Are you are visiting our website from Mainland China?
If you click "Yes", you will be redirected to www.hapag-lloyd.cn, our performance-optimized site for Mainland China, which provides the same content as www.hapag-lloyd.com.
如果点击"是"，您将直接跳转至赫伯罗特中文网 www.hapag-lloyd.cn, 这是我们专为中国大陆优化的网站，与 www.hapag-lloyd.com 网站内容一致.
These Privacy Terms govern the collection, processing and use (hereinafter all together referred to as "processing") of personal data if such data relating to you is processed when using our website and/or our app, or if data is processed in the course of the provision of our services as an international container shipping line, e.g. if we initiate or execute a shipment contract. As Hapag-Lloyd AG is based in the European Union, it adheres primarily to the rights of data subjects under the EU General Data Protection Regulation but will also follow stricter national laws and regulations as they apply to the data processing.
Personal data may also be processed if you contact Hapag-Lloyd to receive information from us. When handling personal data, we act in strict compliance with the relevant legal data protection regulations and the following principles.
Please note the sections for the countries that have a deviating regulation from the EU General Data Protection Regulation (GDPR). You will find the specific details in Section 16 with the sub-heading of the particular country name or name of the law. For example, California: . As well as the contact information to Data Protection Officer of Hapag-Lloyd offices in the EU/EEA.
If you are conducting business with us, you may also be interested to learn how we process relevant information that does not qualify as person-identifiable information. We have compiled this information, which also forms a basis of our service contracts, in Section 17.
We may revise these Privacy Terms from time to time, so please check back regularly for updates and revisions.
Legal Entity responsible for the processing of personal data:
Executive Board of Hapag-Lloyd AG:
Rolf Habben Jansen (CEO), Mark Frese, Dr. Maximilian Rothkopf, Joachim Schlotfeldt
For contact information of the Corporate Data Protection Office please see Section 15 below.
Hapag-Lloyd is a global container shipping line which provides logistics services across the globe. The business purpose of the company is domestic and non-domestic container transport and the operation of all transactions and facilities connected to the shipment of containers.
In order to facilitate the work of the Hapag-Lloyd, the company has established branch offices and/or legal entities both domestically and abroad. The company is participating in networks and alliances, it may acquire and/or establish legal entities. It may cede its operations wholly or partially to other legal entities as required to provide services to the customers of the Hapag-Lloyd.
Data is collected, processed, and used for the purposes mentioned in these privacy terms. Inter alias, the following purposes are explicitly covered by these privacy terms:
We will process your personal data to the extent necessary for the initiation, implementation or termination of a pre-contractual or contractual relationship. Please see below for more details.
Likewise, we will process data you voluntarily provided us with, for example, when you ask us for information regarding Hapag-Lloyd and its services.
Furthermore, we will process personal data if you consented or if we are legally authorized or obliged to collect and further process personal data relating to you. If we process data solely based on your informed consent, we will only use the data for the purposes stated in the consent procedure and within the scope outlined. For example, we will only inform you about our services after you have properly consented or indicated by other means that you would like to receive promotional information from Hapag-Lloyd.
You may revoke or withdraw your consent at any time with immediate effect for the future. Upon receipt of your message, we will delete your data unless we are legally obliged or authorized to retain personal data relating to you. Please send your revocation notice to the address indicated in Section 15 of these Privacy Terms. In case we process personal data based on your consent we may no longer be able to provide the respective service to you if you revoke your consent.
We may also process your data for the purposes of our legitimate interests pursuant to Art. 6 (1), Subparagraph f) GDPR, e.g. for the purpose of preventing fraud, investigating and reporting criminal offences, to enforce legal claims, including debt collection and defense in the event of legal disputes, for auditing purposes, to safeguard the companies IT security and operations, to communicate with you, to the extent that an ongoing business relationship with you or your employer already exists, in particular if you are a party to a shipment but not our direct contractual partner.
Personal data on consignees, employees of consignees or other third parties involved in a shipment are often provided by the shipper / contract party to Hapag-Lloyd; it is the responsibility of the shipper / contract party to ensure that the provision of data is compliant with applicable data protection laws. Hapag-Lloyd further processes such data as a controller in compliance with the GDPR and other applicable data protection laws.
For its core applications, Hapag-Lloyd uses a so-called “data lake” that caters for a range of processing activities across various business sectors. Personal data stored in the data lake is fully encrypted and pseudonymized. Hapag-Lloyd has implemented a strict access control, based on a need-to-know principle and maintains control systems regarding the permitted processing activities and their purposes. Only certified data scientists have the right to work in the data lake.
