Privacy policy
Overview
Shipfox attaches great importance to compliance with regulations relating to the protection of personal data and in particular the General Data Protection Regulation (EU Regulation 2016/679 of the European Parliament known as “GDPR”) and the data processing and freedom law (law no. 78-17 of January 6, 1978 relating to data processing, files and freedoms).
In this context, this Privacy Policy will help you to understand what personal data concerning you is collected by Shipfox and what it is intended for.
Scope
This privacy policy is intended to govern the processing carried out by Shipfox as data controller (Shipfox SAS, 229 rue Saint Honoré 75001 Paris), in particular the data collected in the context of
- the management of your customer account
- the management of marketing communications or prospection
- the use of one of our websites (not already covered by a specific privacy policy)
- the recruitment management
- the compliance with our legal obligations
- the guarantee of legitimate interests
The data collected for the operation of our services, where Shipfox acts as a processor, is governed by our Terms of Services as well as our Data Processing Agreement (DPA).
What kind of personal data is processed ?
Shipfox is required to process the following categories of data:
- Data relating to identity: name, first name, postal and email address, telephone number, customer number, signature, proof of identity.
- Billing data: bank details, means of payment, invoices, etc.
- Consumption data: history of services and products used, event logs etc.
- Communication data: history of exchanges with Shipfox, complaints, support tickets, etc.
- Connection data: IP address, user ID, location data, connection and event logs etc.
The categories of data used are indicated in each of the treatments in the following section. Any reference to “user account data” includes all account data.
How we use your data.
Contracts management and customer relations
Shipfox processes your data in order to manage contracts for the services you use. This includes the management of accounts, support and payment methods.
| Purposes | Categories of data | Legal basis | Retention | Categories of recipients |
|---|---|---|---|---|
| Management of contracts and customer relations (management of accounts, support and means of payment) | Identity data Billing data Consumption data Communication data Connection data | Execution of the contract | Duration of the contractual relationship plus an archiving period to meet our legal obligations and guarantee the defense of our legitimate interest | Shipfox Services Entitled Shipfox Partners for support and payment management Authorized third parties |
| Management of contracts with our partners (service providers and suppliers) | Identity data Commercial relationship monitoring data (activity reports and, communications) | Execution of the contract | Duration of the contractual relationship | Shipfox Services Entitled Shipfox Partner for the management of suppliers Authorized third parties |
Sales and Marketing
Shipfox processes certain data in order to send its service offers to its customers or prospects, guests for events or even collect their opinions on products (processing may involve profiling techniques). These processing operations may be based either on legitimate interest, if the person is already a customer of the company, particularly if the proposals concern products or services similar to those already subscribed, or on consent. Shipfox mainly collects this data directly but can also obtain it indirectly via specialized data processors in conformity with all applicable legal requirements.
| Purposes | Categories of data | Legal basis | Retention | Categories of recipients |
|---|---|---|---|---|
| Commercial prospecting and communication campaigns relating to our products and services | Identity data Billing data Consumption data Communication data Connection data | Legitimate interest Consent | Duration of the contractual relationship Account deletion request withdrawal of consent objection of the person | Shipfox Sales and Marketing Teams Entitled Shipfox Partners for the management of marketing campaigns and customer relation Authorized third parties |
| Organization of events to promote our services | Identity data Communication data Connection data | Legitimate interest Consent | Duration of the contractual relationship Account deletion request | Shipfox Sales and Marketing Teams Entitled Shipfox Partners for the management of events Authorized third parties |
| Management of cookies and other trackers (learn more about our cookie policy) | Connection data | Consent | Cookies are stored between 3 months and 1 year depending on the type of cookie used | Shipfox Sales and Marketing Teams Entitled Shipfox Partners for the cookies management Authorized third parties |
| Carrying out satisfaction surveys or quality surveys on our services and the training of our teams | Identity data Billing data Consumption data Communication data Connection data Audio or video recording | Legitimate interest Consent | 1 year and anonymization | Shipfox Sales and Marketing Teams Entitled Shipfox Partners for marketing analysis Authorized third parties |
| Produce usage statistics | Connection data | Legitimate interest | Cookies: between 3 months and 1 year Service usage data kept during the contractual period or anonymized | Shipfox Sales and Marketing Teams Entitled Shipfox Partners for quality analysis Authorized third parties |
Recruitment
Shipfox also processes the personal data of candidates as part of its recruitment procedure.
| Purposes | Categories of data | Legal basis | Retention | Categories of recipients |
|---|---|---|---|---|
| Recruitment | Identity data | Execution of contract or pre-contractual measures | s not accepted, the data is kept for a maximum period of 2 years If the application is accepted, the data is kept for the entire duration of the contract, accompanied by an archiving period intended to comply with our legal obligations or guarantee the legitimate interests of the company. | Human resources services Manager and team concerned Shipfox partners for human resources Authorized third parties |
Legal obligations
Shipfox processes some of your data in order to meet its legal obligations. This is particularly the case in order to secure our services as a provider of electronic communications services, to meet our accounting and tax obligations or to process your requests for rights relating to data protection.
