SAIL Data Privacy

Data-Privacy-Policy

SAIL GmbH | Data Privacy Policy

The protection of your personal data is an important concern to SAIL. Your trust is our top priority. Therefore, we always treat your personal data as confidential and in accordance with the legal data protection regulations as well as this Data Privacy Policy.

This policy discloses the way and manner how SAIL handle personal data on the internet, what information about the users of SAIL websites is recorded and analyzed, and how this information is used, shared or otherwise processed. It is furthermore described how cookies and other technologies can be used in our applications. When calling up our website, you will be informed about the use of cookies for analysis purposes. In this process, it will also be referred to this Data Privacy Policy.


By using this website, you declare your consent to the gathering and use of your personal data in the way described in this Data Privacy Policy.

You likewise recognize that SAIL can change and update this Data Privacy Policy regularly at their own discretion. In that case, we will publish updated versions of this Data Privacy Policy on this webpage. A revised Data Privacy Policy applies only to data that is gathered after the date on which the policy takes force. We recommend that you check this page regularly for updated information about our data privacy practices. Your continued use of our services after changes were made to the Data Privacy Policy means that you accept the changes.

 

Name and address of the data controller

The data controller in the definition of the EU General Data Protection Regulation and other, national data protection laws of the Member States as well as further data protection is:

SAIL GmbH, Sea Air Integrated Logistics
Elbberg 8
22767 Hamburg / Germany
Phone: +49.40.30 68 70-0
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.">Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein.

Contact of the Data Protection Officer The Data Protection Officer of the data controller can be reached using the following contact:
Data Protection Officer of SAIL GmbH,


SAIL GmbH, Sea Air Integrated Logistics
Elbberg 8
22767 Hamburg / Germany
Phone: +49.40.30 68 70-0
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.">Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein.


General remarks on data processing
Scope of the processing of personal data

We use your personal data in the way as described in this Data Privacy Policy, in order to make our services available, to respond to your enquiries, and to the extent it is legally permissible or required or to assist in legal or criminal investigations. We can further anonymize and aggregate data gathered via this website for statistical purposes to expand our product portfolio and improve our services.


With whom do we share your personal data?

We can store your personal data or otherwise pass it on to our affiliates or further trustworthy business partners, who perform services in our name, for example, for technical support to evaluate the usefulness of this website for marketing purposes or other types of service provision. We have conducted contracts with these parties to ensure that personal data is processed on the basis of our instructions and in compliance with this Data Privacy Policy, and other suitable measures regarding confidentiality and security.

We pass on your personal data to these parties and other third parties exclusively to the required extent in order to perform services that you have requested or authorized and to protect your and our rights, property or security or, if we are obligated to do so based on applicable laws, orders by courts or other authorities, or if this disclosure is required in order to assist in legal or criminal investigations or court proceedings.

Please note that the companies of the SAIL Group as well as authorities, customers and suppliers to whom we may pass on your personal data, might possibly be domiciled outside of your home country, and potentially also in countries with data protection laws that can differ from those applicable in the country where you are domiciled. In such cases, we will ensure that suitable measures for the protection of your personal data are taken by introducing suitable legal mechanisms, e.g. EU standard contract clauses. You can find a copy of the EU standard contract clauses at: www.ec.europa.eu/justice/data-protection/international-transfers/transfer


Legal basis for the processing of personal data
Insofar as we obtain a declaration of consent from the data subject for the processing of personal data, Art. 6 (1) lit. a) EU General Data Protection Regulation (GDPR) applies as the legal basis for the processing of personal data.

In the processing of personal data that is required for the fulfilment of a contract to which the data subject is a party, Art. 6 (1) lit. b) GDPR serves as the legal basis. This also applies to processing that is required to conduct pre-contractual measures.

Where processing of personal data is required for the fulfilment of a legal obligation imposed on our company, Art. 6 (1) lit. c) GDPR serves as the legal basis.
In the case that vital interests of the data subjects or another natural person necessitate the processing of personal data, Art. 6 (1) lit. d) GDPR serves as the legal basis.

If the processing serves to protect a justified interest of our company or of a third party and if the interests, civil rights and fundamental freedoms of the data subject do not outweigh the interest mentioned first, Art. 6 (1) lit. f) GDPR serves as the legal basis for the processing.


Data deletion and period of storage

The personal data of the data subjects will be deleted or blocked as soon as the purpose for storing it ceases to apply. Storing can also take place beyond this point in time if this has been provided by the European or national legislator in directives, laws and other regulations under EU law, which applies to the data controller. The data will also be blocked or deleted when a storage period expires that is prescribed by said standards, unless there is a necessity for the continued storage of the data for a contract conclusion or contract fulfilment.


Provision of the website and creation of log files
Description and scope of the data processing

On each retrieval of our website, our system automatically gathers data and information from the computer system of the accessing computer.

The following data is gathered in this process:
(1) Information on the browser type and the version used
(2) The user’s operating system
(3) The user’s IP address
(4) Data and time of the access
(5) Websites from which the user’s system reaches our website
(6) Websites that are called up by the user’s system via our website

The data will likewise be stored in the log files of our system. This data will not be stored together with other personal data of the user.


Legal basis for the data processing

The legal basis for the temporary storing of the data and log files is Art. 6 (1) lit. f) GDPR.


Purpose of the data processing

The temporary storing of the IP address by the system is necessary to enable a delivery of the website to the computer of the user. For this purpose, the user’s IP address must remain stored for the duration of the session. The log files are stored in order to ensure the functionality of the website. In addition, the data helps us optimize the website and ensure the security of our IT systems. The data is not analyzed for marketing purposes in this context. These purposes are also justified interests of ours in the data processing pursuant to Art. 6 (1) lit. f) GDPR.


Duration of the storing

The data will be deleted, as soon as it is no longer needed to achieve the purpose for gathering it. This will be the case when the respective session is ended in the case that data is gathered for the purpose of providing this website.
In the event that the data is stored in log files, deletion will take place at the latest after seven days. Storing beyond this point is possible. In that case, the users’ IP addresses will be deleted or anonymized, so that it will not be possible anymore to attribute them to the retrieving client.


Possibility for objection and removal

The gathering of the data for the purpose of providing the website and the storing of the data in log files is necessarily required for the operation of the website. Consequently, there is no possibility to object for the user.


Use of cookies
Description and scope of the data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or that are stored by the internet browser on the user’s computer system. If a user retrieves a website, a cookie can be stored in the user’s operating system. This cookie contains a sequence of characters that enable a definitive identification of the browser upon repeated retrieval of the website. We use cookies to make our website more user friendly. Some elements of our website require that the retrieving browser can also be identified after a different page is called up. We differentiate between the following cookies for the use of our website:

Necessary cookies
These cookies are necessary to operate the website and temporarily store session data so that the page is displayed correctly.

Performance cookies
We use performance cookies so that we can improve the technical performance such as loading speed and image build up.

Functional cookies
These cookies are used by our applications to cache the entered data and thereby assure functionality and customer friendliness.

Advertising cookies
We use advertising cookies to check the success of our marketing activities.

Third-party cookies
Third-party cookies are cookies, which are set by a person who is in fact responsible for the processing but who is a different person than the operator of the website that is visited by the user.

Google Analytics

Furthermore, we use Google Analytics, an advertising analysis service of Google Inc. (“Google“). Google uses cookies. The information generated by the cookie about the use of the online offer by the users is generally transmitted to and saved on a server of Google in the USA.

Google will use this information on our behalf to analyze the use of our online offer by the users, to compile reports about the activities within this online offer, and to perform further services for us that are related to this online offer and the internet use. In the process, pseudonymized user profiles of the users can be created from the processed data.

We use Google Analytics only with activated IP anonymization. This means, the users’ IP addresses will be truncated by Google within the Member States of the European Union or in other signatory states of the Treaty on the European Economic Zone. The complete IP address will only be transmitted in exceptional cases to a server of Google in the USA and it will be truncated there. The IP address transmitted from the user’s browser will not be combined with other data of Google.

Furthermore, the users can prevent the storing of cookies by a corresponding setting of their browser software; the users can moreover prevent the gathering of the data generated by the cookie that is to be forwarded to Google and relates to their use of the online offer, as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

More information about data use by Google for advertising purposes, options for settings and objections can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners/  (“Use of data by Google when you use websites or apps of our partners),
http://www.google.com/policies/technologies/ads “Use of data for advertising purposes”), http://www.google.de/settings/ads (“Managing information that is used by Google to display advertising to you”) and
 http://www.google.com/ads/preferences/  (“You decide which advertising Google shows you”).

 


Legal basis for the data processing

The legal basis for the processing of personal data by means of technically necessary cookies is Art. 6 (1) lit. f) GDPR. The legal basis for the processing of personal data by means of cookies for analysis purposes, if consent in this regard has been granted by the user, is Art. 6 (1) lit. a) GDPR.


Purpose of the data processing

The purpose of using technically necessary cookies is to enable the users to use the websites. Some features of our websites cannot be offered without the use of cookies. For these, it is required that the browser is recognized even after changing to other webpages. The user data gathered by the technically necessary cookies is not used to create user profiles. Analysis cookies (advertising cookies and third-party cookies) are used for the purpose of improving the quality of our website and its contents. We find out from the analysis cookies how the website is used and we can thereby continuously optimize our offer. They can also be used for the purpose of creating a profile of your interests and displaying relevant advertising on other websites. The legal basis for the processing of personal data by means of technically necessary cookies is Art. 6 (1) lit. f) GDPR. The legal basis for the processing of personal data by means of cookies for analysis purposes, if consent in this regard has been granted by the user, is Art. 6 (1) lit. a) GDPR.


Duration of the storing, possibility for objection and removal

Cookies are stored on the user’s computer and transmitted from it to our website. Therefore, as a user, you also have full control over the use of cookies. By changing the settings of your internet browser, you can deactivate or limit the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done in an automated process.


Rights of data subjects

If personal data of you is processed, you are a data subject in the definition of the GDPR and you have the rights listed below in relation to the data controller. You can claim your rights at any time at https://app-de.onetrust.com/app/#/webform/0a22d30e-5874-4513-953f-3079967f561b


Right to information

You can demand a confirmation from the data controller of whether personal data relating to you is being processed by us. If such processing applies, you can demand information from the data controller regarding the following aspects:

(1) the purposes for which the personal data is processed;
(2) the categories of personal data that is processed;
(3) the recipients or categories of recipients to whom personal data relating to you has been disclosed or will be disclosed in the future;
(4) the planned duration of the storing of the personal data relating to you or, if this cannot be specified concretely, the criteria for determining the storage duration;
(5) Applicability of a right to correction or deletion of the personal data relating to you, a right to restrict the processing by the data controller or a right to object to this processing;
(6) Applicability of a right to complain with a supervisory authority;
(7) All available information on the origin of the data if the personal data has not been gathered from the data subject;
(8) Applicability of an automated decision-making process including profiling according to Art. 22 (1) and (4) GDPR and – at least in these cases – explanatory information about the involved logic and scope, as well as the intended effects for the data subject from such processing.

You have the right to demand information of whether the personal data relating to you is being transmitted to a third country or an international organization. In this connection, you can request being informed about the suitable guarantees according to Art. 46 GDPR relating to the transmission.


Right to correction

You have a right to the correction and/or completion in relation to the data controller, insofar as the processed personal data relating to you is incorrect or incomplete. The data controller has to make the correction without delay.


Right to limit the processing

On the following conditions, you can request the limitation of the processing of personal data relating to you:

(1) if you deny the correctness of the personal data relating to you for a period that enables the data controller to check the correctness of the personal data;
(2) the processing is illegitimate and you reject the deletion of the personal data, and instead request the limitation of the use of the personal data;
(3) the data controller no longer needs the personal data for the purposes of the processing, but you require it for the assertion, exercise or defense of legal claims; or
(4) if you have raised an objection against the processing according to Art. 1 GDPR and if it is not certain yet if the justified interests of the data controller outweigh your reasons.
If the processing of the personal data relating to you has been limited, this data may be processed – other than for storing – only with your consent or only to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity, or for reasons of a compelling public interest of the European Union or of a Member State.

If the limitation of the processing has been applied according to the aforementioned conditions, you will be informed by the data controller before the limitation is lifted.


Right to deletion

a) Obligation for deletion

You can demand from the data controller that the personal data relating to you is to be deleted immediately and the data controller will be obligated to delete this data immediately if one of the following reasons applies:

(1) The personal data relating to you is no longer required for the purposes for which it has been gathered or otherwise processed.
(2) You revoke your consent that served as the basis for the processing according to Art. 6 (1) lit. a) or Art. 9 (2) lit. a) GDPR and there is no other legal basis for the processing.
(3) You raise an objection according to Art. 21 (1) GDPR against the processing and there are no outweighing justified reasons for the processing, or you object to the processing according to Art. 21 (2) GDPR.
(4) The personal data relating to you is processed illegitimately.
(5) The deletion of the personal data relating to you is required to fulfil a legal obligation according to EU law or the laws of the Member States that apply to the data controller.
(6) The personal data relating to you has been gathered with regard to offered services of the information society according to Art. 8 (1) GDPR.

b) Information to third parties If the data controller has made the personal data relating to you publicly accessible and if it is obligated to delete it according to Art. 17 (1) GDPR, it will take appropriate measures, also of technical nature, in consideration of the available technology and implementation costs, in order to inform the parties, who are responsible for the data processing and who process the personal data, of the fact that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions
The right to deletion does not apply if the processing is required

(1) to exercise the right to free speech and information;
(2) to fulfil a legal obligation that applies to the processing pursuant to EU law or the laws of the Member States that apply to data controller, or to fulfil a task in the public interest or in exercise of public power that has been delegated to the data controller;
(3) for reasons of the public interest in matters of public health according to Art. 9 (2) lit. h) and i) as well as Art. 9 (3) GDPR;
(4) for archiving purposes that are in the public interest, for scientific or historic research purposes or for statistical purposes according to Art. 89 (1) GDPR, insofar as the right referred to under Section a) is expected to render the realization of the processing objectives impossible or obstructs it to significant extent; or
(5) for the assertion, exercise or defense of legal claims.


