Privacy Data Policy
*Updated: August 14, 2024
ShipHero LLC is committed to protecting your privacy. This privacy statement describes the collection, use, and disclosure of your personal information when you utilize ShipHero LLC offerings and products. By using ShipHero LLC Services, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Terms for Privacy & Data with SHIPHERO LLC
1.1 Personal data regulations regarding the relationship between the customer as the Data Controller and
SHIPHERO LLC as the Data Processor
1.2 The customer’s subscription to SHIPHERO LLC is a platform for enabling shipping processes, and as a
natural part of this, SHIPHERO LLC processes various personal data on the customer’s behalf
This concerns data about the customer’s customers, i.e., data relating to the persons who are the recipients of the
shipped orders.
This section concerns the relationship between the Data Controller (customer) and the Data Processor (SHIPHERO LLC)
in connection with the personal data regulations.
2. Processed personal data.
2.1. The Data Processor, as part of the subscription, has access, on behalf of the Data Controller, to
process:
- Name and address of the persons receiving the consignments.
- Information about the individual type of item sent and the value/price of the item.
3. The purpose and scope of the personal data processing.
3.1. As a natural part of the Data Processor’s status as the provider of subscription-based solutions for
handling the Data Controller’s freight processes, the Data Processor stores the information, and similarly, the Data
Controller exchanges information with relevant third parties in the form of freight companies that the Data
Controller uses, and possibly customs authorities (if the consignments are cross-border).
3.2. The purpose of personal data processing is to manage the Data Controller’s freight processes.
3.3. It is emphasized that the Data Processor may only process personal data to the extent necessary for the
operation of the Data Controller’s SHIPHERO subscription with the Data Processor and/or if the Data Processor is
required by law to process the data otherwise.
3.4. It is emphasized that the freight companies to which personal data is disclosed as part of this agreement
are the Data Controller’s (the customer’s) Data Processors, not SHIPHERO LLC’s. – SHIPHERO LLC has only an
intermediary function in this regard.
4. The Data Processor’s obligations
4.1. The Data Processor may only process the personal data in question in accordance with the instructions of
the Data Controller, i.e., the instructions contained in the SHIPHERO solution under which the Data Processor shall
manage freight processes for the Data Controller.
4.2. The Data Processor is required to comply with the currently applicable personal data legislation and
shall notify the Data Controller immediately if an instruction from the Data Controller is, in the Data Processor’s
opinion, contrary to the General Data Protection Regulation.
4.3. The Data Processor shall use appropriate technical and organizational security measures to ensure that
personal data is not destroyed, lost, degraded, or disclosed to unauthorized bodies, misused, or otherwise processed
in breach of personal data legislation, whereby the Data Processor shall implement the measures necessary pursuant
to article 32 of the General Data Protection Regulation.
4.4. The Data Processor is obliged to inform the Data Controller without undue delay of any data breach. In
this regard, the Data Processor shall notify the Data Controller of:
- The nature of the data breach.
- If possible, the type and number of affected data subjects, as well as the type of personal data concerned and
the number of records of personal data concerned.The measures that the Data Processor has taken or proposes
should be taken to deal with the data breach, including, where appropriate, measures to limit its potential
adverse effects. - The probable consequences of the data breach.
4.5. At the Data Controller’s request, the Data Processor shall provide the Data Controller with sufficient
information to ensure that the Data Processor has taken the necessary technical and organizational security
measures.
4.6 The Data Processor shall provide all the information necessary to demonstrate that the Data Processor
complies with the General Data Protection Regulation’s article 28, whereby the Data Processor shall allow and
contribute to audits, including inspections carried out by the Data Controller or another auditor authorized by the
Data Controller. It is emphasized that inspections/audits take place at the Data Controller’s expense in every
respect.
4.7. The Data Processor shall secure/ensure that the persons who the Data Processor authorizes to process
personal data have committed themselves to confidentiality or are bound by an appropriate statutory professional
secrecy obligation.
4.8. If a data subject asks the Data Processor (usually such requests will be made to the Data Controller) for
access to and insight into that person’s personal data, the Data Processor shall immediately forward the request to
the Data Controller.
4.9. The Data Processor shall assist the Data Controller with appropriate technical and organizational tools
to enable the Data Controller to fulfill the Data Controller’s obligations to respond to requests for the exercise
of the rights of the data subjects as specified in Chapter III of the General Data Protection Regulation.
5. Specifically about the transfer of information to sub-data processors or third parties
5.1. As a natural part of the SHIPHERO solution, the Data Processor is entitled to disclose personal data to
the Data Controller’s other data processors (freight companies), and the Data Processor is also entitled to exchange
personal data with the customs authorities.
