Contact

Privacy policy

We, HERMES Einrichtungs Service GmbH & Co. KG (“HES”), take the protection of your privacy and personal data very seriously. We therefore attach great importance to ensuring that your data is secure and that the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR), are complied with during data processing. Furthermore, we use technical and organisational measures to ensure that your data is optimally protected against unauthorised access by third parties.

1. Personal data

Personal data – the law also speaks of personal data – is personal information that allows conclusions to be drawn about your identity as a natural person. This includes, for example, information such as name, address, telephone number or e-mail address, but also information about surfing behaviour, provided that this information can be directly or indirectly assigned to you. Data about legal entities is not personal data and does not fall within the scope of this Privacy Notice.

When you access the Hermes website, certain data is automatically recorded and temporarily stored. This is mainly technical data (e.g. Internet browser, operating system or time of page access). (For details, see section 2)

In principle, you can use the Hermes website without disclosing your personal data. However, if you log in with your Hermes user account, we can identify you based on the data provided there. If you also contact us via the Hermes website, we collect and process your personal data for the purpose of contacting you.

2. Collection of log data

2.1 Type of data and processing purposes

Every time the Hermes website is accessed, certain data from the accessing device is automatically recorded by our web servers and temporarily stored. The following data is collected:

  • IP address of the calling device
  • Browser and operating system type
  • Endpoint Type
  • Date and time of the visit (Timestamp)
  • User’s Internet Service Provider
  • Technical Request
  • Session ID
  • The subpages of our website accessed by the user
  • The website from which the respective user visits us (referrer URL)
  • Websites accessed by the user’s system through our website

This data is collected to ensure the functionality of the website. Furthermore, the data is used to ensure the security of our information technology systems. An evaluation of the data for marketing purposes or profiling does not take place in this context.

2.2 Legal basis

The legal basis for the collection and temporary storage of the data is Art. 6 (1) (f) GDPR. Our legitimate interest in data processing lies in ensuring the functionality of the website and the security of the information technology systems.

2.3 Duration of storage

The data will be anonymised as soon as it is no longer necessary to achieve the purpose for which it was collected.

3. Your HES account

Clients have the option of logging in to our website with their Hermes user account or registering for it.

3.1 Type of data and processing purposes

As part of the registration process, we process the following data that we need from you to process and provide Hermes transport services: company, title, name, department, address, telephone number, e-mail address. For certain payment methods, the account holder including bank details.

To log in we need the following data: username and password

We process this data exclusively for the purpose of providing and providing you with the services of the Hermes user account and the services of the Hermes Service. A transfer to third parties will only take place if this is necessary for the provision of Hermes services or maintenance work.

The user accounts for an employee can be created by the HES client ADMIN.

A transfer to countries outside the European Union is not planned.

Use for advertising purposes – in particular sending the Hermes newsletter – will only take place if you have expressly consented to this.

3.2 Legal basis

The legal basis for data processing in connection with the Hermes user account and the Hermes service is Art. 6 (1) (b) GDPR and, if you have given us consent for the processing of your data, Art. 6 (1) (a) GDPR.

3.3 Duration of storage

Your Hermes user account can be used by you as long as you do not delete it using the function in the user account or otherwise terminate it vis-à-vis us. After deletion of the account or after other termination of the contract, we will delete or anonymize the personal data as soon as we no longer need it for the execution of the contract. If we are legally obliged to store the data, we will first block it and only delete or anonymize it after the expiry of the statutory retention periods.

3.4 Right to rectification

You can correct your data at any time in your Hermes user account.

4. Use of Cookies and Other Technologies

4.1 Cookies

Our website uses cookies. Cookies are small text files that can be stored in the Internet browser or by the Internet browser on the User’s end device. Cookies regularly contain a characteristic string of characters that allows the browser or the end device to be uniquely identified when the website is called up again. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our offer more user-friendly, effective and secure.

Cookies that are necessary to carry out the electronic communication process or to provide certain functions desired by you (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services.

There are different types of cookies used on this website. A distinction must be made between:

  • Temporary session cookies, which are deleted periodically after you close your internet browser;
  • Functional cookies that are stored on your device by the Hermes website;

The functional cookies used by this Hermes website (first-party cookies) include temporary session cookies and permanent cookies. In the persistent cookies, the website stores information in order to remember your personal user preferences and to improve your user experience on your next visit (e.g. the language settings you have selected). In the temporary session cookies, the website stores technical information that is necessary for the functioning of the website. The storage period of these cookies depends on the periods specified in this section.

In general, you can use the cookie banner as well as your web browser to make settings that prevent the storage of cookies or the execution of analysis technologies. In addition, all cookies can be manually deleted at any time. You can also access the settings menu and change your settings at a later time via the cookie icon.

