• Privacy Terms

Website Privacy Terms

At Hapag-Lloyd AG as well as the entire Hapag-Lloyd Group (HL) with all entities and Hapag-Lloyd agents we respect your privacy and your personal data. With this privacy policy we want to inform you about our data processing activities when

- we, as an international container shipping line, deliver products and perform services to you as, our customer or prospective customer (see section ‎8.1 Sales and Customer Services)

- you work with us as a supplier of products or as service provider (see section ‎8.2 Procurement and Suppliers)

- you visit our facilities and use our visitor services, including conference rooms, local area networking (see section ‎8.3 Visitor Services)

- you contact us online or offline (see section ‎8.4 Communication, contacting and collaboration)

- you apply for a job with us (see section 8.5 Recruitment Activities)

- we perform specific marketing activities, such as sending you our newsletter (see section ‎8.6 Marketing Campaigns (newsletters, surveys, mailings))

- you visit our website(s) and social media pages or use our mobile applications and platforms (see section 8.8 Social Plugins and 10. Processing of non-personal data)

- you are a shareholder and use our online services (see section 8.9 Online services for shareholders)

As Hapag-Lloyd AG is based in the European Union, we adhere primarily to the EU General Data Protection Regulation (GDPR) as our baseline standard globally. We also comply with stricter national and regional laws where applicable. We maintain records of our processing activities as required by Art. 30 GDPR. You will find the specific details in Section 7 for the countries that have deviating regulations.

Personal Data

a. Personal data in the meaning of Art. 4 GDPR are all information relating to an identified or identifiable natural person, e.g., name, address, phone number, email address etc. Special categories of personal data (Art. 9 GDPR) include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for uniquely identifying a person, health data, or data concerning sex life or sexual orientation. We generally do not process special category data except where legally required (e.g., disability information for accommodation purposes in recruitment) or with your explicit consent.

b. If you are conducting business with us, you may also be interested to learn how we process relevant information that does not qualify as person-identifiable information. A lot of this information forms a basis of our services (e.g., cargo information, container tracing, schedules, etc..) and is processed in a digital manner via digital tools (mobile applications, web, API portal, email notification). All these applications require login credentials (see  section 10). You can also find more information in the privacy terms of the respective tools. 

Controller

a. Responsible for the processing

In most of the cases:

      Hapag-Lloyd AG
      Ballindamm 25
      20095 Hamburg
      Germany

b. Data processing activities might occur under the responsibility of other controllers of the Hapag-Lloyd Group, particularly when you interact with local entities. In such cases, the local Hapag-Lloyd entity with which you have a direct relationship is typically the controller. Where we act as joint controllers with another Hapag-Lloyd entity, we have arrangements in place defining our respective responsibilities. You can contact any Hapag-Lloyd entity through the contact details in Section 7 to determine the relevant controller for your data.

For questions regarding the collection, processing or use of personal data relating to you; or in case of a withdrawal of an informed consent regarding the disclosure, correction, blocking or deletion of data, please contact us via:

E-Mail:  [email protected]  


or

Postal Address:

Hapag-Lloyd AG
8800 Corporate Data Protection Office
Ballindamm 25
20095 Hamburg
Germany

c. Other entities of the Hapag-Lloyd Group

For questions related to data protection in our affiliates across the world, you can find more details under section 7.

What are your rights as a data subject?

Hapag-Lloyd will process your personal data in accordance with the rights of data subjects under relevant national or international law. You have the following rights, which you may exercise by contacting our Corporate Data Protection Office:

  • a. Right of access: obtain confirmation of whether we process your personal data and access to that data;
  • b. Right to rectification and erasure (“right to be forgotten”): correct inaccurate data or request deletion where legal grounds exist;
  • c. Right to restriction of processing: request limitation of processing in certain circumstances;
  • d. Right to data portability: receive your personal data in a structured, commonly used, and machine-readable format (e.g., CSV or JSON) and transmit it to another controller where technically feasible, applicable to data processed by automated means based on consent or contract;
  • e. Under certain circumstances, right to object, unless we have compelling legitimate grounds to continue the processing that override your interests, rights, and freedoms;
  • f. File a complaint with your local supervisory data protection authority (contact details available at https://edpb.europa.eu/about-edpb/board/members_en);
  • g. Withdraw your consent at any time with effect for the future, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise your rights as a data subject, please contact our Corporate Data Protection Office. 

We shall endeavor to respond to your request within one month of receipt. If more time is necessary due to the complexity or number of requests, we may extend this by a further two months and will inform you of any such extension within one month of receiving your request, together with the reasons for the delay. To allow us to verify your request, we might request proof of identification.

For more information on how we process your data when you contact us, see section ‎8.4.

In addition to us sharing your personal data with other entities of the Hapag-Lloyd group, we may share your personal data with the following recipients. Where recipients process personal data on our behalf as processors, we have entered into data processing agreements pursuant to Art. 28 GDPR ensuring they provide appropriate technical and organizational security measures and process data only on our documented instructions:

  • agents operating on behalf of Hapag-Lloyd, and other affiliated entities;
  • third parties (consignee, notify party, freight forwarder);
  • supply and service providers, (e.g., sub-contractors such as trucking companies, terminals, and depots), IT service provider and platform/hosting providers, consultants;
  • supervisory authorities.

We only share your personal data with these recipients when it is necessary in accordance with the purpose of processing as described in more detail below under the respective processing activities.

We also may process and disclose your personal data if we determine that, due to legal requirements, law enforcement, litigation and/or requests from public and governmental authorities, or other issues of public importance, the disclosure and processing of your personal data is necessary and appropriate. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also communicate the breach to you without undue delay. These legal requirements (Art. 6 (1) GDPR) include, but are not limited to the following situations:

  • for the purpose of preventing fraud, illicit trafficking, investigating and reporting criminal offences (security screening background checks);
  • for auditing purposes;
  • to perform security checks at the terminal;
  • to perform custom’s declaration.

Your personal data may be transferred to and/or accessible globally by other Hapag-Lloyd entities and unaffiliated service providers, including in countries outside of the European Economic Area (EEA) in which the level of data protection may not be as high as within the EEA. For example, we regularly transfer data to our operations in the United States, China, India, Singapore, and other locations where we maintain offices or engage service providers.

We comply with applicable legal requirements and provide an adequate level of data protection regardless of where the data are transferred or accessed. For transfers of personal data outside the EEA, we rely on appropriate international data transfer mechanisms and safeguards such as: (a) European Commission adequacy decisions (Art. 45 GDPR) for countries recognized as providing adequate protection; (b) Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46 GDPR); (c) Binding Corporate Rules for intra-group transfers; or (d) where applicable, your explicit consent for specific transfers. We conduct transfer impact assessments where required to ensure the effectiveness of transfer safeguards. More information on transfer mechanisms is published here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en. You may request copies of the safeguards we use by contacting our Corporate Data Protection Office.

We will retain personal data for the period reasonably necessary to fulfill the purposes outlined in this Website Privacy Policy unless a longer retention period is required or permitted by law . Specific retention periods include: (a) Customer and sales data: 10 years from contract termination to comply with commercial and tax law obligations; (b) Supplier data: 10 years from contract termination; (c) Communication records: 3 years from last contact; (d) Visitor logs: 90 days unless required for legal claims; (e) Marketing data: until consent is withdrawn or 3 years of inactivity; (f) Recruitment data: as specified in section 8.5. Where we rely on legitimate interests, we will retain data only as long as necessary for those interests and reassess retention annually.

We use a variety of technical and organizational measures to help to protect your personal data from unauthorized access, loss, use, disclosure, alteration, destruction or fraudulent behavior in line with applicable data protection laws. These measures include: (a) encryption of personal data in transit and at rest using industry-standard protocols; (b) role-based access controls and authentication mechanisms limiting access to personal data on a need-to-know basis; (c) regular security assessments, penetration testing, and vulnerability management; (d) pseudonymization and anonymization where appropriate; (e) secure backup and disaster recovery procedures; (f) employee training on data protection and security; (g) incident response procedures; (h) physical security measures at our facilities. The Hapag-Lloyd AG is ISO 27001/certified, demonstrating our commitment to international information security and privacy standards.

