HERMES Einrichtungs Service GmbH & Co. KG („Hermes“), take the protection of your privacy and personal data very seriously. We therefore attach great importance to ensuring that your data is secure and that the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR), are complied with during data processing. Furthermore, we use technical and organizational measures to ensure that your data is optimally protected against unauthorized access by third parties.
1 Personal data
Personal data are personal information that allows conclusions to be drawn about your identity as a natural person. This includes, for example, information such as name, address, telephone number or e-mail address, but also information about surfing behavior, provided that this information can be directly or indirectly assigned to you. Data about legal entities is not personal data and does not fall within the scope of this Privacy Notice.
When you access the Hermes website, certain data is automatically recorded and temporarily stored. This is mainly technical data (e.g. Internet browser, operating system or time of page access). (For details, see section 2)
Clients have the option of logging in to our website with their Hermes user account or registering for it. If you log in with your Hermes user account, we can identify you based on the data you provide there. Furthermore, if you contact us via the Hermes website, we collect and process your personal data for the purpose of contacting us (see section 3).
2 Collection of log data
2.1 Type of data and processing purposes
Every time the Hermes website is accessed, certain data from the accessing device is automatically recorded by our web servers and temporarily stored. The following data is collected:
- IP address of the calling device
- Browser and operating system type
- Endpoint Type
- Date and time of the visit (Timestamp)
- User’s Internet Service Provider
- Technical Request
- Session ID
- The subpages of our website accessed by the user
- The website from which the respective user visits us (referrer URL)
- Websites accessed by the user’s system through our website
This data is collected to ensure the functionality of the website. Furthermore, the data is used to ensure the security of our information technology systems. An evaluation of the data for marketing purposes or profiling does not take place in this context.
2.2 Legal basis
The legal basis for the collection and temporary storage of the data is Art. 6 (1) (f) GDPR. Our legitimate interest in data processing lies in ensuring the functionality of the website and the security of the information technology systems.
2.3 Duration of storage
The data will be anonymized as soon as it is no longer necessary to achieve the purpose for which it was collected.
3 Your Hermes user account
Clients have the option of logging in to our website with their Hermes user account or registering for it.
3.1 Type of data and processing purposes
As part of the registration process, we process the following data that we need from you to process and provide Hermes transport services: company, title, name, department, address, telephone number, e-mail address. For certain payment methods, the account holder including bank details.
To log in we need the following data: username and password
We process this data exclusively for the purpose of providing and providing you with the services of the Hermes user account and the services of the Hermes Service. A transfer to third parties will only take place if this is necessary for the provision of Hermes services or maintenance work.
The user accounts for an employee can be created by the HES client ADMIN.
A transfer to countries outside the European Union is not planned.
Use for advertising purposes – in particular sending the Hermes newsletter – will only take place if you have expressly consented to this.
3.1 Legal basis
The legal basis for data processing in connection with the Hermes user account and the Hermes service is Art. 6 (1) (b) GDPR and, if you have given us consent for the processing of your data, Art. 6 (1) (a) GDPR.
3.2 Duration of Storages
Your Hermes user account can be used by you as long as you do not delete it using the function in the user account or otherwise terminate it vis-à-vis us. After deletion of the account or after other termination of the contract, we will delete or anonymize the personal data as soon as we no longer need it for the execution of the contract. If we are legally obliged to store the data, we will first block it and only delete or anonymize it after the expiry of the statutory retention periods.
3.4 Credit check for commercial clients
Art. 6 para. 1 lit. b and f GDPR is the legal basis for the disclosure of the data to the following third parties, as this is necessary to carry out pre-contractual measures and to protect our legitimate interests:
Hermes reserves the right to transmit the Client’s master data to Bürgel Wirtschaftsinformationen GmbH & Co. KG, Gasstrasse 18, 22761 Hamburg, as well as to Atradius Kreditversicherung, branch of Atradius Crédito y Caución S.A. de Seguros y Reaseguros (Spain), Opladener Straße 14, 50679 Cologne, which will provide Hermes with creditworthiness information based on mathematical-statistical methods for credit assessment purposes in the event of a legitimate interest.
4 Use of Cookies and Other Technologies
4.1 Cookies
Our website uses cookies. Cookies are small text files that can be stored in the Internet browser or by the Internet browser on the User’s end device. Cookies regularly contain a characteristic string of characters that allows the browser or the end device to be uniquely identified when the website is called up again. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our offer more user-friendly, effective and secure.
Cookies that are necessary to carry out the electronic communication process or to provide certain functions desired by you (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services.
