Last Modified: July 1, 2021
- To support FourKites’ expansion into Latin America, this policy has been updated to include a description of additional rights granted under applicable data protection laws.
- To add information about personal information we collect in connection with Dynamic Ocean™.
- The FourKites Platform (including FourKites® Visibility Cloud, Dynamic Yard® and Dynamic Ocean™) and its accompanying mobile applications (the “Platform“)
- The FourKites Website (www.fourkites.com) (the “Website“)
- Partner Hub (https://carrier-onboarding-broker-service-dev.fourkites.com/onboarding-tools#/auth/signin) (“Partner Hub”)
- The FourKites Community Website (https://support-fourkites.force.com/community/s/ for customers and https://support-fourkites.force.com/carriercommunity/s/ for carriers) (the “Community Site“)
- The CarrierLink® mobile application (“CarrierLink“) (collectively our “Services“)
Information Collected and Uses
6. Information We Do Not Collect About You
We do not collect any sensitive personal information through our Services. Sensitive personal information, as defined by applicable data protection laws, may include details about your race or ethnicity, religious, moral, or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health (including mental), and genetic and biometric data; financial information such as account numbers. We also do not collect any information about criminal convictions or offences.
A. Third-Party Information Processing
When you use the Services, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:
- The carrier company for which you work or by which you are engaged.
- The shipper(s), brokers or beneficial cargo owner of loads you carry.
- Third-party technology or service providers for carriers, brokers and/or shippers.
- Third-parties that provide support or services for the Platform and/or Website.
- Advertisers, ad networks, and ad servers.
- Analytics companies.
- Your mobile device manufacturer.
- Your mobile service provider.
These third parties may use tracking technologies to collect information about you when you use the Platform and/or the Website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites, apps, and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Your Right and Choices section below.
B. Combining your personal information
C. Who do we share your personal information with?
In addition to the specific purposes set out above, we may disclose personal information that we collect or that you provide. We may share or disclose your personal information to the following categories of recipients:
- Subsidiaries and affiliates. We may share your personal information with our subsidiaries and affiliates, including FourKites India Private Limited (India), FourKites B.V. (the Netherlands) and FourKites Singapore Pte. Ltd.
- Third-party vendors and other service providers. We may share your personal information with our third-party vendors, contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- Business transfers. We may share your personal information with a buyer or other successor in the event of a merger, divestiture, restricting, reorganization, dissolution, or other sale or transfer of some or all of FourKites’ assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by FourKites about Platform users and/or Website visitors is among the assets transferred.
- Compliance with laws. We may share your personal information to comply with any court order, law, or legal process, including responding to government or regulatory requests or with law enforcement agencies or for an investigation related to public safety, in any applicable jurisdiction.
- Legal rights. We may share your personal information To enforce our rights arising from any contracts entered into between you or your company and us, including agreements for subscriptions to the Platform, and for billing and collection, or If we believe disclosure is necessary or appropriate to protect our rights, property, or safety of FourKites, our customers, or others or to enable us to take precautions against liability.
- Service delivery. For Platform and CarrierLink Users, we may share your personal information to shippers, carriers, brokers and other participants in the shipping and/or trucking industry only as necessary to provide the Services, pursuant to agreements with each such licensee.
- Community users. For the Community Site Users, we may share your personal information to other Users of the Community Site.
- To any other third party you authorize us to disclose it to.
FourKites may disclose aggregated information without restriction.
D. Location and Retention of Your Personal Information
If you are using our Services from outside the United States, be aware that your information will be transferred to, and maintained on, IT infrastructure located within the United States and further that your information may be accessed within the United States and/or our teams in India and Singapore. The collection, use, retention and any other processing of your information will be governed by United States law, to the extent applicable, and further by the specific jurisdictions within the United States where that information is stored, unless otherwise specified. Accordingly, your information may be accessible to law enforcement and/or regulatory authorities according to applicable United States law.
E. Your Right and Choices
Depending on relevant laws in your country, you may have rights such as rights to request to access, port, object, correct and erase the personal information that we hold about you. In addition to any legal obligations, we strive to provide you with choices regarding the personal information you provide to us, where it makes sense.
You can exercise control over the following uses of your information.
- Location Information. You can choose whether or not to allow the Platform and CarrierLink to collect and use real-time information about your device’s location through the device’s privacy settings. If you block the use of location information, some parts of the Platform and CarrierLink may then be inaccessible or not function properly.
- We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI“) on the NAI’s website.
- Within our Services we provide functionality allowing you to review and update certain aspects your personal information via your account profile page.
F. Legal Basis for Processing Your Personal Information
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at email@example.com.
G. International Data Transfers
If we transfer your personal information outside of the jurisdiction in which you live or work, we do this where we are satisfied that adequate levels of protection are in place to protect the integrity and security of your personal data and/or adequate security measures are adopted, in compliance with applicable data protection laws.
H. Special Note About Children under the Age of 13 and Minors
The Platform and the Website are not intended for children under the age of 13, and we do not knowingly collect personal information from children under the age of 13. If we learn we have collected or received personal information from a child under the age of 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under the age of 13, please contact us at firstname.lastname@example.org.
