Privacy Policy

1. An overview of personal data protection

Dear visitor, the following lines have the objective to provide you with a simple overview of how we at SHIPSTA are processing your personal information when you visit our website.
Personal information is any data which allows for you to be identified. Detailed information on the subject of data protection can be found further in our current Privacy Policy, found below.
The data collection on our website is described in the current Privacy Policy, as well as the latter provides the answers of some important data privacy questions :

– Who is responsible for the data collection on this website?
– How do we collect and process your data?
– What are we using your data for and what types of data are we processing?
– What rights do you have regarding your personal data?
– How to exercise your rights and how to contact our DPO?

We kindly invite you to keep reading, in order to be fully informed about our personal data processing practices on our website, related to your personal data.

SHIPSTA S.à r.l. ensures compliance with the General Data Protection Regulation and also with other data protection regulations, including the national laws of the Member States of the EU, related to the personal data protection.

2. Name and address of the data controller

The data controller responsible for compliance with the General Data Protection Regulation EU 2016/679 (commonly described as GDPR in the current Privacy Policy), as well as other data protection regulations, including the national data protection laws of the EU Member States, is:

SHIPSTA S.à r.l.
7E, Route du Vin
L-6688 Mertert
Luxembourg
Tel. +352 27 86 75 90
E-Mail: hello@shipsta.com
Website : www.shipsta.com

SHIPSTA S.à r.l. , hereafter referred to as SHIPSTA in the current Privacy Policy.

3. Exercising your GDPR rights and address of the data protection officer

In order to exercise the rights granted to you by the Regulation EU 2016/679 (GDPR), please contact our data protection officer. Naturally, any other questions related to the data privacy practices of SHIPSTA can also be addressed to our Data Protection Officer (DPO).
The data protection officer can be reached by sending an e-mail or a letter to :

E-mail : dpo@shipsta.com

Postal address :
Data Protection Officer SHIPSTA S.à r.l.
7E, Route du Vin
L-6688 Mertert
Luxembourg

We recommend you to send your letter with an acknowledgment of receipt.

In case of doubt, SHIPSTA reserves the right to ask you for a copy of your ID (this copy will be destroyed after verifying your identity).

In case that you aren’t convinced, that your rights over your personal data have been respected after contacting us, you can file a complaint with the CNPD of Luxembourg at: https://cnpd.public.lu/en/particuliers/faire-valoir.html) or the Data protection authority of your place of residence or work. A full list can be found following this link : https://edpb.europa.eu/about-edpb/about-edpb/members_en .

A full list of your GDPR privacy rights is available in Paragraph 16 of the current Privacy Policy.

4. General information on data processing

4.1 Scope of the personal data processing

SHIPSTA collects and processes your personal data only insofar as this is necessary for provision of our content, associated and/or optional services, and an operational website.

We regularly collect and use your personal data, but only with your consent. An exception applies in those cases where prior consent cannot be obtained for legal and factual reasons and the processing of the data is permitted by law.

SHIPSTA reserves the right to transfer your personal data for compliance with the legal obligations to which SHIPSTA is subject, especially if the company is obliged to do so by judicial requisition.

4.2 Legal basis for processing personal data

As each data processing activity requires a relevant legal basis to be based on, we at SHIPSTA invite you to go through the following list of possible legal bases for a data processing activity which potentially might be applicable, when you visit our website.

Insofar as we obtain your consent for the processing of your personal data, Art. 6 (1) a) of the EU General Data Protection Regulation (GDPR) is the legal basis for its processing. You can freely withdraw your consent at any time, if you wish to do so, without invalidating the legal basis needed for such a processing activity.

When processing personal data, necessary to fulfill a contract agreement with you, Art. 6 (1) b) of the GDPR is the applicable legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which SHIPSTA is subject, the applicable legal basis is Art. 6 (1) c) of the GDPR.

In the event that your vital interests or those of another natural person require the processing of personal data, Art. 6 (1) d) of the GDPR will be the applicable legal basis.

Art. 6 (1) f) of the GDPR is the applicable legal basis, if a data processing is necessary to safeguard SHIPSTA’s legitimate interest or that of a third party, but only in a case if your interests, fundamental rights, and freedoms do not outweigh the aforementioned ones.

4.3 Data deletion and storage duration

Personal data might not be needed at some point for our operations. Therefore, we do take care of safely deleting it from our information systems and define strict rules over the retention periods of the collected and processed personal data.

Your personal data will be deleted or archived as soon as the purpose for its processing no longer applies. Your data may, however, continue to be stored in a distinct and secured database, if required by EU or national regulations, laws, or other provisions to which SHIPSTA is subject.

Data will be archived or deleted once said retention periods expire unless its further retention is required to establish or fulfill a contractual relationship.

5. Website delivery and creation of log files

5.1 Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from your computer system.

The following data are collected:

(1) Information regarding the browser type and version;
(2) Your operating system;
(3) Your IP address;
(4) The date and time of access;
(5) The websites from which your system has accessed our website (referral URL);
(6) Websites you access via our website.

The data will be stored in the log files of our system.

This data is not stored together with any other personal data we may have collected about you.

5.2 Legal basis for data processing

The legal basis for the temporary storage and collection of data in log files is Art. 6 (1) f) of the GDPR, and the data is processed for the limited and legitimate purpose of detecting and preventing fraud and unauthorized system access, and ensuring the security of our systems and website, allowing sound delivery of the website.

5.3 Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of our website in a functional and secure way and form to you. To this end, your IP address must remain stored for the duration of the session.

The data is used to optimize the website purely functional parameters and to ensure the security of our information technology systems through detecting and preventing fraud and unauthorized access.

We do not process this data for any marketing purposes.

5.4 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
In the case of data being collected in order to provide the website, it will be deleted once you end your session on our site.
Should any data be stored in any log files, they will be deleted within seven (7) days after the end of your session on our site, at the latest.

However, data may be retained for a longer period. In this case, your IP address will be deleted or distorted, so that the system can no longer identify you as a party accessing the site.

6. Use of cookies, similar technologies and third-party trackers

6.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored on or by your internet browser. If you visit a website, a cookie may be stored on your operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser be identifiable even after changing pages.

6.2 Legal basis for data processing

The legal basis for processing personal data using strictly necessary/technical cookies is Art. 6 (1) f) of the GDPR. They ensure the purely technical functioning of our website and its adaptation to different types of hardware and software used by the different visitors, allowing the pursuit not only of SHIPSTA’s legitimate interest, but also of the legitimate interest of the visitors wishing to seamlessly and without any technical issue access our website.

Additionally, cookies requiring your consent can be placed after obtaining your explicit consent and the legal basis for such data processing is Art. 6 (1) a) of the GDPR.

6.3 Purpose of data processing

6.3.1 Strictly necessary / technical cookies

The purpose of using technically essential cookies is to simplify your use of the website, by identifying the software and hardware you use, including the browser type. Some features of our website cannot be offered without the use of cookies. Therefore, it is necessary that your browser remains recognizable as you navigate through our site.

The user data collected by technically essential cookies is not used for user profiling.

