Data Privacy: General Information

The following information will give you a simple overview of what happens to your personal data whenever you establish a business contact with aircargo trucking & handling GmbH (“ath”) or visit our website.

Simply put, “personal data” means any data that can be used to identify you.

You can obtain comprehensive information from the Data Privacy Statement listed under this text.

If you have questions about data privacy, please contact us—the responsible website operator—under the contact data specified in www.ath.aero/imprint.

Please note that data transmission in the internet (such as during communication by email) can contain security flaws. Data cannot be absolutely protected from third-party access.

Which data do we collect?

You can generally use our website without telling us who you are. If you disclose personal data (such as your name, address or email addresses) to us, this will always be done voluntarily to the extent possible (to process the data you enter into the contact form, for example).

Other data will be recorded by our IT systems automatically when you visit our website. They mainly include technical data (such as your internet browser, operating system or time of site access). As soon as you enter our website, those data will be recorded automatically. Since people can be identified using such data, they are considered personal data.

Your surfing behaviour can also be statistically evaluated during your visit to our website. This mainly occurs with cookies and “analysis programs”. Your surfing behaviour is normally analysed anonymously and cannot be traced to you. You can object to such analysis, or prevent it by using certain tools. You will find detailed information to that end in the data privacy statement.

Furthermore, if you maintain business contact with us or apply for employment with us, we will store personal data such as your name and address.

What do we use these data for?

We use your contact data (such as your name, address or email addresses) to communicate with you—especially to answer your contact requests.

We use technical data to provide our online services as well as their functions and content, for security measures, to measure our coverage, and for marketing.

We also use the analysis tools for our marketing, and to design an optimal offer for you every time.

You can read the section Special information: business contacts to learn more about data protection during business contacts outside the use of this website and social networks.

If not explicitly referred to in the data privacy statement, data will be processed exclusively through ath.

Which rights do you have regarding your data?

You may obtain free information at any time about the origin, recipients and purpose of your personal data we have stored. You may also demand that those data be corrected, blocked or erased. Many data processing operations require your express consent. You may at any time withdraw a consent you have granted. An informal notification emailed to us will suffice. Withdrawing your consent will not affect the legality of data processing that has already transpired. To this end, and regarding other issues about data privacy, you can contact us at any time under the address given in the Impressum (Legal Notice). You may also complain to the competent supervisory authority. You will find a list of data protection officers and their contact data under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

You will find a thorough explanation of your rights at the end of the data privacy statement under the item Your rights as a data subject.

Security measures

The operators of these sites are serious about protecting your personal data. We treat your personal data confidentially, according to statutory data protection provisions and this data privacy statement.

Based on Art. 32 GDPR, and considering the state of technology, the implementation costs and the type, scope, circumstances and purposes of the processing, as well as the various probabilities of occurrence and severity of the risks for the rights and freedoms of natural persons, we take suitable technical and organisational measures to guarantee a level of security which is adequate for the risk.

The measures particularly include ensuring the confidentiality, integrity and availability of data by monitoring the physical access to the data systems, as well as the access, entry, forwarding, securing of the availability and separation of those data. Moreover, we have set up procedures that guarantee the observance of data subject rights, erasure of data, and reactions to a compromise of the data. We also consider the protection of personal data during the development or selection of hardware, software and procedures, according to the principle of data protection, through technical design and settings that facilitate data privacy (Art. 25 GDPR).

Data Privacy Statement

This privacy statement explains to the user the type, scope and purpose of the collection and use of personal data by the responsible provider

aircargo trucking & handling GmbH
Managing Director: Zoran Petrovic

Cargo City Süd, Geb.537F
60549 Frankfurt-Flughafen

Email: info@ath.aero
Telephone: +49 (0) 69 / 2729886-0

(“ath”).

Relevant legal bases

Pursuant to Art. 13 General Data Protection Regulation GDPR, we are informing you of the legal bases for our data processing. If the legal basis is not named in the data privacy statement, the following will apply: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR. The legal basis for processing to fulfil our services and perform contractual measures, and to answer requests, is Art. 6(1)(b) GDPR. The legal basis for processing to fulfil our statutory obligations is Art. 6 (1)(c) GDPR, and the legal basis for processing to guard our legitimate interests is Art. 6 (1)(f) GDPR. If vital interests of the data subject or another natural person necessitate the processing of personal data, the legal basis is Art. 6(1)(d) GDPR.

