Privacy Notice

Table of Contents

Gerlach Zolldienste GmbH (hereinafter also referred to as “Gerlach”, “we”), a DHL Group company, is pleased that you have visited our website and are interested in our company and services. It is important to us to protect your personal data during handling throughout our processes. In the following we explain what information Gerlach collects when you use our website www.gerlach-customs.com (“website”) and/or¬† Gerlach customs clearance¬† and services.


I. General

  1. Contact details of controllers

This Privacy Notice applies for the data processing carried out by:

Gerlach Zolldienste GmbH
Keniastraße 12
D-47269 Duisburg

Phone +49 (0)203 348 599-100
Fax. +49 (0)203 348599-11
[email protected]

Data protection officer of the controller; contact details:

Deutsche Post AG
Group data protection
53250 Bonn

Gerlach customs clearance services are offered in several countries. Depending on the country you select via the contact form on our website, your data will be processed by the following controllers:


Controller legal entities


If you have any questions about data protection in relation to our website or the services offered, please contact: [email protected].


  1. Personal data

Personal data are all information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


  1. Rights of the data subjects

You have the following rights:

a) You can request information about your personal data that is processed by the respective controllers.

b) You can request that we correct, delete, or block your personal data, provided that these actions are permitted by law and comply with the existing contractual conditions.

c) You can request to receive your data in a structured, commonly used and machine-readable format.

f) You have the right to object if the processing of your data is based on a legitimate interest.

g) If you have consented to certain processing, you can revoke this consent at any time with effect for the future.

h) If you consider that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with the competent supervisory authority.


The competent supervisory authority for Gerlach is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestr. 2-4

40213 D√ľsseldorf

If you would like to assert your rights as a data subject, please use the above contact address under I. 1.


  1. Retention period

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, data may be stored due to statutory or contractual retention periods. Data will also be blocked or erased if a statutory retention period expires unless further storage of the data is required for contractual reasons. Further information on retention periods in connection with certain products and services can be found in the sections below.


  1. Categories of recipients

Gerlach customs clearance services are offered in several countries. Depending on the country selected, your data will be processed by the controllers listed under I. 1. We do not sell, transfer, or disclose your data to third parties and will not do so in the future, unless this is required by law, necessary for the execution of the contract or you have consented to such a transfer. External service providers who process data on our behalf (e.g., IT services) offer sufficient guarantees that suitable technical and organizational measures have been taken to ensure that processing is carried out in accordance with the requirements of the EU General Data Protection Regulation (GDPR). They are contractually obliged to maintain strict confidentiality in accordance with Art 28 GDPR. In these cases, we remain responsible for the protection of your personal data. External service providers only process personal data on the documented instructions of the respective controller.


  1. Transfer to third countries

If a third country transfer of your personal data takes place, this is done based on the DHL Group Data Privacy Policy (Binding Corporate Rules), the EU standard contractual clauses or an exemption under the GDPR.


  1. DHL Group Data Protection Policy

The DHL Group Data Privacy Policy governs the data processing standards applicable throughout the Group with a particular focus on the transfer of data to third countries, i.e. the transfer of personal data to countries outside the EU that do not have an adequate level of data protection. If you would like to learn more about the DHL Group Privacy Policy, please click here. 


  1. Data security

We take all necessary technical and organizational security measures to protect your personal data from misuse or loss. For example, your data is stored in a secure operating environment that is not accessible to the public. In certain cases, your personal data is encrypted during transmission using Secure Socket Layer (SSL) technology. This means that a recognized encryption method is used for communication between your computer and our servers, provided your browser supports SSL.

If you want to communicate with us by e-mail, please note that the confidentiality of the information transmitted is not guaranteed. Third parties can view the content of e-mail messages. We therefore recommend sending confidential information addressed to these persons by post.


  1. Changes to the Privacy Notice

The content of this Privacy Notice is reviewed regularly. The  controllers reserve the right to change the Privacy Notice at any time with or without prior notice. Please ensure that you regularly check for changes.

This Privacy Notice was last updated: 22.05.2024


II. Purposes of processing

  1. Visiting our website

When you visit this website, data that may allow identification is temporarily stored on the web servers for security reasons. The following data is collected:

  • Host name of the accessing computer
  • IP address
  • Website from which you accessed this website
  • A list of the pages you have visited on our website
  • The date and duration of your visit, notification of whether the visit was successful
  • The volume of data transferred
  • Information about the identification data of the browser type and operating system you are using


Temporary storage of this data is necessary during your visit to the website to enable the website to be delivered to you. Further storage in logfiles takes place to ensure the functionality of the website and the security of our IT systems. Due to the described purposes we have a legitimate interest to process this data pursuant to Art 6 (1) (f) GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the provision of the website, this is the case when the session has ended. The log files (access logs) are kept for the direct and exclusive access of the administrators for a period of 24 hours. After that, they are only available indirectly via the restoration of backup tapes and are permanently deleted after 90 days.

