Data protection

CB Customs Broker GmbH

CB Customs Broker GmbH » Data protection

General information

Thank you for visiting our website, where we offer you personalized functionalities in addition to information about our company and our services. Transparency and integrity while processing your personal data is very important to us. When processing personal data, we obey the data protection regulations, in particular the General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”).

In this data protection information we explain to you what information (including personal data) is processed by us during your visit on and use of our website and its subpages (“website”) and what rights you are granted with regard to your personal data.

The controller for the processing of personal data is:

CB Customs Broker GmbH
Fasanenweg 4
65451 Kelsterbach

(also referred to as “Customs Broker” “we” or “us” in this Privacy Policy)

For further information, please refer to our Legal Notice

We have appointed the Lufthansa Group Data Protection Officer as our Data Protection Officer. If you have any questions regarding the processing of your personal data, you can contact the Data Protection Officer at any time by postal mail (Lufthansa AG (DLH), FRA CJ/D, 60546 Frankfurt) or via  e-mail (

If you have questions on data protection regarding our website(s) or the services offered, please contact:

time:matters GmbH
Data Protection
Gutenbergstr. 6
63263 Neu-Isenburg

or via e-mail:

Please keep in mind that communication by e-mail are not encrypted.

a.     Processing within the usage of our website

Server Logfiles

We collect and use personal data within server logfiles, as far as this is necessary to enable the usage of our website. Any personal data contained in the server logfiles is processed to enable you to use our websites services. This legal basis to do so is on Sect. 15 para. 1 TMG and Art. 6 para. 1 sent. 1 lit. f GDPR to protect our legitimate interest in the operation of our website. The server logfiles include:

  • Name of the website accessed
  • Date and time of access
  • Transferred data volume/file
  • Notification of successful access
  • Browser type and version
  • User’s operating system
  • Referrer URL (the last page visited)
  • IP address
  • Requesting provider

Logfiles are stored for eight days because of security reasons (e.g. to investigate misuse or fraud) and will be erased afterwards. Data which must be kept for longer for evidential purposes are excluded from erasure until final clarification of the respective incident.


We use cookies on our website so that we can provide you with all of the technical features of the website and to collect statistics. Cookies are small text files that are transferred by the website to the cookie file of the browser on the user’s device and are kept locally for later retrieval. so that the user can be recognized when he visits the website again. A cookie typically contains the name of the domain from which the cookie originates, the lifetime of the cookie and a unique identifier. The legal basis for the use of technically necessary cookies is the legitimate interest according to Art. 6 para. 1 sent. 1 lit. f. GDPR, in all other cases the legal basis is the consent that you may have given pursuant to Art. 6 para. 1 sent. 1 lit. a GDPR.

To enable the use of certain cookies, you must agree to their use before visiting our website. Please note that it may not be possible to use all of the interactive features and functions of the website if certain cookies are blocked, deleted or rejected.

Please keep in mind that with the complete deletion of all cookies from the cache of the browser you are using, any consent you may have given for cookies will also be deleted and may have to be re-approved when you access to the website again.

Consent Management

On our website, the cookie Consent-Management-Tool Borlabs of the service provider “Borlabs” is being used. The purpose of the data processing is to provide a preference management for the usage of cookies in the users browser, depending on the consent given. The legal basis to do so is our legitimate interest in accordance with Art. 6 para. 1 sent. 1 lit. f. GDPR.

Because of this, two technically necessary cookies are being set in your browser. The cookie “Borlabs Cookie” does not process personal data. The cookie “borlabsCookie” stores the preference you have selected when you use our website. The cookie “borlabsCookieUnblockContent” stores which (external) media/content you would always like to have automatically unblocked . If you wish to revoke these settings, simply delete the cookies in your browser. You will be asked for your cookie preference again when revisiting our website.

Google Services

We use various Google services from Google LLC (“Google”) to analyze and optimize our website. This processing only takes place with your consent as the legal basis in accordance with Art. 6 para. 1 sent. 1 lit. a GDPR, which you provide when you visit our website. Please note that by deleting your browser cache, your consent is also deleted and will be requested again when you visit our website again. The following Google services are used on our website:

Google Analytics

This website uses Google Analytics, a web analysis service from Google. Google uses cookies for this service. The information generated by the cookie about your use of this website is transferred to a Google server in the USA and stored there.
We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users. The IP address transmitted by the user’s browser is not merged with other data from Google.

Google Tag Manager

This website also uses the Google Tag Manager. This allows us to track the user’s interactions with our website, such as counting the number of clicks on our buttons or links. This service is a cookie-less domain and no personal data is collected. However, other services may collect personal information in association with the Google Tag Manager, such as Google Analytics.

More information on how Google uses data and the various settings and opt-outs is available on the Google websites.

How Google uses data when you use our partners’ sites or apps:


Control the information Google uses to show you ads:

b.     Processing of your data as a (future) customer

We process and use personal data that is transmitted to us in connection with the request for transport services or to make it easier to handle future shipments (e.g. address data of customers). We process this personal data exclusively in relation to the shipment. The shipping customer is fully responsible for the accuracy of the transmitted data. In the context of of shipment processing, it may be necessary for us to transfer personal data on to our shipping partners.

