Privacy Policy seabo

Last updated: July 2024

WHO ARE WE?

We are Next Logistics Ventures GmbH (“Next Logistics Ventures”, "NLV" or “we”, a limited liability company incorporated under the laws of Germany. The company is registered with the German Chamber of Commerce under registration number HRB 164725. The company’s registered office is at Zirkusweg 2, 20359 Hamburg, Germany). We respect your privacy. This Online Privacy Notice (the “Notice”) applies to personal data we collect on www.seabo.com. The Notice describes the types of personal data we obtain, how we use the personal data, and with whom we share it. We also describe your rights as data subject and how You can contact us about our privacy practices. Our contact details can be found at the end of this notice.

WHAT IS THIS TEXT ABOUT?

This is a Privacy Policy. In this document, we explain what kind of personal data we collect when You use the services that we offer via our Platform seabo on www.seabo.com. We also explain how we store, protect, and use your personal data and for which purposes.

We process personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG). This privacy policy contains information how we process personal data in the case You

  • visit our website as a User

  • use the seabo Platform as a registered Customer.

WHAT IS PERSONAL DATA?

In this Privacy Policy, "personal data" means: any information which are related to an identified or identifiable natural person.

ARE YOU YOUNGER THAN EIGHTEEN YEARS?

If You are younger than eighteen years, You may not use our website or services offered via the Platform www.seabo.com (the “Platform”).

WE ACT AS DATA PROCESSOR AND DATA CONTROLLER

We collect and process most personal data on behalf of the Customers of our Platform (“Customers”). Our Customers determine the purpose and means of this processing of personal data, which means they act as Data Controller within the meaning of the relevant legislation. We process this data strictly in accordance with the instructions of our Customers and we don’t process this data for our own purposes. In this respect, we act as “Data Processor” within the meaning of the relevant legislation.

Apart from the processing of personal data on behalf of our Customers, we do collect and process some personal data for our own purposes. This includes e.g. the limited processing of IP addresses of website Users, and name, email addresses and phone numbers of employees of Customers that are required in the registration process or for managing the business account. In this respect, we act as “Data Controller” ourselves within the meaning of the relevant legislation.

WHICH PERSONAL DATA DO WE PROCESS?

We may collect personal data that You provide to us as user of the website or as Customer of the seabo Platform, including, but not limited to, your first and last name, physical address, email address, or telephone number, such as when You:

  • Fill out a form on the website;

  • Sign-up to receive direct marketing communications from us;

  • Register as Customer of the Platform and provide your personal data in connection with that registration and subscription;

  • Register for an event that we organise; or

  • Otherwise communicate with us (for example by sending us an email).

For more information on what data is collected from users without a registration to the seabo Platform, see the "INFORMATION THAT WE COLLECT AUTOMATICALLY" section.

INFORMATION WE OBTAIN
INFORMATION THAT YOU PROVIDE TO US

Personal data that You provide directly to us will be apparent from the context in which You provide it, for example:

  • If You fill out a form on our website (e.g. a contact form), You will generally provide your name, contact details and any other information requested by the form, such as the reason for your enquiry or your product preferences.

  • If You actively sign up to receive electronic marketing communications from us, You will generally provide your name, email address and other contact information, and your product preference. For further details, please look at the “Newsletter” section below.

  • If You sign up to the seabo Platform, You will generally provide your name and contact information and any other information necessary to access the Platform. We may also process non-personal data whenever You interact with our website. This data may include Your browser name, the type of your computer and technical information about your means to connect to our website (such as the operating system and the utilized internet service providers).

  • To provide the services on our seabo Platform, we also ask for (parts of) the following data which may include personal data:

    • Information about Customer vessels, e.g. name, type, next open port and open dates.

    • Information about Customer cargo, e.g. type, size, duration, commodity and loading and discharge port.

