If you are a private customer, you can find the privacy policy here.
We, Hermes Germany GmbH ("Hermes"), take the protection of your privacy and personal data very seriously. We therefore attach great importance to ensuring that your data is secure and that the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR), are complied with our data processing. Furthermore, we use technical and organizational measures to ensure that your data is optimally protected against unauthorized access by third parties.
This privacy policy applies to the online offering of https://business.myhermes.de and https://www.myhermes.de/geschaeftskunden (hereafter “Hermes Website”).
Hermes Germany GmbH
Essener Straße 89
22419 Hamburg
Tel.: +49 / 40 / 53755 – 0
E-Mail:
zentrale@hermesworld.com
Further information can be found in our legal notice.
Hermes Germany GmbH
The data protection officer
Essener Straße 89
22419 Hamburg
E-Mail: Datenschutz@hermesworld.com
The following information applies to all procedures described. Any deviating provisions will be specified in the respective procedure description.
Personal data – also referred to in the law as personal information and data relating to individuals – is personal information that allows conclusions to be drawn about your identity. This includes, for example, information such as your name, address, telephone number, or email address, but also information about your surfing behaviour. This information can be directly or indirectly attributed to you.
Personal data will only be transferred to third parties within the scope of legal requirements. We only pass on user data to third parties if this is necessary or for other purposes if the transfer is necessary to fulfill contractual obligations. Furthermore, it may be necessary to forward your data to authorities (e.g., tax offices or law enforcement authorities) in accordance with a legal obligation (Art. 6 para. 1 lit. c GDPR) in order to respond to their inquiries.
If we use subcontractors for our online offering, we have taken appropriate contractual precautions and corresponding technical and organizational measures with these companies.
If we use content or other resources from other companies (hereinafter collectively referred to as "third-party providers") whose registered office is located in a third country, it must be assumed that data will be transferred to the third-party providers' countries of residence. We will only transfer personal data to third countries if an adequate level of data protection is ensured, if the user has given their consent, or if there is other legal permission to do so.
We have taken appropriate technical and organizational measures to protect your data from loss, alteration, or unauthorized access. These security measures are continuously improved by us in line with technological developments. Our website uses the industry standard SSL (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal information over the Internet.
All our employees receive regular training on data protection and are instructed on how to handle customer data securely and confidentially. All our employees are bound to confidentiality and have signed a confidentiality and data protection agreement as part of their employment contract.
We collect and process your personal data on the basis of the following legal grounds of the General Data Protection Regulation (GDPR):
Consent pursuant to Art. 6 para. 1 lit. a GDPR. Consent is any voluntary, specific, and unambiguous indication of intent in the form of a statement or other clear affirmative action by which the data subject indicates that they agree to the processing of personal data relating to them.
Necessity for the performance of a contract or to take steps in accordance with Art. 6 para. 1 lit. b GDPR. We require your data in order to conclude a contract with you or fulfil our contractual obligations towards you.
Processing for compliance with a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR. The processing of your data is therefore required, for example, due to a law or other regulations.
Processing to protect legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. This means that processing is necessary to protect our legitimate interests or those of third parties, unless your interests or fundamental rights and freedoms requiring the protection of personal data prevail.
In addition to the right to withdraw your consent to Hermes, you have the following rights with regard to your personal data:
In accordance with legal requirements, you as the data subject have the right to obtain information about your data stored by us free of charge (Art. 15 GDPR). In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, and the origin of your data if it was not collected directly from you.
If your personal data has been recorded incorrectly or is incomplete, you can have it corrected at any time (Art. 16 GDPR).
You have the right to request that we delete your data (Art. 17 GDPR). If you wish to have your personal data deleted, we may be required to store this data for a certain period of time due to legal retention obligations, for example for tax or accounting purposes. There may also be other legal obligations and rights that may require us to continue storing your data. In such cases, we will delete the data immediately after the respective storage period has expired.
You have the right to restrict the processing of your data (Art. 18 GDPR) if you dispute the accuracy of the data, the processing is unlawful, but you oppose its deletion; we no longer need the data, but you require it to assert, exercise, or defend of legal claims, or you have objected to processing under Art. 21 GDPR, then we will retain it for this purpose.
You have the right to receive selected data stored by us about you in a common, machine-readable format or to request its transfer to another controller (Art. 20 GDPR).
You have the right to object at any time to the processing of your data based on a balancing of interests or in the public interest if there are reasons for this arising from your particular situation (Art. 21 GDPR). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims.
