This policy explains how Shipfinex (”ShipFinex LLC.”, and its affiliates and subsidiaries, also referred to below as “Shipfinex”, “we”, “us” or “our”) handles your personal data - from collecting it to protecting it. We value your privacy and want you to understand how your information is treated. This includes what data we gather, why we need it, what we do with it, and how you can control it.
This Privacy Notice was last updated and is effective on 17 January 2024
Further, we are committed to protecting the privacy of our clients, customers, and website visitors. As such, we have implemented policies and procedures to ensure that we comply with the GDPR and other applicable data protection laws and regulations.
We understand that your personal data is important to you, and we take our responsibility to protect it seriously. We are committed to being transparent about our data processing practices, and we strive to provide clear and concise information to help you understand how we use your personal data.
In addition to complying with the GDPR, we also adhere to best practices in data protection and privacy. We have implemented a range of technical and organizational measures to ensure the security and confidentiality of personal data. Our employees are trained on data protection and privacy best practices, and we conduct regular audits to ensure that our policies and procedures remain up-to-date and effective.
Within our Services, you may encounter links to external websites, products, or services that are not under our ownership or control. While utilizing our Services, you have the option to share your data and associated personal information with a third-party service of your choice. The handling of your information by these third parties is regulated by their individual privacy policies and terms. We advise you to thoroughly examine their privacy policies and terms since we assume no responsibility for the practices of such third-party services.
We acknowledge that safeguarding data is an evolving effort, and we are dedicated to consistently enhancing our procedures to uphold the utmost standards of data protection and privacy. Should you have any inquiries or reservations regarding our privacy practices, please feel free to get in touch with us.
Overview of the policy and its purpose
We hold the belief that privacy is a fundamental right, and our commitment is unwavering when it comes to safeguarding the privacy and security of our users' personal information.
Scope of the Policy
"Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
"Data Portability" means the right of a data subject to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable
format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
"Data Subject" means the individual to whom the personal data relates.
"Personal data" means any information relating to an identified or identifiable natural person (data subject).
"Processing" means any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, or disclosure by transmission, dissemination or otherwise making available, erasure, or destruction.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Special categories of personal data" means sensitive data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
"Supervisory authority" means an independent public authority responsible for monitoring the application of the GDPR, including investigating complaints and conducting audits and inspections.
2. Types of Personal Data Collected
Definition of personal data
Personal data refers to information about an identified or identifiable person, encompassing a wide range of identifiers such as name, location, or genetic details. Under the GDPR, this data is considered a fundamental right, and those handling it must ensure lawful, fair, and transparent processing. They should collect data for specific, legitimate purposes, ensure its accuracy, and protect it adequately. The GDPR emphasizes the need for maintaining data security, confidentiality, and restricting unnecessary transfers.
Types of personal data collected
We gather and handle various types of personal data when you utilize our Services, and the details and purposes are outlined below.
i) Information provided directly: When creating an account, you may furnish personal data like your name, email, phone number, and date of birth. This data is used for managing your account, verifying identity, communication, and personalizing your experience.
ii) Information collected automatically: While using our Services, certain information is collected automatically, including IP address, device type, browser, and technical details. This data aids in enhancing service performance, analyzing trends, and addressing technical issues.
iii) Usage information: Data on how you interact with our Services, such as feature usage, visited pages, viewed content, and actions taken, is gathered. This information is used to personalize your experience, understand preferences, and improve Services.
iv) Location data: With your permission, we may collect and process your location information to provide location-based services, including personalized content and advertising.
v) Special categories of personal data: In certain instances, we may collect sensitive data, like health information, if provided voluntarily or necessary for specific Services. Processing such data requires explicit consent or compliance with applicable law.
WE WILL ONLY USE YOUR PERSONAL DATA FOR THE PURPOSES FOR WHICH WE COLLECTED IT, UNLESS WE REASONABLY CONSIDER THAT WE NEED TO USE IT FOR ANOTHER REASON THAT IS COMPATIBLE WITH THE ORIGINAL PURPOSE. IF WE NEED TO USE YOUR PERSONAL DATA FOR AN UNRELATED PURPOSE, WE WILL NOTIFY YOU AND EXPLAIN THE LEGAL BASIS WHICH ALLOWS US TO DO SO.
Information collected automatically
Information collected automatically refers to data acquired by a website or application without explicit user input, utilizing methods like cookies, log fles, web beacons, and tracking technologies. This data enhances the user experience, delivers pertinent content, and facilitates trend analysis.
