Gerlach Zolldienste GmbH (hereinafter also referred to as “Gerlach”, “we”) a company of the Deutsche Post DHL Group, attaches great importance to your privacy when processing personal data in our daily business processes.
We process personal data that is collected when you visit our website in accordance with the legal provisions. Our data protection policy is also based on the data protection guidelines applicable to the Deutsche Post DHL Group. Below we inform you about the processing of your personal data in the context of the use of our website www.gerlach-customs.com (“website”).
- Contact details of controller and data protection officer
Responsible for the operation of this website
Gerlach Zolldienste GmbH
Tel. +49 (0)203 348 599-100
Fax. +49 (0)203 348599-11
Should you have any further questions regarding data protection in connection with our website or the services offered, please contact our data protection officer:
Deutsche Post AG
Gabriela Krader LL.M.
Corporate Data Protection
- Personal Data
Personal data are any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Right of data subjects
You enjoy the following data protection rights:
a) In accordance with Art. 15 GDPR, you can request information about your personal data processed by the particular controller.
b) You can request rectification in accordance with Art. 16 GDPR if your data are not (or are no longer) correct.
c) You can request the erasure of your personal data in accordance with Art. 17 GDPR.
d) In accordance with Art. 18 GDPR, you have the right to request a restriction on the processing of your personal data.
e) If the requirements of Art. 20 (1) GDPR are met, you have the right to receive your data in a structured, commonly used and machine-readable format.
f) You have the right to object in accordance with Art. 21 GDPR if the processing of your data is based on a legitimate interest.
g) If you have given your consent to a certain type of processing, you can withdraw this consent at any time with effect for the future by informing the relevant contact addresses in accordance with Art. 7 (3) GDPR.
h) If you believe that the processing of your personal data violates data protection legislation, you have the right to lodge a complaint with the competent data protection supervisory authority in accordance with Art. 77 (1) GDPR.
The competent Supervisory Authority for “Gerlach” is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Please contact the address above if you wish to assert your data subject rights.
Data processing when exercising your rights:
In order to be able to process your request, as well as for identification purposes, we would like to point out that we will process your personal data on the basis of Article 6 para. 1 sentence 1 letter c) GDPR.
- Duration of storage
Your personal data will be deleted or blocked as soon as the purpose of the storage ceases to apply. In addition, data may be stored on account of statutory or contractual retention periods. The data will also be blocked or deleted if a legally prescribed storage period expires unless there is a need for further storage of the data for contractual reasons. Please refer to the sections below for more information about retention periods associated with specific products and services.
- Categories of recipients
We do not sell, transfer or pass on your data to third parties in any other way and will not do so in the future unless this is required by law, necessary for the purposes of the contract or you have consented to such transfer. External service providers who process data on behalf of us (e.g. customer service activities, IT services) offer adequate guarantees that suitable technical and organisational measures have been implemented in such a way that processing is carried out in compliance with the requirements of the EU General Data Protection Regulation. They are contractually obliged to maintain strict secrecy in accordance with Art. 28 GDPR. In these cases, we continue to be responsible for the protection of your personal data. External service providers only process personal data on documented instructions of the relevant controllers.
- Transfer to third countries
The processing of your data also takes place in countries outside the EU. Beyond the regulations of the EU GDPR, the processing of personal data is also carried out on the basis of the Binding Corporate Rules and the EU Standard Contractual Clauses.
- Data security
We undertake all necessary technical and organisational security measures to protect your personal data from misuse or loss. For example, your data are stored in a secure operating environment that is not accessible to the public. In certain cases, your personal data are encrypted during transmission using Secure Socket Layer (SSL) technology. This means that an approved encryption method is used for communication between your computer and our servers, provided your browser supports SSL.
Should you wish to communicate by e-mail with us, please bear in mind that the confidentiality of the information transmitted cannot be guaranteed. The contents of the e-mail messages can be read by third parties. We therefore recommend that confidential information addressed to them be sent by post.
II. Data processing when you visit our website
- Visiting our website
“Gerlach” ensures that the data of visitors to this website are protected. When you visit this website, the web servers temporarily store data for security reasons that may permit identification. The following data are collected:
- hostname of the accessing computer
- IP address
- website from which you accessed this website
- a list of the sites you visited within the scope of our overall Internet presence
- the date and duration of your visit, notification of whether the visit was successful
- volume of data transferred
- information about the identification data of the browser type and operating system used by you
Other personal data such as your name, address, telephone number or e-mail address are not collected unless you provide these data of your own accord, e.g. when completing an online contact form, in the course of registration, a customer survey, a competition, contract processing or relating to an enquiry.