5.2. In all other cases, the Data Processor may only disclose or transfer personal data to third parties or
sub-processors with the prior agreement with the Data Controller. However, the Data Processor may disclose or
transfer personal data without the Data Controller’s instructions if permitted by law.
5.3. If the Data Processor hands over personal data to another data processor (sub-processor), the Data
Processor is obliged to conclude a sub-processor agreement with the sub-processor, whereby the Data Processor’s
sub-processor is subject to at least the same conditions as stated in this section 9.
5.4. The Data Processor shall notify the Data Controller if it plans to extend the circle of subprocessors
and/or replace existing subprocessors with others.
5.5. The Data Processor must not transfer personal data to third countries that the EU Commission has not
assessed as safe third countries.
5.6. If the information is transferred to foreign subprocessors, the data processing agreement must state, cf.
9.5.3, that subprocessors shall comply with the EU’s General Data Protection Regulation and any other current
personal data law in force. Subprocessors in EU countries with specific regulatory requirements regarding data
processing must also comply with these requirements.
6. Duration of data processing
6.1. The processing of personal data pursuant to this agreement continues until such time as the SHIPHERO
subscription concluded between the parties ceases.
6.2. However, in the event of a subscription termination, the Data Processor is bound by this agreement for as
long as it has access to personal data originating from the Data Controller.
6.3. In the event of a SHIPHERO subscription termination, the Data Processor is required to delete any backups
and other copies of the personal data.
7. Access Controls
7.1. SHIPHERO will maintain appropriate access controls to protect the Nonpublic Information throughout the
term of the Agreement and at all times while SHIPHERO and SHIPHERO Parties have access to or possession of the
Client’s Nonpublic Information.
7.2. Client will be solely responsible for implementing and maintaining access controls on its own systems to
which SHIPHERO may be granted access in accordance with the provision of services.
8. Authorized Persons
8.1. SHIPHERO will limit access to the Client’s Nonpublic Information to those individuals who have a business
need to access the Client’s Nonpublic Information in connection with the services provided to Client (“Authorized
Persons”).
2. Definitions
For the purposes of this Privacy Policy:
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Company (referred to as either “the Company,” “We,” “Us,” or “Our” in this Agreement) refers to ShipHero LLC, Inc.
- Affiliate means any entity, subsidiaries, joint venture partners, or other companies under the control of ShipHero LLC, Inc.
- Account means a unique account created for you to access our Service or parts of our Service.
- Data Controller means the customer providing data to ShipHero
- Data Processor means ShipHero LLC
- Website refers to any publicly available online ShipHero LLC offering including, but not limited to, the ShipHero LLC Site at ShipHero.com & ShipHero.ca
- Service refers to any ShipHero LLC offering or product.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.
- Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
- Personal Data is any information that relates to an identified or identifiable individual.
- Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website among its many uses.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
3. ShipHero LLC US Privacy Notice
ShipHero LLC (hereinafter “ShipHero” or “we”) values the privacy of individuals who use our websites, app, and related services (collectively, our “Services”). This Privacy Notice explains how we collect, use, and share the information of US residents who use our Services (“Users,” ”you,” or “your”). By using our Services, you agree to the collection, use, disclosure, and processing of your information as described by this Privacy Notice. Beyond this Notice, your use of our Services is also subject to our ShipHero Terms of Service (https://shiphero.com/terms-of-service/) and any additional agreements you may enter into with us. If you reside in the European Union, you can view our EU-specific privacy notice within this page – reference 4. GDPR Privacy Policy
We collect Personal Data from US residents and comply with the consumer privacy laws of Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia (“US Privacy Law”). For the purposes of this Notice, “Personal Data” means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Data:
- Publicly available information;
- Deidentified or aggregated data or
- Information otherwise excluded from the scope of US Privacy Law.
This Privacy Notice provides the following information to US residents:
- Categories of Personal Data we collect;
- Purposes for which we use Personal Data;
- Categories of Personal Data we share with third parties;
- Categories of third parties with which we share Personal Data and
- How US residents can exercise their rights under US Privacy Law:
- The rights to access, correct, or delete Personal Data;
- The right to obtain a portable copy of Personal Data;
- The right to limit the use of sensitive Personal Data in certain circumstances;
- The rights to opt out of targeted advertising, sales of Personal Data, or profiling; and
- The right to appeal our decisions about your requests.
Information We Collect
We may collect various information about you or your devices from various sources. This section describes that information in general terms. The Categories of Non-Sensitive Personal Data section below provides a more detailed category-by-category breakdown of the information we collect.
Registration Information. If you sign up for an account, register to use our Services, or sign up for emails or other updates, we may ask you for basic contact information, such as your Name and Email.
