On the following pages we will inform you about the processing of personal data in the context of business relationships with a company in our group. Furthermore, you will receive information on your rights under the EU General Data Protection Regulation (GDPR).
The data privacy information applies in general to the initiation and implementation of business relationships. What is specifically relevant in your case depends on the company contact and the subject of your interest or the contract concluded.
Who is responsible for the processing of data?
O.T.S. ASTRACON air + sea transport systems GmbH
Phone: +49 7158 9094-0
O.T.S. ASTRACON international air + sea forwarder GmbH
Konsul-Smidt-Straße 68 a
Phone: +49 421 64926-0
Who is your contact for questions about data privacy?
HUBIT Datenschutz GmbH & Co. KG
Phone: +49 421 33114300
Which data sources do we use?
We process personal data we have received from our customers and/or interested parties as well as from our business associates.
Moreover, even publicly accessible sources (e.g. Commercial Register or Register of Associations, Land Register, Registry Office, press, media, internet, list of insolvent debtors) may be used for collection of personal data.
Personal data from other sources (e.g. German credit rating company SCHUFA) is only obtained and processed by us with your explicit consent.
Which data is processed?
In general, we process following data:
- Personal master data
- Company and function
- Address and contact details
- Business interest
- Contract data / Business history
- Banking details / Financial information (e.g. creditworthiness)
- Billing and payment information
- Control and planning data
- Video surveillance CCTV (access control, warehouse)
For what purpose do we process this data?
We only process your personal data to the extent specifically necessary to answer general inquiries, initiate and execution of business relationships and possibly for advertising purposes.
The legal provisions, in particular the GDPR and the Federal Data Protection Act (BDSG), are observed. Depending on the specific subject of data processing, this is based on one of the following legal bases:
We process all personal data in compliance with the GDPR and the Federal Data Protection Act (BDSG).
- Consent of data subject
Article 6(1) (a) GDPR
If you have given us your consent to process personal data (e.g. advertising / data transfer), this represents the legal basis for data processing.
- Entering into and fulfilment of contracts
Article 6(1) (b) GDPR
Personal data is generally processed to initiate and fulfill a contract that you want to conclude or have concluded with us.
- Legal obligation
Article 6(1) (c) GDPR
Some data processing is mandatory on the basis of a statutory or other legal regulation. This includes, for example, tax and commercial law retention obligations, reports in accordance with the Money Laundering Act and, if necessary, identity or age checks.
- Legitimate interests of the controller
Article 6(1) (f) GDPR
Otherwise, we can also process personal data to protect the legitimate interests of our company or third parties, provided that these outweigh your interests as the data subject.
An overweighing legitimate interest exists in particular in these cases:
- Ensuring IT security
- Advertising by post
- Market research and opinion polls
- Assertion of legal claims or defence in the case of litigation
- Video surveillance to protect, for instance, domiciliary rights (right of access to the premises), gathering of evidence
- Further development of products and services
- Business management and statistics
E-mail addresses received as part of business relationships can be used for direct advertising for similar goods and services in accordance with § 7(3) UWG (law against unfair competition), provided that the customer was informed of this and of the right to object when the e-mail address was collected and did not object.
To whom is my data passed on?
In our company, only those people who need it as part of the internal distribution of tasks to fulfill the specific purpose, in particular contractual or legal obligations, have access to your data.
Any data transfer takes place within the framework of the legal provisions, in particular the GDPR and the BDSG. Data can be passed on in particular to:
- Customs and regulatory authorities
- Subcontractors / logistics partners
- Banks / credit institutions
- Tax advisor / economic auditor
- Public offices / institutions
- IT service provider (hosting, maintenance)
- Lawyer/investigating authorities
Insofar as you have given us your consent to the retransfer of data, data may also be passed on to this authority.
Is data transmitted to a third country?
Data processing generally takes place on servers in the Federal Republic of Germany or in other member states of the EU or EEA. Depending on the specific order (location of customer or recipient, start and destination) inevitably a transfer to third countries also takes place.
If contractors used in the IT sector are based in a third country, they are required to comply with data protection regulations by means of EU standard contractual clauses and/or an adequacy decision by the EU Commission and, if necessary, certification (e.g. EU-U.S. Data Privacy Framework / DPF) obliged by the GDPR.
For how long will my data be stored?
Your data will be processed or stored by us for as long as is necessary to fulfill the specific purpose. Once this purpose has been fulfilled or ceased to exist, your data will generally be deleted.
The data will not be deleted if there is a legal retention obligation to the contrary, the data must be retained for the duration of a limitation period for evidentiary purposes or consent has been given for longer data storage.
What are my data (privacy) rights?
Data subjects have the right to:
- Information, Article 15 GDPR
- Rectification of incorrect data, Article 16 GDPR
- Erasure, Article 17 GDPR
- Restriction of processing, Article 18 GDPR
- Data portability, Article 20 GDPR
- Objection, Article 21 GDPR
- Revocation consent, Article 7 GDPR
- Lodging complaint at supervisory authority, Article 77 GDPR
If you have given us your express consent to data processing, you can revoke this at any time. The revocation only affects future data processing and has no influence on the lawfulness of data processing that has already taken place. In the event of a revocation, further processing of the data for the specific purpose is no longer possible.
You can object to the processing of data based on legitimate interest as the legal basis. If necessary, the specific processing is no longer permitted unless there are compelling legitimate reasons on our part to continue processing or the processing serves to assert, exercise or defend legal claims.
Right to object to direct advertising
In particular, you have the right to object to data processing for direct advertising purposes by post and/or E-Mail in accordance with § 7(3) UWG. In the event of an objection, we will no longer process your data for this purpose.
If you would like to exercise your rights, please contact us directly or our contact person for questions about data privacy (see above).
What are my obligations?
As part of a business relationship, you must provide the data necessary to carry out the contract and to fulfill legal requirements.
Without this basic data it is usually impossible to conclude and / or perform a contract. If absolutely necessary data is not provided, a concluded contract may have to be terminated and there may still be a financial claim for compensation or damages.
The information you provide must be accurate and any changes must be communicated.
Is automated decision-making used or profiling carried out?
No, we make our decisions individually and do not create profiles.
Last updated: Feb 1, 2024