Data privacy statement for the website

Data privacy
The Hamburg Port Authority (“HPA” or “we”) takes the protection of your personal information seriously. We would like for you to know when we collect which data and how we use the information. Technical and organisational measures have been taken to ensure that the regulations regarding data protection are adhered to both by us and by our service providers.

1. Who is responsible for handling data, and who can I contact?

The responsibility lies with:
Hamburg Port Authority Public Institution
Neuer Wandrahm 4
20457 Hamburg, Germany
Tel.: +49 40 42847-0
Internet: www.hamburg-port-authority.de

You can contact our data protection officer at:
Hamburg Port Authority data protection officer 
Neuer Wandrahm 4
20457 Hamburg, Germany
Email: Datenschutz@hpa.hamburg.de
Tel.: +49 40 42847-0

2. General information
Each use of the Internet involves the transmission of data. Some data, such as your IP address, have to be transmitted to ensure that it is even possible for you to visit the website on a technical level. We require other data so that the website can fulfil its contractual purpose. In the following, we shall particularly explain to you which data we collect, why we process this data and which rights you have.

a. Web analysis services / etracker
Technologies from etracker GmbH (http://www.etracker.com) are used on this website to collect and store data for marketing and optimisation purposes. From this data, we create a pseudonym user profile, for which cookies are used. Cookies are small files of text that are stored in the local cache of the Internet browser being used by you, the website visitor. Cookies enable the Internet browser to be recognised the next time you visit the website. The data collected with etracker technologies are not used to personally identify the visitor to the website and are not brought into connection with personal information about the user of the pseudonym. This happens without the affected person having to separately give their permission. The collection and storage of data can be cancelled at any time, effective for the future. You can deactivate data collection from etracker here.

Matomo (formerly Piwik)

Our website uses Matomo (formerly Piwik), a Web analysis service from InnoCraft Ltd., 150 Willis Street, 6011 Wellington, New Zealand. Matomo stores cookies on your end device which enable us to analyse your use of our website. The information captured is solely stored on our server and includes the following data:

  • 2 bytes of the IP address of the system you use to visit our website
  • The website visited
  • The website where you were prior to visiting our website (referrer)
  • The subpages visited on the website visited
  • The dwell time on the website
  • The frequency of website visits

Our website uses Matomo with the setting “Anonymise visitors’ IP addresses”. This means the IP addresses are shortened before processing, thus eliminating any possibility of associating a person with the IP address. The software has been set up to ensure the IP addresses are not stored in full, but that 2 bytes of the IP address are masked (e.g. 192.168.x.x). In this way, the shortened IP address cannot be assigned to the computer being used. The IP address communicated from your browser via Matomo is not combined with other data we have captured.

With Matomo, we analyse the use of our website, as well as individual functions and offers, with the aim to continually improve the user experience. The statistical analysis of users’ behaviour enables us to improve our website and design it to be more interesting to visitors.

You can prevent this analysis by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. However, please note that in such a case, you may not be able to use all the functions of this website in their entirety. Matomo is an open-source project from InnoCraft Ltd., 150 Willis Street, 6011 Wellington, New Zealand. For more information on data protection, see Matomo’s Privacy Policy at: matomo.org/privacy-policy/

3. Which data are processed in the system protocol?
The following information is recorded in the website’s log data: IP address of the computer visiting the website (anonymised), authentication fields, data and time of the access, access method and content of the HTML access, and status code of the Web server, as well as information about the browser being used and the operating system of the user’s computer.

4. Use of cookies
To explain to you the use of cookies in a transparent and understandable way, we want to first explain what cookies are:

a. What are cookies?
A cookie is a small dataset which is placed on the hard drive of your device. This dataset is created by the Web server which you have used to connect to the Internet via your Web browser (e.g. Internet Explorer, Netscape Navigator). It is then sent to you and stored on your hard drive. Thanks to the use of cookies, you can be recognised the next time you visit the website. 

Most browsers are currently set up to automatically accept cookies by default. However, you have the possibility to change the settings of your browser so that cookies are automatically rejected or that you have to agree to them being stored. Moreover, you can delete cookies at any time from your system (e.g. Windows Explorer). 

The HPA website uses temporary session cookies, a numerical sequence to identify you (ID) during a session. These data are used, for instance, to store the font size you have chosen or forms which you have previously filled in. The session cookie is no longer effective when the Internet browser is closed, and it is automatically deleted.

The following cookies are used on our website:

NSD-accept cookies (storage of the consent to or rejection of cookies) -  Duration: Duration of visitSitzungsdauer
eTracker (see description under point 2)  -  Duration: 2 years
Matomo (see description under point 2)   - Duration: 90 days

5. Use of Instagram Social Plugins
So-called Social Plugins (“Plugins”) from Instagram are used on our website, managed by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The Plugins are labelled with an Instagram logo, for example in the form of an Instagram camera. An overview of the Plugins and what they look like can be found here:
blog.instagram.com/post/36222022872/introducing-instagram-badges

When you visit a page of our website, which contains such a Plugin, your browser connects directly to Instagram’s servers. The content of the Plugin is transmitted from Instagram directly to your browser and integrated into the page. Via this connection, Instagram receives information that your browser has called up the respective page of our website, even if you do not have an Instagram account or are not currently logged into Instagram. This information (solely your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there. 

