Privacy Data Policy

*Last updated: June 2023

ShipHero LLC is committed to protecting your privacy. This privacy statement describes the collection, use, and disclosure of your personal information when you utilize ShipHero LLC offerings and products. By using ShipHero LLC Services, you agree to the collection and use of information in accordance with this Privacy Policy.

TABLE OF CONTENTS

1. Definitions
2. Collecting and Using Your Personal Data
3. Use of Your Personal Data
4. Retention of Your Personal Data
5. Transfer of Your Personal Data
6. Disclosure of Your Personal Data
7. Security of Your Personal Data
8. Additional Information for Certain Jurisdictions
9. California Consumer Privacy Act (CCPA)
   • Definitions
   • Your Rights Under CCPA
   • Personal Information
   • Website
   • Exercising Your CCPA Data Protection Rights

10. California Online Privacy Protection Act (CalOPPA) – “Do Not Track” Policy
11. European Economic Area
    • General
    • Data Processing When Using Our Website

12. Children’s Privacy
13. Links to Other Websites
14. Changes to this Privacy Policy
15. Contact Us
16. Personal data regulations between customer and ShipHero

Personal data regulations regarding the relationship between the customer as the Data Controller and SHIPHERO LLC as the Data Processor

Terms for Privacy & Data with SHIPHERO LLC, is effective from May 4, 2018

Personal data regulations regarding the relationship between the customer as the Data Controller and SHIPHERO LLC as the Data Processor

1. The subscription that the customer has with SHIPHERO LLC is a platform for enabling shipping processes for the customer and as a natural part of this, SHIPHERO LLC processes various personal data on the customer’s behalf.

This concerns data about the customer’s customers, i.e. data relating to the persons who are the recipients of the shipped orders.

This section concerns the relationship between the Data Controller (customer) and the Data Processor (SHIPHERO LLC), in connection with the personal data regulations.

2 Processed personal data.

2.1. The Data Processor, as part of the subscription, has access, on behalf of the Data Controller, to process:

Name and address of the persons receiving the consignments.

Information about the individual type of item sent and the value/price of the item.

3. The purpose and scope of the personal data processing.

3.1. As a natural part of the Data Processor’s status as the provider of subscription-based solutions for handling the Data Controller’s freight processes, the Data Processor stores the information, and similarly the Data Controller exchanges information with relevant third parties in the form of freight companies that the Data Controller uses, and possibly customs authorities (if the consignments are cross-border).

3.2. The purpose of the personal data processing is to manage the Data Controller’s freight processes.

3.3. It is emphasized that the Data Processor may only process personal data to the extent necessary for the operation of the Data Controller’s SHIPHERO subscription with the Data Processor, and/or if the Data Processor is required by law to process the data otherwise.

3.4. It is emphasized that the freight companies to which personal data is disclosed as part of this agreement are the Data Controller’s (the customer’s) Data Processors, not SHIPHERO LLC’ Data Processors. – SHIPHERO LLC has only an intermediary function in this regard.

4. The Data Processor’s obligations

4.1. The Data Processor may only process the personal data in question in accordance with the instructions of the Data Controller, i.e. the instructions contained in the SHIPHERO solution under which the Data Processor shall manage freight processes for the Data Controller.

4.2. The Data Processor is required to comply with the currently-applicable personal data legislation and shall notify the Data Controller immediately if an instruction from the Data Controller is, in the Data Processor’s opinion, contrary to the General Data Protection Regulation.

4.3. The Data Processor shall use appropriate technical and organisational security measures to ensure that personal data is not destroyed, lost, degraded or disclosed to unauthorised bodies, misused or otherwise processed in breach of personal data legislation, whereby the Data Processor shall implement the measures necessary pursuant to article 32 of the General Data Protection Regulation.

4.4. The Data Processor is obliged to inform the Data Controller without undue delay of any data breach. In this regard, the Data Processor shall inform the Data Controller of:

• The nature of the data breach.
• If possible, the type and number of affected data subjects, as well as the type of personal data concerned and the number of records of personal data concerned.The measures that the Data Processor has taken or proposes should be taken to deal with the data breach, including, where appropriate, measures to limit its potential adverse effects.
• The probable consequences of the data breach.