Additional personal data such as your name, address, telephone number or e-mail address will not be processed unless you provide this information voluntarily, e.g. when filling out an online contact form, as part of a registration, performance of a contract  or as part of an inquiry.


  1. Contact

If you contact us via the contact form on our website to request advice about Gerlach customs clearance services, your name, e-mail address and telephone number will be processed. You can also enter further information in a free text field. This data is processed exclusively for the purpose of responding to the request, getting in contact and the associated technical administration. It is our legitimate interest  to properly process your request as quickly as possible. The legal basis for the processing of this data is Art 6 (1) (f) GDPR. If we get in contact to initiate or conclude a contract, the legal basis is Art 6(1)(b) GDPR.

If you use the contact form to register a shipment for export via Gerlach’s digital customs platform, the following explanations (under¬† 3.) apply.


  1. Registration on our digital customs platform

a) Customer account

To use the services on our digital customs platform in the countries in which the platform is offered, you must register for a  a customer account on our website. The customer account is necessary to provide you with the functions and tools of the platform and to enable you to receive contractual offers. This is done either via the contact form on our website or by contacting a Gerlach contact person directly. You will then receive a link to the digital customs platform (https://app.gerlach-customs.com/registration/).

When registering on the platform, you must provide the following personal data in particular:

– Full name

– Telephone number

– E-mail address

– Password

– Country

– Sales tax ID


After you have entered your data, you will receive an e-mail from us. To complete your registration, you must accept the confirmation link. As part of the registration and confirmation process, your IP address and the time of registration or confirmation will also be saved in order to verify your registration.

You also have the option of managing your account after registration.

The legal basis for the processing of personal data is Art 6 (1) (b) GDPR. Your registration data will be stored until you decide to delete your account, unless a longer retention period is required by law.


b) Data processing for the fulfillment of the contract

As part of the customs clearance services provided, personal data is processed based on the contracts concluded with you. This data is used, among other things, to submit customs declarations, process payments and, if necessary, carry out credit checks. Certain shipping data is transmitted to the authorities of the country of transit or destination – depending on the relevant legal provisions – for the purposes of customs clearance and taxation or for security checks. This data usually includes your personal contact details and those of the recipient (e.g., name, address of the sender and recipient, e-mail address, telephone number, shipping information, delivery documents such as the signature processed.


You can choose between two payment options: Invoice or credit card. If you select credit card as the means of payment, please also refer to section 2d.

As a rule, the legal basis is Art 6 (1) (b) GDPR, as the processing is carried out to fulfill a contract in which you are (indirectly) involved and to prove the proper provision of the service. In addition, data processing is carried out to fulfill legal obligations in accordance with Art 6 (1)  (c) GDPR in connection with the fulfillment of the contract.


c) Data processing for security purposes

Gerlach must comply with all applicable laws and regulations on customs, export controls and sanctions and other relevant areas of law (“foreign trade and customs law”) when providing customs clearance services and services. Gerlach is therefore obliged to take measures to prevent customers, consignees, consignors or other parties commissioned by the customer (hereinafter referred to as “person”) from using Gerlach services if a person is listed as a listed person in accordance with the applicable provisions.

Gerlach conducts regular checks of names, contact details and other information provided against sanctions lists. In the event of a possible match, Gerlach will temporarily suspend the service until further validation has been carried out and reserves the right to contact such individuals directly for identity verification. If this activity involves the processing of personal data, this is done on the basis of the applicable laws in conjunction with Art 6  (1) (c) GDPR and the legitimate interest of Gerlach pursuant to Art 6 (1) (f) GDPR to minimize risks, to avoid violations of export laws and to maintain our customs status as an Authorized Economic Operator (AEO).



d) Payment Services

Depending on the payment method you choose, we use third-party payment services. In this case your data will also be processed in a so-called third country, i.e. data is transferred to a country outside the European Union (EU) / European Economic Area (EEA) or accessed from there. This data transfer is necessary for the fulfillment of the respective transport contract (e.g. customs clearance).


Please note the data protection information of the payment service provider. Further information can be found here:




  1. Jobs and careers at Gerlach

On our website you have the opportunity to search for vacancies at Gerlach. We link to the careers page of dhl.com.


a) Who is responsible for this career site?