| Purposes | Categories of data | Legal basis | Retention | Categories of recipients |
|---|---|---|---|---|
| Guarantee the security of our customers as a provider of electronic communications services (Directive 2002/58/EC and art 32 of the GDPR) | Identity data Billing data Consumption data Communication data Connection data | Legal obligation | Duration of the contractual relationship plus an archiving period for the data necessary to guarantee compliance with our legal obligations | Entitled Shipfox Services Entitled Shipfox Partners for security management Authorized third parties (auditors etc.) |
| Abuse of Shipfox services includes cyber-crime, copyright violation, illegal or offensive content, spamming and malware distribution. Abuse should be reported in the console. These data processings are likely to be subject to automated decision-making (e.g. anti-spam control) | Identity data User account information | Legal obligation | Duration necessary to meet our legal obligations | Entitled Shipfox Services Entitled Shipfox Partners for the ticketing and support management Authorized third parties |
| Responses to the data protection requests and any complaints related to the protection of personal data | Identity data (including proof of identity) User account information All the data related to the complaint | Legal obligation | 5 years from ticket closing Verification of identity card: 1 month | Entitled Shipfox Services Entitled Shipfox Partner for the management of subject requests Authorized third parties Entitled Iliad service |
| Data breaches management | Identity data User account information related to the data breach All data related to the data breach | Legal obligation | 5 years from the closure of the data breach | Entitled Shipfox Services Competent administrative authority |
| Accounting obligations | Billing data | Legal obligation | 10 years from the end of the contract | Entitled Shipfox Services Entitled Shipfox Partner for the management of payments and invoices Competent administrative authority |
| Legal or administrative procedure management | Identity data User account information related to the case | Legal obligation | The necessary data is kept until the expiration of the legal remedies | Shipfox Legal Department Competent administrative authority Entitled third parties (legal advisor etc.) |
Legitimate interest
Shipfox processes some of your data in order to meet a legitimate interest. This is particularly the case in order to secure our services, ensure the management of unpaid debts and the training of our teams (processing relating to security or fraud may involve profiling techniques).
| Purposes | Categories of data | Legal basis | Retention | Categories of recipients |
|---|---|---|---|---|
| Guarantee the security of services we offer | Identity data User account information | Legitimate interest | Duration of the contractual relationship or duration limited to the limitation period from the closure of the event concerned | Shipfox IT security service Competent administrative authority |
| Debt collection | Identity data User account information | Legitimate interest | 5 years from the payment incident | Shipfox Legal and Accounting Services Entitled Shipfox Partner for debt collection |
| Fraud detection and prevention | Bank details Identity data User account information | Legitimate interest | 5 years maximum from the suspicion of an incident ID card verification: 1 month | Entitled Shipfox service Entitled Shipfox Partner for support and ticketing |
| Litigation management | Identity data Data necessary for the purposes of establishing evidence | Legitimate interest | The data is kept until the expiration of the legal remedies and archived for 10 years | Shipfox legal department Entitled Shipfox partner |
| Ensure the training of our teams | Identity data User account information | Legitimate interest | The data is kept during the contractual period | Entitled Shipfox service |
Data processors
As a data controller, Shipfox uses data processors for the following purposes:
- customer relationship management (support management, etc.)
- carrying out emailing campaigns and surveys on the services
- meeting our legal obligations (accounting, data protection etc.)
- marketing data analysis
- website data analysis
- management of payment services
- consulting or audit firms
- the organization of events
- security and identity control
Shipfox selects its data processors through a strict security control procedure to ensure that they only process data for the purposes for which they have been chosen. Shipfox also ensures that its data processors have technical and organizational security measures in accordance with the regulations relating to the protection of personal data.
Transfer of data outside the European Union
Shipfox strives to minimize data transfers outside the European Union and only carries out such transfers as data controller for the purposes listed above. Data transferred as part of our services is governed by our Data Processing Agreement (DPA)
All transfers outside the European Union are subject to a strict control to ensure that the contracts entered into with our service providers comply with the Standard Contractual Clauses (SCC) updated by the implementing decision ( EU) 2021/914 of the Commission of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council (Text presenting interest for the EEA) and where possible, to supplement these clauses
Requests from authorities
Shipfox undertakes to inform its customers in advance in the event of a request for information from an administrative or judicial authority in order to enable them to assert their rights subject to compliance with applicable regulations. Shipfox cannot oppose such a request if it complies with French or European regulations, an international agreement (art. 48 of the GDPR) or with one of the exemptions provided for in art. 49 of the GDPR.
Link to our partners
Our sites may contain links to our partners. We inform you that these links refer directly to the sites of these partners who have their own confidentiality policy for which Shipfox cannot be held responsible.
Data subjects rights & contact
Shipfox informs you that you have the following rights depending on the purpose of processing:
- Be informed why we process your personal information
- Access your data and obtain a copy of the personal data we process about you
- Rectify incorrect, incomplete or outdated data
- Limit the use of your data
- Oppose the processing of your data if it is processed on the basis of legitimate interest
- Withdraw your consent at any time if the processing is based on this legal basis
- Delete data that is no longer necessary for processing or to meet a legal obligation
- Exercise your right to portability
You can exercise your rights via [email protected]. If you believe that your rights have not been respected, you can also file a complaint with the competent supervisory authority.
Policy update
This privacy policy may be updated according to regulatory developments. Any modification will enter into force from its date of publication.