개인정보 보호 정책
1.INTRODUCTION
We are pleased that you come to us and are interested in our company, products and services. Your trust is important to us. We are committed to protecting your privacy and the security of information that can directly or indirectly be used to identify a natural person (hereinafter “Personal Data”) during the processing throughout the entire business process. CIRRO has created this Privacy Statement to explain how we collect and use your Personal Data.
Last updated: December 01, 2022.
When this Privacy Statement mentions “CIRRO”, “we”, “us”, it is referring to the company that is decided on the purposes and means of the processing of your Personal Data under this Privacy Statement. Your Personal Data will be collected and controlled by YunExpress Europe B.V.
Contact Information:
YunExpress Europe B.V.
Schiphol Boulevard 167, 1118BG Schiphol, The Netherlands
If you have any questions about our use of your personal data during or after reading this Privacy Statement, you can of course always contact us through the email of DPO@ztn.com.
2.DOES THIS PRIVACY STATEMENT APPLY TO YOU?
This Privacy Statement applies to you if you are a customer of CIRRO or if you contact CIRRO, for instance, by visiting www.cirrotrack.com including any pages and mobile apps (hereafter “Websites”), or if you receive emails from CIRRO.
Our Websites, products and services are for a general audience and not aimed at children. In principle, we do not collect Personal Data from children under age 14. If you are under the age of 14 and you want to use our services, please rely on a parent or guardian to assist you.
If a child under the age of 14 may have disclosed Personal Data to us, the parent or guardian can contact us and we will remove Personal Data if required.
3.WHAT PERSONAL DATA DO WE COLLECT?
In the course of its business activities and providing the services, CIRRO will need to process Personal Data. Without your Personal Data, we will not be able to provide you with the requested services. As a rule, the Personal Data that you provide directly or indirectly to CIRRO when using our services and visiting our Websites are:
• Contact Information. This includes your name, address, email address and telephone number;
• Financial Information. This includes your bank account number, payment status and invoices;
• Identification Information. This may include your ID number, password number or driver’s license number, which ensures that we can identify you;
• Account Information. This includes login information, including your user name, email address, telephone and other information provided through your account;
• Shipper’s Information. This includes shipper’s name, address, email address and telephone number;
• Recipient’s Information. This includes recipient’s name, address, email address and telephone number;
• User Data and Preferences. This includes, where applicable, shipment volumes, complaints, transaction history and related commercial activity, communications, survey information, and your preferences.
• Automatically generated information. This includes IP address, unique device or user ID, system and browser type, date and time stamp, referring website address, content and pages you accessed on our websites or mobile applications, date, time and location actions.
In addition to the above categories of Personal Data, depending on your interaction with CIRRO, we may collect other types of information which may or may not contain Personal Data. Such information related to shipments and services may include shipment tracking number, shipment routing information, location data, status of a shipment, delivery location, packaging type, number of pieces, weight, prices, picture of the parcel, proof of delivery and customs information.
4.HOW Do WE COLLECT PERSONAL DATA?
CIRRO collects Personal Data when it is provided by the shipper or our contractual customer or by a visitor to our website. If you are the shipper or our contractual customer, then we receive your Personal Data directly from you. Examples of situations where CIRRO collects Personal Data directly are:
• The name, address, and phone number of a person tendering the shipment listed as the shipper.
• The name, address, identity information, payment card information, and account number of a person who opens a CIRRO shipping account, namely our our contractual customer.
If the shipper or our contractual customer provides Personal Data of others, then we receive that Personal Data indirectly. Examples of situations where CIRRO collects Personal Data indirectly are:
• The name, address, and phone number of the recipient of the shipment.
• The name, address, phone number, email address, identify information of the shipper or account holder’s director, employees, workers, or representatives.
• The actual shipper’s name and address when the shipper places an order with an online market platform such as Amazon, eBay, Wish and CIRRO delivers the parcel to the address you provide.