4.5. The Data Processor shall, at the Data Controller’s request, provide the Data Controller with sufficient information to ensure that the Data Processor has taken the necessary technical and organisational security measures.

4.6 The Data Processor shall provide all the information necessary to demonstrate that the Data Processor complies with the General Data Protection Regulation’s article 28, whereby the Data Processor shall allow and contribute to audits, including inspections carried out by the Data Controller or another auditor authorised by the Data Controller. It is emphasised that inspections/audits in every respect take place at the Data Controller’s expense.

4.7. The Data Processor shall secure/ensure that the persons who are authorised by the Data Processor to process personal data have committed themselves to confidentiality or are bound by an appropriate statutory professional secrecy obligation.

4.8. If a data subject asks the Data Processor (usually such requests will be made to the Data Controller) for access to and insight into that person’s personal data, the Data Processor shall immediately forward the request to the Data Controller.

4.9. The Data Processor shall assist the Data Controller with appropriate technical and organisational tools to enable the Data Controller to fulfil the Data Controller’s obligations to respond to requests for the exercise of the rights of the data subjects as specified in chapter III of the General Data Protection Regulation.

5. Specifically about the transfer of information to sub-data processors or third parties

5.1. As a natural part of the SHIPHERO solution, the Data Processor is entitled to disclose personal data to the Data Controller’s other data processors (freight companies), and the Data Processor is also entitled to exchange personal data with the customs authorities.

5.2. In all other cases the Data Processor may only disclose or transfer personal data to third parties or sub-processors with the prior agreement with the Data Controller. However, the Data Processor may disclose or transfer personal data without the Data Controller’s instructions, if permitted by law.

5.3. If the Data Processor hands over personal data to another data processor (sub-processor), the Data Processor is obliged to conclude a sub-processor agreement with the sub-processor, whereby the Data Processor’s sub-processor is subject to at least the same conditions as stated in this section 9.

5.4. The Data Processor shall notify the Data Controller if the Data Processor has plans to extend the circle of sub-processors and/or to replace existing sub-processors with others.

5.5. The Data Processor must not transfer personal data to third countries that the EU Commission has not assessed as safe third countries.

5.6. If the information is transferred to foreign sub-processors, it must be stated in the data processing agreement, cf. 9.5.3 that sub-processors shall comply with the EU’s General Data Protection Regulation and any other current personal data law in force. Sub-processors in EU countries with specific regulatory requirements regarding data processing must also comply with these requirements.

6. Duration of data processing

6.1. The processing of personal data pursuant to this agreement continues until such time as the SHIPHERO subscription concluded between the parties ceases.

6.2. However, in the event of the termination of a subscription, the Data Processor is bound by this agreement for as long as the Data Processor has access to personal data originating from the Data Controller.

6.3. In the event of termination of a SHIPHERO subscription, the Data Processor is required to delete any backups and other copies of the personal data.

7. Access Controls

7.1. SHIPHERO will maintain appropriate access controls to protect the Nonpublic Information throughout the term of the Agreement and at all times while SHIPHERO and SHIPHERO Parties have access to or possession of the Client’s Nonpublic Information.

7.2.Client will be solely responsible for implementing and maintaining access controls on its own systems to which SHIPHERO may be granted access in accordance with the provision of services.

8. Authorized Persons

8.1. SHIPHERO will limit access to the Client’s Nonpublic Information to those individuals who have a business need to access the Client’s Nonpublic Information in connection with the services provided to Client (“Authorized Persons”).

DEFINITIONS

For the purposes of this Privacy Policy:

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to ShipHero LLC, Inc.