Regarding the definitions used, such as “processing” or “controller”, we refer to the definitions in Art. 4 GDPR.

You will find the complete text of the General Data Protection Regulation in the EU’s legislation portal under https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&qid=1535381026895. 

Collaboration with processors and third parties

If during our processing we disclose data to other persons and companies (processors or third parties), transmit those data to those parties or otherwise grant them access to those data, we will do so only on the basis of legal permission (e.g., if the data must be transmitted to third parties, such as payment service providers, for contract fulfilment under Art. 6 (1)(b) GDPR), if you have provided your consent, if we are legally obligated to such processing, or based on our legitimate interests (such as when using agents, web hosts, etc.).

If we commission third parties with processing data based on a “Contract for commissioned data processing”, we do so based on Art. 28 GDPR.

Transmission into third countries

If we process data in a third country (i.e., outside the European Union (EU) or European Economic Area (EEA)), or this occurs as part of the utilisation of third-party services or disclosure, or transmission of data to third parties, such actions will be done only to fulfil our (pre)contractual obligations, based on your consent, due to a statutory obligation or based on our legitimate interests. Subject to statutory or contractual permits, we process data or have them processed in a third country only if a special condition under Art. 44 ff. GDPR has been constituted. In other words, such processing will take place based on special guarantees, such as the officially recognised establishment of a level of data protection corresponding to that of the EU (e.g., for the USA through the “Privacy Shield”) or observance of officially recognised special contractual obligations (such as “standard contractual clauses”).

Storage period for personal data

The storage period for personal data is measured by the relevant statutory retention period (such as those under commercial or tax law pursuant to § 257 HGB (German Commercial Code) or § 147 AO (German Tax Code)). After that period expires, the data in question will be routinely erased, unless they are needed to initiate or fulfil a contract or we have a legitimate interest in continuing to store them.

Regarding your claim to erasure, we refer to the section “Your rights as a data subject”.

Session cookies

The website uses cookies. Cookies do not damage your computer and contain no viruses. Cookies make this website’s services more user-friendly, effective and safe. Cookies are small text files that are placed on your computer and stored by your browser.

Most of the cookies used by this website are “session cookies”. They are deleted automatically after your session is over. Other cookies remain on your end device until you delete them. These cookies allow us to recognise your browser during your next visit.

If personal data are also processed through individual cookies we implement, that processing will take place either to execute the contract (Art. 6 (1)(b) GDPR) or to guard our legitimate interests (Art. 6 (1)(f) GDPR) in having our website function at its best and our site visit be customer-friendly and effective.

You can set your browser to inform you about the placement of cookies and decide to accept them on a case-by-case basis, exclude their acceptance for individual cases or in general, and erase the cookies automatically when you close your browser. Deactivating cookies might restrict this website’s functionality.

You can manage many online ad cookies from companies through the American page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/uk/your-ad-choices/.

Server log files

This website’s provider automatically collects and saves information in server log files, which your browser transmits automatically. This information includes:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the referring computer
  • Time of server request

These data cannot be allocated to a certain person. Those data will not be combined with other data sources. ath reserves the right to check those data subsequently if specific indications of illicit use become known. Under Art. 6(1)(1)(f) GDPR, this serves to protect our overriding legitimate interests in a correct presentation of our offer as part of a weighing of interests.

Contact form and email

If you send ath requests by using the contact data or the linked email address, your request from the email, including the contact data you indicate, will be stored exclusively to process your request and in case follow-up questions arise. The legal basis for processing the data is our legitimate interest in addressing your concerns under Art. 6 (1) f GDPR. If you are contacting us to conclude a contract, processing will also be legally based on Art. 6 (1) b GDPR. Your data will be erased after your request has been settled. This is the case if circumstances indicate that the matter has been cleared up, insofar as erasing your data would not oppose any statutory retention requirements. The data will not be forwarded without your express consent.

Use of the live chat system TidioChat (Tidio Ltd.)

