PIPL Privacy Statement - Inchcape Shipping Services

ISS-SHIPPING.COM PRIVACY STATEMENT PERSONAL INFORMATION PROTECTION LAW (PIPL)

VERSION 1.0

SUMMARY

WE VALUE THE PRIVACY OF YOUR PERSONAL INFORMATION

This Privacy Statement outlines how we collect, hold, use, and disclose your personal information in China. By visiting our website, using any of our services, or providing us with your personal information, you agree to your personal information being collected, held, used, and disclosed as set out in this Privacy Statement. We also rely on the consent you gave your employer when they collected your personal data.

WHAT IS PERSONAL DATA?

Personal data relates to any information about a natural person that makes you identifiable which may include (but is not limited to):

Names and contact information ie emails and telephone numbers
National Insurance Numbers
Employment history
Employee numbers
Credit History
Personal tax
Payroll and accounting data

WHAT IS SENSITIVE PERSONAL DATA?

Sensitive personal data refers to the above but includes genetic data and biometric data. Collecting sensitive personal data requires explicit separate consent with your employer or us directly. For example:

Medical conditions
Religious or philosophical beliefs and political opinions
Racial or ethnic origin
Convictions
Biometric data (eg photo in an electronic passport)

WHAT IS A DATA CONTROLLER?

For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.

The data controller is ISS Group Holdings Ltd, 8th Floor, 60 Fenchurch Street, London, England, EC3M 4AD.

The data protection officer is Giles Stanley, Head of Legal Service who can be contacted at the above address or on DATA.PROTECTION@ISS-SHIPPING.COM or by calling 01375 484900.

THE PURPOSES FOR WHICH WE HOLD, USE AND DISCLOSE PERSONAL INFORMATION

We are only permitted under the PIPL to hold information related to the reason we obtained the personal data for, and we cannot collect excessive data or unrelated data. We confirm that we will comply with the PIPL in all instances.

At Inchcape Shipping Services we take your privacy seriously and will only use your personal information to provide the Services you have requested from us, detailed in your Contract Schedules and as we have identified above. We will only use this information subject to your instructions, data protection law and our duty of confidentiality.

For Business-to-Business Clients and Contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if: we have a genuine and legitimate reason and we are not harming any of your rights and interests.

For Business to Consumer Clients and Contacts our lawful reason for processing your personal information will be “A contract with the individual” e.g., to supply goods and services you have requested, or to fulfil obligations under an employment contract. This also includes steps taken at your request before entering a contract. As part of engaging in a contract, additional personal data may be required for the purpose of legal and regulatory compliance.

Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors, and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

We collect information on our website to process any enquiries. If you agree, we will also use this information to share updates with you about our services which we believe may be of interest to you.

We will not share your information for marketing purposes with companies so that they may offer you their products and services.

Other purposes – for any other purpose communicated to you at the time we collect your personal information or as required or permitted by law.

Occasionally we may be required or authorised to collect personal information because of laws in China or an order of a Court / Tribunal. If we are collecting personal information for this purpose, and we are permitted to do so, we will tell you.

The categories of personal data we process are determined by the data controllers we are acting for and based on their instructions to us.

TRANSFERRING YOUR INFORMATION OUTSIDE OF CHINA

We will only transfer your personal information outside China where you have given your consent to such transfer, and you are aware and understand the reason why the transfer is required in line with contractual obligation or legislation.

If your consent has been obtained, we may transfer personal data outside China, for example, to enable our partners to deliver services as part of an established contract. Our contractual arrangements with these entities generally include an obligation for them to comply with other countries data protection laws and have in place security controls commensurate with our own. (E.g., encryption)

As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside of China. For example, some of our third-party providers may be located outside of China. Where this is the case, we will take steps to make sure the right security measures are taken (such as using encryption or through dedicated systems) so that your privacy rights continue to be protected as outlined in this policy.

By submitting your personal data, you’re agreeing to this transfer, storing, or processing. Where our third-party supplies are in the US we have ensured that their services fall under the “PRIVACY SHIELD” or suitable equivalent whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EU to the US.

If you use our services while you are outside of the EU, your information may be transferred outside the EU to give you those services.