6.3.2 Cookies, trackers and similar technologies requiring consent

Additionally, the purpose of the usage of cookies requiring your consent is ​in order to ensure the ​management of the website as a communication and promotional tool, which is constantly optimized in order to generate leads. Those cookies, however require your consent for each and every one of them, prior to be placed on your device. They have different purposes and provide us with data, useful for the enhancement of our website, but also for the whole spectrum of services and products provided by SHIPSTA.

6.3.2.1 Performance Cookies

We use cookies provided by third parties, which help us better measure and understand visitors’ behaviour on our website to optimize its performance. We are processing information about visitors for page analytics. Knowing which pages on our site are preferred or less preferred by our visitors and how they navigate between those pages allows us to update the information, the order of those pages and make them more relevant and interesting to all visitors. Disabling those cookies would not allow us to understand the preferences of our visitors, nor will we be able to monitor the performance of the website. Such cookies allow us to recognize our visitors, collect information about their actions on the website, interacting with our services and provided content.

6.3.2.2 Functional / Preferences cookies

Those cookies allow additional functionalities and quality of life elements, improving the visitors experience on our website. By storing your preferences, our website can easily adapt and be more personalized for your better convenience, for example allowing to store the language version and general location or facilitate the functioning of our chat bot.

6.3.2.3 Targeting Cookies

The third-party tracking / marketing cookies collect information about the users’ visits, the sources of traffic towards our website and the audience reach. Those cookies allow us to track conversions and to deliver advertisement, displaying ads which may be of your interest. These cookies also allow the production of statistics and research data.

6.4 Duration of storage and options for objection and removal

Cookies are stored on your computer and transmitted to our site.

Therefore, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies.

The tables in 6.1 of the current Privacy Policy indicate the previewed storage period for each type of cookie that might be stored on your device.

Cookies that have already been saved can be deleted at any time. This can also be done automatically.

If cookies for our website are deactivated, it is possible that you will no longer be able to use all of its features.

If you do not visit our website again and haven’t given us your prior consent to place any other than the technically essential cookies on your device, the storage periods listed in 5.4 of the current Privacy Policy apply.

6.5 Joint controllership

In our pursuit of transparence and improved relationship with our dear visitors, we would like to dedicate a special section for the cases where SHIPSTA is processing data jointly with another entity.
We at SHIPSTA would always like to establish a durable relationship with our customers, partners and visitors of our company website or a company page (on a social media platform). Therefore, we communicate over different social media, using their platforms and providing you with news and information about SHIPSTA, our products, our team and evolution as a company.
Therefore, a case of joint controllership might essentially occur with the provider of a social media network, where both entities (SHIPSTA and the provider of the social media network) pursue their legitimate interests.
SHIPSTA uses such social media platforms to perform external communication campaigns and manage them.

6.5.1 SHIPSTA and Facebook (Meta Platforms Ireland Limited)

SHIPSTA and Meta Platforms Ireland Limited (former Facebook Ireland Limited) (further referred as Facebook in the current Privacy Policy), jointly process personal data, each entity pursuing its legitimate interests, and defined as a data controllers in the meaning of the Art. 4 (7) of the GDPR. The specific cases predisposing and requiring setting up the present joint controllership between SHIPSTA and Facebook are the use by SHIPSTA of Meta Business Tools (known also as Facebook Business Tools) on our website, delivered by Facebook and the presence of SHIPSTA on the Facebook social network platform. The tool in question is called Facebook Pixel (also referred to as Meta Pixel) and it allows Facebook to place cookies on a visitor’s device, regardless of whether such a visitor possesses a Facebook account or not.
The presence of SHIPSTA on the Facebook social network platform is within the scope of SHIPSTA operating a Facebook corporate profile page. In this case and in accordance with the GDPR, both companies, SHIPSTA and Facebook, are jointly responsible for the data processing activities related to the aforementioned corporate profile page.
Operating a corporate page on a social network platform is an activity within the scope and the purpose of our external communication campaign management.

When visiting our corporate profile page on Facebook, your personal data will be processed by both SHIPSTA and Facebook as data controllers.

6.5.1.1 Identity of the joint controllers

The primary data controller is :
Facebook
Meta Platforms Ireland Limited (former Facebook Ireland Ltd.)
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

The other data controller is :

SHIPSTA S.à r.l.
7E, Route du Vin
L-6688 Mertert
Luxembourg
Tel. +352 27 86 75 90
E-Mail: hello@shipsta.com
Website : www.shipsta.com

6.5.1.2 How Facebook processes your personal data

We would like to kindly invite you to visit Facebook’s website and take your time to read the information provided by Facebook on the matter of how they process any personal data, as a primary data controller and what are the underlying terms and conditions of use of Facebook’s products and services, including the legal bases Facebook relies on and the ways to exercise Data Subject rights against Facebook.
You can find this information following the links below :
– https://www.facebook.com/privacy/explanation
– https://www.facebook.com/terms.php
The Page Insights Addendum supplements the aforementioned information and can be found following the link below :
– https://www.facebook.com/legal/terms/page_controller_addendum

Facebook Audience Insights
Facebook is the primary data controller in accordance with GDPR for the processing of Facebook Audience Insights data. Facebook as well assumes the fulfilment of obligations under the GDPR, related to processing of personal data for Audience Insights (including Art. 12 and Art. 13 of the GDPR, Art. 15 to 22 of the GDPR and Art. 32 to 34 of the GDPR). Facebook is the solely responsible entity for the processing of any personal data in connection with Page Audience Insights that are not covered by the existing Page Audience Insights Addendum.

We strongly recommend you addressing any requests for information and/or data privacy rights to Facebook directly, this based on the existing agreements with Facebook, and specifically on the agreement on joint responsibility of personal data. Being the operator and the provider of the social network platform, Facebook is in the exact position to possess, access and provide you directly with the information related to the processing of your personal data. Nonetheless, we at SHIPSTA also are ready to offer you assistance in that regard, as well as fulfilling our obligations as a data controller at any time.

Facebook Pixel
SHIPSTA uses Facebook Pixel on its website as well. Accordingly, SHIPSTA has entered into an agreement called Facebook Business Tools Terms. A Controller Addendum is attached to it in order to determine the respective responsibilities of each party for compliance with the obligations under the GDPR, with regard to the joint processing, as specified in the applicable product terms of Facebook.
All purposes for personal data collection and processing regarding the joint processing of personal data are also stated in the aforementioned Facebook Business Tools Terms.
Facebook ensures the responsibility of respecting the natural persons’ privacy rights under Art. 15 to 22 of the GDPR, regarding personal data processed and stored by Facebook after the joint processing activities. Equally, Facebook is the entity responsible for granting you as a natural person, the right to object to the processing activity, insofar as the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child, as per Art. 6 (1) f) of the GDPR.
Facebook ensures the security of the Facebook Pixel, as per Art. 32 of the GDPR. Facebook is responsible for notifying a personal data breach to the respective data protection supervisory authority and notifying the natural persons, as per Art. 33 and Art. 34 of the GDPR, insofar as a personal data breach engages its responsibility and obligations under the Controller Addendum.

