At time:matters, we are particularly committed to protecting your personal data. We wish to provide you below with comprehensive and transparent information regarding how your personal data are processed.
As a private-law company, we must comply with various legal requirements in respect of data protection. Besides the German Data Protection Act (BDSG)/European General Data Protection Regulation (GDPR) and the German Telemedia Act (TMG), we are also subject to the rules of the German Postal Service Data Protection Regulation (PDSV) and the German Postal Law (PostG). Furthermore, our data protection principles are in line with internal Lufthansa Group policies.
As a matter of principle, we only process your personal data in accordance with the applicable legal regulations. This includes processing required to establish and define the content of our contractual relationship pursuant to Art. 6(1)(b) GDPR in the case of contracts with end users or pursuant to Art. 6(1)(f) GDPR in the case of contracts with business customers and to protect our legitimate interests pursuant to Art. 6(1)(f) GDPR. A legitimate interest may also arise, for example, from internal organizational and administration purposes or the need to protect the company’s equipment, systems and assets. We also process personal data to comply with our legal obligations, e.g. in respect of retention periods and burdens of proof, pursuant to Art. 6(1)(c) GDPR. To the extent legally permissible and only to a minor degree, we process personal data for advertising purposes pursuant to Art. 6(1)(f) GDPR in conjunction with Section 7(3) of the German Act Against Unfair Competition (UWG) or if this has been consented to pursuant to Art. 6(1)(a) GDPR. Of course, the use of personal data for advertising purposes may be objected to at any time with immediate future effect. Art. 6(1)(a) and Art. 7 GDPR form the legal basis if consent is given. Of course, any consent given to data processing may be withdrawn at any time. Art. 6(1)(f) GDPR forms the legal basis for processing for the purposes of our legitimate interests. Art. 6(1)(d) GDPR forms the legal basis if processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person.
The data controller is
For further information, please refer to our Legal Notice https://www.time-matters.com/imprint.
Dr. Barbara Kirchberg-Lennartz is the controller’s appointed Data Protection Officer. For queries relating to the processing of your personal data, please do not hesitate to contact the Data Protection Officer, who can be reached via mail (FRA CY, Airportring – LAC, 60546 Frankfurt) and email (firstname.lastname@example.org).
If you have queries regarding data protection in connection with our website or the services offered, please contact:
or via email: email@example.com
If, however, your personal data must by law be stored for a longer period (statutory retention periods) or time:matters requires your personal data to enforce legal claims, time:matters shall store your personal data accordingly until the relevant retention period expires or the claims have been settled.
Personal data are specific information on personal or actual characteristics relating to a specific natural person or which can be used to identify a natural person. Examples of such data include name, address, telephone number and date of birth. Data which cannot be linked directly to a specific identity – such as analysis and statistical data (e.g. favorite websites or number of users of a site) – are not considered personal data.
Duration of processing
Your data shall be erased or blocked once the purpose for which they have been stored ceases to exist. They may also be stored due to statutory retention periods (such as Section 257 of the German Commercial Code (HGB) or Section 147 of the German Fiscal Code (AO)). If such statutory retention periods do not exist or have expired, the data shall be stored to fulfill and settle the contract and to prove correct fulfillment until liability periods expire and shall then be erased.
We collect data regarding every access to the server on which this service is located (“server log files”) based on our legitimate interests in the analysis, optimization and cost-effective operation of our online offering within the meaning of Art. 6(1)(f) GDPR. These access data include:
- Name of the website accessed
- Date and time of access
- Transferred data volume/file
- Notification of successful access
- Browser type and version
- User’s operating system
- Referrer URL (the last page visited)
- IP address
- Requesting provider
Log file information is stored for eight days for security reasons (e.g. to investigate misuse or fraud) and is then erased. Data which must be kept for longer for evidential purposes are excluded from erasure until final clarification of the respective incident.
We also process personal data in order to make this online offering available. This includes processing with the purpose of enabling us to provide marketing and security measures to the extent permissible by law and with the purpose of further expanding these. Within the context of our legitimate interest in the analysis, optimization and cost-effective operation of our online offering, we reserve the right to use your data for our own advertising purposes as well within the limits of what is legally possible.
If you do not wish to accept cookies, you may block them and refuse access to previously stored information by changing your browser settings accordingly. However, please note that you may not be able to use all of the interactive features and functions of the website if cookies are blocked or deleted.
Please be aware that opt-out cookies are also deleted and will have to be reactivated if you delete all cookies from your browser cache.
