Privacy Policy

This Privacy Policy (“Privacy Policy” or “Policy”) applies to the various websites and the cloud based services owned and operated by Elemica, Inc., our divisions, affiliates an subsidiaries, including without limitation, Elemica Parent, Inc., Elemica Holdings, Inc., Elemica International, Inc. EMNS, Inc. and Elemica International Limited (collectively, “Elemica”, “us”, “we” or “our”). This Privacy Policy describes how Elemica collects and uses your personal data, our disclosure and security practices, and how you can exercise your privacy rights. In this privacy policy, “you,” “your” and “yours” refer to you as an individual and, where applicable, to the company or legal entity on whose behalf you are viewing this Privacy Policy. Your privacy is important to us, and we are committed to protecting and carefully handling the personal data that you provide. Please read this Privacy Policy carefully.

As well as being a controller of your personal data, Elemica is a processor of your personal data acting for and on behalf of its customers. Where Elemica Is a processor of your personal data, we are processing that personal data at the direction of our customer. It is therefore important that you consult their privacy notice in order to find out how they process your personal data. Please contact us using the details set out below in the "Contacting Us" section for more detail.

Information We Collect

Use of our Websites

When you use our websites, we collect the following categories of personal data from you:

• Contact Information. To access certain functions on our website, we require that you create an account profile by providing certain information This may include your name, your company’s name, your email address, geographic location, phone number, job title, business sector and postal address. We may collect and maintain any other personal data that you provide us on our websites, at trade shows or in any other manner.
• Data and Usage Information. We may also collect information using common information gathering tools. We use cookies to track user sessions (including what content you have Interacted with, which website you came from, the number of visits to the website and traffic data about how long you visit our website for). Please see the "Navigational Information on Our Websites" section below for more information.
• Security Information. We may collect your registered user details, login information, the type of internet browser and operating system you use, your internet protocol (IP) address, your browser type and version, time zone setting and location, browser plug-in types and versions, clickstream and other technology on the devices you are using.
• Marketing Preferences. You may subscribe to email newsletters and other email communications by providing us your email address, contact Information, preferences or other information.
• Candidate Information. We may collect and receive personal data related to those seeking employment or Internship opportunities with us. This may include your contact information (as set out above), your date of birth, your educational and professional qualifications, your right to work, visa status, employment history, career goals, current salary and benefits, job title, and any other information which you disclose to us. We may also obtain information about you from third party sources, including, for example, information which is publicly available on professional network sites or similar sites for professional purposes. We may collect personal data revealing your racial, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, health, sex life or sexual orientation ("Special Category Data") as part of your application to work with us.

Use of our Services

When you use our services, we collect the following categories of personal data from you:

• Profile Information: In order to use our services, you must create an account profile by providing certain identification, contact, and certification information, such as your login information, name and your company’s name, email address, date of birth and age, country of residence, postal address, telephone number, business information (including information you provide and we maintain about you, your company, your accounts and your transactions) and any other personal information you may provide.

We do not collect any Special Category Data when you use our services.

Use of our App

We have an app available for certain services that enables real-time location and milestone information for shipments within the Elemica network. The app uses the user’s phone number to verify identification to authorize access to the app, and requests access to the user’s phone’s location services to track the device’s location ("Device Location Data"), even when the app is closed or not in use, in order for Elemica to provide the relevant real-time information. The user can stop the tracking of their device’s location at any time in the device’s Settings Menu. Please refer to our app privacy statement in the relevant app store(s) for more detail.

Use of Your Personal Data

We may use your personal data:

• to respond to or fulfill your requests;
• to evaluate the quality of our products and services;
• to communicate with you about our products, services and related issues;
• to notify you of and administer marketing campaigns;
• for internal administrative and analytics purposes;
• to comply with our legal obligations, policies and procedures;
• to assist you in managing your use of our websites or in managing your use of our services;
• to ensure the security and safe operation of our websites and underlying business infrastructure;
• to maintain appropriate business records;
• to confirm your identity and carry out background checks in order to prevent fraud and other crimes;
• to consider any application that you make for any particular job with us; and
• for statistical purposes.

