DATA PROTECTION NOTICE

for use from time:matters – 24.05.2018.

At time:matters, we are particularly committed to protecting your personal data. We wish to provide you below with comprehensive and transparent information regarding how your personal data are processed within our online offering and connected websites, features and content associated with it as well as external online presences such as our social media profiles (hereinafter collectively referred to as “online offering”).

As a private-law company, we must comply with various legal requirements in respect of data protection. Besides the German Data Protection Act (BDSG)/European General Data Protection Regulation (GDPR) and the German Telemedia Act (TMG), we are also subject to the rules of the German Postal Service Data Protection Regulation (PDSV) and the German Postal Law (PostG). Furthermore, our data protection principles are in line with internal Lufthansa Group policies.

As a matter of principle, we only process your personal data in accordance with the applicable legal regulations. This applies equally to processing required to establish and define the content of the contractual relationship (basic data) and processing that facilitates use of our services and offerings (usage data).

Your personal data are only then processed for other purposes if you have expressly agreed to this processing – in other words, if we have received your consent. Of course, you may withdraw your consent at any time. For any queries or requests in relation to data protection, please contact data.protection@time-matters.com directly to ensure these are dealt with promptly.

In particular, the legal basis is formed by Art. 6(1)(a) and Art. 7 GDPR when obtaining consent, Art. 6(1)(b) GDPR for processing necessary to perform our services and implement contractual measures as well as respond to requests, Art. 6(1)(c) GDPR for processing necessary to comply with our legal obligations and Art. 6(1)(f) GDPR for processing necessary for the purposes of our legitimate interests. Art. 6(1)(d) GDPR forms the legal basis if processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person.

Personal data are specific information on personal or actual characteristics relating to a specific natural person or which can be used to identify a natural person. Examples of such data include name, address, telephone number and date of birth. Data which cannot be linked directly to a specific identity – such as analysis and statistical data (e.g. favorite websites or number of users of a site) – are not considered personal data.

If a contractual relationship is to be established between you and us, or if the content of such a relationship is to be defined or amended, we use personal data from you for this provided this use is necessary for these purposes. These are usually contact and address data as well as invoicing data.

We collect and use personal data from you provided these are necessary to facilitate use of our internet offering. In particular, this includes characteristics for your identification and information regarding the period and scope of use of our website. Anonymous usage profiles are created for the purposes of advertising, market research and user-oriented design. Usage profiles cannot be merged with data pertaining to the individual behind the anonymous profile.

We collect, process and use personal data submitted to us in connection with a request for transport services or provided to make the shipping process easier in the future (e.g. customer address data). We only process these personal data in relation to the specific shipment.

The shipping customer is solely responsible for lawful collection, processing and transmission and the accuracy of customer data.

The data controller (body responsible for data protection) with regard to this online offering is time:matters GmbH, Gutenbergstr. 6, 63263 Neu-Isenburg, Germany (hereinafter also “we” or “us”). More information can be found in our Imprint https://www.time-matters.com/imprint/.

Dr Barbara Kirchberg-Lennartz is the controller’s appointed Data Protection Officer. For queries relating to the processing of your personal data, please do not hesitate to contact the Data Protection Officer, who can be reached via the contact information provided above as well as mail (FRA CY, Airportring – LAC, 60546 Frankfurt) and email (datenschutz@dlh.de).

If you have any questions about data-privacy in connection with our website or the services offered on it, please contact:

time: matters GmbH
Data protection
Gutenbergstr. 6
63263 Neu-Isenburg

or send an e-mail to:
data.protection@time-matters.com

If you contact us via e-mail, the communication is unencrypted.

Visitors and users of the online offering (hereinafter also collectively referred to as “users”) are generally the data subjects in relation to the processing of the personal data. In certain cases, we also obtain personal data in the course of providing our transport services or where these become known to us (e.g. through the use of our contact form).

We adhere to the principles of data avoidance and data minimization. Therefore, we only store personal data for as long as this is necessary to achieve the purposes set forth herein or as stipulated in the various retention periods envisaged by the legislator. Once the respective purpose ends or such periods expire, the relevant data are routinely blocked or erased in accordance with legal provisions.

When you use a contact form to contact us, the information provided is stored for the purpose of processing the request and for possible follow-up questions.

When you rate our services, we process your personal data if you have provided these to us voluntarily with a declaration of consent. Of course, you may withdraw your declaration of consent at any time.

