• Privacy Terms

Website Privacy Terms

At Hapag-Lloyd AG as well as the entire Hapag-Lloyd Group (HL) with all entities and Hapag-Lloyd agents we respect your privacy and your personal data. With this privacy policy we want to inform you about our data processing activities when

- we, as an international container shipping line, deliver products and perform services to you as, our customer or prospective customer (see section ‎8.1 Sales and Customer Services)

- you work with us as a supplier of products or as service provider (see section ‎8.2 Procurement and Suppliers)

- you visit our facilities and use our visitor services, including conference rooms, local area networking (see section ‎8.3 Visitor Services)

- you contact us online or offline (see section ‎8.4 Communication, contacting and collaboration)

- you apply for a job with us (see section 8.5 Recruitment Activities)

- we perform specific marketing activities, such as sending you our newsletter (see section ‎8.6 Marketing Campaigns (newsletters, surveys, mailings))

- you visit our website(s) and social media pages or use our mobile applications and platforms (see section 8.8 Applications and Platforms)

- you are a shareholder and use our online services (see section 8.9 Online services for shareholders)

As Hapag-Lloyd AG is based in the European Union, we adhere primarily to the EU General Data Protection Regulation (GDPR) but will also follow stricter national laws and regulations as they apply to the data processing. You will find the specific details in Section 7 for the countries that have a deviating regulations.

PERSONAL DATA

a. Personal data in the meaning of Art. 4 GDPR are all information relating to an identified or identifiable natural person, e.g., name, address, phone number, email address etc.

b. If you are conducting business with us, you may also be interested to learn how we process relevant information that does not qualify as person-identifiable information. A lot of this information forms a basis of our services (e.g., cargo information, container tracing, schedules, etc..) and is processed in a digital manner via digital tools (mobile applications, web, API portal, email notification). All these applications require login credentials (see  section 10). You can also find more information in the privacy terms of the respective tools. 

CONTROLLER

a. Responsible for the processing

In most of the cases:
      Hapag-Lloyd AG
      Ballindamm 25
      20095 Hamburg
      Germany

b. Data processing activities might occur under the responsibility of other controllers of the Hapag-Lloyd Group. This is specifically the case, when you are interacting with local entities of the Hapag-Lloyd Group. 

For questions regarding the collection, processing or use of personal data relating to you; or in case of a withdrawal of an informed consent regarding the disclosure, correction, blocking or deletion of data, please contact us via:

E-Mail:  [email protected]

or

Postal Address:

Hapag-Lloyd AG
8800 Corporate Data Protection Office
Ballindamm 25
20095 Hamburg
Germany

c. Other entities of the Hapag-Lloyd Group

For questions related to data protection in our affiliates across the world, you can find more details under section 7.

WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

Hapag-Lloyd will process your personal data in accordance with the rights of data subjects under relevant national or international law. You have the following rights:

a. right of access;
b. right to rectification and erasure (“right to be forgotten”);
c. right to restriction of processing;
d. right to data portability
e. under certain circumstances, right to object, unless we have legitimate grounds to continue the processing;
f. file a complaint with local supervisory data protection authority;
g. withdraw your consent at any time with effect for the future.

To exercise your rights as a data subject, please contact our Corporate Data Protection Office. 

We shall endeavor to respond your request withing 30 days. If more time is necessary, we will inform you. To allow to us to verify your request, we might request proof of identification.

For more information on how we process your data when you contact us, see section ‎8.4.

In addition to us sharing your personal data with other entities of the Hapag-Lloyd group, we may share your personal data with the following recipients:

  • agents operating on behalf of Hapag-Lloyd, and other affiliated entities;
  • third parties (consignee, notify party, freight forwarded);
  • supply and service providers, (e.g., sub-contractors such as trucking companies, terminals, and depots), IT service provider and platform/hosting providers, consultants;
  • supervisory authorities.

We only share your personal data with these recipients when it is necessary in accordance with the purpose of processing as described in more detail below under the respective processing activities.

We also may process and disclose your personal data if we determine that, due to legal requirements, law enforcement, litigation and/or requests from public and governmental authorities, or other issues of public importance, the disclosure and processing of your personal data is necessary and appropriate. These legal requirements (Art. 6 (1) GDPR) include, but are not limited to the following situations:

  • for the purpose of preventing fraud, illicit trafficking, investigating and reporting criminal offences (security screening background checks)
  • for auditing purposes
  • to perform security checks at the terminal
  • to perform custom’s declaration

Your personal data may be transferred to and/or accessible globally by other Hapag-Lloyd entities and unaffiliated service providers, including in countries outside of the European Economic Area (EEA) in which the level of data protection may not be as high as within the EEA. 

We comply with applicable legal requirements and provide an adequate level of data protection regardless of where the data are transferred or accessed. For transfers of personal data outside the EEA, we rely on appropriate international data transfer mechanisms and safeguards such as an adequacy decision or the Standard Contractual Clauses as approved by the European Commission. More information on this topic is published here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en

We will retain the data for the period reasonably necessary to fulfill the purposes outlined in this Website Privacy Policy unless a longer retention period is required or permitted by law or subject to questions or complaints that force us to retain the data for a longer period. 

We use a variety of technical and organizational measures to help to protect your personal data from unauthorized access, loss, use, disclosure, alteration, or destruction in line with applicable data protection laws. The Hapag-Lloyd AG is ISO 27001/ ISO 27701 certified.

