Data Protection at FourKites

As a data-driven company, FourKites understand the paramount importance of protecting personal data entrusted to us. Every byte of data provided to us, is a testament of trust from our customers, partners, and employees, and we are committed to protecting it with industry standards of security and privacy wherever we operate in the world. Our products and services are structured to provide effective data protection for FourKites, its customers, partners, and any other individual interacting with us.

How FourKites uses Personal Data

FourKites provides detailed information about the data we collect and how we use it in our customer agreements (DPA), in-product communications, product documentation, and in our Privacy Notice.

FourKites Privacy Program

Every person at our organization is responsible for making sure personal data is secure. Data protection is part of our Code of Conduct, and every day we continue to build a culture of privacy awareness through training.

Dedicated Privacy Team

FourKites has a dedicated privacy team responsible for overseeing the processing of personal data at FourKites. In case of any questions or concerns, feel free to contact us at [email protected].

Privacy by Default & by Design

FourKites’ Product team and Privacy Team work closely together when conducting privacy impact assessments to properly address any privacy risks and embedding privacy principles in our product lifecycle such as data minimization, accuracy, storage limitation and purpose limitation.

Data Privacy Framework

FourKites is dedicated to protecting data when it transfers data to its headquarters in the United States if necessary for providing the services to our customers and operating our business. We are certified under the EU-US, and Swiss-US Data Privacy Framework.

Security at FourKites

As a leading provider of technology solutions to businesses in the supply chain industry, FourKites has made data security a top priority. FourKites meets the standards for ISO 27017 for cloud service security and ISO 27018 for data privacy as part of its ISO 27001 certification. Learn More.

Our Commitment

FourKites is committed to providing our customers and anyone interacting with us, with straight-forward, transparent answers about how we process and secure personal data. As part of that commitment, we created this page to provide you with helpful information about privacy and security we offer and to serve as a resource for you.

Privacy compliance is important to us, and to our customers. As such, we have put in place a comprehensive privacy compliance program, including:

Implementing privacy policies and procedures that our employees adhere to ensuring the lawful processing of personal data and providing training to our teams on this important matter.
Conducting privacy risk assessments to properly address any privacy risks in our products and our processes and embedding privacy principles in our product lifecycle such as data minimization, accuracy, and purpose limitation.
Having detailed data protection and security terms with our customers in our Master Subscription Agreement and Data Processing Addendum in accordance with privacy laws around the world. Our terms have been reviewed and certified ‘Balanced’ by TermScout, an independent contract rating company.
Conducting due diligence on the sub-processors we use before engaging with them, and incorporating data protection and security terms in our sub-processor contracts to ensure onward disclosure of personal data is safe.
Updating our notices to provide you with up-to-date information on data processing, as well as providing updates regarding the sub-processors we use in our platform.
Having appropriate technical and organizational security measures in place to protect the personal information that you trust us with, including those measures described above.
Ensuring that our products have the capability to support individual rights requests.
Maintaining accurate data processing records of the personal information processing that we undertake as both a controller and a processor.

Deleting personal data when they are no longer necessary for the purposes for which we had initially collected them.

Icons_Demo Day Agenda - carbon footprint

Keeping on top of global level developments

Our Legal team partners with our developers and engineers to make sure our products and features comply with applicable international spam and privacy laws.
We have representatives throughout the world to support us with privacy compliance.