Responsible for this website is:

Deutsche Post AG
Charles-de-Gaulle Str. 20
53113 Bonn

If you have any questions regarding the processing of your personal data on this careers site, you can contact Deutsche Post AG’s Data Protection Officer, either by post to the address provided or by e-mail to [email protected].


b) Career page for Gerlach in the Czech Republic

As part of the application process in the Czech Republic, you have the opportunity to provide the following personal data when applying for selected positions via an online form: Name, e-mail address, telephone number and your curriculum vitae.

GERLACH spol. s r.o., ID: 18626165, with its registered office at K Vypichu 1086, Rudn√° u Prahy, processes the above-mentioned personal data as the controller for the selection process for the respective job position. Data processing is carried out by the service provider Alma Career Czechia s.r.o. via its teamio platform.

Further information on data processing by Alma Career Czechia s.r.o., Menclova 2538/2, 180 00 Prague 8, ID: 264 41 381, can be found at https://almacareer.com/gdpr.

Your data will be processed as part of the proper processing of your application in order to assess your suitability for the position you are applying for. It therefore serves to establish an employment relationship in accordance with Art 6 (1) (b) GDPR. We store your data for a period of 6 months. If you give your consent to processing beyond the selection process for the specific position, your details and curriculum vitae will be stored for 3 years.


  1. Use of cookies

This website uses cookies and similar technologies (hereinafter referred to as “technologies”) that enable us, for example, to determine the frequency of visits to our website ¬†and the number of visitors and to design our offers in such a way that they are as convenient and efficient as possible.

When you access our website, you will be informed that technically necessary cookies are set. The processing of data by means of technically necessary technologies is based on our legitimate interest pursuant to Art 6 (1) (f) GDPR to ensure that you can use our website in the best viable way, that our website functions properly and to ensure a pleasant and trouble-free user experience. This type of technology is stored exclusively for the duration of your visit to our website. They are automatically deleted when you close your browser.

You are also informed that you can give your consent to the use of technologies that are not technically necessary within the meaning of Art 6 (1) (a) GDPR. The purpose of using these technologies is, for example, to offer you optimal user guidance and to “recognize” you and to be able to present you with websites and new content that are as varied as possible when you use them repeatedly. These technologies are only processed on the basis of your previously granted consent in accordance with Art 6 (1) (a) GDPR.

Further information, including the possibility of revoking consent already given, can be found here:


  1. Social media links

Our website contains simple links to the following social networks:

– Facebook (operated by: Meta Platforms Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA)

– Twitter (operated by: Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)

– LinkedIn (operated by: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

– YouTube (operated by: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

In these cases, data is only transmitted to the aforementioned social media operators if the corresponding icon (e.g. the “f” from Facebook) is clicked. If you click on one of these icons, a page of the corresponding social media operator will open in a pop-up window. There you can publish information about our products in accordance with the provisions of the social media operator.

In addition, freely accessible content from the third-party provider YouTube is displayed on some of the pages we offer. We do not transmit any personal data to these third-party providers in order to display the content. YouTube has its own cookie and data protection guidelines, over which we have no influence. Please obtain information about the data collected by third-party providers from the respective provider.


  1. Google Maps

We use Google Maps (API) from Google Cloud EMEA Limited, Velasco, Clanwilliam Place, Dublin 2, Ireland (“Google”) on our website. Google Maps is a web service for displaying interactive (country) maps in order to visualize geographical information.

When the Google Maps function is activated, information about your use of our website (e.g. your IP address) is generally transferred to the Google servers and stored there. This may also involve transmission to the servers of Google LLC. in the USA. The map display on our website can only be used if Google Maps is activated.

Data processing is carried out on the basis of Art 6 (1) (a) GDPR. The map allows you to see our locations and find us more easily.

You can decide whether you want to give your consent only once or permanently. If you give your consent permanently, your consent will no longer be requested for all future accesses. You can revoke your consent at any time in the “Consent settings”.

During the location search, only the search address entered by the user is transmitted. We do not link or store the search entry with the user.

Detailed information on data protection in connection with the use of Google Maps can be found on the Google website: Google Privacy Policy; Google Terms of Service.


  1. Google Tag Manager

We use Google Tag Manager, a web service provided by Google to manage website tags. The Google Tag Manager tool itself (which implements the tags) is a cookie less domain and does not collect any personally identifiable information. The tool triggers other tags that can collect data. Google Tag Manager does not have access to this data. If this option is deactivated at domain or cookie level, it remains effective for all tracking tags implemented with Google Tag Manager. Further information on Tag Manager can be found in the Google Tag Manager information.