We work with a number of external partners and have taken contractual steps to ensure that all external service providers comply with the relevant IT security standards, including but not limited to the requirements of the GDPR.

We do not process personal data relating to children and minors under the age of 16 years, unless we are legally obliged to do so. If we become aware that data were transferred to us or collected by us relating to children and minors under the age of 16 years without the informed consent of a parent or legal guardian, we will delete such personal data without any undue delay.

In the following, we list the contacts of our local Data Protection Officers that are based at affiliates of Hapag-Lloyd AG. Please be aware that some jurisdictions may use a different terminology for the data protection function. Such nomenclature may include, inter alias: Data Information Officer; Information Officer, Information Security Officer, Privacy Officer, Grievance Officer etc.

Hapag-Lloyd AG as a headquartered company in the European Union complies globally with the GDPR  but in Brazil as well with the LGPD. We guarantee you all rights under GDPR as well as LGPD.

Non-discrimination:
You will never be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.

Right to withdraw consent:
You have always the right to withdraw your consent if the data processing based on your consent with immediate effect for the future. Upon receipt of your message, we will delete your data unless we are legally obliged or authorized to retain personal data relating to you. Please send your revocation notice to the address of our Data Protection Officer in Brazil.

For further information you can contact our Data Protection Officer:
Ms. Gizely Horsth
Email:   [email protected]
Telephone: +55 11 3306-9000

Right to contact Data Protection Authority:
You have the right to complain about Hapag-Lloyd. You can find the contact to the responsible supervisory authority here:
ANPD – Autoridade Nacional de Proteção de Dados
ANPD’s website: ANPD — Português (Brasil) (www.gov.br)

Hapag-Lloyd AG is headquartered in the European Union and complies globally with the EU General Data Protection Regulation as a minimum standard. Insofar, we invite you to carefully read all sections above in order to familiarize yourself with these minimum standards. You should particularly study the section on the rights of data subject as both regulations overlap in terms of these rights.

You may contact us either using the dedicated mail address and/or phone number:
Toll Free number: 1-833-Privacy (833-774-9229)
E-Mail: [email protected]

or you may contact us either using the contact information mentioned in section 16 or via our offices based in California:

Hapag-Lloyd (America) LLC
555 East Ocean Blvd
Suite 300
LONG BEACH, CA 90802
USA
Phone +1 888 513-2180

Hapag-Lloyd (America) LLC
180 Grand Rand Avenue, Suite 1535
OAKLAND, CA 94612
USA
Phone +1 510 286 1940

Specifically for the data access request, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.

Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
       sales, identifying the personal information categories that each category of recipient purchased; and
       disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you our services.
  • Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of our services.
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.

The CCPA is very specific about the “sale” of person identifiable information. In our industry this is a particularly difficult aspect of data processing and it is connected to the international transfer of person identifiable information. If we ship cargo, we must process person identifiable information in order to provide you with our service. As such, we may have to share such information with third parties, e.g. consignees, public authorities or other partners in the logistics supply chain.

These third parties may use such information for their own, legitimate business purposes, and the Hapag-Lloyd AG may not be in the position that we can control the use of such person identifiable information by a third party.

As stated before, we do not intend to discriminate anybody on the basis of the CCPA, but please bear in mind that we may not be permitted, for regulatory reasons, to provide you with our service if you partly or fully object to the processing of person identifiable information relating to you.

Please also consider that personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994, is not subject to the CCPA.

We value and honor your right to privacy, and we will always carefully assess how we can protect your personal information to the highest attainable standards.
 

ADDITIONAL CHINA INFORMATION

This Additional China Privacy Statement (the “China Privacy Statement) sets forth Hapag-Lloyd AG, and its group of companies. ("Hapag-Lloyd", "we", "us" and "our") disclosure obligations under Personal Information Protection Law of the People's Republic of China (“PIPL”). This China Privacy Statement provides the additional details regarding the information defined as „personal information” under PIPL further referred to as “Personal Information.”

To the extent Hapag-Lloyd processes any Personal Information subject to PIPL, Hapag-Lloyd will process such Personal Information in accordance with PIPL and any other applicableprivacy related Chinese laws and regulations incorporated in PIPL by reference.

1. Our Legal Basis for Processing Personal Information

Hapag-Lloyd will process Personal Information in accordance with the principles of legality, legitimacy, necessity, and good faith. To the extent you voluntarily provide us with your Personal Information, we will process such information for the purposes for which it was provided to Hapag-Lloyd as set forth in the Hapag-Lloyd Privacy Statements. You are free not to provide Hapag-Lloyd with your Personal Information and can withdraw your consent at any time in the manner prescribed in the Contact Us Section of this China Privacy Statement. Where legally required (and where no other legal basis for processing exists), we will obtain your consent before processing your Personal Information. For example, if we want to process your sensitive Personal Information, or to process your Personal Information for a new purpose for which no other legal basis for processing exists, we will obtain your consent including separate consent or written consent as required by PIPL and related administrative regulations. If we process your Personal Information beyond the scope of this China Privacy Statement, we will separately explain the purpose, method, and scope of such processing to you through mechanisms such as page tips, interactive processes, website announcements, etc., and obtain any additional consents as required by PIPL. Hapag-Lloyd may process your Personal Information without your consent, under any of the following circumstances:

  • Where it is necessary for the conclusion or performance of a contract to which you are a party, or for the implementation of human resources management in accordance with the labor rules and regulations formulated in accordance with the law and the collective contract concluded in accordance with PIPL.
  • Where it is necessary for the performance of statutory duties or statutory obligations.
  • Where it is necessary for the response to a public health emergency or for the protection of the life, health and property safety of a natural person.
  • Where it is necessary to process the Personal Information disclosed by you or other Personal Information that has been legally disclosed within a reasonable scope in accordance with the provisions of PIPL.
  • Other circumstances stipulated by laws and administrative regulations.