• Affiliate means any entity, subsidiaries, joint venture partners, or other companies under the control of ShipHero LLC, Inc.
• Account means a unique account created for you to access our Service or parts of our Service.
• Data Controller means the customer providing data to ShipHero
• Data Processor means ShipHero LLC 
• Website refers to any publicly available online ShipHero LLC offering including, but not limited to, the ShipHero LLC Site at ShipHero.com & ShipHero.ca  
• Service refers to any ShipHero LLC offering or product.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

• Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
• Personal Data is any information that relates to an identified or identifiable individual.
• Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website among its many uses.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

COLLECTING AND USING YOUR PERSONAL DATA

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Address including State, Province, ZIP/Postal code, City
• Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as your device type, browser type (desktop, mobile phone, tablet, or other), the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on our Service and store certain information.  You can instruct your browser to limit the types of Cookies used while using our Service. However, if you do not accept Cookies, you may not be able to use some parts of our Service.

For more information about the cookies we use and your choices regarding cookies, please refer to our Cookies policy.

USE OF YOUR PERSONAL DATA

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service.
• For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services you have purchased or of any other contract with us through the Service.
• To contact you: To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
• To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
• To manage your requests: To attend and manage your requests to us.

We may share your personal information in the following situations:

• With Service Providers: We may share your personal information with Service Providers to monitor and analyze the use of our Service, to show advertisements to you to help support and maintain our Service, to contact you, to advertise on third party websites to you after you visited our Service or for payment processing.
• With Affiliates: We may share your information with our Affiliates, in which case we will require those Affiliates to honor this Privacy Policy.
• With Business partners: We may share your information with our business partners to offer you certain products, services, or promotions.

RETENTION OF YOUR PERSONAL DATA

The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods

TRANSFER OF YOUR PERSONAL DATA.

Your information, including Personal Data, is processed at the Company’s operating locations and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. 

The Company will not transfer your Personal Data to another organization, or a country, unless the Company determines there are adequate controls in place over the privacy and security of such Personal data in place.

DISCLOSURE OF YOUR PERSONAL DATA

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice to you before your Personal Data is transferred. It is possible your data may become subject to a different Privacy Policy as a result of a merger, acquisition, or asset sale. 

Law Enforcement

Under certain circumstances, the Company may be required to disclose your Personal Data, if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

When necessary, the Company will limit the disclosures to the minimum extent required to comply with the above.

SECURITY OF YOUR PERSONAL DATA

The security of your Personal Data is important to us. No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security from hackers and cyberattacks.

ADDITIONAL INFORMATION FOR CERTAIN JURISDICTIONS

Below provides additional information about the collection, use, and sharing of privacy data in various regions of the world. These separate provisions may be applicable to you based on location of you or the data.

CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

DEFINITIONS

For the purposes of this section of this Privacy Policy:

• Personal Data, for the purposes of the CCPA (California Consumer Privacy Act), Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal data includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with you:

1. 1. Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
   2. Characteristics of protected classification under California or federal law.
   3. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
   4. Biometric information.
   5. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
   6. Geolocation data.
   7. Audio, electronic, visual, thermal, olfactory, or similar information.
   8. Professional or employment-related information.
   9. Education information
   10. Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

• Personal data does not include your information that is deidentified or aggregate information or publicly available information.
• Business, for the purpose of the CCPA (California Consumer Privacy Act), refers a legal entity that collects consumers’ personal information and determines the purposes and means of the processing of consumers’ personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California.
• Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident.
• Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal Information to another business or a third party for monetary or other valuable consideration.

YOUR RIGHTS UNDER THE CCPA

Under this Privacy Policy, and by law if you are a resident of California, you may exercise the following rights:

• The right to notice. You must be properly notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
• The right to access / the right to request. The CCPA may permit you to request and obtain from us information regarding the disclosure of your Personal Data that has been collected in the past 12 months by us or our subsidiaries to a third-party for the third party’s direct marketing purposes.
• The right to say no to the sale of Personal Data. You may also have the right to ask us any not to sell your Personal Data to third parties.
• The right to know about your Personal Data. You may have the right to request and obtain from us information regarding the disclosure of the following:
  • The categories of Personal Data collected
  • The sources from which the Personal Data was collected
  • The business or commercial purpose for collecting or selling the Personal Data
  • Categories of third parties with whom we share Personal Data
  • The specific pieces of Personal Data we collected about you
• The right to delete Personal Data. You may also have the right to request the deletion of your Personal Data that we have collected in the past 12 months. To do so, send us an email at dataprivacy@shiphero.com or contact us using the information found under the Contact Us section of this website.
• The right not to be discriminated against. We do not discriminate against you for exercising any of your Consumer’s rights, including by:
  • Denying goods or services to you
  • Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
  • Providing a different level or quality of goods or services to you
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

DO NOT SELL MY PERSONAL INFORMATION

We do not sell personal information. However, if you wish to further ensure your personal information is not sold, you may send us an email at dataprivacy@shiphero.com or contact us using the information found under the Contact Us section of this website.

WEBSITE

You can opt-out of receiving ads that are personalized and served by our Service Providers by indicating this on our “Cookie Settings” banner.

The opt-out will place a cookie on your computer that is unique to the browser you use to opt-out. If you change browsers or delete the cookies saved by your browser, you will need to opt-out again.

EXERCISING YOUR CCPA DATA PROTECTION RIGHTS

In order to exercise any of your rights under the CCPA, and if you are a California resident, you may reach out using the information provided in the Contact Us section of this policy or by sending us an email at dataprivacy@shiphero.com

The Company will endeavor to disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. We may extend the period to provide the required information to you once by an additional 45 days when reasonable, necessary, and with prior notice to you.

CALIFORNIA ONLINE PRIVACY PROTECTION ACT (CalOPPA)

DEFINITIONS

For the purposes of this section of this Privacy Policy:

• Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

“DO NOT TRACK” POLICY

Our Service does not respond to Do Not Track signals or other mechanisms that provide you the ability to exercise choice regarding the collection of personally identifiable information about your online activities over time.

However, some third-party websites located on our sites may keep track of your browsing activities and collect personally identifiable information about your online activities over time and across different websites. If you are visiting such websites, you must set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

REVIEW OR REQUESTS ABOUT DATA COLELCTION

We understand that you may have preferences about how your data is used. If you would like to review or request changes to any of your personally identifiable information that is collected by us, please email us at dataprivacy@shiphero.com

EUROPEAN ECONOMIC AREA

Regulation (GDPR)

1. General
2. Contact
3. a) Data controller: The data controller responsible for data processing pursuant to the GDPR, respectively other applicable regulations relating to data protection is:

ShipHero LLC Inc.
55 W RAILROAD AVE, BUILDING 4
Garnerville, NY 10923
E-mail: dataprivacy@ShipHero.com

2. Scope of Data Protection

Data protection applies to personal data, i.e. as defined by the GDPR, all information relating to an identified or identifiable natural person. An identifiable natural person is deemed to be a natural person who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific attributes.

If you have any questions about this Privacy Policy, please contact us via e-mail: dataprivacy@shiphero.com.Depending on the type of request, validation of your identity may be required.

3. Your Rights

The following rights are granted by European Union directives and regulations. If you wish to exercise any of the rights listed below, please contact us at the above address.

• Right to confirmation and right of access – We will gladly confirm whether we are processing any of your personal data, which data we are processing, and for what purpose we are processing it.
• Right to rectification – If any of the data we have stored is incorrect, we would certainly be happy to correct it.
• Right to erasure – Should you wish your personal data to be deleted, we will comply with your request as far as legally possible.
• Right to restriction of processing – Should you wish to restrict use, we will comply with your request as far as legally possible.
• Right to withdraw your consent – Should you wish to revoke any previously granted consent, we will comply with your request. Revocation does not affect the permissibility of the processing of your data up to now.

In addition, you can object to the further processing of your data if we process your data based on our legitimate interest (Art. 6 (1) lit. f), Art. 21 GDPR). If we process your data for the purpose of direct advertising, you have a general right to object. If we do not process your data for advertising purposes, the objection must be based on your situation.