Temporary storage of this data is necessary during your visit to the website in order to allow the website to be delivered to you. Further storage in log files is performed to ensure the functionality of the website and the security of our IT systems. These purposes are also covered by a legitimate interest in data processing. This measure is undertaken on the basis of Article 6 para. 1 sentence 1 letter f) GDPR.
The data are deleted as soon as they are no longer needed to achieve the purpose for which they were collected. For the provision of the website, this is the case when the session terminates. The log files (access logs) are kept for administrators to access directly and exclusively for a period of 24 hours. After that, they are only available indirectly through a restore from backup tapes and are permanently deleted after 30 days.
- Registration on our platform
a. Customer account
In order to be able to use our services, you have to log in to our website as a customer. This requires a registration. A registration for a customer account is required in order to provide you with the functions and tools of your platform and to enable you to obtain offers from us.
Furthermore, you have the possibility to manage your account after registration.
The legal basis for the processing of personal data is Article 6 para. 1 sentence 1 letter b) GDPR. Your registration data will be kept until you decide to delete your account, unless a longer storage period is required by law.
If you want to register, you have to provide the below-mentioned personal data:
- Company name
- Declaration per year
- Full name
- Phone number
- Email Address
After submitting your data you will receive an e-mail from us. To complete your registration, you have to confirm the confirmation link. Within the scope of the registration and confirmation your IP address and the time of registration or confirmation will also be saved in order to verify your registration.
b. Data processing for contract performance
As part of the services provided, in particular transport and logistics services, personal data are processed on the basis of contracts concluded with you. These data are used, for example, to execute a (deceleration) contract, to administer customer data, to process payments and, where necessary, to perform credit checks. Certain shipping data are provided to the authorities of the country of transit or destination – depending on relevant legal requirements – for the purpose of customs clearance and taxation or for security checks. Such data generally include the name and address of the sender, the name and address of the recipient, a description of the goods, the quantity, weight and value of the consignment.
In order to fulfil a (declaration) contract, personal data of the customer and (alternative) recipient (e.g. name, address of the sender and (alternative) recipient, e-mail address, telephone number, shipment information, delivery documentation, such as signature, GPS data and time of the delivery event, bank data, identification data) are processed.
As a general rule, the legal basis is Article 6 para. 1 sentence 1 letter b) GDPR, since processing is carried out for the performance of a contract in which you are (indirectly) involved and for proof of the correct delivery of the service. Furthermore, data processing is carried out in order to meet legal obligations in accordance with Article 6 para. 1 sentence 1 letter c) GDPR in connection with contract performance.
c. Data processing for security, quality assurance and process optimisation
We process the data collected in the course of implementing the contract for (data) security purposes (e.g. to detect criminal offences or misuse), to produce statistics and for quality assurance, process optimisation and planning reliability to the extent permitted by law. We have a legitimate interest for this processing in ensuring the smooth operation and continuous improvement of the particular products and services. In our opinion, there is no overriding interest worthy of protection, since the intensity of the processing operations is extremely low, e.g. through the use pseudonyms. The legal basis for this data processing is Article 6 para. 1 sentence 1 letter f) GDPR.
d. Data Processing for sales purposes
If you register as a customer, your address data (e.g. name, address) will be processed to inform you about offers, news, products and services of “Gerlach”. The legal basis for the aforementioned processing is Article 6 para. 1 sentence 1 letter f) GDPR. The legitimate interest of us lies in particular in providing optimum and customer-specific service. You have the right to object to this processing at any time. To exercise your right, simply contact us by sending an e-mail to email@example.com.
If you register for our newsletter, we will use your e-mail address for the above mentioned purposes. The legal basis for this data processing is your consent in accordance with Article 6 para. 1 sentence 1 letter a) GDPR.
You may stop receiving information and news by e-mail at any time by clicking on the relevant link at the bottom of the e-mail. You can also withdraw consent at any time with effect for the future using the contact address above.
If you unsubscribe from e-mail communications or withdraw your consent, the corresponding data will be removed or blocked from the mailing list and will no longer be processed for these purposes.