6.5.1.3 How SHIPSTA uses your personal data in this specific case of joint controllership

Facebook Audience Insights and SHIPSTA’s Facebook corporate profile page
SHIPSTA wishes to engage with all stakeholders through every meaningful way of communication. In such a case, we would like to interact with users and visitors of Facebook’s social media platform in the scope of managing our external communication campaigns and for lead generation through our website for direct marketing.

We may process your personal data for the following :
– Lead generation in the scope of direct marketing and managing our website as a communication and promotional tool;
– Receiving feedback of our products, services and from every stakeholder willing to share their thoughts with our team;
– Information is used for evaluating the performance of marketing and advertisements.

SHIPSTA also uses the services of Facebook to obtain analytics reports about the performance of our corporate profile page in terms of visits and interactions between the page and visitors/users of the social network platform. This information allows us at SHIPSTA to manage and adapt our external communication campaigns and lead generation in a more focused and efficient way. It is possible that we obtain on a very rare occasion information on the profiles of Facebook users, who decide to like our corporate profile page and/or use any applications available on that page. In this case, our team is able to adapt the corporate profile page to provide enhanced and better content for our visitors, but also better functionality to the relevant users via our Facebook corporate profile page.

We are willing to constantly improve the provided content for the visitors of our corporate profile page. Therefore, we may also utilize information collected during visits to our page to perform demographic and geographic analyses. This may potentially result in providing more specific advertisements based on users’ interests without being able to identify, nor obtain direct knowledge of their identities.

The aforementioned reports contain only statistical, or also known as aggregated data. SHIPSTA would not be in the position to establish a link to any individual visitor or user. The data processing activity ensuring the production of different reports for Facebook Audience Insights is solely a responsibility of Facebook, without SHIPSTA having any access to the data used to produce the reports whatsoever.

Facebook Pixel
SHIPSTA uses the Facebook Pixel, which is part of the Facebook Business Tools. It is a snippet of JavaScript code that allows us to track the visitor activity on our website. Only after obtaining your prior consent, we will use Facebook’s “visitor action pixels” and “tracking pixels”. The Facebook Pixel functions by loading a small library of functions which we, as a website operator, can use whenever a site visitor takes an action on our website that we would be interested in tracking.

When using Facebook Pixel, we at SHIPSTA collect and process only analytics data. Normally, such data does not allow identifying a single visitor, but in some very rare cases, a natural person can be recognized from it, with or without combination/link with other data. We will consider analytics data as a personal data in such situations and under the applicable laws. In addition, analytics data is collected and transmitted to Facebook.

The following types of analytics data may be collected and processed through Facebook Pixel when you are visiting and interacting with our website:

  • The HTTP header information which include information about the web browser or app used (e.g., user agent, local country level, language of browser);
  • Online identifiers, such as IP addresses and, insofar as provided, Facebook-related identifiers or device identifiers (such as mobile OS advertising IDs) as well as information on opt-out/limited ad tracking status;
  • Information regarding standard/optional events such as buttons clicked by visitors, labels of those buttons and any pages visited as a result of the button clicks;
  • Pixel-specific data, which includes pixel ID and the cookie itself;
  • Optional values as conversion value, page type.

We may process your personal data for the following :
– Lead generation in the scope of direct marketing and managing our website as a communication and promotional tool;
– Quality improvement of our website;
– Trend analysis.

The types of personal data we would most likely process are : age, gender, location (city and country), audience measurement, number of likes, visits, IP address, cookie preferences, accepted cookies (Facebook Pixel), rejected cookies (Facebook Pixel), browser type and version, accumulated points on visiting, link clicks, unique link clicks, visited in last 7, 30 ,90 days, counted as a visitor, general behavior on website, pages visited, time spent on a page, time arriving on a page, time left the page.

6.5.1.4 Legal basis for data processing

Cookies and trackers requiring your consent can be placed after obtaining your explicit consent and the legal basis for such data processing is Art. 6 (1) a) of the GDPR. You can withdraw your consent at any time you would wish to do so.

In the event of communication over the social networks during external communication campaigns, we process personal data when it is necessary to safeguard SHIPSTA’s legitimate interest or that of a third party, but only in a case if your interests, fundamental rights, and freedoms do not outweigh the aforementioned ones. In such cases the applicable legal basis is Art. 6 (1) f) of the GDPR.

6.5.1.5 Personal data sharing or disclosure

We only and exclusively disclose personal data for lead generation to our partner HubSpot GmbH.
We also may regularly disclose personal data to Facebook for the purposes of their services being delivered to us and set out in the current Privacy Policy.

More specifically, by integrating Facebook Pixel, we may transfer the following types of personal data to Facebook :
The actions taken by visitors of our website and when interacting with our website’s content (visits, pages visited, time spent on a website page, time leaving the page, link click, unique link clicks).
We may instruct Facebook to process this data in order to prepare reports on our behalf regarding the impact of our ad campaigns and to generate analytics and insights about the website’s usage or about the interactions of our corporate profile page on Facebook with its visitors.

Such reports about the interaction between visitors/users of our corporate profile page on Facebook, will allow us to process data such as : age, gender, location (city and country), audience measurement, number of likes, visits. This data will be shared by Facebook with us.

6.5.1.6 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
In this specific case, personal data collected through Facebook Pixel can be accessible and stored, as long as the tracking of users goes, which can reach up to 180 days after clicking on an add or accessing Facebook through the link on our website.
The reports provided by Facebook contain completely anonymized data and Facebook defines as a data controller the storage duration for the data used to produce the analytics reports.

6.5.1.7 International data transfers to the USA

SHIPSTA does not transfer data during the process of operating our corporate profile page on Facebook.
However, it is possible that personal data is collected, processed and stored by Facebook after that you visited our Facebook corporate profile page. Currently, Facebook ensures the level of data protection of any international data transfer by using the European Commission’s standard contractual clauses.

6.5.1.8 Your privacy rights as a natural person in relation to Facebook

For more information about your privacy rights, please refer to Facebook and their privacy policy, in case you potentially are holding an account on that particular social network platform. The contact details of the Data Protection Officer of Facebook should be equally accessible in the Facebook’s Data Policy or following this link: https://www.facebook.com/help/contact/540977946302970

6.5.1.9 Right to erasure and right to object in relation to Facebook

SHIPSTA cannot in any case or way assist you with the deletion of your Facebook account, neither has the possibility to access such options, nor has any capability to influence Facebook to do such an action with your Facebook account (if you do possess one). The decision about the deletion should be taken by you, as a user of the Facebook social media platform and it should be communicated to Facebook, by using the settings in your Facebook profile.
In terms of asserting your right to object to advertising, we kindly invite you to consult the settings for advertising preferences in your Facebook account, where you could find to what extent it is possible and also acceptable for you to have your user behavior tracked and/or recorded by our corporate profile page on Facebook.
Facebook also provides a way to object to the processing of personal data for direct marketing. We kindly invite you to follow the link below:
https://www.facebook.com/help/contact/1994830130782319

6.5.2 SHIPSTA and Instagram (Meta Platforms Ireland Limited)

SHIPSTA and Meta Platforms Ireland Limited (former Facebook Ireland Limited, owner and provider of the social network platform Instagram) (further referred as Facebook in the current Privacy Policy), jointly process personal data, each entity pursuing its legitimate interests, and defined as a data controllers in the meaning of the Art. 4 (7) of the GDPR. The specific case predisposing and requiring setting up the present joint controllership between SHIPSTA and Facebook is the presence of SHIPSTA on the Instagram social network platform, within the scope of SHIPSTA operating an Instagram corporate profile page on the social media platform provided by Facebook. In this case and in accordance with the GDPR, both companies, SHIPSTA and Facebook, are jointly responsible for the data processing activities related to the aforementioned corporate profile page.
Operating a corporate page on a social network platform is an activity within the scope and the purpose of our external communication campaign management.

