Privacy Policy

Thank you for visiting the Hermes Germany GmbH (“Hermes”) website and for your interest in our services. Protecting your personal data is a very high priority for us throughout the entire business process. We therefore place a strong emphasis on ensuring that your data is secure and that the applicable provisions of data protection law, in particular the EU General Data Protection Regulation (GDPR), are observed in the course of data processing.

In this Privacy Policy, we will outline the type, scope and purpose of instances in which we collect and use personal data. You can access this information on our website at any time.

1 General information

1.1 Data controller

Pursuant to Article 4(7) of the General Data Protection Regulation (GDPR), the controller is
Hermes Germany GmbH
– represented by its directors Olaf Schabirosky (Chair of the Executive Board), Dennis Kollmann, Marco Schlüter and Hendrik Schneider –

Essener Strasse 89
22419 Hamburg
Germany

Tel.: +49 (0)40 53755 – 0
zentrale@hermesworld.com

1.2 Personal data

Personal data – sometimes also referred to as personally identifiable information – is personal information that can be used to determine your identity. This includes information such as your name, address, telephone number and email address. However, it can also include information such as your browsing behaviour if such information could be directly or indirectly attributed to you. A “data subject” within the meaning of the GDPR is a natural person whose personal or material circumstances are revealed by the personal data.

In principle, you can use the Hermes website without disclosing your personal data.

1.3 Transfer of data to third parties, subcontractors and third-party suppliers

Personal data is only transferred to third parties in accordance with statutory requirements. We therefore only disclose users’ data to third parties where necessary to fulfil contractual obligations, such as for billing purposes.

Insofar as we engage subcontractors for our online services, we implement appropriate contractual safeguards and put corresponding technical and organisational measures in place in relation to these companies.

Insofar as we use content or other resources provided by other companies (hereinafter collectively referred to as “Third-Party Suppliers”) whose registered address is in a third country, it can be assumed that any transferred data will be transferred to the Third-Party Supplier’s country of domicile. We only transfer personal data to third countries in cases where an adequate level of data protection exists in the third country, the users have given their consent or some other form of legal permission exists.

1.4. Data security

We have taken appropriate technical and organisational measures to protect your data against loss, alteration and unauthorised access. We continuously improve these security measures in accordance with the latest technological developments. Our website uses SSL (Secure Sockets Layer) encryption, which is the industry standard. This ensures the confidentiality of personal information during its transfer over the internet.

All our employees receive regular training on the topic of data protection and are instructed on how to handle customer data in a safe and confidential manner. All our employees have committed themselves to confidentiality and have signed a commitment to maintain confidentiality and data protection in their employment contracts.

1.5 Legal bases

We collect and process your personal data on the basis of the following legal bases as set out in the General Data Protection Regulation (GDPR):

a.
Consent in accordance with Article 6(1)(a) GDPR. Consent is a voluntary and unambiguous expression of a person’s wishes in relation to a specific case in the form of a declaration or some other clear confirmatory action through which the data subject makes it known that they agree to the processing of their personal data.

b.
Necessity for performance of a contract or to take steps prior to entering into a contract in accordance with Article 6(1)(b) GDPR. Your data is necessary for us to prepare to enter into a contract with you or to fulfil our contractual duties to you.

c.
Processing for compliance with a legal obligation in accordance with Article 6(1)(c) GDPR. In this case, the processing of your data is necessary, for example, due to a law or other regulations.

d.
Processing to protect legitimate interests in accordance with Article 6(1)(f) GDPR. This means that the processing is necessary to protect our legitimate interests or the legitimate interests of third parties, unless such interests are outweighed by your interests or fundamental rights and freedoms which require the protection of personal data.

1.6 Your data protection rights

Your rights

You generally have the following rights in relation to your personal data with respect to Hermes:

  • Right of access
  • Right to rectification
    If your personal data has been inaccurately recorded, you can have this data corrected at any time. The fastest and simplest way is to log into your myhermes.de account and make the requisite corrections.
  • Right to erasure
    If you would like us to delete your personal data, we may in some circumstances be required to store this data for a certain period due to statutory retention obligations, such as for fiscal or accounting purposes. In this case, we will delete the data immediately upon expiration of the retention period.
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent to processing
    The withdrawal of consent does not affect the legality of processing on the basis of consent until the time of its withdrawal.