If a contractual relationship is established between us, or if it is changed, we will process the personal data that you enter in the order or registration form, or that you transmit to us in any other way (in particular required contact and address data).

Such need to process personal data includes, but is not limited to, performing the necessary pre-contractual steps, answering your questions related, providing shipping and billing information, and processing or providing customer feedback and support. The legal basis for this is the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract in accordance with Art. 6 para. 1 sent. 1 lit. b GDPR.

All mandatory information which we must collect to provide our services can be identified by brief notes or an asterisk (*). Non-required information is provided by you voluntarily so that we can offer you a solution for your assignment or request that is perfectly customized to your needs.

Contact form (Contact us now)

If you would like to get in touch with us, we have a contact form available on our website, which you can use to contact us electronically. The data entered in our form will be transmitted to us and will be stored. These data are:

  • name
  • e-mail address
  • subject of the e-mail
  • your message

When you send the message, the IP address used by you will also be saved. The data of the contact form will be used exclusively for the purpose of the communication initiated by you. The legal basis for the processing of your personal data is Art. 6 para. 1 sent. 1 lit. b GDPR, as well as, Art. 6 para. 6 sent. 1 lit. f. GDPR.

Check sanction lists / no-fly lists

Due to our legitimate interest in the integrity and security of business processes, as well as in compliance with legal regulations, we transfer your personal data to an external service provider for control purposes. This service provider checks your data on our behalf, e.g. against relevant sanction or no-fly lists. The legal basis for this transmission is Art. 6 para. 1 sent. 1 lit. b, lit. c GDPR.

Customer data within the time:matters Group

Based on internal processes, especially for the performance of contracts, we or our customers themselves share personal data of our customers with the following contractually bound companies. The data transfer depends on the company with which the customer has concluded a contract.

  1. time:matters GmbH, Gutenbergstraße 6, 63262 Neu-Isenburg, Germany
  2. time:matters Courier Terminals GmbH, Tor 26, Gebäude 455d, Airportring, 60549 Frankfurt am Main, Germany
  3. time:matters Austria GmbH, Air Cargo Center Obj. 262/8/3, 1300 Vienna Airport, Austria
  4. time:matters Netherlands B.V., Beechavenue 30 – 50, 1119 PV Schiphol-Rijk, Netherlands
  5. time:matters (Asia Pacific) Pte Ltd., 390 Orchard Road, Palais Renaissance #08-01, 238871 Singapore
  6. time:matters (Shanghai) International Freight Forwarding Ltd., Huashan Road No. 1568, NanFung Tower, Room 1204, (Changning District), 200052 Shanghai, China
  7. time:matters Americas, Inc., 1862 West Flagler Street, Miami, FL 33135, USA

The legal basis in this context are the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract according to Art. 6 para. 1 sent. 1 lit. b GDPR, as well as our legitimate interests according to Art. 6 para. 1 sent. 1 lit. f. GDPR.

c.     Processing of your data when applying for a job

If you apply to one our job offers, your personal data will be stored by us as part of the application process. You can only submit your application for open jobs via the career cockpit of Deutsche Lufthansa AG. This can be accessed via or via

To participate in the application process, you need a user account, which you have to create accordingly. For the career cockpit the data protection information of the Deutsche Lufthansa AG is applicable, which you read here: During the registration you will have to accept the data protection information.

The personal data entered is managed exclusively within the framework of the Lufthansa Career Cockpit. The applicant’s data will only be stored additionally if an interview with us should take place. In this case, the applicant’s documents will be forwarded by our HR department exclusively to the relevant departments and used in the context of the application and selection process.

In the case an applicant should be rejected, the applicant’s data will be stored for up to 6 months after notification from Customs Broker due to legal requirements and claims and will be deleted after this period. Please note that the Lufthansa data protection declaration still applies, and deletion periods may be different. The legal basis for the processing of your personal data as an applicant is Art. 88 GDPR in connection with Sect. 26 BDSG, as well as any additional declarations of consent during the application procedure in the sense of Art. 6 para. 1 sent. 1 lit. a GDPR.

Further information on frequently asked questions (FAQ) during the application process of Customs Broker, can be found at the following place:

In general, personal data is being processed within our company. Only specific departments/organizational units can access personal data, depending on its nature. They include in particular the specialist departments tasked with providing our digital offerings (e.g. Websites) or the described business processes, and our IT department. A role and authorization concept restricts access at our company to the functions and the scope required for the purpose for which the data is processed.

