Data Protection

General Information

We are pleased that you have visited our website, where we offer you personalised functionalities in addition to information about our company and our services. Transparency and integrity in the processing of your personal data is an important concern for us. When processing personal data, we comply with data protection regulations, in particular the EU General Data Protection Regulation (“DSGVO”) and the Federal Data Protection Act (“BDSG”).

In this data protection declaration, we explain to you what information (including personal data) is processed by us during your visit to and use of our aforementioned Internet offering on our website and its subpages (“website”) and what rights you are entitled to with regard to your personal data.

The data protection controller for the processing of personal data is:

CB Customs Broker GmbH
Fasanenweg 4
65451 Kelsterbach

(also referred to as “CB Customs Broker”, “we” or “us” in the context of this declaration).

Further information can be found in our imprint at

We have appointed the Group Data Protection Officer of the Lufthansa Group as our data protection officer. If you have any questions about the processing of your personal data, you can contact the data protection officer at any time by mail (Deutsche Lufthansa AG (DLH), FRA CJ/D, 60546 Frankfurt) or e-mail (

If you have any questions regarding data protection in connection with our website, the services and benefits offered, or if you wish to exercise your rights as a data subject, please contact us primarily at:

Data Protection
CB Customs Broker GmbH
Fasanenweg 4
65451 Kelsterbach

You are also welcome to contact us by e-mail at:

Please note that communication with us by e-mail is usually not encrypted.

a. Processing in the context of the provision and use of our website

Server log files

We collect and use personal data from you in the context of server log files to the extent necessary to enable you to use our website. The processing of any personal data contained in the server log files is carried out in order to enable you to use our website. This is done on the basis of Section 15 (1) of the German Telemedia Act (TMG) and on the basis of Article 6 (1) sentence 1 lit. f of the German Data Protection Act (DSGVO) to protect our legitimate interest in operating our website. The server log files include:

Name of the accessed website
date and time of the retrieval
amount of data/file transferred
Message about successful retrieval
browser type and version
the user’s operating system
Referrer URL (the previously visited page)
IP address and
the requesting provider

Log file information is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a period of 8 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.


We use cookies on our website to provide you with all the technical functions of the website and to collect statistics. Cookies are small text files that the website transfers to the cookie memory of your internet browser on the end device you are using and stores locally for later retrieval so that this can be recognised when you visit the website again. A cookie typically contains the name of the domain from which the cookie originates, the “lifetime” of the cookie and a unique identifier. Furthermore, the storage of necessary cookies in your browser or device is essential as per § 25 (2) No. 2 TTDSG to provide the requested website and its services.

Cookie Name Cookie Duration Purpose Data Collected
wp-wpml_current_language Session end The wp-wpml_current_language cookie stores the current language setting for users on the website, enabling a personalized multilingual experience. Selected language

To enable the use of certain cookies, you must consent to their use before visiting our website. Please note that it may not be possible to use all of the interactive features and functions of the website if certain cookies are blocked, deleted or refused.

Please note that when you delete all cookies from the cache of the browser you are using, any consent you may have given for cookies will also be deleted and may need to be consented to again when you return to the website.

Consent Management

The cookie consent management tool Borlabs from the provider “Borlabs” is used on our website. The purpose of the associated processing of data is the provision of a storable preference management for the use of cookies in the browsers of visitors to our website depending on the consent given in each case for or against cookies. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f. DSGVO.

In this context, two technically necessary cookies are set in your browser. The “borlabs cookie” does not process any personal data. The “borlabsCookie” cookie stores the preference you have selected when accessing and using our website. The cookie “borlabsCookieUnblockContent” stores which (external) media/content you always want to have automatically unblocked. If you wish to revoke these settings, simply delete the cookies in your browser. When you subsequently call up our website again, you will be asked again for your cookie preference.

b. Processing your data as a (prospective) customer


We collect, process and use personal data that is transmitted to us in connection with the retrieval of transport services or is deposited for the future facilitation of shipment processing (e.g. address data of customers). We process this personal data exclusively in relation to the shipment. The shipping customer is solely responsible for the lawful collection, processing and transmission as well as the correctness of the customer data. In the context of transport processing, it may be necessary for us to also transmit your personal data to our shipping partners.

If a contractual relationship is established between you and us, or if its content is to be developed or changed, we process the personal data that you enter in the order or registration form, or that you transmit to us in any other way (in particular required contact and address data).

Such a need to process personal data includes, but is not limited to, carrying out the necessary pre-contractual steps, answering your related questions, transmitting shipping and billing information and processing or providing customer feedback and support. The legal basis for this is the performance of pre-contractual measures or the fulfilment of a contract pursuant to Art. 6 para. 1 p. 1 lit. b DSGVO.

