Latest Version Posted: September , 2022
If you have questions or complaints regarding our Policy or practices or want to assert your rights, please contact us as detailed under the “How to Contact Us” heading below.
We take the privacy of our customers and their downstream customers very seriously. We never share the information of our customer’s customers under any circumstances, unless it is required to complete the transaction contracted with our customer or by law.
Except where otherwise specified, this Policy applies to the Personal Data we collect from or that otherwise relates to visitors to our sites and users of our Services. Our handling of the Personal Data of the end-customers of the users of our Services is governed by our Terms of Service.
2. WHAT WE DO WITH YOUR Data.
We want to be clear about what data we collect and how we use it to deliver our Services to you, operate our business, and make our Services work better for you. This Policy describes how we process and secure the data that you provide, or that is otherwise shared with us, which can be used to identify you (“Personal Data”). It also describes your choices regarding use, access and rectification of your Personal Data. We do not sell your Personal Data to third parties for their own uses.
a) Types of Data We Collect. In connection with access to our Services, we collect Personal Data, such as your name, shipping/billing address, email address, phone, credit card/bank account number, username and password.
We collect or otherwise receive information when you register or open an account, sign in, pay fees, purchase or otherwise use a Service, call us for support, or give us feedback. We may also obtain information from other companies or third parties, such as when you synchronize a third party account or service with your ShipStation account, or when we may use service providers to supplement the Personal Data you give us (e.g., validate your mailing address) to help us maintain the accuracy of your data and provide you with better service. We may collect content or other information that you may provide or create when you interact with our Services.
We may automatically collect certain usage information when you access our Services (“Usage Data”), such as Internet Protocol (“IP”) addresses, log files, unique device identifiers, pages viewed, browser type, any links you click on to leave or interact with our Services, and other usage information collected from cookies and other tracking technologies. For example, in order to monitor the inferred locations from which users navigate to our Services, we may collect IP addresses to track and aggregate your approximate geographic location (i.e. at the level of the city or similar area associated with your IP address). This Usage Data is tied only to your IP address and to no other identifying data, such as your name or email address.
We may also collect IP addresses from users when they log into the Services as part of our log-in and security features, and use these to assist with authenticating users.
Our Services may change over time and we may introduce new features that may collect new or different types of data. More information about how we will notify you about these changes is provided below.
b) How We Use Your Data. We use your Personal Data for the following purposes:
Account Registration. We use your name, address, phone number, billing information, and email address to register your account for certain Services we provide and to communicate important service-related information to you, based on the performance of our contract with you (Art. 6 (1) b GDPR). We may obtain additional Personal Data about you, such as address change information, from commercially available sources, to keep our records current, based on our legitimate interest to keep up-to-date information about our customers (Art. 6 (1) f GDPR). If you establish an administrator account that may be accessed by people other than you, please note that they may see and have the ability to change or delete your Personal Data. Please be careful to whom you grant administrator access.
To Provide Our Services. We use your Personal Data to provide you with our Services and to provide you with support related to our Services based on the performance of our contract with you (Art. 6 (1) b GDPR), and to help us protect our Services, including to combat fraud and protect your information based on our legitimate interest to ensure the security of our Services (Art. 6 (1) f GDPR).
Customer Service and Technical Support. We may use your name, address, phone number, email address, how you interact with our Services, and information about your computer configuration to resolve questions you may have about our Services, based on your consent (Art. 6 (1) a GDPR), and to follow up with you about your experience, based on our legitimate interest to understand and monitor customers’ experience and satisfaction (Art. 6 (1) f GDPR) to the extent permitted by applicable law. We also offer various Internet chat services, for example, to speak with a ShipStation customer support representative. Internet chat transmissions are encrypted, but you should not supply more Personal Data than is required to address your specific issue. A transcript of the session may be retained to resolve questions or issues related to our Services, based on our legitimate interest to document how we respond to customers’ requests and be able to respond to further claims as the case may be (Art. 6 (1) f GDPR).
