title shiphero

Privacy Data Policy

*Last updated: December 2023

ShipHero LLC is committed to protecting your privacy. This privacy statement describes the collection, use, and disclosure of your personal information when you utilize ShipHero LLC offerings and products. By using ShipHero LLC Services, you agree to the collection and use of information in accordance with this Privacy Policy.

TABLE OF CONTENTS

  1. Definitions
  2. ShipHero LLC Detailed US Privacy Notice
    1. Information For Us Residents
    2. Categories Of Non Sensitive Personal Data
    3. Categories of Personal Data: Identifiers
    4. Categories of Personal Data: Internet/Electronic Activity
    5. Categories Of Sensitive Personal Data
    6. Use of Personal Data
    7. Disclosing Personal Data
    8. Exercising Your Personal Data Rights
    9. Notice Of Right To Limit The Use Of Sensitive Personal Information
    10. Children’s Data
    11. Authorized Agent Requests
    12. Contact Us
  3. ShipHero LLC California HR Privacy Notice
    1. Privacy Information For California Employees, Contractors, And Applicants
    2. Categories Of Non Sensitive Personal Information
    3. Categories of Personal Data: Identifiers
    4. Categories of Personal Data: Professional Information
    5. Categories of Personal Data: Educational Information
    6. Categories Of Sensitive Personal Information
    7. Categories of Sensitive Personal Information: Government ID Information
    8. Use Of Personal Information
    9. Disclosing Personal Information
    10. Exercising Your Personal Information Rights
    11. Notice Of Right To Limit The Use Of Sensitive Personal Information
    12. Children’s Data
    13. Authorized Agent Requests
    14. Contact Us
  4. GDPR Privacy Policy
    1. Personal Data We Collect
    2. How We Use Personal Data
    3. Legal Bases For The Processing Of Personal Data
    4. How We Disclose Personal Data
    5. Your Rights And Choices
    6. International Data Transfers
    7. Data Security And Data Retention
    8. Third Party Services
    9. Changes And Updates To This Policy
    10. Our Contact Information

Personal data regulations regarding the relationship between the customer as the Data Controller and SHIPHERO LLC as the Data Processor

Terms for Privacy & Data with SHIPHERO LLC, is effective from May 4, 2018

Personal data regulations regarding the relationship between the customer as the Data Controller and SHIPHERO LLC as the Data Processor

1. The subscription that the customer has with SHIPHERO LLC is a platform for enabling shipping processes for the customer and as a natural part of this, SHIPHERO LLC processes various personal data on the customer’s behalf.

This concerns data about the customer’s customers, i.e. data relating to the persons who are the recipients of the shipped orders.

This section concerns the relationship between the Data Controller (customer) and the Data Processor (SHIPHERO LLC), in connection with the personal data regulations.

2 Processed personal data.

2.1. The Data Processor, as part of the subscription, has access, on behalf of the Data Controller, to process:

Name and address of the persons receiving the consignments.

Information about the individual type of item sent and the value/price of the item.

3. The purpose and scope of the personal data processing.

3.1. As a natural part of the Data Processor’s status as the provider of subscription-based solutions for handling the Data Controller’s freight processes, the Data Processor stores the information, and similarly the Data Controller exchanges information with relevant third parties in the form of freight companies that the Data Controller uses, and possibly customs authorities (if the consignments are cross-border).

3.2. The purpose of the personal data processing is to manage the Data Controller’s freight processes.

3.3. It is emphasized that the Data Processor may only process personal data to the extent necessary for the operation of the Data Controller’s SHIPHERO subscription with the Data Processor, and/or if the Data Processor is required by law to process the data otherwise.

3.4. It is emphasized that the freight companies to which personal data is disclosed as part of this agreement are the Data Controller’s (the customer’s) Data Processors, not SHIPHERO LLC’ Data Processors. – SHIPHERO LLC has only an intermediary function in this regard.