We work with a number of external partners and have taken contractual steps to ensure that all external service providers comply with the relevant IT security standards, including but not limited to the requirements of the GDPR.

We do not process personal data relating to children and minors under the age of 16 years, unless we are legally obliged to do so. We implement the following safeguards to prevent inadvertent collection: (a) our services are designed and marketed for business-to-business use and are not directed at children; (b) our online forms include age confirmation requirements where appropriate; (c) our recruitment processes verify age during the application process; (d) visitor management systems verify identification. If we become aware that data were transferred to us or collected by us relating to children and minors under the age of 16 years without the informed consent of a parent or legal guardian, we will delete such personal data without any undue delay and within 30 days of becoming aware.

In the following, we list the contacts of our local Data Protection Officers that are based at affiliates of Hapag-Lloyd AG. Please be aware that some jurisdictions may use a different terminology for the data protection function. Such nomenclature may include, inter alias: Data Information Officer; Information Officer, Information Security Officer, Privacy Officer, Grievance Officer etc.

Hapag-Lloyd AG as a headquartered company in the European Union complies globally with the GDPR but in Brazil as well with the Lei Geral de Proteção de Dados (LGPD - Law No. 13,709/2018). We guarantee you all rights under GDPR as well as LGPD. Under LGPD, we process your personal data based on legal bases including consent, contractual necessity, legitimate interest, legal obligation, and others specified in Art. 7 LGPD. For sensitive personal data, we rely on specific consent or other legal bases under Art. 11 LGPD. We maintain a data protection officer (encarregado) whose contact details are provided below.

Non-discrimination:
You will never be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.

Right to withdraw consent:
You have always the right to withdraw your consent if the data processing based on your consent with immediate effect for the future. Upon receipt of your message, we will delete your data unless we are legally obliged or authorized to retain personal data relating to you. Please send your revocation notice to the address of our Data Protection Officer in Brazil.

For further information you can contact our Data Protection Officer:
Ms. Gizely Horsth
Email:   [email protected]
Telephone: +55 11 3306-9000

Right to contact Data Protection Authority:
You have the right to complain about Hapag-Lloyd. You can find the contact to the responsible supervisory authority here:
ANPD – Autoridade Nacional de Proteção de Dados
ANPD’s website: ANPD — Português (Brasil) (www.gov.br)

Assigned Data Protection Officer (DPO)

DPO Statement (PT, 249.7 KB, 1 Page)
DPO Statement (EN, 250.6 KB, 1 Page)

Hapag-Lloyd AG is headquartered in the European Union and complies globally with the EU General Data Protection Regulation as a minimum standard. For California residents, we also comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023. Insofar, we invite you to carefully read all sections above in order to familiarize yourself with these minimum standards. You should particularly study the section on the rights of data subject as both regulations overlap in terms of these rights.

You may contact us either using the dedicated mail address and/or phone number:
Toll Free number: 1-833-Privacy (833-774-9229)
E-Mail: [email protected]

or you may contact us either using the contact information mentioned in section 7 or via our offices based in California:

Hapag-Lloyd (America) LLC
555 East Ocean Blvd
Suite 300
LONG BEACH, CA 90802
USA
Phone +1 888 513-2180

Hapag-Lloyd (America) LLC
180 Grand Rand Avenue, Suite 1535
OAKLAND, CA 94612
USA
Phone +1 510 286 1940

Specifically for the data access request, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Under CPRA, you also have the right to request correction of inaccurate personal information, the right to limit use and disclosure of sensitive personal information, and the right to opt-out of sharing of personal information for cross-context behavioral advertising.

Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
       sales, identifying the personal information categories that each category of recipient purchased; and
       disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you our services.
  • Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of our services.
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.

The CCPA is very specific about the “sale” or "sharing" of personal information. In our industry this is a particularly difficult aspect of data processing and it is connected to the international transfer and disclosure of personal information. If we ship cargo, we must process personal information in order to provide you with our service. As such, we may have to share such information with third parties, e.g. consignees, public authorities or other partners in the logistics supply chain.

These third parties may use such information for their own, legitimate business purposes, and the Hapag-Lloyd AG may not be in the position that we can control the use of such personal information by a third party. Under CCPA/CPRA, we do not "sell" personal information for monetary consideration, nor do we "share" it for cross-context behavioral advertising purposes.

As stated before, we do not intend to discriminate anybody on the basis of the CCPA/CPRA, but please bear in mind that we may not be permitted, for regulatory reasons, to provide you with our service if you partly or fully object to the processing of personal information relating to you.

Please also consider that personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994, is not subject to the CCPA.

We value and honor your right to privacy, and we will always carefully assess how we can protect your personal information to the highest attainable standards.

Additional China Information

This Additional China Privacy Statement (the “China Privacy Statement) sets forth Hapag-Lloyd AG, and its group of companies. ("Hapag-Lloyd", "we", "us" and "our") disclosure obligations under Personal Information Protection Law of the People's Republic of China (“PIPL”). This China Privacy Statement provides the additional details regarding the information defined as „personal information” under PIPL further referred to as “Personal Information.”

To the extent Hapag-Lloyd processes any Personal Information subject to PIPL, Hapag-Lloyd will process such Personal Information in accordance with PIPL and any other applicable privacy related Chinese laws and regulations incorporated in PIPL by reference.

1. Our Legal Basis for Processing Personal Information

Hapag-Lloyd will process Personal Information in accordance with the principles of legality, legitimacy, necessity, and good faith. To the extent you voluntarily provide us with your Personal Information, we will process such information for the purposes for which it was provided to Hapag-Lloyd as set forth in the Hapag-Lloyd Privacy Statements. You are free not to provide Hapag-Lloyd with your Personal Information and can withdraw your consent at any time in the manner prescribed in the Contact Us Section of this China Privacy Statement. Where legally required (and where no other legal basis for processing exists), we will obtain your consent before processing your Personal Information. For example, if we want to process your sensitive Personal Information, or to process your Personal Information for a new purpose for which no other legal basis for processing exists, we will obtain your consent including separate consent or written consent as required by PIPL and related administrative regulations. If we process your Personal Information beyond the scope of this China Privacy Statement, we will separately explain the purpose, method, and scope of such processing to you through mechanisms such as page tips, interactive processes, website announcements, etc., and obtain any additional consents as required by PIPL. Hapag-Lloyd may process your Personal Information without your consent, under any of the following circumstances:

  • Where it is necessary for the conclusion or performance of a contract to which you are a party, or for the implementation of human resources management in accordance with the labor rules and regulations formulated in accordance with the law and the collective contract concluded in accordance with PIPL.
  • Where it is necessary for the performance of statutory duties or statutory obligations.
  • Where it is necessary for the response to a public health emergency or for the protection of the life, health and property safety of a natural person.
  • Where it is necessary to process the Personal Information disclosed by you or other Personal Information that has been legally disclosed within a reasonable scope in accordance with the provisions of PIPL.
  • Other circumstances stipulated by laws and administrative regulations.

2. How We Share Your Personal Information

Hapag-Lloyd will only share your Personal Information if we have obtained your separate consent as required by PIPL or in circumstances where your consent is not required according to laws and regulations.

3. Cross-Border Transfers of Personal Information

In principle, your Personal Information will be processed within the territory of the People's Republic of China. However, as a global company, Personal Information may be provided to our parent company Hapag-Lloyd AG in Germany, subsidiaries and/or affiliates including those established outside the territory of the People's Republic of China, to achieve global management of Hapag-Lloyd, to conduct jointly managed activities, and for internal business analysis and planning. We may also transfer your Personal Information to personal information processors and entrusted persons (e.g., service providers) located outside the territory of the People's Republic of China. Before conducting cross-border transfers, we conduct security assessments as required by PIPL and implement necessary measures required by law including entering into standard contractual clauses with the overseas recipient to stipulate the rights and obligations between us and ensuring the foreign receiving party provides adequate protection for the Personal Information under applicable laws. For certain types of transfers, we may also undergo security assessments by Chinese authorities as required by PIPL. We will separately obtain your consent and provide detailed information about the cross-border transfer of your Personal Information, as required by PIPL. You can contact us through the contact information listed below or in the Hapag-Lloyd Privacy Policy.