This site does not use tracking cookies.
4.2 SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of the browser changes from „https://“ to „https://“ and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect the data from access by third parties.
5 Integration of third-party services and content
We do not use any third-party content or services on our website.
6 Your Rights
With regard to your personal data, you are generally entitled to the following rights vis-à-vis Hermes:
Right to information (according to Article 15 GDPR)
You have the right to request information as to whether or not we are processing personal data about you. When we process personal data about you, you have the right to know:
- why we process your data
- what types of data we process about you
- what type of recipients receive or are to receive data from you
- how long we will keep your data; if it is not possible to specify the storage period, we must inform you how the storage period is determined (e.g. after expiry of statutory retention periods)
- that you have a right to rectification and deletion of data concerning you, including the right to restriction of processing and/or the possibility to object,
- that you have the right to lodge a complaint with a supervisory authority
- where your data comes from, if we have not collected it directly from you
- whether your data will be used for an automated decision and, if so, what logic the decision is based on and what impact and consequences the automated decision may have for you
- that if data about you is transferred to a country outside the European Union, you are entitled to information as to whether and, if so, on the basis of which safeguards an adequate level of protection is ensured for the data recipient
- that you have the right to request a copy of your personal data. Copies of data are generally made available in electronic form. The first copy is free of charge, for further copies a reasonable fee may be charged. A copy can only be provided if the rights of other persons are not affected.
Right to rectification or erasure (according to Articles 16 and 17 GDPR)
You have the right to request that we correct your data if it is incorrect and/or incomplete. This right also includes the right to be supplemented by supplementary declarations or communications. A correction and/or addition must be made without culpable hesitation.
You also have the right to request that we erase your personal data if:
- the personal data is no longer necessary for the purposes for which they were collected and processed;
- the data processing is carried out on the basis of a consent given by you and you have withdrawn the consent.
(However, this does not apply if:
- there is another legal permission for data processing;
- you have objected to data processing for which legal permission is based on the so-called „legitimate interest“ (as defined in Article 6(1)(e) or (f));
- There are overriding legitimate grounds for further processing.)
- you have objected to data processing for the purpose of direct marketing;
- your personal data has been unlawfully processed;
- it is data of a child that was collected for information society services (= electronic service) on the basis of consent (pursuant to Art. 8 para. 1 GDPR).
There is no right to erasure of personal data if:
- the right to freedom of expression and information precludes the request for erasure;
- the processing of personal data is necessary for compliance with a legal obligation (e.g. statutory retention obligations), for the performance of public tasks and interests under applicable law (this also includes „public health“) or for archiving and/or research purposes
- the personal data is necessary for the establishment, exercise or defense of legalclaims.
The deletion must take place immediately (without culpable hesitation). If personal data has been made public by us (e.g. on the Internet), we must ensure, within the scope of what is technically possible and reasonable, that other data processors are also informed of the request for deletion, including the deletion of links, copies and/or replications.
Right to restriction of processing (according to Article 18 GDPR)
You have the right to have the processing of your personal data restricted in the following cases:
- If you have disputed the accuracy of your personal data, you can ask us not to use your data for any other purpose for the duration of the verification of accuracy and thus to restrict its processing.
- In the case of unlawful data processing, you can request the restriction of data use instead of data deletion.
If you need your personal data to assert, exercise or defend legal claims, but we no longer need your personal data, you can request that we restrict the processing to the purposes of legal action.
If you have objected to data processing (Art. 21 para. 1 GDPR) and it has not yet been determined whether our interests in processing outweigh your interests, you can request that your data not be used for other purposes for the duration of the review and that their processing is thus restricted.
Personal data the processing of which has been restricted at your request may only, subject to storage,
- with their consent,
- to assert, exercise or defend legal claims,
- to protect the rights of another natural or legal person, or
- are processed for reasons of important public interest.
If a processing restriction is lifted, you will be informed in advance.
Right to data portability (according to Art. 20 GDPR)
You have the right to request the data you have provided to us in a commonly used electronic format (e.g. as a PDF or Excel document). You can also ask us to transfer this data directly to another company (designated by you) where this is technically feasible for us. The prerequisite for you to have this right is that the processing is carried out on the basis of consent or for the performance of a contract and is carried out with the help of automated processes. The exercise of the right to data portability must not affect the rights and freedoms of other persons. If you use the right to data portability, you still have the right to data deletion in accordance with Article 17 GDPR.