Right to lodge a complaint

You also have the right to lodge a complaint with a Data Protection Authority regarding Hermes’ processing of your personal data. The relevant supervisory authority in relation to postal services is:

The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Strasse 153, 53117 Bonn, Germany
https://www.bfdi.bund.de

Otherwise the relevant supervisory authority is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Strasse 22, 20459 Hamburg, Germany
https://datenschutz-hamburg.de

1.7 Contact persons

If you have any queries regarding the processing of your personal data or wish to exercise your data subject rights, please contact:

datenschutz@hermesworld.com

When sending your enquiry, please provide your full contact details (first name, last name and address) so that we can identify you and respond to your enquiry.

2. Processing in the context of use of website functions

2.1 Accessing the website

Purposes of processing

Each time a user visits the Hermes Germany GmbH website, our web servers temporarily store and process certain data in a log file. This data is collected exclusively for the purpose of ensuring the website’s functionality. We also use the data for statistical purposes to improve our website. Furthermore, the data serves to ensure the security of our IT systems. Data is not analysed for marketing purposes in this context.

Type of data

The following data is collected in a log file each time our website is accessed:

  • the anonymised IP address of the computer submitting a query
  • the date and duration of the user’s visit
  • the data identifying the browser and operating system used
  • the Hermes Germany GmbH website visited by the user
  • the website from which the user reached our website

Your IP address is anonymised before datasets are stored.

Legal basis

The legal basis in this context is Article 6(1)(f) GDPR and Section 25(2) No. 2 of the German Telecommunications-Telemedia Data Protection Act (TTDSG). Our legitimate interest for the data processing lies in ensuring the functionality of our website and safeguarding our systems. This outweighs your interest in confidentiality. It is not technically possible to provide the website and ensure its operation and security without the processing of your personal data. The security of our website is also in your interest.

Storage period

The data is deleted as soon as it is no longer needed for the purpose for which it was collected. Data is deleted at the latest after 14 days.

Ability to revoke consent, object and have data erased

The collection and processing of data for the purposes specified in this point is essential for the operation of the Hermes website. You therefore do not have the ability to object.

Further information

This website is hosted by an external service provider. The personal data recorded on this website is stored on the servers of our hosting provider in Germany.

We use a hosting provider for the purpose of performance of a contract with potential or existing customers (Article 6(1)(b) GDPR) and in the interest of safe, swift and efficient provision of our website by a professional service provider (Article 6(1)(f) GDPR).

Our hosting provider only processes your data to the extent necessary for fulfilment of its duties to perform.

The processing company is:

freistil IT Ltd
13 Upper Baggot Street, 2nd floor
Dublin D04 W7K5
Ireland

Duty to provide your personal data

You are not obligated to disclose your personal data. However, without providing the aforementioned personal data, you will not be able to access this website.

3. Use of cookies and similar technologies

The Hermes website uses cookies. By clicking the “Accept” button on the cookie banner or selecting your individual cookie settings, you give your consent for Hermes to store cookies and tracking mechanisms on your end device and to retrieve these cookies and tracking mechanisms from your end device. Cookies are small text files that are stored in the web browser or by the web browser on the user’s computer. Cookies usually contain a string of characters that allows the browser or end device to be uniquely identified when the website is revisited.

This website uses different types of cookies. These cookies can be categorised as follows:

  • temporary session cookies, which are usually deleted after your web browser is closed;
  • permanent cookies, which are stored on your end device for a longer period and contain certain settings, e.g. the language selected for use of the Hermes website;
  • first-party cookies, which are stored on your end device by the Hermes website, and
  • third-party cookies, which are stored on your end device by other internet services authorised and engaged in the context of the Hermes website.

The first-party cookies placed by the Hermes website include both temporary session cookies and permanent cookies. The website uses the permanent cookies to store information in order to save any personal user settings and improve the user experience on the next visit (e.g. selected language settings). The website uses temporary session cookies to store technical information required for the website to function properly. The storage duration of these cookies is determined by the periods set out in this point.

Services provided by third parties for the purpose of analysing user behaviour or providing internet services are also used on this website. These service providers may also use cookies (third-party cookies), tracking pixels or other similar analytics technologies. You can find more detailed information about the internet and analytics technologies used on this website in subsequent sections of this policy.