We may share personal data, as instructed by the shipper / contract party, in order to facilitate the provision of our services or in order to provide such information to portals / information service providers that are used in international logistics to facilitate the exchange of information locally (e.g. port community systems) or internationally (e.g. INTTRA, GSBN or TradeLens).
Hapag-Lloyd itself may also process personal data pursuant to Art. 6 (1), Subparagraph f) GDPR, without such instruction of the shipper / contract party, to the extent we exchange information with third parties, such as portals / information service providers, that facilitate the exchange of information in logistics and that serve as data brokers to ancillary services. If we do so, we make a detailed assessment in order to identify the legitimate interest, we determine that the processing is necessary to achieve it, and we balance it against the individual’s interests, rights and freedoms.
Due to the global nature of our business, we may have to transfer personal data internationally, including to countries that may not have the same data protections standards as the country you are legally residing in. For further details on the international transfer, please see below sections 2 and 8.
The provision of Hapag-Lloyd´s services often require the processing of personal data. The processing of personal data may be necessary both prior to the conclusion of a contractual agreement (e.g., in order to provide you with a quotation) and during the implementation of a contract with you (e.g., shipping details). Notably, and as stated above, we often process personal data that does not relate to our direct (pre-) contractual partner, but to a third person (such as a consignee, an employee of a consignee or a notified party). Regarding the legal base for such processing, please consult the previous section.
Personal data, which is processed to provide you or another third party with our services, may include but is not limited to:
When we pick up or deliver a shipment or provide other services, we may obtain physical location data. This includes, for example, data identifying the actual location of a physical address using information such as GPS data, geocodes, latitude and longitude information, and images of the various locations.
Certain areas of the Hapag-Lloyd website require registration, in particular areas related to e-business applications. Information obtained from users of these areas may also be used for Hapag-Lloyd´s marketing activities, within the limits of the applicable law and these terms.
Certain shipment-related data will be provided to the authorities of the country of transit or destination for customs and tax clearance or for security screening, as required by the laws of the respective country.
The information provided would usually include but may not be limited to: shipper’s name and address, receiver’s name and address, description of the goods, number of pieces, weight and value of shipment. Certain jurisdictions also require a proof of the identity of a person, e.g. passport data or a driver’s license.
We may transfer the personal information we process regarding you to countries other than the country in which the information originally was obtained. Primarily, in order to provide you with our services, the data will be transferred to other companies within the Hapag-Lloyd Group but may also be transferred to agents operating on behalf of Hapag-Lloyd, and other affiliated entities.
Please be aware that Hapag-Lloyd works with a number of partners to provide you with the best possible service (e.g., sub-contractors such as trucking companies, terminals, and depots). This may require, within the boundaries set by law, the transfer of personal data to these partners and service providers.
Please be also aware that we may not be able, for regulatory reasons, to provide you with our services if you partly or fully disagree with the processing of personal data relating to you.
The countries to which data are transferred may not have the same data-protection standards as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in these terms and in accordance with applicable law.
In case of cross-border data transfer between different jurisdictions, we will follow the stricter legal provisions. We use contractual protections for the transfer of personal information among various jurisdictions (including, for example, the European Commission's standard contractual clauses) and we regularly work with our partners and service providers on measures to ensure the full compliance with the applicable data protection laws, including but not limited to the full compliance with the GDPR or the Cybersecurity Law of the People´s Republic of China. Before transferring data to countries outside the EU/EEA (third countries), we document an impact assessment for the transfer in order to always protect the interests of the data subjects unless such third country provides an adequate level of data protection as determined by the European Commission.
Further information is available in the respective section of these Privacy Terms regarding the data processed in relation to the use of our website and app.
For your rights to access and control personal data relating to you, please consult the respective section in these Privacy Terms.
Using our website may lead to an automatic processing of personal data relating to you. Data processed may include in particular the name of your provider, your IP address, browser type, and system software, as well as the websites visited before, including keywords used for searches and the sites from which you have been transferred to our site (e.g., search engine or linked content). In all the aforementioned cases, processing is carried out in a way which does allow your identification, as we are potentially able to link between such metadata and data directly relating to you (= identifiable data). Such linkage is solely carried out in order to monitor the technical performance, reliability and security of our system.
If you subscribe to our newsletter, we will, due to technical reasons, automatically track whether you opened our newsletter, and whether you have accessed from the newsletter content which had been linked in our newsletter (both internal and external links).
