•  

     

     

  •  

     

     

  •  

     

     

  •  

     

     

There are no search results found. Please try modifying your search or contact our customer success team for assistance

Did you mean to search for

 

Read our in-depth data protection and privacy policy in the accorddion list below. For a quicker read, find our summarised policy here.

The Swire Shipping Group’s Data Protection and Privacy Policy (“Policy”) explains why and how we process your Personal Data, your rights in relation to your Personal Data, and how to contact us if you need to (our contact details are set out at the end of this Policy).

Swire Shipping Pte. Ltd. (“Company”) and its subsidiaries and related companies (together with the Company, the “SSL Group”, “we”, or “us”) are the Data Controller of the Personal Data we collected from our business customers, suppliers, service providers and partners (and each of their employees, officers, agents, contractors or any other individuals they engage with) (“you”, or “your”) and which is processed in accordance with this Policy.

Please note that some privacy rights and obligations may differ in certain locations based on applicable local Personal Data Protection Laws. We have included supplemental information for certain jurisdictions as schedules to this Policy as follows:

(a) Schedule 1: the United States of America Addendum which supplements this Policy in relation to the processing of Personal Data in the United States of America;

(b) Schedule 2: the CCPA / CPRA Addendum which explains how we comply with the California Consumer Privacy Act and the California Privacy Rights Act in relation to the processing of Personal Data relating to Californian residents;

(c) Schedule 3: the Australia Addendum which supplements this Policy in relation to the processing of Personal Data in Australia;

(d) Schedule 4: the People’s Republic of China Addendum which supplements this Policy in relation to the processing of Personal Data in the People’s Republic of China;

(e) Schedule 5: the New Zealand Addendum which supplements this Policy in relation to the processing of Personal Data in New Zealand;

(f) Schedule 6: the Brazil Addendum which supplements this Policy in relation to the processing of Personal Data in Brazil; 

(g) Schedule 7: the Canada Addendum which supplements this Policy in relation to the processing of Personal Data in Canada;

(h) Schedule 8: the Japan Addendum which supplements this Policy in relation to the processing of Personal Data in Japan; and

(j) Schedule 9: the Singapore Addendum which supplements this Policy in relation to the processing of Personal Data in Singapore.

This Policy applies to Personal Data collected by the SSL Group from our business customers, suppliers, service providers and partners (and each of their employees, officers, agents, contractors or any other individuals they engage with).

Personal Data Protection Authority

means the relevant regulatory authority in the jurisdiction administering the applicable Personal Data Protection Laws, including but not limited to:

• the Information Commissioner’s Office in the United Kingdom (“ICO”);• the Personal Data Protection Commission of Singapore (“PDPC”);• the California Privacy Protection Agency (“CPPA”);• the Office of the Privacy Commissioner in New Zealand (“OPC”);• the Office of the Australian Information Commissioner (“OAIC”); • the Cyberspace Administration of China (“CAC”);• the National Data Protection Authority in Brazil (“ANPD”); • the Office of the Privacy Commissioner of Canada (“OPC”), the Office of the Information and Privacy Commissioner for BC (“IPC BC”), Office of the Information and Privacy Commissioner for Alberta (“IPC AB”) Commission d’accès à l’information du Québec (“CAI”) and the Personal Information Protection Commission (“PPC”) in Japan.

Personal Data Protection Laws

means all applicable laws and regulations relating to Personal Data protection in force from time to time including any statute or statutory provision which amends, extends, implements, consolidates or replaces the same, including, without limitation:

• the EU General Data Protection Regulation 2016/679 (“GDPR”);• the GDPR as it forms part of the domestic law of the United Kingdom by virtue of the European Union (Withdrawal) Act 2018, the UK Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003;• the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore (“PDPA”);• Assembly Bill 375 of the California House of Representatives, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by the California Governor on June 28, 2018, including all regulations enacted in connection therewith, as the same may be amended, supplemented, or replaced from time-to-time (“CCPA”), including without limitation, starting on January 1, 2023, the California Privacy Rights Act, Cal. Civ. Code §§ 1798.100–1798.199.100, including all regulations enacted in connection therewith, as the same may be amended, supplemented, or replaced from time-to-time (“CPRA”);• the Privacy Act 2020 of New Zealand, including all regulations and/or codes of practice made or issued in accordance with that Act (“NZPA”);• the Australian Privacy Act 1998 (Cth) (“Australian Privacy Act”); • the Personal Information Protection Law (“PIPL”) of the People’s Republic of China and its subordinate laws and regulations;• the Brazilian General Personal Data Protection Law (No 13.709/2018) (“LGPD”), including all regulations and/or codes of practice made or issued in accordance with that Law; • the Personal Information Protection Act (“PIPEDA”) of Canada as well as provincial legislation for British Columbia, the Personal Information Protection Act (“PIPA BC”), Alberta, the Personal Information Protection Act (“PIPA AB”) and Québec, Act respecting the protection of personal information in the private sector (“PPIPS”) and the Japan’s Act on the Protection of Personal Information (“APPI”).

Personal Datameans any information (e.g. names, contact details, passport number, biometric data, health data etc.) whether true or not, that relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, or relating to, an identified or identifiable natural person (e.g. customer, employee etc.),“Personal Information” as such term is defined under CCPA, CPRA, the Australian Privacy Act, the PIPL, the NZPA, PIPEDA, PIPA BC, PIPA AB and/or PPIPS (as applicable), APPI and “Sensitive Personal Data” as such term is defined under the LGPD.
Data Controllermeans any organisation which determines the purposes for which, and the manner in which, any Personal Data is processed, or a “Personal Information Handler” under the context of PIPL, or a “Business handling personal information” in APPI. We are the Data Controller of certain Personal Data used in our business and this includes the definition of “Business” in CCPA and CPRA.
Data Processormeans a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller and includes the definition of “Service Provider” in CCPA and CPRA , and shall have the same or equivalent meaning of “entrusted party” as described in PIPL.

5.1 Information we collect about you and why

We process your Personal Data in order to provide our products or services to you, or in order to receive products or services from you as set forth in this Section below.

Except as otherwise indicated, the Personal Data we collect is required to carry out the requested action. While the provision of your Personal Data is voluntary, if you do not provide your Personal Data to us, we may not be able to carry out the requested action. Generally, we collect Personal Data when you:

(a) submit forms or applications, resumes and/or CVs to us, we will collect from you or from third party recruiters, your identifiers (name, address, business and/or personal phone number, email address), protected classifications (gender, age, nationality), professional or employment-related information (employment history, job function or department, right to work information, information obtained from credit reference agencies). We use this information to assess your qualification for the position for which you applied, verify your identity, and conduct background checks or other verification purpose(s), to the extent permissible by law, and due diligence. We will also collect your national identity or passport numbers where this is necessary to enable us to carry out appropriate checks in relation to contracts with you or someone else that you work for or are otherwise related to, or to accurately establish or verify your identity to a high degree of fidelity. The legal basis for processing this information is to comply with a legal or regulatory obligation to which we are subject. [For more information, please see our Recruitment Data Privacy Policy];

(b) submit queries, requests, complaints or feedback, or otherwise communicate with us, we will collect your identifiers (name and email address), and any information you choose to include in your correspondence with us. The legal basis for processing this information is performance of our contract with you;

(c) ask to be included in our mailing list, we will collect your identifiers (name and email address). We use this information to fulfil your request to receive information we feel may be of interest to you. The legal basis for processing your information is your consent. You can revoke your consent with effect going forward by clicking on the “unsubscribe” link in each email. Please note that we will continue to send you transactional messages such as notifications necessary for the requested products or services;

(d) sign up for a Swire Shipping account on our website (name, email address, your company’s name and address, phone number). We use this information to provide users with access to details of their eBooking/eQuote requests and dashboard;