We perform a measurement of success as part of the e-mail distribution process. For example, a record is made of whether an e-mail has been opened and whether links in the e-mail have been clicked on. The analyses serve to identify the reading habits of users and to adapt content to them or to send different content according to users’ interests. The legal basis for this data processing is Article 6 para. 1 sentence 1 letter f) GDPR. This data processing for our own direct marketing purposes is carried out within the scope of the legitimate interest of us.
e. Payment Services
We use third party payment services depending on the payment method you have chosen. Thereby, your data will also be processed in a so-called third country, i.e. forwarded to a country outside the European Union (EU)/European Economic Area (EEA) or accessed from there. This data transfer is necessary for the fulfilment of the respective contract of transport (e.g. customs clearance). If a third country transfer takes place by the above-mentioned responsible parties, this will only take place on the basis of the DPDHL Group Data Protection Policy, EU standard contractual clauses or within the scope of the exceptions of the GDPR.
Please take note of the privacy notes of the payment services. Additional information can be found here: https://stripe.com/en-es/guides/general-data-protection-regulation#stripe-and-the-gdpr
- Jobs and Career at “Gerlach”
This describes the processing of personal data when using the Deutsche Post DHL Group career site websites including the mobile applications (our “Apps”)
a) Who is responsible for this career site?
The responsible party within the meaning of the GDPR is:
Deutsche Post AG
Charles-de-Gaulle Str. 20
If you have any questions regarding the processing of your personal data on this careers site, you can contact the data protection officer of Deutsche Post AG either by post at the address given or by e-mail at firstname.lastname@example.org.
b) Processing of personal data by Deutsche Post AG
In the following, we would like to give you an overview of how we ensure the protection of your personal data when you access our website and what types of personal data we process, for what purposes and to what extent.
- processing of data when accessing our website – log files
When accessing our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and the like. In addition, the IP address is transmitted and used to provide the service you requested. This information is technically necessary in order to correctly deliver website content requested by you and is mandatory when using the Internet
According to our IT security concept, the accruing log file data is stored for a period of 120 days in order to detect and analyze any attacks against our website. The legal basis for data processing is Art. 6 para. 1 lit f) DSGVO.
- Individually tailored job recommendations
On our website, you have the option of receiving job recommendations individually tailored to you. For this purpose, we use the information you provide on the website or via the chatbot (preferred place of work, work experience, skills and job description) to show you suitable jobs. If you upload a resume, we automatically read the above information from it and use it to display suitable job offers. We store your details in pseudonymous form with the aid of a cookie for a period of 12 months in order to be able to display suitable job offers to you on the basis of your details when you access the website at a later date. It is therefore not possible for us to identify a specific person. The legal basis for setting the cookie is the consent given in accordance with Art. 6 (1) p. 1 lit. a DSGVO. The legal basis for the further processing of the data to display suitable jobs is Art. 6 para. 1 p. 1 lit. f DSGVO.
- creation of a profile
When requesting information for the individually tailored job recommendations, you have the option of providing personal information (name, e-mail address) on a voluntary basis. If you provide us with these, we will store your data in personalized form for 12 months in order to display our individually tailored job recommendations to you in personalized form and, in particular, to be able to address you personally for this purpose. The legal basis is your consent in accordance with Art. 6 (1) p. 1 lit. a DSGVO.
- Registration for the Job Alert
To register for our Job Alert, we use the so-called double-opt-in procedure. This means that after you have entered your e-mail address, we will send you a confirmation e-mail to the e-mail address you have entered, in which we ask you to confirm that you wish to receive the Job Alert. If you do not confirm this within 4 hours, your registration will be automatically deleted. If you confirm your wish to receive the Job Alert, we will store your e-mail address for 12 months or until you unsubscribe from the Job Alert. The storage serves the purpose of being able to send you suitable job offers based on your search information. Furthermore, we store your IP addresses and the times of your registration each time you register and confirm, in order to prevent misuse of your personal data and to be able to provide proof of correct sending. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 letter a DSGVO.
Mandatory information for sending the Job Alert is the e-mail address, as well as the desired area and your career level, in order to be able to send appropriate job recommendations based on this. You can revoke your consent by clicking on the link provided in every Job Alert email.
- Information to ensure data security
We take technical and organizational security precautions on our pages to protect the personal data stored with us from access by third parties, loss or misuse and to enable secure data transfer. We must point out that, due to the structure of the Internet, unauthorized access to data by third parties may occur. It is therefore also your responsibility to protect your data against misuse by encrypting it or in any other way. Without appropriate protective measures, unencrypted data in particular, even if transmitted by e-mail, can be read by third parties.
- Use of web tracking
“Gerlach” uses tracking software to determine how many users visit our website and how often. This software is not used to collect individual personal data or individual IP addresses. The data are used exclusively in anonymous and summary form for statistical purposes and in order to develop the website further.