Through our website and other channels, you have access to the Hapag-Lloyd app. Due to providing the app on the website, Hapag-Lloyd AG is subject to the provisions of the GDPR and the German Telemedia Act (TMG), and specifically to the relevant data protection provisions of §§ 11 to 15a TMG.
Please also note that specific regulatory restrictions may apply based on the legislation in the country you are residing in.
In case you are using the Google Play App Store of Google Inc., the Windows App Store of Microsoft Inc., or the iTunes App Store of Apple Inc. for the download, please carefully read the data protection terms of these app stores.
Further details can be found in the document "Hapag-Lloyd App Privacy Terms", which is accessible on our website under Mobile App and in the app stores.
After the launch of our app, technical installation and technical performance data from our iOS, Android and Windows apps is collected.
If you disagree with the processing of personal data as outlined in the Privacy Terms for the app, please do not install our app, or uninstall it if you did so. Please also consider the regulatory restrictions that may apply in your jurisdiction.
Our website contains hyperlinks to social media (so called "social plugins") operated by third parties. The functionality of these social plugins, in particular the transfer of information and user data is not activated by visiting our website, but only by clicking the hyperlinks (social plugins). Once you click on any of these links, the plugin of the respective social media tool will be activated and your browser will establish a direct connection with the server of this social media tool. To the extent that such plugins qualify as cookies, please review our dedicated Section 5 on cookies. Third-party cookies that are not necessary to the performance of our website and services, are subject to your explicit, prior informed consent.
If you click on the social plugin while you are visiting our website, a transfer of your user data to the respective social media network and the processing of your data through the social media network may occur. If you activate any of the social media plugins on our website while you are at the same time simultaneously logged into the respective social media tool with your personal account for that social media tool, the information that you have visited our website and that you have clicked the plugin on our website may be transferred to the social media tool and may be processed and stored in relation to your account with this social media tool.
To prevent such processing in relation to your account with the respective social media tool, you need to log out of your account before clicking the plugin link. You may also prevent the activation of social media plugins by adjusting the add-on settings of your browser, for example, by installing a so-called script-blocker such as „NoScript“ (http://noscript.net/).
To learn more about the purpose and scope of data processing by social media tools, and to receive further information about the processing and use of data relating to you, as well as your rights and detailed instructions how to protect your privacy, please refer to the privacy terms of the respective social media tool.
To enable you to obtain more detailed information on the privacy terms of social media tools, we would like to reference to the social media tools currently embedded into our website.
On our website, we currently use social plugins of the social media tools Facebook (Facebook Pixel) and LinkedIn, as well as the micro-blogging service Twitter.
These services are offered by the respective third parties and subject to the terms and conditions applicable to them. Prior to activating such plugins you may carefully assess the data protection settings that apply to the country in which you are legally residing.
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Detailed information regarding plugins used by Facebook is available at: https://developers.facebook.com/docs/plugins
LinkedIn is operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA. Detailed information regarding plugins used by LinkedIn is available at: https://www.linkedin.com/legal/cookie-policy
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Detailed information regarding plugins used by Twitter is available at: https://twitter.com/about/resources/buttons
Instagram is operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Detailed information regarding plugins used by Instagram is available at https://help.instagram.com/1896641480634370
YouTube is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Detailed information regarding plugins used by YouTube is available at https://policies.google.com/technologies/product-privacy and https://www.google.de/intl/de/policies/privacy
WeChat is operated by Tencent Holdings Ltd, Tencent Binhai Building, No 33 Haitian Second Road, Nanshan Shenzhen, 518054 ChinaDetailed information regarding plugins used by WeChat is available at https://www.wechat.com/en/privacy_policy.html
Due to the integration of the social media plugins into our website, the respective social media tools may obtain personal data relating to you if you activate the plugin, even if you do not have an account with the social medial tool or if you are not logged into your account of the respective social media tool.
Such information (including your IP address) may be directly transferred from your browser to a server of the social media tool provider and will be processed there. The social media tool providers Facebook, LinkedIn and Twitter, Instagram, YouTube and WeChat process personal data relating to users from EU/EEA countries, according to information that has been made available publicly, within the EU. Data relating to users who reside in a country outside the EU/EEA may be processed in the United States of America or another third country.