Right to object to certain data processing (according to Art. 21 GDPR)
If your data is processed for the performance of tasks carried out in the public interest or for the exercise of legitimate interests, you can object to this processing. To this end, you must explain to us the reasons for your objection that arise from your particular situation. These can be, for example, special family circumstances or confidentiality interests worthy of protection.
In the event of an objection, we must refrain from any further processing of your data for the aforementioned purposes, unless
- there are compelling, protectable grounds for processing that outweigh their interests,
rights and freedoms, or
- the processing is necessary for the establishment, exercise or defense of legal claims.
You can object to the use of your data for the purpose of direct marketing at any time; this also applies to profiling, insofar as it is related to direct advertising. In the event of an objection, we may no longer use your data for the purpose of direct marketing.
Prohibition of automated decision-making/profiling (Art. 22 GDPR)
Decisions by us that result in legal consequences for you or significantly affect you must not be based solely on automated processing of personal data. This also includes profiling.
This prohibition does not apply to the extent that the automated decision
- is necessary for the conclusion or performance of a contract with you,
- is permitted by law, if that legislation contains appropriate measures to protect your rights and freedoms and your legitimate interests, or
- with their express consent.
Decisions based solely on automated processing of special categories of personal data (= sensitive data) are only permissible if they are made on the basis of your explicit consent or if there is a significant public interest in the processing and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
6.1 Exercising the rights of data subjects
To exercise the rights of data subjects, please contact the offices mentioned under 6.2. Enquiries submitted electronically are usually answered electronically. The information, communications and measures to be made available under the GDPR, including the exercise of the rights of data subjects, are generally provided free of charge. Only in the case of manifestly unfounded or excessive requests are we entitled to charge an appropriate fee for the processing or to refrain from taking action (Art. 12 (5) GDPR).
If there are reasonable doubts about your identity, we may request additional information from you for the purpose of identification. If we are unable to identify you, we are entitled to refuse to process your request. As far as possible, we will notify you separately of a lack of identification (see Art. 12 para. 6 and Art. 11 GDPR).
Requests for information and information are usually processed immediately (within one month) of receipt of the request. The deadline may be extended by a further two months if necessary, taking into account the complexity and/or the number of requests; in the event of an extension of the deadline, we will inform you of the reasons for the delay within one month of receiving your request. If we do not act on a request, we will inform you immediately within one month of receipt of the request of the reasons for this and inform you of the possibility of lodging a complaint with a supervisory authority or seeking legal remedy. (Art. 12 para. 3; 4 GDPR).
Please note that you can only exercise your rights as a data subject within the limits and limitations provided for by the Union or the Member States. (Art. 23 GDPR)
6.2 Contact
If you have any questions about the collection, processing or use of your personal data, as well as for information, corrections, deletions, processing restrictions, objections or because of the transfer of your data, please contact:
Hermes Einrichtungs Service GmbH & Co. KG
Data Protection Coordination
Albert-Schweizer-Straße 33
D-32584 Löhne
E-Mail: datenschutz-2mh@hermes-2mh.de
When making your request, please make sure to provide us with your complete contact details (first name, surname and address); this is the only way we can clearly identify you and answer your request quickly.
The data protection officer of our company is Mr. Georg Möller. The Data Protection Officer can be reached as follows:
SK-Consulting Group GmbH
Osterweg 2; 32549
Bad Oeynhausen
E-Mail: datenschutz@sk-consulting.com
6.3 Right of appeal
You have the right to complain to a data protection supervisory authority about the processing of your personal data by Hermes.
A list of the supervisory authorities and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
In the event of complaints, you can contact the competent supervisory authority at any time. You have the right to an effective legal remedy against a supervisory authority (Art. 78 GDPR), as well as against our company (Art. 79 GDPR).
7 Responsible body
Responsible according to Art. 4 para. 7 GDPR is
Hermes Einrichtungs Service GmbH & Co. KG
Albert-Schweitzer-Straße 33
32584 Löhne
Headquarters: Löhne
Registration court: District Court Bad Oeynhausen
Registration number: HRA 10039
Managing Directors: Carsten Meinders, Michael Dildey, Viviane Reichert-Brown
VAT identification number according to § 27a UStG: DE 813 973 991
Personally liable: Verwaltungsgesellschaft HERMES Einrichtungs Service mbH, AG Hamburg HRB 79507
Contact details:
Hermes Einrichtungs Service GmbH & Co. KG
Albert-Schweitzer-Straße 33
D-32584 Löhne
Phone: +49 (0)5732 103-0 (no consignment information possible)
E-Mail info-2mh@hermes-2mh.de (no consignment information possible)