When CIRRO receives Personal Data indirectly, we rely on the provider of the Personal Data for the accuracy of the information and that the provider has the authority to provide that information to CIRRO.
5.FOR WHICH PURPOSES AND ON WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
Personal Data shall be collected, used, stored or otherwise processed when necessary, within the framework of responsible, efficient and effective business management of CIRRO. CIRRO processes Personal Data based on applicable legal grounds. The legal ground is often intrinsically linked to the business purpose. This means, for example, that the performance of an agreement can be both a legal ground and a business purpose for CIRRO. Therefore, we will first clarify the legal ground on which CIRRO processes your Personal Data and, subsequently, the business purpose that we use your Personal Data for:
Legal Grounds
In general, CIRRO processes your personal data on one of the following legal grounds:
• The processing is necessary to fulfill an agreement between you and CIRRO,
• The processing is necessary for us to comply with our legal obligations,
• The processing is necessary to protect your vital interests or those of another person,
• The processing is necessary for CIRRO’s legitimate interests, unless those interests are overridden by your interests or fundamental rights and freedoms, or
• where appropriate and necessary, we will ask for your consent.
Business Purposes
CIRRO collects, uses or processes personal data only where the processing falls within the scope of one (or more) of the legitimate business purposes listed below:
• Performing agreements. This includes shipping services, tracking CIRRO services, communication with our contractual customer, shipper and other parties regarding services, responding to requests for further information, dispute resolution and preparing agreements (e.g., link the shipment tracking number to your account to enable you to follow your shipment).
• Product development, research and improvement of CIRRO products and/or services. CIRRO processes Personal Data as necessary for the development and improvement of CIRRO products and/or services, research and development (e.g., analyze information related to the shipment and services to improve our services).
• Relationship management and marketing for commercial activities. In general, CIRRO processes Personal Data as necessary for the development and improvement of CIRRO products and/or services, account management, customer services and the performance of targeted marketing activities in order to establish a relationship with a customer and/or maintaining as well as extending a relationship with a customer or business partner and for performing analyses with respect to Personal Data for statistical purposes (e.g., send advertising, communications and content more specific to your interests to you).
• Business process execution, internal management and management reporting. This includes addressing activities such as managing company assets, conducting internal audits and investigations, finance and accounting, implementing business controls, provision of central processing facilities for efficiency purposes, managing mergers, acquisitions and divestitures and Processing Personal Data for management reporting and analysis.
• Security and Protection . The processing of data for processes such as those related to safety, protecting CIRRO and its customers, or business partners, and authenticating the status and access rights (e.g., providing secure services for online and offline transactions) of customers or business partners.
• Protecting the vital interests of individuals. This includes processing data when necessary to protect your vital interests or those of other individuals (e.g., for urgent safety reasons).
• Compliance with legal obligations. This addresses the processing of Personal Data as necessary for compliance with laws and regulations to which CIRRO is subject (e.g., checking the names of customers and business partners against blacklists to avoid conflicts of interest, compliance with trade regulations, anti-money laundering and anti-corruption regulations and other policies, procedures and regulations).
6.HOW DO WE USE COOKIES?
CIRRO may use cookies and similar technologies on its Websites. Through these cookies, CIRRO automatically obtains Personal Data as listed above when you visit our Websites. To learn more about cookies and similar technologies, please consult our Cookie Notice.
7.HOW DO WE SHARE YOUR PERSONAL DATA?
CIRRO shares your Personal Data with third parties in the following circumstances:
• Share your personal data within CIRRO’s affiliates, operating groups, subsidiaries and divisions if such is necessary for the purposes as listed above.
• Our employees are authorised to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs.