  • If You are a Customer of the Platform and use our “Market” tool, and by actively connecting your email box to “Market”, the Customer emails and all the contained information will also be processed by us, subject to a separate Data Processing Agreement, for the purposes of providing the “Market” service.

If You are a registered Customer to the Platform, we also process the respective company information, that You provide to us.

Each form on our website or Platform varies in terms of the information required and collected. In most cases an asterisk (*) indicates the required information on a form. You may choose to provide additional information in fields that are not required.

INFORMATION WE COLLECT AUTOMATICALLY

Our web servers may log information such as your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone in which your device is located. The web server logs may also record information such as the address of the website that referred you to our pages and the IP address of the device You use to connect to the Internet. IP addresses are only stored in abbreviated, anonymised form.

If You are not a registered Customer, but only a user of the public website, we otherwise only process your personal data if You actively provide such data to us for a specific purpose, e.g. if You fill out the contact form and explicitly ask us to contact You.

HOW DO WE USE THE PERSONAL DATA

We use your personal data as Data Controller for the purposes described below:

  • To verify the information You provided to us to access your business account. The processing is based on Art. 6 I f) GDPR (legitimate interest);

  • To contact You and to execute our agreement. The processing is based on Art. 6 I a) GDPR (consent);

  • For marketing purposes (for further details please read the “Marketing” section below). The processing is based on Art. 6 I a) GDPR (consent);

  • To improve communication between different parties in the chartering industry. The processing is based on Art. 6 I a) GDPR (consent);

As Data Processor, we process the personal data on behalf of our registered Customers solely to provide our services on the Platform to them in accordance with Art. 28 GDPR and on the basis of a separate Data Processing Agreement (DPA).

MARKETING

Use of Personal Data for Marketing only with Consent

No personal data about You will be processed for marketing purposes simply by using this website. We process your data that You provide to us yourself (for example, to submit a registration request to us) for marketing purposes only on the basis of your express consent to these purposes pursuant to Art. 6 I a) GDPR. Proper data processing agreements have been concluded with service providers whom we engage for the purpose of supplying marketing (e.g. newsletters) and who process data on our behalf strictly in accordance with instructions.

Reference to the right of objection

You may object to the use of your personal data for the aforementioned marketing purposes at any time, free of charge and with effect for the future, by using the contact details in this Privacy Policy or write to privacy@seabo.com
If You object, your data will be blocked without undue delay for further data processing for marketing purposes. We would like to point out that in exceptional cases, marketing material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.

RIGHT TO OBJECT

Insofar as we base the processing of your personal data on our legitimate interest, you have the right to object. You can send or communicate your objection to us at any time via: privacy@seabo.com

HOW LONG WILL WE KEEP THE PERSONAL DATA?

The personal data for which we are the Data Controller will be deleted if they are no longer necessary for the fulfilment of the purposes mentioned above or are inaccurate. The rules for data erasure of personal data collected by us as Data Processor are laid down in the DPA between us and the Customer.

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We do not sell or otherwise disclose personal data that You provide to us or that we collect except as described here. We may share personal data You provide to us or that we collect with:

  • Service providers that perform services on our behalf as data processors in accordance with Art. 28 GDPR.

  • We may share personal data with our affiliates if You have explicitly requested information about our affiliates products and services. We may share personal data with service providers that perform services on our behalf such as payment service providers, analytics providers, hosting providers and advisers. All service providers have entered into legally binding data processing agreements in accordance with Art. 28 GDPR requiring them to use or disclose personal data only as necessary to perform services on our behalf or comply with applicable legal requirements.

In addition, we may disclose personal data about You (a) if we are required or permitted to do so by law or legal process, for example due to a court order or a request from a law enforcement agency, (b) in connection with an investigation of an authority of suspected or actual fraudulent or other illegal activity, and (c) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation), and if statutory law does not mandatorily require your consent.

