At Yembo, we take data privacy seriously. This Policy describes our privacy practices for the activities set out in this Policy. Please read this Policy carefully, as it outlines how we collect, use, share, and otherwise process information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household ("Personal Data"). Additionally, this Policy outlines your choices and rights with respect to our processing of your Personal Data.
If you are a resident of the United Kingdom or European Union, please see our Additional Provisions for United Kingdom and European Union Residents. If you are a resident of Canada, please see our Additional Provisions for Canadian Residents.
Information We Collect Directly from You. We collect information about you directly from you and from third parties, and automatically through your use of our Services.
The information we collect from you depends on how you use our Services. Information we collect may include:
Information We Collect from Shippers and Insureds. As part of the Services, we may also collect additional information from Shippers and Insureds, which may include:
Information We Collect from Business Customers. We provide services to various business customers, including Movers, Underwriters, and Claims Adjusters. If you are a business customer, we may collect additional information from you, which will depend on how you use the Services. Information we may collect may include:
Information We Collect from Users or Employees of Business Customers. If you are a user or employee of one of our business customers, we may collect your contact information, including your name, company name, job title, e-mail address, and phone numbers.
Information We Collect from Other Entities. When you access the Services, we may collect information about you from third-party sources, such as: business customers, service providers, business partners, public and third-party databases, platform providers, non-affiliated partners, other users of our Services, public sources, third-party advertising partners, or from other third parties. Information we collect may be combined with other information we have collected about you in order to complete requests you have made or facilitate transactions you have initiated via the Services, or for other purposes. Information we may collect about you from third-party sources may include your name, e-mail address, mailing address, phone number, and other contact information.
When you use our Site, we may collect your browser type and operating system, web pages you view on the Site, links you click on the Site, and your IP address. We may also collect information about the length of time you spent visiting our Site and/or using our Services, and the referring URL, or the web pages that led you to our Site.
Our Uses of Your Personal Data. We use your information, including your Personal Data, for the following purposes:
You may instruct us to refrain from using your Personal Data in any way that is not required for us to provide the Services to you. We will not refuse you access to any product or service merely because you have advised us to stop using your Personal Data in any way that is not required for the Services. To provide us with instructions, you may contact us via the Contact Us section below.
We may share your information, including Personal Data, as follows:
Our Business Customers. We may disclose your information to our business customers for purposes of providing the Services.
Vendors, Service Providers, and Other Processors. We may disclose the information we collect from you to vendors, service providers, or other processors, such as customer management providers and IT services providers, to help us provide our Services to you, to assist us in analyzing how our Services are used, and to provide other services.
Subsidiaries and Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries as needed to provide the Services to you.
Other Third Parties. We may also disclose the information we collect from you to other third parties we use to support our business.
In addition, we may also share your Personal Data under the following circumstances:
Business Transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your Personal Data with lenders, auditors, and third-party advisors, including attorneys and consultants.
In Response to Legal Process. We disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
To Protect Us and Others. We disclose your information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our agreements with you or this Policy, or as evidence in litigation in which we are involved.
Aggregate and De-Identified Information. We share aggregate or de-identified information about users with third parties for marketing, advertising, research, or other purposes.
For residents of Australia, we may disclose your Personal Data to recipients which are located outside of Australia. Those recipients are likely to be located in the United States, Germany, Singapore, and Ireland.
When we operate as a service provider under the California Consumer Privacy Act (“CCPA”), we process or maintain Personal Data on behalf of our business customers that provide Personal Data to us in compliance with written contracts that we enter into with our business customers directly. In accordance with the CCPA, we will only use and disclose Personal Data we receive from our business customers as necessary to provide the Services to our business customers, to retain or employ another service provider where that service provider meets the requirements of a service provider under the CCPA, for our internal use to build and improve the quality of our Services as permitted under the CCPA, to detect security incidents or protect against fraudulent or illegal activity, and for the purposes enumerated under CCPA Civil Code section 1798.145(a)(1) through (a)(4) or as otherwise required by the CCPA.
In general, when we operate as a service provider, we will handle requests on behalf of our business customers as they require under our agreement, which allows us to comply with the CCPA by acting on their behalf according to their instructions or by responding to a consumer that the request cannot be acted upon because the request has been sent to a service provider.
Cookies. Cookies are alphanumeric identifiers that we transfer to your device through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log in process or to allow us to track your activities for quality assurance or troubleshooting purposes while using our Services. There are two types of cookies: session and persistent cookies.
Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function.
Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your device, clear GIFs are embedded invisibly on web and app pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities of Site visitors, help us manage content, and compile statistics about Site usage. We and our third-party service providers also use clear GIFs in HTML e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Cross-Device Use. We and our third party service providers, including Google, may use the information that we collect about you (whether directly from our Site, through your device(s), or from a third party) to help us and our third party service providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). We and our third-party service providers also may use the cross-device use and other information we learn about you to serve targeted advertising on your devices and to send you e-mails. To opt-out of cross-device advertising, you may follow the instructions set forth in the Third-Party Ad Networks section below. Please note: if you opt-out of these targeted advertising cookies, your opt-out may be specific to the web browser, app, or device from which you accessed the opt-out. If you use multiple devices or web browsers, you may need to opt-out from each browser or device that you use.