• Share your personal data with data processors such as vendors or service providers processing Personal Data on our behalf. In such cases, these third parties only use your Personal Data for the purposes described above and only in accordance with our instructions. When these third parties are given access to your personal data, we will take the required contractual, technical and organizational measures to ensure that your personal data is only processed to the extent that such processing is secured. The following third parties have access to your personal data, where relevant, for the provisioning of their products or services to us:
▸ Customs agency to perform customs formalities and declaration of your shipment.
▸ Last-mile delivery service provider to deliver the shipment to the destination you are expecting.
▸ IT services provider who develops, maintains our Websites and certain software.
▸ Cloud services provider: We may store data on servers operated by a cloud service provider to us. Regardless of where you use our online services or provide data to us, the data may be transferred to and maintained on servers located outside the country in which the data was collected.
▸ Law enforcement, regulators and other parties for legal reasons: We may also disclose your personal data to third parties as required by law, or if we reasonably believe that such action is necessary (a) to comply with a subpoena or other legal proceedings, legal actions or government agency requests; (b) when we believe in good faith that a disclosure is necessary to comply with the law and the reasonable requests of law enforcement; (c) to protect and exercise our legal claims, rights and property; (d) to protect your rights, property or personal safety or that of others; and (e) to investigate fraud.
8.HOW ARE YOUR PERSONAL DATA SECURED?
We have taken adequate safeguards to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing, including protecting your Personal Data against unauthorized access, maintaining the confidentiality, integrity and availability of your Personal data, and training personnel on information security requirements.
However, no security measure can guarantee against compromise. You also have an important role in protecting your Personal Data. You should not share your username and password with anyone, and you should not re-use passwords across more than one website. If you have reason to believe that your Personal Data has been compromised, please contact us.
9.HOW LONG ARE YOUR PERSONAL DATA RETAINED?
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, we consider applicable legal requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes we process your personal data for, and whether we can achieve those purposes through other means.
Under some circumstances we may anonymize your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
10.WHERE DO WE STORE OR TRANSFER YOUR PERSONAL DATA?
Generally, the Personal Data with respect to you legally collected by CIRRO within the territory of the People’s Republic of China will be stored in the territory of the People’s Republic of China.
Due to the nature of our business and the services we provide to you, CIRRO may need to transfer your Personal Data to its affiliates or subsidiaries located outside the People’s Republic of China in order to perform the agreements with you or achieve the purposes provided in this Statement. In any case where we transfer Personal Data, we shall ensure that such transfers are subject to appropriate safeguards not lower than the level of protection required by applicable laws in China. Before cross-border transmission or remote access, we will complete the corresponding procedures in accordance with the requirements of relevant personal data protection laws and regulations.
11.WHAT RIGHTS CAN YOU EXERCISE IN RELATION TO YOUR PERSONAL DATA?
Based on the law applicable to the use of your Personal Data, you may have rights that you can exercise in relation to your Personal Data. Note that in some cases we are not required to completely comply with your request, as such rights may be conditional or because we have to balance your rights against our rights and obligations to process your Personal Data and to protect the rights and freedoms of others. A number of the rights you have in relation to your Personal Data, as applicable in the European Economic Area, the State of California, or other US or international geographic jurisdictions, are explained below:
Right of access
You may be entitled to a copy of the Personal Data we hold about you and to learn details about how we use it. Your Personal Data will usually be provided to you digitally. We may require you to prove your identity before providing the requested information.
Right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you believe this is not the case, you may have the right to request that any incomplete or inaccurate Personal Data that we process about you is amended.
Right to erasure
You may have the right to ask us to erase your Personal Data, for example where the Personal Data we collected is no longer necessary for the original purpose, where Personal Data has become obsolete or where you withdraw your consent (if we are processing your Personal Data based on consent). However, this will need to be balanced against other factors. For example, we may not be able comply with your request due to certain legal or regulatory obligations.
Right to restriction of processing
You may be entitled to ask us to (temporarily) stop using your Personal Data, for example where you think that the Personal Data we hold about you may be inaccurate or where you think that we no longer need to use your Personal Data.