We may also transfer personal data to third parties outside our company to the extent permitted by law. In particular, these external recipients may include

  • affiliated companies in the Lufthansa Group to which we transfer personal data for internal administrative purposes and for the performance of central services (e.g. billing services);
  • those third parties we use to provide our services (e.g. to carry out flights or load and unload cargo), insofar as the transfer is necessary to fulfil the contracts concluded with us, such as ground handling service providers at the airports we operate;
  • service providers whom we have engaged (e.g. our transport-, IT-, or payment service providers etc. or partly also our ground handling service providers) and who, on the basis of a separate contractual agreement, provide us with services that may also involve processing personal data, as well as the subcontractors our service providers engage with our consent. Within information technology, this includes in particular:
  • (Web-) hosting service provider
  • Software-as-a-Service (SaaS) service provider
  • E-mail / Mailing service provider
  • Verification service provider for identity check
  • non-public and public bodies (e.g. airports, customs or police authorities, etc.), where we are obliged to transfer your personal data due to legal obligations,
  • recipients of a consignment we deliver for one of our business partners; the consignments may also contain personal data from you in individual cases if you have been named as the contact person in the provided consignment data;
  • other contact persons at your organization if they are likewise registered to use our services; in this case, all contact persons within the organization of a business partner may be able to access details of all business transactions of that business partner (including information on your involvement in such a business transaction) using the services;
  • furthermore, we may transfer further data to third parties within the scope of the use of cookies and tracking functions on our website.

If we process data in a third country, i.e. outside the European Union (EU) or the European Economic Area (EEA), or if this is done in connection with the use of third-party services or the transfer of data to third parties, this is only done if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests.

Subject to legal or contractual permissions, we only transfer personal data to a third country if the special requirements of Art. 44 ff. GDPR. As far as these transmissions are not based on a legal basis or are made to a country for which no adequacy decision issued by the EU Commission exists, we use the EU standard contractual clauses.

a.     Right to object

As a data subject you have the right to object according to Art. 21 GDPR, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on Art. 6 para. 1 sent. 1 lit. e or lit. f  GDPR including profiling based on those provisions. In the event of such an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds to further process the personal data, outweighing your interests, rights and freedoms, or the processing is used for effective exercise or defense of legal rights.

In case we process your personal data for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object processing for direct marketing purposes, the relevant personal data will no longer be processed for these purposes.

b.      Withdrawal of consent

If you have given us your consent to process your personal data, we hereby inform you that you can withdraw this consent at any time, e.g. by clicking on the corresponding link in each of our newsletters or in our e-mailings or by sending us a corresponding message by post, fax or e-mail via one of the contact channels mentioned above of this data protection declaration. In all other cases or if you have problems to withdraw your consent, you can also contact our Data Protection Office at time:matters, also mentioned above.

Please note that the consent you have withdrawn will only have effect for the future and has no influence on the lawfulness of processing based on consent before its withdrawal. In some cases, despite your withdrawal, we are entitled to process your personal data on a different legal basis – for example, to fulfil a contract.

c.     Additional rights

As an affected person, you also have the right to

  • obtain confirmation as to whether personal data relating to you are being processed and, if so, to obtain information about such data, the purposes for which they are being used and other information in accordance with Art. 15 GDPR (Right of access);
  • demand the rectification of incorrect data concerning to you. You also have the right, considering the circumstances, to request the completion of incomplete personal data concerning you, also by means of a supplementary statement, in accordance with Art. 16 GDPR (right to rectification);
  • request that personal data concerning you be erased in accordance with Art. 17 GDPR (right to erasure);
  • demand the restriction of processing in accordance with Art. 18 GDPR (right to restriction of processing);
  • to receive the personal data concerning you, which you have made available to us, in a structured, common and machine-readable format and to transmit this data to another controller in accordance with Art. 20 GDPR (right to data portability).

To exercise these rights, please contact us at any time by mail (Data Protection, time:matters GmbH, Gutenbergstr. 6, 63263 Neu-Isenburg) or by e-mail (

Please note that in order to exercise your rights and to ensure data protection, we must identify you in each case and, if we cannot (clearly) identify you, we may have questions about your request. Despite our efforts, it is not possible to process your rights without a minimum of certain information about you. For identification purposes we therefore ask you to provide the following minimum information:

  • Name, first name
  • postal address
  • e-mail address
  • and optionally customer or booking number

When communicating over the Internet (e.g. by e-mail), complete confidentiality and data security cannot always be guaranteed. We therefore recommend that you use the postal service for confidential information.

d.     Relevant Supervisory Authority

As a data subject, according to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of suspected infringement, if you believe that the processing of personal data concerning you violates the GDPR.

For Customs Broker the relevant supervisory authority is:

The Officer for Data Protection and Freedom of Information of the State of Hesse

Postfach 3163
65021 Wiesbaden

Gustav-Stresemann-Ring 1
64189 Wiesbaden

phone number: +49 (0)611 1408-0
fax number: +49 (0)611 1408-900/901

More information and contact data can be found here:

A list of the supervisory authorities of other federal states and their contact details can be found here:

We reserve the right to update these data privacy information from time to time to take into account changes in law or extensions to the functional scope of our online offering. The date of the last update at the bottom of the data privacy information is amended accordingly in such cases. Therefore, we recommend that you regularly read the data privacy information in order to remain up to date on data protection.

Neu-Isenburg, October 2021