When visiting our corporate profile page on Instagram, your personal data will be processed by both SHIPSTA and Facebook as data controllers.

6.5.2.1 Identity of the joint controllers

The primary data controller is :
Facebook (provider and owner of the Instagram social network platform as a product)
Meta Platforms Ireland Limited (former Facebook Ireland Ltd.)
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

The other data controller is :

SHIPSTA S.à r.l.
7E, Route du Vin
L-6688 Mertert
Luxembourg
Tel. +352 27 86 75 90
E-Mail: hello@shipsta.com
Website : www.shipsta.com

6.5.2.2 How Facebook processes your personal data

We would like to kindly invite you to visit Instagram’s website (but Facebook’s website as well) and take your time to read the information provided by Instagram (Facebook) on the matter of how they process any personal data, as a primary data controller and what are the underlying terms and conditions of use of Facebook’s products and services (in this specific case : Instagram), including the legal bases Facebook relies on and the ways to exercise Data Subject rights against Facebook.

You can find this information following the links below :
– https://www.facebook.com/privacy/explanation
– https://help.instagram.com/581066165581870
– https://help.instagram.com/519522125107875/?helpref=hc_fnav

The Page Insights Addendum supplements the aforementioned information and can be found following the link below :
– https://www.facebook.com/legal/terms/page_controller_addendum

Instagram Insights

Facebook is the primary data controller in accordance with GDPR for the processing of Instagram Insights data. Facebook as well assumes the fulfilment of obligations under the GDPR, related to processing of personal data for Instagram Insights (including Art. 12 and Art. 13 of the GDPR, Art. 15 to 22 of the GDPR and Art. 32 to 34 of the GDPR). Facebook is the solely responsible entity for the processing of any personal data in connection with Page Audience Insights that are not covered by the existing Page Audience Insights Addendum.

We strongly recommend you addressing any requests for information and/or data privacy rights to Facebook directly, this based on the existing agreements with Facebook, and specifically on the agreement on joint responsibility of personal data. Being the operator and the provider of the social network platform, Facebook is in the exact position to possess, access and provide you directly with the information related to the processing of your personal data. Nonetheless, we at SHIPSTA also are ready to offer you assistance in that regard, as well as fulfilling our obligations as a data controller at any time.

6.5.2.3 How SHIPSTA uses your personal data in this specific case of joint controllership

Instagram Insights and SHIPSTA’s Instagram corporate profile page

SHIPSTA wishes to engage with all stakeholders through every meaningful way of communication. In such a case, we would like to interact with users and visitors of Instagram’s social media platform in the scope of managing our external communication campaigns and for lead generation through our website/direct marketing.

We may process your personal data for the following :
– Lead generation in the scope of direct marketing;
– Receiving feedback of our products, services and from every stakeholder willing to share their thoughts with our team;
– Information is used for evaluating the performance of marketing and advertisements;
– Trend analysis.

SHIPSTA also uses the services of Instagram to obtain analytics reports about the performance of our corporate profile page in terms of visits and interactions between the page and visitors/users of the social network platform. This information allows us at SHIPSTA to manage and adapt our external communication campaigns and lead generation in a more focused and efficient way. It is possible that we obtain on a very rare occasion information on the profiles of Instagram users, who decide to like our corporate profile page and/or use any applications available on that page. In this case, our team is able to adapt the corporate profile page to provide enhanced and better content for our visitors, but also better functionality to the relevant users via our Instagram corporate profile page.

We are willing to constantly improve the provided content for the visitors of our corporate profile page. Therefore, we may also utilize information collected during visits to our page to perform demographic and geographic analyses. This may potentially result in providing more specific advertisements based on users’ interests without being able to identify, nor obtain direct knowledge of their identities.

The types of personal data we would process are : age, gender, location (city and country), audience measurement, number of likes, visits.

The aforementioned reports contain only statistical, or also known as aggregated data. SHIPSTA would not be in the position to establish a link to any individual visitor or user. The data processing activity ensuring the production of different reports for Instagram Insights is solely a responsibility of Facebook, without SHIPSTA having any access to the data used to produce the reports whatsoever.

6.5.2.4 Legal basis for data processing

In the event of communication over the social networks during external communication campaigns, we process personal data when it is necessary to safeguard SHIPSTA’s legitimate interest or that of a third party, but only in a case if your interests, fundamental rights, and freedoms do not outweigh the aforementioned ones. In such cases the applicable legal basis is Art. 6 (1) f) of the GDPR.

6.5.2.5 Personal data sharing or disclosure

We only and exclusively disclose personal data for lead generation to our partner HubSpot GmbH.
In such a case, we may instruct Instagram to process this data in order to prepare reports on our behalf regarding the impact of our ad campaigns and to generate analytics and insights about the interactions of our corporate profile page on Instagram with its visitors and/or users.
Such reports about the interaction between visitors of our corporate profile page on Instagram, or users of Instagram, will allow us to process data such as : age, gender, location (city and country), audience measurement, number of likes, visits. This data will be shared by Facebook with us.

6.5.2.6 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
The reports provided by Facebook contain completely anonymized data and Facebook defines as a data controller the storage duration for the data used to produce the analytics reports.

6.5.2.7 International data transfers to the USA

SHIPSTA does not transfer data during the process of operating our corporate profile page on Instagram.
However, it is possible that personal data is collected, processed and stored by Facebook after that you visited our Instagram corporate profile page. Currently, Facebook ensures the level of data protection of any international data transfer by using the European Commission’s standard contractual clauses.