Communications. If you contact us directly, we may collect additional information from you. For example, when you reach out to our customer support team, we may ask for your name, email address, mailing address, phone number, or other contact information so that we can verify your identity and communicate with you. We may also store the contents of any message or attachments that you send to us, as well as any information you submit through any of our forms or questionnaires.
Events. If you register for an event that we host, whether in-person or online, we may collect relevant information like your name, phone number, and email address, as well as specific information relevant to the event for which you are registering.
Payment Information. If you make a purchase through our Services, your payment-related information, such as credit card or other financial information, may be collected by our third-party payment processor on our behalf.
Device Information. We may collect information about the devices and software you use to access our Services, such as your IP address, web browser type, operating system version, device identifiers, or similar information.
Usage Information. To help us understand how you use our Services and to help us improve them, we may collect data about your interactions with our Services. This includes information such as crash reports, session lengths and times, the pages or other content you view, and any searches you conduct on our site.
Cookies and Similar Technologies. We and our third-party partners may collect information using cookies, pixel tags, or similar technologies. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits.
Information We Receive from Sources Other than You. We may receive information about you from other sources, including from third parties that help us update, expand, and analyze our records, identify new customers, or detect or prevent fraud. We may also receive information about you from social media platforms, such as when you interact with us on those platforms or access our social media content. What information we receive from third parties is governed by the privacy settings, policies, and/or procedures of those third parties, and we encourage you to review them.
Categories of Non-Sensitive Personal Data We Collect
The table below outlines the non-sensitive categories of Personal Data ShipHero collects about US residents, what we use that data for, and whether and how it is shared with third parties.
We collect Non-Sensitive Personal Data:
- Directly from our users
- Inferences drawn from your interactions with our Services
- From our affiliates (“affiliates” are businesses that share common ownership with ShipHero)
- From our business partners (“business partners” are companies that we have a pre-existing commercial relationship with)
| Category: Identifiers | |
| Examples and Purpose for Collection | Identifiers may contain the following: Name, physical address, email address, phone number), online identifiers (e.g., IP address, cookie string, username), device identifiers, and logging information. Complying with statutory obligations and to improve services |
| Profiling | We do not use this information for profiling in furtherance of decisions that produce legal (or similarly significant) effects. |
| Targeted Advertising | We may share this information with advertising partners for targeted advertising purposes |
| Sale | We do not sell this information to third parties |
| Other Disclosures | We may share this information with Processors. We share Identifiers to enable our processors to provide customer service on our behalf. To debug our products and identify errors that may impair functionality. To conduct research and development to improve our existing services. |
| Retention Period | 35 days |
| Category: Internet/Electronic Activity | |
| Examples and Purpose for Collection | Internet/Electronic Activity may contain the following: email address, First name and last name, Phone number, Mailing Address, including State, Province, ZIP/postal code, and City Usage Data. The Company may use Personal Data for the following purposes: To provide and maintain our Service, including monitoring your usage of our Service. For the performance of a contract, including the development, compliance, and undertaking of the purchase contract for the products, items, or services you have purchased or of any other contract with us through the Service. To contact you, including by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation. To provide you with news, special offers, and general information about other goods, services, and events that we offer similar to those you have already purchased or enquired about unless you have opted not to receive such information. To manage your requests: To attend to and manage your requests to us. |
| Profiling | We do not use this information for profiling in furtherance of decisions that produce legal (or similarly significant) effects. |
| Targeted Advertising | We may share this information with advertising partners for targeted advertising purposes |
| Sale | We do not sell this information to third parties |
| Other Disclosures | We may share this information with Processors, Affiliates, and Business Partners. We share Internet/Electronic Activity We may share your personal information in the following situations: With Service Providers: We may share your personal information with Service Providers to monitor and analyze your use of our Service, to show advertisements to you to help support and maintain our Service, to contact you, to advertise on third-party websites to you after you visited our Service or for payment processing. With Affiliates: We may share your information with our Affiliates, in which case we will require those Affiliates to comply with this Privacy Policy. With Business Partners: We may share your information with our business partners. This collaboration allows us to offer you certain products, services, or promotions, enhancing your experience with our Service. |
| Retention Period | The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our agreements and policies. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. |
Categories of Sensitive Personal Data We Collect
We do not process any categories of Sensitive Personal Data
How We Use the Information We Collect
In addition to the purposes listed above, we may use the information we collect:
- To provide, maintain, improve, and enhance our Services
- To understand and analyze how you use our Services and develop new products, services, features, and functionality
- To facilitate purchases of products or services that you order
- To host events
- To communicate with you, provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide User support
- For marketing and advertising purposes, including developing and providing promotional and advertising materials that may be relevant, valuable, or otherwise of interest to you
- To detect and prevent fraud and respond to trust and safety issues that may arise
- For compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency
- For other purposes for which we provide specific notice at the time the information is collected
How We Share the Information We Collect
We share Personal Data with the following categories of third parties:
Processors. We may share any information we collect with processors retained in connection with the provision of our Services. These companies are only permitted to use this information on our behalf and according to our instructions. Our processors are not permitted to use your information for their own purposes.