4. Retention period

The data processed by us will be deleted or restricted in its processing in compliance with the statutory provisions, in particular in accordance with Art. 17 and 18 GDPR. Unless expressly stated within the scope of this data protection declaration, we delete data stored by us as soon as it is no longer required for its intended purpose. Beyond the time of expiry, data will only be retained if it is required for other and legally permissible purposes or if the data must continue to be retained due to legal retention obligations. In these cases, processing is restricted, i.e. blocked, and not processed for other purposes.

5. SSL- or TLS-encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption to protect your data in transit. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

6. Children

The Online Offer is not intended for children under the age of 16.

1. Data processing when using our website
2. Technical provision of website

Regardless of whether you use services on our website, your device automatically transmits certain data for technical reasons when you access our website https://www.ShipHero.com. The following data that you may send us will be stored:

• Date and time of access
• Browser type and version
• Operating system
• URL of the website previously visited
• Volume of data transmitted
• Requested domain
• Notification of successful data retrieval
• Search term when using a web browser
• Abbreviated/anonymized IP
• Full IP address
• Diagnostic information in the event of errors

The processing is carried out in accordance with Art. 6 (1) lit. f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is stored and processed for purely technical reasons to operate the website and to provide you with access to it. Website access data is used for error analysis and ensuring system security. Based on your IP address, we also use geolocation to determine the region from which you are visiting our website. We use this information to check whether we can offer you service in your region and to provide you our website in your local language, which corresponds to our legitimate interests pursuant to Art. 6 (1) lit. f) GDPR. The storage of the full IP address for a maximum period of 7 days is also justified by our legitimate interest in achieving the listed purposes, Art. 6 (1) lit. f) GDPR.

2. Data processing in countries outside the European Union or European Economic Area

We use different service providers to provide and optimize our website as well as for the provision of our services and several functions. This means regularly that your personal data will be transferred to servers of our service providers to be stored and processed by them on our behalf.

Generally, we only process the personal data that you actively and knowingly provide to us, for example in the context of concluding a contract or registering a customer account. In cases where the processing is based on consent, we will inform you below about the respectively personal data processed by us as well as the used service provider to provide you full transparency and information for your decision on granting consent.

Unless otherwise stated, we use service providers of the following categories:

• (Cloud) Service provider (e.g., customer relationship service provider)
• Tool provider (e.g., newsletter, contact form),
• Marketing- and analysis service provider.

We select our service providers after careful consideration and compliance with the legal framework, i.e., by concluding a data processing agreement in accordance with Art. 28 of the GDPR. Insofar as our service providers are not located in the EU or the EEA, they are either located in a country that has a so-called adequacy decision according to the GDPR or, when there is no adequacy decision, we have agreed suitable guarantees pursuant to the GDPR with them to secure the data transfer and to ensure an adequate level of data protection (e.g., Standard Contractual Clauses, with which providers undertake to comply with the European data protection law). Our currently used service providers are based in Canada (adequacy decision) and the US (Standard Contractual Clauses). For more information, please contact us through the email address dataprivacy@shiphero.com

• Customer Support, CRM

For customer support, we provide you with multiple channels to get the support you need. We provide a general support email and support portal for several support mechanisms (Support tickets, email) 

1. • CRM

For handling customer requests and providing customer support we use a so-called Customer Relationship Management tool (“CRM”) from service providers that processes the data on our behalf. Correspondingly, your contact data (e.g., name, e-mail address, phone number) may be stored in said system.

3. Contact, Contact form

The processing of your data in the context of contacting us via contact form, e-mail or support is carried out, depending on the content of the inquiry, in the case of purely informational inquiries on the basis of your (presumed) consent pursuant to Art. 6 (1) lit. a) GDPR, or pursuant to Art. 6 (1) lit. b) GDPR, insofar as the contact is in connection with (pre-) contractual performance obligations.