Right to data portability
You may have the right to ask that we transfer Personal Data that you have provided to us to a third party of your choice. This right can only be exercised when you have provided the Personal Data to us, and when we are processing that data by automated means on the basis of your consent or in order to perform our obligations under a contract with you.
Right to object
You may have the right to object to processing which is based on our legitimate interests. In case of the processing of Personal Data for marketing purposes, you have the right to object at any time. When you ask us to stop using your Personal Data for marketing purposes, CIRRO will immediately cease to use your Personal Data. For other purposes based on our legitimate interests, we will no longer process the Personal Data on that basis when you file an objection based on your grounds relating to your situation, unless we have a compelling legitimate ground for the processing. Note, however, that we may not be able to provide certain services or benefits if we are unable to process the necessary Personal Data for that purpose.
Rights relating to automated decision-making
You may have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. If you believe you have been subject to an automated decision and do not agree with the outcome, you can contact us using the details below and ask us to review the decision.
Right to withdraw consent
We may ask for your consent to process your Personal Data in specific cases. When we do this, you have the right to withdraw your consent at any time. CIRRO will stop the further processing as soon as possible after the withdrawal of your consent. However, this does not affect the lawfulness of the processing before consent was withdrawn.
12.CALIFORNIA CONSUMERS
If you are a California resident, you can make certain requests regarding your Personal Data. We will fulfil each of these requests per the requirements of California law.
• You can request access to a copy of the Personal Data we have about you, including a list of categories of your Personal Data that we have sold and a list of categories of your Personal Data that we have shared with another company for a business purpose.
• You can request that we delete your Personal Data.
• You can request that we stop selling your Personal Data.
More information on each of these requests is below.
Request access to Personal Data
If you make this request, which we also refer to as a Request to Access Information, we will return to you (to the extent required by law):
▸ The categories of Personal Data we have collected about you.
▸ The categories of sources from which we collect your Personal Data.
▸ The business or commercial purpose for collecting or selling your Personal Data.
▸ The categories of third parties with whom we share Personal Data.
▸ The specific pieces of Personal Data we have collected about you.
▸ A list of categories of Personal Data that we have sold, along with the category of any other company we sold it to. Any of the categories of Personal Data that we collect could be included in a sale to other companies, including those within our corporate family. If we have not sold your Personal Data, we will inform you of that fact.
▸ A list of categories of Personal Data that we have disclosed for a business purpose, along with the category of any other company we shared it with.
You can ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to Personal Data we collected about you in the previous 12 months.
Delete the Personal Data
You have the right to ask that we delete your Personal Data. Once we receive a request, we will delete the Personal Data (to the extent required by law) we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. Choosing to delete your Personal Data may impact your ability to use our websites and online features, including closure of your online account.
Stop Selling the Personal Data
In the twelve months prior to the effective date of this Statement, we has not sold any personal information of consumers, as those terms are defined under the California Consumer Privacy Act.
No Discrimination
We will not discriminate against you for exercising your rights. This generally means we will not deny you using our services, provide a different level or quality of our services. Please know, if you ask us to delete your information, it may impact your experience with us, and you may not be able to participate in certain services which require usage of your Personal Data to function.
Shine the light law
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal data (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided at the top of this Privacy Statement.
13.WHAT IF YOU HAVE OTHER QUESTIONS OR COMPLIANS?
Questions or complaints regarding the processing of your Personal Data can be directed to CIRRO by using the contact information as provided at the top of this Privacy Statement.
You also have the right to lodge a complaint with the competent data protection authority in the jurisdiction where you work, where you live or where an alleged infringement takes place.
14.HOW WILL THIS PRIVACY STATMENT BE UPDATED?
CIRRO may update this Privacy Statement from time to time. If an amendment has a serious impact, CIRRO will endeavor to actively inform you about such amendments. CIRRO will always publish an up -to-date Privacy Statement on the Websites indicating the latest amendments.