(e) place, obtain, subscribe and/or make payment for our goods and/or services or when you supply goods and/or services, we will collect your identifiers (name, address, email address, telephone number) and payment information (payment card or account number, routing number (if applicable), payment card security code, payment card expiration date). We will use this information to process your subscription or purchase. The legal basis for processing this information is performance of our contract with you;

(f) take part in our surveys and/or events organised solely or jointly by the Company and/or any third parties, we will collect your identifiers (name, personal or business email address, and personal or business telephone number) and preferences (to the extent that this information is relevant to organising and managing those events [for example, your dietary requirements]). We use this information to contact you about future business opportunities and/or organise events, respectively. The legal basis for processing your information is your consent. You can revoke your consent at any time, with effect going forward, by sending a request to withdraw your consent, via email, to Dataprotection@swireshipping.com ; and

(g) visit one of our physical locations, we collect information relating to you that you give to us or we otherwise obtain when you visit us (your signature, if you sign in, or are recorded on CCTV while visiting us, or you give us the registration details of your vehicle). The legal basis for processing your information is our legitimate interest for securing our properties. In addition, we also collect information relating to you when we:

(a) conduct reviews for the purposes of (i) system and business process improvements, (ii) risk/fraud management, (iii) regulatory and compliance risk management and (iv) improvements to human resource processes (this shall include information such as your IP address, browser, time-zone setting, IP address); and

(b) conduct dispute resolution, preventing, detecting and investigating non-compliance with laws, regulations and corporate policies and enforcing our contractual and legal rights and obligations.

If you provide us with any Personal Data relating to a third party (e.g. Personal Data of your dependents, spouse, children and/or parents), by submitting such Personal Data to us, you represent and warrant to us that you have informed them of how their information will be used, that you obtained the requisite consent of such third party and/or are authorised to provide us with such Personal Data for the relevant purposes contained in this Policy.

You are to ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to fulfil your requests and/or applications or delays in processing your applications.

Where the provision of your Personal Data is generally a contractual or legal requirement or is a requirement in order for us to enter into a contract, the consequences of any failure to provide such data will be that we may need to review any engagement or business relationship that we may have with you. Our legal rights and remedies in such event are expressly reserved. We also use the Personal Data collected for the above purposes to comply with the law and for other limited circumstances as described in Section 5.5 “Who we give your information to”.

5.2 Information collected for Research & Development

We may conduct survey(s) to allow us to provide better services through customer research. You will be informed of the specific purpose(s) of each survey when we invite you to participate in the said survey. Participation in the survey is optional. The legal basis for the processing of your survey responses is your consent. You may revoke your consent with respect to being invited to future surveys by clicking the unsubscribe link included in the emails. Each of our surveys shall be conducted in accordance with the applicable Personal Data Protection Laws.

5.3 Cookies and similar tracking technologies

A cookie is a packet of data sent by a web server to a browser, which is returned by the browser each time it subsequently accesses the same server, used to identify the user or track their access to the server. Our websites use cookies and similar tracking technologies (collectively, “Cookies”) to collect and use Personal Data about you (including internet and other electronic network activity information), to better understand and improve the usability, performance and effectiveness of our websites, to help us tailor content or offers for you, and to serve our interest-based advertising. These technologies may also allow certain third parties to collect information about you. The legal basis for the processing of this information is your consent.

  • We share the information collected with our advertisers and advertising networks that require the Personal Data (including internet and other electronic network activity information) to select and serve relevant advertisements to you and others. We do not disclose Personal Data about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the Personal Data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisements to that target audience, subject to our Cookie Policy. The legal basis for processing this information is your consent. If you are a California resident and wish to opt out of this sharing, visit Do Not Sell or Share My Personal Information.
  • We share the information collected with our analytics and search engine providers that assist us in the improvement and optimisation of our website, subject to our Cookie Policy. The legal basis for processing this information is your consent. If you are a California resident and wish to opt out of this sharing, visit Do Not Sell or Share My Personal Information.

To learn more, including about how to consent to or withdraw your consent to Cookies, please see our Cookie Policy.

Information that we automatically obtain when you use our website and/or business systems/applications

When you use any of our websites or business systems/applications, we process the following types and categories of Personal Data (including internet and other electronic network activity information) which we collect automatically from your device. The legal basis for the processing of this information is your consent.

  • Usage information: We use essential, performance, and analytics cookies to collect information about your interaction with our websites or business systems/applications, such as what you access, what you click on, the frequency of access, and how much time you spend on the websites or business systems/applications. We use this information to: (i) track you within the websites or business systems/applications; (ii) enhance user experience; (iii) conduct analytics to improve the websites or business systems/applications; (iv) prevent fraudulent use of the websites or business systems/applications; and (v) diagnosis and repair websites or business systems/applications errors, and, in cases of abuse, track and mitigate the abuse. The legal basis for this is our legitimate interest in the improvement of our websites or business systems/applications. We may also collect the information described in this section to understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
  • Device information: We use essential, performance, and analytics cookies to collect certain information about the device you use to access the websites or business systems/applications, such as hardware model, operating system, and device preferences. We use this information to: (i) track you within the websites or business systems/applications; (ii) enhance user experience; (iii) conduct analytics to improve the websites or business systems/applications; (iv) prevent fraudulent use of the websites or business systems/applications; and (v) diagnose and repair websites or business systems/applications errors, and, in cases of abuse, track and mitigate the abuse.
  • Location information: We use essential, performance, and analytics cookies to collect information about your location, which may be determined through your IP address. We use this information to: (i) track you within the websites or business systems/applications; (ii) enhance user experience; (iii) conduct analytics to improve the websites or business systems/applications; (iv) prevent fraudulent use of the websites or business systems/applications; and (v) diagnosis and repair websites or business systems/applications errors, and, in cases of abuse, track and mitigate the abuse.
  • We also collect your geolocation to provide location services to allow check-in, or to deliver content or advertising that are dependent on knowing where you are located. Some features within our websites or business systems/applications may only function upon confirmation of your location, and therefore such features will not be available if you choose not to provide your location data to us. The legal basis for this processing is consent.

Delivery of location services will involve reference to one or more of the following:

The coordinates (latitude/longitude) of your location. Look-up of your country of location by reference to your IP address against public sources; and/or your Identifier for Advertisers (“IFA”) code for your Apple device, or the Android ID for your Android device, or a similar device identifier.

Information we receive from other sources:

We combine the information we collect directly from you and the information we collect automatically, with information we collect from third party sources. We use this information and the combined information for the purposes set out above under Section 5.1 “Information we collect from you and why” and “Information that we automatically obtain when you use our website and/or business systems/applications” (depending on the types of information we receive).

5.4 Automated processing

We do not carry out automated decision-making or profiling in relation to you.

5.5 Who we give your information to

Subject to the provisions of any applicable Personal Data Protection Laws, we may share the Personal Data identified in this Policy in the following instances:

  • Within SSL Group: Where necessary, we share your Personal Data within SSL Group for legitimate business purposes in order to efficiently carry out our business and to the extent permitted by law. The legal basis for this processing is our legitimate interest in carrying out our business operations efficiently. If any of these parties are using your Personal Data for direct marketing purposes, we will only transfer the Personal Data to them for that purpose with your prior consent (to the extent that such consent is required under the applicable Personal Data Protection Laws).
  • With service providers: We share your Personal Data with our service providers that assist us in providing the services, including to the below services providers. The legal basis for this is our legitimate interest in providing the services more efficiently:
    • Our business partners, customers, suppliers, service providers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for.
    • Our auditors, legal advisors and other professional advisors or service providers.
    • Credit reference agencies for the purpose of assessing your credit score where this is in the context of us entering into a contract with you or the person that you work for.
    • Payment processing providers who provide secure payment processing services.
    • Relevant government regulators and/or law enforcement agencies (whether local or overseas), to comply with any directions, laws, regulations, rules, codes of practice or guidelines, or schemes issued or administered by any of them.
    • Any party to whom you authorise us to disclose your Personal Data.
  •  

Other disclosures we may make

We may also disclose your Personal Data in the following circumstances:

  • In the event of a corporate reorganisation: In the event that SSL Group (or any member of the SSL Group) enters into, or intends to enter into, a transaction that alters the structure of our organisation, such as a reorganisation, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our assets, we would share your Personal Data with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. We will also share your Personal Data with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings. The legal basis for this is our legitimate interest in carrying out our business operations.
  • If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements with you or the company you work for; or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime. The legal basis for the processing of this information is to comply with a legal obligation to which we are subject.