Our Advertising and Analytics Partners. We use analytics services to collect and process certain analytics data, as detailed below. We also work with third-party services to conduct advertising via cookies. These third parties may also collect information about your use of other websites, apps, and online resources. These partners include:
- Google – We may use Google’s services to collect and process analytics data about how our Users use our Services and to place ads that we think may interest our Users and potential users.
- For more information, see Google’s Privacy & Terms page.
- LinkedIn – We use LinkedIn’s services to place ads that we think may interest our users and potential users, as well as to advertise openings to potential employees.
- For more information, see LinkedIn’s Privacy Policy and Cookie Policy.
- Microsoft – We use Microsoft’s services to place ads that we think may interest our users and potential users.
- We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, see Microsoft’s Advertising Policies and Privacy Statement
- Twitter / X – We use X services to place ads that we think may interest our users and potential users.
- For more information, see Twitter / X Advertising and Privacy Policy.
- Shopify – We use Shopify services to place ads that we think may interest our users and potential users.
- For more information, see Shopify’s Market and Privacy Policy.
Additionally, we utilize the following prospecting and marketing automation platforms:
- Hubspot https://legal.hubspot.com/privacy-policy
- HockeyStack https://hockeystack.com/privacy-policy
- ChiliPiper https://www.chilipiper.com/privacy-policy
- Charm.io https://info.charm.io/privacy-policy
- Unbounce https://unbounce.com/privacy/
- Outreach https://www.outreach.io/privacy-statement
- Clearbit https://clearbit.com/privacy-policy
- Salesforce https://www.salesforce.com/company/privacy/full_privacy/
Please note that this list may be updated from time to time to provide you with the latest information. For more information about your choices regarding how these partners use your information, see the Your Choices section below.
We may also share your Personal Data with other parties for the following reasons:
As Required by Law. We may share your information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety. In particular, we may share relevant information with the appropriate third parties if you post any illegal, threatening, or objectionable content on or through our Services.
Events. We may share your information with event partners or co-sponsors to facilitate the events for which you register.
Merger, Sale, or Other Asset Transfers. We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or in which we sell, liquidate, or transfer all or a portion of our assets. The same general provisions of this Privacy Notice will govern the use of your information following any of these events.
Consent. We may also share your information with your permission.
For more information on how we share the information we collect, see the Categories of Non-Sensitive Personal Data tables above. We do not sell Personal Data to anyone.
Your Rights and Choices
Our Communications.
From time to time, you may receive marketing or other informational email messages from us. You can unsubscribe from our promotional and informational emails via the link provided in the emails. Users may continue to receive administrative messages necessary to service User accounts after opting out of receiving promotional messages from us.
Cookies.
Most web browsers allow you to manage cookies through the browser settings. To find out more about cookies, you can visit www.aboutcookies.org or www.allaboutcookies.org.
Our Partners.
You can learn more about Google’s privacy practices and your options about how they use your information on Google’s website. You can also install the Google Analytics Opt-out Browser Add-on. Some of our advertising partners are members of the Network Advertising Initiative or the Digital Advertising Alliance. You can visit those organizations’ websites to learn about how you may opt out of receiving web-based personalized ads from their member companies. You can also access any settings your mobile operating system offers to limit ad tracking. To inquire about your choices regarding our business partners generally, contact us at dataprivacy@shiphero.com
Your Rights.
US residents have the following rights under US Privacy Law:
- The rights to access, correct, or delete Personal Data;
- The right to obtain a portable copy of Personal Data;
- The right to limit the use of Sensitive Personal Data in certain circumstances;
- The rights to opt out of targeted advertising, sales of personal data, or profiling;
- The right not to receive discriminatory treatment for exercising your privacy rights and
- The right to appeal our decisions about your requests if you disagree with them.
Exercising Your Rights.
If you are a US resident, you can submit a request to exercise your personal data rights by emailing us at dataprivacy@shiphero.com. Please be aware that we do not accept or process rights requests submitted through other means.