In general, you can instruct your device’s web browser to prevent the storage of cookies or the use of analytics technologies. However, in some cases, this will mean that certain functionalities of this website will be unavailable. Another option is to configure your browser so that it notifies you as soon as a cookie or similar analytics technology is used. In addition, you can manually delete all cookies at any time.

Revoking all consent

You can revoke any and all consent you have given for the data processing described below via cookie settings. This will stop future analytics and will also store an opt-out cookie in the web browser of the device used, which contains the instruction not to collect any data from this end device for the aforementioned purposes in future.

3.1 Borlabs Cookie

Purposes of processing

Borlabs Cookie is a content management platform that uses strictly necessary cookies. They make an entry in the local storage of your browser.

Type of data

If you select the “Reject” option, a cookie will be placed that records this rejection. No personal data of any kind is recorded in the process.

If you consent to the use of external media, the permitted external media will be stored in a cookie. This cookie also contains a so-called UID. The UID is a randomly generated ID and is not personal information.

Legal basis

The legal basis for the storage of data is Article 6(1)(c) in conjunction with Article (7)(1) GDPR.

Storage period

The data is deleted as soon as it is no longer needed for the purpose for which it was collected. Data is deleted at the latest after 14 days.

Ability to revoke consent, object and have data erased

Due to a legal obligation to collect this data, it is not possible to lodge an objection.

Additional information

The processing company is:

Borlabs GmbH
Rübenkamp 32
22305 Hamburg, Germany

Duty to provide your personal data

The provision of your personal data is essential to fulfil a legal obligation.

3.2 Facebook

Purposes of processing

We embed content from external platforms on our website, including content from the US company Meta Platforms, Inc. (1601 Willow Road Menlo Park, CA 94025, USA (“Facebook”)).

If you visit a page on our website and have accepted cookies for “External media” in cookie-settings, your browser will be able to establish a connection to Facebook and thereby load and display the content of these pages. As a result, Facebook may be able to track your visit to this website, even if you do not actively use this content.

By using Facebook and the “Share article” function, the websites you have visited will be linked with your Facebook account and disclosed to other users. Data is also transmitted to Facebook in the process. Your web browser will establish a direct connection to Facebook’s servers and transfer data to Facebook.

Type of data

We would like to point out that we do not have any knowledge of the content, scope, type, purpose or subsequent processing of the transferred data or its use by Facebook.

Legal basis

The legal basis for this transfer following a click on the Share button is your consent to the cookie in accordance with Article 6(1)(a) GDPR.

Ability to revoke consent, object and have data erased

You can revoke your consent at any time using the tool in the “Cookie settings” tab in the footer.
You can find further information about your rights and settings you can use to protect your privacy in the Facebook Privacy Policy: https://www.facebook.com/about/privacy.

Additional information

The social media platform Facebook is operated not by us but by the respective service providers, who also bear responsibility for it. The authority to control and design Facebook as a product lies with the platform operator, Meta Platforms Inc. We have no influence over the data collected by Facebook or its data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing or the storage periods.

We would like to point out that processing of personal data in countries outside the European Union and European Economic Area, in particular in the USA, cannot be excluded. In some circumstances, this may entail the risk of complications in the assertion of rights, which represents a risk for individual users.

You can find more information about the processed data at:

Meta Platforms Ireland Limited
Dublin Ballsbridge Campus
Dublin 4, Ireland

https://www.facebook.com/about/privacy

Processing of your personal data in third countries

We would like to point out that, due to the use of Facebook, processing of personal data in countries outside the European Union and European Economic Area, in particular in the USA, cannot be excluded. In some circumstances, this may entail the risk of complications in the assertion of rights, which represents a risk for individual users.

Duty to provide your personal data

You are not obligated to provide your personal data.

3.3 Google Maps

Purposes of processing

We embed content from external platforms on our website, including content from the US company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)).

If you visit a page on our website and have accepted cookies for “External media” in cookie settings, your browser will be able to establish a connection to Google and thereby load and display the content of these pages (see also Point 4, Social media plugins). As a result, Google may be able to track your visit to this website, even if you do not actively use this content.

Type of data

We would like to point out that we do not have any knowledge of the content, scope, type, purpose or subsequent processing of the transferred data or its use by Google.