4. The Data Processor’s obligations

4.1. The Data Processor may only process the personal data in question in accordance with the instructions of the Data Controller, i.e. the instructions contained in the SHIPHERO solution under which the Data Processor shall manage freight processes for the Data Controller.

4.2. The Data Processor is required to comply with the currently-applicable personal data legislation and shall notify the Data Controller immediately if an instruction from the Data Controller is, in the Data Processor’s opinion, contrary to the General Data Protection Regulation.

4.3. The Data Processor shall use appropriate technical and organisational security measures to ensure that personal data is not destroyed, lost, degraded or disclosed to unauthorised bodies, misused or otherwise processed in breach of personal data legislation, whereby the Data Processor shall implement the measures necessary pursuant to article 32 of the General Data Protection Regulation.

4.4. The Data Processor is obliged to inform the Data Controller without undue delay of any data breach. In this regard, the Data Processor shall inform the Data Controller of:

• The nature of the data breach.
• If possible, the type and number of affected data subjects, as well as the type of personal data concerned and the number of records of personal data concerned.The measures that the Data Processor has taken or proposes should be taken to deal with the data breach, including, where appropriate, measures to limit its potential adverse effects.
• The probable consequences of the data breach.

4.5. The Data Processor shall, at the Data Controller’s request, provide the Data Controller with sufficient information to ensure that the Data Processor has taken the necessary technical and organisational security measures.

4.6 The Data Processor shall provide all the information necessary to demonstrate that the Data Processor complies with the General Data Protection Regulation’s article 28, whereby the Data Processor shall allow and contribute to audits, including inspections carried out by the Data Controller or another auditor authorised by the Data Controller. It is emphasised that inspections/audits in every respect take place at the Data Controller’s expense.

4.7. The Data Processor shall secure/ensure that the persons who are authorised by the Data Processor to process personal data have committed themselves to confidentiality or are bound by an appropriate statutory professional secrecy obligation.

4.8. If a data subject asks the Data Processor (usually such requests will be made to the Data Controller) for access to and insight into that person’s personal data, the Data Processor shall immediately forward the request to the Data Controller.

4.9. The Data Processor shall assist the Data Controller with appropriate technical and organisational tools to enable the Data Controller to fulfil the Data Controller’s obligations to respond to requests for the exercise of the rights of the data subjects as specified in chapter III of the General Data Protection Regulation.

5. Specifically about the transfer of information to sub-data processors or third parties

5.1. As a natural part of the SHIPHERO solution, the Data Processor is entitled to disclose personal data to the Data Controller’s other data processors (freight companies), and the Data Processor is also entitled to exchange personal data with the customs authorities.

5.2. In all other cases the Data Processor may only disclose or transfer personal data to third parties or sub-processors with the prior agreement with the Data Controller. However, the Data Processor may disclose or transfer personal data without the Data Controller’s instructions, if permitted by law.

5.3. If the Data Processor hands over personal data to another data processor (sub-processor), the Data Processor is obliged to conclude a sub-processor agreement with the sub-processor, whereby the Data Processor’s sub-processor is subject to at least the same conditions as stated in this section 9.

5.4. The Data Processor shall notify the Data Controller if the Data Processor has plans to extend the circle of sub-processors and/or to replace existing sub-processors with others.

5.5. The Data Processor must not transfer personal data to third countries that the EU Commission has not assessed as safe third countries.

5.6. If the information is transferred to foreign sub-processors, it must be stated in the data processing agreement, cf. 9.5.3 that sub-processors shall comply with the EU’s General Data Protection Regulation and any other current personal data law in force. Sub-processors in EU countries with specific regulatory requirements regarding data processing must also comply with these requirements.

6. Duration of data processing

6.1. The processing of personal data pursuant to this agreement continues until such time as the SHIPHERO subscription concluded between the parties ceases.

6.2. However, in the event of the termination of a subscription, the Data Processor is bound by this agreement for as long as the Data Processor has access to personal data originating from the Data Controller.

