VDR // Data privacy

Privacy policy

1. Data privacy at a glance

General information

The following information provides you with an easy-to-navigate overview of what how your personal data is handled when you visit this website. The term “personal data” comprises all data that can be used to identify you personally. For detailed information about data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

Data captured on this website

Who is the responsible party for capturing data on this website (i.e., the “controller”)?

Data captured on this website is processed by the operator of the website, whose contact information is available under “Information about the responsible party (referred to as the “controller” in the GDPR)” in this Privacy Policy.

How do we capture your data?

We collect your data when you share it with us. For instance, this may be information you enter into our contact form.

Other data is captured by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is captured automatically when you access this website.

What purposes do we use your data for?

Some information is captured to guarantee error-free operation of the website. Other data may be used to analyze your user behaviour. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for the purpose of preparing contract offers, orders or other order enquiries.

What rights do you have regarding your information?

You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data be rectified or deleted. If you have consented to the processing of your data, you have the option to revoke this consent at any time, which will take effect for all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervisiory authority.

Please do not hesitate to contact us at any time if you have questions about this or any other data privacy-related issues.

2. Hosting

We are hosting the content of our website with the following provider:

Mittwald

The provider is the Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany (hereinafter referred to as Mittwald).

For details, please view the data privacy policy of Mittwald: https://www.mittwald.de/datenschutz.

We use Mittwald on the basis of GDPR, Art. 6(1)(f). We have a legitimate interest in the most reliable rendition of our website possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of GDPR Art. 6(1)(a) and TDDDG § 25 (1) to the extent that the consent includes the storage of cookies or access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that the service provider processes personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Privacy Statement.

Whenever you use this website, a variety of personal data will be collected. Personal data comprises data that can be used to personally identify you. This Data Privacy Statement explains what data we collect, as well as the purposes we use this data for. It also explains how, and for which purpose the data is collected.

We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

Information about the responsible party (referred to as the “controller” by the GDPR)

The controller of data processing on this website is:

Verband Deutscher Reeder
Burchardstraße 24
20095 Hamburg
Phone: +49 40 – 35 09 7 – 0
E-mail: vdr@reederverband.de

The data protection officer is:
Shared IT Professional GmbH & Co. KG
Saebystr. 17a
24576 Bad Bramstedt
thilo.noack@sharedit-pro.de

The controller is the natural person or legal entity that, whether solely or jointly with others, makes decisions regarding the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons cease to apply.

General information on the legal basis for the processing of data on this website

If you have consented to the processing of your data, we process your personal data on the basis of GDPR Art. 6(1)(a) or GDPR Art. 9 (2)(a), if special categories of data are processed according to GDPR Art. 9 (1). In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on GDPR Art. 49 (1)(a). If you have consented to the storage of cookies or to access to information on your end device (e.g., via device fingerprinting), the data processing is additionally based on TDDDG § 25 (1). Your consent may be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of GDPR Art. 6(1)(b). Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of GDPR Art. 6(1)(c). Furthermore, your data may be processed on the basis of our legitimate interest according to GDPR Art. 6(1)(f). Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Recipients of personal data

Within the scope of our business activities, we cooperate with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is required as part of the fulfillment of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to GDPR Art. 6 (1)(f), or if another legal basis permits the disclosure of this data. When employing processors, we only disclose our customers’ personal data on the basis of a valid contract on data processing. In the case of joint processing, a joint processing agreement is concluded.

Revocation of your consent to the processing of data

A wide range of data processing transactions are allowable only provided you give your express consent. You may also revoke any consent you have given us at any time. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (GDPR Art. 21)

IN THE EVENT THAT DATA IS PROCESSED ON THE BASIS OF GDPR ART. 6(1)(E) OR (F), YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PRIVACY STATEMENT. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING, LEGALLY PROTECTED GROUNDS FOR THE PROCESSING OF YOUR DATA THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PURPOSE OF PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO GDPR ART. 21(1)).

IF YOUR PERSONAL DATA IS PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO GDPR ART. 21(2)).

Right to log a complaint with the competent supervisory agency

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile or place of work, or at the place where the alleged violation occurred. The right to log a complaint applies regardless of any other administrative or court proceedings available as legal recourses.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

Information about data, rectification and deletion of data

Within the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, its source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or deleted. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.

Right to demand processing restrictions

You have the right to demand the imposition of restrictions on the processing of your personal data. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

In the event that you dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is in progress, you have the right to demand that we restrict the processing of your personal data.
If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand restriction of the processing of your data instead of demanding the deletion of this data.
If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand restriction of the processing of your personal data instead of its deletion.
If you have raised an objection pursuant to GDPR Art. 21(1), your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – with the exception of its archiving – may be processed only subject to your consent, or to claim, exercise or defend legal entitlements, or to protect the rights of other natural persons or legal entities, or for important public-interest reasons cited by the European Union or a member state of the EU.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

4. Capture of data on this website

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or until they are automatically erased by your web browser.

Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services into websites (e.g., cookies for handling payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes.

Cookies required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function), or that are necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of GDPR Art. 6(1)(f) unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error-free and optimized provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (GDPR Art. 6(1)(a) and TDDDG § 25 (1)); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general, or activate the delete function for the automatic erasure of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

This privacy policy states what cookies and services are used on this website.

Consent with Borlabs Cookie

Our website uses the Borlabs consent technology to obtain your consent to the storage of certain cookies in your browser or for the use of certain technologies, as well as for their data privacy protection-compliant documentation. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).

Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. This information is not shared with the provider of the Borlabs technology.