4. Your Privacy Rights

Under PIPL, you have the following rights:

  • Right to be informed: You have the right to know the processing of your Personal Information.
  • Right to access and copy: You can request access to your Personal Information or obtain a copy of your Personal Information.
  • Right to delete: You can request the deletion of your Personal Information in certain circumstances (for example when you withdraw your consent, or the purpose of Personal Information processing has been achieved, it is impossible to achieve such purpose, or it is no longer necessary to achieve such purpose).
  • Right to transfer: You can transfer your Personal Information to a personal information processor designated by you when it meets the conditions stipulated by the authorities.
  • Right to make decisions, restrict and refuse: You can make decisions on the processing of your Personal Information, and restrict or refuse HAPAG-LLOYD to process your Personal Information.
  • Right to withdraw your consent: Where processing of your Personal Information is based on your consent, you can withdraw your consent at any time. Please understand that each service needs some basic Personal Information to be processed. After you withdraw your consent, HAPAG-LLOYD will not process the relevant Personal Information, and cannot provide you with the corresponding services as a result. However, withdrawal of consent by you will not affect the previous Personal Information processing based on your authorization.
  • Right to make corrections / supplements: You have the right to request rectification or supplement of relevant information if you discover that your personal information is incorrect or incomplete.
  • Right to deactivate an account: You can request the deactivation of an account whenever any deletion condition is met — including e.g. whenever the consent is withdrawn or the service is no longer needed.

You can exercise the above rights by contacting us as explained in the Contact Us section. We will respond to your request with reasonable explanation within the time limit specified by PIPL or inform you of the alternate ways on resolving the issue or request.

We will not be able to respond to your request under the following circumstances:

  • Related to our compliance with obligations under the laws and regulations.
  • Directly related to national security or defense security.
  • Directly related to public security, public health or major public interests.
  • Directly related to criminal investigations, prosecutions, trials and enforcement of court decisions, etc.
  • Where we have sufficient proof that you have subjective malice or abuse of rights.
  • For the purpose of safeguarding your life, property and other important legal rights and interests or those of other individuals but it is difficult to obtain consent.
  • Responding to your request will cause serious harm to your legitimate rights and interests, or those of other individuals or organizations.
  • Involving trade secrets.

5. How We Collect and Use Your Personal Information.

For specific purposes and methods of processing, please refer to ‘8. Processing Details’ in the privacy policy. In China, as defined by the laws and standards in effect in China, the personal information we collect from customers in the course of performing our business only includes the basic information of the customer's company legal representative, financial and business contacts, and the consignee and consignor, including name, email address, phone number, company name and address, and does not involve sensitive personal information. We will fulfil the corresponding legal obligations based on the above.

 

6. Contact Us

If you have any questions or concerns regarding Hapag-Lloyd Privacy Statements, including this China Privacy Statement, you may write to us at  [email protected]   or at [email protected] or by mail to: 

Hapag-Lloyd Aktiengesellschaft
Corporate Data Protection
Ballindamm 25
20095 Hamburg
Germany

Hapag-Lloyd AG is headquartered in the European Union and complies globally with the EU General Data Protection Regulation (GDPR) as a minimum standard. For entities and individuals in South Africa, the Protection of Personal Information Act 4 of 2013 (POPIA) applies to Hapag-Lloyd entities based in South Africa ("Hapag-Lloyd SA"). You should particularly study this section as it relates to POPIA requirements, which came into full effect on July 1, 2021:

  • Personal data that is protected in South Africa includes the personal information of existing legal (juristic) persons such as companies, where applicable.
  • Any reference to personal data in the privacy terms shall have the same meaning as “personal information” defined under POPIA.

For further information please contact our Information Officer (as required under POPIA) in South Africa at: [contact details to be inserted]. You also have the right to lodge a complaint with the South African Information Regulator at: https://www.justice.gov.za/inforeg/

Dubai International Financial Center (DIFC)

Hapag-Lloyd AG, headquartered in the European Union, adheres to the General Data Protection Regulation (GDPR). In the Dubai International Financial Centre (DIFC), operating as an independent jurisdiction under the United Arab Emirates (UAE), the company abides by the Data Protection Law DIFC Law No. 5 of 2020 (‘DIFC DP Law’), which is closely aligned with GDPR. For data subjects outside the DIFC in the UAE, local UAE data protection regulations may also apply. We assure you of all rights granted under both GDPR and the DIFC DP Law.

Your Rights as Data Subject:

Under the DIFC DP Law you are entitled to the same rights as outlined in the GDPR and that are mentioned in Section 1 above.

Non-Discrimination:

In accordance with Article 39 of the DIFC DP Law, you will not be discriminated for exercising your rights, unless for justified reasons that are applicable to all individuals.

Contact Information:

For questions regarding the collection, processing or use of personal data relating to you or in the event of a complaint, please contact Hapag-Lloyd Corporate Data Protection Officer in the first instance via:

Email:  [email protected]

Postal Address:

Hapag-Lloyd AG
8800 Corporate Data Protection Office
Ballindamm 25
20095 Hamburg
Germany

Alternatively, if you wish to file a complaint against Hapag-Lloyd, you can contact the DIFC Commissioner of Data Protection’s Office at:

Dubai International Financial Centre Authority
Level 14, The Gate Building
+971 4 362 2222
[email protected]

Hapag-Lloyd AG, headquartered in the European Union, adheres to the General Data Protection Regulation (GDPR). For individuals located in Chile, we additionally comply with the Chilean data protection framework, including the still‑in‑force Law No. 19.628 on the Protection of Private Life and the modernized Law No. 21.719 on Personal Data Protection, published on 13 December 2024 and entering fully into force on 1 December 2026. This newer law aligns closely with GDPR standards and introduces enhanced transparency obligations, expanded data subject rights, stricter security duties, and the creation of a dedicated supervisory authority — the Agencia de Protección de Datos Personales (APDP).

We assure you of all rights granted under both GDPR and the Chilean data protection laws.

Your Rights as Data Subject

Under Chilean data protection law you hold the following rights, which mirror GDPR and are explicitly guaranteed under Law 21.719:

  • Right of Access
  • Right to Rectification
  • Right to Suppression (Deletion)
  • Right to Opposition
  • Right to Portability
  • Right to Blocking

These rights are expressly established and detailed in the new Chilean law governing personal data protection.

Additionally, Chilean law requires entities to implement internal procedures enabling data subjects to exercise their rights effectively.

Non‑Discrimination

In accordance with the principles of Chile’s Personal Data Protection Law, you will not be subject to discrimination for exercising your data protection rights.
 The legal framework mandates respect for privacy and the protection of personal data as constitutional rights, ensuring individuals may exercise their rights without adverse treatment.

Contact Information

For questions regarding the collection, processing, or use of your personal data, or in the event of a complaint, please contact Hapag‑Lloyd’s Corporate Data Protection Officer in the first instance:

Email:

[email protected]

Postal Address:

Hapag-Lloyd AG
8800 Corporate Data Protection Office
Ballindamm 25
20095 Hamburg
Germany

Supervisory Authority in Chile

If you wish to file a complaint regarding Hapag‑Lloyd’s processing of your personal data, you may contact the Agencia de Protección de Datos Personales (APDP) — Chile’s supervisory authority established under Law 21.719.
While operational activities of the APDP commence fully in December 2026, it is the designated authority under the new legal regime.

Hapag-Lloyd AG, headquartered in the European Union, adheres to the General Data Protection Regulation (GDPR). For individuals located in India, we additionally comply with India’s comprehensive data protection framework: the Digital Personal Data Protection Act, 2023 (DPDP Act) — in force since 11 August 2023 — and the Digital Personal Data Protection Rules, 2025, notified on 14 November 2025. These together create India’s first unified, rights‑based system governing the collection, processing, storage and transfer of digital personal data, and establish the Data Protection Board of India as the national supervisory authority.