6.5.2.8 Your privacy rights as a natural person in relation to Facebook (Instagram)

For more information about your privacy rights, please refer to Instagram and the privacy settings you, as potentially holding an account on that particular social network platform, might have. The contact details of the Data Protection Officer of Facebook (and subsequently for its product Instagram) should be equally accessible in the Instagram’s Data Policy or following this link, whichever is more convenient and up-to-date: https://www.facebook.com/help/contact/540977946302970

6.5.2.9 Right to erasure and right to object in relation to Facebook (Instagram)

SHIPSTA cannot in any case or way assist you with the deletion of your Instagram account, neither has the possibility to access such options, nor has any capability to influence Facebook to do such an action with your Instagram account (if you do possess one). The decision about the deletion should be taken by you, as a user of the Instagram social media platform and it should be communicated to Facebook, by using the settings in your Instagram profile.
In terms of asserting your right to object to advertising, we kindly invite you to consult the settings for advertising preferences in your Instagram account, where you could find to what extent it is possible and also acceptable for you to have your user behavior tracked and/or recorded by our corporate profile page.
Facebook also provides a way to object to the processing of personal data for direct marketing. We kindly invite you to follow the link below:
https://www.facebook.com/help/contact/1994830130782319

6.5.3 SHIPSTA and LinkedIn

SHIPSTA and LinkedIn Ireland Unlimited Company (further referred as LinkedIn in the current Privacy Policy), jointly process personal data, each entity pursuing its legitimate interests, and defined as a data controllers in the meaning of the Art. 4 (7) of the GDPR. The specific case predisposing and requiring setting up the present joint controllership between SHIPSTA and LinkedIn is the presence of SHIPSTA on the LinkedIn social network platform, within the scope of SHIPSTA operating a LinkedIn corporate profile page on the social media platform provided by LinkedIn. In this case and in accordance with the GDPR, both companies, SHIPSTA and LinkedIn, are jointly responsible for the data processing activities related to the aforementioned corporate profile page.
Operating a corporate page on a social network platform is an activity within the scope and the purpose of our external communication campaign management.

When visiting our corporate profile page on LinkedIn, your personal data will be processed by both SHIPSTA and LinkedIn as data controllers.

6.5.3.1 Identity of the joint controllers

The primary data controller is :
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2 Ireland

The other data controller is :

SHIPSTA S.à r.l.
7E, Route du Vin
L-6688 Mertert
Luxembourg
Tel. +352 27 86 75 90
E-Mail: hello@shipsta.com
Website : www.shipsta.com

6.5.3.2 How LinkedIn processes your personal data

We would like to kindly invite you to visit LinkedIn’s website and take your time to read the information provided by LinkedIn on the matter of how they process any personal data, as a primary data controller and what are the underlying terms and conditions of use of LinkedIn’s products and services, including the legal bases LinkedIn relies on and the ways to exercise Data Subject rights against LinkedIn.
You can find this information following the links below :
https://www.linkedin.com/legal/privacy-policy
The Page Insights Joint Controller Addendum supplements the aforementioned information and can be found following the link below :
https://legal.linkedin.com/pages-joint-controller-addendum

LinkedIn Page Analytics

LinkedIn is the primary data controller in accordance with GDPR for the processing of LinkedIn Page Analytics data. LinkedIn as well assumes the fulfilment of obligations under the GDPR, related to processing of personal data for LinkedIn Page Analytics (including Art. 12 and Art. 13 of the GDPR, Art. 15 to 22 of the GDPR and Art. 32 to 34 of the GDPR). LinkedIn is the solely responsible entity for the processing of any personal data in connection with Page Audience Insights that are not covered by the existing Page Audience Insights Addendum.

We strongly recommend you addressing any requests for information and/or data privacy rights to LinkedIn directly, this based on the existing agreements with LinkedIn, and specifically on the agreement on joint responsibility of personal data. Being the operator and the provider of the social network platform, LinkedIn is in the exact position to possess, access and provide you directly with the information related to the processing of your personal data. Nonetheless, we at SHIPSTA also are ready to offer you assistance in that regard, as well as fulfilling our obligations as a data controller at any time.

6.5.3.3 How SHIPSTA uses your personal data in this specific case of joint controllership

LinkedIn Page Analytics and SHIPSTA’s LinkedIn corporate profile page

SHIPSTA wishes to engage with all stakeholders through every meaningful way of communication. In such a case, we would like to interact with users and visitors of LinkedIn’s social media platform in the scope of managing our external communication campaigns and for lead generation through our website/direct marketing.
We may process your personal data for the following :
– User analysis for lead generation in the scope of direct marketing ;
– Information is used for evaluating the performance of marketing and advertisements;
– Trend analysis;
– Sharing and/or recommending our content (Direct messages and communication, interaction with our content, information about SHIPSTA you have added to your profile);
– Job applications.

SHIPSTA also uses the services of LinkedIn to obtain analytics and statistics reports about the performance of our corporate profile page in terms of visits and interactions between the page, our shared content on it and visitors/users of the social network platform. This information allows us at SHIPSTA to manage and adapt our external communication campaigns and lead generation in a more focused and efficient way.

We are willing to constantly improve the provided content for the visitors of our corporate profile page. Therefore, we may also utilize information collected during visits to our page to perform demographic and geographic analyses. This may potentially result in providing more specific advertisements based on users’ interests without being able to identify, nor obtain direct knowledge of their identities.

The aforementioned reports contain only statistical, or also known as aggregated data. SHIPSTA would not be in the position to establish a link to any individual visitor or user. The data processing activity ensuring the production of different reports for LinkedIn Page Analytics is solely a responsibility of LinkedIn, without SHIPSTA having any access to the data used to produce the reports whatsoever.

SHIPSTA may also process information in relation to a job application you wish to submit to us.
In such a case, SHIPSTA processes any information you would submit to us, but generally this information is within the scope of your job application processing and in the scope of our recruitment management activities.
The processed data could potentially be, but would not be limited to : e.g. : CV, Cover letter, any educational credentials, a video and/or audio presentation done by you, as an applicant and delivered to us by LinkedIn as a service, your full identity and any information, relevant to your professional experience, language practices, interests, additional qualification, diplomas, secondary and university education.

6.5.3.4 Legal basis for data processing

In the event of communication over the social networks during external communication campaigns, we process personal data when it is necessary to safeguard SHIPSTA’s legitimate interest or that of a third party, but only in a case if your interests, fundamental rights, and freedoms do not outweigh the aforementioned ones. In such cases the applicable legal basis is Art. 6 (1) f) of the GDPR.

In the event of a job application from you and having submitted the relevant documentation to our Human Resources department, this application will be as a response to a job offer SHIPSTA submitted on LinkedIn, and within the scope of our recruitment management, thus providing the legal basis under Art. 6 (1) b) of the GDPR.

In a case where the data could potentially be required once the application process has been completed, i.e. for internal litigation purposes, the processed personal data may be necessary to maintain the legitimate interests of SHIPSTA in accordance with Art. 6 (1) f) GDPR, specifically for the assertion and/or defense of our claims and our rights.

6.5.3.5 Personal data sharing or disclosure

We only and exclusively disclose personal data for lead generation to our partner HubSpot GmbH.
In such a case, we may instruct LinkedIn to process this data in order to prepare reports on our behalf regarding the impact of our ad campaigns and to generate analytics and insights about the interactions of our corporate profile page on LinkedIn with its visitors and/or users.
Such reports about the interaction between visitors of our corporate profile page on LinkedIn, or users of LinkedIn, will allow us to process data such as : age, gender, location (city and country), audience measurement, number of likes, visits. This data will be shared by LinkedIn with us in the form of an anonymized report but will be processed by LinkedIn for the production of such a report.

6.5.3.6 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
The reports provided by LinkedIn contain completely anonymized data and LinkedIn defines as a data controller the storage duration for the data used to produce the analytics reports.

6.5.3.7 International data transfers to the USA

SHIPSTA does not transfer data during the process of operating our corporate profile page on LinkedIn.
However, it is possible that personal data is collected, processed and stored by LinkedIn after that you visited our LinkedIn corporate profile page. Currently, LinkedIn ensures the level of data protection of any international data transfer by using the European Commission’s standard contractual clauses.

