Privacy policy

This Privacy Policy (the “Policy”) describes how CtrlChain processes personal data of natural persons (“Data Subjects”, “you”) when you interact with CtrlChain System (“System”), our website (https://ctrlchain.com), our Mobile Application (“Mobile App”), and when we provide services (“Services”).

CATEGORIES OF PERSONAL DATA PROCESSED

Identity & Contact Data: First and last name, title, gender, company name (employer), registered address / postal address, email address, phone number, billing address, Chamber of Commerce number (if applicable), VAT number (if applicable).

Customer Account Information: Customer ID, account username, account password, account number, and other information that we may request or that you may provide relating to your account.

Financial Data: Name of account holder, IBAN / Bank account number, BIC number, invoices and purchase records, payment transactions (both outgoing and incoming), details of the payment card or financial account you use to pay for our services.

Operational & Technical Data: Location data of affiliated carriers, IP address, statistical data regarding usage of our websites (such as browsing behavior, interaction patterns).

Communication & Correspondence Data: Messages and correspondence via live chat, contact forms submitted through our website, email communication records.

Job Application Data: Application letters, Curriculum Vitae (CV), date of birth, education and career information, any other personal data provided during the job application process.

Other Personal Data: Any additional personal data provided by you or obtained from you in the context of our Services or interactions, which are used strictly for the purposes mentioned above.

We do not always process all the above data, this depends on the type of relationship, the service in question and (if applicable) the consent you have given us.

Please note that we may aggregate or anonymize the foregoing types of data such that they are no longer capable of identifying you, in which case they are not considered “personal information”

SOURCE OF DATA

We collect personal data directly from you when you use our System, and Mobile App.

Our website automatically collects information about visitors via:

1. Information from Social Media

If you interact with us on any social media platform: (i) depending on your social media privacy settings, the personal information that you submit on the social media platform may be read, collected, or used by us as described in this Policy, and (ii) where we respond to any interaction with you on social media, your account name/handle may be viewable by any and all members or users of our social media accounts. Social media platforms operate independently from CtrlChain and we are not responsible for the personal information that you choose to submit or link on any social media platform. We encourage you to review the privacy policies and settings of any social media platform with which you interact to help you understand their privacy practices.

2. Information from Other Sources

We may obtain both personal and non-personal information about you from business partners, contractors, suppliers, and other third parties and add it to other information we have collected. We, and the third parties we engage, may combine information we collect from you over time, and across the Site, with information obtained from other sources. This helps us improve the information’s overall accuracy and completeness, and also helps us better tailor our interactions with you.

PURPOSES OF PROCESSING

We process your personal data for one or more of the following purposes (depending on our relationship with you):

• Negotiating, entering into, and managing our business relationship and agreements with your company, including providing our services and processing payments from your company.
• Providing and optimizing your experience on our System (including our application) and ensuring that we present our content to you in the most effective manner.
• Communicating with you and responding to your inquiries and communicating regarding our services, our agreements with your company, and other issues.
• Managing customer service issues, including issues relating to the performance of our services and customer feedback.
• Selecting the correct carrier to you for specific transport needs and providing “track and trace” functionality for active orders.
• We process your personal data as necessary to comply with our legal and regulatory obligations, including enforcing our agreements, fulfilling tax and record-keeping requirements, cooperating with supervisory authorities, and defending or advancing legal claims
• Marketing purposes: We use your personal data to send out newsletters, invitations to our events and other marketing communications that may be relevant to you, as well as in the context of (registration for) one of our marketing events. When you have attended one of our events, we may also contact you for feedbackSending you promotional or informational communications and solicitations, tracking your marketing preferences, and for our internal marketing purposes.
• Developing, updating, and improving our services, customer service, and customer experience, and otherwise improving our knowledge and insights regarding customers.
• Preventing and detecting fraud, financial crime, hacking activities, security breaches, and other unlawful activities in connection with the Site or the purchase or use of our services.
• Performing other functions as otherwise described to you at the time of collection or to which you otherwise consent.
• Job applications and recruitment: The data you share with us if you apply for a job with us (via email/mail, the job application form on our website or via social media) or that we receive via recruiters, is processed by us to contact you for the purposes of our job application procedures and to deal with your job application. We may also process your personal data in the context of (a registration for) an internship at one of our branches.
• Access control and security: For safety purposes (evacuation in case of calamities) we keep a list of visitors to our business premise(s). These lists are destroyed at the end of the day in question.
• Other processing: We may also process your data to carry out customer satisfaction surveys, or to handle any questions or complaints.

NECESSITY OF DATA PROVISION

Provision of certain personal data is necessary to enter into or perform a contract with CtrlChain. Failure to provide such data may result in the inability to provide the requested Services.

DISCLOSURE OF PERSONAL INFORMATION

When the data we collect about you is aggregated, anonymized, or otherwise does not identify you, we may use that information for any purpose or share it with third parties, to the extent permitted by applicable law.