In case data relating to you, which have been obtained within the EU/EEA, is transferred by the third-party provider to servers outside the EU/EEA, you shall be aware that Hapag-Lloyd has no legal or technical influence thereon. Equivalent restrictions on the cross-border transfer of personal data may also apply based on the regulatory framework of the country you are residing in. Hapag-Lloyd and its affiliates aim to ensure full compliance with all applicable regulatory frameworks, e.g. the PR China Cybersecurity Law or the PR China Personal Information Protection Law.
Our websites make use of so-called re-targeting technologies. We use these technologies to make our internet offers more interesting for you. This technique allows us to provide internet users who have already shown an interest in our services with tailored information on the websites of our partners and other third parties. The use of this marketing approach by our partners is undertaken on the basis of a cookie technology and an analysis of previous user behavior. Notably, we only use these techniques if you have consented to the application of such cookies via our cookie consent management tool. For more details on the consent management, please see above section 4.
If you would like to opt out the use of your data for retargeting, online-behavioral advertising or interest-based advertising, Hapag-Lloyd will honor any such opt-outs without any undue delay. You can change your cookie settings at any time in our Privacy Preference Center with immediate effect for the future. Furthermore, you may block cookies, change the settings of your browser add-ons, or contact us via the contact details provided in Section 16 for further guidance and help.
Hapag-Lloyd makes use of the Facebook Pixelin case you consent to the use. The pixel is a tiny piece of Java script code that we have incorporated into each of our web pages. This piece of code provides a series of functions for transmitting application-specific events and user-defined data to Facebook. We use different pixel events to record information about the way visitors use our website. For this reason, each of our web pages contains a Custom Audience pixel, which is activated in case you consent to the use. This pixel records information about the user's browser session, which it sends to Facebook along with a hashed version of the Facebook ID and the URL viewed.
We do not use the Facebook pixel and the Custom Audiences based on it in a way that we would provide Facebook with any person identifiable information from our customer-relationship-management system or any other central database controlled by Hapag-Lloyd. As such, we do not transfer or disclose any personally identifiable information to Facebook or combine any information obtained in connection with these terms with personally identifiable information.
Further details on the collection and processing of data through Facebook are available in the privacy- policy section of Facebook Inc.: https://www.facebook.com/about/privacy/
You may also deactivate the remarketing-function of „Custom Audiences“ at https://www.facebook.com/settings/ . Please be aware that you must be logged in to Facebook in order to be able to adjust your settings.
Hapag-Lloyd uses the LinkedIn Insight-Tag provided by LinkedIn Inc. We have incorporated a simple piece of code to our website that places a cookie onto the browser of our website visitors. As such, the use of this cookie is subject to your prior explicit consent for the use of this cookie. Through LinkedIn's conversion tracking and website-demographic features, Hapag-Lloyd can understand what happens after a LinkedIn user clicks on our ad by using analytic methods and systems provided by LinkedIn that allow us to send data to LinkedIn and its affiliates about actions that people take on our websites or mobile applications ("Event Data"). We use this service to provide you with targeted information regarding services and events of Hapag-Lloyd.
LinkedIn and Hapag-Lloyd both adhere to the relevant EU data-protection law. Hapag-Lloyd does not receive any personally identifiable data from LinkedIn, but will only receive aggregated, fully de-identified information regarding our customers and users. Hapag-Lloyd does not provide LinkedIn with personally identifiable data from our central operational IT systems (such as CRM or CSV data).
For more details, please consult the specific terms and conditions on the LinkedIn website: https://www.linkedin.com/legal/conversion-tracking
For a more detailed information on the opt-out policy of LinkedIn, please consult the specific information provided on the website of LinkedIn:
This website uses Google Analytics, a web-analytic service provided by Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google")., , subject to your consent to the use of Google Analytics. Without your prior and explicit consent we will not use Google Analytics. Google Analytics uses "cookies", text files which are stored on your computer and which allow an analysis of your use of our website. The information generated by the cookie about your use of this website may be transferred to a Google server in the USA and stored there. However, in the case of the activation of the IP anonymisation on this website, your IP address will be previously abridged by Google within the member states of the European Union or in other states parties to the Agreement on the European Economic Area. Only in exceptional cases, will the full IP address be transferred to a Google server in the US and abbreviated there. IP anonymisation is active on this website.
On behalf of Hapag-Lloyd, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage. We also measure our remarketing activities via Google Analytics information. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the Google cookies from being saved by setting your browser settings accordingly.