The DPDP framework emphasizes consent, purpose limitation, transparency, accountability, security safeguards, and strict timelines for grievance handling and breach notification, with phased full implementation concluding by mid‑May 2027.

Your Rights as Data Subject

Under the DPDP Act, individuals (“Data Principals”) have the following statutory rights:

  • Right to access information about personal data processed.
  • Right to correction and erasure of personal data.
  • Right to grievance redressal via mandated internal mechanisms.
  • Right to nominate another person to exercise these rights in case of death or incapacity.

Consent notices in India must be clear, itemized, and provided in simple language, and individuals must be able to withdraw consent easily.

The DPDP Rules also introduce a mandatory 90‑day deadline for responding to grievances.

Non‑Discrimination

You will not be discriminated against for exercising your rights under the DPDP Act.
 India’s privacy regime is grounded in the constitutional protection of privacy as a fundamental right, affirmed by the Supreme Court in the K.S. Puttaswamy judgment (2017), which forms the legal foundation for the DPDP Act.

Contact Information

For questions regarding the collection, processing, or use of personal data relating to you, or in the event of a complaint, please contact Hapag‑Lloyd’s Corporate Data Protection Officer:

Email:

[email protected]

Postal Address:

Hapag-Lloyd AG
8800 Corporate Data Protection Office
Ballindamm 25
20095 Hamburg
Germany

Supervisory Authority in India

If you wish to file a complaint about Hapag‑Lloyd’s processing of your personal data, you may contact the Data Protection Board of India (DPB) — India’s statutory data protection authority established under the DPDP Act and operationalized under the DPDP Rules 2025.

Hapag-Lloyd AG, headquartered in the European Union, adheres to the General Data Protection Regulation (GDPR). For individuals located in Nigeria, we additionally comply with the Nigeria Data Protection Act, 2023 (NDPA), signed into law on 12 June 2023, which establishes Nigeria’s first comprehensive data protection framework. The NDPA is further operationalized by the General Application and Implementation Directive (GAID) 2025, effective 19 September 2025, replacing the former NDPR regime.

The NDPA protects the personal data of individuals in Nigeria, sets lawful bases for processing, defines organizational obligations, and creates Nigeria’s national supervisory authority — the Nigeria Data Protection Commission (NDPC) — responsible for regulating compliance and enforcing data protection rules.

Your Rights as Data Subject

Under the NDPA, individuals have legally enforceable rights, including:

  • Right of access to personal data processed.
  • Right to rectification of incorrect or incomplete personal data.
  • Right to erasure (“right to be forgotten”) under specific conditions.
  • Right to data portability, allowing transfer of personal data to another provider.
  • Right to object to certain processing activities.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with the Nigeria Data Protection Commission.

These rights apply to all data subjects whose personal data is processed in Nigeria, including situations where the controller or processor is located outside Nigeria but targets Nigerian individuals.

Non‑Discrimination

You will not be discriminated against for exercising your rights under Nigerian law.
 The GAID emphasizes that data protection in Nigeria is grounded in the constitutional right to privacy, ensuring that individuals’ rights may only be limited under specific constitutional or treaty‑based exceptions.

Contact Information

For questions regarding the collection, processing, or use of your personal data, or in the event of a complaint, please contact the Hapag‑Lloyd Corporate Data Protection Officer:

Email:

[email protected]

Postal Address:

Hapag-Lloyd AG
8800 Corporate Data Protection Office
Ballindamm 25
20095 Hamburg
Germany

Supervisory Authority in Nigeria

If you wish to file a complaint regarding Hapag‑Lloyd’s handling of your personal data, you may contact the Nigeria Data Protection Commission (NDPC) — the national data protection authority established under the NDPA, responsible for regulation, enforcement, and investigation of complaints.

Official contact information is maintained and published by the NDPC on its website and accompanying regulatory communications.

Hapag-Lloyd AG, headquartered in the European Union, adheres to the General Data Protection Regulation (GDPR). For individuals located in Türkiye, we additionally comply with the country’s comprehensive data protection framework: the Personal Data Protection Law No. 6698 (KVKK), which has been in force since 7 April 2016, supplemented by multiple implementing regulations and updated significantly through 2024 and 2025 amendments, including new rules for cross‑border transfers and VERBİS obligations.

Türkiye’s data protection authority — the Kişisel Verileri Koruma Kurumu (KVKK Authority) — oversees enforcement, investigates breaches, imposes administrative fines, and issues regulatory guidance, including recent 2025 cross‑border transfer rules and standard contractual clause (SCC) notification obligations.

Your Rights as Data Subject

Under the KVKK, individuals have a set of rights similar to GDPR. These include:

  • Right to be informed about processing activities.
  • Right of access to personal data.
  • Right to request rectification of inaccurate data.
  • Right to request deletion or anonymization of data under legally permitted conditions.
  • Right to object to processing under certain circumstances.
  • Right to data portability
  • Right to lodge a complaint before the Personal Data Protection Authority.

These rights apply to anyone whose personal data is processed in Turkey, including when processing is performed by foreign organizations targeting Turkish residents.

Non‑Discrimination

You will not be discriminated against for exercising your rights under Turkish law.
 Turkey’s Constitution guarantees the right to protection of personal data, ensuring that individuals can exercise their legal rights (access, rectification, deletion, information) freely and without adverse treatment.

Contact Information

For questions regarding the collection, processing, or use of your personal data, or in case of a complaint, please contact Hapag‑Lloyd’s Corporate Data Protection Officer:

Email:

[email protected]

Postal Address:

Hapag-Lloyd AG
 8800 Corporate Data Protection Office
 Ballindamm 25
 20095 Hamburg
 Germany

Supervisory Authority in Turkey

If you wish to file a complaint regarding Hapag‑Lloyd’s processing of your personal data, you may contact the Kişisel Verileri Koruma Kurumu (KVKK Authority) — Turkey’s independent national data protection regulator established under Law No. 6698.

The Authority oversees compliance, manages the VERBİS registry, reviews cross‑border transfer notifications, and enforces data protection rules. Official contact information is published by the KVKK Authority on its website and regulatory communications.

For information regarding further countries please check the local pages:

8.1 Sales, Customer Services, and Operations

The shipping process and the entire customer journey often requires the processing of personal data:  e.g., to obtain quotes, to schedule and book your transport, to submit the necessary shipping documentation, to track your transport, to file your custom declaration and clear customs, but also for invoicing and payments. HL is authorized to use customer data for product and service development, among others. The processing of personal data may be necessary both prior to the conclusion of a contractual agreement (e.g., in order to provide you with a quotation) and during the implementation of a contract with you (e.g., shipping details). Notably, we often process personal data that do not relate to our direct (pre-) contractual partner, but to a third person (such as a consignee, an employee of a consignee or a notified party). 

Personal data, which is processed to provide you or another third party with our services, only to the extent an identifiable person can be linked to such content, may include but is not limited to:

  • Individual and business contact information for communication (see for more details section ‎8.4) or registration (such as name, company name, physical address, email address, and telephone or fax number) - necessary to communicate with parties involved in the shipment, deliver services, and fulfill contractual obligations
  • Shipping information (such as (i) shipping-related contact details like the shipper's and consignee's name, physical address, email address and telephone number, (ii) signature for proof of delivery, (iii) information given to us that helps us access locations to which we provide service), (iv) booking number, (v) customer’s bill of lading, (vi) customer’s container number (vii) and other information provided to us regarding the content of certain shipments - necessary to execute the transport contract, provide tracking services, and comply with customs and regulatory requirements
  • Information that enables us to verify an individual's identity (incl. passport data or drivers’ licenses) - necessary for security screening, customs clearance, terminal access control, and compliance with international shipping and security regulations (ISPS Code, customs laws)
  • Names, email addresses, identity information and telephone numbers of third persons to whom we are asked to send information or shipments.
  • Payment information and financial information (such as bank account numbers) - necessary to process payments, issue invoices, manage accounts receivable, and fulfill contractual payment obligations
  • Tax-identification number in circumstances in which you request services for which this information is required.
  • Other personal information that may be provided to us to obtain a Hapag-Lloyd service, such as records of our communication (see for more details section 8. D).
  • Location data: When we pick up or deliver a shipment or provide other services, we may obtain physical location data. This includes, for example, data identifying the actual location of a physical address using information such as GPS data, geocodes, latitude and longitude information, and images of the various locations - necessary for route optimization, proof of delivery, accurate service provision, and real-time tracking services requested by customers
  • Login information and credentials when using our Web Applications and Platforms and further information is available in the respective section of these Privacy Terms (see  section 10).