To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will verify your identity by emailing the email address we have on file with a link to complete the verification process asking you to provide information that matches what we have on file when you submit your request. We may ask you for additional information as part of this process, including We may ask you for additional information as part of [the verification] process, including the last four digits provided when you created an account with our company. If you do not complete the verification process, we may be unable to process your request. Any information you provide to authenticate your identity will only be used to process your rights request and not for any other purpose.
We will respond to your rights request within 45 days (or within 15 days when required by US Privacy Law), and in certain cases, we may inform you that we will need an additional 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay acting on your request until we can appropriately verify your identity and the request as authentic. Also, note that each of your rights are subject to certain exceptions that may permit or require us not to process your request.
We reserve the right to decline to process or charge a reasonable fee for requests from US residents that are manifestly unfounded, excessive, or repetitive.
Authorized Agents.
You may designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by using the method(s) described above. We may require verification of your authorized agent’s authority in addition to the information we require to verify your identity.
Notice of Right to Opt-Out of Sale/Sharing for Targeted Advertising
US Privacy Law gives US residents the right to direct a business that “sells” their Personal Data or shares it for targeted advertising purposes to stop selling and/or sharing their Personal Data at any time. As used here, “selling” means exchanging Personal Data with a third party for money or anything of value, and targeted advertising is the practice of displaying advertisements to a person that are selected based on that person’s activities over time and across non-affiliated websites or applications. In certain situations, and as detailed more fully above, we share for targeted advertising Personal Data with third parties. You can opt out of sharing your personal data for targeted advertising purposes by sending us an email at dataprivacy@shiphero.com
Notice of Right to Limit the Use of Sensitive Personal Data
You have the right to limit some uses of Sensitive Personal Data. In general, you may direct companies not to use your Sensitive Personal Data except as necessary to provide goods or services you have requested or to further certain other exempt purposes. However, ShipHero does not Process any Sensitive Data.
Children’s Data
We do not knowingly collect or use the Personal Data of children under 16. If you believe that we have collected the Personal Data of a child under 16, please contact us at dataprivacy@shiphero.com
Third-Party Content
Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the content provided by, or the privacy practices of, these third parties. Please be aware that this Privacy Notice does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.
Security
We make reasonable efforts to protect your information by using administrative, technological, and physical safeguards designed to improve the security of the information we maintain and protect it from accidental loss, unauthorized access or use, or any other inappropriate or unlawful processing. However, because no information system can be 100% secure, we cannot guarantee the absolute security of your information.
International Visitors
Our Services are hosted in the United States and intended for visitors located within the United States. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your information outside of those regions to the United States for storage and processing. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Services. By using our Services, you consent to the transfer, storage, and processing of your information as described in this Privacy Notice.
European Union residents, reference section 4. GDPR Privacy Policy
Canada residents reference section 4. GDPR Privacy Policy
- PIPEDA) Personal Information Protection and Electronic Documents Act
- (Law 25) Quebec – ShipHero Data Privacy Officer contact dpo@shiphero.com
ShipHero complies with all aspects of the Canadian compliance regulations; reporting follows standards similar to GDPR, as detailed herein.
- Right to be informed
- Right to access
- Right to rectification
- Right to erasure
- Right to withdraw consent
- Right to restrict processing
- Right to data portability
If you have any questions, comments, or concerns about our Canadian compliance, please email us at dataprivacy@shiphero.com
Contact Us
If you have any questions or concerns regarding this Detailed US Privacy Notice, contact us at dataprivacy@shiphero.com
4. Shiphero LLC California HR Privacy Notice
Privacy Information For California Employees, Contractors, And Applicants
We collect Personal Information from current and past employees (‘Employees’), Contractors, behalf to and Applicants and comply with the California Consumer Privacy Act and related laws and regulations (“California privacy laws”). This California HR Privacy Notice applies to California Employees, Contractors, and Applicants (“you” or “your”).
“Personal Information” means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Information:
Publicly available information;
Deidentified or aggregated data or
Information otherwise excluded from the scope of California privacy laws.
This Privacy Notice provides the following information to California Employees, Contractors, and Applicants:
Categories of Personal Information we collect;
Purposes for which we use Personal Information;
Categories of Personal Information we disclose to third parties;
Categories of third parties to which we disclose Personal Information; and
How Employees, Contractors, and Applicants can exercise their rights under California privacy laws:
The rights to access, correct, or delete Personal Information;
The right to limit the use of sensitive Personal Information in certain circumstances; and
The right to opt out of targeted advertising, sales of Personal Information, or profiling.
Categories Of Non Sensitive Personal Information
The table below outlines the non-sensitive categories of Personal Information ShipHero LLC collects about Employees, Contractors, and Applicants and whether and how they are disclosed to third parties.