6.3. In the event of termination of a SHIPHERO subscription, the Data Processor is required to delete any backups and other copies of the personal data.

7. Access Controls

7.1. SHIPHERO will maintain appropriate access controls to protect the Nonpublic Information throughout the term of the Agreement and at all times while SHIPHERO and SHIPHERO Parties have access to or possession of the Client’s Nonpublic Information.

7.2.Client will be solely responsible for implementing and maintaining access controls on its own systems to which SHIPHERO may be granted access in accordance with the provision of services.

8. Authorized Persons

8.1. SHIPHERO will limit access to the Client’s Nonpublic Information to those individuals who have a business need to access the Client’s Nonpublic Information in connection with the services provided to Client (“Authorized Persons”).

DEFINITIONS

For the purposes of this Privacy Policy:

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to ShipHero LLC, Inc.

  • Affiliate means any entity, subsidiaries, joint venture partners, or other companies under the control of ShipHero LLC, Inc.
  • Account means a unique account created for you to access our Service or parts of our Service.
  • Data Controller means the customer providing data to ShipHero
  • Data Processor means ShipHero LLC 
  • Website refers to any publicly available online ShipHero LLC offering including, but not limited to, the ShipHero LLC Site at ShipHero.com & ShipHero.ca  
  • Service refers to any ShipHero LLC offering or product.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

  • Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website among its many uses.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

SHIPHERO LLC DETAILED US PRIVACY NOTICE

Information For Us Residents

We collect Personal Data from US residents and comply with the consumer privacy laws of California, Colorado, Connecticut, Utah, and Virginia (“US Privacy Laws”). This Detailed US Privacy Notice applies to US residents (“users,” “you,” or “your”).

For the purposes of this Detailed US Privacy Notice, “Personal Data” means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Data:

Publicly available information;

Deidentified or aggregated data; To or

Information otherwise excluded from the scope of US Privacy Laws.

This Privacy Notice provides the following information to US residents:

Categories of Personal Data we collect;

Purposes for which we use Personal Data;

Categories of Personal Data we disclose to third parties;

Categories of third parties to which we disclose Personal Data; and

How US residents can exercise their rights under US Privacy Laws:

The rights to access, correct, or delete Personal Data;

The right to obtain a portable copy of Personal Data;

The right to limit the use of sensitive Personal Data in certain circumstances;

The rights to opt out of targeted advertising, sales of Personal Data, or profiling; and

The right to appeal our decisions about your requests.

Categories Of Non Sensitive Personal Data

The table below outlines the non-sensitive categories of Personal Data ShipHero LLC collects about US residents and whether and how they are disclosed to third parties.

We collect Non-Sensitive Personal Data from the following sources: 

Directly from our users

Inferences from your activity using our services

From our affiliates (“affiliates” are businesses that share common ownership with ShipHero LLC)

From our business partners (“business partners” are companies that we have a pre-existing commercial relationship with)

Categories of Personal Data:
Identifiers

Examples

  • Identifiers may contain the following: Name, physical address, email address, phone number), online identifiers (e.g., IP address, cookie string, username), device identifiers, and logging information. For more information about the cookies we use and your choices regarding cookies, please refer to our Cookie policy.

Purpose(s) for Collection

  • Complying with statutory obligations and to improve services.

Targeted Advertising

  • We do not engage in targeted advertising or disclose this information for targeted advertising purposes.

Sale

  • This information is not sold to third parties.

Other Disclosures

  • This information may be disclosed to Processors. We disclose Identifiers to enable our processors to provide customer service on our behalf. to debug our products and identify errors that may impair functionality. To conduct research and development to improve our existing services.

