Data Privacy Statement
In this privacy policy, we inform you which personal data we collect when you use our website and for what purpose the data is used.
1. Responsible person and contact details
The responsible party within the meaning of the data protection legislation is:
Häfen und Güterverkehr Köln AG
Am Niehler Hafen 2
50735 Cologne
Should you have questions or suggestions regarding data protection, you are welcome to contact us by e-mail at presse(at)hgk.de .
You can contact our data protection officer as follows:
Häfen und Güterverkehr Köln AG
Am Niehler Hafen 2
50735 Cologne
E-mail: datenschutz(at)hgk.de
2. Categories of data processed, purposes of processing and legal bases
2.1 Connection data (IP address, browser identification etc.)
When you access our website www.hgk.de or its sub-pages, information is automatically sent by the browser on your end device to the server of our website. This information is stored temporarily in a log file . The following information is collected without any action from you and is stored until it is automatically deleted:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of file/page accessed,
- Website from which access was made (referrer URL),
- Browser used and in some cases the operating system of your computer and the name of your access provider.
The data stated above is used by us for the following purposes:
- to ensure the problem-free establishment of a connection to the website,
- to ensure convenience in the use of the website,
- to evaluate system security and stability and
- other administrative purposes.
The legal basis for the data processing is Art. 6 Para. 1 Sentence 1 Point f GDPR. Our legitimate interest arises from the purposes listed above for data collection. Under no circumstances will we use the collected data to draw conclusions about you as a person.
Please note that in order to protect our IT infrastructure, we store the data for a period of six months. In the event of attacks on our systems, we need this data to technically analyse the attack scenarios carried out.
2.2 Cookies
We use cookies on our website. These are small files that your browser creates automatically and that are stored on your end device (laptop, tablet, smartphone etc.) when you visit our website. We only set cookies where they are either essential for the operation of the website (on the basis of our legitimate interest) or where you have previously given your consent for other categories of cookies.
The legal basis for cookies that are essential or absolutely necessary for us to provide the service you have expressly requested is Section 25 Para. 2 No. 2 Telecommunications-Telemedia Data Protection Act (TTDSG). Any use of cookies that is not technically necessary for this purpose constitutes data processing that is only permitted with an express consent from you pursuant to Section 25 Para. 1 TTDSG in conjunction with Art. 6 Para. 1 Sentence 1 a GDPR. In addition, we only pass your personal data processed by cookies to third parties if you have given your express consent to this pursuant to Art. 6 Para. 1 Sentence 1 a GDPR.
Further information about which cookies we use and how you can manage your cookie settings and deactivate certain types of tracking can be found on our ‘Cookies’ page, see link in the footer of this page.
2.3 Contact form
If you use our contact form to send requests or enquiries to us, the information you provide in the contact form, including the contact data provided there (name, surname, e-mail, message and (where relevant) company and telephone number) is stored and used by us for the purposes of processing the request and subsequent contact with you.
We collect this data on the basis of our legitimate interest pursuant to Art. 6 Para. 1 f GDPR in order to receive and process these requests.
3.Pseudonymised user profiles
3.1 Matomo reach measurement
This website uses Matomo open-source software to analyse and examine the use of our website. Using the indicators thus obtained, we can improve our offering and make it of greater interest to you as a user.
We use Matomo in two different versions. The first version does not store cookies on your end device and can be operated in compliance with data protection without user consent. Here, an anonymised ‘config_id’ is generated that is then deleted again 24 hours later. This method captures the operating system, the browser, the device type (computer, laptop, telephone), the screen resolution and the selected language in order to understand the use and navigation on our web pages. The IP address is anonymized immediately when it is collected. This analysis is in our legitimate interest as the website operator (Art. 6 Para. 1 f GDPR).
The second version of our Matomo analysis service requires the use of cookies and the consent of the website visitor. Here again, in compliance with data protection law, no data is sent to servers located outside the EU. This version is not active during your first visit to our website and is not activated until you give your consent to the associated cookie category. You can find further information about this on our Cookies page and can check and modify your individual preferences at any time.
The measures indicated above do not enable us to draw conclusions about the identity of individual visitors under any circumstances. The information is stored in our system for a period of: 24 months. You can find further information at: https://matomo.org/docs/privacy
3.2 Typefaces (Monotype web fonts)
To enable the consistent display of typefaces, this website uses the following web fonts from third parties: Monotype GmbH and/or Monotype Imaging Inc. When you access our site, your browser downloads the required web fonts to your browser cache so that texts and typefaces can be displayed consistently. We store the fonts locally on our servers. To allow the number of uses of the fonts to be counted for payments purposes, the browser you use must connect to the servers of fast.fonts.com (Monotype). The following data is transferred:
- IP address (anonymised)
- Web font project identification number
- URL of the licensed website that is linked to a customer number, so that fonts.com can identify the licence number and the licensed web fonts.