With regard to the processing of your personal data as described in this privacy policy, you can assert the above rights by contacting us at the following address:
Hermes Germany GmbH
Essener Straße 89
22419 Hamburg
Email:
myhermes-business@hermesworld.com
You also have the right to complain to a data protection supervisory authority about Hermes' processing of your personal data. The supervisory authority responsible for Hermes Germany GmbH in connection with postal services is:
The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Straße 153, 53117 Bonn
https://www.bfdi.bund.de
For other processing of personal data not related to postal services, the competent supervisory authority for Hermes Germany GmbH is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22, 20459 Hamburg
https://datenschutz-hamburg.de
The purpose of processing is to provide data information in accordance with Art. 15 GDPR and to exercise your rights as a data subject.
This refers to the data processed in connection with postal and other services provided by Hermes. We also require your personal data to identify you.
The legal basis for data processing is Art. 6 para. 1 lit. c GDPR.
If you request access to your data, we will store your request for 3 years. Earlier deletion is not possible here on the basis of statutory retention periods.
You are not obliged to disclose your personal data. Without your personal data, it is not possible to provide you with information about your data.
We will delete your personal data as soon as the purpose for which it was stored no longer applies and there are no other legal or contractual retention periods (including those under the German Fiscal Code or the German Commercial Code).
We have generally commissioned the processing of your personal data within the European Union. However, your personal data may be processed in the United States of America (USA). We have therefore ensured the level of data protection with appropriate safeguards in accordance with Chapter 5 of the GDPR, in particular with Art. 45 and Art. 46 GDPR.
This data is collected exclusively to ensure the functionality of the website. The data also serves to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
Each time you visit the Hermes website, certain data from the device you are using is automatically collected by our web servers and stored temporarily. The following data is collected:
The legal basis in this context is Art. 6 para. 1 lit. f GDPR, § 25 para. 2 no. 2 TDDDG. We process data for the following legitimate purposes: ensuring the functionality of the website, securing our systems, and providing you with your presumed preferred language. In this regard, your interest in confidentiality takes precedence. Without the processing of your personal data, it is technically impossible to provide, operate, and secure the website. Securing our website also serves your interests.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. The data will be deleted after 7 days at the earliest and after 32 days at the latest.
The processing of data for the purposes stated in this section is essential for the operation of the Hermes website. You therefore have no right to object.
The website is hosted by:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland
We have generally commissioned the processing of your personal data within the European Union. However, your personal data may be processed in the United States of America (USA). We have therefore ensured the level of data protection with appropriate safeguards in accordance with Chapter 5 of the GDPR, in particular with Art. 45 and Art. 46 GDPR.
You are not obliged to disclose personal data. However, without the above-mentioned personal data, you will not be able to access this website.
In order to improve our services and troubleshoot errors, we occasionally conduct voluntary surveys/user surveys on business.myhermes.de. To this end, we ask users of the website to participate in a survey. The surveys are accessed via a link. The answers are entered via an online form and transmitted to Hermes. Hermes stores and evaluates these answers. We use the external tool of the service provider SurveyMonkey for this purpose.
The following data may be transferred to us when you participate in a survey:
The legal basis for processing is Art. 6 para. 1 lit. a GDPR, consent through participation in the survey.
If only non-personal data is collected in the survey, it will be deleted after evaluation. If personal data (e.g., the shipment number) is collected, this will be pointed out at the beginning of the survey. By participating in the survey, the participant consents to the processing. Collected personal data will be deleted after one year. Personal data entered by participants without being requested will not be used by Hermes for evaluation purposes. It will be deleted after one year at the latest. Participants will be informed before the surveys that they should not enter any personal data in order to protect their privacy.
We use the services of SurveyMonkey to conduct the surveys:
SurveyMonkey Europe UC
Ella House, Suite 40.4
40 Merrion Square East
Dublin 2
D02 NP96
Ireland
SurveyMonkey stores the IP addresses of respondents in backend logs. Processing is necessary to protect the legitimate interests of SurveyMonkey as Hermes' technical service provider (Art. 6 para. 1 lit. f GDPR).
A personal reference can only be made indirectly if, for example, law enforcement authorities link the IP addresses to the survey responses and determine the owner of the Internet connection of the IP address used for the survey.
Further information about the data processed can be found at: https://de.surveymonkey.com/mp/legal/privacy-policy
We have generally commissioned the processing of your personal data within the European Union. However, your personal data may be processed in the United States of America (USA). There is no adequacy decision by the European Commission for the USA. We have therefore ensured the level of data protection with appropriate safeguards in accordance with Chapter 5 of the GDPR, in particular with Art. 45 and Art. 46 GDPR.
