Personal Data Security and Privacy Policy

1. PRINCIPLES

To ensure an acceptable level of security and confidentiality of the personal data that we may process, we are implementing a coherent set of policies, procedures to manage data and system risks, aiming at:

• identifying, through risk analysis, potential threats to personal data;
• implementing security solutions (both processes and tools) to limit risks for our systems;
• training our employees and third-party service providers to implement our personal data security and privacy policy;
• monitoring the security of our systems and processes;
• providing clear information regarding the processing of personal data;
• preparing ourselves in case of crisis.

The following paragraphs describe in more details the main principles of SHIPTIFY personal data security and confidentiality policy.

2. COLLECTION AND LEGAL BASIS FOR THE USE OF YOUR PERSONAL DATA

Personal data is data that allows you to be identified. We collect this through a number of channels; We operate on a combination of consent, contract and legitimate interest.

Specifically:

• Navigation on this website:
  • Data relating to the traffic and use of the SHIPTIFY website
• Use of our online form for demonstration request or contact.
  • Identification data used in online form.
  • Interactions with our CRM.
• Navigation on this website by logging into a user account:
  • Data relating to the traffic and use of the SHIPTIFY website
  • Identification data
  • Professional contact details
  • Interactions with our CRM.
• We also collect data from personal meetings, for example the exchange of business cards.
• We also hold details from the processing of our services, these are contractual, for example invoicing, bookings, business connections etc. This data is separately stored and processed through our secure booking systems.

3. HOW WE USE PERSONAL DATA

Acting as “processor” as defined by Article 4-8) of the GDPR, SHIPTIFY ensures that it processes the personal data of the controllers in accordance to the provisions of Article 28 of GDPR, notably by:

• processing the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or to an international organisation, unless required to do so by European Union (EU) law or EU Member State law to which SHIPTIFY is subject;
• ensuring that the persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
• implementing appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia:
  • pseudonymisation and encryption of personal data;
  • the means to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the means to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;
• respecting the conditions as set forth in the customer agreement for hiring another processor;
• assisting the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights;
• assisting the controller in ensuring compliance with its obligations under the GDPR;
• at the choice of the controller, deleting or returning all the personal data to the controller (or the contact designated by the controller) after the end of the provision of services relating to processing, and deleting existing copies unless EU law or Member State law requires storage of the personal data;
• making available to the controller all information necessary to demonstrate compliance with the obligations under the GDPR and allowing for and contributing to audits, including inspections, conducted by the controller or another auditor mandated by the controller, in accordance with provisions of the agreement with the controller.

4. HOW LONG WE KEEP THE PERSONAL DATA

As SHIPTIFY processes the personal data only on documented instructions from the controller, SHIPTIFY only stores the personal data for the duration set forth by controller’s instruction.

5. HOW WE SECURE PERSONAL DATA

SHIPTIFY has put in place appropriate security measures to prevent personal data entrusted to us from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

SHIPTIFY has put in place procedures to deal with any suspected data security breach and will notify controller of any suspected breach where SHIPTIFY is legally required to do so.

6. TRANSFERS OUTSIDE OF THE SEA

SHIPTIFY may transfer personal data entrusted to us outside the EEA in order to ensure its services.

Where SHIPTIFY transfers personal data to countries where the European Commission made no “adequacy decision” with respect to that country, SHIPTIFY will put in place certain measures to ensure that personal data does receive an adequate level of protection, such as contractual clauses which are approved by the European Commission, and in accordance with the terms of our agreement.

Controller can request information about, and a copy of, the applicable transfer mechanism used, by contacting SHIPTIFY at the following address: privacy@shiptify.com.

Last updated: 20/05/2018