Change cookie settings

 

4.2 Website Usability

We use cookies to make the Hermes website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page has changed. Settings relating to the account can be stored in the cookies.

The legal basis for data collection and processing is Art. 6 (1) (a) GDPR, provided that you have consented to the use of cookies on the Hermes website.

The collection and processing of data for the purposes specified in this section is absolutely necessary for the operation of the Hermes website. Consequently, there is no possibility of objection on your part.

4.3 Statistics Cookies and Google Analytics

Statistics Cookies help website owners understand how visitors interact with websites

interact by collecting and reporting information anonymously.

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc, (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). The use includes the “Universal Analytics” operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices. Google Analytics uses so-called   “Cookies”, text files that are stored on your computer and enable an analysis of your use of the website.

The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event that IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet use to the website operator.

Sessions and campaigns end after a certain amount of time. By default, sessions end after 30 minutes of no activity, and campaigns end after six months. The campaign time limit can be a maximum of two years.

The legal basis for the use of Google Analytics is your consent (Article 6 (1) sentence 1 (a) GDPR). This means that you can voluntarily decide for yourself whether you want to allow this cookie or not. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser addon. Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across devices, you must opt-out on all systems you use.

For more information on terms of use and data protection, see https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=d

4.4 SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect the data from access by third parties.

4.5 Integration of third-party services and content

On the basis of our legitimate interests (interests in the optimization, analysis and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content and service offerings from third-party providers within our online offer in order to integrate their content and services. These are, for example, videos or fonts.

5. Chat/Voicebot

5.1 Chatbot

This website uses Userlike, a live chat software from the company Userlike UG (haftungsbeschränkt).

The inputs are passed to the Userlike interface:

Userlike UG (haftungsbeschränkt)Probsteigasse 44-4650670 Cologne

Website privacy policy: https://www.userlike.com/de/privacy_policy

5.2 Chat/Voicebot Feature

The chat function is used to make contact. You can use the chat like a contact form to chat with our service bot or our staff in near real-time. You can also contact the voicebot by phone, describe and clarify your concerns. If you wish, the Voicebot will forward you to employees of the responsible depot.

5.3 Type of data

  • When the chat starts, the following personal data is collected:
  • Date and time of the call
  • Browser type/version
  • IP address
  • operating system used
  • URL of the previously visited website
  • Amount of data sent
  • Content of the communication
  • Tracking number

Depending on the course of the conversation with our service bot or our employees, further personal data may be generated in the chat or conversation, which you enter/communicate. The nature of this data depends heavily on your request or the problem you are describing to us. Please only provide us with the data that is required for your request. The processing of all this data serves to provide you with a quick and efficient contact option and thus to improve our customer service.

6. Contacts

The following contact options are available via our website:

If a data subject contacts us by e-mail or chatbot, the data transmitted by the data subject will be automatically stored.

The data is stored for processing purposes or for contacting the data subject. The legal basis for the processing of the voluntarily transmitted data is Article 6 (1) (a) GDPR. If the data is processed for pre-contractual measures or in the context of contract processing with the data subject, Article 6 (1) (b) GDPR is the legal basis. The data will be stored for as long as it is needed to achieve the purpose. If statutory retention periods apply, the data will be stored for the duration of the data. If the data is required to assert or defend against legal claims, the data will be stored for this time.

7. Integration of third-party services for credit assessment purposes

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or services offered by third-party providers within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

The following content will be integrated:

Vimeo

Video platform of the provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA

Privacy Policy: https://vimeo.com/privacy

Youtube

Video platform of the provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy Policy: https://www.google.com/policies/privacy/

OpensStreetMap

Maps are integrated into the “OpenStreetMap” service, which are offered on the basis of the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF).

Privacy Policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy .

Xing

Social network of the provider XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung .

LinkedIn

Social network of the provider Ireland Unlimited Company Wilton Place, Dublin 2, Ireland Privacy Policy: https://www.linkedin.com/legal/privacy-policy.

Instagram

Social network of the provider Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland Privacy Policy: https://privacycenter.instagram.com/policy

8. Contact

On our website, you also have the option of contacting us via one of the contact forms. The data you enter in the contact form (name, e-mail address, message) will be used exclusively to process your request. Your data will not be passed on to third parties and will be deleted after 30 days, unless there are any legal retention obligations. In this context, no cookies are set and we do not collect any IP addresses or browser data of the users.

By submitting the form, you agree that we may use your data to process your request. You have the right to request information about the data we have stored about you at any time, to have it corrected or deleted. For more information on how we handle your data and your rights, please see 8 Your Rights.