You are not obliged to disclose personal data. If you do not give your consent, you cannot participate in the survey.
Regular sending of the Hermes Business Customer Newsletter by email for the purpose of providing information and news about new products and services.
We collect the following data for the purpose of sending our newsletter:
We use your last name to address you personally.
The legal basis for data processing is Art. 6 para. 1 lit. a GDPR.
The data will be stored until you unsubscribe from the newsletter.
You can unsubscribe at any time by clicking on the link provided at the bottom of the newsletter. After unsubscribing, your personal data transmitted in this context will be blocked immediately and deleted after the expiry of the statutory storage periods.
Our newsletter contains tracking pixels, which enable us to evaluate the user reach. Tracking pixels are small graphics that are automatically loaded when a website or email is accessed and enable an evaluation of user behavior.
This evaluation is automated and anonymized, so that no personal reference can be established. The legal basis for data processing is Art. 6 para. 1 lit. f. GDPR. Our legitimate interest in processing lies in measuring the effectiveness of our advertising measures and improving our online presence and services. Your interest in confidentiality takes precedence.
The Hermes newsletter is sent by:
Salesforce.com inc.
Salesforce Tower
415 Mission Street, 3rd Floor
San Francisco, CA 94105
We have generally commissioned the processing of your personal data within the European Union. However, your personal data may be processed in the United States of America (USA). There is no adequacy decision by the European Commission for the USA. We have therefore ensured the level of data protection with appropriate safeguards in accordance with Chapter 5 of the GDPR, in particular with Art. 45 and Art. 46 GDPR.
Further information can be found at: https://www.salesforce.com/company/privacy/
You are not obliged to disclose personal data. However, without your data, we cannot provide you with our newsletter.
If you have registered on the myHermes Business Portal, you will find the privacy policy for our services here: To the services
If you have concluded an individual contract with Hermes Germany GmbH, you can find the privacy policy for our services here: To the services
The Hermes website uses cookies. Cookies are small text files that can be stored in the Internet browser or by the Internet browser on the user's device. Cookies usually contain a characteristic string of characters that enables the browser or device to be uniquely identified when the website is visited again. Various types of cookies are used on this website. A distinction is made between:
The first-party cookies used by this Hermes website include temporary session cookies and permanent cookies. The website stores information in permanent cookies in order to save your personal user settings and improve your user experience on your next visit (e.g., your selected language settings). The website stores technical information in temporary session cookies that is necessary for the website to function. The storage period for these cookies is based on the periods specified in this section.
This website also uses services provided by third parties to evaluate user behavior or to provide Internet services. These service providers may use cookies (third-party cookies), tracking pixels, or similar analysis technologies. You can find more detailed information about the Internet and analysis technologies used here in the following sections.
In general, you can instruct your web browser to prevent the storage of cookies or the execution of analysis technologies. However, some functions of this website may then no longer be available. As a compromise, you can also set your browser to notify you as soon as a cookie or similar analysis technologies are used. In addition, all cookies can be deleted manually at any time.
You can withdrawal your consent to the data processing described below in full via the following tool . This will prevent the analysis service from being executed and an opt-out cookie will be stored in the web browser of the device used with the instruction that no further data from this device should be processed for the aforementioned purposes.
Usercentrics is a consent management platform which uses cookies that are necessary for technical reasons. This is achieved through an entry in your browser's LocalStorage. The consent is stored to comply with legal obligations.
This list contains the following data collected by or through the use of this service:
The legal basis for the processing of the data is Art. 6 para. 1 lit. c GDPR and § 25 para. 2 no. 2 TDDDG.
The consent data (consent and withdrawal of consent) will be stored for three years. After the retention period has expired, the collected data will be deleted immediately. This data can be deleted by the user at any time via their own browser settings.
Due to the collection of data for legal reasons, objection is not possible.
The processing company is:
Usercentrics GmbH
Sendlinger Str. 7
80331 Munich
Germany
Further information about the data processed can be found at: https://usercentrics.com/de/datenschutzerklaerung/
We have generally commissioned the processing of your personal data within the European Union. However, your personal data may be processed in the United States of America (USA). There is no adequacy decision by the European Commission for the USA. We have therefore ensured the level of data protection with appropriate safeguards in accordance with Chapter 5 of the GDPR, in particular with Art. 45 and Art. 46 GDPR.
The provision of your personal data is necessary to fulfill a legal obligation.
The A/B test is a test method for evaluating two variants of a system, in which the original version is tested against a slightly modified version. The multivariant test is an A/B test with several variables.