Retention Period

  • 35 days

Categories of Personal Data:
Internet/Electronic Activity

Examples

  • Internet/Electronic Activity may contain the following: Email address, First name and last name, Phone number, Mailing Address including State, Province, ZIP/Postal code, and City Usage Data:

Purpose(s) for Collection

  • The Company may use Personal Data for the following purposes: To provide and maintain our Service, including to monitor your usage of our Service. For the performance of a contract, including the development, compliance and undertaking of the purchase contract for the products, items or services you have purchased or of any other contract with us through the Service. To contact you, including by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation. To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information. To manage your requests: To attend to and manage your requests to us.

Targeted Advertising

  • We do not engage in targeted advertising or disclose this information for targeted advertising purposes.

Sale

  • This information is not sold to third parties.

Other Disclosures

  • This information may be disclosed to Processors, Affiliates, and Business Partners. We disclose Internet/Electronic Activity We may share your personal information in the following situations: With Service Providers: We may share your personal information with Service Providers to monitor and analyze your use of our Service, to show advertisements to you to help support and maintain our Service, to contact you, to advertise on third party websites to you after you visited our Service or for payment processing. With Affiliates: We may share your information with our Affiliates, in which case we will require those Affiliates to comply with this Privacy Policy. With Business Partners: We may share your information with our business partners to offer you certain products, services, or promotions.

Retention Period

  • The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our agreements and policies. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Categories Of Sensitive Personal Data

We do not Process any categories of Sensitive Personal Data

Use Of Personal Data

We use Personal Data for the purposes described above. Personal Data may also be used or disclosed as otherwise permitted or required by applicable law.

Disclosing Personal Data

We share Personal Data with the following categories of third parties:

Processors: We use processors to securely handle Personal Data on our behalf and only on our instructions. These companies may not use your Personal Data for their own purposes.

Our Business Partners: We may disclose relevant personal data to our business partners to provide you with exclusive offers for products and services that may interest you. 

See the table above for more details about how different categories of Personal Data are disclosed.

We do not sell Personal Data to anyone.

Exercising Your Personal Data Rights

US residents have the following rights under US Privacy Laws:

The rights to access, correct, or delete Personal Data;

The right to obtain a portable copy of Personal Data;

The right to limit the use of Sensitive Personal Data in certain circumstances;

The rights to opt out of targeted advertising, sales of personal data, or profiling;

The right not to receive discriminatory treatment for exercising your privacy rights; and

The right to appeal our decisions about your requests if you disagree with them.

If you are a US resident, you can submit a request to exercise your personal data rights under US Privacy Laws by sending us an email to dataprivacy@shiphero.com. ShipHero LLC also processes opt-out requests sent by Universal Opt-Out Mechanisms (also referred to as “Opt-Out Preference Signals”) frictionlessly in compliance with US Privacy law. You can send an Opt-Out Preference Signal for our business to process frictionlessly by visiting our website using a device or browser that broadcasts commonly used and recognized Opt-Out Preference Signals. We will apply the Opt-Out Preference Signals we receive to the browser or device that sent the signal, as well as any user profiles associated with that browser or device.

To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will verify your identity by sending an email to your email address on file to obtain a confirmation response. We may ask you for additional information as part of this process, including your account number. If you do not complete the verification process, we may be unable to process your request. Any information you provide to authenticate your identity will only be used to process your rights request and not for any other purpose. Please be aware that we do not accept or process rights requests submitted through other means.

We will respond to your rights request within 45 days, though in certain cases, we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay taking action on your request until we can appropriately verify your identity and the request as authentic. Also note that each of the rights are subject to certain exceptions.

We reserve the right to decline to process, or charge a reasonable fee for, requests from a US resident that are manifestly unfounded, excessive, or repetitive.

Notice Of Right To Limit The Use Of Sensitive Personal Information

You have the right to limit some uses of Sensitive Personal Data. In general, you may direct companies not to use Sensitive Personal Data except as necessary to provide goods or services you have requested or other exempt purposes. However, ShipHero LLC does not Process any Sensitive Data. 