Our website uses the technologies of Tidio Ltd. 220C Blythe Road, W14 0HH, London, Great Britain (www.tidiochat.com) to collect and store anonymised data to perform web analysis and to operate the live chat system so we can answer live support requests. User profiles can be created from these anonymised data by using a pseudonym. Cookies can be used to that end. If the information so collected features a personal reference, the data are processed under Art. 6(1)(f) GDPR, based on our legitimate interest in providing effective customer support and statistically analysing user behaviour for optimisation purposes.

Without the data subject’s separately granted consent, the data collected with TidioChat technology will not be used to personally identify this website’s user or combined with personal data about the bearer of the pseudonym. To avoid having TidioChat cookies stored, you can change your browser settings so that cookies will not be placed on your computer in the future and cookies already so placed will be erased. However, deactivating all cookies can cause some functions of our internet sites to become unimplementable. You may at any time object to having your data collected and stored for the purpose of creating a pseudonymised usage profile, with effect for the future, by informally emailing your objection to the email address given below.

We had to include an external JavaScript in our site for you to use live chat. Through that JavaScript, the service provider has the option of arriving at data of your browser. If you do not wish to chat, you can install the browser plug-in Ghostery, which can block Tidio.

Data Privacy Statement: https://www.tidiochat.com/en/privacy-policy

Online presence in social media

We maintain online presences within social networks and platforms to be able to communicate with customers, interested parties and users who are active there and inform them of our services.

Please note that user data might be used outside the territory of the European Union. This can bring about risks for the user, since it might become more difficult to enforce user rights. Keep in mind that US providers who are certified under the Privacy Shield have committed to comply with the data protection standards of the EU.

Furthermore, user data will normally be processed for market research and advertising purposes. For example, usage profiles can be created from user behaviour and the user interests such behaviour reveals. Then the usage profiles can be used to place ads inside and outside the platforms which presumably correspond to those user interests. To this end, cookies will normally be placed on the user’s computer to store that user’s behaviour and interests. Furthermore, the data can be stored in the usage profiles independently of the devices the users are using (especially if those users are members of the platforms in question and are logged into those platforms).

The user’s personal data are processed on the basis of our legitimate interests in effectively informing and communicating with users under Art. 6(1)(a) GDPR. If the respective provider asks users for their consent to data processing (i.e., their agreement, such as by ticking a checkbox or clicking a button), the legal basis for the processing is Art. 6(1)(a)(7) GDPR.

For a detailed presentation of the processing in question and your options to object (opt out), please see the provider’s linked information which follows.

And if you want to request information or assert user rights, please note that these can be most effectively accomplished through the respective providers. Only the providers can access user data, take appropriate measures directly, and provide information. If you need help anyway, feel free to contact us.

ath uses the following social networks:

– Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Data Privacy Statement: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

– Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Data Privacy Statement / Opt-Out: https://privacy.xing.com/en/privacy-policy.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”).

Google Analytics uses cookies, text files that are stored on your computer and allow us to analyse how you use our website. The information the cookie generates about your use of this website is normally transmitted to a Google server in the USA and stored there.

If IP anonymisation is activated on this website, however, Google will truncate your IP address in advance within member states of the European Union or other contracting states to the EEA Agreement. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.

On behalf of this website’s operator, Google will use this information to evaluate how you use the website, compile reports about website activities, and render additional services for the website operator which are connected with the use of the website and the internet.

The IP address that is transmitted from your browser in the context of Google Analytics will not be merged with other data from Google. You can prevent cookies from being stored by adjusting your browser settings accordingly, but doing so might prevent you from using all of this website’s functions to their full extent.

You can also prevent Google from collecting and processing the information the cookie generates about your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: Browser add-on for deactivating Google Analytics

As an alternative to the browser plug-in, you can click this link to prevent Google Analytics from recording data on this website in the future. If you do, an opt-out cookie will be placed on your device. If you erase your cookies, you must click the link again.

No personal data about you will be transmitted from this website to Google Inc. (“Google”). Google Analytics is configured so that your IP address will be anonymised using _anonymizeIp(). You can look up additional information about this topic in Google’s Data Privacy Policy.

Google Maps

We incorporate the maps of the service “Google Maps” from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data might include users’ IP addresses and location data, although this will not be collected without their consent (normally given by adjusting the settings of their mobile devices). The data can be processed in the USA. Data privacy statement: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Web Fonts

This site uses “web fonts” provided by Google to ensure a unified presentation of font styles. When you call up a site, your browser will load the required web fonts into your browser cache to correctly indicate texts and font types.