“Cookies” are small files that allow specific information relating to you to be stored on your device while you visit this website. Cookies help to determine the frequency of use and the number of users who visit this website and to make our services to you as convenient and efficient as possible.
We uses “session cookies” in accordance with Article 6 para. 1 sentence 1 letter f) GDPR in order to optimise this website and ensure convenient and unimpeded use. These cookies are only stored for the duration of your visit to this website. They are automatically deleted when you close your browser.
Secondly, “persistent cookies” are used to record information about visitors who regularly access this website. The reason for using these cookies is to be able to offer you optimum user guidance as well as to “recognise” you and to be able to present you with as varied a website and new content as possible during recurrent use.
No individual profiling is performed on the basis of usage behavior. The contents of a persistent cookie are limited to an identification number. Your name, e-mail address, IP address etc. are not stored.
When clicked one trust preference center will be opened; same behavior of the cookie setting link in the footer
- Social Media Links
Our website contains simple links to the following social media networks:
- Facebook (operated by: Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
- Twitter (operated by: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
- LinkedIn (operated by: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
- Youtube (operated by: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
In these cases, a transfer of data to the social media operators mentioned only takes place if the corresponding icon (e.g. the “f” of Facebook) is clicked. If you click on one of these icons, a page of the corresponding social media operator opens in a popup window. There, you can publish information about our products according to the regulations of the social media operator.
Furthermore, on some of the sites offered by us freely accessible content from the third-party provider Youtube is displayed. We do not transmit personal information to these third parties to display the content. YouTube has its own cookie and privacy policies which we do not control. Please inform yourself about the data collected by third-party providers from the respective provider.
You can contact us by contact forms on our website, e-mail, by phone, by social media or by post. The personal data provided by you (e.g. first and last name, e-mail address, telephone number, address, remarks, customer number) are processed exclusively for the technical administration of our website and for providing you the requested services or information.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b) GDPR and Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest here arises from the aim of answering your enquiries and thus maintaining and promoting your satisfaction as a customer or user of our website. Our legitimate interest consists of in particular ensuring a smooth process flow, processing customer requests, direct marketing of its own products and services and continuously improving them.
Provided that no statutory or contractual retention periods need to be observed, your request will be stored for a maximum of two years with the relevant controller as proof of proper processing and for the purpose of further optimising services.
- Google Maps
This website uses Google Maps (API), belonging to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive (country) maps in order to visually provide geographical information. You can use this service to see our location and make it easier for you to find us. When you access sub-pages that incorporate a Google Maps map, information about your use of our website (such as your IP address) is transmitted to and stored by Google on servers. This may also include a transfer and storage of data on servers in the United States. This is the case regardless of whether Google provides a user account that you are logged in to or whether no user account exists. When you are logged in to Google, your data will be directly mapped to your account. If you want to avoid this mapping to your profile at Google, you need to log out before activating the button.
Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such evaluation is carried out in particular pursuant to Article 6 para. 1 sentence 1 letter f) GDPR on the basis of Google’s legitimate interests in the insertion of personalised advertising, market research and/or demand-oriented design of its website.
For the location search, only the search address entered by the user is transferred. There is no link or storage between the search entry and the user.
Data processing is performed on the basis of Article 6 para. 1 sentence 1 letter f) GDPR. We has a legitimate interest in visualising our online offers and easy findability of the locations we have indicated on the website.
- Google Tag Manager
We use Google Tag Manager, a web service provided by Google to manage website tags. The Google Tag Manager tool itself (which implements the tags) is a cookieless domain and does not collect personally identifiable information. The tool triggers other tags, which may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. You can read more about Tag Manager in the Google Tag Manager information.
Facebook Fanpage “Gerlach”
We are pleased to welcome you to our Facebook fan page, thank you for your interest in our company, products and services. In the following document, we would like to inform you about certain issues related to data protection laws that apply when you visit our fan page.
- We are solely responsible for the content that we post on the page.
- Pursuant to the agreement between Facebook and us (a page insights addendum), every joint controller shall fulfill its information obligations on its own.
- You may exercise your rights as the data subject (see Item 4) by contacting the officer responsible for insights data. Should we receive an inquiry that falls into Facebook’s area of responsibility, we shall forward it to Facebook for further processing.
- We have no say in Facebook’s processing of the data. Furthermore, we possess no information regarding the degree, purposes and length of time that Facebook will store the data and possibly evaluate, link and transmit the information to third parties. If you would like to contact us directly, i.e. without the participation of Facebook, please use the contact details on our website.
