Tailwind Shipping Lines

Privacy

Privacy Policy for www.tailwind-ahead.com

(Version 1.0, last updated January 14, 2026)

This privacy notice informs you about the processing of your personal data when using the above-mentioned website, as well as your rights under the European Union’s General Data Protection Regulation (GDPR).

1. Controllers

Unless otherwise specified below, the following entities are joint controllers (Art. 4 No. 7 GDPR) for the data processing activities described in this notice:

Tailwind Shipping Lines GmbH & Co. KG, Neue Burg 2, 20457 Hamburg, Germany; Email: contact@tailwind-shipping.com

and

Tailwind Intermodal GmbH, Am Terminal 3, 8402 Kalsdorf bei Graz, Austria; Email: contact@tailwind-intermodal.com

Joint controllership means that the above-mentioned companies have jointly determined the purposes and means of the data processing, unless otherwise stated. The two companies have entered into an agreement in accordance with Article 26 GDPR to define their respective responsibilities, particularly with regard to the fulfillment of data subject rights.

Additional information about the joint controllership arrangement is available upon request.

The contact details for exercising your data subject rights and for further inquiries can be found in Section 8 below.

2. Details of Data Processing (Website)

2.1 Use of the Website

Purposes and Legal Bases

When you use our website, the browser on your device automatically transmits the following data to our website’s server, without any action on your part, where it is temporarily stored in a log file for the following purposes:

the IP address of the device,
the date and time of access,
the name and URL of the requested file,
the HTTP response code,
the amount of data transmitted,
the website or application from which the request originated (referrer URL),
the browser you are using and, if applicable, the operating system of your device, and
the name of your access provider.

This data is processed for the following purposes:

to ensure a smooth connection to the website,
to enable convenient use of the website/application, and
to assess system security and stability.

Use of our website is protected by a firewall. For this purpose, your IP address and the client request (request target) are also logged.

The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in protecting our systems and preventing abusive or fraudulent behavior each time a user accesses this website.

Recipients/Categories of Recipients

In certain cases, it may be necessary for us to disclose your personal data to additional recipients.

The website is hosted on servers operated by IT service providers on our behalf. These providers may have access to your personal data for support and maintenance purposes.

The data logged in connection with the use of the firewall is accessible to IT service providers engaged by us to operate the firewall.

Retention Period/Criteria for Determining the Retention Period

Log files are retained for 90 days. Firewall logs are retained for 30 days.

2.2 Use of Cookies and Tracking Technologies

When cookies and similar technologies are used to process usage data, files are stored locally on your device when you visit our website. These files contain information related to the specific devices you use. However, this does not mean that we can directly identify you.

An overview of the cookies and other similar tools and technologies used in each category is provided at the end of this Privacy Policy.

There, you will also find the option to review and update your current settings, and to withdraw or adjust any consent you may have given at any time with effect for the future, without affecting the lawfulness of processing based on consent before its withdrawal. To withdraw your consent for specific processing purposes, simply remove the corresponding checkmarks.

Purposes, Types of Data, and Legal Bases

The use of cookies and similar technologies to process usage data on the above-mentioned website serves the following purposes:

Technically Necessary: These are cookies and other technologies that are essential for using our services (e.g., to display our services correctly, including language, font, and color; to provide the functions you request; to store your choices regarding cookies and other technologies, etc.).

The use of technically necessary cookies and similar technologies in the

“Technically Necessary” category is based on Section 25 (2) No. 2 of the German Telecommunications and Telemedia Data Protection Act (TDDDG).

Subsequent data processing is carried out on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR. Our legitimate interest arises from our aim to provide you with a functional and secure website.

Statistics: These technologies enable us to generate pseudonymous and, where applicable, cross-device statistics on the use of our services in order to tailor them to user needs. This provides us with information on how and how often our website is used. This allows us, for example, to determine how we can better tailor our website to users’ habits.

The use of cookies and similar technologies in the “Statistics” category is based on Section 25 (1) TDDDG. Subsequent data processing is carried out on the basis of your consent pursuant to Article 6(1)(a) GDPR.

Depending on the intended purpose, the following types of personal data are processed and the following cookies and tracking technologies are used in particular:
- Pseudonymized usage profiles containing information about the use of our websites. These include, in particular:
  - Browser type/version,
  - operating system used,
  - referrer URL (the previously visited page),
  - hostname of the accessing device (IP address),
  - time of the server request,
  - individual user ID, and
  - triggered events on the website (browsing behavior).
- The IP address is regularly anonymized, so that it is generally not possible to draw any conclusions about your identity.
- We combine the user ID with other data relating to you (e.g. name, email address, etc.) only with your separate explicit consent (see, for example, Section 6 of this Privacy Policy). The user ID alone does not allow us to identify you personally.
Marketing: This allows us and other controllers to show you and other users relevant advertising content on our services (websites/apps) and on third-party services (websites, apps, social media), based on the analysis of your pseudonymous usage behavior, and to measure the effectiveness of marketing activities. Your usage behavior may also be tracked across different websites, browsers, or devices using a user ID (unique identifier).

The use of cookies and similar technologies in the “Marketing” category is based on Section 25 (1) TDDDG. Subsequent data processing is carried out on the basis of your consent pursuant to Article 6(1)(a) GDPR.

Depending on the intended purpose, the following types of personal data are processed and the following cookies and tracking technologies are used in particular:
- Pseudonymized usage profiles containing information about the use of our websites. These include, in particular:
  - IP address,
  - individual user ID,
  - potential product interests,
  - triggered events on the website (browsing behavior). 
- The IP address is regularly anonymized, so that it is generally not possible to draw any conclusions about your identity.
- We combine the user ID with other data relating to you (e.g. name, email address, etc.) only with your separate explicit consent (see, for example, Section 6 of this Privacy Policy). The user ID alone does not allow us to identify you personally.

You may withdraw or adjust your consent at any time with effect for the future, without affecting the lawfulness of processing carried out based on your consent before its withdrawal. You can manage your preferences and make selections or opt out at the end of this notice in our cookie policy. To withdraw your consent for specific processing purposes, simply remove the corresponding checkmarks.

Recipients/Categories of Recipients

In certain cases, it may be necessary for us to disclose your personal data to additional recipients.

In exceptional cases, your personal data may be accessible to IT service providers and online marketing providers, depending on the relevant cookie category.

Transfer to Recipients in a Non-EU Country

In certain cases, it may be necessary for us to transfer your personal data (depending on the relevant cookie category) to IT and marketing service providers located in one or more countries outside the European Union (EU)/European Economic Area (EEA).

The European Commission has determined that certain non-EU countries provide a level of data protection comparable to the GDPR through an adequacy decision. An overview of non-EU countries with an adequacy decision can be found here.

For service providers based in the United States, this applies only if the data transfer is based on the EU-U.S. Data Privacy Framework of July 10, 2023 (DPF).

For this data processing, some recipients are located in a non-EU country with an adequacy decision or are subject to the DPF, where the respective recipient is based in the United States.

Retention Period/Criteria for Determining the Retention Period

The retention periods for cookies can be found in our cookie policy at the end of this notice.

Where the “Expiration” column indicates “persistent,” the cookie will be stored permanently until the corresponding consent is withdrawn.

Where the “Expiration” column indicates “Session” or “Sitzung,” the cookie is stored for the duration of your visit to the website. As soon as you end the session or close your browser, the locally stored cookies are deleted.

2.3 Consent Management

Purposes and Legal Bases

We use a consent management tool on this website to manage your consent in regard to the use of cookies and similar technologies.

To the extent that we use technically necessary cookies and similar technologies in connection with the implementation of the tool, this is done in accordance with Section 25 (2) No. 2 TDDDG. Subsequent data processing is carried out on the basis of Article 6(1)(f) GDPR for the purpose of, and in our legitimate interest in, using cookies and similar technologies on our websites in compliance with data protection law and enabling you to easily withdraw your consent.

If you give consent via our consent banner, we process the following data:

IP address of the device,
date and time of access,
name and URL of the requested file,
date and time of consent,
a pseudonymous, random, and encrypted consent key (consent ID),
your consent status, which serves as proof of your consent.

This allows our website to verify your consent status during all subsequent and future visits and to activate or deactivate the use of cookies and similar technologies in accordance with your decision.

The verification is carried out by comparing the consent ID and consent status from the “OptanonConsent” cookie with the values transmitted to the consent management tool when you gave your consent, in order to ensure that the status of your original consent has not changed.

Transfer to Recipients in Non-EU Countries

The processed data is accessible to OneTrust Technology Limited, 82 St. John Street, London, United Kingdom, as we use OneTrust Technology Limited as a service provider for our consent management.

The United Kingdom is considered a non-EU country with an adequacy decision.

