CUSTOMER PRIVACY NOTICE
This customer privacy notice (here after the “Notice”) sets out details on how Personal Data (as defined in Section 1 below) relating to you will be handled by companies from the Redspher Group as data controllers (collectively “Redspher”, “us” or “we”). The affiliates of the Redspher Group which handle Personal Data (here after the “Redspher Companies”) are listed in Annex 11 .
This Notice describes what data we collect about you, how we collect that data, for what purposes we use it, the legal bases for processing, to whom we may disclose the data and how you can exercise your rights, as well as other information necessary to ensure fair and transparent processing of your Personal Data. Please read this Notice before providing Personal Data to us. This policy covers both online and offline data collection.
Redspher Companies, as data controllers, collect and use Personal Data that you provide as part of your interaction with us, together with additional Personal Data that we collect when you (or your company) register as a customer and throughout the course of providing services to you (or your company), e.g. when we operate as an intermediary between you and a carrier for the provision of the most suitable transport services.
The Personal Data we collect is used primarily for providing you with marketing and communication material upon your request, for managing our website, and then performing our obligations under customer service contracts and applicable law. All purposes and legal bases for such processing are detailed in this notice.
You have rights with respect to your Personal Data, which are described in Section 6 of this notice. To obtain further information or ask any questions regarding these rights, or if you have any queries regarding Redspher’ processing of your Personal Data, please send an email to firstname.lastname@example.org.
1. PERSONAL DATA WE COLLECT AND FOR WHAT PURPOSES
We may collect “Personal Data”, which is information that either directly identifies you or could be used in combination with other information to identify you.
Personal Data that we collect includes:
- Contact information – We collect such Personal Data so as to be able to reach you and/or communicate with you upon your request, as and when required for marketing and communications data processing purposes. In particular, the pages of the Redspher websites allow you to submit your Personal Data to us. For instance, you may subscribe to a Redspher mailing list or newsletter or create a Redspher online account. We may use the information you provide to send you requested information, respond to your inquiry, verify package delivery details and take other actions as necessary to respond to your request. Information includes your first and last names, gender (Ms./Mr.), date of birth, place of birth, ID or passport number, mailing address, delivery location, telephone number, email address, job title, IP address, payment data and other information you provide on the contact form or other online resources available on our websites.
- Preferences & Interests – This information helps us understand your interest in our services and particular delivery options described on the websites of the Redspher Companies. It may include contact and delivery preferences, languages, and marketing choices.
- Transaction & Service history – Such Personal Data is necessary to provide the services you have requested and validate any instructions or transactions that you have ordered. This includes service requests and order instructions, transactions completed and correspondence records, as well as potential complaints.
- Security – We use this information to secure our websites, network systems and other IT assets. This may include any information we use to verify your identity, information concerning your IP address, geographic location, resources you have accessed and ancillary data (e.g., login credentials, usernames and passwords).
- Compliance – We process Personal Data to respond to all Redspher legal, regulatory or tax obligations. In particular, as part of KYC (Know Your Customer) processing, Redspher may implement controls prior to initiating any business relationship and throughout such relationship, and assist regulatory authorities on surveillance, detection and verification of transactions. This may also include internal reports and recordings of any correspondence and communications between us (including e-mails and any other types of communications).
If you do not provide us with such information, we may not be able to enter into or perform our contract with you (or your company). We will inform you when providing your Personal Data that it is necessary and what the effects will be on our relationship if you do not provide it
2. WHAT ARE REDSPHER’S LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA?
To process your Personal Data lawfully, we will be relying on one of the following legal bases:
- Performance of a contract: Redspher must process your Personal Data in order to take steps at your request prior to entering into a service contract, and then to perform such contract with you (or your company);
- Processing is necessary for us to comply with our relevant legal and regulatory obligations: For instance, creating a customer record, managing IT security, disclosing required data to a government or regulatory authority, complying with other regulatory requirements;
- Processing is necessary to exercise or preserve our legitimate business interests and our interests are not overridden by your interests, fundamental rights or freedoms (for example assessing new business opportunities, managing legal matters including litigation); or
- Processing is based on your prior explicit consent: for example, in order to provide you with marketing and communications material as detailed above.
3. SOURCES OF PERSONAL DATA
Your Personal Data is primarily provided to us directly by you (for example, through the contact form on our website, through emails you send or through verbal information). From time to time, we may receive Personal Data about you from third parties (for instance, other customers and business partners).
In some circumstances, Personal Data may be collected indirectly from monitoring devices or by other means, for example, via email and websites access logs, if and to the extent permitted by applicable laws
4. WHO HAS ACCESS TO YOUR PERSONAL DATA?
We may disclose your Personal Data, where permitted by applicable law and on a need-to-know basis, to entities within the Redspher Group, our relevant service providers and/or other third parties including:
- Entities within the Redspher Group (CRM administrators, teams in charge of marketing and reporting, system administrators, Compliance, Legal, Information Technology and Audit teams);
- Business partners and companies that assist us in marketing or customer servicing;
- Carriers for the purposes of efficient delivery;
- Third parties, providing us with IT services, such as hosting, supporting and maintaining our systems or websites;
- Regulatory authorities, Redspher’ insurers, lawyers, auditors, consultants and other professional advisors;
- Companies that help us maintain, process or service your transactions or account(s), including companies that perform administrative, accounting, transfer agency, custodial or brokerage services for us.