Where we engage, or require a Data Processor to act on our behalf (such as suppliers, service providers or other third-party vendors), we will ensure that proper procedures are followed when appointing such third parties, including to incorporate adequate contractual provisions under the applicable Personal Data Protection Laws into services or supply agreements.

Sharing in the Last Twelve (12) Months

For a Business Purpose. In the preceding twelve (12) months, SSL Group has disclosed the following categories of Personal Data for a business purpose to the following categories of third parties:

  • We have disclosed your personal identifiers, internet and other network activity information, and customer records information to service providers that perform services on our behalf. These service providers include our background check provider, and analytics service provider.
  • We have disclosed your internet or other electronic network information to our IT support to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to identify and repair website errors that impair functionality.
  • We have disclosed your internet or other electronic network information and location information to our IT support and data analytics provider to maintain, improve, and upgrade SSL Group’s services.

For a Sale. SSL Group uses certain third party cookies on its website and/or business systems/ applications. These cookie collects your internet and other electronic network activity and shares it with the third party cookie providers. This use of your Personal Data may be considered a sale under the California Consumer Privacy Act. To opt out of this cookie, visit Do Not Sell or Share My Personal Information.

5.6 Where do we store your information

Your Personal Data may be transferred to, and processed in, a country outside of your local jurisdiction or region for any of the purposes described in this Policy. These countries may have differing (and potentially less stringent) laws relating to the degree of protection afforded to Personal Data. We may process your Personal Data in countries outside your local jurisdiction or region:

  • When we utilise cloud storage, we may process your Personal Data in countries outside your local jurisdiction or region in order to store it.
  • When we process your order, process payment details, and provide support services, we may process your Personal Data outside your local jurisdiction or region in order to enable us to provide goods or services to and fulfil our contract with you or the company you work for.
  • When we are legally required to do so, we may process your Personal Data in countries outside your local jurisdiction or region.
  • When we share information within the SSL Group, generally for the efficient functioning of our business, or as permitted by the applicable Personal Data Protection Laws, we may process your Personal Data in countries outside your local jurisdiction or region in order to facilitate the operation of our group of businesses.
  • Where your information is processed outside of your local jurisdiction or region, we (or our permitted third parties) will take reasonable steps to ensure that your Personal Data is protected in accordance with the applicable Personal Data Protection Laws.

For example, we may implement organisational, contractual and legal measures (e.g. through the implementation of an intra-group data transfer agreement including Standard Contractual Clauses) to ensure that your Personal Data is protected to the standard required in your local jurisdiction/region. You may request a copy of these measures by contacting us directly.

5.7 How we protect your information

Unfortunately, no data transmission via the internet (including via mobile application, email or other messaging service) can be guaranteed to be completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our website and/or business systems/applications, and any transmission is at your own risk.

However, we maintain commercially reasonable physical, electronic and procedural safeguards to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed in accordance with the requirements of the applicable Personal Data Protection Laws.

All Personal Data you provide to us is stored on our secure servers. We comply with our security policies and standards when accessing or using this information and restrict access to your Personal Data to those persons who need to use it for the purpose(s) for which it was collected. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website and/or any business systems/applications, you are responsible for keeping this password confidential. We ask that you do not share your password with anyone. All third-party service providers and other entities within the SSL Group are required to take appropriate security measures to protect Personal Data in line with our policies. They are only permitted to process Personal Data for specified purposes and where appropriate, in accordance with our instructions.

All third-party service providers and other entities within our group are required to take appropriate security measures to protect Personal Data in line with our policies. They are only permitted to process Personal Data for specified purposes and where appropriate, in accordance with our instructions. We have put in place procedures to deal with any suspected data security incidents and will notify you and any applicable Personal Data Protection Authority of a suspected breach where legally required under the applicable Personal Data Protection Laws, or if it is appropriate to do so.

Our website may, from time to time, contain links to external sites that are operated by third party companies with different privacy practices. You should remain alert when you leave our site and read the privacy policies of other websites. We have no control over Personal Data that you submit to or receive from these third parties.

5.8 How long we keep your information

We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required. If we require consent to collect certain information about you, and such consent is withdrawn (see Section 5.9), we will delete such information unless we are legally required to retain it.

5.9 Your rights

If you are resident in the USA, Australia, People’s Republic of China, New Zealand, Brazil, Canada or Japan, please refer to the Schedules of this Policy to learn more about your rights and how to exercise them. Under certain circumstances and to the extent such rights are granted in accordance with the applicable Personal Data Protection Laws in your country, you may have the right to:

  • Request access to your own Personal Data. This allows you to receive a copy of your Personal Data held by us as well as the right to receive information about how your Personal Data is processed.
  • Request correction of your Personal Data. This allows you to correct any incomplete or inaccurate information that we hold about you.
  • Request erasure of your Personal Data. For example, this allows you to ask us to delete or remove your Personal Data where there is no good reason for it to continue to be processed. Object to the processing of your Personal Data where such Personal Data is processed on the grounds of legitimate interests.
  • Request the restriction of processing of your Personal Data. This allows you to ask for the processing of your Personal Data to be suspended if, for example, you wish to establish its accuracy or the reason for processing it.
  • Request the withdrawal of any consent you may have given to us for processing your Personal Data, including the right to object to marketing (as mentioned in Section 5.5 “Who we give your information to” above).
  • Request the transfer of your Personal Data provided to us to another party where technically feasible.

To the extent applicable under the applicable Personal Data Protection Laws:

  • Once we confirm that consent has been withdrawn, the processing of information for the purpose or purposes originally agreed to will not continue, unless there is another legitimate basis for doing so in accordance with the applicable Personal Data Protection Laws. If there is another legitimate basis for processing information in accordance with the applicable Personal Data Protection Laws, the same data may be processed without your consent.
  • Do note that you may be allowed to withdraw consent for any optional purposes that your Personal Data is collected, processed and transferred without concurrently withdrawing consent for the necessary purposes that your Personal Data is collected, processed and transferred (e.g. for the provision of products/services that we offer).

Should you wish to exercise any of your rights, please contact us directly (see “How to exercise your rights” below). You should be aware that not all of these rights are absolute and there may be circumstances in which we will not fully comply with your request because of a specified legal ground or exemption. In certain situations, your Personal Data may be exempt from access, correction and deletion requests pursuant to the applicable Personal Data Protection Laws or other laws and regulations. We will always inform you if this is the case.

How to exercise your rights

You can also exercise the rights listed above at any time by contacting us directly at DataProtection@swireshipping.com or the contact details set out in Section 5.11 “Contact Details” below. Some jurisdictions may require such requests to be made in writing whilst others permit requests to be made orally or in writing. Please contact us if you are unsure as to how you may make a request. We will respond to your request in accordance with the applicable Personal Data Protection Law. Please note that we may ask for proof of your identity and address. We also reserve the right, in accordance with the applicable Personal Data Protection Laws, to request additional information reasonably required to identify the specific information being requested or referred to, or any additional information reasonably required to confirm your identity. To the extent permitted by the applicable Personal Data Protection Laws, we further reserve the right to charge you a reasonable fee for you to access your Personal Data, and for any additional copies of the materials provided, or to refuse to comply with the request.

5.10 Lodging a compliant with the local Personal Data Protection Authority

If you have any concerns about our use of your information, you may also have the right to make a complaint to the relevant Personal Data Protection Authority. Please refer to the definitions section above (Section 4. “Definitions”), or to the relevant Schedule for your jurisdiction, to understand which Personal Data Protection Authority is relevant to the processing of your Personal Data.