Furthermore, it is possible that we use “Sub Data Processors” for example for the storage of the data and the hosting of the website, based on a data processing agreement. These Sub Data Processors must strictly follow our instructions. Therefore, they will not use personal data for their own purposes. In addition to such storage and hosting providers, we use certain tools to provide our services to our clients. We make sure all of our Sub Data Processors comply with the relevant privacy legislation.

The Sub Data Processors we use are currently:

  • Stripe

  • Amazon Web Services

  • Digital Ocean

  • Sentry

  • PIWIK

  • HubSpot

  • Mapbox

  • Datadog

  • LaunchDarkly

For details of the Sub Data Processors, please see the detailed description below. Sub Data Processors may change over time. Please follow the latest updates of this Privacy Policy, so that You are up-to-date with the list of our Sub Data Processors.

STRIPE

We use Stripe (Stripe Payments Europe, Limited (“SPEL”); Stripe Technology Europe, Limited (“Stripe PSP”)), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, for payment, analytics, and other business services. Stripe collects and processes personal data, including identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection and prevention.

Stripe provides financial infrastructure for the internet. Users use Stripe’s services to make their purchases and businesses of all sizes use our technology and services to receive payments, transmit payments and manage their business online.

To provide those services Stripe collects the following data:

  • Name

  • Mail Address

  • Credit Card Data

  • Company Name and Address

  • Payment data

  • VAT Number

The processing of personal data is necessary for contracting with our users and for the implementation of pre-contractual measures. The legal basis for the processing of personal data described here is therefore pursuant to Art. 6 I lit. b) GDPR.

Being a global business, personal data may be transferred to, and processed, in any country where Stripe does business, where their service providers do business or if You use an international payment method or financial partner service, the countries in which that payment method or financial partner operates. This may include countries outside of the EU or the European Economic Area. If you are located in the European Economic Area (“EEA”), the United Kingdom ("UK"), or Switzerland, please refer to Stripe‘s Privacy Centerfor additional details. When a data transfer mechanism is mandated by applicable law, Stripe employs one or more of the following:

  • Transfers to certain countries or recipients that are recognized as having an adequate level of protection for Personal Data under applicable law.

  • EU Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the Information Commissioner’s Office. You can obtain a copy of the relevant Standard Contractual Clauses.

  • Other lawful methods available to us under applicable law.

Stripe, Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce and as applicable.

We have concluded a DPA with Stripe that you can find here: https://stripe.com/legal/dpa If You would like to find out more about how Stripe processes personal data: https://stripe.com/en-de/legal/privacy-center

Stripe does not process data from website visitors, but only from registered Customers of our seabo Platform.

AMAZON SIMPLE EMAIL SERVICE (SES)

As an Email service provider, we use the services of Amazon Web Services (AWS), or Amazon Simple Email Services (SES). SES is provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg.

To provide this service Emails we receive from our users are permanently stored in Amazon S3. This Amazon S3 is located in the EU west area. All the information You provide to us via email is stored and processed, in addition to data such as Names and Email addresses. The AWS GDPR DPA is incorporated into the AWS Service Terms and applies automatically to all Customers globally who require it to comply with the GDPR whenever Customers use AWS services to process personal data, regardless of which data protection laws apply to that processing. You can find the DPA here: https://d1.awsstatic.com/legal/aws-dpa/aws-dpa.pdf

Your data may be stored and processed outside of the EU/EEA. However, AWS continues to abide by the assurances they gave when they certified compliance with the provisions of the EU-US Privacy Shield. In addition, the AWS Service Terms incorporate the European Commission's Standard Contractual Clauses (SCC’s) as mentioned above for transfers to a third country.

The legal basis for the processing of personal data described here is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to offer You the possibility to contact us at any time and to be able to answer your enquiries. Also, the process is necessary for the performance of the contract we have concluded with You, Art. 6 para. 1 lit b) GDPR.