To this end, the browser you use must connect to Google servers. This informs Google that our website was called up via your IP address. Google Web Fonts are used in the interest of a standardised and appealing presentation of our online services. This constitutes a legitimate interest as defined by Art. 6(1)(f) GDPR.

If your browser does not support web fonts, your computer will use a standard font.

You can find more information on Google Web Fonts under https://developers.google.com/fonts/faq and in Google’s data privacy policy: https://www.google.com/policies/privacy/.

Special information: business contacts

Contractual services

We process the data of our contract partners in accordance with Art. 6(1)(b) GDPR, to render our contractual or pre-contractual services to them. The data processed thereby—as well as their type, scope, purpose and necessity of processing—are determined in accordance with the underlying contractual relationship.

The processed data include the key data of our contract partners (such as names and addresses), contact data (such as email addresses and telephone numbers) as well as contract data (such as services utilised, contract contents, contractual communication, names of contact persons) and payment data (such as bank details and payment history).

As a general principle, we do not process special categories of personal data unless these are components of commissioned or contractual processing.

We process data that are necessary to establish and fulfil contractual services and point out that those data must be provided if this is not obvious to the contract partner. Those data will be disclosed to third parties or external companies only if this is necessary as part of a contract. While we are processing the data surrendered to us as part of an order, we act according to our employer’s instructions as well as statutory specifications.

If you take advantage of our online services, we may store your IP address and the time of your user activity. That storage will be based on our and the user’s legitimate interests in protection from misuse and other unauthorised use. As a general principle, we will not forward these data to third parties unless necessary to pursue our claims under Art. 6(1)(f) GDPR or we are legally obligated to do so under Art. 6(1)(c) GDPR.

The data will be erased when they are no longer needed to fulfil contractual or statutory duty of care, or to handle any warranties or comparable obligations, whereby the necessity of retaining the data is reviewed every three years; otherwise, statutory retention requirements will apply.

Administration, financial accounting, office organisation, contact management

We process data as part of running and organising our business, financial accounting, and obeying statutory duties such as archiving. To that end, we process the same data that we process to render our contractual services. The processing is based on Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. That processing affects customers, interested parties, business partners and website visitors. The purpose of, and our interest in, the processing lies in administration, financial bookkeeping, office organisation, and archiving of data: tasks related to maintaining our business activities, performing our assignments and rendering our services. The erasure of data regarding contractual services and contractual communication corresponds to the information named in these processing activities.

In so doing, we disclose or transmit data to the tax authorities, consultants (such as tax advisors or auditors), toll offices and payment service providers.

We also store information about suppliers, event organisers and other business partners (to make contact later, for example) based on our managerial interests. As a matter of principle, we store this mostly company-related data permanently.

Business analyses and market research

To operate our business economically, and to recognise market tendencies and the wishes of our contract partners and users, we analyse the data available to us regarding business transactions, contracts, requests, etc. In so doing, we process inventory data, communication data, contract data, payment data, usage data, and metadata based on Art. 6(1)(f) GDPR, so that data subjects include contract partners, interested parties, visitors and users of our online services.

The analyses are performed for the purposes of business assessments, marketing, and market research. To do so, we can consider the profiles of registered users with data (e.g., concerning the services they have used). Those analyses allow us to increase user-friendliness and profitability and to optimise our services. The analyses are for our purposes only, and will not be disclosed externally (except for anonymised analyses with summarized values).

If those analyses or profiles are personal, they will be erased or anonymised when the user departs, or two years after contract conclusion. Otherwise, the entire business analyses and general determinations of tendencies will be created anonymously if possible.

Hosting and sending emails

The hosting services we utilise help us provide the following services: Infrastructure and platform services, computing capacity, storage area and database services, sending emails, security services, and technical maintenance services.

To that end, we or our hosting provider will process inventory data, contact data, content data, contract data, usage data, metadata and communication data from customers, interested parties and visitors of our online services based on our legitimate interests in efficiently and securely providing our online services pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a contract on commissioned data processing).