If you are logged into Instagram, Instagram can instantly associate your visit to our website with your Instagram account. If you interact with the Plugins, for instance by clicking on the Instagram button, this information is also transmitted directly to an Instagram Server and stored there. The information is also broadcast on your Instagram account and showed to your contacts. 

The purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights concerning this and options for changing settings to protect your privacy, can be found in Instagram’s privacy policy:
https://help.instagram.com/155833707900388/

If you do not want for Instagram to instantly associate data collected from our website with your Instagram account, you must log out of Instagram prior to visiting our website. You can also fully prevent Plugins from being downloaded with add-ons for your browser, for instance with NoScript script blocker (http://noscript.net/).

6. Which sources and personal data do we use?
We process personal data which we have received from you within the scope of our business relationship. This personal data concerns: name, postal address, email address and possibly other contact data, invoice data or registration data such as your user ID and password. 

a. Use of data for subscribing to our newsletter
Within the scope of the registration for our newsletter, we use the data required from you and shared by use, with the aim to regularly send you our email newsletter according to your consent. You can unsubscribe to the newsletter at any time by sending a message to the contact described below or via the dedicated link in the newsletter. Wrongful disclosure of your data towards unauthorised third parties does not take place.

7. What do we process your personal information for (purpose of processing) and based on which legal basis?
We process personal data in line with the conditions of the European General Data Protection Regulation (ER GDPR), the German Federal Data Protection Act (BDSG) and the Hamburg Data Protection Act (HmbDSG).

a. To satisfy our contractual obligations (Art. 6, Par. 1b of the EU GDPR)
The processing (Art. 2, No. 2 of the EU GDPR) of personal data serves the purpose to enable the designated use of the website and its functions. The data are required to clearly identify you as the user, to be able to contact you and to ensure the effective fulfilment of the contract.

b. Within the scope of balancing interests (Art. 6, Par. 1f of the EU GDPR)
Insofar as it is required, we process your data beyond the actual fulfilment of the contract in order to safeguard our or the legitimate interests of third parties:

  • Enforcement of legal claims and defence when it comes to legal disputes
  • Guarantee of IT security and HPA’s IT operations
  • Prevention and clarification of criminal offences
  • Measures for controlling business and the development of services or products 

c. Based on your consent (Art. 6, Par. 1a of the EU GDPR)

d. Based on legal requirements (Art. 6, Par. 1c of the EU GDPR)
Insofar as data is transmitted, which are required to fulfil our obligation to provide information. 

8. Who receives your data?
Within HPA, only those departments receive your data which are contractually and legally required to fulfil our obligations. The processers (Art. 28 of the EU GDPR) associated with HPA receive your data for the above-mentioned purposes. 

Additional people who may receive your data include public offices and institutions, if a legal or official obligation exists to pass on your data. 

9. How long are your data stored?
HPA stores and processes personal data for the duration of the business relationship and as long as is required to initiate or process a contract. Moreover, HPA is subject to various storage and information obligations. 

The length of storage also depends on the legal periods of limitation for civil claims. These periods are, for instance, three years as a rule of thumb (according to Sec. 195ff of the German Civil Code [BGB]). 

10. Are data transmitted to a third country or an international organisation?
See section 4 above on the use of Instagram Social Plugins.

11. Which privacy right do you have?
Each person whose personal data is processed (“Data Subject”) has the right to access according to Art. 15 of the EU GDPR, to rectification according to Art. 16 of the EU GDPR, to erasure according to Art. 17 of the EU GDPR, to restriction of processing according to Art. 18 of the EU GDPR and to data portability according to Art. 20 of the EU GDPR. When it comes to access and erasure, restrictions according to §§ 34 and 35 of the BDSG apply. Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 of the EU GDPR and § 19 of the BDSG).
 
12. Are you obligated to provide data?
Within the scope of your use of this website, you only have to provide personal data which is required for the use of the website and the services offered. You are not obligated to provide data. 

13. To what extent does an automated decision-making process exist in isolated cases?
An automated decision-making process in isolated cases does not take place in connection with this website. 

14. To what extent are your data used for scoring?
An automated analysis of personal information (profiling) does not take place.

15. Adjustments to this privacy policy
In the course of the further development of this website and the implementation of new technologies, changes to this privacy policy could be required. HPA will therefore adjust this privacy policy at irregular intervals. We thus recommend that you read this privacy policy again from time to time. 

16. Information on communication in the Internet
Data which is transmitted via this website is encrypted. However, this is not the case when you send emails. As a result, it is possible that your data is intercepted by unauthorised persons. Because HPA cannot currently offer a secure connection or encryption of emails, you should not take the risk of sending emails and, instead, use another form of communication in case of uncertainty. The transmission of data via email takes place explicitly at your own risk. 

Version 12/09/2018


HPA on Instagram