2. How We Share Your Personal Information

Hapag-Lloyd will only share your Personal Information if we have obtained your separate consent as required by PIPL or in circumstances where your consent is not required according to laws and regulations.

3. Cross-Border Transfers of Personal Information

In principle, your Personal Information will be processed within the territory of the People's Republic of China. However, as a global company, Personal Information may be provided to our parent company Hapag-Lloyd AG in Germany, subsidiaries and/or affiliates including those established outside the territory of the People's Republic of China, to achieve global management of Hapag-Lloyd, to conduct jointly managed activities, and for internal business analysis and planning. We may also transfer your Personal Information to personal information processors and entrusted persons (e.g., service providers) located outside the territory of the People's Republic of China. We will take necessary measures required by law including entering into standard contractual clauses with the overseas recipient to stipulate the rights and obligations between us and ensuring the foreign receiving party provides adequate protection for the Personal Information under applicable laws. We will separately obtain your consent and provide detailed information about the cross-border transfer of your Personal Information, as required by PIPL. You can contact us through the contact information listed below or in the Hapag-Lloyd Privacy Policy.

4. Your Privacy Rights

Under PIPL, you have the following rights:

  • Right to be informed: You have the right to know the processing of your Personal Information.
  • Right to access and copy: You can request access to your Personal Information or obtain a copy of your Personal Information.
  • Right to delete: You can request the deletion of your Personal Information in certain circumstances (for example when you withdraw your consent, or the purpose of Personal Information processing has been achieved, it is impossible to achieve such purpose, or it is no longer necessary to achieve such purpose).
  • Right to transfer: You can transfer your Personal Information to a personal information processor designated by you when it meets the conditions stipulated by the authorities.
  • Right to make decisions, restrict and refuse: You can make decisions on the processing of your Personal Information, and restrict or refuse HAPAG-LLOYD  to process your Personal Information.
  • Right to withdraw your consent: Where processing of your Personal Information is based on your consent, you can withdraw your consent at any time. Please understand that each service needs some basic Personal Information to be processed. After you withdraw your consent, HAPAG-LLOYD  will not process the relevant Personal Information, and cannot provide you with the corresponding services as a result. However, withdrawal of consent by you will not affect the previous Personal Information processing based on your authorization.

You can exercise the above rights by contacting us as explained in the Contact Us section. We will respond to your request with reasonable explanation within the time limit specified by PIPL or inform you of the alternate ways on resolving the issue or request.

We will not be able to respond to your request under the following circumstances:

  • Related to our compliance with obligations under the laws and regulations.
  • Directly related to national security or defense security.
  • Directly related to public security, public health or major public interests.
  • Directly related to criminal investigations, prosecutions, trials and enforcement of court decisions, etc.
  • Where we have sufficient proof that you have subjective malice or abuse of rights.
  • For the purpose of safeguarding your life, property and other important legal rights and interests or those of other individuals but it is difficult to obtain consent.
  • Responding to your request will cause serious harm to your legitimate rights and interests, or those of other individuals or organizations.
  • Involving trade secrets.

5. Contact Us

If you have any questions or concerns regarding Hapag-Lloyd Privacy Statements, including this China Privacy Statement, you may write to us at [email protected] or by mail to: 

Hapag-Lloyd Aktiengesellschaft
Corporate Data Protection
Ballindamm 25
20095 Hamburg
Germany

Hapag-Lloyd AG is headquartered in the European Union and complies globally with the EU General Data Protection Regulation (GDPR) as a minimum standard. Insofar, we invite you to carefully read all sections above in order to familiarize yourself with these minimum standards. You should particularly study this section as it relates to the Hapag-Lloyd entities based in South Africa (“Hapag-Lloyd SA”) to which the Protection of Personal Information Act 4 of 2013 (“POPIA”) applies:

  • Personal data that is protected in South Africa includes the personal information of existing legal (juristic) persons such as companies, where applicable.
  • Any reference to personal data in the privacy terms shall have the same meaning as “personal information” defined under POPIA.

For further information please contact our Information Officer in South Africa.

For information regarding further countries please check the local pages:

8.1 SALES, CUSTOMER SERVICES, AND OPERATIONS

Purpose/information

The shipping process and the entire customer journey often requires the processing of personal data:  e.g., to obtain quotes, to schedule and book your transport, to submit the necessary shipping documentation, to track your transport, to file your custom declaration and clear customs, but also for invoicing and payments. The processing of personal data may be necessary both prior to the conclusion of a contractual agreement (e.g., in order to provide you with a quotation) and during the implementation of a contract with you (e.g., shipping details). Notably, we often process personal data that do not relate to our direct (pre-) contractual partner, but to a third person (such as a consignee, an employee of a consignee or a notified party). 

