Privacy policy
We are very pleased about your interest in our company. Data protection is a particularly high priority for the company’s management. The use of the company’s website is generally possible without any indication of personal data. However, if a data subject wishes to use special services of our company via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to the company. By means of this data protection notice, our company would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed about the rights to which they are entitled by means of this data protection notice.
As the data controller, the company has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
The use of our website is usually possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent.
1. Definitions
The company’s data protection notice is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is designed to be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms in this privacy notice, among others:
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination; the restriction, deletion or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
e) Profiling
Profiling is any type of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymization
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person become.
g) Controller or controller
The controller or controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
h) Processors
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
i) Recipient
The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigative mandate under Union or Member State law are not considered recipients. The processing of this data by the aforementioned authorities will be carried out in accordance with the applicable data protection regulations in accordance with the purposes of the processing.
j) Third parties
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes, in the form of a statement or other clear affirmative action, by which the data subject signifies that he or she agrees to the processing of personal data concerning him or her.
2. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:
CB Tankers GmbH & Co. KG
CB Tankers Shipmanagement GmbH
Altenwall 2128195 Bremen / Germany
Phone: +49-421-69165-0E-mail: mail@cbtankers.comWebsite: https://www.cbtankers.com
2.1 Name and address of the data protection officer
Shared IT Professional GmbH & Co. KG , Saebystr. 17a, 24576 Bad Bramstedt, thilo.noack@sharedit-pro.de
To assert rights within the framework of data protection or if you have any questions about the use, collection or processing of your personal data, please contact: mail@cbtankers.com.
3. Telecommunications-Digital-Services-Data Protection Act (TDDDG)
The legal basis for the storage and retrieval of information in the end user’s terminal equipment is consent, according to § 25 TDDDG. This consent is requested when the website is accessed.
According to Section 25 TDDDG, consent is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. In the cookie settings, you can see which cookies are to be classified as absolutely necessary (often referred to as “technically necessary cookies”), therefore fall under the exception of § 25 para. 2 TDDDGG and therefore do not require consent.
Please note that the legal basis for the downstream processing of personal data then results from the GDPR. The relevant legal bases for the processing of personal data on this website can be found in the further course of this data protection notice.
4. Collection of personal data when you visit our website
If you use the website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to show you our website and to ensure stability and security:
–IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (concrete page)
– Access status/HTTP status code
– Amount of data transferred in each case
– Website from which the request comes
–Browser
– Operating system and its interface
– Language and version of the browser software
After a technical evaluation, this data is deleted immediately. In accordance with Art. 6 para. 1 lit. f) GDPR, this data collection serves to safeguard our legitimate interests in the correct presentation of our website offering, which are overriding in the context of a balancing of interests, as well as to comply with the EU General Data Protection Regulation in terms of security and confidentiality.
5. Contact via the website
If you send a message via our website, by email, by phone or via the contact form, we will store the data you provide in order to answer your concerns. After answering your request, we will delete the data as long as there are no statutory retention periods to the contrary.
The legal basis for this is Art. 6 para. 1 lit. a) GDPR.
6. Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or if this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the purpose of storage ceases to apply or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
7. Rights of the data subject
a) Withdrawal of consent
If the processing of personal data is based on consent given, you have the right to withdraw consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation.
b) Right to information
If personal data is processed, you can request access to this personal data and the following information at any time:
a) the purposes of the processing; b) the categories of personal data that are processed;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
d) if possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
e) the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;
f) the existence of a right of appeal to a supervisory authority;
g) if the personal data is not collected from the data subject, all available information on the origin of the data;
h) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, as well as the scope and intended effects of such processing for the data subject.
i) If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards in accordance with Article 46 of the GDPR in connection with the transfer. We provide a copy of the personal data that is the subject of the processing. For any further copies that you as an individual request, we may charge a reasonable fee based on administrative costs. If you submit the application electronically, the information must be provided in a commonly used electronic format, unless the applicant states otherwise. The right to obtain a copy under Article 20 shall not affect the rights and freedoms of other persons.
c) Right to rectification and completion
You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
d) Right to erasure (“right to be forgotten”)
You have the right to obtain from the controller that the personal data concerning you be erased without undue delay and we are obliged to erase personal data without undue delay if one of the following reasons applies:
a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) The data subject withdraws his/her consent on which the processing was based pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR and there is no other legal basis for the processing.
c) The data subject objects to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing or the data subject objects to the processing in accordance with Article 21 (2) GDPR.
d) The personal data has been processed unlawfully.
e) The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
If the controller has made the personal data public and is obliged to delete them in accordance with paragraph 1, it shall take appropriate measures, including technical measures, taking into account the available technology and the costs of implementation, to inform data controllers who process the personal data that a data subject of theirs requests the deletion of all links to such personal data or of copies or has requested replications of such personal data.