Right to information

If you have asserted the right to the correction, deletion or limitation of the processing against the data controller, it will be obligated to inform all recipients to whom personal data relating to you has been disclosed of this correction or deletion of this data or the limitation of the processing, unless this proves to be impossible or if such is tied to disproportionate effort or expense. You have the right in relation to the data controller to be informed of these recipients.


Right to data portability

You have the right to receive the personal data relating to you that you have made available to the data controller in a structured, common and machine-readable format. You have furthermore the right to transmit this data to another data controller without obstruction by the data controller to whom the personal data has been made available, insofar as

(1) The processing is based on consent according to Art. 6 (1) lit. a) GDPR or Art. 9 (2) lit. a) GDPR or a contract according to Art. 6 (1) lit. b) GDPR, and
(2) The processing takes place by means of automated processes.
In exercise of this right, you moreover have the right to effect that the personal data relating to you is transmitted directly from one data controller to another data controller insofar as this is technically practicable. Freedoms and rights of other persons must not be impaired thereby.

The right to data portability does not apply to the processing of personal data that is required to fulfil a task in the public interest or in exercise of public power that has been delegated to the data controller.


Right to object

You have the right to object at any time, for reasons that result from your particular situation, to the processing of the personal data relating to you that takes place on the basis of Art. 6 (1) lit. e) or lit. f) GDPR; this also applies to profiling based on these provisions.

The data controller will cease the processing of the personal data relating to you, unless it can prove compelling reasons for the processing that qualify for protection and which outweigh your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending against legal claims.

If the personal data relating to you is processed to operate direct marketing, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling if it is connected to such direct marketing.

If you object to the processing for the purposes of direct marketing, the personal data relating to you will no longer be processed for these purposes.

You have the option to exercise your right to object in connection with the use of the services of the information society – notwithstanding Directive 2002/58/EC – by means of automated procedures, in which technical specifications are used.


Right to revoke the consent according to data protection laws

You have the right to revoke your consent according to data protection laws at any time. The legitimacy of the processing that has taken place up until your objection will not be affected by the revocation of the consent.


Automated decision in the individual case including profiling

You have the right not to be subjected to a decision that is exclusively based on automated processing – including profiling – which develops legal effect in relation to you or which causes similar significant obstructions for you. This does not apply if the decision

(1) is required for the conclusion or the fulfilment of a contract concluded between you and the data controller;
(2) is permissible based on the legal regulations of the EU or the Member States that apply to the data controller and if these legal regulations contain appropriate measures to protect your rights and freedoms as well as your justified interests; or
(3) is made with your explicit agreement.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a) or lit. g) applies and appropriate measures for the protection of rights and freedoms as well as your justified interests have been taken.

Regarding the cases referred to in (1) and (3), the data controller will take appropriate measures to protect rights and freedoms as well as your justified interests, which includes at least the right of a person of [sic] the data controller to take influence, to present own standpoints and to challenge the decision.
Right to complain with a supervisory authority
Without prejudice to other administrative or in-court appeal, you have the right to complain with a supervisory authority, in particular in the Member State of your domicile, your workplace or the place of the suspected violation if you believe that the processing of personal data relating to you violates the GDPR.
The supervisory authority with which complaint has been filed will inform the complainant of the status and the results of the complaint including the possibility of appeal in court pursuant to Art. 78 GDPR.


Report of data breaches

Data breaches can be reported at any time under This email address is being protected from spambots. You need JavaScript enabled to view it.">Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein. email address is being protected from spambots. You need JavaScript enabled to view it." target="_blank" title="Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein.">

A data breach means a breach of security that leads to the accidental or illegal destruction, loss or modification, unauthorized disclosure or unauthorized access of personal data, which is transmitted, stored or otherwise processed by SAIL or a third party contracted by it.


Minors
Persons younger than 18 years of age should not transmit any personal data without the agreement of their parents or legal guardians. According to Art. 8 GDPR, children aged 16 years or younger can declare such consents only with the agreement of their parents or legal guardians. Personal data of minors is not knowingly gathered and processed.


Correctness and validity of this Data Privacy Policy
SAIL reserves adjusting this Data Privacy Policy at any time and with effect for the future. It is therefore recommended to read this Data Privacy Policy again at regular intervals.
Version May, 2018


Ship