Privacy Policy

Our role for GDPR purposes:

In general, our role for GDPR purposes is categorised as a DATA PROCESSOR, occasionally we may act as a JOINT DATA CONTROLLER.

We only gather data about our client's activities and their customers when we have been given express authority to do so.

Such information is usually supplied directly to Us by the Client electronically (we always encourage the use of strong encryption and secure data transfer practises).

We will only access and process our Client's data and that of their Customers in order to complete the required mandate in question. We may retain information in relation to business to business matters where we have express authority to do so.

We actively encourage

Utilisation of data minimisation pseudonymisation techniques in order to exchange only the required information

  • Secure data through strong encryption and never to re-use passwords or use passwords that are easy to guess

  • Never exchange passwords / access keys through the same medium as the data was transferred (i.e.; e-mail) nor include these with the data itself

  • Use secure data transfer methods and to set short retention periods where possible

Information We Collect

We currently collect and may process the following information:

  • Personal identifiers relating to your employees, contacts and characteristics

  • Personal identifiers relating to your suppliers or potential suppliers, contacts and characteristics

  • Personal identifiers relating to your end customers, contacts and characteristics

  • Information about your organisation, systems, processes and procedures some of which may be attributable to a person or person(s)

  • Certain business data such as forecast or sales related data some of which may be attributable to a person or person(s)

  • Location based intelligence and places of business or activity some of which may be identifiable to a person or person(s)

How We Get Information & Why

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • For accounting purposes such as raising invoices

  • To robustly communicate with the necessary stakeholders within your organisation

  • Evaluate and diagnose business processes as agreed

  • Recommend and implement changes to business processes as agreed

We also receive personal information indirectly, from the following sources in the following scenarios:

  • External businesses you contract, or might contract with and have given consent to two-way communication

  • Through relevant documents and data you or your associates have shared with us

  • By directly accessing your managed systems to obtain information on a self-service basis

Exchange of Information

Where given express permission to do so, we may share data with other organisations or individuals, we will always inform you before we do this and unless otherwise stated no more than one piece of customer identifiable data would be shared, for example postcode but never this in addition to another form of identifiable data such as order number, name, address, telephone number etc.

Lawful Purposes for Processing Data

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

a) Your consent*

b) We have a contractual obligation

c) We have a legal obligation

d) We have a vital interest^

e) We need it to perform a public task^

f) We have a legitimate interest^

 *you are able to remove your consent at any time, this can be done by by e-mailing hello@shipmax.co.uk

^reasons d, e & f would not usually apply.

How We Store Your Personal Information

Your information is securely stored.

We keep organisational information including employee names and telephone numbers for a maximum of six years. We delete all end customer data with at two or more identifiable attributes immediately upon completion of the contractual mandate. Data with one or less identifiable attributes may be stored in line with organisational information. This is done by expunging e-mails >6 years as well are regularly reviewing data stored on physical devices and cloud services.

Your Data Protection Rights

Under data protection law, you have the following rights including:

Your right of access

You have the right to ask us for copies of your personal information

Your right to erasure

You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete

Your right to rectification

You have the right to ask us to erase your personal information in certain circumstances

Your right to restriction of processing

You have the right to ask us to restrict the processing of your personal information in certain circumstances

Your right to object to processing

You have the the right to object to the processing of your personal information in certain circumstances

Your right to data portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances

Please contact us by e-mailing hello@shipmax.co.uk  if you wish to make a request. There is no fee to making such requests provided they are reasonable and lawful.

We have one month to respond to you.

How to Complain

If you have any concerns about our use of your personal information you are at liberty to take one of the following courses of action:

Contact Us

You may call or e-mail our data protection officer using any one of the details below. We will always endeavour to treat you fairly and respect and we kindly request this is reciprocal.

If you make a request, we have one month to respond to you.

hello@shipmax.co.uk

+44 (0) 208 051 2175