Retention Period/Criteria for Determining the Retention Period

Your consent ID and consent status are stored both locally in the browser of your device in the “OptanonConsent” cookie and on the servers of the service provider used for the consent management tool for a period of twelve months.

2.4 Use of Google Analytics

Purposes and Legal Bases

We use the web analytics service Google Analytics to analyze user access to our website. The legal basis for this data processing is your consent pursuant to Article 6(1)(a) GDPR (for the data processing) and Section 25(1) TDDDG (for the use of cookies and similar technologies).

Data collected during your use of our website is used for user navigation, statistical analysis, and to tailor our website to your needs. The data involved includes the following:

IP address of the device,
date and time of access,
name and URL of the requested file,
the browser you are using and, if applicable, the operating system of your device.

Google Analytics 4 largely operates without setting traditional cookies and instead analyzes your behavior on our website. The IP address processed is automatically truncated, so that direct identification is not possible.

Further information about data processing when using Google Analytics is available here: https://business.safety.google/privacy/.

Recipients/Categories of Recipients

In certain cases, it may be necessary for us to disclose your personal data to additional recipients.

The use of Google Analytics involves the transfer of the above-mentioned data to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Retention Period/Criteria for Determining the Retention Period

User data collected via Google Analytics is generally deleted after 14 months.

3. Tailwind Shipping Booking Portal

Via our website, you have the option to access the Tailwind Shipping booking portal. When you access the portal, your personal data may be processed in a manner that differs from this privacy notice. Privacy Policy for www.tailwind-ahead.comThis privacy notice applies only to www.tailwind-ahead.com. Please note the separate privacy notice in the booking portal.

4. Our Social Media Pages

The website operator for the following network pages

LinkedIn: https://www.linkedin.com/company/93601218

is

Tailwind Shipping Lines GmbH & Co. KG
Neue Burg 2
20457 Hamburg, Germany

Email: contact@tailwind-shipping.com

Controllers

Responsibility for data processing on the networks listed is shared in part by us, Tailwind Shipping Lines GmbH & Co. KG, and in part by the respective operators of the network platforms.

For certain processing activities, we and the platform operators also act as joint controllers within the meaning of Article 26 GDPR.

We have an agreement on joint controllership with LinkedIn pursuant to Article 26 GDPR.

For the web tracking methods used by the platform operator, the platform operators and we act as joint controllers. Web tracking may also take place regardless of whether you are logged in to or registered with the platform. As explained above, unfortunately we have little influence over the platform’s web tracking methods. For example, we cannot disable it.

The legal basis for the web tracking methods is your consent under Article 6(1)(a) GDPR.

You can find further information about the recipients or categories of recipients, as well as the retention period or the criteria used to determine the retention period, in the platform operator’s privacy policy linked below. We have no influence over it.

You can find information on how to exercise your rights to prevent these web tracking methods or to withdraw your consent in the platform operator’s privacy policy linked below. You can also contact the platform operators using the contact details provided in the respective legal notice.

With regard to statistics that the platform provider makes available to us, we can influence them only to a limited extent and cannot prevent them entirely. However, we make sure that no additional optional statistics are made available to us.

Please also note that the platform provider uses your profile and behavior data in accordance with its terms of use and privacy policy to analyze your habits, personal relationships, preferences, and similar information. Lidl has no influence over the platform provider’s processing or disclosure of your data.

We have only limited influence over the data processing carried out by the platform operators (for example, administration of members and the information shared). Where we can exert influence and configure the data processing, we work, within the scope of the options available to us, to ensure that the platform operator handles data in a privacy-compliant manner. In many areas, however, we cannot influence the platform operator’s data processing and also do not know exactly which data it processes.

The platform operator runs the entire IT infrastructure for the service, maintains its own privacy policies, and has its own user relationship with you (if you are a registered user of the social network). In addition, the operator alone is responsible for all questions regarding the data in your user profile, which we as a company do not have access to.

You can find more information about data processing by the platform provider and additional options to object in the provider’s privacy notice:

LinkedIn: Privacy Policy

As part of your use of the platform, your personal data is generally also processed by the platform operator on servers in non-EU countries, in particular in the United States and the United Kingdom.

Purposes of Our Data Processing and Legal Bases

The purpose of our data processing on our pages is to inform customers about offers, products, services, subject matter, company news, and to interact with visitors to our profiles on these topics, as well as to respond to related inquiries and positive or negative feedback.

We only reserve the right to delete content if this should be necessary. If applicable, we share your content on our page if this is a function of the platform, and we communicate with you via the platform. The legal basis is Article 6(1)(f) GDPR. The data processing is carried out in the interest of our public relations and communications.