We also process personal data in order to make this online offering available. This includes processing with the purpose of enabling us to provide marketing and security measures to the extent permissible by law and with the purpose of further expanding this.

We save and use your personal data if these have been lawfully made available to us. These are usually provided by you during a registration (e.g. when using our website) or made available through transmission from one of our clients for the execution of a contract (e.g. we are provided with address data so that we can identify shipment recipients).

Of course, your personal data are only ever shared if we are required and entitled to do so by law. During transportation processing, we may transmit your personal data (name, address, possibly email address and/or cell phone number, as well as other shipment-related data) to our shipping partners on the basis of the German Postal Service Data Protection Regulation (Section 5 PDSV).

We collect personal data from you when you avail of our service. In particular, this includes contact and address data which we absolutely require to define our contract. All mandatory information which we absolutely must collect to provide our service is easily identified for you by means of brief notes. Non-required information is provided by you to us voluntarily, along with a declaration of consent, so that we can offer you a solution for your assignment that is perfectly tailored to your needs. Of course, your personal data are never used for other purposes.

We collect data regarding every access to the server on which this service is located (“server log files”) based on our legitimate interests within the meaning of Art. 6(1)(f) GDPR. These access data include the name of the website accessed, file, date and time of access, transferred data volume, notification of successful access, browser type and version, user’s operating system, referrer URL (previously visited site), IP address and requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and is then erased. Data which must be kept for longer for evidential purposes are excluded from erasure until final clarification of the respective incident.

Our Privacy Policy expressly does not include third-party services. Therefore, the privacy policies of the respective providers apply. Of course, we ensure that our requirements in respect of data processing are always complied with where we commission third parties (our contractual partners, in other words) to process your data.

If we disclose data to other persons and companies (processors or third parties), transmit these to them or otherwise give them access to the data within the scope of our processing, this only takes place on the basis of legal permission (e.g. if the data must be transmitted to third parties, such as payment service providers, for the performance of a contract pursuant to Art. 6(1)(b) GDPR), if you have consented, if there is a legal requirement or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties to process data based on a “commissioned processing contract,” this is carried out on the basis of Art. 28 GDPR.

If we process data in a third country (i.e. outside of the European Union (EU) and European Economic Area (EEA)) or carry this out in the context of the use of third-party services or disclosure or transmission of data to third parties, this is only carried out if necessary to fulfil our (pre-)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the specific requirements of Art. 44 et seq. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognized determination of a data protection level considered adequate by the EU (e.g. through the “Privacy Shield” for the US) or in compliance with officially recognized special contractual obligations (known as “standard contractual clauses”).

In some parts, we offer the use of the “Google Maps” positioning and map service through the Google Maps API. Inc. Google Maps is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you use Google Maps, information concerning your visit to our website or your use of the app (including your IP address) may be transmitted to and stored on a Google server in the USA. Google may also share the information obtained through Maps with third parties where required to do so by law or where third parties process this data on Google’s behalf.

Google never associates your IP address with other Google data. Nevertheless, it may still be technically possible for Google to identify at least some users based on the data obtained. It is possible that personal data and personality profiles of website users may be processed by Google for other purposes over which we have and can have no influence.

The Google Privacy Policy and Google Maps Additional Terms of Service can be found at https://www.google.com/intl/de_de/help/terms_maps.html.

Your Content Goes Here

We use payment service providers to perform contracts on the basis of Art. 6(1)(b) GDPR. Otherwise, we use external payment service providers based on our legitimate interests pursuant to Art. 6(1)(b) GDPR in order to offer our users an effective and secure means of payment. In order to invoice for our services, your data are transferred by our IT service provider to our in-house invoicing process. Our contractual arrangements and the technical and organizational protective measures taken ensure a secure processing environment for your personal data in this regard also.

Our customers can select from various payment options. Our payment service provider offers payment by credit card and via the PayPal payment service. We never receive additional information on the credit card or PayPal account used.

We offer social network functionality in various parts of our website through what are known as social plugins. This also includes linking to our content on social networks.  We maintain an online presence on social networks and platforms in order to communicate there with customers, interested parties and users and inform them there about our services. Please note that we have neither knowledge about nor influence over how social networks use information provided by you and whether this information is disclosed to other websites. We recommend that you read the respective privacy information carefully. Therefore, the terms and conditions and data processing guidelines of the respective operators apply when you access their networks and platforms. Unless otherwise stated in our Privacy Policy, we process the data of users who communicate with us on social networks and platforms, e.g. post to our online pages or send us messages.