Our websites use the Matomo web analytics service. Matomo is a software provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Further information is available on the website www.matomo.org
This software is used to collect and store data for statistical analysis of website usage. Cookies are used for this purpose. The data are collected and stored for the purpose of statistical analysis of user behavior. This facilitates analysis of website usage and a user-oriented website design. Anonymous user profiles may be created from the data for this purpose. The IP addresses collected are automatically anonymized by making part of the IP address unidentifiable (IP masking). The IP address and other information in the anonymous user profile are not used to identify users and are not merged with other personal data of users. The data are collected, stored and processed on time:matters systems and are not shared with third parties.
Google is certified under the Privacy Shield Agreement and thus guarantees its compliance with European data protection legislation. Further information is available via the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
On our behalf, Google uses this information to analyze usage of our online offering by users, to compile reports on activities within this online offering and to render further services to us connected with the usage of this online offering and of the Internet. Pseudonymous usage profiles of users may be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that user IP addresses are truncated by Google within European Union member states and other states party to the Agreement on the European Economic Area. Full IP addresses are only transmitted to a Google server in the USA and truncated there in exceptional cases.
The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies being stored by adjusting their browser software appropriately; they can also prevent the data generated by the cookie and related to their usage of the online offering being collected by Google and the processing of these data by Google by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de or they can disable the cookie via consent manager here. This information is stored until your browser cache is cleared.
More information on how Google uses data and the various settings and opt-outs is available on the Google websites.
How Google uses data when you use our partners’ sites or apps: https://policies.google.com/technologies/partner-sites?hl=en
Control the information Google uses to show you ads:
The shipping customer is solely responsible for lawful collection, processing and transmission and the accuracy of customer data. For transportation processing, we may transmit your personal data to our shipping partners on the basis of the German Postal Service Data Protection Regulation (Section 5 PDSV).
If a contractual relationship is to be established between you and us, or if the content of such a relationship is to be defined or amended, time:matters processes the personal data you enter in an order or registration form or share with us in any other way (especially required contact and address details).
Such a requirement for processing exists, for example, when taking the necessary steps prior to entering into a contract, answering your questions in relation to these, providing dispatch and invoice information, and processing or providing customer feedback and support.
All mandatory information which we must collect to provide our services is easily identified for you either by means of brief notes or an asterisk (*). Non-required information is provided by you to us voluntarily so that we can offer you a solution for your assignment or request that is perfectly tailored to your needs.
Based on our legitimate interest in the integrity and security of business processes and compliance with legal provisions, we transfer your data to an external service provider for checking using a web-based ASP solution. It checks your information on our behalf, e.g. against relevant sanctions and no-fly lists. Art. 6(1)(1)(b) and (f) GDPR form the legal basis for this transfer. Our contractually bound service provider for the checks mentioned is SAPPER INSTITUT für interaktive Lernsysteme GmbH & Co. KG, Möhlenring 48, 47906 Kempen, Germany.
Based on internal processes, especially to perform concluded contracts, we or our customers themselves also share the personal contract data of our customers with the following contractually bound companies within the context of Art. 6(1)(b) GDPR. The transfer depends on the company with which the customer has concluded a contract.
- time:matters GmbH, Gutenbergstraße 6, 62363 Neu-Isenburg, Germany
- time:matters B.V., Beechavenue 30 – 50, 1117 ZS, Amsterdam Schiphol, Netherlands
- time:matters Austria GmbH, Air Cargo Center Obj. 262/11/2, 1300 Wien Flughafen, Austria
- time:matters (Asia Pacific) Pte Ltd., 390 Orchard Road, Palais Renaissance, 238871 Singapore, Singapore
- Jettainer Americas Inc., 1640 Hempstead Turnpike, East Meadow, NY 11554, USA
Internally, we identify (potential) new customers in various categories. This is based on internal evaluation standards, e.g. using the industry and size of the (potential) new customer. If we determine during this that further business relationships may develop in the future, we create a profile in our customer relationship management (CRM) system for our (potential) new customers. We use our CRM system to manage existing and new customers and also to analyze potential new customers/contacts. Data processing in relation to this covers (I) general information, such as general company information and contact details, and/or (II) more comprehensive data processing, such as records of visits and discussions, etc.
Art. 6(1)(b) GDPR forms the legal basis for the data processing of general information regarding existing and new customers in our CRM system for the performance of contracts and to take steps prior to entering into contracts. Furthermore, the legitimacy of the processing of more comprehensive information is based on Art. 6(1)(f) GDPR for the purposes of our legitimate interest. As a private company with commercial dealings on the market, we have a legitimate interest in managing and tracking our customer relationships and identifying possible improvements internally.