Common examples include the user's IP address, browser type, operating system, device type, language preference, and referral source. Log fles, storing user activity details, aid in trend analysis and performance monitoring. Cookies, small text fles, record user preferences and activities, personalizing experiences and analyzing trends.
Web beacons, small embedded images, track user activity, contributing to trend analysis. This information, collected non-intrusively, aims to enhance user experience and provide relevant content. It is crucial to adhere to data protection laws like GDPR when collecting and utilizing this information.
3. How Data is Collected
Personal data is collected through direct user interactions, such as signing up for services, and indirectly via partners and third-party sources like social media platforms. The information gathered includes details like name, email, phone number, and job title, relevant to the services provided. The data collection is purpose-driven, ensuring only necessary information is obtained, and measures are in place to maintain accuracy and compliance with data protection laws.
WE ONLY COLLECT DATA THAT IS NECESSARY FOR THE PURPOSES FOR WHICH IT IS PROCESSED, AND WE TAKE APPROPRIATE MEASURES TO ENSURE THAT THE DATA WE COLLECT IS ACCURATE, UP-TO-DATE, AND RELEVANT TO THE SERVICE WE PROVIDE. WE ALSO ENSURE THAT ALL DATA IS COLLECTED AND PROCESSED IN COMPLIANCE WITH APPLICABLE DATA PROTECTION LAWS.
4. Legal Basis for Processing Data
Individuals provide explicit and informed consent for the processing of their personal data, allowing Shipfinex to use their data for specific purposes. Consent can be withdrawn at any time, particularly for activities like marketing.
Processing personal data may be necessary for fulfilling a contract or taking pre-contractual steps as requested by the individual. For example, processing data is essential to provide online services.
Shipfinex may process personal data to fulfil legal obligations, such as retaining specific data for a mandated period. This processing is limited to what is necessary to comply with legal requirements.
Processing may occur when it's crucial to protect the vital interests of the data subject or others, such as providing medical assistance during a medical emergency.
Processing is permitted when it's necessary for the legitimate interests of Shipfinex or a third party, unless overridden by the rights of the data subject. A balancing of interests is required, for example, in fraud prevention.
SHIPFINEX COMMITS TO PROCESSING PERSONAL DATA SOLELY FOR THE PURPOSES IT WAS COLLECTED, REFRAINING FROM USING THE DATA FOR ANY OTHER PURPOSE WITHOUT ADDITIONAL CONSENT OR UNLESS PERMITTED BY LAW. IF A NEW PURPOSE ARISES THAT ISN'T COMPATIBLE WITH THE ORIGINAL ONE, SHIPFINEX INFORMS DATA SUBJECTS AND SEEKS THEIR CONSENT IF NECESSARY.
5. Use of Data
Processing personal data is essential for delivering products and services, including creating user accounts, facilitating content creation and sharing, ofering customer support, and enhancing overall product and service quality.
Personal data is processed to engage with users, addressing their inquiries, sending newsletters or promotional messages, and providing updates on products and services.
Processing personal data is employed to tailor products and services to individual user interests, preferences, and usage patterns. This involves analysing user behaviour and interactions for a personalized experience.
Personal data is processed to fulfil legal obligations, responding to legal requests, preventing fraud or illegal activities, and ensuring compliance with terms of service.
Product and Service Improvement
Personal data is utilized for research and development, testing new features, analysing usage patterns, and enhancing the overall quality and performance of products and services.
Sharing and International Data Transfers:
Personal data may be shared with third-party service providers for service provision and with business partners for marketing, subject to user consent where required. International data transfers, even to countries with lower data protection levels, will have appropriate safeguards in place, such as standard contractual clauses or other legal mechanisms.
Users have the right to object to direct marketing and can exercise other data subject rights under GDPR. For questions or concerns about personal data use, users can refer to Section 10 for contact information.
Consent is one of the legal bases for processing personal data under this Policy. In order for consent to be valid, it must meet the following requirements:
Freely given: Consent must be given voluntarily and without coercion. Users must not be required to give consent in order to access a service, and consent must not be a condition of a contract.
Specific: Consent must be specific to the purpose for which it is given. Users must be informed of the exact purpose for which their data will be processed, and must explicitly agree to that purpose.
Informed: Consent must be informed, meaning users must be provided with clear and understandable information about the processing of their personal data, including the identity of the data controller, the purposes of processing, and any third-party recipients.
Unambiguous: Consent must be unambiguous, meaning it must be given through a clear affirmative action. Pre-ticked boxes or inactivity do not constitute valid consent.
Revocable: Users must have the right to withdraw their consent at any time, and withdrawing consent must be as easy as giving it.
How consent will be obtained
We will obtain consent from users in a clear and transparent manner, and will ensure that the consent meets the above requirements. We will use the following methods to obtain consent:
Opt-in mechanisms: We will use clear and conspicuous opt-in mechanisms, such as checkboxes or buttons, to obtain users' consent.
Granular consent: We will obtain separate and specific consent for each distinct purpose of processing, where appropriate.
Records of consent: We will keep records of users' consent, including the purpose of processing, the method of obtaining consent, and the date and time of consent.
Withdrawal of consent: We will provide users with an easy and accessible way to withdraw their consent, and will honour all requests to withdraw consent in a timely manner.
If you have any questions or concerns about our use of consent or wish to withdraw your consent, please contact us at the contact information provided in Section 7.
7. Rights of Data Subjects
Right to Access
Allows individuals to confirm if their personal data is being processed and obtain details about the categories, purposes, recipients, and retention periods. They can request a copy in a commonly used electronic format.
Right to Rectification
Permits individuals to request correction of inaccurate or incomplete personal data, considering the purposes for which it was processed.
Right to Erasure
Also known as the "right to be forgotten," allows individuals to request deletion of personal data in specific circumstances, though legal or other reasons may necessitate data retention.
Right to Restrict Processing
Enables individuals to limit the processing of their personal data in certain situations. While data storage continues, processing ceases without consent unless legally required or to protect another person's rights.
Right to Data Portability
Grants individuals the right to receive a structured, commonly used, and machine-readable copy of their personal data for transfer to another data controller, applicable to data provided with consent or based on a contract.
Right to Object
Allows individuals to object to personal data processing, particularly for direct marketing or research purposes. Processing stops unless compelling legitimate grounds override the individual's interests, rights, and freedoms, or if needed for legal claims.
Right to Withdraw Consent
Permits individuals to withdraw consent for processing personal data based on their consent. Withdrawal does not affect prior lawful processing.
To exercise any of these rights, please contact us using the details provided in the "Contact Information" section below. We may need to verify your identity before we can respond to your request. We will respond to your request as soon as possible.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law or our legitimate interests. The retention periods for different types of personal data depend on various factors, including the nature of the data and the purposes for which it was collected.
Different types of personal data have varied retention periods determined by factors like data nature and collection purposes.
Contractual data: Retained for the contract duration and a required post-contract period.
Marketing data: Retained until consent withdrawal or objection exercise.
Legal compliance data: Retained for the period mandated by applicable law.
Criteria for Determining Retention
Periods Retention periods are
decided based on:
Purpose of data collection.
Nature of personal data.
Legal or regulatory obligations.
Our legitimate interests in retaining the data.
Exceptions to Retention Periods
Personal data may be retained longer than specified:
To comply with legal obligations.
To protect legitimate interests, e.g., resolving disputes, preventing fraud, or enforcing agreements.
If we no longer need personal data for any purpose and are not required by law to retain it, we will securely delete or destroy it in accordance with our data retention and disposal policies.
9. Changes to the Policy
10. Contact Information
Data Controller Information
As the data controller, Shipfinex is responsible for collecting, processing, and storing personal data in compliance with this Policy.
1603 CAPITOL Ave, Suite 310 Cheyenne, Wyoming 82001 USA
Mobile: +971 50 687 6254
Contact Information for Data Subject Requests
If you would like to make a request to access, rectify, erase, restrict processing, or port your personal data, you can contact us using the following methods:
1603 CAPITOL Ave, Suite 310 Cheyenne, Wyoming 82001 USA
Verification of identity:
To protect the security and privacy of your personal data, we will ask you to provide proof of your identity before we can process your request. We will respond to your request within fifteen days of verifying your identity.
We take all complaints about our handling of personal data seriously and are committed to addressing them promptly and effectively.
We will acknowledge receipt of the complaint and provide the data subject with a reference number for tracking purposes.
Investigation and Resolution
We will investigate the complaint promptly and thoroughly, taking into account all relevant circumstances and any applicable legal requirements.
We may request additional information or documentation from the data subject or any third parties involved in order to assist with the investigation.
We will notify the data subject of the outcome of the investigation and any remedial action taken as a result of the complaint.
We aim to respond to all complaints within 30 days of receipt. However, in some cases, we may require additional time to investigate the complaint fully. In such cases, we will notify the data subject of the reason for the delay and provide an estimated timeframe for resolution.
We will not retaliate against any data subject for submitting a complaint about our data handling practices.
We will take appropriate measures to prevent any retaliation by employees, service providers or contractors against data subjects who submit a complaint.