Personal data, which is processed to provide you or another third party with our services, only to the extent an identifiable person can be linked to such content, may include but is not limited to:

  • Individual and business contact information for communication (see for more details section ‎8.4) or registration (such as name, company name, physical address, email address, and telephone or fax number)
  • Shipping information (such as (i) shipping-related contact details like the shipper's and consignee's name, physical address, email address and telephone number, (ii) signature for proof of delivery, (iii) information given to us that helps us access locations to which we provide service), (iv) booking number, (v) customer’s bill of lading, (vi) customer’s container number (vii) and other information provided to us regarding the content of certain shipments.
  • Information that enables us to verify an individual's identity (incl. passport data or drivers’ licenses).
  • Names, email addresses, identity information and telephone numbers of third persons to whom we are asked to send information or shipments.
  • Payment information and financial information (such as bank account numbers).
  • Tax-identification number in circumstances in which you request services for which this information is required.
  • Other personal information that may be provided to us to obtain a Hapag-Lloyd service, such as records of our communication (see for more details section 8. D).
  • Location data: When we pick up or deliver a shipment or provide other services, we may obtain physical location data. This includes, for example, data identifying the actual location of a physical address using information such as GPS data, geocodes, latitude and longitude information, and images of the various locations.
  • Login information and credentials when using our Web Applications and Platforms and further information is available in the respective section of these Privacy Terms in the respective applications and platforms).


Cookies used: Type A. More information can be found in the “Cookies/Tools” section.

Subjects:

Direct contractual party but also third person (consignee, employee of a consignee or a notified party).

Recipients

  • Internally:
    • The departments or Hapag-Lloyd entities you cooperate with or provide services to
    • The departments involved in procuring, executing or terminating the service provision
  • Externally:
    • Hosting/portals/information service providers that are used in international logistics to facilitate the exchange of information locally (e.g. port community systems) or internationally as instructed by the shipper / contract party, in order to facilitate the provision of our services or in order to provide such information to portals
    • Partners to provide you with the best possible service (e.g., sub-contractors such as trucking companies, terminals, and depots)
    • Payment providers
    • Certain shipment-related data will be provided to the authorities of the country of transit or destination for customs and tax clearance or for security screening, as required by the laws of the respective country
    • Third parties (consignee)
    • Other subcontractors who process personal data on our behalf
    • Authorities (see section ‎3)

Transfers to third countries are possible (see section ‎3). 

Retention

See section ‎4.

Legal basis:

  • To perform a contract with our customers (Art. 6 (1) (b) GDPR)
    • Processing activities during the term of the contractual relationship Including processing activities necessary for the initiation of a contractual relationship (e.g., you ask for a quotation), or you ask information about our services, and you provide your information voluntarily to us and activities post-termination.
  • Legitimate interest (Art. 6 (1) (f) GDPR):
    • To communicate with you, to the extent that an ongoing business relationship with you or your employer already exists, You will have the opportunity to unsubscribe. 
    • if you are a party to a shipment but not our direct contractual partner (consignee) 
    • When we exchange information with third parties, such as portals / information service providers, that facilitate the exchange of information in logistics and that serve as data brokers to ancillary services. If we do so, we make a detailed assessment in order to identify the legitimate interest, we determine that the processing is necessary to achieve it, and we balance it against the individual’s interests, rights and freedoms.
    • To enforce legal claims, including debt collection and defense in the event of legal disputes
    • To perform customs declaration

Please be also aware that we may not be able, for regulatory reasons, to provide you with our services if you partly or fully disagree with the processing of personal data relating to you.

  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2)

Please note that for processing of personal data on consignees, employees of consignees or other third parties involved in a shipment, provided by the shipper/ contract party to Hapag-Lloyd, it is the responsibility of the shipper / contract party to ensure that the provision of data is compliant with applicable data protection laws. 

8.2 PROCUREMENT AND SUPPLIERS

Purpose/information

With regard to the cooperation with our suppliers and service providers (from terminal services, to supply of spare parts and offices services, or Information Technology services), we might collect personal information. In general, we only process information about the company but it might also include personal information of the contact person.

Personal data, which is processed, and only to the extent an identifiable person can be linked to such content, may include but is not limited to:

  • Individual and business contact information (such as name, company name, physical address, email address, and telephone or fax number)
  • Payment information and financial information (such as bank-account numbers)
  • Other personal information, such as records of our communication (see section ‎8.4).
  • Login information and credentials when using tools to improve collaboration, and further information is available in the respective section of these Privacy Terms in the respective applications and platforms). 

Subjects

Direct contractual parties (suppliers, service providers)

Recipients

 

  • Internally
    • The departments or Hapag-Lloyd entities you cooperate with or provide services to
    • The departments involved in procuring, executing, or terminating the service provision
  • Externally
    • Hosting/portals/information service providers
    • Other subcontractors who process personal data on our behalf
    • Authorities (see section ‎2) 

Transfers to third countries are possible (see section‎3).

Retention

See section ‎4.

Legal basis

  • To fulfil the contract between the parties (Art. 6 (1) (b) GDPR)
  • Legitimate interest (Art. 6 (1) (f) GDPR): 
    • To the extent necessary for the initiation of a contractual relationship and you provide your information voluntarily  to us
    • To communicate with you, to the extent that an ongoing business relationship with you or your employer already existso To enforce legal claims, including debt collection and defense in the event of legal disputes
    • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2).

