Data privacy

Data privacy statement for the website

Data privacy
The Hamburg Port Authority (“HPA” or “we”) takes the protection of your personal information seriously. We would like for you to know when we collect which data and how we use the information. Technical and organisational measures have been taken to ensure that the regulations regarding data protection are adhered to both by us and by our service providers.

1. Who is responsible for handling data, and who can I contact?

The responsibility lies with:
Hamburg Port Authority Public Institution
Neuer Wandrahm 4
20457 Hamburg, Germany
Tel.: +49 40 42847-0

You can contact our data protection officer at:
Hamburg Port Authority data protection officer 
Neuer Wandrahm 4
20457 Hamburg, Germany
Tel.: +49 40 42847-0

2. General information
Each use of the Internet involves the transmission of data. Some data, such as your IP address, have to be transmitted to ensure that it is even possible for you to visit the website on a technical level. We require other data so that the website can fulfil its contractual purpose. In the following, we shall particularly explain to you which data we collect, why we process this data and which rights you have.

3. Which data are processed in the system protocol?
The following information is recorded in the website’s log data: IP address of the computer visiting the website (anonymised), authentication fields, data and time of the access, access method and content of the HTML access, and status code of the Web server, as well as information about the browser being used and the operating system of the user’s computer.

4. Use of cookies
To explain to you the use of cookies in a transparent and understandable way, we want to first explain what cookies are:

a. What are cookies?
A cookie is a small dataset which is placed on the hard drive of your device. This dataset is created by the Web server which you have used to connect to the Internet via your Web browser (e.g. Internet Explorer, Netscape Navigator). It is then sent to you and stored on your hard drive. Thanks to the use of cookies, you can be recognised the next time you visit the website.

Most browsers are currently set up to automatically accept cookies by default. However, you have the possibility to change the settings of your browser so that cookies are automatically rejected or that you have to agree to them being stored. Moreover, you can delete cookies at any time from your system (e.g. Windows Explorer).

The HPA website uses temporary session cookies, a numerical sequence to identify you (ID) during a session. These data are used, for instance, to store the font size you have chosen or forms which you have previously filled in. The session cookie is no longer effective when the Internet browser is closed, and it is automatically deleted.

5. Which sources and personal data do we use?
We process personal data which we have received from you within the scope of our business relationship. This personal data concerns: name, postal address, email address and possibly other contact data, invoice data or registration data such as your user ID and password.

6. What do we process your personal information for (purpose of processing) and based on which legal basis?
We process personal data in line with the conditions of the European General Data Protection Regulation (ER GDPR), the German Federal Data Protection Act (BDSG) and the Hamburg Data Protection Act (HmbDSG).

a. To satisfy our contractual obligations (Art. 6, Par. 1b of the EU GDPR)
The processing (Art. 2, No. 2 of the EU GDPR) of personal data serves the purpose to enable the designated use of the website and its functions. The data are required to clearly identify you as the user, to be able to contact you and to ensure the effective fulfilment of the contract.

b. Within the scope of balancing interests (Art. 6, Par. 1f of the EU GDPR)
Insofar as it is required, we process your data beyond the actual fulfilment of the contract in order to safeguard our or the legitimate interests of third parties:

  • Enforcement of legal claims and defence when it comes to legal disputes
  • Guarantee of IT security and HPA’s IT operations
  • Prevention and clarification of criminal offences
  • Measures for controlling business and the development of services or products 

c. Based on your consent (Art. 6, Par. 1a of the EU GDPR)

d. Based on legal requirements (Art. 6, Par. 1c of the EU GDPR)
Insofar as data is transmitted, which are required to fulfil our obligation to provide information. 

7. Who receives your data?
Within HPA, only those departments receive your data which are contractually and legally required to fulfil our obligations. The processers (Art. 28 of the EU GDPR) associated with HPA receive your data for the above-mentioned purposes.

Additional people who may receive your data include public offices and institutions, if a legal or official obligation exists to pass on your data.

8. How long are your data stored?
HPA stores and processes personal data for the duration of the business relationship and as long as is required to initiate or process a contract. Moreover, HPA is subject to various storage and information obligations.

The length of storage also depends on the legal periods of limitation for civil claims. These periods are, for instance, three years as a rule of thumb (according to Sec. 195ff of the German Civil Code [BGB]).

9. Which privacy right do you have?
Each person whose personal data is processed (“Data Subject”) has the right to access according to Art. 15 of the EU GDPR, to rectification according to Art. 16 of the EU GDPR, to erasure according to Art. 17 of the EU GDPR, to restriction of processing according to Art. 18 of the EU GDPR and to data portability according to Art. 20 of the EU GDPR. When it comes to access and erasure, restrictions according to §§ 34 and 35 of the BDSG apply. Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 of the EU GDPR and § 19 of the BDSG).
10. Are you obligated to provide data?
Within the scope of your use of this website, you only have to provide personal data which is required for the use of the website and the services offered. You are not obligated to provide data.

11. To what extent does an automated decision-making process exist in isolated cases?
An automated decision-making process in isolated cases does not take place in connection with this website.

12. To what extent are your data used for scoring?
An automated analysis of personal information (profiling) does not take place.

13. Adjustments to this privacy policy
In the course of the further development of this website and the implementation of new technologies, changes to this privacy policy could be required. HPA will therefore adjust this privacy policy at irregular intervals. We thus recommend that you read this privacy policy again from time to time.

14. Information on communication in the Internet
Data which is transmitted via this website is encrypted. However, this is not the case when you send emails. As a result, it is possible that your data is intercepted by unauthorised persons. Because HPA cannot currently offer a secure connection or encryption of emails, you should not take the risk of sending emails and, instead, use another form of communication in case of uncertainty. The transmission of data via email takes place explicitly at your own risk.