Subjects:

Direct contractual party but also third person (consignee, employee of a consignee or a notified party).

Recipients

  • Internally:
    • The departments or Hapag-Lloyd entities you cooperate with or provide services to
    • The departments involved in procuring, executing or terminating the service provision
  • Externally:
    • Hosting/portals/information service providers that are used in international logistics to facilitate the exchange of information locally (e.g. port community systems) or internationally as instructed by the shipper / contract party, in order to facilitate the provision of our services or in order to provide such information to portals
    • Partners to provide you with the best possible service (e.g., sub-contractors such as trucking companies, terminals, and depots)
    • Payment providers
    • Certain shipment-related data will be provided to the authorities of the country of transit or destination for customs and tax clearance or for security screening, as required by the laws of the respective country
    • Third parties (consignee)
    • Other subcontractors who process personal data on our behalf
    • Authorities (see section ‎3)

Transfers to third countries are possible (see section ‎3). 

Retention

See section ‎4.

Legal basis:

  • To perform a contract with our customers (Art. 6 (1) (b) GDPR)
    • Processing activities during the term of the contractual relationship Including processing activities necessary for the initiation of a contractual relationship (e.g., you ask for a quotation), or you ask information about our services, and you provide your information voluntarily to us and activities post-termination.
  • Legitimate interest (Art. 6 (1) (f) GDPR):
     We have conducted a legitimate interest assessment and determined that the following processing activities are necessary for our legitimate interests, which are not overridden by your interests, rights, or freedoms:
    • To communicate with you, to the extent that an ongoing business relationship with you or your employer already exists, You will have the opportunity to unsubscribe. 
    • if you are a party to a shipment but not our direct contractual partner (consignee) 
    • When we exchange information with third parties, such as portals and information service providers that facilitate the exchange of information in logistics and serve as data brokers to ancillary services, we do so based on our legitimate interest in providing efficient, modern logistics services. Our legitimate interest assessment has determined that: (i) such data sharing is necessary to enable real-time tracking, automated customs clearance, and coordination across the supply chain; (ii) you reasonably expect such sharing as part of international shipping services; (iii) we implement appropriate safeguards including contractual data protection requirements with all platforms; and (iv) you retain the right to object to such processing. We make a detailed assessment for each platform relationship to identify the legitimate interest, determine that the processing is necessary to achieve it, and balance it against individual interests, rights and freedoms.
    • To enforce legal claims, including debt collection and defense in the event of legal disputes
    • To perform customs declaration

Please be also aware that we may not be able, for regulatory reasons, to provide you with our services if you partly or fully disagree with the processing of personal data relating to you.

  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2)

Please note that for processing of personal data on consignees, employees of consignees or other third parties involved in a shipment, provided by the shipper/contract party to Hapag-Lloyd, it is the responsibility of the shipper/contract party to ensure that the provision of data is compliant with applicable data protection laws, including obtaining necessary consents and providing required privacy notices. By providing such data to us, you represent and warrant that you have the legal basis to do so and that you have fulfilled all transparency obligations toward those individuals. If you are unsure about your obligations, please contact our Corporate Data Protection Office for guidance.

8.2 Procurement and Suppliers

Purpose/information

With regard to the cooperation with our suppliers and service providers (from terminal services, to supply of spare parts and offices services, or Information Technology services), we might collect personal information. In general, we only process information about the company but it might also include personal information of the contact person.

Personal data, which is processed, and only to the extent an identifiable person can be linked to such content, may include but is not limited to:

  • Individual and business contact information (such as name, company name, physical address, email address, and telephone or fax number)
  • Payment information and financial information (such as bank-account numbers)
  • Other personal information, such as records of our communication (see section ‎8.4).
  • Login information and credentials when using tools to improve collaboration, and further information is available in the respective section of these Privacy Terms (see  section 10). 

Subjects

Direct contractual parties (suppliers, service providers)

Recipients

  • Internally
    • The departments or Hapag-Lloyd entities you cooperate with or provide services to
    • The departments involved in procuring, executing, or terminating the service provision
  • Externally
    • Hosting/portals/information service providers
    • Other subcontractors who process personal data on our behalf
    • Authorities (see section ‎2) 

Transfers to third countries are possible (see section‎3).

Retention

See section ‎4.

Legal basis

  • To fulfil the contract between the parties (Art. 6 (1) (b) GDPR)
  • Legitimate interest (Art. 6 (1) (f) GDPR): 
    • To the extent necessary for the initiation of a contractual relationship and you provide your information voluntarily  to us
    • To communicate with you, to the extent that an ongoing business relationship with you or your employer already existso To enforce legal claims, including debt collection and defense in the event of legal disputes
    • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2).

8.3 Visitor Services

Purpose/information

We use the personal data of individuals who visit our offices and facilities especially for visitor management. This might include the following personal data related to your identity (name, job title, email address, phone number, picture, copy of identification document, visit information (time and date of visit, location information within our facilities and access logs from card readers in case they are used), online identifiers in case of use of our visitor Wifi. For certain types of visitors or in certain circumstances, we might also collect training information or certificates for security reasons or as legally required. Visuals might be captured via video surveillance equipment (CCTV).

Subjects

Any individual entering our buildings and facilities.

Recipients

  • Internally
    • The departments or Hapag-Lloyd entities you visit
    • The departments involved in providing visitor services
  • Externally
    • Authorized third parties and service providers (e.g., who provide security services)
    • Authorities (see section ‎2)Transfers to third countries are possible (see section ‎3).

Transfers to third countries are possible (see section ‎3).

Retention

See section ‎4. 

Legal Basis

  • Legitimate interest (art. 6 (1) (f) GDPR):

    • To confirm your identity and fulfil visitor management
    • To exercise, establish of defend our legal rights or duties
    • For security reasons: to protect your safety and of other people but also your belongings, our building, facilities, and assets
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2).

8.4 Communication, Collaboration, and Contacting

Purpose/information

When you contact us (e.g., by email or by phone), to request information about our services or when we exchange information, we use your personal data to document the communication, answer your requests, improve the quality of our services and other business-related purposes. For telephone call recordings, we will inform you at the beginning of the call and obtain your explicit consent before recording. You may decline to be recorded, though this may limit our ability to document the conversation for quality and dispute resolution purposes. Your consent is documented in our systems, and you may withdraw consent at any time by contacting our Corporate Data Protection Office, though this will not affect the lawfulness of processing based on consent before withdrawal.

Personal data might include name, email, phone number, address, preferred language, your position, correspondence, voice recording, or other information submitted during the conversation and communication.

Subjects

All individuals with whom we communicate, collaborate, and/or contact us.

Recipients

  • Internally
    • The departments or Hapag-Lloyd entities you communicate or collaborate with or whom you contact
    • The departments involved in communicating, collaboration or contacting
  • Externally
    • Hosting/portals/ information service providers
    • Shipping service providers (for postal services)
    • Other subcontractors who process personal data on our behalf
    • Authorities (see section 4).

Transfers to third countries are possible (see section ‎3). 

Retention

See section ‎4. 