Establishing contact

When contact with us is established (e.g., via contact form, email, telephone or social media), the user’s information will be processed to handle contact requests pursuant to Art. 6(1)(b) (as part of contractual or precontractual relationships) or Art. 6(1)(f) (other requests) GDPR. The user’s information can be stored in a Customer Relationship Management System (“CRM System”) or comparable system for organising requests.

We will delete the requests when they are no longer needed. We review their necessity every two years; otherwise, the statutory archiving obligations apply.

Data privacy notices in application procedures

We process applicant data only for the purpose and as part of the application procedure in accordance with statutory specifications. Applicant data are processed to fulfil our (pre)contractual obligations as part of the application procedure for the purposes of Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR, provided the data processing is necessary for us (as part of legal procedures, for example). In Germany, § 26 BDSG (Federal Data Protection Act) applies as well.

The application procedure assumes the applicant sends us the applicant data. The applicant data required can be found in the job descriptions. As a general principle, they include data on personal, postal and contact addresses and the documents belonging to the application, such as cover letters, CVs and letters of recommendation. Applicants can also send us additional information voluntarily.

By transmitting the application to us, the applicant is granting us their consent to process their data for the purposes of the application procedure according to the type and scope presented in this data privacy statement.

If special categories of personal data as defined by Art. 9(1) GDPR are voluntarily disclosed as part of the application procedure, they will also be processed pursuant to Art. 9(2)(b) GDPR (e.g., data on ethnic origin or health data such as a handicap). If special categories of personal data as defined by Art. 9(1) GDPR are requested of applicants as part of the application procedure, they will also be processed pursuant to Art. 9(2)(a) GDPR (e.g., health data, if they are required to exercise the profession).

Applicants can transmit their applications to us using the online form on our website, if it is available. The data will be transferred to us in state-of-the-art encrypted form.

Applicants can also email us their applications. But we must point out that emails are generally unencrypted, so applicants must have them encrypted themselves. Therefore, we cannot assume any liability for the transmission of the application between the sender and its receipt on our server, so we recommend using an online form or sending the application by post. Because applicants can always mail us their applications by post, rather than using the online form or email.

If the application is successful, we may continue processing the data the applicant provided, for the purposes of the employment relationship. Otherwise, if the application for the job offer is unsuccessful, the applicant’s data will be erased. Applicants’ data are also erased if an application is withdrawn, which applicants may do at any time.

The erasure will occur, subject to a justified withdrawal by the applicant, after the expiry of a period of six months, so we can answer any follow-up questions regarding the application and satisfy our verification obligations under the Equal Treatment Act. Invoices for any travel cost reimbursement will be archived according to tax law provisions.

Your rights as a data subject

Under Art. 15 GDPR, and to the extent described there, you may demand information about your personal data which we are processing.

Under Art. 16 GDPR, you may demand that the personal data about you which we have stored be rectified or completed without undue delay if necessary.

Under Art. 17 GDPR, you may demand that the personal data about you which we have stored be erased, if further processing is necessary

– to exercise the right to information and freedom of expression;

– to fulfil a legal obligation;

– for reasons of the public interest or

– to assert, exercise or defend against legal claims

Under Art. 18 GDPR, you may demand that the processing of your personal data be restricted, if

– you dispute the correctness of that data;

– the processing is unlawful, but you waive your right to erasure;

– we no longer need the data, but you need them to assert, exercise or defend against legal claims or

– you have filed an objection against the processing under Art. 21 GDPR;

Under Art. 20 GDPR, you may receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or demand that the data be transmitted to another controller.

Under. Art. 77 GDPR, you may lodge a complaint with the supervisory authority. As a rule, you can do so by contacting the supervisory authority where you normally live or work, or by contacting our company headquarters.

Right to object

If we are processing your personal data to protect our overriding legitimate interests as part of a weighing of interests as explained above, you may object to such processing with effect for the future. If processing is done for the purposes of direct marketing, you may exercise this right at any time as described above. If processing is done for other purposes, you may object only for grounds which arise from your particular situation.

After you exercise your right to object, we will cease processing the personal data concerning you for these purposes unless we can verify compulsory legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is done to assert, exercise or defend against legal claims.

This does not apply if the processing is done for the purposes of direct marketing. If this is the case, your personal data will no longer be processed for that purpose.