5.11 Contract Details

Our full contact details are:
Name of Data Protection Officer (DPO): Mun Wai Wong
Contact number: +65 97727042
Email: DataProtection@swireshipping.com
Address: 300 Beach Road #27-01, The Concourse, Singapore 199555.

5.12 Changes to this Policy

This Policy may be amended, supplemented, modified and updated from time to time. Please check back regularly for any updates.

Last updated: 16 December 2022

This United States of America Addendum (“USA Addendum”) supplements this Policy to the extent that the CCPA and CPRA (effective January 1, 2023), California Online Privacy Protection Act (“CalOPPA”), Nevada’s NRS 603A.300, et seq., Children’s Online Privacy Protection Act (“COPPA”), and applies in relation to the processing of Personal Data in California, Nevada, and throughout the United States by the SSL Group. In case of any inconsistences between this USA Addendum and the rest of this Policy, this USA Addendum prevails. Please refer to the Schedule 2 CCPA / CPRA Addendum (“Californain Addendum”) to learn more about California residents’ privacy rights and how to exercise those rights.

NEVADA RESIDENTS

If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of your Personal Data. We do not currently sell any of your Personal Data under Nevada law, nor do we plan to do so in the future. However, you can submit a request to opt-out of future sales by contacting us at DataProtection@swireshipping.com. Please include “Opt-Out Request Under Nevada Law” in the subject line of your message.

DO NOT TRACK

We will not place cookies or collect information via cookies when your browser is set to Do Not Track (DNT). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

GLOBAL PRIVACY CONTROL

Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to the websites you visit indicating your choice to opt out from certain types of data processing, including sales of data. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable Personal Data Protection Laws.

AGE RESTRICTION

The website and/or business systems/ applications are not intended for individuals under the age of sixteen (16). If we learn that we have collected or received Personal Data from a child under the age of sixteen (16), we will delete that information. If you believe we might have information from or about a child under the age of sixteen (16), please contact us at DataProtection@swireshipping.com. If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of your Personal Data.

Last updated: 16 December 2022

This CCPA / CPRA Addendum (“Californian Addendum”) supplements this Policy to the extent that the California Consumar Privacy Act (“CCPA”) grants consumers (California residents) certain rights with respect to their personal information. The Californian Addendum must be read in conjunction with the rest of this Policy as it contains an additional explanation of why and how we process the personal data of California residents, their rights in relation to personal data, and how to contact us. Effective January 1, 2023, the California Privacy Rights Act Cal. Civ. Code §§ 1798.100–1798.199.100 (“CPRA”), modifies the rights and requirements under the CCPA. In case of any inconsistences between this Californian Addendum and the rest of this Policy, this Californian Addendum prevails.

The Right to Know

This sets forth the SSL Group’s current and past practices related to the general categories of personal information we collect, how we collect it, how we use the personal information we collect, and how, if at all, and with whom we share the personal information. In addition to what is described in this policy, consumers have the right to request that the SSL Group discloses to the consumer the following information:

  • The categories of personal information the SSL Group has collected about the consumer.
  • The categories of sources from which the SSL Group has collected the personal information.
  • The business or commercial purpose for collecting or selling (to the extent applicable) the personal information.
  • The categories of third parties with whom the SSL Group shares personal information.
  • The specific pieces of personal information the SSL Group collects about the consumer.

The SSL Group will provide this information to a consumer upon receipt and verification of a Verifiable CCPA California Consumer Request Form (hereinafter a “Request to Know”).

For details on how to submit a Request to Know, see Exercising your rights under the CCPA. Any information provided by the SSL Group in response to a Request to Know will cover all information collected about you, unless impossible to retrieve, involves disproportionate effort (subject to CPRA regulations), or anything that violates trade secrets or data generated to help ensure security and integrity or as prescribed by regulation.

The Right to Delete

The Right to Request that the SSL Group and its service providers delete your personal information

A consumer has the right to request that the SSL Group deletes any personal information about the consumer which the SSL Group has collected from the consumer, and the SSL Group will notify any service providers or contractors acting on its behalf to do the same, and notify all third parties to whom the SSL Group has sold or shared such personal information to delete the consumer’s personal information, unless this proves impossible or involves disproportionate effort. The SSL Group will comply with a consumer’s request to delete his or her personal information upon receipt and verification of a Verifiable CCPA California Consumer Request Form (hereinafter “Request to Delete”). By law, the SSL Group may retain certain personal information collected from a consumer, notwithstanding the consumer’s request to delete the same, if it is reasonably necessary for the SSL Group to maintain the consumer’s information in order to:

  • Complete a contract between the consumer and the SSL Group.
  • Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
  • Identify and repair errors in SSL Group provided products or services.
  • Exercise any right provided for by law, and to exercise free speech.
  • Comply with the California Electronic Communications Privacy Act.
  • Engage in research that conforms or adheres to all other applicable ethics and privacy laws, when the SSL Group’s deletion of the information is likely to render impossible or seriously impair the ability to complete such research, with informed consent.
  • To enable solely internal uses that are reasonably aligned with the expectations of the consumer, based on the consumer’s relationship with the SSL Group.
  • Comply with a legal obligation.

The Right to Opt-Out

The Right to Opt-Out of the sale or sharing of your personal information

Under California law, a consumer has the right to opt out of sharing of his/her personal information for the purpose of targeted advertising and/or of the sale of his/her personal information by a business that collects personal information and sells it (“Request to Opt- Out”). Certain sharing with marketing and analytics cookies is considered a “sale” under the CCPA. To opt-out of certain sharing of information with our third-party analytics and digital advertising service providers, you may set your preferences to reject analytics and advertising cookies by clicking the “Do Not Sell or Share My Personal Information” link at the bottom of the applicable SSL Group website.

The Right to Non-Discrimination

The Right to Non-Discrimination for the exercise of your rights under the CCPA

A consumer has the right to be free from discrimination by the SSL Group because the consumer exercised any of his/her rights under the CCPA. Examples of discrimination may include:

  • Denying goods or services to you.
  • Charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, in a manner that is not justified under the law.
  • Providing a different level or quality of goods or services.
  • The SSL Group will not discriminate against consumers who exercise their rights under the CCPA.

The Right to Correct Inaccurate Personal Information

A consumer has the right to request the SSL Group to correct inaccurate personal information about the consumer, taking into account the nature of the personal information and the purposes of the processing of the personal information. If the SSL Group receives a verifiable consumer request to correct inaccurate personal information, the SSL Group will use reasonable efforts to correct the inaccurate information.

The Right to Know What Personal Information is Sold or Shared and to Whom

In the event that the SSL Group receives a verifiable consumer request from a consumer whose personal information has been sold, shared, or disclosed for a business purpose by the SSL Group, the consumer has the right to request that the SSL Group discloses to the consumer:

  • The categories of personal information that the SSL Group collected about the consumer.
  • The categories of personal information that the SSL Group sold or shared about the consumer and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared.
  • The categories of personal information that the SSL Group disclosed about the consumer for a business purpose and the categories of persons to whom it was disclosed for a business purpose.

The Right to Limit Use and Disclosure of Sensitive Personal Information

The SSL Group is not required to offer consumers a right to limit the use or disclosure of sensitive personal information if the SSL Group is using the sensitive personal information for the following purposes, provided that the use of the consumer’s personal information is reasonably necessary and proportionate for this purpose:

  • To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
  • To detect security incidents.
  • To resist malicious, deceptive, fraudulent, or illegal actions directed at the SSL Group and to prosecute those responsible for those actions.
  • To ensure the physical safety of natural persons.
  • For short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the SSL Group, provided that the personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the SSL Group.
  • To perform services on behalf of the SSL Group, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the SSL Group.
  • To verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the SSL Group, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the SSL Group.

