Personal Data Security and Privacy Policy

This document presents the main elements of the information security program dedicated to the safeguarding of the personal data entrusted to SHIPTIFY (hereinafter “SHIPTIFY” or “We”). It constitutes an overview of a comprehensive framework to ensure security and privacy based on confidentiality, integrity, availability and safety principles, according to the EU General Data Protection Regulation (EU) 2016/679 (hereafter the “GDPR”).

In case of questions or inquiries related to the content of the present document, customers are invited to contact us at the following email address:


To ensure an acceptable level of security and confidentiality of the personal data that We may process, We are implementing a coherent set of policies, procedures to manage data and system risks, aiming at:

The following paragraphs describe in more details the main principles of SHIPTIFY personal data security and confidentiality policy.

Collection and legal basis for the use of your personnal data

Personal data is data that allows you to be identified. We collect this through a number of channels; We operate on a combination of consent, contract and legitimate interest. Specifically:

How we use personal data

Acting as “processor” as defined by Article 4-8) of the GDPR, SHIPTIFY ensures that it processes the personal data of the controllers in accordance to the provisions of Article 28 of GDPR, notably by:

How long we keep the personnal data

As SHIPTIFY processes the personal data only on documented instructions from the controller, SHIPTIFY only stores the personal data for the duration set forth by controller’s instruction.

How we secure personal data

SHIPTIFY has put in place appropriate security measures to prevent personal data entrusted to us from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. SHIPTIFY has put in place procedures to deal with any suspected data security breach and will notify controller of any suspected breach where SHIPTIFY is legally required to do so.

Transfers outside of the sea

SHIPTIFY may transfer personal data entrusted to us outside the EEA in order to ensure its services.

Where SHIPTIFY transfers personal data to countries where the European Commission made no “adequacy decision” with respect to that country, SHIPTIFY will put in place certain measures to ensure that personal data does receive an adequate level of protection, such as contractual clauses which are approved by the European Commission, and in accordance with the terms of our agreement.

Controller can request information about, and a copy of, the applicable transfer mechanism used, by contacting SHIPTIFY at the following address:

Last updated: 20/05/2018