Communicate with You and Tell You About Other Services. Based on your consent (Art. 6 (1) a GDPR), or based on our legitimate interests to promote our activities (Art. 6 (1) f GDPR) where permitted by law, we may use your Personal Data to communicate with you about our Services, and to give you offers for third party products and services that we think may be of use to you. You can withdraw your consent or opt-out at any time from these marketing and promotional communications. Please see below under “What You Can Do to Manage Your Privacy” for the choices you have regarding these communications.
To Improve Services and Develop New Services. We will use your Personal Data to personalize or customize your experience and the Services, develop new features or services, and to improve the overall quality of ShipStation’s Services, based on our legitimate interests to assess, improve and develop our Services (Art. 6 (1) f GDPR).
Feedback. We may use any Personal Data you volunteer in surveys you answer for us and combine them with answers from other customers in order to better understand our Services and how we may improve them, based on our legitimate interest to understand and monitor customers’ experience and satisfaction as well as to assess, improve and develop our Services and activities (Art. 6 (1) f GDPR). Answering any survey is optional.
Claims and Litigation. We may also use your Personal Data for the purpose of managing claims or litigation related to you, based on our legitimate interest to defend our legal rights (Art. 6 (1) f GDPR).
c) How We Share or Disclose Your Personal Data. From time to time, we may need to provide your Personal Data with others.
Third Party Service Providers. We provide your Personal Data with third party service providers who perform various functions to enable us to provide our Services and help us operate our business, such as website design, sending email communications, SMS (text messaging), advertising, fraud detection and prevention, customer care, third party surveys or performing analytics. These companies are provided with only the Personal Data necessary to provide these services to us. We may disclose your Personal Data to a third party for a business purpose where we have entered into a collaboration with such third party. When we disclose Personal Data for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract. Our contracts with these third parties require them to maintain the confidentiality of the Personal Data we provide to them, only act on our behalf and under our instructions, and not use Personal Data for purposes other than the product or service they’re providing to us or on our behalf.
Response to Subpoenas and Other Legal Requests. We may disclose your Personal Data to courts, law enforcement agencies or other government bodies when we are required or permitted to do so by law, including to meet national security or law enforcement requirements, or to respond to a court order, subpoena, search warrant, or other law enforcement request (Art. 6 (1) c GDPR).
Protection of ShipStation and Others. When we consider it to be appropriate and necessary, we may disclose Personal Data to third parties in order to enforce or apply our products’ Terms of Service and other agreements, or to protect the rights, property, or safety of ShipStation, our Services, our users, or others, based on our legitimate interest (Art. 6 (1) f GDPR). For example, this may include exchanging information with other companies and organizations for the purpose of fraud protection and credit risk reduction. Such receiving organizations are prohibited from using any ShipStation-provided Personal Data for any other purpose.
Data Sharing Between ShipStation Entities. We share your Personal Data with and among our affiliated companies (i.e., our subsidiary companies, our parent company, and any companies also controlled by our parent company), based on our legitimate interest to use a common infrastructure (Art. 6 (1) f GDPR), except where prohibited by law. We share your information for our everyday business purposes, such as where our affiliated companies assist us in processing your transactions, maintaining your accounts, or operating/managing parts of our technology platform. We may also share information about your transactions and experience so that we can operate our business effectively, detect and prevent fraud, and improve our Services.
Sharing with Third Parties for Promotional Purposes. To the extent permitted by applicable law, ShipStation may share certain Personal Data, including your email address, with carefully selected third parties that will allow them to mail you promotional materials about quality goods and services (including special offers and promotions) that may be of interest to you. The information shared will not include your phone number; any information related to your postage or mailing activity; or any information related to your customers or address lists. If you later change your mind, you may contact ShipStation at any time to request that your information not be shared with such third parties or by accessing the opt-out link in any email communication from ShipStation or by clicking here.
Sale of Our Business. If we sell, merge, or transfer any part of our business, we may be required to share your information on a confidential basis, to any prospective transferee and its professional advisors for the purposes of their due diligence investigations, the completion of any such transaction, and the continued operation of the acquired business, based on our legitimate interest to sell our business (Art. 6 (1) f GDPR).