- The URL of the previously visited page
Monotype stores the anonymised IP address and project identification number of the web font in encrypted log files with such data for a period of 30 days in order to determine the number of page visits per month. Once the number of page visits has thus been determined and stored, the log files are deleted. We use Monotype in the interests of a consistent and appealing design for our online offerings. This constitutes a legitimate interest pursuant to Art. 6 Para. 1 f GDPR. If your browser does not support web fonts, a standard font from your computer is used. Addresses of the relevant web fonts providers and URLs of their data privacy statements: Monotype GmbH, Horexstraße 30, 61352 Bad Homburg, Germany (head office: Monotype Imaging Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA), https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/
4. Transferring of data
In general, your personal data is only passed on without your express prior consent in the cases listed below:
- Where it is necessary to clarify an unlawful use of our services or for its prosecution, personal data is transferred to law enforcement agencies and where relevant to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behaviour. Data may also be passed on to other parties where this serves the enforcement of terms of use or other agreements. We are additionally obliged by law to provide information to certain public bodies if so requested. These are law enforcement authorities, authorities for prosecution of administrative offences, and the tax authorities. This data is passed on the basis of our legitimate interest in combating misuse, prosecuting crimes and securing, asserting and enforcing claims and that your rights and interests in protecting your personal data do not outweigh Art. 6 Para. 1 f GDPR.
We rely on contractually linked external companies and external service providers (‘processors’) to perform the services. Personal data is passed to these processors to enable them to carry out subsequent processing. We select these processors carefully and inspect them regularly to ensure that your privacy remains protected. The processors may use this data solely for the purposes specified by us and are furthermore contractually obliged by us to treat your data solely in accordance with this data privacy statement and with German data protection law.
- To provide and maintain the website, we use an agency that in turn uses further processors to do this (in particular for hosting).
Data is disclosed to processors on the basis of Art. 28 Para. 1 GDPR, alternatively on the basis of our legitimate interest in the economic and technical advantages associated with the use of specialised processors pursuant to Art. 6 Para. 1 f GDPR and the circumstance that your rights and interests in the protection of your personal data do not prevail.
- As part of the further development of our business, the structure of Häfen und Güterverkehr Köln AG may change by changing its legal form or by founding, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information is passed on together with the part of the company that is being transferred. Whenever personal data is passed on to third parties within the scope described above, we take care to ensure that this takes place in compliance with this data privacy statement and the applicable data protection laws. Any passing on of personal data is justified by the fact that we have a legitimate interest in adapting our business form to current economic and legal conditions as necessary and your rights and interests in the protection of your personal data do not prevail, Art. 6 Para. 1 f GDPR.
5. Changes of purposes
Your personal data is processed for other reasons than those described only where legislation permits this or you have given your consent to the changed purpose of data processing. In the case of further processing for other purposes than those for which the data was originally collected, we will inform you before the further processing for these other purposes occurs and will provide all further relevant information.
6.Deletion of your data
We delete or anonymise your personal data as soon as it is no longer necessary for the purposes for which we collected or used it pursuant to the sections above. As a rule, we store the personal data you provide in connection with the use of this website – unless stated otherwise in this Data Privacy Statement – for the duration of the user relationship via the website.
Once these periods end, the data is deleted, unless it is needed for longer owing to statutory retention periods, for criminal prosecution or to secure, assert or enforce legal claims. In this case it is blocked. The data is then no longer available for further use.
7.Automated individual case decisions or profiling measures
We do not use automated processing procedures to make decisions about your person.
8.Your rights as a data subject
To assert your rights, listed below, please use the contact address given in No. 1.
8.1 Right to information
You have the right to obtain information from us at any time about the personal data concerning you that we process, by submitting an application, within the scope of Art. 15 GDPR.
8.2 Right to rectification of incorrect data
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
8.3 Right to deletion of data
You have the right, under the conditions described in Art. 17 GDPR, to request immediate deletion of personal data concerning you by us. These conditions include in particular a right to erasure where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed and in cases of unlawful processing, the presence of an objection or an obligation to erase exists under Union law or the law of the member state to which we are subject. For the period of data storage, see also Sections 5 and 6 of this Data Privacy Statement.
8.4 Right to restriction of processing
You have the right to request the restriction of processing pursuant to Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period required to verify the accuracy and in the event that the user requests restricted processing instead of deletion in the case of an existing right to deletion; furthermore, in the event that the data is no longer required for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims and if the successful exercise of an objection is still disputed between us and the user.
8.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common, machine-readable format pursuant to Art. 20 GDPR.
8.6 Right to object
You have the right, for reasons arising from your particular situation, to file an objection pursuant to Art. 21 GDPR at any time against the processing of personal data concerning you that takes place for reasons including Art. 6 Para. 1 e or f GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
8.7 Right of appeal
You also have the right to contact the responsible supervisory authority in the event of an appeal. The responsible supervisory authority is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-10
E-mail: poststelle(at)ldi.nrw.de
9. Changes to this Data Privacy Statement
The current version of this Data Privacy Statement is always available at https://www.hgk.de/datenschutz
Dated: July 2023