Where users have chosen to enable Google to associate their web and app browsing history with their Google account and to use information from their Google account to personalize ads, Google will use data from its signed-in users together with your Google Analytics data to build audience lists for cross-device retargeting. In order to support this feature, two things will happen: First, for users on this site, Google Analytics will collect Google-authenticated identifiers associated with users’ Google Accounts (and therefore, personal information). Second, Google Analytics will temporarily join these identifiers to this site's Google Analytics data in order to support our audiences.
To learn more about Google Analytics, including how to opt out of it, please visit https://tools.google.com/dlpage/gaoptout
Google Tag Manager
This website uses the Google Tag Manager. This service is provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"). This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.
Google Marketing Platform (including Floodlight)
This website uses Google Marketing Platform (“GMP”), an online advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").
GMP places a cookie on your computer, with your express permission, to track your browsing behavior on various websites and to provide for an interest-based, personalized advertising experience. If you wish to permanently disable this, you can download a plug-in to disable the GMP cookie following this link: https://support.google.com/ads/answer/7395996?hl=en
Floodlight is an optional conversion and event tracking feature based on a HTML code snippet in Display & Video 360 that allows us to monitor, report and target conversions - the activity of visitors to a site after they have seen or interacted with an ad. This is done by adding users to lists based on specific actions on a website, which are then available for targeting in campaigns. Again, your express consent is a prerequisite for this case.
Google Ads Remarketing
Hapag-Lloyd uses the Google Ads retargeting function Google Ads Remarketing, provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"). This allows us to provide internet users with targeted ads on google.com and third party websites based on their behavior on our website. This function is limited to a period of 18 months. Without your prior and explicit consent we will not use Google Ads Remarketing. In order to make use of Google Ads Remarketing, Google Ads uses "cookies", text files which are stored on your computer and which allow an analysis of your use of our website.
Ad personalization may be turned off by the use of this browser plugin: https://support.google.com/ads/answer/7395996?hl=en
If you subscribe to one of our newsletters we offer you the option to define in a preference center what you are most interested in. Registering for the newsletter is by means of a so-called “double opt-in”. Once you register, we send you an email to the email address you specified, asking you to confirm that you want to receive the newsletter from Hapag-Lloyd. If you do not confirm your registration by clicking the link in the email, the link we sent you will be deactivated and your data deleted.
You can unsubscribe to the newsletter at any time using the dedicated consent revocation process. We process your data in line with Article 6, Paragraph 1, Sentence 1, Letter a) of the GDPR.
You may also contact our Corporate Data Protection Office (for contact information please see below in Section 16) for further information and assistance.
The collection, processing and use of personal data is carried out by us and by other companies of the Hapag-Lloyd Group, or external data processors who process data on behalf of us and who are contractually and legally obliged to comply with applicable data protection standards. In the latter two cases, we will ensure that Hapag-Lloyd Group companies and external service providers comply with the relevant legal data protection rules and the obligations arising from these Privacy Terms.
We adhere to the legal requirements stipulated in the EU General Data Protection Regulation (and if applicable, relevant national law), unless more stringent legal requirements are applicable, which supersede the EU legal framework.
Third parties may also have access to personal data in case you decide to obtain added-value services, such as insurance coverage, as these services may be offered to you in collaboration with a third party. In this case, we will explicitly refer you to the applicable data protection terms of the third party.
In case of an administrative request or a legal obligation, we may be forced to transfer your personal data to the competent authority exercising such a request. The same applies in case of a court order regarding the transfer/disclosure of data relating to you.
In case of an administrative, legal or judicial request for data transfer, we will assess in each individual case whether the transfer is compliant with the principles enshrined in the EU General Data Protection Regulation. If deemed necessary, we may take legal actions against such order or request.
We have taken technical and organizational measures to protect your personal data against loss, alteration, theft or access by unauthorized third parties. Our processes are compliant with Art 32 ff. of the EU General Data Protection Regulation, and/or with the applicable national laws and standards. We are currently working towards a certification according to ISO 27001/ ISO 27701 on the IT operations of Hapag-Lloyd and will update these terms once we have obtained the certificates.
For the protection of personal data in the core systems of Hapag-Lloyd, we either use state of the art encryption practices for data at rest and data in transit, or other access control and data breach prevention tools that ensure the security of personal data in these systems. We use encryption in transit to product the exchange of information, unless such encryption is not permitted for regulatory reasons.
Specific IT security and encryption process apply to the extent we process data in the context of so-called US Flag shipments (compliant with the NIST Cybersecurity Framework), or subject to other national IT security frameworks that require the full encryption of personal data.