Legal basis

The legal basis for this transfer is your consent to the cookie in accordance with Article 6(1)(a) GDPR.

Storage period

The storage period depends on your Google settings. You can find further information here:
https://support.google.com/maps/answer/6258979?hl=de&co=GENIE.Platform%3DDesktop

Ability to revoke consent, object and have data erased

You can revoke your consent at any time using the tool in the “Cookie settings” tab in the footer.

You can find further information about your rights and settings you can use to protect your privacy in the Google Privacy Policy: https://policies.google.com/privacy?hl=de#infochoices

Additional information

The data is processed by the following company:

Google Ireland Limited
Gordon House
4 Barrow St, Dublin, D04 E5W5 Ireland

You can find more information about the processed data at:

https://policies.google.com/terms?hl=de&gl=de
https://www.google.com/intl/de_US/help/terms_maps/

Processing of your personal data in third countries

The use of Google Maps may result in the processing of your personal data outside the European Union, specifically in the United States of America. Google Ireland Limited is solely responsible for this processing.

Duty to provide your personal data

You are not obligated to provide your personal data. If you have used the aforementioned function to deactivate tracking by Google Maps, it will not be possible to access this website without the processing of your personal data.

3.4 Instagram

Purposes of processing

We embed content from external platforms on our website, including content from the US company Meta Platforms, Inc (1601 Willow Road Menlo Park, CA 94025, USA (“Instagram”)).

If you visit a page on our website and have accepted cookies for “External media” in cookie settings, your browser will be able to establish a connection to Instagram and thereby load and display the content of these pages (see also Point 4, Social media plugins). As a result, Instagram may be able to track your visit to this website, even if you do not actively use this content.

Information regarding joint responsibility in accordance with Article 26 GDPR

Meta Platforms Ireland Limited provides our company with statistical data (called page insights) which gives us information about user activities in our company’s online presences. The functions of a Facebook business page provided for companies by Meta Platforms Ireland Limited relate to a Facebook product of Meta Platforms Ireland Limited that is subject to the Meta Privacy Policy (cf. https://www.facebook.com/about/privacy/update ), information regarding Instagram insights (cf.  https://de-de.facebook.com/business/help/441651653251838?id=419087378825961 ) and an agreement in keeping with Article 26 GDPR unilaterally presented by Facebook Ireland Limited (cf. https://www.facebook.com/legal/terms/page_controller_addendum ).

In the aforementioned agreement, Hermes Germany GmbH and Meta Platforms Ireland Limited agree that Meta Platforms Ireland Limited is responsible for providing you with information regarding processing for page insights and for ensuring that you can exercise your data subject rights (right of access, right to rectification, right to data portability, right to erasure, right to object and right to limitation of the processing of your data) in accordance with the GDPR. You can find out more about these rights in your Instagram settings. You also have the option of contacting the data protection officer of Meta Platforms Ireland Limited.

Meta Platforms Ireland Limited and Hermes Germany GmbH have agreed that the Irish Data Protection Commission is the relevant supervisory authority and monitors data processing in relation to page insights. You have the right to lodge a complaint with the Irish Data Protection Commission at www.dataprotection.ie or with another supervisory authority.

Type of data

We would like to point out that we do not have any knowledge of the content, scope, type, purpose or subsequent processing of the transferred data or its use by Instagram.

Legal basis

The legal basis for this transfer is your consent to the cookie in accordance with Article 6(1)(a) GDPR.

Storage period

Please note that the data you transfer to Instagram will be stored on Instagram’s servers. You are responsible for securing the deletion of your data on those servers. In addition, the amendment/deletion of data held by Instagram will not result in the amendment/deletion of data held by us.

Ability to revoke consent, object and have data erased

You can revoke your consent at any time using the tool in the “Cookie settings” tab in the footer.

You can find further information about your rights and settings you can use to protect your privacy in the Instagram Privacy Policy: https://help.instagram.com/196883487377501/?helpref=hc_fnav

Additional information

The social media platform Instagram is operated not by us but by the respective service providers, who also bear responsibility for it. The authority to control and design Instagram as a product lies with the platform operator, Meta Platforms Inc. We have no influence over the data collected by Instagram or its data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing or the storage periods.