Do-Not-Track Signals. Please note that our Site does not recognize or respond to any signal which your browser might transmit through the so-called "Do Not Track" feature your browser might have. If you wish to disable cookies on our Site, you should not rely on any "Do Not Track" feature your browser might have. For more information about do-not-track signals, please click here.
Session Replay Technology. Session replay technologies, such as LogRocket, may be used to collect information regarding visitor behavior on the Services. For more information about LogRocket, please see the LogRocket Policy available at https://logrocket.com/privacy/. You can opt out of LogRocket's collection and processing of data generated by your use of the Services by contacting LogRocket.
Users may opt out of many ad networks. For example, you may go to the Digital Advertising Alliance ("DAA") Consumer Choice Page (and https://youradchoices.ca/en/tools for Canada residents, and https://www.youronlinechoices.com for UK and EU residents) for information about opting out of interest-based advertising. Please be advised that opting out of ad networks will opt you out from certain companies' delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Additional information is available on the DAA's website at www.aboutads.info.
We use cloud services provided by third-party service providers who may be outside of your country of origin to store the Personal Data that we collect. This means that your information may be transferred to, or stored in, another country and accessible to foreign courts, law enforcement and national security authorities.
You may contact us (as provided in the Contact Us section below) to obtain information about our policies and practices regarding our transfer of Personal Data across borders, or to ask questions about the collection, use, disclosure or storage of Personal Data by us or our foreign service providers.
Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust, unique password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
You may access, modify, or request correction of Personal Data that you have submitted by contacting us using the information in the Contact Us section below. We will respond to your requests to access or correct Personal Data we hold about you in a reasonable time and will take all reasonable steps to ensure that the Personal Data we hold about you remains accurate, up to date, and complete.
We may send periodic promotional e-mails to you. You may opt-out of promotional e-mails by following the opt-out instructions contained in the e-mail. If you opt-out of receiving promotional e-mails, we may still send you e-mails about your account or any services you have requested or received from us.
We do not knowingly collect, use, or disclose information from children under 18, except as required by law or regulation. If we learn that we have collected the Personal Data of a child under 18, we will take steps to delete the information as soon as possible. Please immediately contact us if you become aware that a child has provided us with Personal Data.
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site.
If you have questions about the privacy aspects of our Site or Services or would like to make a complaint, please contact us at: firstname.lastname@example.org
If you are not satisfied with our response to your question or concern, you may be able to file a complaint under applicable privacy laws. We will provide you with the contact information to do so if requested. We strive to offer an accessible and simple complaint procedure. We will promptly investigate all complaints received, and if a complaint is justified, we will take the necessary steps to resolve the issue in question.
The following section applies to individuals in Canada.
a. Legal Basis for Processing Personal Data
We will process your Personal Data only with your knowledge and consent, except where exempted, required or permitted by applicable laws. The form of consent may vary depending on the circumstances and the type of information being requested.
Your consent may be express with clear options to say "yes" or "no", such as by being asked to check a box to indicate your consent, or implied, such as when you provide us with your address through a form or e-mail seeking information and we use those means to respond to your request. Your consent can also be provided by your authorized representative. Taking into account the sensitivity of your Personal Data, purposes of collection, and your reasonable expectations, we will obtain the form of consent that is appropriate to the Personal Data being processed. By using our Services, or otherwise by choosing to provide us with your Personal Data, you acknowledge and consent to the processing of your Personal Data in accordance with this Policy and as may be further identified when the Personal Data is collected. When we process your Personal Data for a new purpose, we will document that new purpose and ask for your consent again.
By using our Service, or otherwise by choosing to provide us with your Personal Data, you acknowledge and consent to the processing of your Personal Data in accordance with this Policy and as may be further identified when the Personal Data is collected.
You may refuse to provide consent or may notify us at any time that you wish to withdraw or change your consent to the processing of your Personal Data without penalty, subject to legal or contractual restrictions and reasonable notice by (i) changing your privacy preferences through the Services, (ii) deleting your account with the Services and stopping use of the Services, (iii) opting out of the use of your Personal Data by contacting us using the information in the Contact Us section of our Policy. However, if you withdraw or change your consent, we may not be able to provide you with the Service.
ii. Other Legal Bases
Aside from consent, we may also process your Personal Data under other legal bases, as permitted by applicable law.
b. Limits on Collection of Personal Data
We will not collect personal data indiscriminately but will limit collection of personal information to that which is reasonable and necessary. We will also collect personal data as authorized by law.
c. Limits for Using, Disclosing and Retaining Personal Data
Your Personal Data will only be used or disclosed for the purposes set out above and as authorized by law.