Otherwise, With your Consent. Other than as set out above, we will provide you with notice and the opportunity to choose when your Personal Data may be collected, used, shared with other third parties, or otherwise processed (Art. 6 (1) a GDPR).
d) Syncing, Linking, Connecting Other Third Party Services with Your ShipStation Service.
We work with other companies or developers to offer you products and services and you may choose to sync, link or connect other third party services with your ShipStation Services. As permitted under the terms of this Policy and applicable law, sometimes ShipStation may let you know about the service or product, or another company may let you know about a ShipStation service or product. If you choose to accept these services, providing your consent to either the third party or to us, we may exchange your Personal Data , including information about how you interact with each provider’s service or product. This exchange of information is necessary to maintain business operations and to provide the ongoing service that you have requested.
3. WHAT YOU CAN DO TO MANAGE YOUR PRIVACY.
a) Your Rights. In connection with your right to manage your Personal Data you provide to us, you may access, update, change, rectify or request erasure or portability of your data either through the Service or through our customer support. You also have the right to withdraw your consent, object to processing based on our legitimate interest or for marketing purposes, or request the limitation of the processing of your Personal Data at any time and for the future. You can reach our customer support or, where needed, our data protection officer, by using the contact information provided in the “How to Contact Us” section of this Policy. Finally, you have the right to lodge a complaint to a data protection authority.
b) Managing Marketing Communications From Us. We will honor your choices when it comes to receiving marketing communications from us.
You have the following choices if you have been receiving marketing communications from us that you no longer wish to receive:
- You may contact ShipStation at any time via the contact details provided in Section 8 below to withdraw your consent or opt-out from marketing or set preferences when you register with ShipStation.
- Access the opt-out link in any email communication from ShipStation or by clicking here.
Remember that even if you choose not to receive marketing communications from us, we will continue to send you mandatory service or transactional communications.
4. DATA RETENTION
In accordance with and as permitted by applicable law and regulations, we will retain your information only as long as necessary to serve you, to maintain your account for as long as your account is active, or as otherwise needed to operate our business, including to comply with our legal and reporting obligations, resolve disputes, enforce our agreements, complete any outstanding transactions and for the detection and prevention of fraud. When you close your account, we may continue to communicate with you about our Services, give you important business updates that may affect you, and let you know about our products and services that may interest you for a limited time, as permitted under applicable law.
5. SECURITY OF YOUR Personal data.
Keeping your Personal Data safe is important to us. We provide reasonable and appropriate security measures in connection with securing Personal Data we collect, though no method of transmission over the Internet, or method of electronic storage, is 100% secure.
For example, we:
- Consistently work to update our security practices to implement accepted best methods to protect your Personal Data, and review our security procedures carefully.
- Comply with applicable laws and security standards.
- Securely transmit your sensitive Personal Data.
- Train our staff and require them to safeguard your data. Limit the staff with access to your Personal Data.
- Transmit, store, protect, and access all cardholder information in compliance with the Payment Card Industry’s Data Security Standards.
6. INTERNATIONAL DATA TRANSFERS.
We take the necessary measures to comply with the applicable legal conditions for the transfer of Personal Data to recipients located in countries outside the EEA, to ensure that your Personal Data transferred to these countries receive adequate protection in accordance with applicable data protection rules. To this end, we use EU Standard Contractual Clauses.
7. HOW TO CONTACT US.
a) Via Email. Please contact us by email at [email protected].
From time to time we may change or update our Policy. We reserve the right to make changes or updates at any time. More information about how we will notify you is below.
If we make material changes to the way we process your Personal Data, we will provide you notice via our Service or by other communication channels, such as by email or posting on our site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Please review any changes carefully. If you object to any of the changes and no longer wish to use our Services, you may close your account(s). All changes are effective immediately upon posting. However, you will be informed of any material change to this Policy at least 10 days before posting.
9. Processing OF CHILDREN’S PERSONAL data.
We do not knowingly process data from minors.
ShipStation Services are intended for and directed to adults. Our Services are not directed to minors and we do not knowingly process Personal Data from minors.