Children’s Data

We do not knowingly collect or use the Personal Information of children under 16. If you believe that we have collected the Personal Information of a child under 16, please contact us at dataprivacy@shiphero.com.

Authorized Agent Requests

You may designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above in the section titled Exercising Your Personal Data Rights. We may require verification of your authorized agent’s authority in addition to the information we require for verification of your identity.

Contact Us

If you have any questions or concerns regarding this Detailed US Privacy Notice, contact us at dataprivacy@shiphero.com.

Last updated: December 04, 2023

SHIPHERO LLC CALIFORNIA HR PRIVACY NOTICE

Privacy Information For California Employees, Contractors, And Applicants

We collect Personal Information from current and past employees (‘Employees’), Contractors,behalf to and Applicants and comply with the California Consumer Privacy Act and related laws and regulations (“California privacy laws”). This California HR Privacy Notice applies to California Employees, Contractors, and Applicants (“you” or “your”).

“Personal Information” means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Information:

Publicly available information;

Deidentified or aggregated data; or

Information otherwise excluded from the scope of California privacy laws.

This Privacy Notice provides the following information to California Employees, Contractors, and Applicants:

Categories of Personal Information we collect;

Purposes for which we use Personal Information;

Categories of Personal Information we disclose to third parties;

Categories of third parties to which we disclose Personal Information; and

How Employees, Contractors, and Applicants can exercise their rights under California privacy laws:

The rights to access, correct, or delete Personal Information;

The right to limit the use of sensitive Personal Information in certain circumstances; and

The rights to opt out of targeted advertising, sales of Personal Information, or profiling.

Categories Of Non Sensitive Personal Information

The table below outlines the non-sensitive categories of Personal Information ShipHero LLC collects about Employees, Contractors, and Applicants and whether and how they are disclosed to third parties.

We collect Non-Sensitive Personal Information from the following sources: 

Directly from our Employees, Contractors, and Applicants

Categories of Personal Data:
Identifiers

Examples

  • Identifiers may contain the following: Name. Address, DOB, Email, Phone Number

Purpose(s) for Collection

  • Employment verification and to comply with other statutory obligations and to improve services

Targeted Advertising

  • We do not engage in targeted advertising or disclose this information for targeted advertising purposes

Sale

  • This information is not sold to third parties.

Other Disclosures

  • This information is not otherwise disclosed to third parties

Retention Period

  • We retain this information throughout the employment period and for 7 years post-termination

Categories of Personal Data:
Professional Information

Examples

  • Professional Information may contain the following: Name. Address, DOB, Email, Phone Number

Purpose(s) for Collection

  • To comply with other statutory obligations and to improve services

Targeted Advertising

  • We do not engage in targeted advertising or disclose this information for targeted advertising purposes

Sale

  • This information is not sold to third parties

Other Disclosures

  • This information may be disclosed to Processors. We disclose Professional Information to enable our processors to provide customer service on our behalf sevento debug our products and identify errors that may impair functionality.

Retention Period

  • We retain this information throughout the employment period and for 7 years post-termination

Categories of Personal Data:
Educational Information

Examples

  • Educational Information may contain the following: Name of school as detailed within submitted resume for employment.

Purpose(s) for Collection

  • Complying with statutory obligations and to improve services

Targeted Advertising

  • We do not engage in targeted advertising or disclose this information for targeted advertising purposes

Sale

  • This information is not sold to third parties

Other Disclosures

  • This information is not otherwise disclosed to third parties

Retention Period

  • We retain this information throughout the employment period and for seven years post-termination

Categories Of Sensitive Personal Information

The table below outlines the categories of Sensitive Personal Information ShipHero LLC collects about Employees, Contractors, and Applicants and whether they are disclosed to third parties.