We will only transfer your personal information overseas in limited circumstances for instance if our service provider is not resident in China and it is required to meet the requirements of a contract or legal obligation. We have explained above how we can transfer data overseas. For example, we may transfer information via email to service providers, their representatives or our representatives who are located overseas.

You should tell us if you object to any such transfer. Data transfer overseas will not impact national security.

PERSONAL INFORMATION WE COLLECT AND HOLD

The personal information we collect and / or hold about you may include:

Names and contact information ie emails and telephone numbers
National Insurance Numbers
Employment history
Employee numbers
Credit History
Personal tax
Payroll and accounting data
Medical conditions
Racial or ethnic origin
Convictions
Biometric data (eg photo in an electronic passport)

Inchcape Shipping Services, as a Data Controller, is bound by the requirements of the General Data Protection Regulations (GDPR) and the rules of the countries we operate in, for example, in China, PIPL.

You agree that we are entitled to obtain, use, and process the information you provide to us to enable us to discharge the Services (as defined in our Contracts) and for other related purposes including.

Updating and enhancing client records
Analysis for management purposes
Carrying out credit checks in relation to you
Statutory returns
Legal and regulatory compliance
Crime prevention

WHAT HAPPENS IF YOU DON’T GIVE US YOUR PERSONAL INFORMATION?

If you don’t provide us with the required personal information, we and our partners may not be able to provide you with some or all services (e.g., we may not be able to assist with completing visa applications). Where we collect personal information from you, we expect you to tell us if you do not consent to us disclosing the personal information you provide to us to the types of third parties referred to above. You have the right to withdraw consent at any time.

HOW WE COLLECT AND HOLD PERSONAL INFORMATION

HOW WE COLLECT

We collect information about you when you fill in any of the forms on our websites i.e., sending an enquiry, signing up for an event, filling in a survey, giving feedback, applying for a vacancy, etc. Where necessary, website usage information is collected using cookies.

Cookies are text files put on your computer to collect standard internet log information and visitor behaviour information. This information is then used to track visitor use of the website and to create statistical reports on website activity. For more information visit WWW.ABOUTCOOKIES.ORG or WWW.ALLABOUTCOOKIES.ORG.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. Please note in a few cases some of our website features may not function because of this.

Analytics – e.g., how visitors use our website.

We use Google Analytics to store information about how visitors use our website so that we may make improvements and give visitors a better user experience.

Google Analytics is a third-party information storage system that records information about the pages you visit, the length of time you were on specific pages and the website in general, how you arrived at the site and what you clicked on when you were there. These cookies do not store any personal information about you e.g., name, address etc. and we do not share the data. You can view their privacy policy below:

Google – HTTP://WWW.GOOGLE.COM/INTL/EN/POLICIES/PRIVACY/

IP addresses

An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet. Inchcape Shipping Services do not have access to any personal identifiable information, and we would never seek this information. Your IP address is logged when visiting our site, but our analytic software only uses this information to track how many visitors we have from regions.

Internet Based Advertising

We use Linkedin, Instagram, Facebook, and Twitter advertising services and as such there are tracking codes installed on our website so that we can manage the effectiveness of these campaigns. We do not store any personal data within this type of tracking.

FROM WHOM WE MAY COLLECT

We may collect such information directly from you or through your employer. We may also collect personal information from publicly available sources such as the phone book or public websites.

WHEN WE COLLECT PERSONAL INFORMATION FROM YOU ABOUT SOMEONE ELSE

We may seek to collect from you, personal information about another person. This may happen if you have personal information about another person which is employed by your organisation. For example, you are arranging for hotel services for your employees. If you provide us with information about another person, then you must:

Have their consent to do so; and
Tell them:
- That you are disclosing their personal information to us; and
- Refer them to this Privacy Statement.

HOLDING PERSONAL INFORMATION:

We hold personal information electronically and on paper / in hard copy.

For the personal information we hold electronically we take reasonable security measures including firewalls, secure logon processes, encryption, and intrusion monitoring technologies.

For the information we hold in hard copy / on paper we have in place reasonable confidentiality procedures, and we also take reasonable security measures. We also require third party providers to hold personal information securely.

