Quicklinks
Quicklinks
Hamburger Hafen und Logistik AG
Bei St. Annen 1
20457 Hamburg
You can reach our data protection officer at the above address or at datenschutz@hhla.de.
Microsoft services are a central IT tool that enables us to digitize, modernize and increase the efficiency of our business processes and the administrative activities.
The processing is carried out on behalf of HHLA by
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland
Please consider that this privacy policy only provides information about the processing of your personal data by HHLA when using Microsoft services. For information about Microsoft's processing of your personal data, please refer to Microsoft's statement. Additional details from Microsoft on this topic can be found here:
Various types of data are processed when you use Microsoft services. The type and scope of the data depends, among other things, on your behaviour as a user and on what content you share or what information you provide.
The following categories of data may be processed when using Microsoft services:
Labels and contents of documents and files, tasks and results in the context of workflows, elaborations or reviews.
Communication data such as the time and parties involved in contacts and communication content, such as text chats or audio and video communication, are also processed. Personal and contact data such as surname, first name, business email address and telephone number may also be processed.
Authentication data such as email address and password, contact data, other technical data and unique identification numbers and signatures, such as IP addresses, can be processed to ensure access and use.
In addition, there are log files containing access times, application details, IP addresses, timestamps of the first and last activity and presence status, as well as system-generated log data. Device information such as the name of the device, application used, browser and operating system can also be collected, as well as product feedback including relevant device and application information.
Our employees are obliged to handle this data confidentially.
Please note that Microsoft, as a service provider, has its own privacy policy that applies to data processed through Microsoft services. For more information about how your data is processed when you use Microsoft cloud services, please visit: https://privacy.microsoft.com/de-de/privacystatement.
Depending on the specific use of Microsoft services, data may be processed for different purposes. The purposes of the processing depend on the use of the respective Microsoft services.
Microsoft Teams is used for internal and external communication and collaboration. Data is processed to enable online meetings, chats and file sharing, for example. The purposes include the coordination of projects, the exchange of information within teams or departments, the holding of online meetings and efficient communication with external partners. Communication content (text, audio, video), metadata on communication processes (participants, time), shared documents and files as well as status information (attendance) can be processed. In principle, online meetings are not recorded. If we wish to record online meetings in individual cases (e.g. for training purposes), we will inform you of this in advance and, if necessary, ask for your consent. When a recording is started, all participants in the meeting will receive a system-side notification of this. If you do not agree to the recording, you can leave the meeting at any time or deactivate your camera or microphone. You can revoke your consent at any time with effect for the future. To do so, please use the contact details below. If you refuse the recording or revoke or restrict your consent, you will not suffer any disadvantages as a result. Please inform the moderator of the respective online meeting immediately.
Microsoft Forms is used to create and conduct surveys, forms, quizzes, and general data retrieval. The processing of the data is used to collect company data, feedback or audits. The specific purposes include the evaluation of events, the implementation of voting or digital questionnaires, and the collection of information for administrative processes. The categories of data processed include the answers and content you provide and, if applicable, basic personal data to identify the participant.
Microsoft SharePoint enables the central storage and management of documents and information as well as collaboration on projects. The purposes of data processing are to provide workspaces for teams, collaborate on documents, archive information, and ensure access to relevant documents. This involves processing names and contents of documents and files, access rights and version histories, among other things.
Microsoft OneDrive is used for personal file storage and file sharing. Using OneDrive allows you to securely store business documents and share them with others when needed. The purposes of data processing include providing a personal storage space, backing up important documents, and enabling access to files from different devices. The processed data is primarily the documents and files you store in OneDrive, as well as metadata such as file names and version histories.
We process your personal data when you use Microsoft services on a variety of legal bases. In principle, Microsoft services are to be understood as an IT tool or operating resource, which is why the legal basis for specific data processing is always the one for which the original data processing is intended.