We only process the data until they are no longer required to meet the purpose or the data subject requests from us an erasure/blocking or withdraws their consent. The internal erasure processes are designed in such a way that any employee entrusted with data processing is obliged to regularly check the appropriateness and timeliness of the data processing and its justification.
We set up user accounts for our customers. User accounts are created using the email address provided to us. Customers generate their own login details. For this, customers receive an automated email with an activation link, an email with a summary of their data and instructions on selecting a password.
We also allow interested parties to set up a customer account with us. The registration form on our website can be used for this. We collect general contact details and payment information for our user accounts.
For registration, we process the contact details and address information for contract performance or initiation on the basis of Art. 6(1)(b) GDPR. Information can also be provided voluntarily in order to facilitate communication or accelerate subsequent booking processes (payment information, contact partner details, etc.). Art. 6(1)(f) GDPR forms the legal basis for processing optional data for the purposes of our legitimate interest in being able to contact you as quickly as possible in exceptional cases.
On Board Courier quote via airmates.eu
Interested parties can use our airmates.eu website to search online for the best quotes for personally escorted (goods) shipments.
We use the given email address to provide a personalized quote. If that price improves within 24 hours, we send another quote as a one-off. Quotes may become cheaper due to unforeseen changes or price fluctuations within the fare search system. We consider it part of the service for our interested parties to be able to offer the best price. The given email address is not used for any other purpose and is anonymized within 48 hours of being entered and only used for internal statistical purposes. Once the email address has been anonymized, it can no longer be attributed to any identified or identifiable natural person. Of course, we never use the given email address for other advertising purposes. We process the given email address on the basis of Art. 6(1)(b) GDPR in order to take steps prior to entering into a contract at the behest of the data subject.
Besides their email address, interested parties can also voluntarily provide their phone number. In this case, we may also contact the interested party by phone and are pleased to advise them based on their current search. We save the phone number for 48 hours after the last contact. If erasure is required sooner than this, please let our team know this at any time. Your phone number is then marked with a blocking flag and you are no longer contacted by us before its erasure. Alternatively, you can request the erasure via email at any time. However, due to internal processes, it may take up to two working days for the request to be implemented. Therefore, we recommend notifying our team by phone if you would like your contact details to be blocked quickly. We process the given telephone number on the basis of Art. 6(1)(b) GDPR for taking steps prior to entering into a contract at the behest of the data subject.
Data processing in relation to our On Board Couriers (airmates)
Potential couriers must first create a user profile so that the functions of airmates.eu (the website and app) can be made available to our potential On Board Couriers. The login details collected during this process are stored together with the profile. Login details must always be kept secret; shared profiles are never permitted. Login details are limited to the given email address and a password picked by the courier themselves so that we can identify them. We also record cell phone numbers to verify account users. There is also the option of receiving orders directly via SMS to a cell phone if there is no further use of the app we offer.
Users provide some personal information during the registration process. All mandatory information which we absolutely require to provide our service is easily identifiable by an asterisk (*). Information without an asterisk is provided voluntarily so that we can send couriers orders tailored to them. Of course, personal data are never used for other purposes.
During the registration process, potential couriers must verify themselves with our service provider IDnow GmbH, Auenstraße 100, 80469 Munich, Germany so that we can meet our legal and contractual obligations. A valid ID is needed for this; we never receive copies of IDs from our contractually bound partner. For further information on IDnow GmbH, the registration process and contact details, please visit: https://www.idnow.io/privacy/
We process the following data in connection with an airmates profile:
- Identity data
- Contact and/or location data
- Preferences and skill set
- Verification status
- Information on orders already completed
Art. 6(1)(b) GDPR forms the legal basis for collecting courier data as a step taken prior to entering into a contract and, following this, to perform a contract between ourselves and our couriers. Furthermore, we process the personal data of our (potential) couriers based on Art. 6(1)(c) GDPR for compliance with legal obligations.
The personal data are only processed for as long as this is necessary to fulfill the processing purpose. We reserve the right to also keep so-called blacklists based on Art. 6(1)(f) GDPR. Our legitimate interest lies in sustaining high quality standards for our services. We process the data in our blacklists for 5 years at most.
In some cases, we may put a profile on hold. We normally make this change if we cannot guarantee orders in the near future (e.g. because a lot of potential couriers have already registered for a particular region). In this case, we store the identity, contact and/or location data and process these if the order situation changes, e.g. if it becomes more likely that we will be able to assign an order or we wish to inform the data subject about the current status of their profile. Art. 6(1)(a) GDPR forms the legal basis for processing the personal data. We normally process the data for 12 months. The data subject is given the option to agree to extended data processing (extended by another 12 months) shortly before this period comes to an end.