All mandatory data that we have to collect for the provision of our services are easily recognisable for you and are marked either with short notes or with an asterisk (*). You provide us with information not marked with an asterisk on a voluntary basis so that we can offer you a solution for your order or enquiry that is perfectly tailored to your needs.

Contact form (Contact us now)

If you would like to contact us, a contact form is available on our website which you can use to contact us electronically. The data entered in the form will be transmitted to us and stored. These data are:

E-mail address
Your message

In the course of sending the message, the IP address used by you will also be stored.

The data of the contact form are used exclusively for the purpose of establishing communication and serving your request(s). The legal basis for the processing of your contact request and its handling is Art. 6 para. 1 p.1 lit. b DSGVO, as well as Art. 6 para. 1 p.1 lit. f DSGVO.

Checking sanctions lists / no-fly lists

Due to our legitimate interests in the integrity and security of business processes, as well as compliance with legal requirements, we transmit your specified personal data to an external service provider for checking purposes. This service provider checks your data on our behalf, e.g. against relevant sanctions or no-fly lists. The legal basis for this transfer is Art. 6 para. 1 p. 1 lit. b, lit. c DSGVO.

Customer data within the time:matters Group

Due to internal processes, in particular for the execution of a concluded contract, we, or our customers themselves, also pass on the personal contract data of our customers to the following affiliated companies. The transfer depends on the company with which the customer has concluded a contract.

time:matters GmbH, Gutenbergstr. 6, 63263 Neu-Isenburg, Germany
time:matters Courier Terminals GmbH, Gate 26, Building 455d, Airportring, 60549 Frankfurt am Main, Germany
time:matters Austria GmbH, Air Cargo Center Obj. 262/8/3, 1300 Vienna Airport, Austria
time:matters Netherlands B.V., Beechavenue 30 – 50, 1119 PV Schiphol-Rijk, The Netherlands
time:matters (Asia Pacific) Pte Ltd, 390 Orchard Road, Palais Renaissance #08-01, 238871 Singapore, Singapore
time:matters (Shanghai) International Freight Forwarding Ltd, Huashan Road No. 1568, NanFung Tower, Room 1204, (Changning District), 200052 Shanghai, China
time:matters Americas, Inc, 1862 West Flagler Street, Miami, FL 33135, USA

The legal basis in this context is the performance of the contract within the scope of Art. 6 para. 1 sentence 1 lit. b DSGVO, as well as our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f. DSGVO. DSGVO.

c. Processing of your data in the context of applications for job vacancies

If you apply to us for job vacancies, your personal data will be stored by us as part of the application process. You can only submit your application for advertised positions via the Career Cockpit of Deutsche Lufthansa AG. This can be accessed at or

To participate in the application process, you need a user account, which you must create accordingly. The data protection declaration of Deutsche Lufthansa AG applies to the Career Cockpit at:, which you must confirm during registration and use.

The personal data entered will be managed exclusively within the framework of the Lufthansa Career Cockpit. The applicant data will only be stored by us in addition if an interview with us should take place. In this case, the applicant documents will be forwarded by our personnel department exclusively to the relevant departments and used within the framework of the further application and selection process.

In the event of a rejection, the applicant data will be stored for up to 6 months after notification by CB Customs Broker due to legal requirements and claims and deleted after this period has expired. Please note that Lufthansa’s privacy policy still applies here and that deletion periods may differ. The legal basis for the processing of your personal data as an applicant is Art. 88 DSGVO in conjunction with § 26 BDSG, as well as any additional declarations of consent given in the course of the application process within the meaning of Art. 6 para. 1 sentence 1 lit. a DSGVO.

Further information on frequently asked questions (FAQ) in the context of the application process at CB Customs Broker can be found at the following location:

Personal data is generally processed within our company. Depending on the type of personal data, only certain teams (organisational units) have access to personal data. These include, in particular, the teams involved in the provision of our digital offerings (e.g. websites) or the business processes presented and our IT department. Through a role and authorisation concept, access within our company is limited to those functions and to that extent which is necessary for the respective purpose of the processing.