8.3 VISITOR SERVICES

Purpose/information

We use the personal data of individuals who visit our offices and facilities especially for visitor management. This might include the following personal data related to your identity (name, job title, email address, phone number, picture, copy of identification document, visit information (time and date of visit, location information within our facilities and access logs from card readers in case they are used), online identifiers in case of use of our visitor Wifi. For certain types of visitors or in certain circumstances, , we might also collect training information or certificates for security reasons or as legally required. Visuals might be captured via video surveillance equipment (CCTV).

Subjects

Any individual entering our buildings and facilities.

Recipients

  • Internally
    • The departments or Hapag-Lloyd entities you visit
    • The departments involved in providing visitor services
  • Externally
    • Authorized third parties and service providers (e.g., who provide security services)
    • Authorities (see section ‎2)Transfers to third countries are possible (see section ‎3).

Transfers to third countries are possible (see section ‎3).

Retention

See section ‎4. 

Legal Basis

  • Legitimate interest (art. 6 (1) (f) GDPR):
    • To confirm your identity and fulfil visitor management
    • To exercise, establish of defend our legal rights or duties
    • For security reasons: to protect your safety and of other people but also your belongings, our building, facilities, and assets
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2).

 

8.4 COMMUNICATION, COLLABORATION, AND CONTACTING

Purpose/information

When you contact us (e.g., by email or by phone), to request information about our services or when we exchange information, we use your person data to document the communication, answer your requests, improve the quality of our services and other business-related purposes.

Personal data might include name, email, phone number, address, preferred language, your position, correspondence, voice recording, or other information submitted during the conversation and communication.

Cookies used: Type A. More information can be found in the “Cookies/Tools” section.

Subjects

All individuals with whom we communicate, collaborate, and/or contact us.

Recipients

  • Internally
    • The departments or Hapag-Lloyd entities you communicate or collaborate with or whom you contact
    • The departments involved in communicating, collaboration or contacting
  • Externally
    • Hosting/portals/ information service providers
    • Shipping service providers (for postal services)
    • Other subcontractors who process personal data on our behalf
    • Authorities (see section 4).

Transfers to third countries are possible (see section ‎3). 


Retention

See section ‎4. 

Legal Basis

  • To fulfil our contractual obligations, in relation to our customers and suppliers, service providers (art. 6 (1) (b) GDPR)
  • In case of telephone recordings: consent (art. 6 (1) (a) GDPR)
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2).
  • Legitimate interest (art. 6 (1) (f) GDPR): 
    • To process your requests and inquiries
    • For internal verification 
    • To improve the quality of our services
    • To exercise, establish of defend our legal rights or duties

8.5 RECRUITMENT ACTIVITIES

If you apply to one of our open positions published in our careers site, by sending us contact details and CV via the relevant application for or through any other means provided by us (e.g., social media), we will collect your personal data as applicant. We may also use retargeting mechanisms for recruitment activities (see section ‎8.6).

To check the suitability of applicants, we carry out aptitude tests for occupational groups. These tests deal with various areas of knowledge and serve as a performance test to better assess the previous knowledge and certain skills of the applicants, they are adapted to the respective position of the applicants. Test are conducted pseudonymously and only Hapag-Lloyd is able to match the results to the applicants.For the purpose of carrying out the application process, registration for the talent pool as well as the initiation of an employment relationship, we process your data required.

You can provide the following information as part of your application to us:

  • Individual contact information for communication (such as name, company name, physical address, email address, and telephone or fax number)
  • Contact details (name, e-mail address, postal address, telephone number)
  • CV data
    • school education
    • vocational training
    • professional experience
    • language skills
  • Publicly accessible social profiles (e.g. XING, LinkedIn, Facebook)
  • Documents related to applications (application photos, cover letters, certificates, work certificates, work samples, etc.)
  • Documents and test responses and results related to assessments online and offline.

Cookies used: Type A. More information can be found in the “Cookies/Tools” section.

Subjects

Applicants.

Recipients

  • Internally 
    • The departments or Hapag-Lloyd entities you apply for
    • The departments involved in the recruitment process
  • Externally
    • Hosting/portals/ information service providers
    • Online assessment service providers (pseudonymized)
    • Shipping service providers (for postal services)
    • Other subcontractors who process personal data on our behalf
    • Authorities (see section 4).

Transfers to third countries are possible (see section ‎3).

Retention

Your data will be stored for the duration of the application process and in accordance with legitimate retention periods after completion of the application process. In case of a cancellation, the data will be kept for 6 months. After the retention period has expired, the data is completely anonymized. If the processing is based on consent or legitimate interest, your data will be deleted after withdrawal of consent or legitimate objection.

Legal Basis

  • carrying out the application procedure and the initiation of an employment relationship (Art. 6 (1) (b) GDPR)
  • consent (art. 6 (1) (a) GDPR) 
    • Subscribe to notifications via newsletter or RSS feed of new vacancies on the Careers Board:
    • Invite to Talent Pool following an unsuccessful application or by clicking the Contact Us button to be contacted for similar or otherwise suitable job openings
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2).
  • Legitimate interest (art. 6 (1) (f) GDPR): 
    • use of the applicant management system
    • process and analyze documents you have uploaded in order to extract CV-data and convert them into a structured form (so-called "CV parsing").
    • To improve the quality of our services
    • To exercise, establish of defend our legal rights or duties

8.6 MARKETING CAMPAIGNS (E.G., NEWSLETTERS, SURVEYS, MAILINGS, RETARGETING)

Purpose/information

If you subscribe to one of our newsletters or direct marketing communications, we might process the following personal data: individual and business-contact information (such as name, company name, physical address, email address, and telephone or fax number), content and preferences related to marketing communication, cookie and browser related information. If you subscribe to one of our newsletter we offer you the option to define in a preference center what you are most interested in. 