6.6 An overview of the data processing carried out by the social media network providers

SHIPSTA has no influence over the collected and processed personal data concerning you by the social media network platforms. We at SHIPSTA are not aware of the full extent of the data collection, the purposes of the processing or the storage periods, but we do everything in our power to provide you with the relevant information which might help you understand how the social media platforms process your personal data.

We at SHIPSTA do our best, for example by configuring the settings of the different cookies and similar technologies, to ensure compliance with the data protection regulations. However, we only have extremely limited influence on the data processing by the social media platforms providers.

For further information on the data processing by the social media services we kindly invite you to refer to their relevant data protection policies:

Facebook : https://www.facebook.com/privacy/explanation

Instagram : https://help.instagram.com/519522125107875/?maybe_redirect_pol=0

LinkedIn : https://www.linkedin.com/legal/privacy-policy

We kindly invite you to consider the information provided above, if you’d wish to exercise your privacy rights as a natural person, in connection with the data processing done by the social media networks and contact the respective social media network provider.

7. Newsletter/Blog subscription/Shipsta News

7.1 Description and scope of data processing

You have the opportunity to subscribe to a free newsletter on our website and receive news on interesting product updates and insights from the world of logistics directly in your inbox.
This will allow you to receive our expert news once a month with exciting insights on logistics procurement as well as helpful resources and downloadable documentation. Among those you would be able to find the following:

✓ Exciting blog articles
✓ Practical tips for logistics procurement
✓ Access to webinars, white papers, and more

In order to process your personal data after the subscription process, we would need to obtain your prior consent.

This service requires the provision of personal data. The data is entered into an input screen, transmitted to us, and stored.

The following data is collected during the Newsletter subscription process:

First name
Last name
Email address

7.2 Legal basis for data processing

In order to send you our newsletter, we must obtain your consent beforehand. In this case, the legal basis for the processing of your data is Art. 6 (1) a) of the GDPR.

7.3 Purpose of data processing

Your data is collected in order to dispatch our external newsletter to your inbox.

7.4 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Your email address, first and last name will therefore be stored for as long as your subscription to the newsletter is active.

7.5 Personal data sharing or disclosure

The data will be used exclusively for sending the newsletter and is disclosed only to our partner, used for the delivery of the newsletter: HubSpot GmbH.

7.6 Canceling the subscription and consent withdrawal

You may cancel your subscription to the newsletter at any time. A relevant link can be found in every newsletter for this purpose.
This step is considered to be the withdrawal of your consent to receive our newsletter.

8. Contact form – Demo / Online Consultation

8.1 Description and scope of data processing

We offer you the possibility to book a Demo / Online Consultation of our software solutions and to have a first glimpse of the extent of capabilities of our software solutions, which could potentially lead to negotiations and the subscription to a (paid) service and/or a product of SHIPSTA, as well maintaining a commercial relationship without the subscription or the purchase of any of SHIPSTA’s products. The processing activity is within the scope of ​management of the customer/prospect relationship.

This requires the provision of personal data. The data is entered into an input screen, transmitted to us, and stored.

The following data is collected during the Demo / Online Consultation booking process:

First name
Last name
Email address
Company name
Phone number
Position within company/professional situation (position or student/researcher)

8.2 Legal basis for data processing

In case of a potential negotiation or the intention from your side to conclude a contract with us, the legal basis for the processing will be under Art. 6 (1) b) of the GDPR, as the communication will be necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.

8.3 Purpose of data processing

The purpose of this processing activity is to offer you the possibility to have an overview of the capabilities of our products, which potentially could lead to a negotiation and purchase of a product, a subscription to a (paid) service delivered by SHIPSTA, as well as maintaining the commercial relationship without purchase or subscription to a product/service proposed by SHIPSTA. The purpose of the data processing activity is within the scope of the management of the customer/prospect relationship.

8.4 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, and the storage periods required by law have expired.
In this precise case, data will be stored until the date of you deciding not to enter into a contractual relationship with us, following the presentation of the Demo / Online Consultation of our product(s), augmented by a maximum of three (3) years after this last contact with you.

8.5 Personal data sharing or disclosure

The data will be used exclusively for managing your request and is disclosed only to our partner, used for the delivery of the information to us: HubSpot GmbH.

8.6 Right to erasure

If you contact us via the Demo / Online Consultation contact form, you may exercise your right to erasure.

However, if you exercise this right, it will not be possible to continue any potential contractual or precontractual relationship started via the form with us.

For further details regarding how to exercise your GDPR privacy rights, please refer to Paragraph 3 of the current Privacy Policy.

9. Chat bot messaging form

9.1 Description and scope of data processing

We offer you the possibility to have a quick contact with us via the Chat bot on our website.

This communication could potentially require the provision of personal data, but essentially depends on your question and/or message.
The data is entered into an input screen, transmitted to us, and stored.

We offer you the possibility to send us attached file(s) along with the message. Any personal information contained in such a file will be processed as well or deleted. If it’s not relevant to the products/services we provide to our clients, or to any (potential) contractual relationship, the data will be permanently deleted from the file you’ve transmitted to us.

9.2 Legal basis for data processing

The data processing is based on Art. 6 (1) f) of the GDPR and the data processing activity is necessary for the purpose of SHIPSTA’s team to provide you with an adequate answer to your request.

9.3 Purpose of data processing

The data must be passed on in order to allow us to provide you with an adequate answer to your request/message, sent via the Chat bot in the scope of the​ management of the customer/prospect relationship.

9.4 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, and the storage periods required by law have expired.

In this precise case, personal data will be removed from our data base after the conclusive end of the conversation, following the provided answer from us.
The conversation is considered to have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

Personal data that was additionally collected during the conversation will be deleted within 90 days at the latest.

9.5 Personal data sharing or disclosure

The data will be used exclusively for managing your question/request and is disclosed only to our partner, used for the delivery of the information to us through the Chat bot: HubSpot GmbH.

9.6 Right to erasure and right to object

If you contact us via the Chat bot, you may exercise your right to object to the processing of your personal data at any time or exercise your right to erasure.

However, if you exercise the right to erasure, it will not be possible to continue any conversation started via the Chat bot with us.

Pursuant to Art. 17 (1) c) of the GDPR, in case you object to the data processing activity, all personal data concerning you, that is being processed after you made contact with us, will be deleted without undue delay, unless you’re already in a contractual relationship with SHIPSTA or you have already taken steps prior to entering into a contractual relationship with SHIPSTA.

For further details regarding on how to exercise your GDPR privacy rights, please refer to Paragraph 3 of the current Privacy Policy.

10. Contact Us form

10.1 Description and scope of data processing

You have the possibility to contact us via the provided contact form on our web site.

In this case, any personal data that is transmitted along with the message/question will be processed. This data will not be disclosed to third parties in this context. The data will be used exclusively to carry out the conversation and to provide you with an adequate response to your question and/or request. Any personal information contained in the “Your Message” field will be processed as well or deleted. If it’s not relevant to the products/services we provide to our clients, or to any (potential) contractual relationship, the data will be permanently deleted from our information system.
The following data is collected when using the “Contact Us” form:

First name
Last name
Email address
Name of your company
Message/question

10.2 Legal basis for data processing

The legal basis for processing the data transmitted through the contact form on our web site and providing you with an answer is based on Art. 6 (1) a) of the GDPR.