Where these third parties act as a data processor, they carry out their tasks on our behalf and upon our instructions for the above mentioned purposes.
Where applicable, you are entitled, upon a written request sent via email to email@example.com, to receive a copy of the list of providers and/or other third parties processing your Personal Data.
5. WILL REDSPHER TRANSFER YOUR PERSONAL DATA OUTSIDE OF THE EU/EEA?
We may share your data within the Redspher Group or with third party vendors and carriers, as indicated above, where necessary to provide you with our services.
Some Redspher Group entities, vendors or carriers may be located outside the EU/EEA, in countries which do not offer the same level of protection to your Personal Data. Internal transfers within the Redspher Group as well as transfers to third party vendors or carriers located outside the EU/EEA will be made pursuant to agreements that incorporate appropriate safeguards (for example the European Commission-approved Standard Contractual Clauses).
Where applicable, you are entitled, upon a written request sent via email to firstname.lastname@example.org, to receive a copy of the relevant provisions of the contract that have been taken to protect your Personal Data.
Transfers of Personal Data in accordance with this Section 5 are based on the same legal grounds as applicable for the respective purposes of processing as set forth in Section 1 above.
6. WHAT ARE YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA?
You have a number of rights in relation to your Personal Data, which are set out below.
- The right to request access to Personal Data that Redspher maintains about you, as well as the right to request rectification of any Personal Data that is inaccurate, incorrect or incomplete;
- The right to receive all such Personal Data which you have provided to Redspher in a structured, commonly used and machine-readable format, and also to require us to transmit it to a third party where this is technically feasible and under specific circumstances;
- The right to erasure of your Personal Data under specific circumstances;
- The right to restrict our processing of your Personal Data (that is, allow only its storage) under specific circumstances; where your Personal Data is subject to restriction, we will only process it with your consent or for the establishment, exercise or defense of legal claims or for regulatory purposes.
- In the event your Personal Data is processed on the basis of your consent, you have the right to withdraw consent at any time by clicking the “Manage my Subscriptions/Unsubscribe” link in any communication you receive, without affecting the lawfulness of processing based on consent before its withdrawal, or by writing an email to email@example.com.
- Right to object to processing:
- When the processing is made for marketing purposes, you have a right to object to that processing at any time. If you object, Personal Data must no longer be processed for such purposes. o
- When the processing is based on legitimate interest grounds, you also have the right to object to that processing at any time. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the Personal Data for the establishment, exercise or defense of legal claims.
- To exercise any of these rights, please contact us at firstname.lastname@example.org
- You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your Personal Data infringes applicable law. For instance, French supervisory authority may be contacted at https://www.cnil.fr/fr/agir or by regular mail at CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 Paris – Cedex 07. A list of the other data protection supervisory authorities is available at http://ec.europa.eu/newsroom/article29/itemdetail.cfm?item_id=612080;
- You finally have the right to issue directives relating to the use of your Personal Data after death. To exercise such right, you may write an email to email@example.com
7. HOW SECURE IS THE PERSONAL DATA YOU PROVIDE?
We implement physical, technical and administrative security standards designed to protect your Personal Data from loss, misuse, alteration, unauthorized access, destruction or damage.
We take steps to limit access to your Personal Data to those individuals who need to have access to it for one of the purposes listed in Section 1.
However, no Internet transmission is ever fully secure or error free. In particular, Personal Data sent using email or our websites (e.g., via the contact form) may not be secure. You should take special care before deciding to send us information via email or our websites. For instance, if you create an account on Redspher websites, it is your responsibility to protect your access credentials from unauthorized use.
8. FOR HOW LONG DOES REDSPHER RETAIN YOUR PERSONAL DATA?
We retain your Personal Data for no longer than is necessary for the purposes for which the Personal Data are processed, which will in many cases be for the period during which we have a business relationship with you. We may retain your Personal Data for longer periods of time corresponding to:
- regulatory requirements,
- a statute of limitation,
- to establish, exercise or defend legal claims, or
- as otherwise permitted or required by law.
This is done to ensure that we have an accurate record of your dealings with us in the event of any complaints or claims, or where we are required to do so in accordance with legal, tax and/or accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request.
This Notice only applies to Redspher customer data processing, including those performed on our websites. Redspher websites also may contain hyperlinks to third party websites and online resources. We do not endorse nor are responsible for the content of such third-party websites and resources. Our privacy notice does not apply to any sites that are not affiliated with Redspher, even if you access them via a hyperlink on any of our websites.
The policy we have outlined here is current as of August 2019. Redspher reserves the right to amend this notice at its discretion. When changes are made, we will post the updated notice and the date of revision.
Last update: August 2019