If the SSL Group is not using the sensitive personal information for the above purposes, a consumer shall have the right to direct the SSL Group to limit its use of the sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requested the goods or services. If the SSL Group has received such a direction, the SSL Group is prohibited from using or disclosing the consumer’s sensitive personal information for any other purpose, unless the consumer subsequently provides consent to use the information for additional purposes. If the SSL Group uses or discloses a consumer’s sensitive personal information other than as necessary to perform the services or provide the goods, the SSL Group will provide notice to consumers that this information may be used, or disclosed to a service provider or contractor, for additional, specified purposes and that consumers have the right to limit the use or disclosure of their sensitive personal information.

Exercising your rights under the CCPA

Consumers may submit a request to exercise their rights under the CCPA by either of the following methods:

  • Completing the CCPA California Consumer Request Form and submitting it to dataprotection@swireshipping.com.
  • Call the SSL Group at toll-free number 1 (866) 384-9813 and provide all the information required by the CCPA California Consumer Request Form.
  • Clicking the “Do Not Sell My Personal Information” in the Privacy Policy or on the Website.
  • Utilizing an Opt-Out Preference Signal.

A consumer is entitled to utilize an authorized agent to exercise his/her rights under the CCPA/CPRA. If the consumer chooses to utilize an authorized agent for this purpose, the SSL Group reserves the right to require:

  • That the authorized agent directly verifies his or her identity with the business.
  • That the consumer otherwise directly confirms to the SSL Group that he/she has provided the authorized agent permission to submit the request.

Any authorized agent submitting a Request to Know on behalf of a consumer should complete and submit a completed CCPA California Authorized Agent Designation Form to DataProtection@swireshipping.com along with his/her request on behalf of the consumer or provide all the information required by the CCPA California Authorized Agent Designation Form to the SSL Group when submitting a consumer request via email or toll-free telephone.

Last updated: 16 December 2022

This Australia Addendum (“Australia Addendum”) supplements this Policy to the extent that the Australian Privacy Act applies in relation to the processing of Personal Data in Australia by the SSL Group. In case of any inconsistences between this Australia Addendum and the rest of this Policy, this Australia Addendum prevails.

PERSONAL DATA UNDER THE AUSTRALIAN PRIVACY ACT

In this Australia Addendum and in the Privacy Policy as it relates to the processing of Personal Data in Australia, “Personal Data” has the same meaning as “personal information” as defined in the Australian Privacy Act. “Sensitive information” is a type of “personal information” and has the same meaning as defined in the Australian Privacy Act. The concept of a “Data Controller” does not exist under the Australian Privacy Act.

DO WE SHARE YOUR PERSONAL DATA OVERSEAS?

We generally collect your Personal Data in Australia. However, we will share your Personal Data with overseas recipients located in Singapore, New Zealand and Hong Kong. These recipients include:

  • our service providers who may handle, process or store your Personal Data on our behalf. For example, we may share your Personal Data with service providers who assist us with storing our data on data storage servers, or with improving our products and services;
  • law enforcement agencies, regulatory authorities or other government authorities requiring your Personal Data for purposes such as state security, customs and immigration; and
  • other members of the SSL Group.

We only ever share your Personal Data outside of Australia where we are permitted to do so under applicable Personal Data Protection Laws. Generally this means we will take reasonable steps to ensure your Personal Data is treated securely and in accordance with applicable Personal Data Protection Laws. There are other circumstances where we may disclose your Personal Data to an overseas recipient. For example, where you have provided your consent or we are otherwise permitted to do so under other relevant laws.

HOW CAN YOU ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA?

You are entitled to request access to any of your Personal Data that we collect. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.

We will take reasonable steps to ensure that the Personal Data that we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in the Personal Data we hold about you and informing us of any change in your Personal Data (for example, if your email address changes or if you move and change address).

If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you are also entitled to request correction of the Personal Data (again, please contact our Data Protection Officer). After receiving a request from you, we will take reasonable steps to correct your Personal Data.

We may decline your request to access or correct your Personal Data in certain circumstances in accordance with the Personal Data Protection Laws. If we do refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the Personal Data we store.

DO WE USE OR SHARE YOUR PERSONAL DATA FOR DIRECT MARKETING?

We (or any member of the SSL Group) may send you direct marketing communications, information and offers about services that we think may interest you, as permitted under applicable Personal Data Protection Laws. This may take the form of emails, SMS or other forms of communication. You may opt-out of receiving marketing communications from us by contacting our Data Protection Officer using the contact details set out in Section 5.11 of the Policy or by using the opt-out facilities provided in our communications (e.g. an unsubscribe link).

We will only send these communications in accordance with applicable privacy and marketing laws (such as the Australian Privacy Act (including Australian Privacy Principle 7), the Australian Spam Act 2003 (Cth)), and only where you have opted in to (and not subsequently opted out of) receiving such communications from the us.

HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?

If you have any questions or concerns about this Australia Addendum or how we have handled your Personal Data, you may contact the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy. Please also contact the Data Protection Officer if you have a complaint about privacy. If you make a complaint about privacy, the following will occur:

No.Step
1.The Data Protection Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
2.

If your complaint requires more detailed consideration or investigation:

  •  we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly; and
  • we may ask you to provide further information about your complaint and the outcome you are seeking.
3.We will then typically gather relevant facts, locate and review relevant documents and speak with the individuals involved.
4.In most cases, we will respond to your complaint within 30 business days from when we receive your complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with our response to a complaint, or you consider that we may have breached the Australian Privacy Act (including the Australian Privacy Principles), you are entitled to make a complaint to the Office of the Australian Information Commissioner (the Australian privacy regulator).

The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992, or you can fill out this form to make a complaint about our handling of your Personal Data. Full contact details for the Office of the Australian Information Commissioner can be found online at www.oaic.gov.au.

Last updated: 16 December 2022


This People’s Republic of China Addendum (“PRC Addendum”) supplements the Policy to the extent that PIPL applies to our processing of your Personal Data where such processing takes place in, or where you are an individual in, the People’s Republic of China (“PRC”), which for the purpose of the Policy, excludes the Hong Kong Special Administrative Region, the Macao Special Administrative Region and Taiwan. This PRC Addendum forms a part of the Policy. In case of any inconsistences between this PRC Addendum and the rest of the Policy, this PRC Addendum prevails.

The term “process/processing” used in the Policy shall have the same or equivalent meaning of “handle/handling” as described in PIPL.

Legal Basis for Processing of Personal Data

In respect of the various legal basis for processing your Personal Data being introduced in the main body of the Policy:

(a) where PIPL applies, we will not rely on legitimate interests as a legal basis for processing your Personal Data; and

(b) on top of the legal basis being introduced in the Policy, PIPL also allows us to process your Personal Data without your consent where the processing is:

  • Necessary for us to respond to sudden public health incidents or to protect individual’s lives, health or properties under emergency conditions;
  • Necessary for us to implement news reporting, public opinion supervision and other such activities for the public interest, provided that such processing is carried out within a reasonable scope; or
  • Related to your Personal Data which has already been publicly disclosed by yourself or by other lawful means, provided that such processing is carried out within a reasonable scope in accordance with PIPL and does not have a significant impact on your rights and interests.

Notwithstanding the foregoing, in any of the following scenarios, we may only process your Personal Data with your separate consent:

(a) Disclosure of your Personal Data to other Data Controllers;

(b) Public disclosure of your Personal Data;

(c) Use of your image or identifying information collected from public places for any purpose other than safeguarding public security;

(d) Processing of your sensitive personal information (as described in PIPL); or

(e) Exporting your Personal Data from the PRC. For the avoidance of doubt, in the event of a corporate reorganisation of the SSL Group as mentioned in the Section 5.5 “Who we give your information to” section, we may transfer your Personal Data without your consent but will inform you of the name and contact information of the recipient of your Personal Data, who shall continue to fulfill our duties as a Data Controller.