In addition, we may share your information with the following types of entities:

• Business partners, service providers, and third-party vendors necessary for the performance of any contract we enter into with you. For example, we may disclose your information to our carriers assisting with a specific shipment, shipping logistics planners, insurance providers, and legal counsel in the event of a dispute.
• Marketing and advertising vendors that may assist with lead generation, hosting information relating to clients and potential clients, marketing automation, advertisement placement and targeting, and marketing campaigns and communications.
• Regulatory and governmental authorities, law enforcement agencies, and courts, as necessary to comply with applicable laws and regulations, respond to a subpoena, search warrant, or other lawful request for information, or to otherwise protect our rights.
• Service providers we use to facilitate our business operations and administration. These third parties have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. For example, our service providers include (i) IT and system administration providers, (ii) data storage providers, and (iii) vendors to facilitate payments and payment processing.
• Analytics vendors in order to understand our System traffic and usage patterns, optimize our System, and identify potential new customers.
• Buyers or other successors prior to or in the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as a part of bankruptcy, liquidation, or similar proceeding, where the information is among the assets transferred.
• Other parties for any purpose we disclose at the time you provide the information. CtrlChain’s cooperation with such third-party service providers is essential for the performance, operation, and continuous improvement of its System, Website, Mobile App, and Services. CtrlChain collaborates with the following third-party processors: Qubiz, Enjins, Pionative, CO3, PTV, DeliveryMatch, U-turn, Hubspot, Snowflake, Google, Microsoft Azure, Exact online, Zenvoices, Netsuite.

WEB BEACONS AND OTHER TECHNOLOGIES

Our System and website may use other tracking tools, including web beacons (also known as clear gifs, pixel tags, and single-pixel gifs), which are small electronic images embedded in content and email messages that are not ordinarily visible to users. Web beacons allow us to track pages and content accessed and viewed by users, as well as to monitor email readership.

MARKETING EMAILS

As required by applicable laws, you can opt-out of receiving promotional emails from us by clicking the “opt out” link in any such promotional emails and following the instructions provided.

COOKIES

CtrlChain uses cookies and similar technologies on its website to enhance user experience, secure the System, and analyze website performance. You can manage or disable cookies via your browser settings. For more information, refer to our Cookie Statement

GOOGLE ANALYTICS

As discussed above, we use Google Analytics in connection with the System. If you would like to refrain from having your data collected by Google Analytics, Google has developed an opt-out browser that you can use. You can find more information on how Google uses information it collects.

DO NOT TRACK MECHANISMS

Please note that our System does not honor “Do Not Track” signals, and such signals will not impact the operation of this System.

LINKS

CtrlChain’s website and Mobile App may contain hyperlinks or references to external websites operated by third parties. Such websites are not controlled by CtrlChain, and we accept no responsibility or liability for the content, data processing activities, or privacy practices of these third parties. We strongly advise data subjects to carefully review the privacy policies and terms of use applicable to such external websites prior to disclosing any personal data.

SHINE THE LIGHT ACT

California Civil Code § 1798.83 (California’s Shine the Light Act) further permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you are a California resident, you may ask us to refrain from sharing your personal information with certain of our affiliates and other third parties for their marketing purposes. Please tell us your preference by contacting us at the contact information below.

CHILDREN’S PRIVACY

Our System is a general audience site and is not directed at, or intended for use by, children under the age of 13 years. We do not knowingly collect personally identifiable information from children. If you become aware that a child has provided us with personal data, please contact us.

DATA SECURITY

CtrlChain has implemented appropriate technical and organizational measures to protect personal data

against unauthorized access, loss, or alteration, including:

• Encryption of digital files
• Secure network connections using SSL/TLS protocols
• Role-based access controls
• Multi-factor authentication for access to systems containing personal data

Please be aware that no data transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot ensure or warranty the security of any information you transmit to us, and you do so at your own risk.

DATA RETENTION

Personal data is retained for no longer than is necessary for the purposes for which it is processed, or as required by applicable laws. Data is securely deleted when no longer necessary.

CtrlChain may retain certain personal data in a blacklist or internal register where necessary for the prevention, investigation, or prosecution of fraud, non-payment, abuse of our Services, or other wrongful acts. Such processing is carried out on the basis of CtrlChain’s legitimate interests in safeguarding its business operations.

The storage of personal data in such registers shall be limited to what is strictly necessary, and data shall not be retained longer than required for the purposes for which it is processed.

DATA SUBJECT RIGHTS

As a Data Subject, you have the right to request us to access, rectify, erase, restrict and transfer your personal data. You also have the right to object to the processing of your personal data. Please note that individuals’ rights are subject to certain restrictions and may not always be granted. A request may be denied in part or in full following these restrictions, such as legal obligations, the rights of third parties and the legitimate interests of CtrlChain. If we are unable to grant a particular request, we will inform you of this, with a statement of reasons.

As far as the processing of your personal data is based on consent, you have the right to revoke this consent at any time. Any withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

You may exercise these rights by submitting a request to dpo@ctrlchain.com. We may request proof of identity and will respond within one month.

AMENDMENTS

CtrlChain reserves the right to amend this Privacy Policy. Changes will be published on our website and System. It is therefore advisable to consult our website regularly to keep up to date with any changes.

CONTACT

For questions, comments, or to exercise your rights, you may contact:

CtrlChain

500 W. Madison St. STE 3105 Chicago, IL, 60661

T: +1 312 646 3814

E: dpo@ctrlchain.com