Legal Basis

  • To fulfil our contractual obligations, in relation to our customers and suppliers, service providers (art. 6 (1) (b) GDPR)
  • In case of telephone recordings: consent (art. 6 (1) (a) GDPR)
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2).
  • Legitimate interest (art. 6 (1) (f) GDPR): 
    • To process your requests and inquiries
    • For internal verification 
    • To improve the quality of our services
    • To exercise, establish of defend our legal rights or duties

8.5 Recruitment Activities

If you apply to one of our open positions published in our careers site, by sending us contact details and CV via the relevant application for or through any other means provided by us (e.g., social media), we will collect your personal data as applicant. We may also use retargeting mechanisms for recruitment activities (see section ‎8.6).

To check the suitability of applicants, we carry out aptitude tests for occupational groups. These tests deal with various areas of knowledge and serve as a performance test to better assess the previous knowledge and certain skills of the applicants, they are adapted to the respective position of the applicants. Tests are conducted pseudonymously and only Hapag-Lloyd is able to match the results to the applicants. We use automated processing, including CV parsing, to extract and structure information from application documents. However, no solely automated decisions (without human involvement) are made that produce legal effects or similarly significantly affect you. All hiring decisions involve meaningful human review and assessment. You have the right to obtain human intervention, express your point of view, and contest any decision where automated processing is used. For the purpose of carrying out the application process, registration for the talent pool as well as the initiation of an employment relationship, we process your data required.

You can provide the following information as part of your application to us:

  • Individual contact information for communication (such as name, company name, physical address, email address, and telephone or fax number)
  • Contact details (name, e-mail address, postal address, telephone number)
  • CV data
    • school education
    • vocational training
    • professional experience
    • language skills
  • Publicly accessible social profiles (e.g. XING, LinkedIn, Facebook)
  • Documents related to applications (application photos, cover letters, certificates, work certificates, work samples, etc.)
  • Documents and test responses and results related to assessments online and offline.

Subjects

Applicants.

Recipients

  • Internally 
    • The departments or Hapag-Lloyd entities you apply for
    • The departments involved in the recruitment process
  • Externally
    • Hosting/portals/ information service providers
    • Online assessment service providers (pseudonymized)
    • Shipping service providers (for postal services)
    • Other subcontractors who process personal data on our behalf
    • Authorities (see section 4).

Transfers to third countries are possible (see section ‎3).

Retention

Your data will be stored for the duration of the application process and in accordance with legitimate retention periods after completion of the application process. In case of a rejection, the data will be kept for 6 months after the final hiring decision to enable us to respond to inquiries and defend against potential legal claims. After the retention period has expired, the data is securely deleted or anonymized. If you consent to join our talent pool, we will retain your data for up to 2 years or until you withdraw consent, whichever comes first. If you are hired, your application data will be transferred to your employee file and retained according to employment record retention policies. If the processing is based on consent or legitimate interest, your data will be deleted after withdrawal of consent or legitimate objection.

Legal Basis

  • carrying out the application procedure and the initiation of an employment relationship (Art. 6 (1) (b) GDPR)
  • Consent (art. 6 (1) (a) GDPR) - obtained through clear affirmative action (e.g., ticking an opt-in box, clicking a confirmation link) and documented in our applicant management system. You may withdraw consent at any time by contacting [email protected] or using the unsubscribe link in the communications. Withdrawal will not affect processing already carried out based on your consent:
    • Subscribe to notifications via newsletter or RSS feed of new vacancies on the Careers Board:
    • Invite to Talent Pool following an unsuccessful application or by clicking the Contact Us button to be contacted for similar or otherwise suitable job openings.
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2).
  • Legitimate interest (art. 6 (1) (f) GDPR): 
    • use of the applicant management system
    • process and analyze documents you have uploaded in order to extract CV-data and convert them into a structured form (so-called "CV parsing").
    • To improve the quality of our services
    • To exercise, establish of defend our legal rights or duties

8.6 Marketing Campaigns (E.g., Newsletters, Surveys, Mailings, Retargeting)

Purpose/information

If you subscribe to one of our newsletters or direct marketing communications, we might process the following personal data: individual and business-contact information (such as name, company name, physical address, email address, and telephone or fax number), content and preferences related to marketing communication, cookie and browser related information. We obtain your consent through clear opt-in mechanisms (such as subscription forms with separate consent checkboxes, double opt-in confirmation emails). Your consent is time-stamped and recorded in our marketing systems. If you subscribe to one of our newsletters we offer you the option to define in a preference center what you are most interested in.

You may choose to unsubscribe at any time from such marketing communications by following the opt-out options as described in the respective marketing communication or cookies. When unsubscribed, you will not receive further direct marketing from us.

Marketing communications can be done through different channels (emails, postal letters, social media, etc.). 

We also send out mailings to our customers and business partners to take part in promotional activities, including events, to provide updates our services etc. In this context, we might process the following personal data: individual and business-contact information (such as name, company name, physical address, email address, and telephone or fax number),  and browser related information. 

When you participate in one of our surveys (e.g., about our services, events we organize), including non-anonymous surveys, we might process the following personal data: your name, your contact details, your answers, as well as details how you connected to the survey website, including data and time when you were connected.

Subjects

Customers, potential customers, vendors, other business partners, employees, press, other stakeholders

Recipients

  • Internally 
    • The departments or Hapag-Lloyd entities providing or facilitating the marketing communication
    • The departments involved in procuring, executing, or terminating the marketing service provision
  • Externally
    • Hosting/portals/information service providers
    • postal service providerso Other subcontractors who process personal data on our behalf
    • Authorities (see section ‎2).

Transfers to third countries are possible (see section ‎3).

Retention

See section ‎4. 

Legal Basis

  • In case of non-anonymous surveys and certain marketing communications to (potential) customers, vendors, employees, business partners and stakeholders: consent (art. 6 (1) (a) GDPR)
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2)
  • Legitimate interest (art. 6 (1) (f) GDPR): 
    • To promote our services and to existing customers and build our commercial relationship with our vendors, business partners and stakeholders, and keep them informed;
    • To understand how customers, vendors, employees, business partners and other stakeholders perceive our services, participants of our events in order to improve them;
    • We will include an opt-out option for marketing activities to existing customers, vendors, employees, business partners and stakeholders.

8.7 Automatically Generated Personal Data

Purpose/information

Using our websites may lead to an automatic processing of personal data relating to you. 

Processing is carried out in a way which does allow your identification, as we are potentially able to link between such metadata and data directly relating to you (= identifiable data). Personal data may include but is not limited to:

  • date and time of access,
  • the name of your provider
  • your IP address, 
  • browser type and version,
  • operating system,
  • system software,
  • websites visited before, including keywords used for searches and the sites from which you have been transferred to our site (e.g., search engine or linked content).
  • Clicking behavior: If you subscribe to our newsletter, we will, due to technical reasons, automatically track whether you opened our newsletter, and whether you have accessed from the newsletter content which had been linked in our newsletter (both internal and external links).

Subjects:

Any individual visiting our website, subscribed to our newsletter, or using any website/digital technology.

Recipients

  • Internally 
  • Externally:  
    • Hosting/portals/ information service providers
    • Authorities (see section ‎2) 

Transfers to third countries are possible (see section ‎3).

Retention

See section ‎4.  

Legal basis:

  • Legitimate interest (art. 6 (1) (f) GDPR):   automatic processing is solely carried out in order to monitor the technical performance, reliability and security of our system.
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) (see section ‎2) 

8.8 Social Plugins

Purpose/information

Our website contains hyperlinks to social media (so called "social plugins") operated by third parties. The functionality of these social plugins, in particular the transfer of information and user data is not activated by visiting our website, but only by clicking the hyperlinks (social plugins). Once you click on any of these links, the plugin of the respective social media tool will be activated, and your browser will establish a direct connection with the server of this social media tool. If you click on the social plugin while you are visiting our website, a transfer of your user data to the respective social media network and the processing of your data through the social media network may occur. If you activate any of the social media plugins on our website while you are at the same time simultaneously logged into the respective social media tool with your personal account for that social media tool, the information that you have visited our website and that you have clicked the plugin on our website may be transferred to the social media tool and may be processed and stored in relation to your account with this social media tool.