For more information on AWS and data privacy, please visit:
https://aws.amazon.com/de/compliance/data-privacy-faq/
https://aws.amazon.com/privacy/?nc1=h_ls

This tool does not process data from website visitors, but only from registered users of our seabo Platform.

DIGITALOCEAN

We host our website with DigitalOcean LLC, 101 Avenue of the Americas 10th Floor New York, NY 10013 United States.

When You visit our website, your personal data is processed on the servers of DigitalOcean.
The data that may be processed can include:

  • Application data in MySQL database including users, companies, fixtures,

  • Customer data collected by us as described in this policy and that is stored on DigitalOcean.

  • IP addresses, browser type, internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, and referring URL.

In the process, personal data may also be transmitted to the USA. With respect to personal data of Data Subjects located in the EEA, Switzerland, or the United Kingdom that Customer transfers to DigitalOcean or permits DigitalOcean to access, Digital Ocean provides a Data Privacy Agreement on their website to ensure that personal data is only processed in accordance with the GDPR. You can find the DPA here: https://www.digitalocean.com/legal/data-processing-agreement

This DPA also executes the Standard Contractual Clauses, which will be incorporated by reference and form an integral part of this DPA. In case data is transferred to a third country, DigitalOcean assures to comply with all data protection regulations. Digital Ocean is also certified under the EU-US Data Privacy Framework.

You’ll find more information on how DigitalOcean processes data here:
https://www.digitalocean.com/legal/privacy-policy

PIWIK

We use Piwik PRO Analytics Suite of Piwik PRO GmbH, Knesebeckstraße 62/63, 10719 Berlin as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.

We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyse visitor behaviour, show personalized content and run online campaigns.

We host our solution on Microsoft Azure in Germany and the data is stored for 14/25 months.

The purpose of data processing: analytics and conversion tracking based on consent.
The legal basis of processing is: Art. 6 (1)(a) GDPR.

Piwik PRO does not send the data about You to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.

SENTRY

On our website we also use Sentry, an error analysis tool provided by Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, to improve the performance of our services and to ensure You have the best user experience.

The data processed by Sentry when You use our website as a registered user are

  • Mail address,

  • User-ID,

  • IP address,

  • Session logs,

  • Browser Type and Version

  • Device Type (e.g. Brand…)

  • Operating System/Version

  • The URL called up and all the parameters passed.

Furthermore, Sentry provides a data privacy agreement on their website for the use of Sentry (Art. 28 GDPR). Sentry processes the data on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage. Sentry may transfer this information to third parties where required to do so by law, or where such third parties process the information on Sentry’s behalf. This DPA also includes the conclusion of the Standard Contractual Clauses by the European Commission in case data is transferred in a country outside of the EU/EAA. The aforementioned DPA is found here: https://sentry.io/legal/dpa/

Sentry also uses Google, Twilio (SendGrid), and Amazon Web Services to subprocess Customer data.

For more information on how Sentry processes data, please visit:
https://sentry.io/terms/
https://sentry.io/trust/

This tool does not process data from website Users as well as from registered Customers of our seabo Platform.

HUBSPOT

To register contacts on the website, send newsletters and manage our sales pipeline we use a tool called HubSpot (HubSpot Inc. 25 First Street, Cambridge, MA 02141 USA).

The data processed by HubSpot are:

  • Name

  • Email Address

  • Company name

  • IP-address

  • Usage Data

  • (in case the user agrees) phone number, country of residency, and gender.

HubSpot provides a data privacy agreement on their website that takes effect automatically when a contract is concluded with HubSpot. You can find the DPA here: https://legal.hubspot.com/dpa and more information on how HubSpot processes data here: https://legal.hubspot.com/privacy-policy

MAPBOX

We utilize services provided by Mapbox, Inc., 740 15th Street NW, 5th Floor, Washington, DC 20005, USA, to enhance the functionality of our services and to ensure You receive the best user experience. Mapbox allows us to create custom maps and display routes for various purposes, including but not limited to, location-based services, navigation, and geospatial analysis.