The recorded data shall remain archived until you ask us to erase it, delete the Borlabs cookie yourself, or until the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

We use the Borlabs cookie consent technology to obtain the declarations of consent mandated by law for the use of cookies. The legal basis for the use of such cookies is GDPR Art. 6(1)(c).

Request by e-mail, telephone, or fax

When you contact us by e-mail, telephone or fax, your request, including all connected personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of GDPR Art. 6(1)(b) if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data is processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (GDPR Art. 6(1)(f)) or on the basis of your consent (GDPR Art. 6(1)(a)) if it has been obtained; the consent may be revoked at any time.

The data sent to us by you via contact requests remain with us until you request us to delete the data, revoke your consent to the storage it, or until the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

In addition to purely technical data collection via the website, VDR processes personal data from contact persons at member companies, participants in meetings, working groups and events, of speakers and partners, journalists and government contacts, and applicants. Depending on the relationship, the following data is processed: names, contact details, job titles and employer details, association membership and committee roles, correspondence and meeting notes, registrations and participation histories, billing and payment information, contractual master data, consent and objection statuses, and, in individual cases, special information such as food intolerances at events, which is collected exclusively with your consent. The purposes are the implementation and documentation of VDR’s work, the representation of interests vis-à-vis political bodies and the public administration, the organization of events and trips, the provision of information on topics relevant to the association, the administration of rights of access to internal areas, the fulfillment of legal obligations including storage and compliance, and the management of service providers. Depending on the process, processing is based on GDPR Art. 6 (1)(b) for contractual relationships, GDPR Art. 6 (1)(c) for legal obligations, and GDPR Art. 6 (1)(f) for legitimate interests in ensuring the proper functioning of VDR and effective communication with stakeholders. In the case of special categories of data, processing is carried out exclusively pursuant to the stipulations of GDPR Art. 9, usually only with express consent. The data originates primarily from the data subject themselves, as well as from public registers, publications, and legitimate information from member companies. Categories of recipients include IT and hosting service providers, shipping and printing service providers, platform and collaboration providers, event and payment service providers, and consultants, each on the basis of data processing agreements; authorities and courts only receive data if there is a legal obligation to do so. Third-country transfers only take place if the requirements of GDPR Art. 44 et seq. are met, in particular in the case of adequacy decisions or on the basis of standard contractual clauses including supplementary measures; otherwise, a transfer only takes place if you have expressly consented to it. Storage periods are based on the purpose of storage and legal requirements; Correspondence relating to the association’s work is regularly deleted once the purpose no longer exists; commercial documents after six or ten years; application data no later than six months after completion of the process, unless consent has been given for longer retention. Data subjects’ rights can be asserted against the above-mentioned responsible body; VDR makes separate reference to this in invitations, forms, and emails.

5. Social media

Instagram

We have integrated functions of the public media platform Instagram into this website. These functions are being offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If the social media element has been activated, a direct connection between your device and Instagram’s server will be established. As a result, Instagram will receive information on your visit to this website.

If you are logged into your Instagram account, you may click the Instagram button to link contents from this website to your Instagram profile. This enables Instagram to allocate your visit to this website to your user account. We have to point out that we as the provider of the website and its pages do not have any knowledge of the content of the data transferred and its use by Instagram.

The use of this service is based on your consent in accordance with GDPR Art. 6 (1)(a) and TDDDG § 25 (1). Consent may be revoked at any time.

To the extent that personal data is collected on our website with the help of the tool described here, and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for the processing of this data (GDPR Art. 26). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. Any processing by Facebook or Instagram that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.

For more information on this subject, please consult Instagram’s Data Privacy Declaration at: https://privacycenter.instagram.com/policy/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider using the following link: https://www.dataprivacyframework.gov/participant/4452.

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Any time you access a page of this website that contains elements of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to this website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn.

The use of this service is based on your consent in accordance with GDPR Art. 6 (1)(a) and TDDDG § 25 (1). Consent may be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de.

For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at: https://www.linkedin.com/legal/privacy-policy.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448.

SociableKIT

Our website may include content from external social media platforms via the SociableKIT service provided by SociableKIT, Quezon City, Philippines. When a page with such an element is accessed, a connection to SociableKIT’s servers is established; for technical reasons, usage data such as IP address, time of access, URL of the page accessed and information on the device and browser are processed in order to display the content from the linked sources and to ensure delivery. SociableKIT states in its privacy policy that it processes usage and location information and transmits information to servers in the USA; depending on the network involved, the respective platform may also carry out its own data processing as soon as you interact with the embedded content. Your data will be used only with your consent given via our consent banner and on the basis of GDPR Art. 6 para. 1 lit. a and TDDDG § 25 para. 1; you may revoke your consent at any time in the cookie settings. If the integration involves a transfer to a third country without an adequacy decision, this is based, depending on the provider, on suitable guarantees within the meaning of GDPR Art. 46, in particular standard contractual clauses, or on your consent in accordance with GDPR Art. 49 para. 1 lit. a. Further information on data processing by SociableKIT can be found in the provider’s privacy policy; information from the provider also states that SociableKIT itself does not use tracking cookies, but that integrated platforms such as Facebook or LinkedIn may use their own technologies.

6. Plug-ins and Tools

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses is forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.

Data is stored and analyzed on the basis of GDPR Art. 6(1)(f). The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of GDPR Art. 6(1)(a) and TDDDG § 25 (1), to the extent that the consent includes the storage of cookies or access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent may be revoked at any time.

For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use using the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.