We would like to point out that processing of personal data in countries outside the European Union and European Economic Area, in particular in the USA, cannot be excluded. In some circumstances, this may entail the risk of complications in the assertion of rights, which represents a risk for individual users.

You can find more information about the processed data at:

Meta Platforms Ireland Limited
Dublin Ballsbridge Campus
Dublin 4, Ireland

https://de-de.facebook.com/help/instagram/519522125107875

Processing of your personal data in third countries

In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, it is possible that your personal data may be processed in the United States of America (USA). The European Commission has not issued an adequacy decision for the USA. We have therefore secured a level of data protection through adequate safeguards within the meaning of Article 46 GDPR.

Duty to provide your personal data

You are not obligated to provide your personal data.

3.5 Twitter

Purposes of processing

We embed content and functions from external platforms on our website, including functions provided by the US company Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter“).

If you visit a page on our website and have accepted cookies for “external media” in cookie settings, your browser will be able to establish a connection to Twitter and thereby load and display the content of these pages. As a result, Twitter may be able to track your visit to this website, even if you do not actively use this content.

See also Point 4, Social media plugins. By using Twitter and the “Share article” function, the websites you have visited will be linked with your Twitter account and disclosed to other users. Data is transmitted to Twitter in the process. Your web browser will establish a direct connection to Twitter’s servers and transfer data to Twitter.

Type of data

We would like to point out that we do not have any knowledge of the content, scope, type, purpose or subsequent processing of the transferred data or its use by Twitter.

Legal basis

The legal basis for this transfer is your consent to the cookie in accordance with Article 6(1)(a) GDPR.

Storage period

Please note that the data you transfer to Twitter will be stored on Twitter’s servers. You are responsible for securing the deletion of your data on those servers. In addition, the amendment/deletion of data held by Twitter will not result in the amendment/deletion of data held by us.

Ability to revoke consent, object and have data erased

You can revoke your consent at any time using the tool in the “Cookie settings” tab in the footer.

You can find further information about your rights and settings you can use to protect your privacy in the Twitter Privacy Policy: https://twitter.com/de/privacy.

You can change your Twitter data privacy settings in the account settings at http://twitter.com/account/settings.

Additional information

The social media platform Twitter is operated not by us but by the respective service providers, who also bear responsibility for it. The authority to control and design the social media portal lies with the social media platform operator, Twitter Inc. We have no influence over the data collected by Twitter or its data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing or the storage periods.

We would like to point out that processing of personal data in countries outside the European Union and European Economic Area, in particular in the USA, cannot be excluded. In some circumstances, this may entail the risk of complications in the assertion of rights, which represents a risk for individual users.

You can find more information about the processed data at:

Twitter International Company
1 Cumberland Place, Fenian St,
Dublin 2,
D02 AX07, Ireland

https://twitter.com/de/privacy

We use the social media moderation tool made available by the service providers to process enquiries on our company profiles on Instagram and Twitter:

Facelift brand building technologies GmbH (Facelift bbt)
Gerhofstr. 19, 20354 Hamburg, Germany

Processing of your personal data in third countries

In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, it is possible that your personal data may be processed in the United States of America (USA). The European Commission has not issued an adequacy decision for the USA. We have therefore secured a level of data protection through adequate safeguards within the meaning of Article 46 GDPR.

Duty to provide your personal data

You are not obligated to provide your personal data.

3.6 Vimeo

Purposes of processing

We embed content from external platforms on our website, including content from the US company Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (“Vimeo”)).

If you visit a page on our website and have accepted cookies for “External media” in cookie settings, your browser will be able to establish a connection to Vimeo and thereby load and display the content of these pages (see also Point 4, Social media plugins). As a result, Vimeo may be able to track your visit to this website, even if you do not actively use this content.

Type of data

We would like to point out that we do not have any knowledge of the content, scope, type, purpose or subsequent processing of the transferred data or its use by Vimeo.

Legal basis

The legal basis for this transfer is your consent to the cookie in accordance with Article 6(1)(a) GDPR.

Storage period

Please note that the data you transfer to Vimeo will be stored on Vimeo’s servers. You are responsible for securing the deletion of your data on those servers. In addition, the amendment/deletion of data held by Vimeo will not result in the amendment/deletion of data held by us.