Data protection Facebook Fanpage “Gerlach”

  1. Introduction

We are pleased to welcome you to our Facebook fan page and thank you for your interest in our company, our products, and services. In the following, we would like to inform you about data protection aspects when visiting our fan page.

  • Our fan page was made available to us by Meta Platforms Inc (Facebook) (hereinafter “Meta” or “platform operator”) in accordance with the applicable terms of use. The platform operator is solely responsible for the technical operation of the fan page.
  • We are solely responsible for the content that we publish on the site and for the interaction with visitors.
  • The platform operator manages the entire IT infrastructure of the platform, provides its own data protection information and has its own relationship with users registered on the platform. It is solely responsible for all data protection issues relating to your user profile, to which we have no access.
  • On the one hand, we have no influence on the data processing by the platform operator and, on the other hand, we cannot recognize to what extent, for what purposes and for how long the data is stored by the platform operators and, if necessary, evaluated, linked and passed on to third parties.
  • Please note that your data may also be processed outside the European Union/European Economic Area. This may result in data protection risks for users, as an adequate level of data protection may not be guaranteed and the enforcement of data subjects’ rights may be restricted.
  • Further information on data processing, for which Facebook is solely responsible, can be found in Facebook’s privacy policy and cookie policy.
  • If you would like to contact us directly, i.e. without the involvement of Facebook, please use the contact details on our website.


  1. Who is responsible for data processing?

Gerlach Zolldienste GmbH, Keniastraße 12, D-47269 Duisburg, Germany, is responsible for the information posted on the Facebook fan page https://www.facebook.com/Gerlach and its processing.


As far as the processing of personal data in the context of Page Insights is concerned, the platform operator is jointly responsible with us for data processing. The joint processing is based on an agreement between the joint controllers in accordance with Art. 26 GDPR:

– Meta Platforms Inc. (Facebook): Page Insights amendment regarding the person responsible


  1. What data do we process, and how and why do we process your data?

3.1. Data processing in the context of the Facebook Fanpage     

We use our Facebook fan page to share information with you, e.g. about our company, products and services, and to interact with you on various topics and respond to your enquiries accordingly. The associated data processing is carried out to protect our legitimate interests in accordance with Art. 6 para. 1 letter f) GDPR. Our legitimate interest lies in public relations and communication.

The data you enter on our website, such as comments, likes, images, videos, etc., are published by the platform operator and processed by us exclusively for the above-mentioned purposes. We reserve the right to delete illegal content should this be necessary. This is the case, for example, with posts that violate the law or are illegal, hate comments, offensive comments (explicitly sexual content) or attachments (e.g. images or videos) that may violate copyrights, personal rights, criminal laws or Gerlach’s ethical principles.

If you would like to exchange personal data with us, we recommend that you contact our customer service.


3.2 Data processing of page insights for statistical purposes      

Meta provides us with Page Insights, for which we are jointly responsible with Meta. Page Insights are anonymous statistics that are created based on certain events and collected by Facebook via cookies and similar technologies when a user like you interacts with our Facebook fan page. We can use the Page Insights, which do not contain any personal data, to recognize which content is most frequently requested by which group of people. We can then optimize our Facebook fan page. The legal basis for data processing in the context of Page Insights is to safeguard our legitimate interests in accordance with Art. 6 (1) (f) GDPR. We would like to point out that this data processing can also take place regardless of whether you are logged in or registered. We cannot influence the use of cookies and similar technologies on the Facebook fan page and in this regard refer to your option as a user via the respective cookie banner on the Facebook fan page to make your settings regarding the associated data processing (granting or not granting your consent).


3.3 What rights do users have?

If you want to exercise your rights as a data subject against us in accordance with I. 3, please use the contact details listed under I. 1.

You can also object to the processing of page insights for statistical purposes (see point 3.1) with the platform operator.

With regard to jointly responsible data processing, you can assert your rights with and against each individual controller. If you wish to assert your rights as a data subject against the operators of the Facebook fan page, please use the contact options provided there.

If we receive an enquiry that falls within Meta’s area of responsibility, we will forward it there for further processing.


3.4 Storage Duration

The duration of the storage of your data depends on the respective context of the processing and is based on the data protection framework conditions. All public contributions by you on our websites will remain on our websites for an unlimited period of time, unless we delete them due to an update of the original contribution, a violation of the law or a violation of our guidelines. Of course, you can delete your post, comment etc. yourself at any time or assert your right to deletion against us. We have no influence over the deletion of your data by Meta and therefore refer you to the platform operator’s privacy policy.



Choose your country

Follow us on: