Privacy policy of CK Internationale Zollagentur GmbH. Information on the processing of personal data pursuant to Art. 13 and 14 GDPR. Last updated May 2026.
1. Controller within the meaning of the GDPR
Responsible for the processing of personal data on this website: CK Internationale Zollagentur GmbH Albert-Einstein-Str. 1 46446 Emmerich am Rhein Germany Represented by: Cem Keleş, Managing Director Phone: +49 2828 9039920 Email: info@zollagentur.gmbh For data protection enquiries, please contact us at the address above or by email at info@zollagentur.gmbh. An internal data protection officer pursuant to § 38 of the German Federal Data Protection Act (BDSG) is not required, as the legal threshold (generally 20 persons permanently employed in automated processing) is not reached.
2. General notes on data processing
We process personal data of our users only insofar as this is necessary to provide a functional website and our content and services. Processing regularly only takes place after the user has given their consent or on one of the legal bases mentioned in Art. 6 (1) GDPR. Our website is a statically rendered Astro application. We do not use tracking cookies, Google Analytics, Google Tag Manager, the Meta pixel, advertising pixels, or analytics scripts. External fonts are not embedded — all fonts are delivered locally from our server.
3. Server log files when visiting the website
When you access our website, your browser automatically sends information to the server of our hosting provider. This information is temporarily stored in a log file. The following information is collected without your intervention: · IP address of the requesting computer · Date and time of access · Name and URL of the requested file · Website from which access is made (referrer URL) · Browser used, operating system and host name of the accessing computer · Volume of data transferred and HTTP status code Legal basis: Art. 6 (1) (f) GDPR (legitimate interest · secure and stable operation of the website, defense against attacks). Storage period: Server logs are anonymised or deleted at our hosting provider ALL-INKL.COM after a maximum of 7 days. A merger with other data sources does not take place.
4. Contact forms and callback requests
Our website provides forms in four languages (German, English, Turkish, French) through which you can send us a contact or callback request. We process the following data depending on the form: · Mandatory contact form fields: First and last name, data protection consent, and one of two reachability indications (email address or phone number). · Mandatory callback form fields: Last name, phone number, data protection consent. · Optional fields: Company, selected service, preferred contact method, preferred reachability (morning / midday / afternoon), free-text message. Processing purposes and legal bases: · Processing your enquiry and any follow-up communication, in particular to prepare an initial conversation and to create an offer — Art. 6 (1) (b) GDPR for contract-related enquiries, otherwise Art. 6 (1) (f) GDPR (legitimate interest in answering customer enquiries). · Optional: Sending an automatic confirmation of receipt to your email address (only if a valid email address is provided). Secure transmission: Form transmission takes place encrypted via TLS 1.3 (HTTPS). The data is processed by a self-operated PHP script on the servers of our hosting provider ALL-INKL.COM. Notifications are sent to our inbox via the All-Inkl-hosted email account website@zollagentur.gmbh. To protect against automated submissions, we use an invisible honeypot field and an origin check of the sender. No cookies are set in the process. IP pseudonymisation: We do NOT store your IP address in plain text in connection with your enquiry. Instead, we generate a cryptographic SHA-256 hash from the IP address, the current date and a daily rotating secret, and store only the first 16 hexadecimal characters of this hash. Reverse calculation to the original IP address is no longer technically possible after the daily salt is rotated. Storage period of enquiries: We store enquiries in a monthly rotating, server-side access-protected file (JSONL) in the directory `/_leads/` of our hosting provider. Access to this file is prevented via Apache configuration (Deny from all) and is additionally only viewable through a password-protected administration area (HTTP Basic Auth) by authorised persons. Enquiries are deleted as soon as storage is no longer necessary to achieve the purpose. If no contractual relationship is established, we delete the data after a maximum of 24 months without further contact. In the case of a contract conclusion, the statutory retention periods apply (in particular § 257 of the German Commercial Code and § 147 of the German Tax Code · up to 10 years for commercial business letters).
5. Recipients of personal data · Processors
5.1 Hosting, web server and email traffic (All-Inkl) Our website is hosted by ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. All website data and the email mailbox website@zollagentur.gmbh are located on servers in Germany. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with ALL-INKL.COM. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in reliable and secure provision) or Art. 6 (1) (b) GDPR (pre-contractual measures). Further information: all-inkl.com/datenschutzinformationen/. 5.2 Fonts (local hosting) Our fonts are delivered locally from our server. There is no data transfer to Google Fonts or other CDN services. 5.3 Google Maps (contact page only) On our contact page (/en/contact/) we embed a Google Maps map as an iFrame. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When the contact page is accessed, data is transmitted to Google (including IP address, browser data, referrer URL). Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a user-friendly map display). Third-country transfer: data transmission to the USA is possible, secured by the EU-US Data Privacy Framework (Adequacy Decision C(2023) 4745 of 10.07.2023) and supplementary standard contractual clauses. Further information: policies.google.com/privacy. 5.4 Disclosure to authorities Disclosure to authorities only takes place insofar as required by law (e.g. to law enforcement authorities in the case of concrete suspicion).
6. Cookies
We do not set any cookies on this website. This includes both technically necessary cookies (e.g. for login or language settings — our language selection is URL-based without a cookie) and analytics or marketing cookies. Only when the Google Maps iFrame on the contact page is loaded may Google set its own cookies; see section 5.3 and policies.google.com/technologies/cookies.
7. Web analytics and tracking
We do NOT use any web analytics, tracking or advertising tools on this website. In particular, no Google Analytics, no Google Tag Manager, no Google Ads conversion tracking, no Meta pixel, no TikTok pixel, no Hotjar, no Microsoft Clarity, no A/B testing tool and no heatmap tool are used.
8. Social media links
In the footer and on the contact page, we link to our profiles on LinkedIn and Instagram (as well as to the Google business listing). These are exclusively clickable links — NO plugins or iFrames of the respective networks are loaded. Only when you actively click on a link do you leave our site and the data protection regulations of the respective network apply.
9. SSL/TLS encryption
For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of your browser changes from "http://" to "https://" and by the lock symbol in your browser bar. We use TLS 1.3 and enforce HTTPS via HTTP Strict Transport Security (HSTS, max-age = 1 year).
10. Your rights as a data subject
You have the following rights against us with regard to the personal data concerning you: · Right of access (Art. 15 GDPR) · Right to rectification (Art. 16 GDPR) · Right to erasure (Art. 17 GDPR) · Right to restriction of processing (Art. 18 GDPR) · Right to data portability (Art. 20 GDPR) · Right to object (Art. 21 GDPR) · Right to withdraw consent granted with effect for the future (Art. 7 (3) GDPR) · Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) To exercise your rights, an informal message to info@zollagentur.gmbh or by post to the address mentioned under point 1 is sufficient.
11. Competent supervisory authority
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW) Kavalleriestraße 2-4 40213 Düsseldorf Germany Phone: +49 211/38424-0 Email: poststelle@ldi.nrw.de Website: www.ldi.nrw.de
12. Overview of storage periods
The most important storage periods at a glance: · Server log files (hosting provider): maximum 7 days · Enquiries via contact and callback form: until your enquiry is completely processed, but no later than 24 months without follow-up contact · Contract and business correspondence: statutory retention periods according to § 257 of the German Commercial Code and § 147 of the German Tax Code (up to 10 years) · Pseudonymised IP hash linked to a lead: together with the corresponding enquiry; not reverse-calculable after the daily salt has changed
13. Obligation to provide data
The provision of your personal data is neither legally nor contractually required. However, without provision of the necessary mandatory information, we cannot process your enquiry or can only process it to a limited extent.
14. Automated decision-making and profiling
We do not use any automated decision-making or profiling procedures within the meaning of Art. 22 GDPR.
15. Data transfer to third countries
Data is not transferred to countries outside the EU/EEA, with the exception of the Google Maps integration on the contact page described in section 5.3. This is secured by the EU-US Data Privacy Framework and supplementary standard contractual clauses.
16. Data security
We take appropriate technical and organisational measures to protect your data from unauthorised access, loss, falsification or destruction. These include in particular: TLS 1.3 encryption of all connections, HSTS pinning, X-Frame-Options DENY for the administration area, storage of the enquiry data in a directory protected by Apache Deny outside the standard web root, password-protected administration area via HTTP Basic Auth (password hashes outside the web root), regular security audits, IP pseudonymisation with a daily rotating salt, and ongoing review and optimisation of these measures.
17. Currency and amendment of this privacy policy
This privacy policy is currently valid and has the date stated above. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this privacy policy. The currently valid privacy policy can be viewed and saved on this page at any time.
Last updated: May 2026