You may choose to unsubscribe at any time from such marketing communications by following the opt-out options as described in the respective marketing communication or cookies. When unsubscribed, you will not receive further direct marketing from us.

Marketing communications can be done through different channels (emails, postal letters, social media, etc.). 

We also send out mailings to our customers and business partners to take part in promotional activities, including events, to provide updates our services etc. In this context, we might process the following personal data: individual and business-contact information (such as name, company name, physical address, email address, and telephone or fax number),  and browser related information. 

When you participate in one of our surveys (e.g., about our services, events we organize), including non-anonymous surveys, we might process the following personal data: your name, your contact details, your answers, as well as details how you connected to the survey website, including data and time when you were connected.

Cookies used: Type A. More information can be found in the “Cookies/Tools” section.

Subjects

Customers, potential customers, vendors, other business partners, employees, press, other stakeholders

Recipients

  • Internally 
    • The departments or Hapag-Lloyd entities providing or facilitating the marketing communication
    • The departments involved in procuring, executing, or terminating the marketing service provision
  • Externally
    • Hosting/portals/information service providers
    • postal service providerso Other subcontractors who process personal data on our behalf
    • Authorities (see section ‎2).

Transfers to third countries are possible (see section ‎3).

Retention

See section ‎4. 

Legal Basis

  • In case of non-anonymous surveys and certain marketing communications to (potential) customers, vendors, employees, business partners and stakeholders: consent (art. 6 (1) (a) GDPR)
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2)
  • Legitimate interest (art. 6 (1) (f) GDPR): 
    • To promote our services and to existing customers and build our commercial relationship with our vendors, business partners and stakeholders, and keep them informed;
    • To understand how customers, vendors, employees, business partners and other stakeholders perceive our services, participants of our events in order to improve them;
    • We will include an opt-out option for marketing activities to existing customers, vendors, employees, business partners and stakeholders.

8.7 AUTOMATICALLY GENERATED PERSONAL DATA

Purpose/information

Using our websites may lead to an automatic processing of personal data relating to you. 

Cookies used: Type A. More information can be found in the “Cookies/Tools” section.

Processing is carried out in a way which does allow your identification, as we are potentially able to link between such metadata and data directly relating to you (= identifiable data). Personal data may include but is not limited to:

  • date and time of access,
  • the name of your provider
  • your IP address, 
  • browser type and version,
  • operating system,
  • system software,
  • websites visited before, including keywords used for searches and the sites from which you have been transferred to our site (e.g., search engine or linked content).
  • Clicking behavior: If you subscribe to our newsletter, we will, due to technical reasons, automatically track whether you opened our newsletter, and whether you have accessed from the newsletter content which had been linked in our newsletter (both internal and external links).

Subjects:

Any individual visiting our website, subscribed to our newsletter, or using any website/digital technology.

Recipients

  • Internally 
  • Externally:  
    • Hosting/portals/ information service providers
    • Authorities (see section ‎2) 

Transfers to third countries are possible (see section ‎3).

Retention

See section ‎4.  

Legal basis:

  • Legitimate interest (art. 6 (1) (f) GDPR):   automatic processing is solely carried out in order to monitor the technical performance, reliability and security of our system.
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2) 

 

8.8 SOCIAL PLUGINS

Purpose/information

Our website contains hyperlinks to social media (so called "social plugins") operated by third parties. The functionality of these social plugins, in particular the transfer of information and user data is not activated by visiting our website, but only by clicking the hyperlinks (social plugins). Once you click on any of these links, the plugin of the respective social media tool will be activated, and your browser will establish a direct connection with the server of this social media tool. If you click on the social plugin while you are visiting our website, a transfer of your user data to the respective social media network and the processing of your data through the social media network may occur. If you activate any of the social media plugins on our website while you are at the same time simultaneously logged into the respective social media tool with your personal account for that social media tool, the information that you have visited our website and that you have clicked the plugin on our website may be transferred to the social media tool and may be processed and stored in relation to your account with this social media tool.

To prevent such processing in relation to your account with the respective social media tool, you need to log out of your account before clicking the plugin link. You may also prevent the activation of social media plugins by adjusting the add-on settings of your browser, for example, by installing a so-called script-blocker such as „NoScript“ (http://noscript.net/).

To the extent that such plugins qualify as cookies, please review our dedicated Section ‎11 on cookies. 

Cookies used: Type A. More information can be found in the “Cookies/Tools” section.

Subjects:

Any website visitors activating the social plugins.