We use encrypted drives in case we process particularly sensitive information, e.g. in case of our HR systems or taxation information.
Furthermore we encourage partners and contractors to communicate with us in an encrypted way, in case these partners and contractors have the technical capabilities to do so.
We work with a number of external partners and have taken contractual steps to ensure that all external service providers comply with the relevant IT security standards, including but not limited to the requirements of the GDPR or the Cybersecurity Law of the People´s Republic of China.
Hapag-Lloyd will process personal data in accordance with the rights of data subjects under relevant national or international law. As the Hapag-Lloyd is based in the European Union, it adheres primarily to the rights of data subjects under the EU General Data Protection Regulation but will also follow stricter national laws and regulations as they apply to the data processing. When a person makes a data subject request, the requester must provide Hapag-Lloyd with such information as it may reasonably require enabling it to confirm the identity of the data subject (this is very important in avoiding claims from the real data subject in the case of requests that are not bona fide).
a) Hapag-Lloyd AG provides ‘fair processing information’, typically through this privacy statement or other legally binding documents used by Hapag-Lloyd (e.g., contractual documents relating to a shipment).
b) We try to be as open and transparent as we can be in terms of giving you access to your personal data. You are entitled to be aware of and be able to check the lawfulness of any processing of personal data relating to you.
c) You are entitled to have your personal data rectified if it is inaccurate or incomplete. If Hapag-Lloyd or one of its affiliates has disclosed such data to third parties, we will inform you.
d) You have a legal and personal “right of erasure” which is also known as the “right to be forgotten”. Upon your request, Hapag-Lloyd will close your account/registration and remove your personal data as soon as reasonably possible from all of our records unless a lawful reason exists for us to retain some or all of it.
e) You have a right to ‘block’ or ‘suppress’ the processing of your personal data by Hapag-Lloyd under certain circumstances, but we are still entitled to store just enough of your personal data to ensure that the restriction is respected in future.
f) You are entitled to obtain (in a commonly used and machine-readable form) and reuse your personal data that you have provided to us (via consent or contract performance) and which we process by automated means for your own purposes across different services and free of charge. Hapag-Lloyd will respond to a request without undue delay, and within one month whether or not we decide to action your request. Where we decide not to, Hapag-Lloyd inform you of your further rights.
g) Subject to any relevant GDPR exceptions, Hapag-Lloyd shall not take any potentially damaging decision concerning you as a result of using automated processing operations without human intervention. Hapag-Lloyd will ensure that you have the opportunity to obtain human intervention, express your point of view, and obtain an explanation of the decision, and challenge it.
To exercise your rights as a data subject, please contact our Data Protection Officer (for contact information please see below in Section 16). Alternatively, you may also get in touch with any other organization within the Hapag-Lloyd Group you have been in contact with. Please be aware that exercising your right as a data subject may have an impact on the service we can provide to you, in particular if you ask us to erase or block your data, or if you revoke/withdraw a consent in case we process personal data based on your consent.
You will not have to pay a fee when you exercise your rights as a data subject under the GDPR. We may however charge a reasonable fee if your request is clearly unfounded or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to exercise any of your rights under the GDPR. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We do not process personal data relating to children and minors under the age of 16 years, unless we are legally obliged to do so. If we become aware that data were transferred to us or collected by us relating to children and minors under the age of 16 years without the informed consent of a parent or legal guardian, we will delete such personal data without any undue delay.
We delete personal data relating to you if the business purpose for which data have been processed ceases to apply, or if applicable data protection rules require us to delete personal data relating to you. In case the data processing was solely based on the informed consent obtained from you, we will delete data relating to you after you have revoked or withdrawn your consent (see also Section 2), unless we are legally authorized or obliged to retain data relating to you.
Due to the business activities of Hapag-Lloyd we are subject to various statutory requirements which stipulate obligations to process and retain personal data. Due to the international nature of our business activities, such obligations may derive from the law of the European Union, a Member State of the European Union and from the laws of third countries. We adhere to the statutory data retention periods and proactively delete data no longer required by law. In case no statutory retention period applies, we will regularly assess whether personal data are still required to administrate the business relationship between you and Hapag-Lloyd. If we believe such personal data is no longer needed, we will delete data relating to you. For the handling of data retention periods the Hapag-Lloyd has set up its own, internal statutory framework; if you would like to obtain more information on our data retention periods, please contact our Corporate Data Protection Office (for contact information please see below in Section 15).