We provide a variety of tools that allow you to report and analyze your use of our services. We will periodically generate statements for internal use that contain statistical information regarding transaction volume and value, and we may periodically report and publish aggregate general performance metrics. The reports and aggregated information will not be linked to you.

Lawful Basis for the Processing of your Personal Data

The table below describes the various forms of personal data we collect and the lawful basis on which we rely for processing this data.

Where we rely on the lawful basis of legitimate interest, we apply the following test to determine whether it is appropriate:

1. The purpose test – is there a legitimate interest behind the processing?
2. Necessity test – is the processing necessary for that purpose?
3. Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights or freedoms?

Category of personal data collected	Purpose for collection	Lawful basis for processing
Contact Information	To provide appropriate online or email information about products and services that you have requested.	Necessary to fulfil our contract with you
	To provide further, related, online or email information and ongoing news updates in relation to the identified area of interest.	Our legitimate interest in providing you with information about services offered by us.
	To follow-up to ensure requested information meets needs and identify further requirements.	Our legitimate interest to administer, operate and provide our services.
	To verify a user’s identity to authorize access to our mobile app	Our legitimate interest to keep our mobile application secure by verifying user identity.
Marketing Preferences	To provide general direct marketing for mailing list subscription.	Consent
Security Information	To receive, process and return your data securely, to maintain an audit trail with full traceability, and to communicate with you.	Our legitimate interest to keep our websites secure.
	To protect our websites and infrastructure from cyber attack or other threats and to report and deal with any illegal acts.	Our legitimate interest in keeping our websites secure.
Profile Information	To communicate with you about any issue that you raise with us or which follows from an interaction between us.	Our legitimate interest to administer, operate and provide our services.
Data and Usage Information	For our own research so that we can improve and adapt the website appropriately.	Our legitimate interest to develop new and improved services.
Device Location Data	To enable our app to track real-time location and milestone information for shipments within the Elemica network.	Our legitimate Interest to administer operate and provide our services. Please see the app privacy notice for more information.
Candidate Information	To consider any application you make for any particular job with us.	Consent; Necessary to take steps to enter into an agreement with you (e.g. contract of employment); Our legitimate interests to: (a) prevent fraud; (b) recruit personnel for our business; (c) discharge our legal obligations to store and disclose information where necessary; and/or processing permitted by and in accordance with applicable laws.

Where we rely on consent as the lawful basis for processing your personal data, you can withdraw the consent you have given to us at any time by writing to us using the contact details below in the "Contacting Us" section.

Disclosure of your Personal Data

Elemica may share your personal data with third parties including with affiliates within the Elemica group and service providers or anyone else if the processing is necessary for the purposes set out in this Privacy Policy.

We sometimes employ or work with consultants, temporary workers, software developers, or outsourcers to complete a business process or provide a service (e.g., delivering products, offering online software applications, or sending email messages on our behalf), and we may need to provide them with some personal data about you. We may also contract with financial services providers to help you manage invoices and payments, and we will provide them the personal data needed to manage the settlement requirements that you select. We require all third parties with whom we share personal data to respect the security of your personal data and to treat it in accordance with the law. Our suppliers and service providers who act as data processors must act in accordance with our instructions and only process the personal data for specified purposes.

In some circumstances, we may have to disclose your personal data to (a) comply with a judicial proceeding, court order or legal process; (b) respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (c) protect and defend our rights; or (d) to protect your vital interests or those of any other person.

We may transfer your personal data if we buy or sell any or any portion of our business. Elemica may disclose information to third parties as Elemica, in its sole discretion, believes necessary or appropriate, in connection with the merger or consolidation with, or sale of assets to such third party, provided that such third party agrees to comply with Elemica’s Privacy Policy with regard to personal data.

To facilitate the provision of our services, we must transfer some of your personal data to your trading partners and/or third-party service providers. We transfer personal data as provided by you, and other information that is directed by you, to your trading partner or third-party service provider in order to fulfil the obligations of our contract with you. If you use any of the notification and documentation features, your personal data about your transaction may be transmitted to you via telephone, email, pager, or other wireless device that you have identified to us.