Recipients

  • Internally: Marketing, Communications, Digital Business, HR
  • Externally:
    • Hosting/portals/ information service providers
    • Social networks
      • Facebook is operated by Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. Detailed information regarding plugins used by Facebook is available at: https://developers.facebook.com/docs/plugins
      • LinkedIn is operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA. Detailed information regarding plugins used by LinkedIn is available at: https://www.linkedin.com/legal/cookie-policy
      • Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Detailed information regarding plugins used by Twitter is available at: https://twitter.com/about/resources/buttons
      • Instagram is operated by I Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. Detailed information regarding plugins used by Instagram is available at https://help.instagram.com/1896641480634370
      • YouTube is operated by Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. Detailed information regarding plugins used by YouTube is available at https://policies.google.com/technologies/product-privacy and https://www.google.de/intl/de/policies/privacy
      • WeChat is operated by Tencent Holdings Ltd, Tencent Binhai Building, No 33 Haitian Second Road, Nanshan Shenzhen, 518054 China. Detailed information regarding plugins used by WeChat is available at https://www.wechat.com/en/privacy_policy.html 

Transfers to third countries are possible (see section ‎3). 

Retention

The deletion is in the responsibility of the main service providers. 

Legal basis:

  • Consent (art. 6 (1) (a) GDPR)

8.9 ONLINE SERVICES FOR SHAREHOLDERS

Purpose/information

The online services offer Hapag-Lloyd shareholders the possibility to electronically receive information and documents to the Annual General Meeting, as well as the ability to use various Annual General Meeting-related and share register-related applications.

Cookies used: Type A. More information can be found in the “Cookies/Tools” section.

Subjects:

Any shareholding using the online services. 

Recipients

  • Internally: Investor Relations
  • Externally:  
    • Hosting/portals/ information service providers
    • Shareholder service providers
    • Auditors for the annual report
    • Authorities (see section ‎2)

Transfers to third countries are possible (see section ‎3).  

Retention

See section ‎4. 

Legal basis:

  • Legitimate interest (art. 6 (1) (f) GDPR): to provide online shareholder services.
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) in connection with §§118 ff Stock Cooperation Act (see section ‎2) of providing shareholder services. 

The website of Hapag-Lloyd may contain hyperlinks, which refer you to content provided on websites operated by third parties. As Hapag-Lloyd is not legally responsible for the content and the data protection compliance of such third-party-operated websites, we kindly ask you to closely pay attention to the respective privacy terms of these third-party-operated websites.

In the Privacy Terms above we provide all data subjects with a comprehensive overview regarding the processing of personal data at Hapag-Lloyd Group. Nonetheless, we know and appreciate that many customers are also concerned about the information that does not qualify as personal data, in particular as such information may be important to the operations of our customers.

DIGITIZATION INITIATIVES

Logistics is currently undergoing several waves of digitization, and this process is about to further accelerate over the months and years to come. Insofar, the operations processes and the exchange of information are changing rapidly with a clear tendency towards the expansion of data exchange between all stakeholders in the logistics supply chain.

Within the boundaries set by law, such as customs regulations or competition law, just to name a few examples, we also exchange substantially more transport service related information with third parties than we did before. Partially, this increase is even triggered by changes in the operations of public authorities, such as customs authorities.

As a guiding principle we exchange information with third parties involved in the logistics supply chain on a need-to-know basis, that means we share operational and production data to the extent this is necessary to provide the service. Examples are trucking companies, authorities, port terminals, feeder operators or other service related external partners.

To the same extent we also receive such operational or production data from stakeholders, primarily to synchronize such data with our internal data sets, to update the transport plan or for other general purposes of providing our service to you.

Most of the data provided and obtained relates to the physical move of the box, but such data sets may, depending on the stakeholders involved, also contain cargo related information such as cargo descriptions or the HS-Code.

We trust that our customers appreciate that Hapag-Lloyd, with new services like Quick Quotes or LIVE, is at the forefront of the digitization in the shipping industry, and that customers appreciate the value of new, disruptive digital platforms, which aim to increase the real-time data exchange of operations data in the entire ecosystem.

We are committed to remain one of the leaders in this field, and to increase transparency for all players in the ecosystem that are contributing to an individual shipment without compromising the security of information and operations.

LOGISTIC CHAIN PLATFORMS

Substantive parts of our customers are using existing platforms, such as INTTRA, and we expect that even more customers will try to harvest the advantages of emerging platforms such as GSBN.

Participating in such platforms comes at a “cost”, and that is the need for further standardization of data types, including operational and customer-related data. Partly triggered through new standards proposed by the Digital Container Shipping Association, as well as platform services, this standardization limits the capability of all stakeholders in the ecosystem to provide customer-specific services, or to contribute to customer run stand-alone systems.

Some of the new data-driven platforms and services imply the processing of vast amounts of operational data and trade documents, incl. the aggregated or de-identified use for secondary purposes, e.g. for the improvement of the quality of service providers or the promotion of ancillary services, to name just a few examples.

As a member to such platforms, Hapag-Lloyd is following the relevant data provisioning and data sharing requirements of the platform operators, and integrates the technology of such platforms into the Hapag-Lloyd services.

As such, terms and conditions of a platform may imply that we share data related to a shipment with that platform beyond the need-to-know principle, even if you are not a customer to that platform.

Regardless of the platform or service we collaborate with, we will not compromise our IT security standards, and whenever mixed data sets contain personal data, e.g. in trade documents, we will continue to adhere to the EU GDPR and/or other applicable data protection laws.

Cookies/Similar Technologies. Please refert to our Cookie Policy to learn how you we use cookies, how you can manage your cookie settings, for detailed information on the cookies we use and the intended purposes.