Additionally, in order to contact you in the scope of a lead generation, we must obtain your consent beforehand. In this case, the legal basis for the processing of your data is Art. 6 (1) a) of the GDPR.

10.3 Purpose of data processing

We only process personal data for the purpose of facilitating contact with you, as a user of our web site and to provide answers to requests/questions sent through the “Contact Us” form on our website, in the scope of the management of the website as a communication and promotional tool generating leads.

Additionally, and only after obtaining your prior consent, your personal data will be processed for lead generation purpose.

10.4 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, and the storage periods required by law have expired.
For personal data, this is the case, when the respective conversation with the user has ended.
The conversation is considered to have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

Personal data that was additionally collected during the conversation will be deleted within 90 days at the latest.

10.5 Right to erasure and consent withdrawal

If you contact us via the “Contact Us” form, you may withdraw your consent for the processing of your personal data at any time.

If you contact us via the “Contact Us” form, you may exercise at any time your right to erasure.

However, if you exercise the right to erasure or the right to object, it will not be possible to continue any conversation started via the form with us.

For further details regarding on how to exercise your GDPR privacy rights, please refer to Paragraph 3 of the current Privacy Policy.

11. Whitepaper / E-book subscription

11.1 Description and scope of data processing

You can subscribe on our site in order to receive a free whitepaper/e-book from us.

By doing this you’d be able to receive a whitepaper on a specific topic related to logistics and procurement. Each whitepaper subscription is valid only for the specific whitepaper. A new subscription must be done in order to receive another/new whitepaper/e-book from us.

In order to process your personal data after the subscription process, we would need to obtain your prior consent.

This service requires the provision of personal data. The data is entered into an input screen, transmitted to us, and stored.

The following data is collected during the subscription process:

First name
Last name
Email address
Company name
Position within company/professional situation (position or student/researcher)

11.2 Legal basis for data processing

In order to send you a whitepaper/e-book, we must obtain your consent beforehand. In this case, the legal basis for the processing of your data is Art. 6 (1) a) of the GDPR.

Additionally, in order to contact you in the scope of a lead generation, we must obtain your consent beforehand. In this case, the legal basis for the processing of your data is Art. 6 (1) a) of the GDPR.

11.3 Purpose of data processing

Your personal data are collected in order to deliver you the specific whitepaper/e-book, in the scope of the management of the website as a communication and promotional tool generating leads.
Additionally, and only after obtaining your prior consent, your personal data will be processed for a lead generation purpose.

11.4 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Your personal data will therefore be stored for the time necessary for the delivery of the information (desired whitepaper) and/or until you withdraw your consent.

11.5 Personal data sharing or disclosure

The data will be used exclusively for sending the whitepaper/e-book and is disclosed only to our partner, used for the delivery process: HubSpot GmbH.

11.6 Withdrawal of consent and right to erasure

If you contact us via the Whitepaper/E-book order subscription form, you may withdraw your consent for the processing of your personal data at any time.

If you contact us via the Whitepaper/E-book order subscription form, you may exercise your right to erasure of your personal data at any time.

However, if you withdraw your consent, or exercise your right to erasure, it will not be possible to deliver you the desired whitepaper/e-book.

For further details regarding of how to exercise your GDPR privacy rights, please refer to Paragraph 3 of the current Privacy Policy.

12. Cost Avoidance Calculator

12.1 Description and scope of data processing

The data you provide in the Cost Avoidance Calculator will be used to estimate your potential savings in logistic budget, time, and invoicing by moving your tendering and invoice processing to the SHIPSTA platform. After your details are submitted, we will send you a fully customized report with the savings breakdown, based upon the details you have entered.

The usage of the Cost Avoidance Calculator requires the provision of personal data, but only after we’ve obtained your explicit and prior consent.
The data is entered into an input screen, transmitted to us, and stored.

The following data is collected during the process:

First name
Last name
E-mail address
Type of industry

12.2 Legal basis for data processing

In order to send you your customized savings report, we must obtain your consent beforehand. In this case, the legal basis for the processing of your data is Art. 6 (1) a) of the GDPR.

Additionally, in order to contact you in the scope of a lead generation, we must obtain your consent beforehand. In this case, the legal basis for the processing of your data is Art. 6 (1) a) of the GDPR.

12.3 Purpose of data processing

We process personal data for the purpose of sending you the completed ROI customized savings report and facilitating contact with you in case your business is considering the possibility to be moving its tendering and invoicing logistics activities to the SHIPSTA platform, in the scope of the management of the website as a communication and promotional tool generating leads.
Additionally, and only after obtaining your prior consent, your personal data will be processed for a lead generation purpose.

12.4 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, and the storage periods required by law have expired.

Your personal data will therefore be stored for the time necessary for the delivery of the information (ROI report) and/or until you withdraw your consent.

12.5 Personal data sharing or disclosure

The personal data is disclosed only to our partner, assisting us for the ROI report delivery : HubSpot GmbH.

12.6 Withdrawal of consent and right to erasure

In case you have submitted your personal data using the ROI Calculator form, you may withdraw your consent for the processing of your personal data or exercise your right to erasure.

However, if you withdraw your consent, or exercise your right to erasure, it will not be possible to deliver you the desired ROI customized report.

For further details regarding of how to exercise your GDPR privacy rights, please refer to Paragraph 3 of the current Privacy Policy.

13. Additional Plugins and tools (Google Web Fonts)

13.1 Description and scope of data processing

For uniform representation of fonts, our website uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data by Google can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

13.2 Legal basis for data processing

Your browser has to establish a direct connection to Google servers in order to load the web fonts our website provides.
Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website for its visitors within the scope of the management and quality improvement of the website as a communication and promotional tool. This constitutes a legitimate interest pursuant to Art. 6 (1) f) of the GDPR.

13.3 Purpose of data processing

Delivering standardized web fonts for a uniform and attractive presentation of the text and the content on our website.

13.4 Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, and the storage periods required by law have expired.

Your personal data will therefore be stored for the time necessary for the duration of the session.

14. Change to this Privacy Policy

SHIPSTA expressly reserves the right to amend or change this current Privacy Policy or different elements of it at any time.
This will be necessary in the following cases:
Due to legal changes ;
Due to technical changes to the website ;
Due to changes in the services, we offer.

We kindly invite you to carefully read the current Privacy Policy, as its current and updated version is the only one applicable at the time (date and hour) of your use of our website.

15. Security of processing

In accordance with Art. 32 (1) of the GDPR, SHIPSTA takes appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing activities and the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

The data is processed and stored exclusively on servers located in member states of the European Union.

16. Your privacy rights as a natural person and a visitor of our website

If your personal data is processed, you are a natural person (a data subject within the meaning of the GDPR) and you have the following privacy rights with respect to SHIPSTA as the data controller:

16.1 Right to access

You can request that SHIPSTA confirms whether personal data that concerns you is processed by SHIPSTA, and grant you access to this data.