We collect Non-Sensitive Personal Information from the following sources:
Directly from our Employees, Contractors, and Applicants
| Category of Personal Information: Identifiers | |
| Examples | |
| Identifiers may contain the following: Name. Address, DOB, Email, Phone Number | |
| Purpose(s) for Collection | |
| Employment verification and to comply with other statutory obligations and to improve services | |
| Targeted Advertising | |
| We do not engage in targeted advertising or disclose this information for targeted advertising purposes | |
| Sale | |
| This information is not sold to third parties | |
| Other Disclosures | |
| This information is not otherwise disclosed to third parties | |
| Retention Period | |
| We retain this information throughout the employment period and for 7 years post-termination | |
| Category of Personal Information: Professional Information | |
| Examples | |
| Professional Information may contain the following: Name. Address, DOB, Email, Phone Number | |
| Purpose(s) for Collection | |
| To comply with other statutory obligations and to improve services | |
| Targeted Advertising | |
| We do not engage in targeted advertising or disclose this information for targeted advertising purposes | |
| Sale | |
| This information is not sold to third parties | |
| Other Disclosures | |
| This information may be disclosed to Processors. We disclose professional information to enable our processors to provide customer service on our behalf, debug our products, and identify errors that may impair functionality. | |
| Retention Period | |
| We retain this information throughout the employment period and for 7 years post-termination | |
| Category of Personal Information: Educational Information | |
| Examples | |
| Educational Information may contain the following: Name of school as detailed within the submitted resume for employment. | |
| Purpose(s) for Collection | |
| Complying with statutory obligations and to improve services | |
| Targeted Advertising | |
| We do not engage in targeted advertising or disclose this information for targeted advertising purposes | |
| Sale | |
| This information is not sold to third parties | |
| Other Disclosures | |
| This information is not otherwise disclosed to third parties | |
| Retention Period | |
| We retain this information throughout the employment period and for seven years post-termination | |
Categories Of Sensitive Personal Information
The table below outlines the categories of Sensitive Personal Information ShipHero LLC collects about Employees, Contractors, and Applicants and whether they are disclosed to third parties.
We collect Sensitive Personal Information from the following sources:
Directly from our Employees, Contractors, and Applicants
| Category of Sensitive Personal Information: Government ID Information | |
| Examples | |
| Government ID Information may contain the following: Social Security Number, Non-Social Security Identification for those w/o social secuirty numbers | |
| Purpose(s) for Collection | |
| Employment verification and to comply with other statutory obligations and to improve services | |
| Targeted Advertising | |
| We do not engage in targeted advertising or disclose this information for targeted advertising purposes | |
| Sale | |
| This information is not sold to third parties | |
| Other Disclosures | |
| This information is not otherwise disclosed to third parties | |
| Retention Period | |
| We retain this information throughout the employment period and for seven years post-termination | |
Use Of Personal Information
We use Personal Information for the purposes described above. Other examples of how we may use your Personal Information within ShipHero LLC include:
Publishing Employees’ work contact information in an intra-company directory for other Employees to view.
Disclosing applicants’ submitted Personal Information with our HR department and other employees to process applications.
Creating profiles of contractors’ performance based on work product.
Personal Information may also be used or disclosed as otherwise permitted or required by applicable law.
Disclosing Personal Information
We disclose Personal Information to the following categories of third parties:
Processors (also referred to as “Service Providers” or “Contractors” in California law): We use processors to securely handle Personal Information on our behalf for our business purposes and only on our instructions. California privacy laws and our contracts with these companies prevent them from using your Personal Information for their own purposes.
See the tables above for more details about how different categories of Personal Information are disclosed.
We do not sell Personal Information to anyone. We do not share Personal Information for advertising purposes.
Exercising Your Personal Information Rights
California Employees, Contractors, and Applicants have the following rights under California privacy laws:
The right to know the Personal Information we have collected about them, including the categories of sources from which we collected the Personal Information, the purpose(s) for collecting, selling, or sharing your Personal Information, and the categories of third parties to whom we have disclosed your Personal Information;
The rights to correct or delete Personal Information;
The right to limit the use of Sensitive Personal Information in certain circumstances;
The rights to opt out of targeted advertising, sales of Personal Information, or profiling; and
The right not to receive discriminatory treatment for exercising their privacy rights.
If you are a California Employee, Contractor, or Applicant, you can submit a request to exercise your Personal Information rights under California privacy laws by sending an email to dataprivacy@shiphero.com with the subject line “HR Privacy Rights Request.”