Security and Integrity

Data Security

We recognize industry standards and employ administrative, technical and physical security measures designed to protect your information from loss, misuse, unauthorized access, disclosure, alternation and destruction. Please note that no security methodology is 100% safe, and it is therefore important for you to protect yourself against the unauthorized access to your information.

Data Integrity

We take reasonable steps to ensure that the personal data we collect is accurate, complete and current and is relevant and reliable for its intended use. We depend on our customers to update and correct their information whenever necessary.

Enforcement and Oversight

We conduct compliance audits of our privacy practices to verify adherence to this Privacy Policy.

Notice, Choice and Access

Our approach to responsible handling of personal data is founded on providing notice of our information practices and other privacy issues to allow you to make informed decisions regarding your use of our websites or our services.

Notice

We provide notice of our practices through (i) this Privacy Policy; (ii) customer agreements, if applicable; and (iii) specific notices on our websites. Your privacy is important to us and this Privacy Policy is intended to provide you with notice regarding the information we collect in connection with your use of our websites and services, the principles that govern our use of such information and the choices available to you regarding our use of your information. Please see Changes to this Privacy Policy for further information regarding updates to this Privacy Policy.

Withdrawing Consent and Opting Out

We believe that it is important to give you the opportunity to choose how your personal data is collected and used. Where we rely on consent as the legal basis for processing your personal data, you can withdraw the consent you have given to us at any time by writing to us using the contact details below in the "Contacting Us" section.

With regard to any promotional emails you receive from us, you may opt-out of by following the opt-out instructions provided in those emails or by emailing support@elemica.com with your request. Please note that opt-out requests will not apply to transactional service messages, such as security alerts and notices about your current account.

The above rights are in additions to your rights set out In the "Your Rights" section below.

Your Rights

In certain jurisdictions, including the UK and the European Union, you have certain rights over your personal data where Elemica is acting as controller of your personal data. These are:

• The right to be informed

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this Privacy Policy and any related communications we may send you.

• The right of access

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you in accordance with applicable data protection laws.

• The right to rectification

When you believe we hold inaccurate or incomplete personal data about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

• The right to erasure (the ‘right to be forgotten’)

Where no overriding legal basis or legitimate reason continues to exist for processing personal information, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed.

• The right to restrict processing

You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:

1. The accuracy of the personal data is contested;

1. Processing of the personal data is unlawful;

1. We no longer need the personal data for processing, but the personal data is required for part of a legal process; or

1. The right to object has been exercised and processing is restricted pending a decision on the status of the processing.

• The right to data portability

You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent or for the performance of a contract; and, the processing is by automated means.

• The right to object

You have the right to object to our processing of your personal data where:

1. Processing is based on legitimate interest;

1. Processing is for the purpose of direct marketing;

1. Processing is for the purposes of scientific or historic research; or

1. Processing involves automated decision-making and profiling.

Residents of the State of California have specific rights in relation to their personal data. For more Information, see "Additional Information for California Residents".

If you wish to exercise any of these rights, please email ElemicaLegal@elemica.com or use the information supplied in the "Contacting Us" section below. In order to process your request, we may ask you to provide two valid forms of identification for verification purposes.

Complaints

Any questions or concerns that you may have regarding the use or disclosure of your personal data should be directed to our legal department (please contact Elemica’s general counsel at +1 484 253 4674 or at ElemicaLegal@elemica.com). We will investigate and attempt to resolve complaints and disputes in accordance with the principles contained in this Policy. For complaints that we cannot resolve, you have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

For individuals in certain jurisdictions, Elemica has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Privacy Shield principles. Elemica is further committed to referring unresolved privacy complaints to JAMS, an alternative dispute resolution provider, at no cost to you. Please visit www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address complaints not resolved by any other means. Please note that our services of JAMS will be provided at no cost to you.

