The words "we", "us", "our" or any of their derivatives refer to Containerchain. The words "you", "your", "yours" or any of their derivatives refer to the person using our Website and/or Services (where Website means any webpages, microsites or mobile applications owned by Containerchain and Services means all Containerchain products and services, including hardware and software), or otherwise providing information to or communicating with us.
Categories of personal data and processing purposes
Furthermore, when you visit our Website, we will generally collect the following categories of metadata that result from your usage of the Website: browser type and version, operating system used, website from which you are visiting us (referrer URL), website you are visiting, date and time of accessing our Website, and internet protocol (IP) address. Your IP address will be used to enable your access to our Website.
In addition to the primary purpose of providing the Services and the Website for which Containerchain will collect and use your personal data, Containerchain will also use and process the personal data it collects:
- for purposes necessary or incidental to the provision of the Services to you;
- to manage and enhance Containerchain's Services;
- to communicate with you, including by email, mail or telephone;
- to identify you (and verify your identity);
- as required or permitted by any applicable law.
However, if you do block cookies or other tracking technologies, you may not be able to use certain features and functions of our Website and/or the Services.
Legal basis for the processing
We may carry out the processing of your personal data on the following legal bases:
- performance of the contractual relationship with the you;
- legitimate interest of Containerchain, Containerchain's affiliates or other third parties (such as governmental bodies or courts) where the legitimate interest could be, in particular, performing the contract under which you are a beneficiary, understanding your interest for valuable marketing information, group-wide information sharing, certain marketing and CRM activities (such as personal visits, direct marketing via postal mail, and direct marketing relating to an ongoing business relationship with you), or potential merger and acquisition activities, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data;
- consent (in particular, for certain type of direct marketing via email, SMS/MMS, fax, and telephone);
- compliance with legal obligations.
In general, the provision of your personal data is voluntary, but in certain cases it is necessary in order to enter into a contract with us or to receive our services/products as requested by you.
Not providing your personal data may result in disadvantages for you – for example, you may not be able to receive certain Services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
Transfer of personal data
Containerchain will disclose your personal data to its subsidiaries or affiliates for purposes of data storage.
Containerchain may also disclose personal data, to third parties outside the Containerchain group:
- engaged by Containerchain to perform functions or provide services on Containerchain's behalf;
- that are Containerchain's agents, business partners or joint venture entities in the industry sector of containerized cargo and located in the countries in which Containerchain operates;
- such as container facilities for the purpose of fulfilling your booking for the delivery and/or pick up of containers as selected by you;
- authorised by you to receive information held by Containerchain;
- as part of a sale (or proposed sale) of all or part of Containerchain's business; and/or
- as required or permitted by any applicable law.
Containerchain may transfer, store, process and/or deal with your personal data outside of your jurisdiction to recipients that will be located primarily in the EU/EEA, in Australia, New Zealand, Singapore and Malaysia.
When transferring your personal data to or making your personal data accessible to those recipients, we will comply with all applicable data protection and privacy laws, including and in particular the EU General Data Protection Regulation ("GDPR").
For recipients located outside of the EEA, some are located in countries with adequacy decisions pursuant to Art. 45 GDPR (in particular, New Zealand), and transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective.
Other recipients might be located in countries which do not adduce an adequate level of protection from a European data protection law perspective (in particular, Australia, Singapore and Malaysia). We will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law.
With respect to transfers to countries not providing an adequate level of data protection, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority (Art. 46(2)(c) or (d) GDPR), approved codes of conduct together with binding and enforceable commitments of the recipient (Art. 46 (2)(e)), or approved certification mechanisms together with binding and enforceable commitments of the recipient (Art. 46 (2)(f) GDPR). You can ask for a copy of such appropriate safeguards by contacting us as set out in Section 7 below. In the majority of the cases, the transfer is protected by standard data protection clauses adopted by the European Commission (Art. 46(2)(c) or (d) GDPR).
Data subject rights
Right to withdraw your consent
If you have declared your consent regarding certain collecting, processing and use of your personal data, you can withdraw this consent (via email at firstname.lastname@example.org) at any time with future effect. Further, you can object to the use of your personal data for the purposes of marketing without incurring any costs other than the transmission costs in accordance with the basic tariffs (see below for further information on the right to object).
Additional data privacy rights
Pursuant to applicable data protection law, you may have the right to: (a) request access to your personal data; (b) request rectification of your personal data; (c) request erasure of your personal data; (d) request restriction of processing of your personal data; (e) request data portability; (f) object to the processing of your personal data (including objection to profiling); and (g) exercise other rights in connection with automated decision-making.
Please note that the abovementioned rights might be limited under the applicable national data protection law. Below please find further information on your rights to the extent that the GDPR applies:
Right to request access to your personal data
Pursuant to the GDPR, you have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. This access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed.
Pursuant to the GDPR, you have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
Right to request rectification
Pursuant to the GDPR, you have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to request erasure (right to be forgotten)
Under certain circumstances, you have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
Right to request restriction of processing
Under certain circumstances, you have the right to obtain from us restriction of processing your personal data. In such case, the respective data will be marked and may only be processed by us for certain purposes.
Right to request data portability
Under certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
Right to object
Under certain circumstances, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Such right to object may especially apply if Containerchain collects and processes your personal data for profiling purposes in order to better understand your business interests in Containerchain's Website / Services. Further you may decide to object to the use of your personal data for direct marketing. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us.
However, such a right to object may in particular not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
Other rights in connection with automated decision-making
Furthermore, under certain circumstances with respect to automated individual decision-making, you have the right to obtain human intervention, express your point of view, and contest the decision.
To exercise your rights, please contact us as stated below.
You also have the right to lodge a complaint with the competent data protection supervisory authority.
Security of personal data
Containerchain will take all reasonable steps to protect the personal data Containerchain holds about you from misuse, loss or unauthorised access. You acknowledge that the security of online transactions you conduct using the Website cannot be guaranteed. Containerchain does not accept responsibility for misuse of or loss of, or unauthorised access to, your personal data where Containerchain does neither act as data controller or data processor with respect to such personal data.
Your personal data is retained as long as the purpose for which it was collected remains and until it is no longer necessary for any other business purposes or to comply with any applicable law. Once you have ended your business relationship with us, we will either delete your personal data or anonymize your personal data, unless statutory retention requirements apply.
Last updated: December 2020