For Latin American, Brazilian, Hong Kong SAR and Singapore data subjects, The Platform and the Website are not intended for children or adolescent under the age of 18. If you are aware of any collection of Personal Data of minors, or if you have any questions regarding this type of processing, please contact us at email@example.com.
J. Contact Information
If you are located in the EEA, you can contact FourKites’ EU Representative, FourKites B.V., at Claude Debussylaan 10, 1082MD Amsterdam, The Netherlands.
FourKites Cookie Notice
Last Modified: June 26, 2019
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a Site. Cookies are widely used by Site owners in order to make their Sites work, or to work more efficiently, as well as to provide reporting information.
Cookies set by the Site owner (in this case, FourKites ) are called “first party cookies”. Cookies set by parties other than the Site owner are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the Site (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognise your computer both when it visits the Site in question and also when it visits certain other Sites.
We use first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Sites to operate, and we refer to these as “essential” or “strictly necessary” cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Sites. Third parties serve cookies through our Sites for advertising, analytics and other purposes. This is described in more detail below.
The specific types of first and third party cookies served through our Sites and the purposes they perform are described in the table below (please note that the specific cookies served may vary depending on the specific Site you visit):
|Types of cookie||Who serves these cookies||How to refuse|
|Essential Site cookies: These cookies are strictly necessary to provide you with services available through our Sites and to use some of its features, such as access to secure areas.||FourKites||Because these cookies are strictly necessary to deliver the Sites to you, you cannot refuse them.
You can block or delete them by changing your browser settings however, as described below under the heading “How can I control cookies?”.
|Performance and functionality cookies: These cookies are used to enhance the performance and functionality of our Sites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.||FourKites||To refuse these cookies, please follow the instructions below under the heading “How can I control cookies?”|
|Analytics and customisation cookies: These cookies collect information that is used either in aggregate form to help us understand how our Sites are being used or how effective are marketing campaigns are, or to help us customise our Sites for you.||FourKites
|To refuse these cookies, please follow the instructions below under the heading “How can I control cookies?”|
|Advertising cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.||FourKites
|To refuse these cookies, please follow the instructions below under the heading “How can I control cookies?”
Alternatively, please click on the relevant opt-out link below:
For Google Ads, you can update your settings by visiting https://adssettings.google.com/
|Social networking cookies: These cookies are used to enable you to share pages and content that you find interesting on our Sites through third party social networking and other Sites. These cookies may also be used for advertising purposes too.||To refuse these cookies, please follow the instructions below under the heading “How can I control cookies?”|
What about other tracking technologies, like web beacons?
Cookies are not the only way to recognise or track visitors to a Site. We may use other, similar technologies from time to time, like web beacons (sometimes called “tracking pixels” or “clear gifs”). These are tiny graphics files that contain a unique identifier that enable us to recognise when someone has visited our Sites or opened an e-mail that we have sent them. This allows us, for example, to monitor the traffic patterns of users from one page within our Sites to another, to deliver or communicate with cookies, to understand whether you have come to our Sites from an online advertisement displayed on a third-party Site, to improve site performance, and to measure the success of e-mail marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.
Do you serve targeted advertising?
Third parties may serve cookies on your computer or mobile device to serve advertising through our Sites. These companies may use information about your visits to this and other Sites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. This can be accomplished by them using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. The information collected through this process does not enable us or them to identify your name, contact details or other personally identifying details unless you choose to provide these.
How can I control cookies?
You have the right to decide whether to
accept or reject cookies. You can exercise your cookie preferences by clicking on the appropriate opt-out links provided in the cookie table above.
In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com.
How often will you update this Cookie Notice?
The date at the top of this Cookie Notice indicates when it was last updated.
Where can I get further information?
FourKites Data Security
At FourKites, protecting the information that we are trusted with is our priority. The general information below to give you an overview of how we secure the data entrusted to us.
SOC 2 Certification
FourKites is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria. Every year we are subject to independent audit. We make available our SOC 2 Type II Report upon request. You may make a request by emailing firstname.lastname@example.org and signing an NDA.
Data Center Security
- FourKites tracks millions of loads for our global customers using secure cloud-based infrastructure hosted in the United States.
- We use AWS as our cloud partner to host our data in some of the most secure facilities available today in locations that are protected from physical and logical attacks as well as from natural disasters.
- We utilize the AWS suite of security controls to protect your data. See AWS Data Center Controls for more information about AWS’s comprehensive approach to security.
Protection from Data Loss, Corruption
- All databases are kept separate and dedicated to prevent corruption and overlap.
- We have layers of logic that segregate Customer accounts from each other.
- Customer data is regularly backed up and kept in separate locations (in accordance with the AWS approach to redundancy and reliability).
Application Level Security
- The Platform supports the use of complex passwords.
- All account passwords are hashed.
- The Platform and CarrierLink (Website and APIs) are secured with SSL encryption.
- We perform regular external security penetration tests annually using different vendors on the Platform and all mobile applications. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
Internal People Processes and Education
- Need to know: Only employees with a business need to know your information will be provided with access to it.