We will keep Personal Data used to make a decision affecting you for at least one year after using it to make the decision, except to the extent that you delete or remove that information yourself.
We will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and retention is no longer necessary for a legal or business purpose.
We will take due care when destroying Personal Data so as to prevent unauthorized access to the information.
Upon written request to our Privacy Officer and authentication of identity, we will provide you your Personal Data under our control. We will also give you information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We may charge you a reasonable fee for doing so.
We will make the information available within a reasonable time and within the timelines established by applicable law.
In some situations, we may not be able to provide access to certain Personal Data (e.g., if disclosure would reveal Personal Data about another individual, the Personal Data is protected by solicitor/client privilege, the information was collected for the purposes of an investigation or where disclosure of the information would reveal confidential commercial information that could harm the competitive position of us). We may also be prevented by law from providing access to certain Personal Data.
Where an access request is refused, we will notify you in writing, document the reasons for refusal and outline further steps which are available to you.
We will make a reasonable effort to ensure that Personal Data we are using or disclosing is accurate and complete. If you demonstrate the inaccuracy or incompleteness of Personal Data, we will amend the information as required. If appropriate, we will send the amended information to third parties to whom the information has been disclosed. When a challenge regarding the accuracy of Personal Data is not resolved to your satisfaction, we will annotate the Personal Data under our control with a note that the correction was requested but not made.
f. CASL Policy
We are committed to compliance with Canada's Anti-Spam Legislation ("CASL"). Any electronic communication we send to outside parties is protected by a range of business procedures, processes and policies to ensure that such communication is done in compliance with CASL. In our electronic communications with outside parties, we comply with the rules established by CASL and enforced by various Canadian authorities including the Canadian Radio-television and Telecommunications Commission. CASL regulates, and our policies generally apply to, each commercial electronic message (a "CEM") that we send. A CEM is an electronic message sent to an electronic address that, among its purposes, encourages participation in a commercial activity.
In addition to adopting and updating this Policy, we undertake various transparency initiatives to ensure we comply with CASL, which include:
If you receive a CEM from us but believe that you should not have or no longer wish to receive CEMs, we will aim to respect your preferences in a timely manner once you update them through our unsubscribe mechanism. CASL requires us to process unsubscribe requests within 10 business days. If you have any questions or concerns about our unsubscribe options, you may contact us at the address indicated in the Contact Us section of our Policy.
This section of the Policy aims to give additional information to United Kingdom ("UK") and European Union ("EU") residents regarding how we process your Personal Data in order to comply with European laws. The detail set out below, and the specific rights listed, apply only to those in the UK and EU.
It is important that you read this section of the Policy together with the main body of the Policy you so that you are fully aware of how and why we are using your Personal Data. This section of the Policy supplements the other information given and is not intended to override any other part of the Policy.
Data Protection Officer
We have appointed a data protection officer ("DPO") who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO at email@example.com.
You have the right to make a complaint at any time to the relevant data protection regulator in your jurisdiction. Please see below for further details. We would, however, appreciate the chance to deal with your concerns before you approach the relevant regulator, so please contact us in the first instance.
Purposes for Processing and Lawful Bases
As set out in our Policy, we process your Personal Data for a number of different reasons.
We have set out below, in a table format, a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your Personal Data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one basis has been set out in the table below.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Data Subject Rights
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your Personal Data.
Right to Access Personal Data
You have a right to request that we provide you with a copy of your Personal Data that we hold and you have the right to be informed of: (a) the source of your Personal Data; (b) the purposes, legal basis and methods of processing; (c) the data controller's identity; and (d) the entities or categories of entities to whom your Personal Data may be transferred.
Right to Rectify or Erase Personal Data
You have a right to request that we rectify inaccurate Personal Data. We may seek to verify the accuracy of the Personal Data before rectifying it.
You can also request that we erase your Personal Data in limited circumstances where:
We are not required to comply with your request to erase Personal Data if the processing of your Personal Data is necessary:
Right to Restrict the Processing of your Personal Data
You can ask us to restrict your Personal Data, but only where:
We can continue to use your Personal Data following a request for restriction, where:
Right to Transfer Your Personal Data
You can ask us to provide your Personal Data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
Right to Object to the Processing of your Personal Data
You can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to Object to How we use your Personal Data for Direct Marketing Purposes
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your Personal Data to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to Obtain a Copy of Personal Data Safeguards used for Transfers Outside Your Jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your Personal Data is transferred outside of the UK or the European Union.
We may redact data transfer agreements to protect commercial terms.
Right to Lodge a Complaint with your Local Supervisory Authority
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your Personal Data.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
Your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us using the details listed under the Contact Us section of our Policy, or by contacting our DPO at: firstname.lastname@example.org. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request.
We try to respond to all legitimate requests within a reasonable time and within the timelines established by applicable law. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.