We collect Sensitive Personal Information from the following sources: 

Directly from our Employees, Contractors, and Applicants

Categories of Sensitive Personal Information:
Government ID Information

Examples

  • Government ID Information may contain the following: Social Security Number, Non-Social Security Identification for those w/o social security numbers

Purpose(s) for Collection

  • Employment verification and to comply with other statutory obligations and to improve services

Targeted Advertising

  • We do not engage in targeted advertising or disclose this information for targeted advertising purposes

Sale

  • This information is not sold to third parties

Other Disclosures

  • This information is not otherwise disclosed to third parties

Retention Period

  • We retain this information throughout the employment period and for seven years post-termination

Use Of Personal Information

We use Personal Information for the purposes described above. Other examples of how we may use your Personal Information within ShipHero LLC include:

Publishing Employees’ work contact information in an intra-company directory for other Employees to view.

Disclosing applicants’ submitted Personal Information with our HR department and other employees to process applications.

Creating profiles of contractors’ performance based on work product.

Personal Information may also be used or disclosed as otherwise permitted or required by applicable law.

Disclosing Personal Information

We disclose Personal Information to the following categories of third parties:

Processors (also referred to as “Service Providers” or “Contractors” in California law): We use processors to securely handle Personal Information on our behalf for our business purposes and only on our instructions. California privacy laws and our contracts with these companies prevent them from using your Personal Information for their own purposes.

See the tables above for more details about how different categories of Personal Information are disclosed. 

We do not sell Personal Information to anyone. We do not share Personal Information for advertising purposes.

Exercising Your Personal Information Rights

California Employees, Contractors, and Applicants have the following rights under California privacy laws:

The right to know the Personal Information we have collected about them, including the categories of sources from which we collected the Personal Information, the purpose(s) for collecting, selling, or sharing your Personal Information, and the categories of third parties to whom we have disclosed your Personal Information;

The rights to correct, or delete Personal Information;

The right to limit the use of Sensitive Personal Information in certain circumstances;

The rights to opt out of targeted advertising, sales of Personal Information, or profiling; and

The right not to receive discriminatory treatment for exercising their privacy rights.

If you are a California Employee, Contractor, or Applicant, you can submit a request to exercise your Personal Information rights under California privacy laws by sending an email to dataprivacy@shiphero.com with the subject line “HR Privacy Rights Request.”

To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will verify your identity by sending an email to your email address on file. We may ask you for additional information as part of this process, including The last four numbers of their social security number or other identifying documents we may have on file that they submitted at the time of employment. If you do not complete the verification process, we may be unable to process your request. Any information you provide to authenticate your identity will only be used to process your rights request and not for any other purpose. Please be aware that we do not accept or process rights requests submitted through other means.

We will respond to your rights request within 45 days (or 15 days for requests to opt-out of the sale of Personal Information, requests to opt-out of targeted advertising, and requests to limit the use of Sensitive Personal Information), though in certain cases, we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay taking action on your request until we can appropriately verify your identity and the request as authentic. Also, note that each of the rights is subject to certain exceptions.

We reserve the right to decline to process or charge a reasonable fee for requests from an Employee, Contractor, or Applicant that are manifestly unfounded, excessive, or repetitive.

Notice Of Right To Limit The Use Of Sensitive Personal Information

You have the right to limit some uses of Sensitive Personal Information. In general, you may direct companies not to use Sensitive Personal Information except as necessary to provide goods or services you have requested or other exempt purposes. 

However, we only use Sensitive Personal Information for purposes that are exempt from this right, such as to provide you with goods or services you have requested, to detect and prevent security incidents, or verifying the quality of our goods and services. The full list of these exempt purposes are specified in California Code of Regulations, Title 11, Section 7027(m).

Children’s Data

We do not knowingly collect or use the Personal Information of children under 16. If you believe that we have collected the Personal Information of a child under 16, please contact us at dataprivacy@shiphero.com.

Authorized Agent Requests

California privacy law allows you to designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above. We may require verification of your authorized agent in addition to the information for verification above for Employees, Contractors, and Applicants and households.