Data Export from the PRC

In order to comply with PIPL when exporting your Personal Data from the PRC (by ways of, including but without limitations, transferring your Personal Data outside the PRC or granting the overseas recipient access to your Personal Data stored in the PRC), we will take necessary measures to ensure that your Personal Data will be protected by the overseas recipient at a level at least up to the standards set by PIPL.

Subject to the volume and nature of the relevant data export involving your Personal Data, we will also meet at least one of the following requirements set by PIPL for exporting your Personal Data:

(a) Passing the data export security assessment conducted by CAC;

(b) Obtaining certification from a specialised institution under the applicable rules prescribed by CAC;

(c) Entering into a standard form contract formulated by CAC with the overseas recipient; and

(d) Satisfying other conditions under the applicable laws, administrative regulations or rules prescribed by CAC.

Your Rights

To the extent that PIPL applies to our processing of your Personal Data, you would have the right:

(a) To restrict or object to our processing of your Personal Data;

(b) To request access to or a copy of your Personal Data, except where the laws require us to keep your Personal Data confidential;

(c) To request us to provide the portal for transferring your Personal Data to other Data Controllers, but we may grant such request only if the conditions set by CAC have been met;

(d) To request the correction or supplement of your Personal Data, if you find it inaccurate or incomplete;

(e) To request the erasure of your Personal Data in any of the following scenarios:

  • The purpose of processing your Personal Data has been achieved or cannot be achieved, or your Personal Data is no longer necessary to achieve such purpose;
  • The period of the retention of your Personal Data has expired;
  • You have withdrawn your consent;
  • Our processing of your Personal Data violates the laws and administrative regulations or breaches our contracts with you; or
  • Other circumstances provided by the applicable laws and administrative regulations; and

(f) To request us to explain and elaborate the Policy and any other rules on the processing of your Personal Data. Where our processing of your Personal Data is undertaken based on your consent, you would also have the right to withdraw such consent, but it shall not affect the effectiveness of our processing of your Personal Data which had already been undertaken before your withdrawal of consent.

Age Restriction

The website and/or business systems/applications are not intended for any individual under the age of fourteen (14). If we learn that we have collected or received any Personal Data from an individual under the age of fourteen (14), we will delete that information. If you believe we might have information from or about an individual under the age of fourteen (14), please contact us.

Local Contact

In addition to our contact details set out in the main body of the Policy, you may also contact Data Protection Officer in the following ways: Address: Unit 1311-1312, HKRI Centre One, HKRI Taikoo Hui, 288 Shi Men Yi Road, Shanghai Contact Number: 021-2285 3880 Email: DataProtection@swireshipping.com

Last updated: 16 December 2022

This New Zealand Addendum (“New Zealand Addendum”) supplements this Policy to the extent that the NZPA applies in relation to the processing of Personal Data in New Zealand by the SSL Group. In case of any inconsistences between this New Zealand Addendum and the rest of this Policy, this New Zealand Addendum prevails.

PERSONAL DATA UNDER THE NZPA

In this New Zealand Addendum, “Personal Data” has the same meaning as the definition of “personal information” in the NZPA. “Sensitive” personal information, although not expressly defined in the NZPA, is likely to include health, genetic, biometric and financial information that are inherently sensitive types of Personal Data. While there are no express obligations on entities who handle sensitive Personal Data, the privacy principles under the NZPA create a higher standard of protection for such information. The concept of a “Data Controller” does not exist under the NZPA.

DO WE SHARE YOUR PERSONAL DATA OVERSEAS?

We may share your Personal Data with overseas third parties. These recipients include:

  • our service providers who may handle, process or store your Personal Data on our behalf. For example, we may share your Personal Data with service providers who assist us with storing our data on data storage servers, or with improving our products and services;
  • law enforcement agencies, regulatory authorities or other government authorities requiring your Personal Data for purposes such as state security, customs and immigration; and
  • other members of the SSL Group.

We only ever share your Personal Data outside of New Zealand where we are permitted to do so under the NZPA. Generally, this means either you have authorised us to do so or we believe that the Personal Data will be processed and safeguarded by the overseas entity in way that is comparable to the protections offered under the NZPA.

HOW CAN YOU ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA?

You are entitled to request access to any of your Personal Data that we collect. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.

We will take reasonable steps to ensure that the Personal Data that we collect, use or disclose is accurate, complete and up-to-date. If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you are also entitled to request correction of the Personal Data (again, please contact our Data Protection Officer). After receiving a request from you, we will take reasonable steps to correct your Personal Data.

We may decline your request to access or correct your Personal Data in certain circumstances in accordance with the NZPA. If we refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the Personal Data we store.

DO WE USE OR SHARE YOUR PERSONAL DATA FOR DIRECT MARKETING?

We (or any member of the SSL Group) will only send you direct marketing communications, information and offers about services that we think may interest you with your consent and in accordance with the Unsolicited Electronic Messages Act 2007. This may take the form of emails, SMS or other forms of communication. You may opt-out of receiving marketing communications from us by contacting our Data Protection Officer using the details set out in Section 5.11 of the Policy or by using the opt-out facilities provided in our communications (e.g. an unsubscribe link).

HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?

You can exercise your rights above and raise any concerns or complaints you may have about this New Zealand Addendum or how we have handled your Personal Data, by contacting the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy. If you are not satisfied with our response to a complaint, or you consider that we may have breached the NZPA, you are entitled to make a complaint to the OPC. The OPC can be contacted by telephone on 0800 803 909, or you can fill out this form to make a complaint about our handling of your Personal Data. Full contact details for the OPC can be found online at www.privacy.org.nz.

Last updated: 22 June 2023

This Brazil Addendum (“Brazil Addendum”) supplements this Policy to the extent that the LGPD applies in relation to the processing of Personal Data in Brazil by the SSL Group. In case of any inconsistences between this Brazil Addendum and the rest of this Policy, this Brazil Addendum prevails.

PERSONAL DATA UNDER THE LGPD

In this Brazil Addendum, “Personal Data” has the same meaning as the definition of “personal data” in the LGPD. “Sensitive Personal Data”, as such term is defined under the LGPD, includes information relating to health, genetic, biometric, racial or ethnic origin, religious conviction, political opinion, union membership or organization of a religious, philosophical, or political information. The LGPD creates a higher standard of protection for Sensitive Personal Data and restricts its processing to certain authorized scenarios. The concept of “Data Controller” under the LGPD includes public or private individuals or legal entities, who are responsible for determining the purpose for which and manner in which Personal Data is processed. The concept of “Data Processor” shall have the same or equivalent meaning of “operator” as described in the LGPD.

DO WE SHARE YOUR PERSONAL DATA OVERSEAS?

We may share your Personal Data with overseas third parties. These recipients include:

  • our service providers who may handle, process or store your Personal Data on our behalf. For example, we may share your Personal Data with service providers who assist us with storing our data-on-data storage servers, or with improving our products and services;
  • law enforcement agencies, regulatory authorities or other government authorities requiring your Personal Data for purposes such as state security, customs, and immigration; and
  • other members of the SSL Group.

We only ever share your Personal Data outside of Brazil where it is not in violation of LGPD. Generally, this means either you have authorised us to do so or we will take reasonable steps to ensure your Personal Data is treated securely and will be processed and safeguarded by the overseas entity in a way that is comparable to the protections offered under the LGPD.

HOW CAN YOU ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA?

You are entitled to request access to any of your Personal Data that we collect. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.

YOUR RIGHTS

We will respect the confidentiality of the Personal Data that we collect and ensure you the exercise of your rights. Regardless of the purpose or legal basis we use to process your Personal Data, and to the extent that LGPD applies to our processing of your Personal Data, you have the right:
(a) To request confirmation of processing or access to your Personal Data;
(b) To request correction of your Personal Data, if you find it inaccurate or incomplete;
(c) To request the erasure, deletion, restriction from processing and/or anonymization of your Personal Data;
(d) To request us to provide information from Third Parties with whom your Personal Data has been shared; and
(e) To request us to provide information regarding the possibility for you to deny consent to the processing of your Personal Data.

HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?

You can exercise your rights above and raise any concerns or complaints you may have about this Brazil Addendum or how we have handled your Personal Data, by contacting the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy. If you are not satisfied with our response to a complaint, you are also entitled to file a complaint with the data protection authority, in particular, ANPD.

Full contact details for the ANPD can be found online at https://www.gov.br/anpd/pt-br/canais_atendimento/fale-conosco.

Last updated: 22 June 2023

This Canada Addendum (“Canada Addendum”) supplements this Policy to the extent that PIPEDA, applies in relation to the processing of Personal Data in Canada, or to the extent that PIPA BC, PIPA AB, or PPIPS (“the Provincial Privacy Laws”) apply in relation to the processing of Personal Data in British Columbia, Alberta, or Québec respectively by the SSL Group. In case of any inconsistences between this Canada Addendum and the rest of this Policy, this Canada Addendum prevails for all Personal Data for which Canadian privacy laws apply. Please refer to the sections A, B, and C of this Canada Addendum to learn more about British Columbia, Alberta or Québec residents’ privacy rights respectively and how to exercise those rights.

PERSONAL DATA UNDER PIPEDA AND THE PROVINCIAL PRIVACY LAWS

In this Canada Addendum, “Personal Data” has the same meaning as the definition of “personal information” in PIPEDA and under the Provincial Privacy Laws. “Sensitive” personal information is not expressly defined in PIPEDA, PIPA BC, PIPA AB. Under PPIPS, “sensitive information” is defined as information that, due to its nature, including medical, biometric, or otherwise intimate information, or the context of its use or communication, entails a high level of reasonable expectation of privacy. The concepts of a “Data Controller” or “Data Processor” do not exist under PIPEDA, PIPA BC, PIPA AB or PPIPS.

DO WE SHARE YOUR PERSONAL DATA OUTSIDE OF CANADA?

We may share your Personal Data with third parties located outside of Canada. These recipients include:

  • our service providers who may handle, process or store your Personal Data on our behalf. For example, we may share your Personal Data with service providers who assist us with storing our data-on-data storage servers, or with improving our products and services;
  • law enforcement agencies, regulatory authorities or other government authorities requiring your Personal Data for purposes such as state security, customs, and immigration; and,
  • other members of the SSL Group.

Accordingly, your Personal Data may become accessible to the courts and law enforcement and national security authorities of the jurisdictions your Personal Data is located when obtaining our services.

We only ever share your Personal Data outside of Canada where we are permitted to do so under PIPEDA or the applicable Provincial Privacy Laws. We put in place contractual arrangements with service providers and third parties with whom we share Personal Data to ensure that Personal Data is processed and safeguarded in a way that is comparable to the protections offered under applicable Canadian privacy laws.

HOW TO ACCESS OR RECTIFY YOUR PERSONAL DATA

You are entitled to request access to any of your Personal Data that we collect subject to certain exceptions to and prohibitions on disclosure. Exceptions include where information is subject to solicitor- client privilege or where the information contains references to third parties or cannot be disclosed for legal, security or commercial reasons. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.

How to make a request for access to your Personal Data

No.Step
1.Make a request for access in writing using the contact details at Section 5.11 of the Policy
2.If at any time you need assistance with making your request, we will provide assistance upon request
3.We will respond to your request within 30 days, or 45 days in Alberta. In certain circumstances, we seek an extension to respond by up to 30 days in certain cases. A fee may be required subject to certain conditions.

We will take reasonable steps to ensure that the Personal Data that we collect, use or disclose is accurate, complete and up to date. You can help us to do this by letting us know if you notice errors or discrepancies in the Personal Data, we hold about you and informing us of any change in your Personal Data (for example, if your email address changes or if you move and change address).

If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you are also entitled to request correction of the Personal Data by contacting our Data Protection Officer. After receiving a request from you, we will take reasonable steps to correct your Personal Data.

We may decline your request to access or correct your Personal Data in certain circumstances in accordance with PIPEDA or the Provincial Privacy Laws. If we do refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the Personal Data we store.

HOW TO MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA

If you have any questions or concerns about this Canada Addendum or how we handle your Personal Data, you may contact the Data Protection Officer at any time using the contact details provided at Section 5.11 of the Policy. If you are not satisfied with our response to your enquiry, or you consider that we may have breached PIPEDA or the Provincial Privacy Laws, you are entitled to make a complaint to:
Federal: Office of the Privacy Commissioner of Canada can be contacted by telephone at 1-800-282-1376. Full contact details for the OPC can be found online at www.priv.gc.ca/en/.
British Columbia: Office of the Information and Privacy Commissioner for British Columbia can be contacted by telephone at (250) 387-5629. Full contact details for the IPC BC can be found online at www.oipc.bc.ca.
Alberta: Office of the Information and Privacy Commissioner for Alberta can be contacted by telephone at (780) 422-6860. Full contact details for the IPC AB can be found online at www.oipc.ab.ca.
Québec: Commission d’accès à l’information du Québec can be contacted by telephone at (418) 528-7741. Full contact details for the CAI can be found online at www.cai.gouc.qc.ca.

RESIDENTS OF QUÉBEC 

Is Personal Data related to Québec residents transferred outside of Québec?

In advance of transferring your Personal Data to foreign jurisdictions, a privacy impact assessment is conducted to assess the sensitivity of the information, the purposes the Personal Data is being used, the protection measures in place and the legal framework to which the information will be subject. Personal Data may only be transferred where the assessment concludes that the Personal Data will receive adequate protection and a written agreement is in place.

How to exercise your right to erasure of your Personal Data

You have the right to have your Personal Data that has been provided to us erased. You may request that we cease the dissemination of the information (where the dissemination contravenes the law or where certain conditions are met), de-index or re-index hyperlinks associated with your name.

No.Step
1.Make a request for erasure in writing and by using contact details at Section 5.11 of the Policy along with your proof of identity.
2.If at any time you need assistance with making your request, we will provide assistance upon request.
3.We will respond to your request within 30 days.
4.In case of refusal, we will give you reasons for our refusal. We will also indicate the (i) provisions of law on which the refusal is based, (ii) remedies that are available to you and (iii) time limit for exercising your rights.


How to obtain or transfer your Personal Data

You have the right to obtain any Personal Data we hold on you in a structured, commonly used format, and to have the Personal Data communicated, at your request, to any person or body authorized by law to collect such data. You may make a request to obtain or transfer your Personal Data subject to certain exceptions, by using the contact details at Section 5.11.

Last updated: 28 September 2023

Japan’s Act on the Protection of Personal Information (hereinafter “APPI”) applies to the SSL Group’s handling of Personal Data concerning our customers based in Japan. This Japan Addendum (“Japan Addendum”) which applies to the handling of Personal Data concerning our customers based in Japan, supplements the Policy concerning privacy and personal data protection of our customers. In case of any inconsistencies between the Japan Addendum and the Policy, the Japan Addendum will apply.

HANDLING OF PERSONAL DATA UNDER THE APPI

In this Japan Addendum, “Personal Data” and “Data Controller,” respectively, each have the same meaning as the definition of “Personal Information” and “Business handling personal information” in the APPI. “Sensitive Personal Information”, as such term is defined under the APPI, includes information such as race, creed, social status, medical history, criminal record, etc. of a particular person which requires special care so as to prevent unjust discrimination, prejudice or other disadvantages to that person. In accordance with APPI, we will collect your Sensitive Personal Information based on prior consent given by you or without such consent if the following exceptions apply.