The right to erasure (“right to be forgotten”) does not exist if the processing is necessary:
- to exercise the right to freedom of expression and information;
- to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, to the extent that the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the purposes of such processing, or
- to assert, exercise or defend legal claims.
e) Right to restriction of processing
You have the right to ask us to restrict the processing of your personal data if one of the following conditions applies:
a) the accuracy of the personal data is contested by the data subject, for a period of time that allows the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of the use of the personal data;
c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims, or
d) the data subject has objected to the processing in accordance with Article 21 (1) GDPR, as long as it has not yet been established whether the legitimate reasons of the controller outweigh those of the data subject.
Where processing has been restricted in accordance with the above conditions, such personal data will only be processed with the consent of the data subject, apart from their storage, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
f) Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another controller without hindrance from the controller to whom the personal data has been provided, provided that:
a) the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract pursuant to Article 6 (1) (b) GDPR and
b) the processing is carried out by automated means.
When exercising the right to data portability pursuant to paragraph 1, you have the right to obtain that the personal data is transferred directly from one controller to another controller, insofar as this is technically feasible. The exercise of the right to data portability does not affect the right to erasure (“right to be forgotten”). This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
g) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.
If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct advertising. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
In connection with the use of information society services, you can exercise your right to object by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), unless the processing is necessary for the performance of a task carried out in the public interest.
You can exercise the right to object at any time by contacting the respective controller.
h) Right to lodge a complaint with a supervisory authority
They also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if the data subject considers that the processing of personal data concerning him or her infringes this Regulation. For a list of supervisory authorities, see https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
(i) Right to an effective judicial remedy
Without prejudice to any available administrative or extrajudicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR, you have the right to an effective judicial remedy if you consider that the rights to which you are entitled under this Regulation have been infringed as a result of the processing of your personal data that is not in accordance with this Regulation.
8. Data protection for applications and in the application process
We are pleased that you are interested in us and that you are applying or have applied for a position in our company. In the following, we would like to provide you with information on the processing of your personal data in connection with the application.
What data about you do we process? And for what purposes?
We process the data you have sent us in connection with your application in order to check your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process.
What is the legal basis for this?
The legal basis for the processing of your personal data in this application process is primarily Art. 6 para. 1 lit. b) GDPR.
According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.
If, after completion of the application process, the data may be required for legal prosecution, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular for the purpose of safeguarding legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest then lies in asserting or defending claims.
If special types of personal data within the meaning of Art. 9 GDPR are processed (e.g. health data), the legal basis is § 26 para. 3 BDSG or Art. 9 para. 2 lit. b) GDPR in conjunction with Art. 6 para. 1 lit. b) GDPR.
How long is the data stored?
In the event of a rejection, applicants’ data will be deleted after 6 months.
In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. There, the data is deleted after two years.
If you have been awarded a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system.
To which recipients will the data be passed on?
Your applicant data will be reviewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. Then the further procedure will be coordinated. In principle, only those persons in the company have access to your data who need it for the proper running of our application process.
Where is the data processed?
The data is processed exclusively in data centers in the Federal Republic of Germany.
9. Legal basis for processing
Art. 6 (1) (a) GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in the case of processing operations necessary for the supply of goods or the provision of another service or consideration, the processing is based on Art. 6 (1) (b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, such as in cases of enquiries about our products or services.
If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 (1) (c) GDPR.
In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, a hospital or other third parties. In that case, the processing would be based on Art. 6 (1) (d) GDPR.
Ultimately, processing operations could be based on Art. 6 (1) (f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 sentence 2 GDPR). According to Article 6 (1) (a) – (f) GDPR, the legal basis for the processing can be in particular:
The data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes;
the processing is necessary for the performance of a contract to which the data subject is a party or to take steps taken at the request of the data subject prior to entering into a contract;
the processing is necessary for compliance with a legal obligation to which the controller is subject;
the processing is necessary to protect the vital interests of the data subject or of another natural person;
the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child).
10. Legitimate interests in the processing pursued by the controller or a third party
If the processing of personal data is based on Article 6 (1) (f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and our shareholders.
11. Duration for which the personal data will be stored
We will only process your data for as long as it is necessary to perform our contract or applicable legislation and to maintain our relationship with you. We will inform you about the specific storage period of the data within the framework of the respective description of the individual data processing. If you do not find a specific indication of the storage period there, then it is not possible for us to name one, because it depends on various individual factors (e.g. the term of the contract, assertion of claims, etc.). In these cases, we are guided by the principle of data minimisation and proportionality when it comes to the duration of storage.
Business documents are kept for a maximum of 6 and 10 years in accordance with the provisions of the Commercial Code and the Tax Code.
As long as you do not object or If you withdraw your consent, we will use your data to maintain and intensify our trusting business relationship to the benefit of both parties.
12. Legal or contractual requirements for providing the personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of not providing
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). In some cases, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with him/her. Failure to provide the personal data would mean that the contract with the person concerned could not be concluded. Before providing personal data by the data subject, the data subject must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis as to whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.
13. Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.