When You interact with the maps provided by Mapbox, the data procced includes, but is not limited to:

  • IP address

  • Device information (such as device type and model, screen size, operating system)

  • Browser type and version

  • Requested URLs including map tiles and routing information

  • Location data (only with your explicit consent)

  • Interaction data with the maps (such as zoom level and map position)

Mapbox processes this data to provide the mapping services, to improve the functionality of their services, and to ensure a seamless user experience. The data may also be used for security purposes and to prevent and detect fraud.

Mapbox commits to data protection through their privacy policy, available at https://www.mapbox.com/legal/privacy. For the processing of data that falls under the General Data Protection Regulation (GDPR), Mapbox provides a Data Processing Agreement (DPA) which can be found here, that includes the Standard Contractual Clauses adopted by the European Commission to ensure an adequate level of data protection for data transferred outside of the European Economic Area (EEA). Mapbox is also certified under the US-EU-Data Privacy Framework.

Mapbox may transfer this information to third parties where required by law, or where such third parties process the information on Mapbox's behalf. We have ensured that Mapbox maintains a high standard of data protection, including the execution of the Standard Contractual Clauses for the transfer of data outside of the EU/EEA.

This tool does not process data from website visitors, but only from registered Customers of the seabo Platform. By using our Platform, You consent to the processing of data about You by Mapbox in the manner and for the purposes set out above.

DATA TRANSFERS OUTSIDE THE EU / EEA

We may transfer the personal data outside the EU and European Economic Area (EEA), if our Users or Customers ask us to do so or if one of our (Sub) Data Processors is located outside the EU/EEA. In case we transfer data outside the EU/EEA, the Data will only be transferred to countries who provide an adequate level of protection that meets is listed as third country whose level of protection is approved by the European Commission.1 The transfer of data outside the EU will always comply with the relevant legislation (such as Article 5 of the GDPR).
The European Commission has made a list of third countries whose level of protection is upon additional conclusion of the Standard Contractual Clauses (SCC’s) of the EU Comission. Therefore, in the case of data transfers to countries without an adequacy decision by the European Commission, we ensure that standard contractual clauses are concluded. In addition, we are ensuring an appropriate level of technical and organisational measures within the framework of the legal requirements by carrying out transfer impact assessments.

Since the adoption of the new adequacy decision in July of 2023, personal data transfers to the US are also possible for certain certified US companies without additional measures. For US companies without a respective certification under the EU/US Data Privacy Framework, we maintain the conclusion of the standard contractual clauses and additional measures.

Generic aggregated (non-personal) data

We may convert personal data into non-personal data and aggregate it with information collected from other Users and Customers. In such cases the data will be fully and irreversibly anonymized: they will no longer contain personal data. We use this data to improve the Website and Platform. We also may share such generic aggregated data with our business partners for industry analysis, demographic profiling, improvement of our services and other purposes

PROTECTION OF YOUR PERSONAL DATA

We work hard to protect your personal data from unauthorised or unlawful access, alteration, disclosure, use or destruction. We take the following security measures regarding your personal data:

  • We secure our network connection with Secure Socket Layer (SSL) technology;

  • We restrict access to the data to employees who have been designated as administrator;

  • Our cloud services data is encrypted using Transport Later Security (TLS), our implementation uses strong ciphers and key-lengths by default.

  • We perform internal and external application security testing.

COOKIES

We may use the following types of cookies on our website:

Functional cookies: These are cookies that are essential for the operation of our website. They enable You to move around our website and use our features.
The legal basis for the processing of personal data by the use of functional cookies is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is to be able to offer You a comfortable use of our website.

Analytical: We use these cookies to track visitor statistics. We use these statistics to continuously improve the website, and thus offer You relevant content. These cookies also allow us to recognize and count the number of visitors and to see how visitors navigate when they’re using our website. This helps us to improve user navigation and to ensure users can find what they need more easily.
The legal basis for the processing of personal data described here in the context of the analysis is your express consent pursuant to Art. 6 (1) a) GDPR.