The purpose of processing is to continuously improve the online offering.
When you use the Hermes website, AB Tasty collects the following statistical information:
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR or § 25 para. 1 TDDDG, provided that you have consented to the use of cookies on the Hermes website.
Cookies set by AB Tasty are valid for up to 13 months, after which they are automatically deleted from the device used. By deleting the cookies, the analysis data collected is anonymized, as it can no longer be assigned to a cookie ID.
Consent to usage analysis by the web analysis service AB Tasty can be revoked at any time with future effect by deactivating the "AB Tasty" checkbox under the "Statistics and Analysis" category and then saving your settings via the following tool .
This will prevent the analysis service from running and will also delete the cookie named "AB Tasty Opt-out" from the domain myhermes.de on the corresponding device. The AB Tasty analysis service will no longer collect or process any data from your device. This revocation will remain in effect until the "AB Tasty" box above is reactivated.
Data is collected by a tracking pixel integrated into the Hermes website and its subpages, as well as by cookies set by AB Tasty. This enables the analysis service to study our visitors' browsing behaviour and design the Hermes website to be more customer-oriented. The usage analysis is carried out in such a way that neither we nor the analysis service can identify individual users.
The Hermes Website uses the service provided by AB Tasty:
AB Tasty SAS ("AB Tasty")
64-66 rue des Archives
75003 Paris
France
Further information about the data processed can be found at: https://www.abtasty.com/de/datenschutzerklaerung/
We have generally commissioned the processing of your personal data within the European Union. However, your personal data may be processed in the United States of America (USA). There is no adequacy decision by the European Commission for the USA. We have therefore ensured the level of data protection with appropriate safeguards in accordance with Chapter 5 of the GDPR, in particular with Art. 45 and Art. 46 GDPR.
You are not obliged to provide your personal data. If you have not used the above-mentioned function to deactivate tracking by AB Tasty, your personal data will be processed when you access this website.
The collected data enables the analysis service to analyse the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to ensure the integrity of our website and to continuously improve its usability and user-friendliness. The usage analysis is carried out in such a way that neither we nor the analysis service can identify individual users.
The following data is processed:
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR or § 25 (1) TDDDG, provided that consent to the use of cookies on the Hermes website has been given.
The data will be deleted as soon as it is no longer required for our analysis purposes. The session cookie containing the session ID becomes invalid and is deleted when you leave the website. The permanent cookie with the long-term ID becomes invalid and is deleted after 6 months. All data collected by the analysis service will be anonymized after 14 months at the latest.
Cookie-based data collection and processing can be revoked at any time with future effect by deactivating the "Mapp" checkbox and then saving your settings via the following tool . The Mapp analysis service will then no longer collect or process any data from this device using cookies. This revocation remains in effect until the "Mapp" checkbox is reactivated.
The data is collected by a tracking pixel integrated into the Hermes website (and its subpages) and by cookies set by Mapp Intelligence (Mapp).
The data is processed by the following company:
Mapp Digital Germany GmbH
Sandstr. 3
80335 Munich
Germany
Further information about the data processed can be found at: https://mapp.com/privacy/ and https://mapp.com/de/datenschutz/ .
We have generally commissioned the processing of your personal data within the European Union. However, your personal data may be processed in the United States of America (USA). There is no adequacy decision by the European Commission for the USA. We have therefore ensured the level of data protection with appropriate safeguards in accordance with Chapter 5 of the GDPR, in particular with Art. 45 and Art. 46 GDPR.
You are not obliged to provide your personal data. If tracking by Mapp is activated by the above-mentioned function, your personal data will be processed when you access this website.
The analysis and targeting service "Mapp Marketing Automation" uses the data collected below to enable us to display personalized content on the Hermes website based on segments.
When you use the Hermes website, the following data is processed by our analytics service:
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR or § 25 (1) TDDDG, provided that consent to the use of cookies on the Hermes website has been given.
The data will be deleted as soon as it is no longer required for our analysis purposes. The session cookie with the session ID is deleted at the end of the website visit. The permanent cookie with the long-term ID expires and is deleted after 6 months. All data collected by the analysis service will be anonymized after 14 months at the latest.
Consent to the use of analytics and the collection of personalized information on the Hermes website by Mapp Marketing Automation can be revoked at any time by deactivating the "Mapp Marketing Automation" checkbox in the following tool and then saving your changes with effect for the future.
The data is collected by a tracking pixel integrated into the Hermes website (and its subpages) and by cookies set by Mapp Intelligence (Mapp).