To prevent such processing in relation to your account with the respective social media tool, you need to log out of your account before clicking the plugin link. You may also prevent the activation of social media plugins by adjusting the add-on settings of your browser, for example, by installing a so-called script-blocker such as „NoScript“(http://noscript.net/).

To the extent that such plugins qualify as cookies, please review our dedicated Section ‎11 on cookies. 

Our company has company pages on the following social media platforms. Further information about the processing of personal data can be found in their data protection declarations, to which we provide links below:

  • Facebook, Instagram and Youtube of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter “Meta” (https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0;
  • LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter “LinkedIn” https://se.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy;
  • WeChat of Tencent Holdings Ltd, Tencent Binhai Building, No 33 Haitian Second Road, Nanshan Shenzhen, 518054 China, https://www.wechat.com/en/privacy_policy.html.

When you visit or interact with a profile on a social media platform, your personal data may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made while using the profile. In addition, certain information about your visit to a social media profile is often automatically collected, which may also constitute personal data.

When you visit our social media page, which we use to present our company or individual products from our range, certain information about you is processed. The operators of the social media platforms are solely responsible for this processing of personal data.

The operators of the social media platforms collect and process event data and profile data and provide us with anonymized statistics and insights for our pages that help us to gain insights into the types of actions that people take on our site (so-called “page insights”). These page insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by the social media operators and us as joint controllers pursuant to Art. 26 GDPR. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these insights. Under our joint controller arrangements, the social media platform operators are primarily responsible for facilitating data subject rights requests, though you may also contact us. The legal basis for this processing is Art. 6 (1) f) GDPR.

We cannot assign the information obtained through page insights to individual user profiles that interact with our pages. We have entered into agreements with the operators of the social media platforms regarding processing as joint controllers, in which the distribution of data protection obligations between us and the operators is specified. For details about the processing of personal data for the creation of page insights and the agreement concluded between us and the operators, please refer to the following links:

We have agreed with Meta and LinkedIn that the Irish Data Protection Commission is the lead supervisory authority that monitors processing for page insights. You always have the right to file a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.

We also process information that you have provided to us via our company page on the respective social media platform. Such information may include the username used, contact details or a message to us. We carry out this processing as the sole controller. We process this data on the basis of our legitimate interest in contacting enquiring persons. The legal basis for the data processing is Art. 6 (1) (f) GDPR. Further data processing may take place if you have given your consent (Art. 6 (1) (a) GDPR).

Subjects:

Any website visitors activating the social plugins.

Recipients

  • Internally: Marketing, Communications, Digital Business, HR
  • Externally:
    • Hosting/portals/ information service providers
    • Social networks
      • Facebook, Instagram and Youtube is operated by Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. Detailed information regarding plugins used by Facebook is available at: https://developers.facebook.com/docs/plugins
      • LinkedIn is operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA. Detailed information regarding plugins used by LinkedIn is available at: https://www.linkedin.com/legal/cookie-policy
      • WeChat is operated by Tencent Holdings Ltd, Tencent Binhai Building, No 33 Haitian Second Road, Nanshan Shenzhen, 518054 China. Detailed information regarding plugins used by WeChat is available at https://www.wechat.com/en/privacy_policy.html

Transfers to third countries are possible (see section ‎3). 

Retention

The deletion is in the responsibility of the main service providers. 

Legal basis:

  • Consent (art. 6 (1) (a) GDPR)
  • Legitimate Interest (art. 6 (1) (f) GDPR)

8.9 Online Services for Shareholders

Purpose/Information

The online services offer Hapag-Lloyd shareholders the possibility to electronically receive information and documents to the Annual General Meeting, as well as the ability to use various Annual General Meeting-related and share register-related applications.

Subjects:

Any shareholding using the online services. 

Recipients

  • Internally: Investor Relations
  • Externally:  
    • Hosting/portals/ information service providers
    • Shareholder service providers
    • Auditors for the annual report
    • Authorities (see section ‎2)

Transfers to third countries are possible (see section ‎3).  

Retention

See section ‎4. 

Legal basis:

  • Legitimate interest (art. 6 (1) (f) GDPR): to provide online shareholder services.
  • To comply with a legal obligation (art. 6 (1) (c) GDPR) in connection with §§118 ff Stock Cooperation Act (see section ‎2) of providing shareholder services. 

8.10 Hapag-Lloyd Hapag-Lloyd API Portal and Interfaces

Purpose/Information 

Hapag-Lloyd offers an Application Programming Interface Portal, the API Portal, and the Interfaces offered there. When using the API Portal, it may be necessary to provide personal data including your first name, last name, address including postal code and, where applicable, telephone number and email address and other details relating to use of the API Portal and the Interfaces.  

These are the purposes for which your personal data is processed: Registration and Authentication 

 Subjects 

Any registered User using the online services. 

Recipients 

  • Internally: Departments involved in API Services 
  • Externally: Hosting/Portals/Information Service Providers 

Transfers to third countries are possible (see section 3). 

Retention 

See section 4. 

Legal basis: 

Consent (art. 6 (1) (a) GDPR) 

Contract (art. 6 (1) (b) GDPR) 

Legitimate Interest (art. 6 (1) (f) GDPR).

8.11 Hapag-Lloyd Customer APP

Purpose/Information 

The Hapag-Lloyd Mobile App is a smartphone app that gives customers quick mobile access to Hapag-Lloyd’s digital shipping services.

Subjects 

Any registered User using the online services. 

Recipients 

  • Internally: Departments involved in Customer Services 
  • Externally: Hosting/Portals/Information Service Providers 

Transfers to third countries are possible (see section 3). 

Retention 

See section 4. 

Legal basis: 

Consent (art. 6 (1) (a) GDPR) 

Contract (art. 6 (1) (b) GDPR) 

Legitimate Interest (art. 6 (1) (f) GDPR).

8.12 Hapag-Lloyd Cafeteria App

Purpose/information

Hapag-Lloyd offers the application “Hapag-Lloyd Cafeteria[TA1] ” as on online service for payments in the company restaurant.

Subjects:

Externals, working students and visitors using the online services. 

Recipients

  • Internally: Departments involved in HR Services, Catering & Conference Services
  • Externally:  
    • Hosting/portals/ information service providers

Transfers to third countries are possible (see section ‎3).  

Retention

See section ‎4. 

Legal basis:

  • Consent (art. 6 (1) (a) GDPR).

The website of Hapag-Lloyd may contain hyperlinks, which refer you to content provided on websites operated by third parties. As Hapag-Lloyd is not legally responsible for the content and the data protection compliance of such third-party-operated websites, we kindly ask you to closely pay attention to the respective privacy terms of these third-party-operated websites.

In the Privacy Terms above we provide all data subjects with a comprehensive overview regarding the processing of personal data at Hapag-Lloyd Group. Many customers are also concerned about operational and commercial information related to shipments, cargo, and logistics services. While much of this information does not directly identify individuals (such as container numbers, cargo descriptions, HS codes, or vessel schedules), we recognize that in practice, shipment data is frequently linked to or combined with personal data (such as shipper, consignee, or contact person information). Where such connections exist, GDPR and other applicable data protection laws apply in full, and we process such combined datasets in accordance with the legal bases and safeguards described in this Privacy Policy.

Digitization Initiatives

Logistics is currently undergoing several waves of digitization, and this process is about to further accelerate over the months and years to come. Insofar, the operations processes and the exchange of information are changing rapidly with a clear tendency towards the expansion of data exchange between all stakeholders in the logistics supply chain.

Within the boundaries set by law, such as customs regulations or competition law, just to name a few examples, we also exchange substantially more transport service related information with third parties than we did before. Partially, this increase is even triggered by changes in the operations of public authorities, such as customs authorities.

As a guiding principle we exchange information with third parties involved in the logistics supply chain on a need-to-know basis, that means we share operational and production data to the extent this is necessary to provide the service. Examples are trucking companies, authorities, port terminals, feeder operators or other service related external partners.