IP addresses. An IP address is a number that is used by computers on the network to identify your computer every time you log on to the Internet. We may record IP Addresses for the following purposes: (i) troubleshoot technical concerns, (ii) maintain website safety and security (iii) better understand how our websites are utilised, and (iv) to better tailor content to your needs depending on the country you are in.

Log Files. We (or a third party on our behalf) may collect information in the form of logs files that record website activity and gather statistics about a user’s browsing habits. These entries are generated anonymously, and help us gather (among other things) (i) a user’s browser type and operating system, (ii) information about a user’s session (such as the URL they came from, the date and time they visited our website, and which pages they've viewed on our website and for how long), and, (iii) other similar navigational or click-stream data.

Web Beacons. We may use web beacons (or clear GIFs) on the Nestlé Sites. Web beacons (also known as “web bugs”) are small strings of code that provide a method of delivering a graphic image on a web page for the purpose of transferring data back to us. The information collected via web beacons may include information about how a user responds to an email campaign (e.g. the time the email is opened, where does the user link to from the email, etc.). We use web beacon information for a variety of purposes, including, site traffic reporting, unique visitor counts, advertising and email auditing and reporting, and personalisation.

WHAT ARE COOKIES?

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to facilitate and to improve the use of our website, or work more efficiently, as well as to provide information to the owners of the site.

See below for details on what information is collected by cookies and how we use that information. For more information about the kind of data we collect, please read our Privacy Terms.

HOW AND WHY DOES HAPAG-LLOYD USE THEM?

Hapag-Lloyd uses cookies to gain a better understanding how visitors use this website. Cookies help us tailor Hapag-Lloyd websites to your personal needs, to improve their user-friendliness, gain customer satisfaction feedback on our websites (through designated partners) and to communicate to you elsewhere on the web. To enable this some cookies are applied when you enter our sites.

Hapag-Lloyd keeps all the information collected from cookies in a non–personally identifiable format. Hapag-Lloyd cookies located on your computer do not retain your name or your IP address.

We have summarized relevant information related to our use of cookies in these Privacy Terms. You may obtain additional information by reviewing this cookie information at Cookie Policy. We also provide details on our cookies in the consent management window that is automatically opened once you enter our website that use cookies.  

By using a Hapag-Lloyd Site, you accept our use of cookies and other tracking technology for the provision of the Hapag-Lloyd Site in accordance with this notice. If you do not agree to our use of cookies and other tracking technology in this way, you should set your browser settings accordingly or not use the Hapag-Lloyd Site. If you disable cookies that we use, this may impact your user experience while on the Hapag-Lloyd Site.

For cookies which require consent, we will ask for your consent via the cookie banner. You can access and adjust the cookie settings at any time.

When using a mobile device to connect to the Internet, you should also refer to the privacy notice of the specific App you are using to understand its specific data collection practices.

HOW CAN I ACCESS AND ADJUST MY COOKIE SETTINGS?

You can adjust your cookie settings related to Hapag-Lloyd Sites at any time in our Cookie Settings/Privacy Preference Center with immediate effect for the future. Furthermore, you may block cookies, change the settings of your browser add-ons.

Please ensure that your computer setting reflects whether you are happy to accept cookies or not. You can set your browser to warn you before accepting cookies, or you can simply set it to refuse them, although you may not have access to all the features of this website if you do so. See your browser 'help' button for how you can do this. You do not need to have cookies on to use or navigate through many parts of this and other Hapag-Lloyd websites. Remember that if you use different computers in different locations, you will need to ensure that each browser is adjusted to suit your cookie preferences.

To delete the cookies and all information gathered, and otherwise change your cookie settings please click the following link.

Change Cookie Settings

For useful information on cookies, see AboutCookies.org

WHICH COOKIE CATEGORIES DOES HAPAG-LLOYD USE?

Session cookies

Session cookies are temporary cookie files which are erased when you close your browser. When you restart your browser and go back to the site that created that cookie, the website will treat you as a new visitor.

Persistent cookies

Persistent cookies stay on your browser until you delete them manually or until your browser deletes them based on the duration period set within the cookie. These cookies will recognise you as a return visitor.

Cookies that send information to us (First Party cookies)

These are the cookies that we set on a Hapag-Lloyd Site and they can only be read by that site. This is known as a "First Party" cookie.We also place cookies on ads which are placed on other websites owned by third parties (e.g. Facebook). We obtain information via those cookies when you click on or interact with the advertisement. In this situation the ad is placing a “Third Party” cookie. Hapag-Lloyd may use the information obtained by these cookies to serve you with advertising that is relevant and of interest to you based on your past online behaviour.

Cookies that send information to other companies (Third Party Cookies)

These are cookies that are set on a Hapag-Lloyd Site by our partner companies (e.g. Facebook or advertisers). They may use the data collected from these cookies to anonymously target advertising to you on other websites, based on your visit to this Website. For example, if you use a social widget (e.g. the Facebook icon) on the Website, it will record your “share” or “like”. Facebook (as the company setting the cookie) will collect the data. This is known as a “Third Party’’ cookie.

Please note that third party services placing cookies or utilizing other tracking technologies through our services may have their own policies regarding how they collect and store information. Such practices are not covered by our Privacy Terms and we do not have any control over them.

Last updated: 27.06.2023

Services & Information
Online Business Suite
Career
Press
Investor Relations
Find us on
Get our News
Hapag-Lloyd Apps
App Store Google Play Store

© Hapag-Lloyd AG

Back to Top