The data is processed by the following company:
Mapp Digital Germany GmbH
Sandstr. 3
80335 Munich
Germany
Further information about the data processed can be found at: https://mapp.com/privacy/ and https://mapp.com/de/datenschutz/ .
We have generally commissioned the processing of your personal data within the European Union. However, your personal data may be processed in the United States of America (USA). There is no adequacy decision by the European Commission for the USA. We have therefore ensured the level of data protection with appropriate safeguards within the meaning of Art. 46 GDPR.
You are not obliged to provide your personal data. If tracking by Mapp Marketing Automation is activated by the above-mentioned function, your personal data will be processed when you access this website.
These technologies enable us to measure the success of online advertising and to target advertising on other websites to Internet users who have already visited this Hermes website, who have already seen our advertising banners on other websites, or who may be interested in our services based on statistical criteria.
These cookies collect the following anonymous data, which does not allow any conclusions to be drawn about the individual user or the specific device used:
Data that could identify the end device (e.g., Mac address, IMEI number, etc.) is not collected.
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR or § 25 (1) TDDDG, provided that consent to the use of cookies on the Hermes website has been given.
The cookies set in this context become invalid after 180 days and are deleted from the end device.
Consent to the use of analytics and the collection of personalized information on the Hermes website can be revoked at any time by deactivating the "Virtual Minds" checkbox in the following tool and then saving your changes with effect for the future.
The data is processed by the following company:
Virtual Minds GmbH
Ellen-Gottlieb-Straße 16
79106 Freiburg im Breisgau
Germany
Further information about the data processed can be found at: https://virtualminds.com/de/privacy-center-datenschutz
You are not obliged to provide your personal data. However, if you have not used the above-mentioned function to deactivate tracking by Virtual Minds, it is not possible to access this website without processing your personal data.
These technologies enable the measurement of the success of online advertising and allow for targeted advertising to adress users on other websites who have already visited this Hermes website, have seen our advertising banners on other websites, or who may be statistically interested in our services.
The legal basis for data processing in this context is Article 6(1)(a) of the GDPR, provided that consent has been given for the use of cookies on the Hermes website.
The cookies and identifiers set in this context will become invalid and be deleted from the device after 180 days.
Consent to usage analysis and the collection of personalized information on the Hermes website can be revoked at any time by deactivating the "Adform" checkbox in the following tool and then saving it for future effect.
The data is processed by the following company:
Adform
Rosenborggade 15, 2nd floor
1130 Copenhagen K, Denmark
Further information about the processed data can be found at:
https://site.adform.com/privacy-center/overview
You are not obligated to provide your personal data. However, if you do not use the aforementioned function to deactivate tracking by Adform, accessing this website without processing your personal data is not possible.
If you contact us by telephone or email, the personal data you provide will be collected and stored.
We use the data collected exclusively for the purpose of responding to your inquiry and for other purposes specified at the time of data collection. If necessary to respond to your request, we will also transfer the data to the relevant Hermes company (for example, data will be transferred to Hermes Logistik GmbH & Co KG, based in Austria, if you request information about Hermes services in Austria).
The following data may be collected. Whether this data is collected depends on your request:
The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, provided that the contact is made in connection with the myHermes Business user account, our myHermes Business services or otherwise in a contractual context. If there is no contractual relationship between you and Hermes, the legal basis is Art. 6 para. 1 lit. f GDPR. In this case, Hermes' legitimate interest outweighs your legitimate interest. The reason for this is that it is not possible to process your request without processing your personal data. The use of the contact form or contacting us is also voluntary.
We delete the data collected in this context after it is no longer required for the purpose of contact or, in the case of statutory retention obligations, restrict its processing.
If you have contacted us for reasons other than to initiate a contract, you have the right to object to the processing of your personal data at any time. In the event of an objection, correspondence cannot be continued. All personal data collected in this context will be deleted in the event of a justified objection.
You are not obliged to disclose your personal data. The fields marked in the input mask are mandatory fields, without which your request cannot be processed.
Our website and our privacy policy may contain links to external websites of third parties over whose content we have no influence. We therefore cannot accept any liability for this external content.
The respective provider or operator of the page is always responsible for the content of the linked website. The linked page was checked for possible legal violations at the time of linking. No illegal content was identified at the time of linking. Permanent monitoring of the content of the linked pages is not possible without concrete evidence of a violation of the law and is unreasonable for. If we become aware of any violations of the law, we will remove such links immediately.
We may change or update parts of this privacy policy without prior notice. Please review the privacy policy before using our services to stay informed of any changes or updates.
Current status of the privacy policy: July 2025