9. Comparison with sanctions lists

Customers:
Furthermore, we are obliged to protect your data with personal sanctions lists / embargoes (esp. financial sanctions against listed persons) in order to provide the listed persons with non-economic resources or financial means and to ensure compliance with foreign trade law (Article 6 (1) (c) GDPR).

10. Your rights

With regard to your personal data, you are generally entitled to the following rights vis-à-vis Hermes:

Right to information (according to Article 15 GDPR)

You have the right to request information as to whether or not we are processing personal data about you. When we process personal data about you, you have the right to know:

  • why we process your data
  • what types of data we process about you
  • what type of recipients receive or are to receive data from you
  • how long we will keep your data; if it is not possible to specify the storage period, we must inform you how the storage period is determined (e.g. after expiry of statutory retention periods)
  • that you have a right to rectification and deletion of data concerning you, including the right to restriction of processing and/or the possibility to object,
  • that you have the right to lodge a complaint with a supervisory authority
  • where your data comes from, if we have not collected it directly from you
  • whether your data will be used for an automated decision and, if so, what logic the decision is based on and what impact and consequences the automated decision may have for you
  • that if data about you is transferred to a country outside the European Union, you are entitled to information as to whether and, if so, on the basis of which safeguards an adequate level of protection is ensured for the data recipient
  • that you have the right to request a copy of your personal data. Copies of data are generally made available in electronic form. The first copy is free of charge, for further copies a reasonable fee may be charged. A copy can only be provided if the rights of other persons are not affected.

Right to rectification or erasure (according to Articles 16 and 17 GDPR)

You have the right to request that we correct your data if it is incorrect and/or incomplete. This right also includes the right to be supplemented by supplementary declarations or communications. A correction and/or addition must be made without culpable hesitation.

You also have the right to request that we erase your personal data if:

  • the personal data is no longer necessary for the purposes for which they were collected and processed;
  • the data processing is carried out on the basis of a consent given by you and you have withdrawn the consent.
    (However, this does not apply if:
    • there is another legal permission for data processing;
    • you have objected to data processing for which legal permission is based on the so-called “legitimate interest” (as defined in Article 6(1)(e) or (f));
    • There are overriding legitimate grounds for further processing.)
  • you have objected to data processing for the purpose of direct marketing;
  • your personal data has been unlawfully processed;
  • it is data of a child that was collected for information society services (= electronic service) on the basis of consent (pursuant to Art. 8 para. 1 GDPR).

There is no right to erasure of personal data if:

  • the right to freedom of expression and information precludes the request for erasure;
  • the processing of personal data is necessary for compliance with a legal obligation (e.g. statutory retention obligations), for the performance of public tasks and interests under applicable law (this also includes “public health”) or for archiving and/or research purposes
  • the personal data is necessary for the establishment, exercise or defence of legal claims.

The deletion must take place immediately (without culpable hesitation). If personal data has been made public by us (e.g. on the Internet), we must ensure, within the scope of what is technically possible and reasonable, that other data processors are also informed of the request for deletion, including the deletion of links, copies and/or replications.

Right to restriction of processing (according to Article 18 GDPR)

You have the right to have the processing of your personal data restricted in the following cases:

  • If you have disputed the accuracy of your personal data, you can ask us not to use your data for any other purpose for the duration of the verification of accuracy and thus to restrict its processing.
  • In the case of unlawful data processing, you can request the restriction of data use instead of data deletion.

If you need your personal data to assert, exercise or defend legal claims, but we no longer need your personal data, you can request that we restrict the processing to the purposes of legal action.

If you have objected to data processing (Art. 21 para. 1 GDPR) and it has not yet been determined whether our interests in processing outweigh your interests, you can request that your data not be used for other purposes for the duration of the review and that their processing is thus restricted.

Personal data the processing of which has been restricted at your request may only, subject to storage,

  • with their consent,
  • to assert, exercise or defend legal claims,
  • to protect the rights of another natural or legal person, or
  • are processed for reasons of important public interest.

If a processing restriction is lifted, you will be informed in advance.

Right to data portability (according to Art. 20 GDPR)

You have the right to request the data you have provided to us in a commonly used electronic format (e.g. as a PDF or Excel document). You can also ask us to transfer this data directly to another company (designated by you) where this is technically feasible for us. The prerequisite for you to have this right is that the processing is carried out on the basis of consent or for the performance of a contract and is carried out with the help of automated processes. The exercise of the right to data portability must not affect the rights and freedoms of other persons. If you use the right to data portability, you still have the right to data deletion in accordance with Article 17 GDPR.