Contact Us

If you have any questions or concerns regarding this California HR Privacy Notice, contact us at dataprivacy@shiphero.com.

Last updated: December 05, 2023

 

GDPR PRIVACY POLICY

Last updated: December 04, 2023

This Privacy Policy (the “Policy”) applies to the processing of Personal Data, subject to all applicable privacy and data protection laws of  Switzerland, the United Kingdom, the European Union and the European Economic Area (collectively, “Europe”), by ShipHero LLC and its subsidiaries and affiliates (“Company”, “we”, “our”, or “us”) through its website, products, and services (the “Services”). It describes how we collect, use, and disclose such Personal Data, your rights and choices with respect to your Personal Data, and how you can contact us if you have any questions or concerns.

Personal Data We Collect

In this Policy, “Personal Data” means any information relating to an identified or identifiable individual. We may collect Personal Data about you from various sources described below.

Information Provided By You

Account Information. If you create an account to use our Services, we collect Personal Data related to its creation and the usage of our Services via this account. When you sign up, you may provide us with your name, email address, password, mobile phone number, interests, and other account information.

Communications. When you contact us via a contact form, email, or other means, you provide us with Personal Data, such as your name and contact details, and the content, date, and time of our communications.

Careers. If you apply for a job with us, you may provide us with your resume, name, contact details, and any other relevant information. If you become an employee, we collect additional information, such as your family information, beneficiary selections, banking information, and other relevant information for employment, payroll, and benefit purposes, and we may collect certain sensitive Personal Data such as trade union membership data or biometric data for identity verification.

Support Information. When you request technical support services, we will process your Personal Data such as your name and the contact details you use to contact us, as well as information on the reasons for your support request, and any additional information you may provide in that context.

Where applicable, we may indicate whether and why you must provide us with your Personal Data as well as the consequences of failing to do so. For example, it may be necessary for you to disclose certain Personal Data in order for us to provide the Services to you.

Our Services are not intended for use by children under the age of 16. 

Information Collected From Other Sources

Third Parties. We may obtain Personal Data about you from third parties such as outbound marketing vendors, industry organizations and other entities. This information may include identifiers, location data and other similar information. 

Information We Collect By Automated Means

Social Media. We may collect Personal Data via social media tools, widgets, or plug-ins to connect you to your social media accounts. These features may allow you to sign in through your social media account, share a link, or post directly to your social media account. When you visit a website that contains such tools or plugins, the social media or other service provider may learn of your visit. Your interactions with these tools are governed by the privacy policies of the corresponding social media platforms.

Cookies. We may collect Personal Data via cookies and similar technologies (see “Legal Bases for the Processing of Personal Data” section of this Policy for more information).

How We Use Personal Data

We use the Personal Data we collect for the following purposes:

Providing Services, including to operate, maintain, support, and provide our Services.

Communicating with You, including to contact you for administrative purposes (e.g., to provide services and information that you request or to respond to comments and questions) or to send you marketing communications, including updates on promotions and events, relating to products and services offered by us.

Personalization, including to customize our Services to you and provide you with the most relevant marketing and advertising materials.

Analytics and Product Development, including to analyze usage trends and preferences in order to improve our Services, and to develop new products, services, and features.

Customer and Vendor Relationship Management, including to track emails, phone calls, and other actions you have taken as our customer or vendor.

Aggregation. We may aggregate or anonymize Personal Data and use the resulting information for statistical analysis or other purposes.

Administrative and Legal, such as to address administrative issues or to defend our legal rights and to comply with our legal obligations and internal policies as permitted by law. 

Legal Bases For The Processing Of Personal Data

We rely on various legal bases to process your Personal Data, including:

Consent. You may have consented to the use of your Personal Data, for example to send you electronic marketing communications or for the use of certain cookies. For more information about the cookies we use and your choices regarding cookies, please refer to our Cookie policy.

Contract. We need your Personal Data to provide you with our Services and to respond to your inquiries.