At your request, we will block personal data relating to you fully or partly, unless there is a preponderant, overriding legal interest of Hapag-Lloyd in the continuation of the data processing. In order to facilitate the exercise of your data protection rights, please let us know in detail to what extent and for what duration which data shall be blocked. If technically feasible, you will be able to stop the processing and the use of data relating to you for specific areas and purposes by doing so.
In our Online Business (subject to registration), you may be required to provide payment data and you may be able to use payment methods, such as credit card or online payment systems. When Hapag-Lloyd uses a third-party payment processor, we do not store credit-card details or other payment information which might qualify as personal data under the GDPR, but instead rely on the third-party service provider to process personal data in order to provide these services. Primarily we cooperate with the service provider Computop which is based in Germany and processes personal data in compliance with the GDPR. Computop meets the strict security requirements of leading credit card providers, in accordance with the Payment Card Industry Data Security Standard (PCI DSS) and the PCI Point-to-Point Encryption (P2PE) standard for secure POS and mPOS solutions. In line with the requirements of Art 28 ff. GDPR, Computop and Hapag-Lloyd have entered into a third party processing agreement.
Please check the service provider for the relevant privacy terms and the compliance with the applicable laws and standards. You find the relevant details for Computop at https://www.computop.com/uk/data-privacy/
Within the respective section of the Hapag-Lloyd Online Business your data will be forwarded to the Computop service (an IFrame is opening on the Hapag-Lloyd page). Neither Computop nor Hapag-Lloyd AG have access to the personal data processed at the other page. Hapag-Lloyd AG will only be informed that a payment has been made.
If you have questions regarding our use of payment-service providers, please get in touch with us, or directly with the service provider. Contact details for the Hapag-Lloyd AG Corporate Data Protection office are provided in Section 16.
The website of Hapag-Lloyd may contain hyperlinks, which refer you to content provided on websites operated by third parties. As Hapag-Lloyd is not legally responsible for the content and the data protection compliance of such third-party-operated websites, we kindly ask you to closely pay attention to the respective privacy terms of these third-party-operated websites.
For questions regarding the collection, processing or use of personal data relating to you; or in case of a withdrawal of an informed consent regarding the disclosure, correction, blocking or deletion of data, please contact us at:
E-Mail: [email protected]
Corporate Data Protection
In addition to the internal Hapag-Lloyd data protection supervision by the Data Protection Officer, the GDPR and the German Federal Data Protection Act provide supervisory bodies, which help you to enforce your rights. For Hapag-Lloyd AG, the competent authority of the Free and Hanseatic City of Hamburg is responsible, which can be contacted at:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22, 7.OG, 20459 Hamburg, Germany
Tel.: +49 (40) 4 28 54 - 40 40
E-Fax: +49 (40) 4 279 - 11811
E-Mail: [email protected]
In the following, we list the contacts of our local Data Protection Officers that are based at affiliates of Hapag-Lloyd AG. Please be aware that some jurisdictions may use a different terminology for the data protection function. Such nomenclature may include, inter alias: Data Information Officer; Information Officer, Information Security Officer, Privacy Officer, Grievance Officer etc.
Hapag-Lloyd AG as a headquartered company in the European Union complies globally with the GDPR but in Brazil as well with the LGPD. We guarantee you all rights under GDPR as well as LGPD.
You will never be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.
Right to withdraw consent:
You have always the right to withdraw your consent if the data processing based on your consent with immediate effect for the future. Upon receipt of your message, we will delete your data unless we are legally obliged or authorized to retain personal data relating to you. Please send your revocation notice to the address of our Data Protection Officer in Brazil.
For further information you can contact our
Data Protection Officer:
Data Protection Officer: Ms. Gizely Horsth
Email: [email protected]
Telephone: +55 11 3306-9000
Right to contact Data Protection Authority:
You have the right to complain about Hapag-Lloyd. You can find the contact to the responsible supervisory authority here:
ANPD – Autoridade Nacional de Proteção de Dados
ANPD’s webesite: ANPD — Português (Brasil) (www.gov.br)
Hapag-Lloyd AG is headquartered in the European Union and complies globally with the EU General Data Protection Regulation as a minimum standard. Insofar, we invite you to carefully read all sections above in order to familiarize yourself with these minimum standards. You should particularly study the section on the rights of data subject as both regulations overlap in terms of these rights.