Rating our services
When our services are rated, we process the personal data given if these have been provided to us voluntarily. These are usually the contact details of the data subject and the rating comment provided. Of course, data subjects can request of us that ratings provided are erased or their processing is restricted. Processing up to the point of the retraction remains unaffected by this.
As a company, we rely on our service ratings to continuously improve. We collect the data in the ratings given based on Art. 6(1)(b) GDPR (for following up on a contractual relationship) and Art. 6(1)(f) GDPR (for improving our services).
The data are only stored until they are no longer required to meet this purpose. In particular, we anonymize the ratings provided as quickly as possible when there is no need for a personal reference when processing the rating. If you give a personalized rating, it may be quickly anonymized internally so that we are no longer in a position to determine that we received a rating comment from you if you request such information.
- Pursuant to Art. 15 GDPR, you have the right to obtain confirmation as to whether data concerning you are being processed and to access these data as well as other information and a copy of the data
- Pursuant to Art. 16 GDPR, you have the right to have data concerning you completed and inaccurate data concerning you rectified
- Pursuant to Art. 17 GDRP, you have the right to obtain the erasure of data concerning you without undue delay or alternatively, pursuant to Art. 18 GDPR, to obtain restriction of processing of the data
- Pursuant to Art. 20 GDPR, you have the right to receive the data concerning you which you have provided to us in a structured, commonly used and machine-readable format and to request that they be transmitted to another controller
- Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the relevant supervisory authority
- Pursuant to Art. 7(3) GDPR, you have the right to withdraw consent given with effect for the future
- Pursuant to Art. 21 GDPR, you may object at any time to future processing of the data concerning you for direct marketing or profiling purposes. You may also object at any time to processing based on Art. 6(1)(e) or (f) GDPR by giving grounds relating to your particular situation.
Please note we may have to query you further if we cannot identify you on the basis of your request. In spite of our endeavors, it is not possible to process your request without the minimum required information.
Please feel free to contact us by mail (time:matters GmbH, Data Protection, Gutenbergstr. 6, 63263 Neu-Isenburg) or email (firstname.lastname@example.org).
Complete confidentiality and data security cannot be ensured at all times when communicating via the Internet (e.g. via email). Therefore, we recommend that you use a postal service if confidential information is involved.
Relevant supervisory authority
If there are data breaches, the data subject has the right to lodge a complaint with the relevant supervisory authority. The relevant supervisory authority for matters of data protection is the data protection commissioner (Landesdatenschutzbeauftragter) of the state in which our company has its registered office.
For time:matters, that is the Hessische Beauftragte für den Datenschutz und die Informationsfreiheit (Hessian Commissioner for Data Protection and Freedom of Information, www.datenschutz.hessen.de). Please click on the following link for a list of the data protection commissioners and their contact details: www.bfdi.bund.de.
Cooperation with processors and third parties
If we disclose data to other persons and companies (processors or third parties), transmit these to them or otherwise give them access to the data (e.g. via our online portal) within the scope of our processing, this takes place on the basis of legal permission (e.g. if the data must be transmitted to third parties, such as payment service providers, for the performance of a contract pursuant to Art. 6(1)(b) and (f) GDPR), if you have consented, if there is a legal requirement or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process personal data based on a “commissioned processing contract,” this is carried out on the basis of Art. 28 GDPR. We take the greatest possible care when selecting our processors and regularly verify the security concepts guaranteed to us.
External payment service providers
We use payment service providers to perform contracts on the basis of Art. 6(1)(b) GDPR. Otherwise, we use external payment service providers based on our legitimate interests pursuant to Art. 6(1)(b) GDPR in order to offer our users an effective and secure means of payment. In order to invoice for our services, your data are transferred by our IT service provider to our in-house invoicing process. Our contractual arrangements and the technical and organizational protective measures taken ensure a secure processing environment for your personal data in this regard also.
Our customers can select from various payment options. Our payment service provider (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg) offers payment by credit card and via the PayPal payment service. We never collect additional information on the credit card or PayPal account used. For more information on data protection and contact details, please visit: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
Social network integration
Of course, all of our online offerings can be accessed and used without the use of social networks. When you visit our website, the social plugin buttons are disabled by default, i.e. they do not automatically send any data to third parties. Before you can use a button, you must activate it using the consent manager first. Please note that the button will remain active until you either disable it again or delete your “cookies.” A direct connection is established with the server of the respective social network following activation. The button content is then passed directly to your browser by the social network and integrated by this into the website.