Ability to revoke consent, object and have data erased

You can revoke your consent at any time using the tool in the “Cookie settings” tab in the footer.

You can find further information about your rights and settings you can use to protect your privacy in the Vimeo Privacy Policy: https://vimeo.com/privacy

Additional information

Processing is carried out by:

Vimeo Inc.
555 West 18th Street, New York,
New York 10011, USA

Processing of your personal data in third countries

In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, it is possible that your personal data may be processed in the United States of America (USA). The European Commission has not issued an adequacy decision for the USA. We have therefore secured a level of data protection through adequate safeguards within the meaning of Article 46 GDPR.

Duty to provide your personal data

You are not obligated to provide your personal data.

3.7 YouTube

Purposes of processing

We embed content from external platforms on our website, including content from the US company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“YouTube”)).

If you visit a page on our website and have accepted cookies for “external media” in cookie settings, your browser will be able to establish a connection to YouTube and thereby load and display the content of these pages.

Hermes uses the framing code generated by YouTube in “privacy-enhanced mode”. According to information provided by YouTube, this mode means that the activities of cookies and the collection of data they initiate is only triggered when watching the video. This mode prevents data from being collected when a visitor simply uses a website with framed content (see Point 4, Social media plugins).

Type of data

We would like to point out that we do not have any knowledge of the content, scope, type, purpose or subsequent processing of the transferred data or its use by YouTube.

Legal basis

The legal basis for this transfer is your consent to the cookie in accordance with Article 6(1)(a) GDPR.

Storage period

Please note that the data you transfer to YouTube will be stored on YouTube’s servers. You are responsible for securing the deletion of your data on those servers. In addition, the amendment/deletion of data held by YouTube will not result in the amendment/deletion of data held by us.

Ability to revoke consent, object and have data erased

You can revoke your consent at any time using the tool in the “Cookie settings” tab in the footer.

You can find further information about your rights and settings you can use to protect your privacy in the Google Privacy Policy: https://policies.google.com/privacy?hl=de#infochoices

Additional information

Data processing is carried out by:

Google Inc.,
1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA

Processing of your personal data in third countries

In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, it is possible that your personal data may be processed in the United States of America (USA). The European Commission has not issued an adequacy decision for the USA. We have therefore secured a level of data protection through adequate safeguards within the meaning of Article 46 GDPR.

Duty to provide your personal data

You are not obligated to provide your personal data.

3.8 Matterport

Purposes of processing

We embed (3D) content from external platforms on our website, including content from the US company Matterport, Inc., 352 E. Java Dr. Sunnyvale, CA 94089, USA (“Matterport”)).

If you visit a page on our website and have accepted cookies for “External media” in cookie settings, your browser will be able to establish a connection to Matterport and thereby load and display the content of these pages (see also Point 4, Social media plugins). As a result, Matterport may be able to track your visit to this website, even if you do not actively use this content.

Type of data

We would like to point out that we do not have any knowledge of the content, scope, type, purpose or subsequent processing of the transferred data or its use by Matterport.

Legal basis

The legal basis for this transfer is your consent to the cookie in accordance with Article 6(1)(a) GDPR.

Storage period

Please note that the data you transfer to Matterport will be stored on Matterport’s servers. You are responsible for securing the deletion of your data on those servers. In addition, the amendment/deletion of data held by Matterport will not result in the amendment/deletion of data held by us.

Ability to revoke consent, object and have data erased

You can revoke your consent at any time using the tool in the “Cookie settings” tab in the footer.
You can find further information about your rights and settings you can use to protect your privacy in the Matterport Privacy Policy: https://matterport.com/privacy-policy

Additional information

Data processing is carried out by:

Matterport, Inc.,
352 E. Java Dr. Sunnyvale
CA 94089, USA

Processing of your personal data in third countries

In principle, we have commissioned the processing of your personal data in the European Union. Nevertheless, it is possible that your personal data may be processed in the United States of America (USA). The European Commission has not issued an adequacy decision for the USA. We have therefore secured a level of data protection through adequate safeguards within the meaning of Article 46 GDPR.

Duty to provide your personal data

You are not obligated to provide your personal data.

