Data privacy information for customers and business associates

On the following pages we will inform you about the processing of personal data in the context of business relationships with a company in our group. Furthermore, you will receive information on your rights under the EU General Data Protection Regulation (GDPR).

The data privacy information applies in general to the initiation and implementation of business relationships. What is specifically relevant in your case depends on the company contact and the subject of your interest or the contract concluded.

Who is responsible for the processing of data?

O.T.S. ASTRACON air + sea transport systems GmbH
Elly-Beinhorn-Straße 6
73760 Ostfildern
Germany
Phone: +49 7158 9094-0
E-mail: info@astracon.com

O.T.S. ASTRACON international air + sea forwarder GmbH
Konsul-Smidt-Straße 68 a
28217 Bremen
Germany
Phone: +49 421 64926-0
E-mail: infoBRE@astracon.com

Who is your contact for questions about data privacy?

HUBIT Datenschutz GmbH & Co. KG
Lise-Meitner-Str. 2
28359 Bremen
Germany
Phone: +49 421 33114300
E-mail: info@hubit.de

Which data sources do we use?

We process personal data we have received from our customers and/or interested parties as well as from our business associates.

Moreover, even publicly accessible sources (e.g. Commercial Register or Register of Associations, Land Register, Registry Office, press, media, internet, list of insolvent debtors) may be used for collection of personal data.

Personal data from other sources (e.g. German credit rating company SCHUFA) is only obtained and processed by us with your explicit consent.

Which data is processed?

In general, we process following data:

Personal master data
Company and function
Address and contact details
Business interest
Contract data / Business history
Banking details / Financial information (e.g. creditworthiness)
Billing and payment information
Control and planning data
Video surveillance CCTV (access control, warehouse)

For what purpose do we process this data?

We only process your personal data to the extent specifically necessary to answer general inquiries, initiate and execution of business relationships and possibly for advertising purposes.

The legal provisions, in particular the GDPR and the Federal Data Protection Act (BDSG), are observed. Depending on the specific subject of data processing, this is based on one of the following legal bases:

We process all personal data in compliance with the GDPR and the Federal Data Protection Act (BDSG).

Consent of data subject
Article 6(1) (a) GDPR
If you have given us your consent to process personal data (e.g. advertising / data transfer), this represents the legal basis for data processing.
Entering into and fulfilment of contracts
Article 6(1) (b) GDPR
Personal data is generally processed to initiate and fulfill a contract that you want to conclude or have concluded with us.
Legal obligation
Article 6(1) (c) GDPR
Some data processing is mandatory on the basis of a statutory or other legal regulation. This includes, for example, tax and commercial law retention obligations, reports in accordance with the Money Laundering Act and, if necessary, identity or age checks.
Legitimate interests of the controller
Article 6(1) (f) GDPR
Otherwise, we can also process personal data to protect the legitimate interests of our company or third parties, provided that these outweigh your interests as the data subject.
An overweighing legitimate interest exists in particular in these cases:

- Ensuring IT security
- Advertising by post
- Market research and opinion polls
- Assertion of legal claims or defence in the case of litigation
- Video surveillance to protect, for instance, domiciliary rights (right of access to the premises), gathering of evidence
- Further development of products and services
- Business management and statistics

E-mail addresses received as part of business relationships can be used for direct advertising for similar goods and services in accordance with § 7(3) UWG (law against unfair competition), provided that the customer was informed of this and of the right to object when the e-mail address was collected and did not object.

To whom is my data passed on?

In our company, only those people who need it as part of the internal distribution of tasks to fulfill the specific purpose, in particular contractual or legal obligations, have access to your data.

Any data transfer takes place within the framework of the legal provisions, in particular the GDPR and the BDSG. Data can be passed on in particular to:

Customs and regulatory authorities
Subcontractors / logistics partners
Banks / credit institutions
Tax advisor / economic auditor
Public offices / institutions
IT service provider (hosting, maintenance)
Lawyer/investigating authorities

Insofar as you have given us your consent to the retransfer of data, data may also be passed on to this authority.

Is data transmitted to a third country?

Data processing generally takes place on servers in the Federal Republic of Germany or in other member states of the EU or EEA. Depending on the specific order (location of customer or recipient, start and destination) inevitably a transfer to third countries also takes place.

If contractors used in the IT sector are based in a third country, they are required to comply with data protection regulations by means of EU standard contractual clauses and/or an adequacy decision by the EU Commission and, if necessary, certification (e.g. EU-U.S. Data Privacy Framework / DPF) obliged by the GDPR.

For how long will my data be stored?

Your data will be processed or stored by us for as long as is necessary to fulfill the specific purpose. Once this purpose has been fulfilled or ceased to exist, your data will generally be deleted.

The data will not be deleted if there is a legal retention obligation to the contrary, the data must be retained for the duration of a limitation period for evidentiary purposes or consent has been given for longer data storage.

What are my data (privacy) rights?

Data subjects have the right to:

Information, Article 15 GDPR
Rectification of incorrect data, Article 16 GDPR
Erasure, Article 17 GDPR
Restriction of processing, Article 18 GDPR
Data portability, Article 20 GDPR
Objection, Article 21 GDPR
Revocation consent, Article 7 GDPR
Lodging complaint at supervisory authority, Article 77 GDPR

If you have given us your express consent to data processing, you can revoke this at any time. The revocation only affects future data processing and has no influence on the lawfulness of data processing that has already taken place. In the event of a revocation, further processing of the data for the specific purpose is no longer possible.

You can object to the processing of data based on legitimate interest as the legal basis. If necessary, the specific processing is no longer permitted unless there are compelling legitimate reasons on our part to continue processing or the processing serves to assert, exercise or defend legal claims.

Right to object to direct advertising
In particular, you have the right to object to data processing for direct advertising purposes by post and/or E-Mail in accordance with § 7(3) UWG. In the event of an objection, we will no longer process your data for this purpose.

If you would like to exercise your rights, please contact us directly or our contact person for questions about data privacy (see above).

What are my obligations?

As part of a business relationship, you must provide the data necessary to carry out the contract and to fulfill legal requirements.

Without this basic data it is usually impossible to conclude and / or perform a contract. If absolutely necessary data is not provided, a concluded contract may have to be terminated and there may still be a financial claim for compensation or damages.

The information you provide must be accurate and any changes must be communicated.