The operator has no ability to influence our processing of your data as part of our communications.

As explained above, where the platform provider gives us the option, we ensure that our pages are designed to be as privacy-compliant as possible.

Recipients/Categories of Recipients

The data you enter on our pages, such as comments, videos, images, likes, public messages, and similar content, is published by the platform for this purpose and is not used or processed by us at any time for any other purposes. We only reserve the right to delete unlawful content if this should be necessary. This may be the case, for example, with infringing or unlawful posts, hate comments, suggestive comments (explicit sexual content), or attachments (for example, images or videos) that may violate copyright, personal rights, criminal laws, or Tailwind’s ethical principles.

If applicable, we share your content on our page if this is a function of the platform, and we communicate via the social networks. If you submit an inquiry to us on the platform, we may, depending on the response required, refer you to other secure communication channels that ensure confidentiality. Contact via private messages (“direct messaging”) is disabled on our LinkedIn profile.

You always have the option to send us confidential inquiries to the address listed under Section 1 or in the legal notice.

Retention Period/Criteria for Determining the Retention Period

All public posts you make on our LinkedIn profile page remain in the timeline for an unlimited period unless we delete them due to an update to the underlying topic, a legal violation, or a violation of our guidelines, or you delete the post yourself.

We have no ability to influence the platform operator’s deletion of your data. The privacy policies of the respective operator therefore also apply.

5. Communication by Email/Mail/Telephone

Purposes and Legal Bases

We process personal data that you provide to us as part of your inquiry by email, mail or telephone solely for the purpose of handling your inquiry.

The legal basis for this data processing in the context of initiating or performing a contract is Article 6(1) sentence 1(b) GDPR.

Otherwise, our data processing in connection with your communications with us is based on Article 6(1) sentence 1(f) GDPR. Our legitimate interest arises from the aim of answering your inquiry and promoting satisfaction with our services.

Recipients/Categories of Recipients/Transfer to Recipients in Non-EU Countries

Depending on the content, processing your inquiry may require us to transfer your personal data to additional recipients, in particular in the transport sector.

Depending on where the recipient is located, your data may be transferred to recipients outside the European Union or the European Economic Area.

Retention Period/Criteria for Determining the Retention Period

We store personal data that you provide to us in the context of initiating or performing a contract for up to twelve years due to statutory retention obligations.

If legal claims are asserted, after your inquiry is closed we store your data for three years, beginning at the end of the calendar year, as evidence that we have fulfilled any potential legal claims.

6. Obligation to provide your data

Unless stated otherwise above, you are neither contractually nor legally required to provide us with personal data.

However, some data is processed for technical reasons as soon as you use our website and the related services. If you no longer wish to provide the data, this is only possible by no longer using our website or the relevant services.

To the extent that personal data is required to handle an inquiry from you, to enter into a possible contract, or for other services we provide, we may also be unable to process your inquiry, enter into a contract with you, or provide other services if you do not provide this data.

7. Your Data Subject Rights

If data processing is carried out on the basis of consent under Article 6(1) sentence 1(a) or Article 9(2)(a) GDPR, you can withdraw your consent at any time with effect for the future, without affecting the lawfulness of processing carried out up to that point.

You have the right, upon request, to obtain information free of charge about the personal data stored about you pursuant to Article 15(1) GDPR.

In addition, if the statutory requirements are met, you have the right to rectification (Article 16 GDPR), erasure (Article 17 GDPR), and restriction of processing (Article 18 GDPR) of your personal data.

If you have provided the processed data yourself, you have the right to data portability under Article 20 GDPR.

If data processing is carried out on the basis of Article 6(1) sentence 1(e) or (f) GDPR, you have the right to object under Article 21 GDPR. If you object to data processing, it will be continued only if we can demonstrate compelling legitimate grounds for the further processing that override your interest in objecting.

To exercise your data subject rights, if you have any unanswered questions, or if you wish to file a complaint, please contact the data protection officer in writing or by email. You also have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority is the data protection supervisory authority of the German or Austrian federal state in which you reside or in which the controller has its registered office.

8. Contacting the Data Protection Officer

If you have further questions about the processing of your data or about exercising your rights, you can contact the responsible data protection officer:

Tailwind Shipping Lines GmbH & Co. KG
Data Protection Officer
Neue Burg 2
20457 Hamburg, Germany

Email: datenschutz@tailwind-shipping.com