(1) Required by laws and regulations.
(2) Needed for the protection of life, well-being or property of an individual and obtaining consent from you to do so is difficult.
(3) Specially needed to improve the well-being of the public or promote the healthy development of a child, and obtaining consent from you to do so is difficult.
(4) To cooperate with the national or local government or persons entrusted by such public organizations for the performance of functions prescribed by laws and regulations, and obtaining consent from you to do so will likely interfere with the performance of those functions.
(5) Sensitive Personal Information is made available to the public by you, a national government agency, local government, an academic research institution, etc.
(6) Externally evident Sensitive Personal Information about you is captured by eye observation or photographic means.
(7) If we receive Sensitive Personal Information pursuant to the sub-paragraphs of APPI Article 27, Paragraph 5, such as other Data Controllers entrusting to us partial or entire Sensitive Personal Information that is necessary for achieving its purpose of use.

DO WE PROVIDE YOUR PERSONAL DATA TO THIRD PARTIES OUTSIDE OF JAPAN?

We will obtain prior consent from you to provide your Personal Data to an overseas third party (hereinafter “Overseas Third Party”). However, if one of the following circumstances were to apply, we will provide your Personal Data to the Overseas Third Party without obtaining your prior consent.

(1) The Overseas Third Party is based in the European Economic Area or Great Britain.
(2) The Overseas Third Party has appropriate measures in place for the protection of Personal Information as set forth by the regulations of APPI.
(3) Required by local laws and regulations.
(4) Needed for the protection of life, well-being or property of an individual and obtaining consent from you to do so is difficult.
(5) Specially needed to improve the well-being of the public or promote the healthy development of a child, and obtaining consent from you to do so is difficult.
(6) To cooperate with the national or local government or persons entrusted by such public organizations for the performance of functions prescribed by laws and regulations, and obtaining consent from you to do so will likely interfere with the performance of those functions.

WHAT PROCEDURES ARE AVAILABLE TO YOU FOR REQUESTING DISCLOSURE AND CORRECTION OF YOUR PERSONAL DATA?

You are entitled to request disclosure of any of your Personal Data that we collect.

Your Personal Data will be collected by us for the purposes of use as defined by Section 5.1 of the Policy or based on your prior consent. We will not use fraudulent or other unlawful means to obtain your Personal Data, and we will not use your Personal Data to incite unlawful or inappropriate conduct. However, if you consider any Personal Data we have about you is inconsistent with these purposes, you are entitled to request us for a usage suspension and deletion of your Personal Data.

We will take reasonable steps to ensure that the Personal Data we collect, use or disclose is accurate, complete and up-to-date. If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant to our business or misleading, you are also entitled to request correction of your Personal Data. After receiving a request from you, we will take legitimate steps to correct your Personal Data.

To make these requests, please contact the Data Protection Officer using the contact information set forth in Section 5.11 of the Policy. However, if we find your request to be unreasonable, we may decline your request in accordance with the APPI. If we refuse your request, we will provide you with a reason for our decision. In addition, we will include a statement about your request with the Personal Data we store.

CAN WE USE YOUR PERSONAL DATA FOR DIRECT MARKETING?

We may send you information and offers about services that we think may interest you, as permitted by APPI and the relevant marketing laws of Japan. This may take the form of emails, text messages or other forms of communication. You may opt-out of receiving marketing communication from us by contacting our Data Protection Officer using the details set out in in Section 5.11 of the Policy or by using the opt-out facilities provided in our communications (e.g., an unsubscribe link).

HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?

You can exercise your rights above and raise any concerns or complaints you may have about this Japan Addendum or how we handle your Personal Data, by contacting the Data Protection Officer at any time using the contact information set forth in Section 5.11 of the Policy. If you are not satisfied with our response to your complaint, you are also entitled to request the Personal Data Protection Commission of Japan (“PPC”) to mediate your complaint.
For full contact details of the PPC, please refer to the link below. https://www.ppc.go.jp/application/.

Last updated: 11 April 2024

This Singapore Addendum (“Singapore Addendum”) supplements this Policy to the extent that the Singapore Personal Data Protection Act 2012 (PDPA) (No. 26 of 2012) applies in relation to the processing of Personal Data in Singapore by the SSL Group. In case of any inconsistences between this Singapore Addendum and the rest of this Policy, this Singapore Addendum prevails.

PERSONAL DATA UNDER THE SINGAPORE PERSONAL DATA PROTECTION ACT 2012

In this Singapore Addendum and in the Privacy Policy as it relates to the processing of Personal Data in Singapore, “Personal Data” as defined in the Singapore Personal Data Protection Act 2012 refers to data about an individual who can be identified from that data, or from that data and other information to which the organization has or is likely to have access.

DO WE SHARE YOUR PERSONAL DATA OVERSEAS?

We generally collect your Personal Data in Singapore. However, we will share your Personal Data with overseas recipients located in various countries. These recipients include:

  • our service providers who may handle, process, or store your Personal Data on our behalf. For example, we may share your Personal Data with service providers who assist us with storing our data on data storage servers, or with improving our products and services;
  • law enforcement agencies, regulatory authorities or other government authorities requiring your Personal Data for purposes such as state security, customs, and immigration; and
  • other members of the SSL Group.

We only ever share your Personal Data outside of Singapore where we are permitted to do so under applicable Personal Data Protection Laws. Generally, this means we will take reasonable steps to ensure your Personal Data is treated securely and in accordance with applicable Personal Data Protection Laws.

There are other circumstances where we may disclose your Personal Data to an overseas recipient. For example, where you have provided your consent, or we are otherwise permitted to do so under other relevant laws.

HOW CAN YOU ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA?

You are entitled to request access to any of your Personal Data that we collect. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.


We will take reasonable steps to ensure that the Personal Data that we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in the Personal Data we hold about you and informing us of any change in your Personal Data (for example, if your email address changes or if you move and change address).


If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you are also entitled to request correction of the Personal Data (again, please contact our Data Protection Officer). After receiving a request from you, we will take reasonable steps to correct your Personal Data.


We may decline your request to access or correct your Personal Data in certain circumstances in accordance with the Personal Data Protection Laws. If we do refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the Personal Data we store.


DO WE USE OR SHARE YOUR PERSONAL DATA FOR DIRECT MARKETING?


We (or any member of the SSL Group) may send you direct marketing communications, information and offers about services that we think may interest you, as permitted under applicable Personal Data Protection Laws. This may take the form of emails, SMS, or other forms of communication. You may opt-out of receiving marketing communications from us by contacting our Data Protection Officer using the contact details set out in Section 5.11 of the Policy or by using the opt-out facilities provided in our communications (e.g. an unsubscribe link).


We will only send these communications in accordance with Personal Data Protection Laws and only where you have opted in to (and not subsequently opted out of) receiving such communications from the us.


HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?

If you have any questions or concerns about this Singapore Addendum or how we have handled your Personal Data, you may contact the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy. Please also contact the Data Protection Officer if you have a complaint about privacy.

If you are not satisfied with our response to a complaint, or you consider that we may have breached the Singapore Personal Data Protection Act, you are entitled to make a complaint to the Personal Data Protection Commission (PDPC).

The Personal Data Protection Commission can be contacted by telephone on +65 63773131, or you may visit PDPC – Complaints and Reviews.

Our Cookie Policy

This Cookie Policy explains what Cookies are, which Cookies we use and why, and what you can do to manage your Cookie preferences. Where any information we collect through Cookies qualifies as personal data, our Data Protection and Privacy Policy applies to the collection and use of that data. Please review this Cookie Policy and our Data Protection and Privacy Policy here carefully.

Please note that this Cookie Policy does not apply to and we are not responsible for, the privacy practices of third party websites which may be linked to this website.

What types of cookies do we use?

  • Necessary Cookies

    These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but that will cause some parts of the site to not work. These cookies do not store any personally identifiable information.

  • Performance Cookies

    These cookies collect and report on aggregate non-identifiable information, which helps us understand the performance of the website and provides insights on how the site is currently used and how it can be improved. They help us know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies, we will not know when you have visited our site and will not be able to monitor its performance.

  • Targeting Cookies

    These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

For more information, please refer to our Cookie Policy.