Of course, all of our online offerings can be accessed and used without the use of social networks. When you visit our website, the social plugin buttons are disabled by default, i.e. they do not automatically send any data to third parties. Before you can use a button, you must activate it (via click). Please note that the button will remain active until you either disable it again or delete your “cookies.” A direct connection is established with the server of the respective social network following activation. The button content is then passed directly to your browser by the social network and integrated by this into the website.

The information below provides an overview of third-party providers and their content, as well as links to their privacy policies, which contain further information on data processing and opt-outs, some of which is also mentioned here:

  • Videos from the “YouTube” platform of third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/
  • Information on Google, Inc.: Google is certified under the Privacy Shield Agreement and thus guarantees its compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
  • Our online offering may contain features of the Google+ service. These features are offered through third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link the content of our sites with your Google+ profile by clicking the Google+ button. This enables Google to associate the visit to our sites with your user account. Please note that as the provider of the sites we are not made aware of the content of the transmitted data or its use by Google+. Privacy policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated
  • Features of the Instagram service are integrated into our online offering. These features are offered through Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our sites with your Instagram profile by clicking the Instagram button. This enables Instagram to associate the visit to our sites with your user account. Please note that as the provider of the sites we are not made aware of the content of the transmitted data or its use by Instagram. Privacy policy: http://instagram.com/about/legal/privacy/
  • Our online offering may contain features of the Twitter service/platform (hereinafter referred to as “Twitter”). Twitter is offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Features include displaying our tweets within Twitter within our online offering, linking to our profile on Twitter and the possibility to interact with tweets and Twitter features as well as to monitor whether users are directed to our online offering via our advertising on Twitter (“conversion tracking”). Twitter is certified under the Privacy Shield Agreement and thus guarantees its compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), based on our legitimate interests (i.e. interest in the analysis, optimization and cost-effective operation of our online offering within the meaning of Section 15(3) TMG and Art. 6(1)(f) GDPR). Google uses “cookies” – text files that are stored on your computer to analyze your usage of the website. The information generated by cookies about users’ use of the online offering is usually transmitted to and stored on a Google server in the USA.

Google is certified under the Privacy Shield Agreement and thus guarantees its compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

On our behalf, Google uses this information to analyze usage of our online offering by users, to compile reports on activities within this online offering and to render further services to us connected with the usage of this online offering and of the Internet. Pseudonymous usage profiles of users may be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that user IP addresses are truncated by Google within European Union member states and other states party to the Agreement on the European Economic Area. Full IP addresses are only transmitted to a Google server in the USA and truncated there in exceptional cases.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies being stored by adjusting their browser software appropriately; they can also prevent the data generated by the cookie and related to their usage of the online offering being collected by Google and the processing of these data by Google by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

More information on how Google uses data and the various settings and opt-outs is available on the Google websites:
https://www.google.com/intl/de/policies/privacy/partners

(“How Google uses data when you use our partners’ sites or apps”),
http://www.google.com/policies/technologies/ads

(“Advertising”)
http://www.google.de/settings/ads

(“Control the information Google uses to show you ads”).

We provide the information below to make you aware of the content of our newsletter as well as the subscription, dispatch and statistical analysis procedures and your rights to object. By subscribing to our newsletter, you agree to receive it and to the described procedures.

Content of the newsletter: We only send newsletters, emails and other electronic notifications with advertising information (hereinafter “newsletter”) with the consent of the recipient or statutory permission. If the content of a newsletter is specifically described within the context of subscribing to the newsletter, this is authoritative for users’ consent. Otherwise, our newsletters contain information about our services and us.

Double opt-in and logging: A double opt-in process is used to subscribe to our newsletter. This means that you receive an email after you subscribe in which you are asked to confirm your subscription. This confirmation is needed so that nobody can subscribe using another person’s email address. Newsletter subscriptions are logged so that it is possible to document the subscription process in accordance with legal requirements. This includes storing the time and date of subscription and confirmation, as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Subscription data: All you need to provide to subscribe to the newsletter is your email address. We ask that you optionally provide your salutation, name and country so that we can personally address you in the newsletter.

