6. Sensitive Information
We do not collect any sensitive personal information through our Services. Sensitive personal information, as defined by applicable data protection laws, include details about your race or ethnicity, religious, moral, or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health (including mental), and genetic and biometric data; financial information such as account numbers. We also do not collect any information about criminal convictions or offences.
7. Legal Basis for Processing Your Personal Information
If you are from a country or region (e.g., EEA, Chile, Indonesia, Turkey, Thailand, South Africa, United Kingdom) where a legal basis is necessary for the processing of personal data, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
Legitimate Interest. We will normally collect and use personal information from you where the processing is in our legitimate interests (or those of any third party) and not overridden by applicable law, your interests or fundamental rights and freedoms. This interest will normally be to improve, maintain, provide and enhance our technology and services, communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
Performance of a Contract. If you are someone who has downloaded CarrierLink (such as a driver), we need your personal information to perform a contract with you (that is providing the CarrierLink App and connected services). Similarly, this will be the case if you have decided to join the Community, you will form a contract with us, and we will need your personal information in order to provide the Community.
Legal Obligation. In some other limited cases, we may also have a legal obligation to collect personal information from you. If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not, as well as of the possible consequences if you do not provide your personal information.
Consent. If you are from a country or region that requires us to ask for consent for any processing or transferring data (e.g., Canada, Colombia, Panama, Turkey, Taiwan) we collect, use, disclose and otherwise process the personal information described above only with your consent. If you do not wish to provide us with any personal information which is indicated as compulsory, we may not be able to communicate with you or provide certain services or features to you. Further, if you provide us with details of any other individual (e.g., any other Platform User), you must give a copy of this Privacy Notice to, and obtain consent from, that individual before giving their personal information to us where consent is required by applicable laws.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at [email protected].
8. Recipients of Your Personal Information
In addition to and based on the specific purposes set out above, we may disclose personal information that we collect or that you provide. We may share or disclose your personal information to the following categories of recipients:
- Subsidiaries, affiliates and employees. We share your personal information with our subsidiaries and affiliates, including FourKites India Private Limited (India), FourKites B.V. (the Netherlands), FourKites Singapore Pte. Ltd, FourKites Poland, sp. z o., and NIC GmbH (Germany). If and to the extent necessary for the performance of their tasks, access will be granted to your personal information to our employees who are bound by confidentiality.
- Third-party vendors and other service providers. We may share your personal information with our third-party vendors, contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- Business transfers. We may share your personal information with a buyer or other successor in the event of a merger, divestiture, restricting, reorganization, dissolution, or other sale or transfer of some or all of FourKites’ assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by FourKites about Platform users and/or Website visitors is among the assets transferred.
- Compliance with laws. We may share your personal information with any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
- Service delivery. For Platform and CarrierLink Users, we may share your personal information to shippers, carriers, brokers and other participants in the shipping and/or trucking industry only as necessary to provide the Services, pursuant to agreements with each such licensee.
- Community users. For the Community Users, we may share your personal information to other Users of the Community.
- To any other third party you authorize us to disclose it to (e.g., Network Collaboration).
9. Third-Party Information Processing
When you use the Services, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:
- The carrier company for which you work or by which you are engaged.
- The shipper(s), brokers or beneficial cargo owner of loads you carry.
- Third-party technology or service providers for carriers, brokers and/or shippers.
- Third-parties that provide support or services for the Platform and/or Website.
- Advertisers, ad networks, and ad servers.
- Analytics companies.
- Your mobile device manufacturer.
- Your mobile service provider.
These third parties may use tracking technologies to collect information about you when you use the Platform and/or the Website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites, apps, and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Your Privacy Right and Choices section below.
10. Combining your personal information
We may combine personal information with other information we collect or obtain about you (such as information we source from our third parties) to serve you specifically, such as to deliver a product or service according to your preferences or restrictions, or for advertising or targeting purposes in accordance with this Privacy Notice. When we combine personal information with other information in this way, we treat it as, and apply all of the safeguards in this Privacy Notice.
11. Location and Retention of Your Personal Information
Location. If you are using our Services, be aware that your information will be transferred to, and maintained on, IT infrastructure located within the United States and further that your information may be accessed within the United States and/or our teams in India, Europe, and Singapore. The collection, use, retention and any other processing of your information will be governed by United States law, to the extent applicable, and further by the specific jurisdictions within the United States where that information is stored, unless otherwise specified. Accordingly, your information may be accessible to law enforcement and/or regulatory authorities according to applicable United States law.
Retention. We hold your personal information only for as long as necessary to fulfil the purposes set out in this Privacy Notice. FourKites only decides the retention periods for the personal information processed as described in this notice in the capacity of a controller. These retention periods are either based upon a legal obligation we have that prescribes the requirement to retain your personal information, or a business interest to retain your personal information. Our customers decide the appropriate retention periods for personal information processed by us in the capacity of a processor on their behalf. If you would like more information about specific retention periods you can email us at [email protected].
12. International Data Transfers
When we transfer your personal information outside of the jurisdiction in which you live or work, we do this where we are satisfied that adequate levels of protection are in place to protect the integrity and security of your personal data and/or adequate security measures are adopted, in compliance with applicable data protection laws.
Adequacy Decision or Contractual Clauses. This means that whenever your personal information is transferred to a different jurisdiction, we make sure that such transfers is either approved by the authorities from the jurisdiction the personal information originates from through so called ‘adequacy decisions’ or is subject to appropriate safeguards such as contractual clauses for transfers as approved by those authorities (e.g., Argentina, Brazil, EEA, Indonesia, Israel, Singapore, The Philippines, Uruguay).