SECURITY MEASURES

Inchcape will deploy various security measures to protect personal data, including but not limited to encryption of data in motion and at rest, identification and authentication of users, and industry standard security controls for devices, networks, and applications.

Inchcape has in place a dedicated Cyber Security Team with supporting managed services to ensure that the above.

Inchcape holds relevant security certification such as ISO27001 which is subject to regular audit.

YOUR RIGHTS

Your information, regardless of type except in the context of marketing and recruitment, will be held for at least seven years for legal, regulatory, and accounting purposes and thereafter for as long as reasonably necessary or as we are contractually required to do so.

For information held for marketing purposes, we will hold your data until you tell us to not hold said data. You will have the opportunity to opt out or update or delete data at any point should you need to do so, and details are set out in this policy as to how to do this.

For information held for recruitment purposes, we will hold your data for the period of six months, thereafter your application and CV will be deleted.

In all cases with the above, such data is deleted or anonymized once these periods have passed or the data is no longer required to achieve its purpose.

You have the right to withdraw consent for us to process your information at any time.

You have the right to withdraw consent for us to pass your information to third parties that we have outlined in this policy.

However, withdrawing consent may result in us ceasing to provide services in question and may prejudice those services for which we are instructed by your employer or other parties to perform.

To rectification or restriction of the way in which we are processing your information; or to object to us processing it.

To withdraw consent to processing your information – although this may mean we can no longer handle your personal data and provide you with services.

To erasure of your personal information provided it is no longer necessary for the purposes for which it was collected; or where there is no legal basis for us processing it.

Where we have collected information about you from sources other than yourself, information about those sources.

To ask us whether any decisions are being taken about you by automated means and if this is happening; information about the logic involved and any significant consequences on you – Inchcape does not typically use automated decision making.

To ask for a copy of your information which is data portable. (See Accessing your information section below)

To ask us about the appropriate safeguards we take if we transfer your information to a third country or international organisation.

You can exercise any of these rights at any time by writing to the Data.Protection@iss-shipping.com under the Accessing your information section below

If you are not satisfied about the way in which your information is handled, you have the right to lodge a complaint to the Cyberspace Administration of China

ACCESSING YOUR INFORMATION (SUBJECT ACCESS REQUEST):

You can make a written request to access the personal information we hold about you. If we can’t meet your request for access, we’ll let you know why.

You have the rights to the following information:

The purpose(s) for which we are processing your information.
Details of the person handling your information.
The categories of personal information we hold about you.
The recipients or categories of recipient to whom the personal data have been or will be disclosed.
The period for which we will store your information; or the criteria used to determine that period.

There is no fee to be paid for this information although you may be required to provide evidence of your identity.

Some of our partners have a different process for the handling of these request, we will inform you if this is the case.

Objections to processing of personal data

It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise, or defence of a legal claims.

Data Portability

It is also your right to receive the personal data which you have given to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:

(a) The processing is based on consent or on a contract, and

(b) The processing is carried out by automated means.

Your Right to be Forgotten

Should you wish for us to completely delete all information that we hold about you then email this request to DATA.PROTECTION@ISS-SHIPPING.COM

KEEPING YOUR INFORMATION ACCURATE

We take reasonable steps to ensure that the personal information we collect and store, use or disclose is accurate, up-to-date, and complete. However, we rely on you to advise us of any changes to your information to help us do so.

If you believe your personal information is not accurate, up-to-date, or complete, then please let us know. If you’d like to request access to or seek correction of your personal information, please contact us. Our contact details are at the end of this Privacy Statement.

COMPLAINTS ABOUT HOW WE HANDLE YOUR PERSONAL INFORMATION:

If you have a complaint about our handling of your personal information or an alleged breach of the principles contained in the Law No. 81, please contact us, and provide us with the details of your complaint / the alleged breach as well as any supporting evidence. You can contact us via the below options:

Data.Protection@iss-shipping.com

Refer to the website – www.iss-shipping.com to obtain contact details.

We will promptly acknowledge the complaint, carefully investigate it, and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any further information and will provide you with our determination once it is made. If you are unhappy with our determination, please contact: the Cyberspace Administration of China225 Chaoyangmennei Da Jie, Beijing, China, 100010; phone: (010)88050686.