The sending of the newsletter and success tracking linked with this are based on the recipients’ consent pursuant to Art. 6(1)(a), Art. 7 GDPR in combination with Section 7(2)(3) UWG and on the basis of legal permission pursuant to Section 7(3) UWG. The measurement of success usually takes place without the processing of personal data and serves only for statistical evaluation. In some cases, however, personal data may be processed in order to determine why an e-mail could not be transmitted.

The subscription process is logged on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest is focused on the use of a user-friendly and secure newsletter system that serves our business interests, meets user expectations and, furthermore, allows us to prove consent.

Termination/withdrawal of consent: You may unsubscribe from our newsletter at any time, i.e. withdraw your consent. You will find an unsubscribe link at the bottom of every newsletter. You may submit an individual request for cancellation at any time provided the former existence of consent is confirmed at the same time. As part of obtaining a renewed consent under GDPR, it is possible that you will receive a “re-opt-in” e-mail from us. If you do not agree to the further receipt of our newsletter within the given period of 30 days, we evaluate this as a revocation of your originally given consent. In that case you will not receive another newsletter from us.

Please note that your e-mail address is automatically set to a blacklist (block list to receive further newsletters) by revoking the newsletter. This is solely for your interest to receive any further, unwanted mailings in the future. We base this on a legitimate interest in the defense of legal claims under Art. 17 (3) (e) GDPR. If you also wish to be removed from the blacklist, please let us know explicitly. In this case, we cannot guarantee that you will not be contacted in the context of lawful speeches on our part.

Press releases: In addition, we offer people who work in journalism the opportunity to receive a newsletter for journalistic purposes. Should you contact us with the request to include you in the press mailing list, we will manually add your e-mail address to our mailing list. We then trigger the process described above for approval by our shipping service provider. If you do not respond to this approval e-mail, your e-mail address will be automatically blocked after 30 days.

According to Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

In particular, these measures include safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as other access, input, disclosure and guarantee of availability and their separation in relation to them. We have also set up processes that ensure exercise of data subjects’ rights, the erasure of data and response to threats to the data. Furthermore, we take into account the protection of personal data right from development and when selecting hardware, software and processes, in accordance with the principle of data protection through technology design and through default privacy settings (Art. 25 GDPR).

You have at all times the following rights, which you may assert vis-à-vis us without charge on request:

  • You have the right to obtain confirmation as to whether data concerning you are being processed and to access these data as well as other information and a copy of the data in accordance with Art. 15 GDPR
  • Pursuant to Art. 16 GDPR, you have the right to have data concerning you completed and inaccurate data concerning you rectified
  • Pursuant to Art. 17 GDRP, you have the right to obtain the erasure of data concerning you without undue delay or alternatively, pursuant to Art. 18 GDPR, to obtain restriction of processing of the data
  • You have the right to receive the data concerning you which you have provided to us pursuant to Art. 20 GDPR and to request that they be transmitted to another controller
  • Furthermore, you have the right pursuant to Art. 77 GDPR to lodge a complaint with the relevant supervisory authority
  • You have the right to withdraw consent given pursuant to Art. 7(3) GDPR with effect for the future
  • You may object at any time to future processing of the data concerning you pursuant to Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.

Please note we may have to query you further if we cannot identify you on the basis of your request. In spite of our endeavors, it is not possible to process your request without the minimum required information.

Please feel free to contact us by mail (time:matters GmbH, Abteilung Datenschutz, Gutenbergstr. 6, 63263 Neu-Isenburg) or email (data.protection@time-matters.com).

Please note that complete confidentiality and data security cannot be ensured at all times when communicating via the Internet (e.g. via email). Therefore, we recommend that you use a postal service if confidential information is involved.

If there are data breaches, the data subject has the right to lodge a complaint with the relevant supervisory authority. The relevant supervisory authority for matters of data protection is the data protection commissioner (Landesdatenschutzbeauftragte) of the state in which our company has its registered office. The following link will take you to a list of the data protection commissioners and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

We reserve the right to update these privacy provisions from time to time to take into account changes in law or extensions to the functional scope of our online offering. The date of the last update at the bottom of the Privacy Policy is amended accordingly in such cases. Therefore, we recommend that you regularly read the privacy provisions in order to remain up to date on the protection of the personal data we store.

Neu-Isenburg, 24/05/2018