition, you have the right to pass this data on to another controller without obstruction by the controller to whom the personal data was provided, on condition that:
(1) processing is based on consent pursuant to Art. 6, para. 1, lit. (a) GDPR or Art. 9, para. 2, lit. (a) GDPR, or on a contract pursuant to Art. 6, para. 1, lit. (b) GDPR, and
(2) processing is carried out using automated methods.
In exercising this right, you also have the right to request that the personal data concerning you is transferred directly from one controller to another controller, in so far as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or the exercise of an official authority conferred on the controller.
7. Right of objection
You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation in accordance with Art. 6, para. 1, lit. (e) or (f) GDPR; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless he/she can provide compelling reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of such personal data concerning you for the purposes of advertising; this also applies to profiling in so far as it relates to such direct advertising.
If you object to the processing for direct marketing purposes, personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent shall not affect the legality of the processing carried out based on the consent given up to the point of revocation.
9. Automated decisions in individual cases, including profiling
You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect on you or similarly impairs you in a significant way.
This does not apply if the decision:
(1) is necessary for the fulfilment of a contract between you and the controller;
(2) is admissible by European Union law or that of the member state to which the controller is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
(3) takes place with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9, para. 1 GDPR unless Art. 9, para. 2, lit. (a) or (g) applies and appropriate measures have been taken to protect your rights, freedoms and legitimate interests.
In the cases referred to in (1) and (3) above, the controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right of the controller to obtain the intervention of a person to state his/her position and to challenge the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or legal remedy, you have the right of appeal to a supervisory authority, in particular, in the member state where you reside, work or suspect an infringement, if you believe that the processing of personal data concerning you is contrary to the provisions set out in GDPR.
The supervisory authority to whom the complaint has been made shall inform the complainant of the status and results of the complaint, including the possibility of a legal remedy pursuant to Article 78 GDPR.