For contacting us via our form please fill in all mandatory fields, we use these for the proper operation and assigning of your request. Customer requests are processed and stored in our CRM portal, detailed information on CRM under 2.a.i. For providing you with the contact form, we use the service of the service provider HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, which processes the data on our behalf.

Additionally, we use HubSpot and Salesforce Cloud for analysis and marketing. For this purposes HubSpot and Salesforce Cloud uses cookies. The information processed with cookies will be merged with your personal data you provide when using our contact form. You can find further information under No. 3 section c “HubSpot Analysis and Tracking/Marketing”.

The legal basis of the processing regarding the cookies is your consent pursuant to Art. 6 (1) lit. a) GDPR. If you do not want the data to be collected and processed via HubSpot, you can refuse your consent or revoke it at any time with effect for the future (Cookie-Settings).

In the context of processing via HubSpot and Salesforce Cloud, data may be transferred to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the transfer to third countries.

More information about HubSpot’s privacy policy.

More information from HubSpot regarding EU data protection regulations.

More information about the cookies used by HubSpot can be found here.

We have concluded a Data Processing Agreement with HubSpot, so that the processing by HubSpot is carried out exclusively on our instructions.

More information about Salesforce Marketing Cloud’s privacy policy.

More information from Salesforce Marketing Cloud regarding EU data protection regulations.

More information about the cookies used by Salesforce Marketing Cloud can be found here.

We have concluded a Data Processing Agreement with Salesforce Marketing Cloud, so that the processing by Salesforce Marketing Cloud is carried out exclusively on our instructions.

1. Support via ShipHero Zendesk
2. Support Ticket via Zendesk

You can open a Support Ticket to start a conversation by logging in to ShipHero and accessing your support portal under the Help menu.

2. Usage of cookies, statistics, advertising, tracking and retargeting

We use “cookies” to provide you with a variety of features and improve your user experience. Cookies are small text files that are temporarily stored on your computer via your browser.

If you do not want us to use cookies, you can change your browser settings accordingly. Please note that if you completely disable the use of cookies, the functionality and scope of the website may be impaired.

You can find further information on cookies, in particular the categories of cookies as well as the respective cookies in our Cookie Policy. Also, you can change the settings of your cookies via the respective change button in the cookie banner of the website.

1.       Google Analytics

The “Google Analytics” service is used on this website. The operator of this service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Analytics is a web analysis service and enables us to draw conclusions about user behavior on our website by setting cookies and the information thus obtained. The information generated by the cookies is sent to a Google server in the USA and stored there. Google Analytics sets cookies in your browser for the duration of two years from your last visit. On our website, the Google Analytics service is used exclusively pseudonymously. Your IP address is only recorded in abbreviated form and thus anonymized.

With the help of Google Analytics, the following data is collected and processed:

• IP address (anonymized)
• Usage data
• Click path
• App updates
• Browser information
• Device information
• JavaScript support
• Visited pages
• Referrer URL
• Downloads
• Flash version
• Location information
• Purchase activity
• Widget interactions
• Date and time of the visit

The legal basis of the processing is your consent pursuant to Art. 6 (1) lit. a) GDPR. When first visiting our website, we ask you for your consent. If you do not want Google Analytics to collect and process the data, you can refuse your consent or revoke it at any time with effect for the future (Cookie-Settings).

The personal data will be kept for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose.

The data may be transferred to the following recipients in addition to Google Ireland Limited as part of the processing:

– Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

– Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Within the scope of processing by Google Analytics, data may be transmitted to the USA. Between Google Ireland Limited and Google LLC, the security of the transmission is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance as part of the consent management system in accordance with Art. 49 (1) lit. a) GDPR.

1.      Google Web Fonts

The Google Web Fonts service is used on this website. The service is provided by Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. With the help of Google Web Fonts, we can load and display external fonts, so-called Google Fonts, on our website.

As part of the processing via Google Web Fonts, the following personal data is collected and processed by Google:

• IP address

The legal basis for this processing is Art. 6 (1) lit. f) GDPR – a legitimate interest. Our legitimate interest in processing is to present the website in an attractive and user-friendly manner. Local hosting ensures that no data is transmitted to Google, no corresponding data transfer takes place.