Data Protection Frequently Asked Questions

Does FourKites process personal data?
In order to provide the FourKites services, we process personal data that our customers provide to us. We have developed our Privacy Fact Sheet which is designed and intended to provide an overview of the processing when using our services, and the core privacy and security measures we have put in place when offering our FourKites Platform. We can provide you with the Privacy Fact Sheet upon request and subject to an NDA being in place.As every other organization, we also process personal data when individuals want to work for us or together with us, such as recruitment information and employment information. Additionally, we process personal data of our partners and suppliers when interacting with FourKites for general business administration.FourKites believes in open and transparent disclosure about how we collect, use, share and transfer personal data. For detailed information about our data processing practices, we encourage you to read out Privacy Notice or reach out to us at [email protected] for any questions you may have.
What is the European General Data Protection Regulation?
The General Data Protection Regulation (“GDPR”) is a European data protection law that took effect on May 25, 2018. It applies to companies within the European Economic Area (“EEA”), as well as companies outside the EEA that have employees in Europe or that offer goods or services to individuals in Europe. The GDPR is designed to ensure data protection for individuals.
What role does FourKites play in the processing of data under the GDPR?
FourKites primarily acts as a ‘data processor’ in connection with our services, acting on instructions from our customers, which we enshrine in contract (DPA). The FourKites Platform encompasses 55+ terabytes of data including locations, to daily track shipments on behalf of our customers.FourKites acts as a data controller for the limited purposes outlined in our Privacy Notice.
What is the California Consumer Privacy Act?
The California Consumer Privacy Act (CCPA) is a California state law that expands the privacy rights of California residents and creates new compliance requirements for businesses that collect and process personal data of California residents. The California Privacy Rights Act (CPRA), which updates and amends the CCPA, took effect on January 1, 2023.
What role does FourKites play in the processing of data under the CCPA?
Customers that use FourKites services to process personal data are ‘businesses’ under the CCPA. They are responsible for ensuring the lawful collection and processing of personal data they provide to FourKites. FourKites acts as a ‘service provider’ for the personal data provided by customers as part of the agreement, and under the CCPA, is responsible for upholding its contractual commitment to only use the personal data it receives from customers for the purpose of performing the FourKites services.FourKites acts as a business for the limited purposes outlined in our Privacy Notice.
Does FourKites sell personal data under the CCPA?
FourKites does not sell the personal data.
Does FourKites process sensitive personal data for customers?
No, FourKites does not process sensitive personal data when providing services to our customers. Our Platform is not intended to process, including storing, sensitive personal data.
How does FourKites protect personal data?
FourKites has implemented and maintains a full suite of information security policies and other appropriate safeguards and procedures in place which are monitored and updated regularly. FourKites meets the standards set by the International Standards Organization (ISO) for ISO 27017 for cloud service security and ISO 27018 for data privacy as part of its ISO 27001 certification. More information about how we secure personal data can be found here.
Does FourKites disclose personal data to third parties?
When operating our business, we disclose personal data to our vendors where needed for the services they provide to us. When we share personal data with processors, we contractually require them to protect it to the same level as you would expect of FourKites. Specifically, we impose data protection and security terms via a Data Processing Addendum.When providing the FourKites Platform to our customers, FourKites engages with sub-processors. FourKites maintains a list of its sub-processors that process personal data and updates this list as necessary.
Do privacy laws prohibit the transfer of personal data?
No, on the contrary. Privacy laws aim to make transfer more secured by imposing requirements and standards to which these transfers are held.FourKites is proudly certified under the EU-US and Swiss-US Data Privacy Framework (“DPF”) to protect personal data in accordance with the Privacy Framework Principles. In July of 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF) which officially replaces the EU-US Privacy Shield Framework. This adequacy decision confirms that the U.S. ensures an adequate level of protection for personal data transferred from the EU, Iceland, Liechtenstein, and Norway to U.S. companies participating in the framework program. To learn more about FourKites’ certification, review our certifications here.Wherever FourKites cannot rely on the DPF for a valid transfer mechanism, we rely on standard contractual clauses, as approved by the relevant data protection authorities, or consent, to transfer personal data in a secured manner to the US from wherever we operate.
How can individuals exercise their privacy rights?
When your request relates to personal data provided by our customers, we are contractually and legally required to refer you to the specific customer to support you with your request.When FourKites processes your personal data for its own purposes as described in our Privacy Notice, we have a process in place to deal with any privacy requests. You can easily reach us at [email protected] to exercise your privacy rights.