Privacy statement Shypple

Shypple B.V. (Shypple) is a digital forwarder and offers allservices required to ship your goods from A to Z. Whenproviding its services, Shypple processes personal data. Thisprivacy statement describes why and in what way Shyppleprocesses personal data.
Although Shypple focuses on providing its services to corporate clients, it is possible personal datais processed. This privacy statement provides information on the processing of personal data of -but is not limited to - the following categories:

●  Clients
●  Website visitors
●  Persons having contact with Shypple
●  Applicants
Collection of data
Shypple can process the following data:

Clients:
● Name(s)
● Phone number(s)
● Email address(es)
● Function/title (description)
● IBAN/BIC/account number
● IP address
● Authentication/login logs
● Search behavior (via cookies)
● Relevant trade lanes

Registered users:
● Name(s)
● Email address(es)
● IP address(es)
● Authentication/login logs
Website visitors:
The IP address of website visitors is stored for Google Analytics. The IP addresses are anonymized and cannot be traced to a specific person. Our website (and affiliated websites) uses cookies which allows us to recognize your browser or device and provide you with essential features and services.

For more information about the cookies we use and how they work, see our Cookie Policy.
www.shypple.com/cookie-policy

Purpose of processing
Shypple processes your personal data for the following purposes:
● The execution of an agreement between you and Shypple;
● Processing and handling a payment;
● Inform you on progress, change and/or confirmation of your order;
● Creating an account for you;
● Preventing fraud;
● Get in touch and keep in contact with (potential) clients and users;
● Improving our website, software and services by analyzing how you use our website and software.

The processing of personal data by Shypple is based on the following legal grounds:
● The execution of an agreement between you and Shypple (e.g. handling a payment).Without the personal data necessary for the execution of such an agreement, Shypple is not able to provide its services to you;
● The processing is necessary for the purpose of a legitimate interest of Shypple (e.g.improving our website, contact with our clients/users);
● Compliance with a legal obligation (e.g. to comply with tax legislation).
Retention period
Shypple will keep your personal data for as long as it is required for the purposes stated above, namely:
● Personal data in our accounting records for Tax Authorities, we store for 7 years;
● All the personal data we use within the context of your Shypple account we store for as long as you have a Shypple account;
● Any other data we remove as soon as they are no longer needed for the purpose we collect them for.

On your request, Shypple can provide you with additional information regarding the exact retention period of the personal data we collected from you.
Third parties
Your personal data may be shared with third parties for the purposes described in this statement. Your personal data will not be sold or traded for commercial gains. Your personal data may be shared with the following parties or authorities, with the understanding that this is not an exhaustive list:

● IT service providers, including but not limited to, Calendly, Crowdcast, Cloudflare, Basecone, Google, Payt, Postmark, Recruitee etc. (you can click the links for their respective privacy statements and information about their data processing). processing). Such IT service Providers parties qualifyas data processor within the meaning of the GDPR, meaning they will only process the personaldata on our behalf and not for their own purposes;
● Controllers of personal data which provide services to enable Shypple to fulfill its role an employer, such as transport companies, postal companies, financial institutions or government agencies;
● Legal service providers of Shypple, affiliated entities or a counter party of Shypple;
● Authorities and supervisors to meet our legal obligation(s).

In the context of attracting investments, a merger, takeover, divestment or other corporate strategic reasons, personal data can be (occasionally) shared with third parties.

Some of the third parties above are established outside the European Union. We make sure any transfer to a company or country outside the EU is in accordance with the relevant privacy legislation (i.e. chapter 5 of the GDPR).
Security
Shypple ensures your personal data is adequately secured and that there is no unlawful access to- or disclosure, alteration or destruction of - your personal data.
Rights of the data subject
As a data subject you have the following rights regarding your personal data:

● Right to access: You can make a request to get informed on the personal data we collected about you.
● Right to alter: You can request us to rectify or improve your personal data.
● Withdrawal of consent: You can withdraw your consent.
● Right to erasure (also known as the right to be forgotten): You can request the erasure of your personal data we collected.
● Right to restriction: You can request us to restrict the processing of your personal data.
● Right to data portability: You can request us to send (a copy of) your personal data to another data processor.
● File a complaint: You have the right to file a complaint if you are dissatisfied the way your personal data was processed. You can send your complaint to Shypple (i.e. object to processing your personal data). You also have the right to file a complaint with the Supervising Authority (i.e. the Dutch Data Protection Authority).

These rights are limited by the exceptions made by law.
In the event of a withdrawal or change of permission or a request for erasure, your request will be implemented as soon as possible in our ICT systems. Your personal data will also be modified or removed from our back-ups over time. Shypple ensures that in the case of a backup, your data will not return to its original form in the ICT system in use.
Contact details Shypple
Shypple B.V.
+31 10 600 2500
privacy@shypple.com

Shypple has not appointed a data protection officer, nor is Shypple obliged to appoint one by the AVG (GDPR). For privacy-related requests, please contact the above email address or telephone number.