Consent. If you are from a country where consent is the only ground available to transfer data (e.g., Canada, Malaysia, Mexico, Panama, Peru, Saudi Arabia, Turkey), we will transfer overseas and process the personal information described above only with your consent. International transfers of your personal data shall comply with the legal basis set forth in the applicable law of your country, and any instructions provided by the regulatory authority and/or applicable law.
In compliance with the EU-US Data Privacy Framework Principles, FourKites commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union and Swiss individuals with DPF inquiries or complaints should first contact FourKites at [email protected].
FourKites has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
13. Protection of your Personal Information
At FourKites, protecting the information that we are trusted with is our priority. We take contractual, technical, and organizational security measures in accordance with the state of the technology to protect the processed data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Your personal data will be protected within the scope of the following points:
- Safeguarding the confidentiality of your personal information. To maintain the confidentiality of your data stored by us, we have taken various measures such as access control, pseudonymization and encryption. Additionally, we ensure that actual or suspected data breaches are investigated and reported in accordance with applicable law.
- Safeguarding the integrity of your personal data. To maintain the integrity of your data stored by us, we have taken various measures to control disclosure and input, and train our employees as part of our information security program.
- Maintaining the availability of your personal data. To maintain the availability of your data stored with us, we have taken various control measures to ensure the resilience of processing systems and services.
- Testing, assessing, and evaluating the effectiveness of measures implemented. The security measures in place are continuously improved in line with technological developments.
FourKites is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria. Every year FourKites is subject to independent audit. If you would like more information about specific measures taken to protect your personal information you can email us at [email protected].
14. Your Privacy Right and Choices
Based on the law applicable to the use of your personal information, you have rights in relation to your personal information. Note that we will have to balance your rights and your request to exercise them against our rights and obligations to process your personal information and to protect the rights and freedoms of others. A number of the rights you may have in relation to your personal information are explained below:
- You have the right to be informed on the processing of your personal information, and in some countries, this may include the right to information about the public and privacy entities with which we have shared your information and how we have used your information in the 12 months prior to your request.
- California consumers have the right to opt-out of the sale of their personal information. We do not and will not sell your personal information. We may provide third parties with certain personal information to provide or improve our products and services, for example to deliver products or services at your request. In such cases, we require those third parties to handle the information in accordance with applicable laws and regulations.
- You may have the right to access, correct, update, anonymize, or delete your personal information by emailing [email protected]. Note that we cannot delete your personal information without also deleting your user account. We may not accommodate a request to delete or change information if we believe the deletion or change would violate any law or legal requirement (including contractual) or cause the information to be incorrect. Proper access and use of information in connection with the Services is governed by our agreements with the company licensing access to the Services.
- You may have the right to object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information by emailing [email protected].
- Promotion by FourKites. If you do not want us to use your email address to promote our own or third parties’ products or services, you can opt-out of receiving marketing emails at any time by sending an email to [email protected] or by using the unsubscribe function on the marketing communication.
- When we have collected and processed your personal information with your consent, then you can withdraw your consent at any time by emailing [email protected]. Withdrawing your consent will not affect the lawfulness of any processing conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful grounds other than consent. In some countries you may also have the right to request for proof of your consent.
- You have the right not to receive discriminatory treatment for exercising your privacy rights.
- You have the right to complain to a data protection authority about our collection and use of your personal information. In some countries this right to complain might be restricted. Some data protection laws require you to first use our complaints procedure as explain in this Privacy Notice before you can submit your complaint to your local data protection authority. For more information, please contact your local data protection authority.
Privacy Rights Procedure. We respond to all requests we receive from individuals wishing to exercise their privacy rights in accordance with applicable data protection laws. This section includes a description of how we handle your request when you choose to exercise your rights.
When we receive your request, we will verify your request and your rights against applicable data protection laws. This means that we will take steps to verify your identity by a method appropriate to the type of request you are making to ensure you are the individual about whom we have personal information, confirm your right to exercise these rights, and if confirmed, proceed with the request.
We will respond to your request within a reasonable period and in accordance with the periods prescribed by applicable data protection laws. We may charge you a reasonable fee for processing your request.
We may decline your request and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.
Choices. You can exercise control over the following uses of your information.
- Location Information. You can choose whether or not to allow the Platform and CarrierLink to collect and use real-time information about your device’s location through the device’s privacy settings. If you block the use of location information, some parts of the Platform and CarrierLink may then be inaccessible or not function properly.
- We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI“) on the NAI’s website.
Within our Services we provide functionality allowing you to review and update certain aspects your personal information via your account profile page.
Complaint Procedure. If you wish to make a complaint about or provide us with feedback on any processing activity or practice conducted by FourKites, please contact us by using the contact details in section 1 and we will take reasonable steps to address the feedback or investigate the complaint and respond to you.
15. Special Note About Children and Minors
The Platform and the Website are not intended for children under the age of 18, and we do not knowingly collect personal information from children under the age of 18. If we learn we have collected or received personal information from a child under the age of 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under the age of 18, please contact us at [email protected].
16. Changes to Our Privacy Notice
We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.
You are responsible for ensuring we have an up-to-date active and deliverable email address and/or mobile phone number for you and for periodically visiting this privacy notice to check for any changes.