- Employee Training and Awareness: We train all FourKites employees on best security practices, including how to identify social engineering, phishing scams, DDOS attacks and hackers and report to appropriate teams.
- Background Checks: Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and background checks prior to employment.
- IT Audits: Internal IT audits are performed semi-annually and the whole process is reviewed by the Chief Information Security Officer.
- Our network security team and infrastructure team helps protect your data against the most sophisticated electronic attacks and other external network threats.
- We can’t give you too much information about these here (we don’t want to potentially help those we are trying to stop) but would be happy to discuss our procedures with you.
Responsible Disclosures/Vulnerability Reporting
If you believe that you are seeing suspicious activity in relation to the FourKites Services please email email@example.com.
FourKites Privacy and Security Certifications
SOC 2 – FourKites is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria. Every year we are subject to independent audit. We make available our SOC 2 Type II Report upon request. You may make a request by emailing firstname.lastname@example.org and signing an NDA.
Privacy Shield – FourKites has certified under the Privacy Shield for further information please see our certification, available here.
The General Data Protection Regulation (GDPR) is designed to ensure data protection for individuals within the European Union (EU) and/or individuals outside the EU whose data is handled by organizations who do business in the EU. GDPR compliance is important to us, and to our customers. As such, we have put in place a comprehensive GDPR program, including:
- Having detailed data protection and security terms with our customers in our Master Subscription Agreement and Data Processing Addendum. These terms have been updated as part of our GDPR program to comply with Article 28 requirements.
- Certifying under the EU-US and Swiss-US Privacy Shield Program to protect information in accordance with the Privacy Shield Principles. You can find more about the Privacy Shield here or view our Certification here. Please see below to find out what the recent decision of the Court of Justice of the European Union means for FourKites and our customers and partners.
- Having data protection and security terms with our vendors to ensure onward transfer of your data is safe.
- Publishing details regarding the sub-processors we use in our platform.
- Having appropriate technical and organizational security measures in place to protect the personal information that you trust us with, including those measures described above. FourKites is SOC 2 Type II compliant.
- Ensuring that privacy and security risk assessment procedures are embedded in our product lifecycle.
- Ensuring that our products have the capability to support individual rights requests.
- Maintaining accurate data processing records of the personal information processing that we undertake as both a controller and a processor.
Privacy Shield and international data transfers
What happened to Privacy Shield and what does it mean for FourKites and our customers?
FourKites is closely following the developments around the recent decision of the Court of Justice of the European Union (CJEU), which invalidated the EU-US Privacy Shield, one of the ways for companies to transfer data legally from the EU to the US. We are also following the subsequent statement by the Swiss Federal Data Protection and Information Commissioner (FDPIC) which concluded that the Swiss-US Privacy Shield no longer provides an adequate level of protection for data transfer from Switzerland to the US.
The CJEU confirmed that the Standard Contractual Clauses continue to provide a valid mechanism for companies to transfer personal data outside the EU / UK. However, following the decision, transfers based on the SCCs may be challenged on a case-by-case basis. The CJEU noted that, in addition to the SCCs, the data exporter and data importer may need to agree to supplemental measures to ensure an adequate level of protection for the transfer of personal data, but did not specify what those measures might consist of.
While FourKites relied on Privacy Shield as the primary method for data transfers from the EU, the UK and Switzerland to the US, as a back-up in anticipation of this issue, we also committed to protecting EU, UK and Swiss data in compliance with the Standard Contractual Clauses (SCCs). Our Data Processing Addendum is structured in a way that the SCCs automatically take effect in the event Privacy Shield was invalidated.
FourKites remains Privacy Shield certified and will continue to honor our commitments under the Privacy Shield.
How does FourKites ensure that data from the EU, the UK and Switzerland remains protected outside of Europe?
- In addition to incorporating the Standard Contractual Clauses, our Data Processing Addendum also sets out commitments to security, confidentiality of processing, limitations on international transfers of personal data, cooperation with data subject rights, notice of security incidents and more.
- FourKites responds to law enforcement requests in accordance with our customer agreements. We also provide certain commitments to our Platform customers regarding law enforcement requests for data. In particular, FourKites contractually commits to providing notice of any law enforcement requests unless we are prohibited by law from doing so.
Over the coming months, we anticipate that European data protection regulators will issue additional guidance on the CJEU decision, including what the supplementary measures could consist of. We will continue to keep up to date with the forthcoming guidance and assess whether we need to make any changes to our existing privacy practices. This way our customers and partners can continue to enjoy FourKites’ services within a safe data processing environment.
Keeping on top of global level developments
- Our Legal team partners with our developers and engineers to make sure our products and features comply with applicable international spam and privacy laws.
- We retain a European law firm to consult on EU privacy issues.
The California Consumer Privacy Act (CCPA) is a California data privacy law applicable to residents of California. CCPA compliance is important to us, and to our customers. As such, we have put in place a CCPA program, including:
- Having data protection and security terms with our service providers to limit how they can use or disclose your personal information.
- Not discriminating against you for exercising any of your rights under the CCPA.