Navigational Information on Our Websites

Cookies

Like most websites, our websites and our services use "cookies," which are small pieces of data our server may send to your browser while you are using our websites or our services. These cookies contain unique identifiers that help us better understand usage of our websites and services in the aggregate. If you simply want to browse the public areas of our websites, you do not have to accept cookies from Elemica. Should you decide, however, that you would like to register and have access to restricted areas of our websites or our services, you will need to accept the cookies that our server sends to your browser. As a registered user, you receive a session-based cookie that is maintained by your browser and contains your identifier. This cookie is used to authenticate your identity and provide you with access to areas of our websites that are limited to registered users and our services..

Tracking Technology

Third party tracking systems in use on behalf of our websites may use cookies to track your involvement with certain links to help us improve and better understand our websites. You may choose not to accept these cookies and you will still have full access to site functionality.

Web Site Usage Data

With or without cookies, we keep track of usage data, such IP addresses and/or domain names, the dates and times of page requests, the names and/or IP addresses of referring websites, and other Uniform Resource Locater (“URL”) parameters. We use this information for aggregated and statistical reporting and to better understand usage of our websites in the aggregate. This information is stored in log files and is not linked to other personal data.

Information Collected by Third Parties

Third parties, such as advertising networks and business partners, may use cookies to collect information about your involvement with advertising on our websites. You may choose not to accept these cookies. We do not control, and we are not responsible for, how these parties are collecting information and you should review their privacy policies to learn more about what, why and how they collect and use information they collect. The websites may also include widgets, such as social network buttons or other interactive mini-programs that run on our websites. These widgets may collect information, such as your IP address or email address, and may set cookies to enable proper functioning. We do not control, and are not responsible for, these information collection practices, and you should review the privacy policies of the relevant companies providing the widgets.

Data Transfers

Your personal information may be transferred to, and processed outside the country in which you are resident. These other jurisdictions may have data protection laws that are different from the laws of your country (and, in some cases, not as protective).

Our servers may be located outside of the jurisdiction where we collected the data, such as the United States of America, United Kingdom, Germany, the Netherlands and India . We store and replicate your personal data on servers in other countries in order to provide speed of access, robustness and protection against server failure.

When we collect your personal data, we may transfer it to or process it in any of the countries in which we do business. Our group companies, service providers, and business partners, with whom we may share personal data, are located in and transfer personal data to various jurisdictions around the world. The principal jurisdictions where personal data is processed by or on behalf of our group companies are the United States of America, the United Kingdom, Germany, the Netherlands and India. You also acknowledge that, in certain countries or with respect to certain activities, our trusted vendors may collect, transfer, store, and process your information, including in jurisdictions outside of the EU and/or in the principal jurisdictions where we do business.

Where your personal data is transferred by us or on our behalf, we use appropriate safeguards to protect your personal data in accordance with this Policy. These safeguards include implementing applicable standard contractual clauses for transfers of personal data between our group companies, which require group companies to protect personal data they transfer from the jurisdiction in which it was collected in accordance with applicable data protection law. Additional safeguards may also be implemented where personal information is transferred. Please contact us to request a copy of our appropriate safeguards.

Information Retention

We store information about our customers, our websites for automated access and processing, and we reserve the right to keep records no longer than necessary for the purposes set out in this Privacy Policy or as required to comply with our legal obligations (the “Data Retention Period”) as operational records, historical archives, and for analysis and reporting. We will retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. At the end of the Data Retention Period, Elemica will delete your Customer Information so that it cannot be reconstructed or read. You may request that we purge specific information from our databases and archives prior to the expiration of the retention period.

Miscellaneous

EU-U.S. and Swiss-U.S. Privacy Shield Certifications

Elemica complies with the principles set forth In the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data. On July 16, 2020, the European Court of Justice issued a judgment that the EU Commission’s decision granting adequacy to the EU-U.S. Privacy Shield Framework is invalid, thereby making transfers of personal data on the basis of the Privacy Shield Decision illegal. The U.S. Department of Commerce continues to administer the Privacy Shield Framework and Elemica will continue to certify to the Department of Commerce that it adheres to the Privacy Shield Principles. Elemica no longer transfers any personal data on the basis of the Privacy Shield. Please see "Data Transfers" for more Information on international transfers of personal data.