- Who is responsible for data processing?
Gerlach Zolldienste GmbH, Keniastraße 12, D-47269 Duisburg, Germany is responsible for the information it posts and also for its processing.
You can reach our data protection officer at
Deutsche Post AG
Corporate Data Protection
Facebook Ireland Ltd, 4 Grand Canal Harbour, Dublin 2, Ireland, and Deutsche Post AG are jointly responsible for processing the personal data in events for page insights (Insights data). Collective processing is based on an agreement between the joint controllers pursuant to Article 26 GDPR, which you can view at: Information on Page Insights
- Which data do we process, and how and why do we process your data?
3.1) Data processing of page insights for statistical purposes
For our fan page, Meta provides us with page insights. Page insights are anonymous statistics that are generated as a result of certain events and are tracked by Facebook when a fan page visitor such as you interacts on our fan page. We can use the page insights, which contain no personal data, to see which content is particularly accessed by which group of individuals. We can also use these data to optimize our fan page itself. This represents a legitimate interest for processing (processing of personal data in events for page insights). The legal basis for data processing related to page insight is Article 6 para. 1 sentence 1 letter f) GDPR. You can adjust your Facebook ad preference settings in your Facebook account.
3.2) Data processing resulting from contacting us and from other communications
We ourselves do not collect personal data when you get in touch with us by using a contact form or Messenger, among other options. This data is processed exclusively for the purpose of responding to the inquiry, for establishing contact, for the associated technical administration and, unless other statutory or contractual retention periods apply, will be used for a maximum of two years to prove correct and proper processing and for further optimization of services.
Our legitimate interest is to properly address your matter as quickly as possible. The legal basis for the processing is Article 6 para. 1 sentence 1 letter f) GDPR. If the contact is initiated for contract inception or conclusion, Article 6 para. 1 sentence 1 letter b) GDPR will serve as the legal basis. If you provide us with personal data on our fan page (e.g., as part of comments), this process shall be conducted on the basis of your consent in accordance with Article 6 para. 1 sentence 1 letter a) GDPR. You may revoke your consent at any time with effect for the future. If you would like to exchange personal data with us, we recommend that you contact our customer service.
Data is also collected for the purpose of holding and processing competitions. The respective details, such as which data is processed for which purpose, can be found in the data protection notices and terms and conditions of the respective competition.
3.3) Data processing for direct marketing purposes
We process personal data in order to inform you about our offers, innovations, products and services. Personal data are processed for direct marketing purposes within the context of our legitimate interests. The legal basis for this data processing is Article 6 para. 1 sentence 1 letter f) GDPR. You have the right at all times to object to the processing for direct marketing purposes (see Item 4). Once your objection has been expressed, your personal data shall no longer be processed for these purposes.
- What rights do users have?
Under the GDPR, data subjects shall have the following rights:
- Under Article 15 GDPR, they have the right to receive information regarding the personal data that are processed by the respective controller
- They may request a rectification under Article 16 GDPR, provided that their data are not or are no longer correct.
- Under Article 17 GDPR, the data subjects may demand that their personal data be erased.
- Under Article 18 GDPR, they have the right to demand a restriction on the processing of their personal data.
- If the conditions of Article 20 (1) GDPR have been met, the data subjects have the right to receive their data in a structured, commonly used and machine-readable format.
- Under Article 77 (1) GDPR, they have the right to lodge a complaint with the responsible data-protection authority.
- Under Article 21 (2) GDPR, you may at any time object to the processing of your personal data for direct marketing purposes.
- Under Article 21 GDPR, the data subjects have the right to object, provided that their data are processed on the basis of a legitimate interest in terms of Article 6 (1)(f) GDPR (see Items 3.1 and 3.2) and provided that they can cite grounds relating to their own particular situation. You can lodge an objection with us by stating your contact details, the specific processing to which you are objecting, the grounds for objection arising from your particular situation and the name of the fan page.
or in the case of an objection to the processing of page insights for statistical purposes (see Item 3.1) with Facebook. Should we receive an inquiry that falls into Facebook’s area of responsibility, we shall forward it to Facebook for further processing.
If you wish to exercise data subject rights against Facebook, please contact Facebook Ireland Ltd., 4 Grand Canal Harbour, Dublin 2, Ireland. You may exercise these rights online by using the contact form provided on the Facebook site.
If you would like to exercise your rights as a data subject in dealings with us, please use the contact data included in Item 2.