The information below provides an overview of third-party providers as well as links to their privacy policies, which contain further information on data processing and opt-outs, some of which is also mentioned here:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data is processed on the basis of an agreement on the joint processing of personal data pursuant to Art. 26 GDPR.
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
YouTube and Google+
Videos from the YouTube platform of third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
In various parts, we offer the use of the Google Maps positioning and map service through the Google Maps API.
Google Maps is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
When you use Google Maps, information concerning your visit to our website or your use of the app (including your IP address) may be transmitted to and stored on a Google server in the USA. Google may also share the information obtained through Maps with third parties where required to do so by law or where third parties process these data on Google’s behalf.
Google never associates your IP address with other Google data. Nevertheless, it may still be technically possible for Google to identify at least some users based on the data obtained. It is possible that personal data and personality profiles of website users may be processed by Google for other purposes over which we have and can have no influence.
We provide the information below to make data subjects aware of the content of our newsletter as well as the subscription, dispatch and statistical analysis procedures and their right to object to us. When interested parties subscribe to our newsletter, they agree to receive it and to the described procedures.
We only send the newsletter with the recipients’ consent and therefore on the basis of Art. 6(1)(a) GDPR. If the content of a newsletter is specifically described within the context of subscribing to the newsletter, this is authoritative for users’ consent. Otherwise, our newsletters contain information about our services and us.
All an interested party needs to provide to subscribe to the newsletter is their email address. We ask the interested party to optionally provide the recipient’s salutation, first and last names and home country so that we can address them personally in the newsletter.
A double opt-in process is used to subscribe to our newsletter. This means that interested parties receive an email after they subscribe in which they are asked to confirm their subscription. This confirmation is needed to avoid abuse of the newsletter registration process. Newsletter subscriptions are logged so that it is possible to document the subscription process in accordance with legal requirements. This includes storing the time and date of subscription and confirmation, as well as the IP address. The current status in the registration procedure is also logged by the mailing service provider.
The sending of the newsletter and success tracking linked with this are based on the recipients’ consent pursuant to Art. 6(1)(a) GDPR, Art. 7 GDPR in combination with Section 7(2)(3) UWG and on the basis of legal permission pursuant to Section 7(3) UWG. The success tracking normally does not involve processing personal data and is only used for statistical analysis. However, personal data may be processed in certain cases so that it is possible to determine why an email could not be sent.
The subscription process is logged on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest is focused on the use of a user-friendly and secure newsletter system that serves our business interests, meets user expectations and, furthermore, allows us to prove consent.
Termination/withdrawal of consent: You may unsubscribe from our newsletter at any time, i.e. withdraw your consent. You will find an unsubscribe link at the bottom of every newsletter.
Please note that your email address may automatically be placed on a blacklist (blacklist for the receipt of any further newsletters) if you object to receipt of the newsletter. This is purely in your own interest of not receiving any further undesired mailings in the future. We base this on our legitimate interest in defending legal claims pursuant to Art. 17(3)(e) GDPR, alternatively a legitimate interest in compliance with legal requirements in the market pursuant to Art. 17(3)(f) GDPR. If you wish to be removed from the blacklist as well, please let us know this explicitly. We cannot then guarantee that we will no longer contact you in the course of regular communication. You may submit an individual request for erasure at any time provided the former existence of consent is confirmed at the same time.
Press distribution list: We also offer individuals engaged in journalism the option to receive a newsletter for journalistic purposes. If you contact us to ask to be added to the press distribution list, we manually add your email address to our distribution list. We then trigger the consent process described above through our mailing service provider. If you do not respond to this email, your email address is automatically blocked after 48 hours.
Newsletter – mailing service provider
The mailing service provider may use recipients’ data in pseudonymized form, i.e. without association with any user, for optimizing or improving its own services, e.g. to technically optimize the sending and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to share the data with third parties.
In particular, these measures include safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as other access, input, disclosure and guarantee of availability and their separation in relation to them. We have also set up processes that ensure the exercise of data subjects’ rights, the erasure of data and response to threats to the data. Furthermore, we take into account the protection of personal data right from development and when selecting hardware, software and processes, in accordance with the principle of data protection through technology design and through default privacy settings (Art. 25 GDPR).
Transfers to third countries
If we process data in a third country (i.e. outside of the European Union (EU) and European Economic Area (EEA)) or carry this out in the context of the use of third-party services or disclosure or transfer of data to third parties, this is only carried out if necessary to fulfill our (pre-)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the specific requirements of Art. 44 et seq. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognized determination of a data protection level in accordance with the EU (e.g. through the “Privacy Shield” for the US) or in compliance with officially recognized special contractual obligations (known as “standard contractual clauses”).