To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Registered users

In respect of any personal data contained within any business documents submitted to us by our customers and/or registered users as part of the services we provide, we act as a processor of that personal data and the registered user is the controller. We expect that the extent of processing carried out by us in relation to the personal data contained in any business documents shall be minimal and usually involves our temporary storage of a copy of the relevant business document (unless any additional processing is requested by the customer and/or registered user). Please refer to your contract with us for further information on our obligations as a processor.

Replies and Comments

If you use a blog or other feature to post information on our websites, you should be aware that any information you submit there can be read, collected, or used by other users, and could be used to send you unsolicited messages. We are not responsible for the personal data you choose to submit through these features. To request removal of your information, contact us at support@elemica.com. In some cases, we may be unable to remove your information, in which case we will let you know if we are unable to do so and why.

Third Party Websites

We may provide links to third party websites, such as those of our business partners and customers. While we try to link only to websites that share our high standards and respect for privacy, we do not control, and we are not responsible for, the privacy practices of these websites. We encourage you to review their privacy policies to learn more about what, why and how they collect and use information.

Children

Our websites and our services contain business-related content and are for adult use only. We do not knowingly solicit or collect personal data from or about individuals under the age of 18 years.

Submission of Information

If you use our services, be aware that any information you submit may be viewed by others. Elemica cannot ensure the security or privacy of any information that you provide through our services, and we are not responsible for, and cannot control, others’ use of any such information. Before submitting any personal data about any individual (e.g., a company contact), obtain that individual’s consent for the collection, transfer, processing, and use of that information in accordance with this Policy.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time and we encourage you to periodically review this Privacy Policy to be informed of how Elemica is protecting your information. If we make material changes to this Privacy Policy, we will provide notification by email or by means of a notice on our home page. Changes to the Privacy Policy will be effective upon posting.

Additional Information for California Residents

This section applies in relation to the processing of personal data of residents of the State of California in the United States of America by Elemica as required by the California Consumer Privacy Act ("CCPA"). Please note that the CCPA contains exceptions, including with respect to collection, disclosure or sale of personal information of employees, contractors, and applicants for employment with Elemica. The CCPA also contains exceptions for information otherwise governed by regulations such as GLBA, FCRA, CFIPA, HIPAA, and CMIA.

Rights for California Residents

Please note this is a summary and California residents should consult the CCPA for additional information.

• Right to Opt Out of the Sale of Personal Information. Elemica does not and will not sell your personal information.
• Notice at Collection. Elemica maintains this Privacy Policy to provide Notice.
• Right to Submit a Verifiable Request to Delete, Right to Know – Right to a Copy, and Right to Know – Right to Information. California residents have the right to make the aforementioned requests, at no charge, up to twice every 12 months Please consult the CCPA for details on these rights and the applicable exceptions. You may exercise your rights by submitting a request to ElemicaLegal@elemica.com. We will respond to verifiable requests as required under the CCPA.
• Right to Non-Discrimination and Incentives. Elemica does not discriminate against any California residents who exercise their rights under the CCPA. Elemica also does not offer any incentives for the collection, sale, or deletion of personal information.
• Right to Designate an Authorized Agent. If a California resident designates an authorized agent to make the above noted requests on their behalf, Elemica may require the agent to verify their identify. Elemica may deny a request from an agent who does not provide proof of proper authorization by a California resident, subject to exceptions.
  
  

Contacting Us

We are committed to protecting your information and helping you manage your privacy. If you have any questions or concerns about this Privacy Policy, please refer to the appropriate contact below:

Accessing or Correcting Personal Information and General Inquiries:

Email: support@elemica.com

Phone: 1-800-ELEMICA (U.S. and Canada) or 00-800-4-353-6422 (Europe, except Scandinavia).

Questions about Marketing Communications:

Email: mediarelations@elemica.com

Questions about this Privacy Policy or our use of Personal Information:

Email: ElemicaLegal@elemica.com or the Elemica General Counsel at +1 484 253 4674

Mailing Address:

550 East Swedesford Road, Suite 310, Wayne Pennsylvania 19087 USA

This Privacy Policy was last updated on July 18, 2022.