Legal. We may have a legal obligation to process your Personal Data, for example to comply with tax and accounting obligations, and we may process your Personal Data when necessary to establish, exercise, or defend legal claims. We may also process your Personal Data when necessary to protect your or another individual’s vital interests.

Legitimate Interest. We or a third party have a legitimate interest in using your Personal Data, for example to prevent fraud. We only rely on this legal basis when such legitimate interests are not overridden by your interests or your fundamental rights and freedoms.

How We Disclose Personal Data

We may disclose Personal Data about you in the following circumstances:

Group Entities. We may disclose Personal Data about you to our affiliates and subsidiaries.

Public Posts. Any information that you voluntarily choose to post to a publicly accessible area of our Services will be available to anyone who has access to that content.

Service Providers. We work with third parties to provide services such as hosting, maintenance, and support. These third parties may have access to or process your Personal Data as part of providing those services to us.

Legal. We may disclose your Personal Data if it is necessary (i) for compliance with our legal obligations or (ii) to establish, exercise, or defend legal claims.

Merger. Information about our users, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

Aggregated Information. We may use and disclose aggregated or otherwise anonymized information for any purpose, unless we are prohibited from doing so under applicable law.

Your Rights And Choices

As provided under applicable law and subject to any limitations in such law, you have the following rights:

Access and Portability. You may ask us to provide you with a copy of the Personal Data we maintain about you, including a machine-readable copy of the Personal Data that you have directly provided to us, and request certain information about its processing.

Rectification. You may ask us to update and correct inaccuracies in your Personal Data.

Deletion. You may ask to have your Personal Data anonymized or deleted, as appropriate.

Restriction and Objection. You may ask us to restrict the processing of your Personal Data or object to such processing.

Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your Personal Data at any time and free of charge. We will apply your preferences going forward. This will not affect the lawfulness of the processing before you withdrew your consent.

Complaint. You may lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where you believe an incident took place.

You may exercise these rights by contacting us using the contact details at the end of this Policy. Note that applicable laws contain certain exceptions and limitations to each of these rights.

International Data Transfers

We may transfer your Personal Data outside of the country in which it was collected and where the level of protection of Personal Data may be different than in your country. Personal Data may be transferred to United States of America, Switzerland, the United Kingdom, and countries in the European Economic Area (“EEA”). If we do so, we will comply with applicable data protection laws, in particular by relying on an EU Commission adequacy decision; on contractual protections for the transfer of your Personal Data; or on another approved mechanism, including derogations for a specific situation, such as your explicit consent. For more information about how we transfer Personal Data internationally, or to obtain a copy of the safeguards we use for such transfers, please contact us as specified below.

Data Security And Data Retention

We use physical, managerial, and technical safeguards that are designed to improve the integrity and security of Personal Data that we collect, maintain, and otherwise process.

We take measures to delete or anonymize your Personal Data when it is no longer necessary for the purposes for which we process it, unless we are required by law to keep it for a longer period. When determining the retention period, we take into account various criteria, such as the type of products or services provided to you, the nature and length of our relationship with you, mandatory retention periods, and applicable statutes of limitations.

Third Party Services

Our Services may contain features or links to websites and services provided by third parties. Any information you provide via these websites or services is provided directly to these third-party operators and is subject to their privacy policies, even if accessed through our Services. We encourage you to learn about these third parties’ policies before providing them with your Personal Data.

Changes And Updates To This Policy

We may update this Policy from time to time to reflect changes in our privacy practices. We will follow applicable laws and regulations regarding notification of such changes.

Our Contact Information

ShipHero LLC is the entity responsible for the processing of your Personal Data. If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your Personal Data, please contact us by email at dataprivacy@shiphero.com, or by mail at:

ShipHero LLC

55 W RAILROAD AVE, BUILDING 4

Garnerville, New York 10923

USA

In addition, you may contact our Data Protection Officer at dataprotection@shiphero.com