The personal data are kept for as long as they are required to fulfill the purpose of processing. The data is deleted as soon as it is no longer required to achieve the purpose.

1. Salesforce Marketing Cloud Analysis and Tracking/Marketing

On this website, we use the service Salesforce Marketing Cloud for the purposes of analysis of the usage of our web services and for tracking/marketing measures to provide you with advertising that really interests you.

For the purpose of analysis and as part of the optimization of our marketing measures, the following data may be collected and processed via Salesforce Marketing Cloud:

• Geographic position
• Browser type
• Navigation information
• Referral URL
• Performance data
• Information about how often the application is used
• Mobile apps data
• Salesforce Marketing Cloud subscription service credentials
• Files that are displayed on site
• Domain names
• Pages viewed
• Aggregated usage
• Operating system version
• Internet service provider
• IP address
• Device identifier
• Duration of visit
• Where the application was downloaded from
• Operating system
• Events that occur within the application
• Access times
• Clickstream data
• Device model and version

The legal basis of the processing is your consent pursuant to Art. 6 (1) lit. a) GDPR. If you do not want the data to be collected and processed via Salesforce Marketing Cloud, you can refuse your consent or revoke it at any time with effect for the future (Cookie-Settings).

In the context of processing via Salesforce Marketing Cloud, data may be transferred to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the transfer to third countries.

More information about Salesforce Marketing Cloud’s privacy policy.

More information from Salesforce Marketing Cloud regarding EU data protection regulations.

More information about the cookies used by Salesforce Marketing Cloud can be found here. 

1.    HubSpot Analysis and Tracking/Marketing

On this website, we use the service HubSpot for the purposes of analysis of the usage of our web services and for tracking/marketing measures to provide you with advertising that really interests you.

For the purpose of analysis and as part of the optimization of our marketing measures, the following data may be collected and processed via HubSpot:

• Geographic position
• Browser type
• Navigation information
• Referral URL
• Performance data
• Information about how often the application is used
• Mobile apps data
• HubSpot subscription service credentials
• Files that are displayed on site
• Domain names
• Pages viewed
• Aggregated usage
• Operating system version
• Internet service provider
• IP address
• Device identifier
• Duration of visit
• Where the application was downloaded from
• Operating system
• Events that occur within the application
• Access times
• Clickstream data
• Device model and version

The legal basis of the processing is your consent pursuant to Art. 6 (1) lit. a) GDPR. If you do not want the data to be collected and processed via HubSpot, you can refuse your consent or revoke it at any time with effect for the future (Cookie-Settings).

In the context of processing via HubSpot, data may be transferred to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the transfer to third countries.

More information about HubSpot’s privacy policy.

More information from HubSpot regarding EU data protection regulations.

More information about the cookies used by HubSpot can be found here.

1.       LinkedIn

We use the retargeting tool as well as the conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, the service is used to be able to show you interest-specific and relevant offers and recommendations after you have found out about certain services, information and offers on the website. The information in this regard is stored in a cookie. Further information on data processing can be found in the LinkedIn privacy policy.

As a rule, the following data is collected and processed:

• IP address
• Device information
• Browser information
• Referrer URL
• Timestamp

The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a) GDPR. If you do not want the data to be collected and processed via LinkedIn, you can refuse your consent or revoke it at any time with effect for the future (Cookie-Settings).

The personal data will be kept for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose.

In the context of processing via LinkedIn, data may be transferred to the USA and Singapore. The security of the transfer is regularly secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance as part of the consent management system in accordance with Art. 49 (1) lit. a) GDPR.

CHILDREN’S PRIVACY

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us at dataprivacy@shiphero.com. If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.

LINKS TO OTHER WEBSITES

Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

CONTACT US

If you have any questions about this Privacy Policy or wish to exercise any of the rights outlined in this policy, please contact us via email: dataprivacy@shiphero.com. Depending on the request type, we may require validation of your identity.