HubSpot Analytics Cookie

We also use the option of setting a tracking cookie via HubSpot to better understand your use of our website and Platform. Only on the basis of your explicit consent in accordance with Art. 6 para. 1 a GDPR will personal data such as

  • URL,

  • referrer URL,

  • device properties,

  • browser properties and

  • IP address.

be collected.

For more information on HubSpot see above.

LinkedIn Insight Tag

We use the LinkedIn Insight Tag on our website. Only with your explicit consent pursuant to Art. 6 (1)
a) GDPR, the LinkedIn Insight Tag places a cookie in the user's browser. LinkedIn uses this to collect data such as

  • URL,

  • referrer URL,

  • device properties,

  • browser properties and

  • IP Address.

Processed IP Addresses are shortened and/or hashed. LinkedIn pseudonymizes the data within 7 days. It deletes the data again within 180 days. Site operators who use the LinkedIn Insight Tag do not receive any personal data. We only receive summarized reports on the demographics of their target group and the performance of their ads. We as website operators receive information on criteria such as

  • Industry,

  • job title,

  • company size,

  • career level and

  • location

  • of the website visitor.

LinkedIn may process your data in the USA. However, LinkedIn is certified under the EU-US Privacy Framework.

You can change your cookie settings in your browser, if You don’t want cookies to be sent to your device. Please note that some features or services of our website may not function properly without cookies.

Google Services

We integrate the services listed below from the provider Google and its subsidiaries on our website. In the course of using these services, information (including personal data, particularly your IP address and location data) may be processed by these companies. It cannot be ruled out that information may also be transmitted to a server in a third country.

The legal basis for the processing of personal data described here is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest required for this lies in the advantage of not having to provide large amounts of data on our servers ourselves. This allows us to use them more efficiently elsewhere in favor of performance and thus ensure higher stability for you. Additionally, you give your consent via the consent management tool accordingly, Art. 6 para. 1 lit. a) GDPR. You can send or communicate your right to object to us at any time, see section 4 of this privacy policy.

You are also not obliged to provide personal data. However, failure to provide such data may result in you not being able to use the corresponding services on our website, or not being able to use them fully. For more information, please refer to Google's privacy notices, which you can access here: www.google.com/policies/privacy/, Opt-out option: https://tools.google.com/dlpage/gaoptout, Settings for the display of advertisements: https://adssettings.google.com/authenticated.

Google Ads

The website uses Google Ads Remarketing as a remarketing service from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, Data Protection Officer: https://support.google.com/policies/troubleshooter/7575787?hl=en

Data processing purposes are remarketing. Data collected by or through the use of this service includes visit duration, IP address, visited pages, content the user is interested in, and website usage. The processing is carried out on the legal basis of Art. 6 para. 1s.  1 lit. a GDPR and §25 para. 1 s. 1 TTDSG. Data processing takes place in the European Union. The data will be deleted as soon as they are no longer needed for processing purposes. This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area to a country that does not provide an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal remedies. Below is a list of countries to which the data will be transferred: United States of America, Singapore, Taiwan, Chile. Data recipients are Google Ireland Limited, Google LLC, Alphabet Inc. The foregoing is covered by your consent accordingly.

You can find more information at:

https://policies.google.com/privacy?hl=de

https://policies.google.com/technologies/cookies?hl=de

https://safety.google/privacy/privacy-controls/

MODIFICATIONS TO THIS ONLINE PRIVACY POLICY

We may update our Privacy Policy from time to time. When we change this Privacy Policy in a significant way, we will post a notification on our website along with the updated Privacy Policy. We will ask You to accept our new privacy policy before You can continue to use our website, to make sure we still have your consent to process your data.