4. Social media plugins

When you visit our website, the interfaces of these social plugins are deactivated, which means they will not send any data to third parties unless you actively permit them to do so. Before you can use these interfaces, you must activate them by clicking on them. Each interface will remain active until you deactivate it or clear your cookies (see also “Use of cookies”). After activating a plugin, a direct connection is established with the server of the social network in question. The social network then transmits the content of the interface directly to your browser, which integrates this content in our website.

We currently use the following social media plugins on our website: Facebook Share button, Twitter, YouTube, Podigee Podcast Hoster, LinkedIn, Xing and Instagram. We process your personal data in order to provide you with the functionalities of the respective social media plugin.

Purpose of processing

We use social media plugins to communicate with our customers and interested parties. In addition, we analyse content to find out what our users find most interesting. We use this information to optimise our website.

We use the two-click solution in this respect. This means that, in principle, when you visit our site, no personal data will be passed on to the provider of such plug-ins initially. The respective processing activities will only be initiated by activating the respecting social media plugin.

Once you activate a social network’s interface, that social network will be able to collect data irrespective of whether you interact with the interface. If you are logged in to a social network, it will be able to attribute your visit to this website to your user account.

If you are a member of a social network and do not want the data collected upon your visit to our website to be connected to your saved account data, you must log out of the social network in question before activating its interface.

Type of data

The following data is used in the use of social media plugins:

  • Customer data
  • Social media IDs
  • The content posted via social media

Legal basis

The legal basis for the processing of your personal data in this context is Article 6(1)(f) GDPR. Our legitimate interest in the use of social media plugins outweighs your interest in confidentiality.

Storage period

We store your personal data for as long as necessary for the provision of the respective social media plugin. Data for analysis is stored for a maximum of 24 months; the content of posts (except for Facebook) is stored for a maximum of 12 months.

Recipients and categories of recipients

We disclose your personal data to the following organisations:

For provision of the Facebook Share button:

Facebook Inc.
1601 S California Ave
Palo Alto, California 94304, USA

For provision of the Twitter plugin:

Twitter, Inc.
1355 Market St, Suite 900
San Francisco, California 94103, USA

For provision of the YouTube plugin:

Google Inc.,
1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA

For provision of the Podigree podcast plugin:

Podigee GmbH,
Schlesische Strasse 20,
10997 Berlin, Germany

For provision of the LinkedIn plugin:

LinkedIn Corporation,
2029 Stierlin Court, Mountain View,
California 94043, USA

For provision of the Xing plugin:

Xing AG,
Gänsemarkt 43,
20354 Hamburg, Germany

For provision of the Instagram plugin:

Instagram LLC
1601 Willow Road, Menio Park
CA 94025, USA

Processing of your personal data in third countries

Some of the aforementioned service providers process your personal data in the USA. The European Commission has not issued an adequacy decision for the USA. We have secured the level of data protection through adequate safeguards (standard contractual clauses) within the meaning of Article 46 GDPR.

Duty to provide your personal data

You are not obligated to disclose your personal data.

It is not possible to provide these social media plugins without processing personal data. In addition, the use of social media plugins is voluntary and must first be activated by the user.

5. Embedding of video and podcast content

5.1 YouTube embedding

Our website uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in order to embed video content.

YouTube embedding uses a technical process known as framing. Framing means that simply inserting an HTML link provided by YouTube in the code of a website creates a frame on the third-party site, thereby making it possible to play videos saved on YouTube servers.

The company uses the framing code generated by YouTube in “privacy-enhanced mode” – with the exception of the Newsroom media library. According to information provided by YouTube, this mode means that the activities of cookies and the collection of data they initiate is only triggered when watching the video. This mode prevents data from being collected when a visitor simply uses a website with framed content.

If you click on the video, your IP address will be transmitted to YouTube and YouTube will learn that you viewed the video. If you are logged in to YouTube, this information will also be attributed to your user account (which you can prevent by logging out of your YouTube account before accessing the video). We have no knowledge of or control over the potential collection and use of your data by YouTube. You can find further information in the YouTube Privacy Policy at https://policies.google.com/privacy?hl=de#infochoices

5.2 Vimeo embedding

We embed content from external platforms on our website, including content from the US company Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (“Vimeo”)).

If you visit a page on our website and have accepted cookies for “External media”, your browser will be able to establish a connection to Vimeo and thereby load and display the content of these pages (see also Point 4, Social media plugins). As a result, Vimeo may be able to track your visit to this website, even if you do not actively use this content.