The legal bases for the specific processing of your personal data (e.g. participation in events) remain unaffected and can therefore be used on the basis of your consent (Article 6 (1) (a) GDPR), the performance of a contract (Article 6 (1) (b) GDPR), the legal obligation (Article 6 (1) (c) GDPR), the public interest (Article 6 (1) (e) GDPR) or the legitimate interest (Article 6 (1) (f) GDPR) or for the establishment, implementation or termination of an employment relationship (§ 26 BDSG).
The legal basis for data processing that takes place solely based on the general use of Microsoft services is Art. 6 (1) (f) GDPR. The legitimate interest lies in the management of a digitalized, modern and efficient business operations.
In addition, the processing of log files serves our legitimate interest in ensuring appropriate data security for all our users, their devices and IT operations, as well as complying with legal obligations regarding technical and organizational protective measures.
Cookies are used on Microsoft websites to make the available Microsoft applications user-friendly. Cookies are small files that are automatically created by the web browser and stored on the end device (laptop, tablet, smartphone, etc.) when you visit the corresponding Microsoft page. If necessary, every user can change the browser settings for cookies themselves. The use of personal data by Microsoft to create profiles or for advertising or similar commercial purposes is excluded. Please note that Microsoft, as a service provider, has its own data protection provisions that apply to the data processed via Microsoft services.
Further information on the processing of your data when using Microsoft cloud services can be found at: https://privacy.microsoft.com/de-de/privacystatement
We generally do not transfer your data to third parties. Data will only be transferred if it is specifically intended for transfer, if you have expressly consented to the transfer in advance or if we are obliged or authorized to do so by law.
When processing your data, Microsoft supports us as a service provider and, for the most part, as a processor bound by instructions within the meaning of Article 4(8) and Article 28 GDPR. Data processing outside the European Union (EU) or the European Economic Area (EEA) does not take place, as we have limited our storage location to data centers in the European Union. However, it cannot be guaranteed that your data will not be processed or transferred to Microsoft outside the EU or EEA, for example if you establish the connection yourself from a country outside the EU/EEA. With regard to these data transfers to third countries, we use the latest EU standard contractual clauses.
In addition, there are Application Programming Interfaces between the Microsoft services and to other HHLA business IT systems. Depending on the configuration and necessity, personal data is transmitted. The configuration of these interfaces follows the internal and legally applicable data protection regulations. In individual cases, your data may be transmitted via an interface to processors bound by our instructions (e.g. IT service providers for remote maintenance and support, hosting providers, data centers, etc.).
The data transferred may only be processed by the processor based on agreements in accordance with Article 28 GDPR. The processors are subject to confidentiality and are contractually obliged to comply with privacy regulations.
In some cases, there may be further legal obligations to transfer data, but these may only apply in specific individual cases. This also applies to cooperation with investigating authorities and the transfer of data in accordance with data protection law.
We will process your data in principle solely until the purposes for which the data was collected have been fulfilled. Thereafter, your data will be deleted, unless the processing or storage of your data is necessary for the enforcement, exercise or defense of legal claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.
All user account data and, if applicable, mailboxes, chats and data in OneDrive and SharePoint are generally deleted after the end of the provision of the service.
Stored technical logs/technical diagnostic information (e.g. log files) are generally deleted or anonymized after 90 days.
Recorded online meetings are stored depending on the purpose for which they were recorded. Participants will be informed in advance of the specific storage period for the respective recording.
While using Microsoft services, our company does not carry out any profiling or automated decision-making in accordance with Article 22 GDPR. Your data will not be used for automated individual decisions that produce legal effects concerning you or similarly significantly affect you.
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the legitimacy of the processing of your personal data after you have declared it to us. The lawfulness of the processing of your data up to the time of your revocation remains unaffected.
Insofar as we process your personal data based on the legitimate interests, you can object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. We will then examine the situation and will either adapt or discontinue the data processing or inform you of our compelling legitimate reasons for continuing the processing.
The following rights are available to you under the applicable data protection laws:
All rights, except for the right to object, can be exercised by contacting the Data Protection Officer. Please use the contact information provided below.
Contact the data protection officer:
You also have the right to contact our data protection officer at any time (datenschutz@hhla.de).
Subscribe to Newsletter