To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will verify your identity by sending an email to your email address on file. We may ask you for additional information as part of this process, including The last four numbers of their social security number or other identifying documents we may have on file that they submitted at the time of employment. If you do not complete the verification process, we may be unable to process your request. Any information you provide to authenticate your identity will only be used to process your rights request and not for any other purpose. Please be aware that we do not accept or process rights requests submitted through other means.
We will respond to your rights request within 45 days (or 15 days for requests to opt-out of the sale of Personal Information, requests to opt-out of targeted advertising, and requests to limit the use of Sensitive Personal Information), though in certain cases, we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay taking action on your request until we can appropriately verify your identity and the request as authentic. Also, note that each of the rights is subject to certain exceptions.
We reserve the right to decline to process or charge a reasonable fee for requests from an Employee, Contractor, or Applicant that are manifestly unfounded, excessive, or repetitive.
Notice Of Right To Limit The Use Of Sensitive Personal Information
You have the right to limit some uses of Sensitive Personal Information. In general, you may direct companies not to use Sensitive Personal Information except as necessary to provide goods or services you have requested or other exempt purposes.
However, we only use Sensitive Personal Information for purposes exempt from this right, such as providing you with goods or services you have requested, detecting and preventing security incidents, or verifying the quality of our goods and services. The full list of these exempt purposes are specified in California Code of Regulations, Title 11, Section 7027(m).
Children’s Data
We do not knowingly collect or use the Personal Information of children under 16. If you believe that we have collected the Personal Information of a child under 16, please contact us at dataprivacy@shiphero.com.
Authorized Agent Requests
California privacy law allows you to designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above. We may require verification of your authorized agent in addition to the information for verification above for Employees, Contractors, and Applicants, and households.
Contact Us
If you have any questions or concerns regarding this California HR Privacy Notice, contact us at dataprivacy@shiphero.com.
5. GDPR Privacy Policy
This Privacy Policy (the “Policy”) applies to the processing of Personal Data, subject to all applicable privacy and data protection laws of Switzerland, the United Kingdom, the European Union, and the European Economic Area (collectively, “Europe”), by ShipHero LLC and its subsidiaries and affiliates (“Company,” “we,” “our”, or “us”) through its website, products, and services (the “Services”). It describes how we collect, use, and disclose such Personal Data, your rights and choices with respect to your Personal Data, and how you can contact us if you have any questions or concerns.
Personal Data We Collect
In this Policy, “Personal Data” means any information relating to an identified or identifiable individual. We may collect Personal Data about you from various sources described below.
Information Provided By You
Account Information. If you create an account to use our Services, we collect Personal Data related to its creation and the usage of our Services via this account. When you sign up, you may provide us with your name, email address, password, mobile phone number, interests, and other account information.
Communications. When you contact us via a contact form, email, or other means, you provide us with Personal Data, such as your name and contact details, and the content, date, and time of our communications.
Careers. If you apply for a job with us, you may provide us with your resume, name, contact details, and other relevant information. If you become an employee, we collect additional information, such as your family information, beneficiary selections, banking information, and other relevant information for employment, payroll, and benefit purposes, and we may collect certain sensitive Personal Data, such as trade union membership data or biometric data for identity verification.
Support Information. When you request technical support services, we will process your Personal Data, such as your name and the contact details you use to contact us, information on the reasons for your support request, and any additional information you may provide in that context.
Where applicable, we may indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. For example, it may be necessary for you to disclose certain Personal Data in order for us to provide the Services to you.
Our Services are not intended for use by children under the age of 16.
Information Collected From Other Sources
Third Parties. We may obtain Personal Data about you from third parties such as outbound marketing vendors, industry organizations, and other entities. This information may include identifiers, location data, and other similar information.
Information We Collect By Automated Means
Social Media. We may collect Personal Data via social media tools, widgets, or plug-ins to connect you to your social media accounts. These features may allow you to sign in through your social media account, share a link, or post directly to your social media account. When you visit a website that contains such tools or plugins, the social media or other service provider may learn of your visit. The privacy policies of the corresponding social media platforms govern your interactions with these tools.
Cookies. We may collect Personal Data via cookies and similar technologies (see this Policy’s “Legal Bases for the Processing of Personal Data” section for more information).
How We Use Personal Data
We use the Personal Data we collect for the following purposes:
Providing Services, including operating, maintaining, supporting, and providing our Services.
Communicating with You, including contacting you for administrative purposes (e.g., to provide services and information that you request or to respond to comments and questions) or to send you marketing communications, including updates on promotions and events relating to products and services offered by us.
Personalization, including to customize our Services to you and provide you with the most relevant marketing and advertising materials.
Analytics and Product Development, including analyzing usage trends and preferences to improve our Services and develop new products, services, and features.
Customer and Vendor Relationship Management, including to track emails, phone calls, and other actions you have taken as our customer or vendor.