If such processing is taking place, you can request and obtain the following information:
(1) the purposes for the processing of personal data;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned storage duration of your personal data or, if specific information in that regard is not possible, criteria for determining the storage period;
(5) the existence of any right to have your personal data rectified or deleted by SHIPSTA, or restrict or object to the processing activity due to your particular situation;
(6) the existence of a right to file a complaint to the Luxembourgish data protection authority (CNPD) or to a supervisory authority relative to your place of residence or work. We kindly invite you to find a full list following this link : https://edpb.europa.eu/about-edpb/about-edpb/members_en ;
(7) all available information on the source(s) of the data, if the personal data has not been directly collected from you;
(8) the existence of automated decision-making processes, including profiling, as defined in Art. 22 (1) and (4) of the GDPR, and meaningful information on the logic involved and the scope and intended effects of such processing for you;
(9) the right to request information regarding whether your personal information will be transmitted to a non-EEA country or an international organization. In this respect, you can request information about the appropriate guarantees regarding the data transfer, in accordance with Art. 46 of the GDPR.

16.2 Right to have data rectified

You have a right to correct and/or add to the personal data we have on file about you if it is incorrect or incomplete. We will take care of rectifying your data without undue delay.

If you have asserted the right to have your data rectified, we are obliged to notify all recipients to whom your personal data has been disclosed of the same, unless this proves to be impossible or involves disproportionate effort to be accomplished.

16.3 The right to restrict a processing activity

You may request that the further processing of your personal data is restricted if:
(a) you dispute the accuracy of the personal data we have on file; its processing would then be restricted for as long as it takes us to verify its accuracy;
(b) the processing is unlawful, you do not wish to have the data deleted, but instead wish its further use to be restricted;
(c) SHIPSTA no longer needs the personal data for the predefined purposes, but you need it to assert, exercise, or defend legal claims; or
(d) you have objected to the processing activity pursuant to Art. 21 (1) GDPR and it has not yet been established whether our legitimate reasons for its continued processing outweigh your right to object to the same.

If the processing of your personal data has been restricted, it may then be processed beyond its previewed retention period only with your consent or for the purpose of asserting, exercising, or defending legal claims, or protecting the rights of another natural or legal person, or for reasons of an important public interest on the part of the Union or a Member State.

If the processing restriction has been placed in accordance with the aforementioned conditions, we will inform you before such a restriction is about to be lifted.

If you have asserted the right to restrict the further processing of your data, SHIPSTA is obliged to notify all recipients to whom your personal data has been disclosed of the same, unless this proves to be impossible or involves disproportionate effort to be accomplished.

16.4 Right to erasure (‘’right to be forgotten’’)

(a) Obligation to delete data

(1) You may request that SHIPSTA deletes your personal data, and we will comply with this request without undue delay, if one of the following reasons applies:
The personal data is no longer necessary in relation to the purpose(s) for which it was collected or otherwise processed;
(2) You withdraw the consent that was the basis of its processing per Art. 6 (1) a) or per Art. 9 (2) a) of the GDPR and there is no other legal basis for its further processing;
(3) You object per Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for its further processing; or you submit an objection according to Art. 21 (2) of the GDPR;
(4) Your personal data has been unlawfully processed;
(5) Your personal data is required to be deleted in order to comply with a legal obligation under Union or the Luxembourgish law to which SHIPSTA is a subject;
(6) Your personal data has been collected in relation to services offered by information society services pursuant to Art. 8 (1) of the GDPR.

(b) Transfer of personal data to third parties

If SHIPSTA has made your personal data public and is required to delete it under Art. 17 (1) of the GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the third parties who process the personal data, that you have requested the deletion of all links to the same as well as any copies thereof.

If you have asserted the right to have your data deleted, SHIPSTA is obliged to notify all recipients to whom your personal data has been disclosed of the same, unless this proves to be impossible or involves disproportionate effort to be accomplished.

(c) Exceptions

The right to erasure does not apply insofar as the processing is necessary:

(1) to exercise the right to freedom of expression and information;
(2) for the performance of a legal obligation which makes such processing mandatory under the law of the Union or of the Luxembourgish law to which SHIPSTA is subject, or for the performance of a task in the public interest, or in the exercise of official authority conferred upon SHIPSTA;
(3) for reasons of public interest in the field of public health in accordance with Art. 9 (2) h) and i), as well as Art. 9 (3) of the GDPR;
(4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) of the GDPR, to the extent that the right referred to in Section a) of 16.4 of the current Privacy Policy is likely to render impossible or seriously inhibit the ability to achieve said purposes; or
(5) to assert, exercise, or defend legal claims.

16.5 The right to data portability

You have the right to obtain a copy of the personal data we have on file about you in a structured, commonly used, machine-readable format.

Moreover, you have the right to transmit this data to another data controller without any obstruction from SHIPSTA if:

(1) the processing is based on consent pursuant to Art. 6 (1) a) or Art. 9 (2) a) of the GDPR, or based on a contract in accordance with Art. 6 (1) b) of the GDPR and
(2) the processing is carried out using automated methods.
In exercising this right, you also have the right to have us transfer the personal data we have on file about you directly to another party, if this is technically feasible.

Please, take into consideration that such action must not affect the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on us.

16.6 Right of objection

You have the right, for reasons arising from your specific situation to object to the processing of personal data concerning you at any time, which is carried out in accordance with Art. 6 (1) f) of the GDPR; the same applies to profiling based on these provisions.
SHIPSTA will no longer process the personal data relating to you unless we can prove a compelling legitimate reason for the same, which outweighs your interests, rights, and freedoms, or unless the processing serves to assert, exercise, or defend our legal claims.

If the personal data concerning you, is being processed for direct marketing purposes/lead generation, you have the right to object at any time to the processing of the personal data for the purpose of such marketing; this also applies to profiling, insofar as it is associated with direct marketing.

If you object to the processing that is for direct marketing purposes, the personal data will no longer be processed for these purposes.

16.7 Right related to automated decision in individual cases, including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner.

This shall not apply if the processing activity:
(1) is necessary for us to establish or fulfill a contract between you and SHIPSTA;
(2) is authorized by Union or by the Luxembourgish law to which we are subject, provided said law also sets forth suitable measures for safeguarding your rights, and freedoms, and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) of the GDPR, unless Art. 9 (2) a) or g) of the GDPR apply, and appropriate measures have been taken to protect your rights and freedoms, as well as your legitimate interests.

In the cases referred to in (1) and (3) of 16.7 of the current Privacy Policy, SHIPSTA shall take reasonable and proportionate measures to safeguard your rights, freedoms, and legitimate interests, including, at a minimum, the right to obtain the intervention of a person to state our position and to examine the decision taken during the processing activity.

16.8 Right to file a complaint with a supervisory authority

You have the right of appeal to a supervisory authority (a full list can be found following this link : https://edpb.europa.eu/about-edpb/about-edpb/members_en), in particular in the Member State where you reside, work or where the infringement is suspected to be committed, if you believe that the processing of personal data that concerns you is in contravention of the GDPR.