You may contact us either using the dedicated mail address and/or phone number:
Toll Free number: 1-833-Privacy (833-774-9229)
E-Mail: [email protected]
or you may contact us either using the contact information mentioned in section 16 or via our offices based in California:
Specifically for the data access request, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
The CCPA is very specific about the “sale” of person identifiable information. In our industry this is a particularly difficult aspect of data processing and it is connected to the international transfer of person identifiable information. If we ship cargo, we must process person identifiable information in order to provide you with our service. As such, we may have to share such information with third parties, e.g. consignees, public authorities or other partners in the logistics supply chain.
These third parties may use such information for their own, legitimate business purposes, and Hapag-Lloyd may not be in the position that we can control the use of such person identifiable information through a third party.
As stated before, we do not intend to discriminate anybody on the basis of the CCPA, but please bear in mind that we may not be permitted, for regulatory reasons, to provide you with our service if you partly or fully object to the processing of person identifiable information relating to you.
Please also consider that personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994, is not subject to the CCPA.
We value and honor your right to privacy, and we will always carefully assess how we can protect your personal information to the highest attainable standards.
Hapag-Lloyd AG is headquartered in the European Union and complies globally with the EU General Data Protection Regulation (GDPR) as a minimum standard. Insofar, we invite you to carefully read all sections above in order to familiarize yourself with these minimum standards. You should particularly study this section as it relates to the Hapag-Lloyd entities based in South Africa (“Hapag-Lloyd SA”) to which the Protection of Personal Information Act 4 of 2013 (“POPIA”) applies:
For further information please contact our Information Officer in South Africa
In the Privacy Terms above we provide all data subjects with a comprehensive overview regarding the processing of personal data at Hapag-Lloyd Group. Nonetheless, we know and appreciate that many customers are also concerned about the information that does not qualify as personal data, in particular as such information may be important to the operations of our customers.
Logistics is currently undergoing several waves of digitization, and this process is about to further accelerate over the months and years to come. Insofar, the operations processes and the exchange of information are changing rapidly with a clear tendency towards the expansion of data exchange between all stakeholders in the logistics supply chain.
Within the boundaries set by law, such as customs regulations or competition law, just to name a few examples, we also exchange substantially more transport service related information with third parties than we did before. Partially, this increase is even triggered by changes in the operations of public authorities, such as customs authorities.
As a guiding principle we exchange information with third parties involved in the logistics supply chain on a need-to-know basis, that means we share operational and production data to the extent this is necessary to provide the service. Examples are trucking companies, authorities, port terminals, feeder operators or other service related external partners.
To the same extent we also receive such operational or production data from stakeholders, primarily to synchronize such data with our internal data sets, to update the transport plan or for other general purposes of providing our service to you.
Most of the data provided and obtained relates to the physical move of the box, but such data sets may, depending on the stakeholders involved, also contain cargo related information such as cargo descriptions or the HS-Code.
We trust that our customers appreciate that Hapag-Lloyd, with new services like Quick Quotes or LIVE, is at the forefront of the digitization in the shipping industry, and that customers appreciate the value of new, disruptive digital platforms, which aim to increase the real-time data exchange of operations data in the entire ecosystem.
We are committed to remain one of the leaders in this field, and to increase transparency for all players in the ecosystem that are contributing to an individual shipment without compromising the security of information and operations.
Logistic chain platforms
Substantive parts of our customers are using existing platforms, such as INTTRA, and we expect that even more customers will try to harvest the advantages of emerging platforms such as GSBN or TradeLens.
Participating in such platforms comes at a “cost”, and that is the need for further standardization of data types, including operational and customer-related data. Partly triggered through new standards proposed by the Digital Container Shipping Association, as well as platform services, this standardization limits the capability of all stakeholders in the ecosystem to provide customer-specific services, or to contribute to customer run stand-alone systems.
Some of the new data-driven platforms and services imply the processing of vast amounts of operational data and trade documents, incl. the aggregated or de-identified use for secondary purposes, e.g. for the improvement of the quality of service providers or the promotion of ancillary services, to name just a few examples.
As a member to such platforms, Hapag-Lloyd is following the relevant data provisioning and data sharing requirements of the platform operators, and integrates the technology of such platforms into the Hapag-Lloyd services.
As such, terms and conditions of a platform may imply that we share data related to a shipment with that platform beyond the need-to-know principle, even if you are not a customer to that platform.
Regardless of the platform or service we collaborate with, we will not compromise our IT security standards, and whenever mixed data sets contain personal data, e.g. in trade documents, we will continue to adhere to the EU GDPR and/or other applicable data protection laws.
Last Updated: November 2021