Aggregation. We may aggregate or anonymize Personal Data and use the resulting information for statistical analysis or other purposes.
Administrative and Legal, such as to address administrative issues or to defend our legal rights and to comply with our legal obligations and internal policies as permitted by law.
Legal Bases For The Processing Of Personal Data
We rely on various legal bases to process your Personal Data, including:
Consent. You may have consented to the use of your Personal Data, for example to send you electronic marketing communications or for the use of certain cookies. For more information about the cookies we use and your choices regarding cookies, please refer to our Cookie policy.
Contract. We need your Personal Data to provide you with our Services and to respond to your inquiries.
Legal. We may have a legal obligation to process your Personal Data, for example, to comply with tax and accounting obligations, and we may process your Personal Data when necessary to establish, exercise, or defend legal claims. We may also process your Personal Data when necessary to protect your or another individual’s vital interests.
Legitimate Interest. We or a third party have a legitimate interest in using your Personal Data, for example, to prevent fraud. We only rely on this legal basis when such legitimate interests are not overridden by your interests or your fundamental rights and freedoms.
How We Disclose Personal Data
We may disclose Personal Data about you in the following circumstances:
Group Entities. We may disclose Personal Data about you to our affiliates and subsidiaries.
Public Posts. Any information that you voluntarily choose to post to a publicly accessible area of our Services will be available to anyone who has access to that content.
Service Providers. We work with third parties to provide services such as hosting, maintenance, and support. These third parties may have access to or process your Personal Data as part of providing those services to us.
Legal. We may disclose your Personal Data if it is necessary (i) for compliance with our legal obligations or (ii) to establish, exercise, or defend legal claims.
Merger. Information about our users, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
Aggregated Information. We may use and disclose aggregated or otherwise anonymized information for any purpose, unless we are prohibited from doing so under applicable law.
Your Rights And Choices
As provided under applicable law and subject to any limitations in such law, you have the following rights:
Access and Portability. You may ask us to provide you with a copy of the Personal Data we maintain about you, including a machine-readable copy of the Personal Data that you have directly provided to us, and request certain information about its processing.
Rectification. You may ask us to update and correct inaccuracies in your Personal Data.
Deletion. You may ask to have your Personal Data anonymized or deleted, as appropriate.
Restriction and Objection. You may ask us to restrict the processing of your Personal Data or object to such processing.
Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your Personal Data at any time and free of charge. We will apply your preferences going forward. This will not affect the lawfulness of the processing before you withdrew your consent.
Complaint. You may lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where you believe an incident took place.
You may exercise these rights by contacting us using the contact details at the end of this Policy. Note that applicable laws contain certain exceptions and limitations to each of these rights.
International Data Transfers
We may transfer your Personal Data outside of the country in which it was collected and where the level of protection of Personal Data may be different than in your country. Personal Data may be transferred to United States of America, Switzerland, the United Kingdom, and countries in the European Economic Area (“EEA”). If we do so, we will comply with applicable data protection laws, in particular by relying on an EU Commission adequacy decision, on contractual protections for the transfer of your Personal Data, or on another approved mechanism, including derogations for a specific situation, such as your explicit consent. For more information about how we transfer Personal Data internationally or to obtain a copy of the safeguards we use for such transfers, please contact us as specified below.
Data Security And Data Retention
We use physical, managerial, and technical safeguards that are designed to improve the integrity and security of Personal Data that we collect, maintain, and otherwise process.
We take measures to delete or anonymize your Personal Data when it is no longer necessary for the purposes for which we process it unless we are required by law to keep it for a longer period. When determining the retention period, we take into account various criteria, such as the type of products or services provided to you, the nature and length of our relationship with you, mandatory retention periods, and applicable statutes of limitations.
Third-Party Services
Our Services may contain features or links to websites and services provided by third parties. Any information you provide via these websites or services is provided directly to these third-party operators and is subject to their privacy policies, even if accessed through our Services. We encourage you to learn about these third parties’ policies before providing them with your Personal Data.
Changes And Updates To This Policy
We may update this Policy from time to time to reflect changes in our privacy practices. We will follow applicable laws and regulations regarding notification of such changes.
Our Contact Information
ShipHero LLC is the entity responsible for the processing of your Personal Data. If you have any questions or comments about this Policy our privacy practices, or if you would like to exercise your rights with respect to your Personal Data, please contact us by email at dataprivacy@shiphero.com, or by mail at:
ShipHero LLC
55 W RAILROAD AVE, BUILDING 4
Garnerville, New York 10923
USA
In addition, you may contact our Data Protection Officer at dataprotection@shiphero.com