If you click on the video, your IP address will be transmitted to Vimeo and Vimeo will learn that you viewed the video. If you are logged in to Vimeo, this information will also be attributed to your user account (which you can prevent by logging out of your account before accessing the video). We have no knowledge of or control over the potential collection and use of your data by Vimeo. You can find further information in the Vimeo Privacy Policy at https://vimeo.com/privacy

5.3 Podigee podcast hosting

We use the podcast hosting service Podigee provided by Podigee GmbH, Schlesische Strasse 20, 10997 Berlin, Germany. The podcasts are therefore loaded by Podigree or transmitted by Podigree.

Podigee processes IP addresses and device information in order to facilitate podcast downloads/playback and calculate statistical data, e.g. listening figures. This data is anonymised or pseudonymised prior to being stored in the Podigree database insofar as this data is not necessary for providing the podcasts.

You can find further information and ways to object in the Podigee Privacy Policy: https://www.podigee.com/de/about/privacy/.

6. Website tracking

We use software provided by the web analytics service provider Octavius.rocks, August-Bebel-Strasse 71–73, 33602 Bielefeld, Germany (“Octavius”) to structure this website in line with user needs and to facilitate its continuous optimisation. The Octavius plugin enables us to conduct anonymised analysis of how users use the website. We analyse how users use the website and generate reports about website activities.
No personal data is collected through the use of Octavius.rocks. The following data is collected:

  • the date and duration of the user’s visit
  • the Hermes Germany GmbH website visited by the user
  • the websites from which the user visits the website of Hermes Germany GmbH
  • screen sizes

7. Getting in contact

If you contact us by telephone, by email or through Twitter, the personal data you provide will be collected and stored.

Purposes of processing

We use the collected data exclusively for the purpose of responding to your enquiry and for any other purposes stated upon collection of the data. If necessary to respond to your enquiry, we will transfer this data to the relevant Hermes company (for example, we may forward your data to the Austria-based Hermes Logistik GmbH & Co KG if you have requested information about Hermes services in Austria). If you contact us using a contact form, by telephone or by email, the personal data you provide will be collected and stored.

Type of data

The following types of data may be collected. Whether this data is collected depends on the nature of your enquiry:

  • First name
  • Name
  • Company
  • Address
  • Telephone number
  • Email address
  • etc.

Legal basis

The legal basis for data processing is Article 6(1)(b) GDPR insofar as you make contact with a view to concluding a contract. If no contractual relationship exists between you and Hermes, the legal basis for this processing is Article 6(1)(f) GDPR. In this case, the legitimate interest of Hermes outweighs your legitimate interest. This is because it is not possible to deal with your enquiry without processing your personal data. In addition, the use of the contact form, and contacting us in general, is voluntary.

Storage period

Customer service conversations are stored for a period of 3 months.

We delete the data we receive through the contact form and by email once its storage is no longer necessary for the purpose of contact, or – if applicable – in accordance with statutory retention obligations.

Ability to revoke consent, object and have data erased

If the processing of your personal data in relation with your contact enquiry takes place on the basis of our legitimate interests, you have the right to object to the processing of your personal data at any time. If you file an objection, it will not be possible to continue the correspondence. If you file a legitimate objection, all personal data collected in this context will be deleted.

Duty to provide your personal data

You are not obligated to disclose your personal data. The fields marked in the form are mandatory fields that must be completed for us to process your enquiry.

8. Liability and up-to-dateness

8.1 Liability for links

Our website and our Privacy Policy may contain links to external third-party websites over which we have no influence. We are therefore unable to accept any liability for the content of third-party websites.

The respective website provider or operator is always responsible for the content of the linked web pages. The linked web pages were inspected for any legal violations at the time the links were created. No illegal content was identifiable at the time the links were created. However, it is not possible or reasonable for us to permanently monitor the content of linked web pages without specific indications of a legal infringement. We will remove such links immediately upon being notified of such an infringement.

8.2 Updates and amendments

We may amend or update parts of this Privacy Policy without notifying you in advance. Please review our Privacy Policy before using our services in order to stay up to date with potential amendments and updates.

Privacy Policy published: September 2022