Right to object to certain data processing (according to Art. 21 GDPR)

If your data is processed for the performance of tasks carried out in the public interest or for the exercise of legitimate interests, you can object to this processing. To this end, you must explain to us the reasons for your objection that arise from your particular situation. These can be, for example, special family circumstances or confidentiality interests worthy of protection.

In the event of an objection, we must refrain from any further processing of your data for the aforementioned purposes, unless

  • there are compelling, protectable grounds for processing that outweigh their interests, rights and freedoms, or
  • the processing is necessary for the establishment, exercise or defence of legal claims.

You can object to the use of your data for the purpose of direct marketing at any time; this also applies to profiling, insofar as it is related to direct advertising. In the event of an objection, we may no longer use your data for the purpose of direct marketing.

Prohibition of automated decision-making/profiling (Art. 22 GDPR)

Decisions by us that result in legal consequences for you or significantly affect you must not be based solely on automated processing of personal data. This also includes profiling.

This prohibition does not apply to the extent that the automated decision

  • is necessary for the conclusion or performance of a contract with you,
  • is permitted by law, if that legislation contains appropriate measures to protect your rights and freedoms and your legitimate interests, or
  • with their express consent.

Decisions based solely on automated processing of special categories of personal data (= sensitive data) are only permissible if they are made on the basis of your explicit consent or if there is a significant public interest in the processing and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.

10.1 Exercising the rights of data subjects

To exercise the rights of data subjects, please contact the offices mentioned under 6.2. Enquiries submitted electronically are usually answered electronically. The information, communications and measures to be made available under the GDPR, including the exercise of the rights of data subjects, are generally provided free of charge. Only in the case of manifestly unfounded or excessive requests are we entitled to charge an appropriate fee for the processing or to refrain from taking action (Art. 12 (5) GDPR).

If there are reasonable doubts about your identity, we may request additional information from you for the purpose of identification. If we are unable to identify you, we are entitled to refuse to process your request. As far as possible, we will notify you separately of a lack of identification (see Art. 12 para. 6 and Art. 11 GDPR).

Requests for information and information are usually processed immediately (within one month) of receipt of the request. The deadline may be extended by a further two months if necessary, taking into account the complexity and/or the number of requests; in the event of an extension of the deadline, we will inform you of the reasons for the delay within one month of receiving your request. If we do not act on a request, we will inform you immediately within one month of receipt of the request of the reasons for this and inform you of the possibility of lodging a complaint with a supervisory authority or seeking legal remedy. (Art. 12 para. 3; 4 GDPR).

Please note that you can only exercise your rights as a data subject within the limits and limitations provided for by the Union or the Member States. (Art. 23 GDPR)

10.2 Contact

If you have any questions about the collection, processing or use of your personal data, as well as for information, corrections, deletions, processing restrictions, objections or because of the transfer of your data, please contact:

HERMES Einrichtungs Service GmbH & Co. KG
Data Protection Coordination
Albert-Schweitzer-Straße 33
D-32584 Löhne
E-mail: datenschutz-2mh@hermes-2mh.de

When making your request, please make sure to provide us with your complete contact details (first name, surname and address); this is the only way we can clearly identify you and answer your request quickly.

The data protection officer of our company is Mr. Georg Möller. The Data Protection Officer can be reached as follows:

SK-Consulting Group GmbHOsterweg 2; 32549 Bad OeynhausenE-Mail: datenschutz@sk-consulting.com

10.3 Right of appeal

You have the right to complain to a data protection supervisory authority about the processing of your personal data by Hermes.

A list of the supervisory authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

In the event of complaints, you can contact the competent supervisory authority at any time. You have the right to an effective legal remedy against a supervisory authority (Art. 78 GDPR), as well as against our company (Art. 79 GDPR).

11. Responsible body

Responsible according to Art. 4 para. 7 GDPR is

HERMES Einrichtungs Service GmbH & Co. KG

Albert-Schweitzer-Straße 3332584 Löhne

Headquarters: Löhne
Registration court: District Court Bad Oeynhausen
Registration number: HRA 10039

Managing Directors: Carsten Meinders, Michael Dildey, Viviane Reichert-Brown

VAT identification number according to § 27a UStG: DE 813 973 991

Personally liable: Verwaltungsgesellschaft HERMES Einrichtungs Service mbH, AG Hamburg HRB 79507

Contact details:

HERMES Einrichtungs Service GmbH & Co. KG
Albert-Schweizer-Straße 33
D-32584 Löhne

Phone: +49 (0)5732 103-0 (no consignment information possible)
E-mail info-2mh@hermes-2mh.de (no consignment information possible)

Sie haben Fragen?

Einfach kontaktieren