To the same extent we also receive such operational or production data from stakeholders, primarily to synchronize such data with our internal data sets, to update the transport plan or for other general purposes of providing our service to you.

Most of the data provided and obtained relates to the physical move of the box, but such data sets may, depending on the stakeholders involved, also contain cargo related information such as cargo descriptions or the HS-Code.

We trust that our customers appreciate that Hapag-Lloyd, with new services like Quick Quotes or LIVE, is at the forefront of the digitization in the shipping industry, and that customers appreciate the value of new, disruptive digital platforms, which aim to increase the real-time data exchange of operations data in the entire ecosystem.

We are committed to remain one of the leaders in this field, and to increase transparency for all players in the ecosystem that are contributing to an individual shipment without compromising the security of information and operations.

Logistic Chain Platforms

Substantive parts of our customers are using existing platforms, such as INTTRA, and we expect that even more customers will try to harvest the advantages of emerging platforms such as GSBN.

Participating in such platforms comes at a “cost”, and that is the need for further standardization of data types, including operational and customer-related data. Partly triggered through new standards proposed by the Digital Container Shipping Association, as well as platform services, this standardization limits the capability of all stakeholders in the ecosystem to provide customer-specific services, or to contribute to customer run stand-alone systems.

Some of the new data-driven platforms and services imply the processing of vast amounts of operational data and trade documents, incl. the aggregated or de-identified use for secondary purposes, e.g. for the improvement of the quality of service providers or the promotion of ancillary services, to name just a few examples.

As a member to such platforms, Hapag-Lloyd is following the relevant data provisioning and data sharing requirements of the platform operators, and integrates the technology of such platforms into the Hapag-Lloyd services.

As such, terms and conditions of a platform may imply that we share data related to a shipment with that platform beyond the need-to-know principle, even if you are not a customer to that platform. However, we carefully assess each platform relationship and only share data where: (a) it is necessary for the performance of the shipping contract; (b) required by applicable law; (c) based on our legitimate interests (following a legitimate interest assessment); or (d) where we have obtained your consent. We maintain data processing agreements with platform providers to ensure they handle your data in accordance with applicable data protection laws.

Regardless of the platform or service we collaborate with, we will not compromise our IT security standards, and whenever mixed data sets contain personal data, e.g. in trade documents, we will continue to adhere to the EU GDPR and/or other applicable data protection laws.

Cookies/Similar Technologies. Please refer to our Cookie Policy to learn how you we use cookies, how you can manage your cookie settings, for detailed information on the cookies we use and the intended purposes.

IP addresses. An IP address is a number that is used by computers on the network to identify your computer every time you log on to the Internet. We may record IP Addresses for the following purposes: (i) troubleshoot technical concerns, (ii) maintain website safety and security (iii) better understand how our websites are utilised, and (iv) to better tailor content to your needs depending on the country you are in.

Log Files. We (or a third party on our behalf) may collect information in the form of logs files that record website activity and gather statistics about a user’s browsing habits. These entries are generated anonymously, and help us gather (among other things) (i) a user’s browser type and operating system, (ii) information about a user’s session (such as the URL they came from, the date and time they visited our website, and which pages they've viewed on our website and for how long), and, (iii) other similar navigational or click-stream data.

Web Beacons. We may use web beacons (or clear GIFs) on the HLSites. Web beacons (also known as “web bugs”) are small strings of code that provide a method of delivering a graphic image on a web page for the purpose of transferring data back to us. The information collected via web beacons may include information about how a user responds to an email campaign (e.g. the time the email is opened, where does the user link to from the email, etc.). We use web beacon information for a variety of purposes, including, site traffic reporting, unique visitor counts, advertising and email auditing and reporting, and personalisation.

Container telemetry data generated by Hapag-Lloyd AG during the transport of containers constitutes operational data of Hapag-Lloyd AG.

What are Cookies?

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to facilitate and to improve the use of our website, or work more efficiently, as well as to provide information to the owners of the site.

See below for details on what information is collected by cookies and how we use that information. For more information about the kind of data we collect, please read our Privacy Terms.

How and why does Hapag-Lloyd use them?

Hapag-Lloyd uses cookies to gain a better understanding how visitors use this website. Cookies help us tailor Hapag-Lloyd websites to your personal needs, to improve their user-friendliness, gain customer satisfaction feedback on our websites (through designated partners) and to communicate to you elsewhere on the web. To enable this some cookies are applied when you enter our sites.

Hapag-Lloyd keeps all the information collected from cookies in a non–personally identifiable format. Hapag-Lloyd cookies located on your computer do not retain your name or your IP address.

We have summarized relevant information related to our use of cookies in these Privacy Terms. You may obtain additional information by reviewing this cookie information at Cookie Policy, which includes details on cookie retention periods (ranging from session cookies that expire when you close your browser to persistent cookies that may remain for up to 24 months depending on the cookie type and purpose). We also provide details on our cookies in the consent management window that is automatically opened once you enter our website that use cookies.

By using a Hapag-Lloyd Site, you accept our use of cookies and other tracking technology for the provision of the Hapag-Lloyd Site in accordance with this notice. If you do not agree to our use of cookies and other tracking technology in this way, you should set your browser settings accordingly or not use the Hapag-Lloyd Site. If you disable cookies that we use, this may impact your user experience while on the Hapag-Lloyd Site.

For cookies which require consent under applicable law, we will ask for your consent via the cookie banner before placing such cookies. Your consent covers the specific cookie categories you have accepted (e.g., functional, analytics, marketing). You can access and adjust the cookie settings at any time through our Cookie Settings/Privacy Preference Center. We use a consent management platform that records your consent choices with a timestamp and unique identifier.

When using a mobile device to connect to the Internet, you should also refer to the privacy notice of the specific App you are using to understand its specific data collection practices.

How can I access and adjust my cookie settings?

You can adjust your cookie settings related to Hapag-Lloyd Sites at any time in our Cookie Settings/Privacy Preference Center with immediate effect for the future. Furthermore, you may block cookies, change the settings of your browser add-ons.

Please ensure that your computer setting reflects whether you are happy to accept cookies or not. You can set your browser to warn you before accepting cookies, or you can simply set it to refuse them, although you may not have access to all the features of this website if you do so. See your browser 'help' button for how you can do this. You do not need to have cookies on to use or navigate through many parts of this and other Hapag-Lloyd websites. Remember that if you use different computers in different locations, you will need to ensure that each browser is adjusted to suit your cookie preferences.

To delete the cookies and all information gathered, and otherwise change your cookie settings please click the following link.

Which Cookie Categories does Hapag-Lloyd use?

Session cookies

Session cookies are temporary cookie files which are erased when you close your browser. When you restart your browser and go back to the site that created that cookie, the website will treat you as a new visitor.

Persistent cookies

Persistent cookies stay on your browser until you delete them manually or until your browser deletes them based on the duration period set within the cookie. These cookies will recognise you as a return visitor.

Cookies that send information to us (First Party cookies)

These are the cookies that we set on a Hapag-Lloyd Site and they can only be read by that site. This is known as a "First Party" cookie.We also place cookies on ads which are placed on other websites owned by third parties (e.g. Facebook). We obtain information via those cookies when you click on or interact with the advertisement. In this situation the ad is placing a “Third Party” cookie. Hapag-Lloyd may use the information obtained by these cookies to serve you with advertising that is relevant and of interest to you based on your past online behaviour.

Cookies that send information to other companies (Third Party Cookies)

These are cookies that are set on a Hapag-Lloyd Site by our partner companies (e.g. Facebook or advertisers). They may use the data collected from these cookies to anonymously target advertising to you on other websites, based on your visit to this Website. For example, if you use a social widget (e.g. the Facebook icon) on the Website, it will record your “share” or “like”. Facebook (as the company setting the cookie) will collect the data. This is known as a “Third Party’’ cookie.

Please note that third party services placing cookies or utilizing other tracking technologies through our services may have their own policies regarding how they collect and store information. Such practices are not covered by our Privacy Terms and we do not have any control over them.