YOUR RIGHTS AND WHO TO CONTACT

If your personal data are processed based on legitimate interests pursuant to GDPR sec. 6 para. 1 sentence 1 lit. f, You have the following rights:

a. Right to information
Upon request, we will confirm whether personal data concerning You is being processed. If this is the case, You have the right to be informed about the following information

  • the purpose(s) of the data processing,

  • the categories of data processed, and

  • if applicable, the recipients or categories of recipients to whom data is disclosed on the basis of legal obligations or contractual relationships; in particular in the case of recipients in third countries,

  • the planned storage period, or if this is not possible, the criteria for determining the duration,

  • the existence of a right to rectification or erasure of the personal data concerning them, or to restriction of processing by us, or a right to object to such processing,

  • the existence of a right of appeal to the supervisory authority,

  • in the event that the personal data are not collected from the data subject: Any available information about the origin of the data,

  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the scope and intended effects of such processing for the data subject,

  • in case of transfer to a third country or to an international organization, about the appropriate safeguards in connection with the transfer.

In this context, you will receive a copy of the data collected and processed from You upon request. This will generally be done free of charge.

b. Right to rectification
You have the right to request the immediate rectification of your relevant, incorrect personal data. You have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - also by means of a supplementary declaration.

c. Right to erasure (so-called right to be forgotten).
Upon request or after fulfilment or termination of the contract with us, your personal data will be deleted immediately if this does not conflict with tax or commercial law storage or documentation obligations or if the safeguarding of the legitimate interests of the responsible party is at risk.

In this context, a claim for deletion exists under the following conditions:

  • The personal data was collected or otherwise processed for such purposes for which it is no longer necessary.

  • You revoke your consent on which the processing was based pursuant to Art. 6 (1), p. 1 a) GDPR or Art. 9 (2) a) GDPR and there is no other legal basis for the processing.

  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or an objection to the processing has been lodged pursuant to Art. 21 (2) GDPR.

  • The personal data have been processed unlawfully.

  • Erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

  • The personal data have been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR (consent was given by a child).

d. Right to restriction of processing (blocking).
Under the following conditions, You have the right to request the restriction of processing, i.e. the blocking of your personal data for processing:

  • the accuracy of the personal data is disputed by You, for a period of time that allows us to verify the accuracy of the personal data.

  • the processing is unlawful, You object to the erasure of the personal data and request instead the restriction of the use of the personal data.

  • The controller no longer needs the personal data for the purposes of the processing, but You need it for the assertion, exercise or defence of legal claims. The user has objected to the processing pursuant to Article 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh those of the user.

e. Right to data portability (data portability).
Upon request, your data can be made available in a structured, common and machine-readable format for You and a service provider working in the connection, subject to a charge, in order to enable rapid transfer. This applies in any case insofar as the processing is based on consent pursuant to Art. 6 para. 1; p. 1 a) GDPR or Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1, p. 1 b) GDPR and the processing is carried out with the aid of automated processes.

f. Right of objection
You also have the right to object to the processing of your personal data, in particular if the legal basis for processing is legitimate interest, Article 6 I f) GDPR. If the processing is carried out for the purpose of direct advertising (e.g. newsletter), this right exists at any time.
Otherwise, the right may also exist for reasons arising from your particular situation to object at any time to the processing of personal data concerning You. This applies only insofar as the processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR (exercise of public interests or protection of legitimate interests by the controller).

g. Right of complaint to the supervisory authority
If You are of the opinion that there has been a breach of data protection regulations, You have the right to lodge a complaint with the competent supervisory authority.

If You would like to make use of your right of revocation or objection, simply send an e-mail to privacy@seabo.com

If You have any questions, comments or concerns about how we handle personal data, please contact us at privacy@seabo.com. We will respond to such a request within 30 days of receipt by us. You can also contact us in writing at: Next Logistics Ventures GmbH, Zirkusweg 2, 20359 Hamburg, Germany