We may also transfer personal data to third parties outside our company to the extent permitted by law. These external recipients may include in particular:

affiliated companies within the time:matters Group to whom we transfer personal data for internal administrative purposes and for the provision of central services (e.g. billing services);
those third parties we use to provide our services (such as the performance of transport and logistics services, loading and unloading of our freight and related services), insofar as the transfer is necessary for the performance of the contracts concluded with us, such as ground handling and customs service providers at the respective airports; the service providers engaged by us (e.g. our transport, IT, payment or, in some cases, ground handling service providers) who provide services for us on a separate contractual basis, which may also include the processing of personal data on our behalf, as well as the subcontractors of our service providers engaged with our consent. In the area of IT, these include in particular:
(Web) hosting service providers
Software-as-a-Service (SaaS) service providers
Email delivery service providers
Verification service providers for identity verification
Non-public and public bodies (e.g. airports, customs, police, etc.), insofar as we are obliged to transmit personal data due to legal obligations,
recipients of a shipment that we deliver for one of our business partners; in individual cases, this may also include personal data about you, insofar as you are named as a contact person in the transmitted shipment data;
other contacts within your organisation if they are also registered to use our services; in this case, all contacts within a business partner’s organisation may be able to access information on all business transactions of this business partner (including information on your involvement in such a business transaction) via the services;

Furthermore, we may transmit further data to third parties in the context of the use of cookies and tracking functions on our website.

If we process data in a third country, i.e. outside the European Union (EU) or the European Economic Area (EEA), or if this occurs in the context of the use of third-party services or the transfer of data to third parties, this only takes place if it is necessary for the fulfilment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.

Subject to legal or contractual permissions, we will only transfer personal data to a third country if the special requirements of Art. 44 ff. DSGVO. Insofar as these transfers are not based on a legal basis or take place in a country for which there is no adequacy decision issued by the EU Commission, we use the EU standard contractual clauses.

In connection with the operation of our website, we generally do not use automated decision-making (including profiling) within the meaning of Art. 22 DSGVO. If we use such procedures in individual cases, we will inform you separately to the extent provided for by law.

a. Right of objection

In accordance with Art. 21 DSGVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) sentence 1 lit. e or lit. f DSGVO. This also applies to profiling based on these provisions. In the event of such an objection, we will no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct advertising. If you object to the processing for direct marketing purposes, the personal data concerned will no longer be processed for these purposes.

b. Withdrawal of consent

If you have given us consent to process your personal data, we hereby inform you that you can revoke this consent at any time. This can be done, for example, by clicking on the corresponding link in each of our newsletters or in our e-mails or by notifying us accordingly by post, fax or e-mail via one of the contact channels mentioned above in this privacy policy. In all other cases, or if you have any problems revoking your consent, you are also welcome to contact CB Customs Broker’s data protection department via the contact channels listed above.

Please note that the consent you revoke will only have effect for the future and will not affect the lawfulness of processing in the past. In some cases, despite your withdrawal, we may be entitled to continue processing your personal data on another legal basis, such as for the performance of a contract.

c. Further rights

As a data subject, you also have the right to

To obtain confirmation as to whether personal data concerning you is being processed and, if so, to obtain information about that data, the purposes for which it is being used and further information in accordance with Article 15 of the GDPR (right of access);

to correct any inaccurate data concerning you. In the light of the circumstances, you also have the right to request that incomplete personal data concerning you be completed, including by means of a supplementary declaration, in accordance with Article 16 of the GDPR (right to rectification);
request that personal data concerning you be deleted in accordance with Article 17 of the GDPR (right to erasure);
to request the restriction of processing pursuant to Art. 17 DSGVO (right to restriction of processing);
to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format and to transfer this data to another controller in accordance with Art. 20 of the GDPR (right to data portability);

To exercise these rights, you are welcome to contact us at any time by post (Data Protection, time:matters GmbH, Gutenbergstr. 6, 63263 Neu-Isenburg) or by e-mail (

Please note that in order to exercise your rights and to ensure data protection, we must identify you in each case and, in the event that we are unable to identify you (unambiguously), we may have queries about your request. Despite our efforts, the processing of your rights is not possible without a minimum of certain information about you. For identification purposes, we therefore ask you to provide the following minimum information:

Name, first name
Postal address
E-mail address
and optionally customer or booking number

When communicating via the Internet (e.g. by e-mail), complete confidentiality and data security cannot always be guaranteed. We therefore recommend that you use the postal service for confidential information.

d. Competent supervisory authority

As a data subject, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

The competent supervisory authority for CB Customs Broker is:

The Hessian Commissioner for Data Protection and Freedom of Information (HBDI).

PO Box 3163
65021 Wiesbaden
Gustav-Stresemann-Ring 1
64189 Wiesbaden

Telephone: +49 (0)611 1408-0
Fax: +49 (0)611 1408-900/901


Further information and contact details can be found here:

A list of the supervisory authorities of other federal states and their contact details can be found here:

We reserve the right to update this privacy policy from time to time to reflect changes in the law or changes to the functionality of our website. On this occasion, the date of the last update at the end of the privacy policy will also be adjusted accordingly. We therefore recommend that you read the data protection declaration regularly to ensure that you are always kept up to date.

Kelsterbach, December 2023