Effective: September 30, 2022
Shipium makes fast and cheap shipping possible by coordinating previously disconnected steps of the supply chain through an API-first platform deeply integrated into existing systems.
Shipium is strongly committed to protecting the privacy of our clients, visitors, and communities we serve. We want you to feel secure that when you deal with Shipium, your personal data is in good hands. Shipium complies with applicable privacy and data protection laws when dealing with personal data about an identified or identifiable individual (a natural person).
Security and Privacy
Shipium uses reasonable commercially available tools and security measures to protect against the loss, misuse, and alteration of the information under our control. Shipium shares information with our partners for the sole purpose of better supporting our current and future clients and their customers. We will never share, sell, or rent individual personal information outside of this partner arrangement unless ordered by a court of law. Shipium enforces a strict internal policy regarding information protection requirements. Information submitted to Shipium is restricted to employees managing this information for specific purposes only. These purposes include contacting you (via email, phone, etc.) in an effort to respond to a request or provide a service.
How do we collect information about you?
When a customer searches for shipping solutions via our platform’s API, shipment details (package dimensions, origin & destination addresses, etc.) are sent securely to our platform to identify shipping solutions from our portfolio of carriers. This information is used solely for the purpose of ensuring the proper functioning of our business operations and compliance with regulatory and contractual requirements.
How We Use the Information We Collect
Shipium uses your personal data only where required for specific purposes. Please see below for a list of the purposes for which Shipium uses your personal data and the legal basis for each such purpose:
Managing our contractual relationship with you.
Necessary for the performance of a contract to which you are a party.
Operating and managing our business operations.
Justified on the basis of our legitimate interests of service to our partners and customers and ensuring the proper functioning of our business operations.
Complying with legal requirements.
Necessary for the compliance with a legal obligation to which we are subject.
Monitoring your use of our systems (including monitoring the use of our website and any tools you use).
Justified on the basis of our legitimate interests of avoiding non-compliance, unauthorized use, and protecting our reputation.
Improving the security and functioning of our website, networks and information.
Justified on the basis of our legitimate interests for ensuring that you receive an excellent user experience, and our networks and information are secure.
Undertaking data analytics, i.e. applying analytics to business operations and data to describe, predict and improve business performance within Shipium and/or to provide a better user experience.
Justified on the basis of our legitimate interests for ensuring the proper functioning of our business operations.
Marketing our products and services to you (unless you object against such processing).
Justified on the basis of our legitimate interests for ensuring that we can conduct and increase our business.
We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws. For more information on how to exercise your rights, contact us at firstname.lastname@example.org.
To opt-out from having any provided information used for email communications from us, please click on the opt-out (unsubscribe) link in any message you receive from us. This will allow you to unsubscribe or update your message preferences. Alternately, you may contact us at email@example.com.
Third Party Websites
These websites are not intended for people under the age of 13. Shipium does not knowingly solicit or collect information from children or minors (under the age of 18).
We keep your personal data for as long as reasonably necessary for the purposes of serving you. Except as noted below, we will retain your account profile data as necessary for our legitimate business purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention, and other business administrative purposes). Where your information is no longer required, we will ensure it is disposed of in a secure manner.
Data Subject Rights
- Right of Access - An individual has the right to ask whether we process data about them and to have access to that data.
- Right to Rectification - Where personal data is inaccurate or incomplete, an individual has the right to request that it be corrected or completed.
- Right to Deletion - An individual has the right to require that Shipium erases personal data without undue delay, unless it is necessary to retain such information for legal or regulatory compliance. We may deny your deletion request if retaining the information is necessary for to:
- Complete the transaction for which we collected the Personal Information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal and/or regulatory obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Right to Restrict Processing - An individual can exercise the right to a restriction of processing of their personal data under certain circumstances.
- Right to Data Portability - An individual has the right to request that their personal data be provided to them and to transfer that data to another party.
- Automated Decision-Making Rights - An individual has the right to not be the subject of automated decision-making where the decision may impact them.
- Right to Object - An individual has the right to object to the processing of their personal data if it is for direct marketing purposes.
Retention of Personal Information
To the extent permitted by applicable law, we retain your personal information for the period necessary to serve the purposes for which we obtained it. We may also retain your personal information beyond such period in accordance with applicable laws, regulations, or another lawful basis, including but not limited to, compliance with our contractual obligations, legal obligations, regulatory obligations, legal claims, or another legitimate interest.
Exercising Data Subject’s Rights
You can contact us directly in order to:
- Update or correct the PII that we store about you;
- Direct us to render inactive on our systems all your PII; or
- Make any request to change, alter, or delete PII.
We may be reached at firstname.lastname@example.org.
Notification of Changes
It is the policy of Shipium to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. Where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed within 72 hours. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay. This will be managed in accordance with our Information Security Incident Response Procedure which sets out the overall process of handling Information Security incidents.
For further information, please contact us by sending your written request to the following:
Attn: Privacy Office