privacy - Shipex

PRIVACY POLICY SHIPEX PORTAL

1 Introduction

This privacy notice aims to inform you about how Shipex (“we”, “us”, “our”, or “Shipex”) collects and processes personal data via its online platform, which aims at offering a communication tool to track and trace the shipment process of freights (hereafter the “Platform”).

You are typically a user that uses the Platform (“you”, “your”) such as:

on behalf of a client of Shipex (as an employee or contractor of such client);
on behalf of a partner or subcontractor of Shipex (as an employee or contractor of such partner or subcontractor); or
on behalf of a partner or subcontractor of a Shipex’ client (as an employee or contractor of such partner or subcontractor); or
on behalf of Shipex (as an employee or contractor of Shipex).

Shipex respects your privacy and is committed to protecting your personal data in accordance with the applicable Belgian and European data protection legislation (including the General Data Protection Regulation (“GDPR”)).

Please read this privacy notice carefully. It describes not only your rights, but also the way in which you can exercise them. By using our Platform or disclosing your personal data, you acknowledge the manner in which Shipex collects and processes your personal data as described in this privacy notice.

2 Who are we and how to contact us

Shipex is a public limited company (Naamloze Vennootschap) and acts as data controller in respect of the personal data collected and processed via the Platform.

Registered Office	IJzerlaan 54 box 2, 2060 Antwerp, Belgium
Enterprise number	0423.055.897

If you have any questions about this privacy notice, your privacy and the processing of your personal data, you can contact us through the e-mail address below.

Email address

privacy@shipex.be

3 What categories of personal data do we process

Depending on which data you choose to share with us and how you use the Platform, we may process different types of personal data.

In general, if we process your personal data, it will be personal data of one of the following categories:

Identification and contact details (such as your name and e-mail address);
Login details (such as your username and password);
Technical information (such as your mobile device, IP address, user ID, operating system);
Usage information (such as information related or generated by your use of the Platform, including history, date, time, frequency, duration of the pages you have viewed); and
Feedback or information you choose to provide us within the Platform.

Your personal data originates from you directly or is automatically collected by us (in case of technical or usage information), or provided to us by your employer.

4 For which purposes do we process your personal data, on which legal basis and for how long?

4.1 General

Shipex processes personal data as a data controller. The controller is the (legal) person who determines the purposes and means of the processing activity. This Article 4 describes the purposes for which we process your personal data, the type of personal data we process for these purposes, the legal basis for doing so and the period for which we keep your personal data.

Depending on your use of the Platform we may process your personal data for the purposes specified hereunder. Please note that our Platform may evolve and more functionalities may be added from time to time. In such case this list may also evolve and will be updated as necessary in accordance with section 15.

If we ask for your consent, the consent you give is always free and you have the right to withdraw it at any time. You can withdraw your consent by sending an e-mail to: privacy@shipex.be. Your withdrawal of consent does not affect the processing of personal data prior to such withdrawal or our processing activities which are based on another legal basis.

4.2 Data processing activities

Purpose	Type of personal data	Legal basis	Retention period
To create your user account and to ensure that you can log in, access and use the Platform via your user account	Identification and contact details Login details	Performance of a contract (in case the Shipex client is a natural person) Our legitimate interests (in case the Shipex client is a legal person).	As long as necessary for the performance of the contract concluded with you or the organization pursuant to which you have access to the Platform; Your personal data will in any event be deleted no later than (i) one (1) year after termination of said agreement; or (ii) 72 business hours after Shipex is being informed that a user account should be deleted (whichever arises first).
To review your feedback and improve your user experience	Feedback you choose to provide to us Identification and contact details you choose to provide to us	Our legitimate interests	Feedback (and related personal data) will be retained for two (2) years.
To improve the Platform and tailor it to your use and to gather technical, analytical and statistical insights	Technical information Usage information	Consent	The retention period varies from as long as the duration of a Platform visit, to as long as your consent is not withdrawn (as applicable). Reference is made to our cookie statement.
To comply with our legal obligations (including to respond to data subject requests)	Identification and contact details Any additional information you provide to us	Legal obligation	Up to ten (10) years after the expiry or termination of our client relationship; or As long as required by law.

For more details about the retention period, you can always send an email to: privacy@shipex.be.

5 Personal data of third parties

If you disclose any personal data of third parties to us, you guarantee that you have informed those third parties and you have received all necessary consents to communicate the third parties’ personal data to Shipex.

6 Cookies

The Platform uses cookies and similar technologies. For more information, we refer to our cookie statement.

7 Disclosures of Personal Data

Shipex may share your personal data, as required for the purposes set forth in section 4, with:

third party service providers (such as IT service providers, security providers, or hosting providers);
professional advisers (such as lawyers or auditors); and
third parties to whom we intend or choose to sell, transfer or merge (parts of) our shares, business or assets.

Upon request, Shipex shall, as soon as possible after the request, inform you of the third parties with whom your personal data have been shared by providing you a more detailed list.

In addition, we may disclose your personal data if this is required by law, or if we determine in good faith that such disclosure is required in order to comply with any pending judicial inquiry, judicial order or litigation and/or to safeguard our rights.

Processors of Shipex always act under the responsibility of Shipex. If Shipex engages processors, this will always be done in accordance with a data processing agreement that meets the requirements of the GDPR. We require all our processors to take appropriate technical and organizational (including security) measures to protect your personal data in line with our policies. We do not allow our processors to use your personal data for their own purposes. In the event we disclose your personal data as described above, we will implement appropriate safeguards to ensure the integrity and confidentiality of your personal data.

Your personal data will only be viewed and made available to processors, employees and other third parties on a “need-to-know” basis, limited to the extent necessary to perform their services.

8 International transfers

In principle, Shipex does not transfer your personal data to third countries located outside the European Economic Area (“EEA”) unless you are located outside the EEA and are visiting our Platform from outside the EEA. It is possible that through its processor, Shipex does transfer your personal data to countries outside the EEA. In this event, Shipex will only transfer your personal data outside the EEA in accordance with the applicable data protection legislation and subject to appropriate safeguards.

Please contact us if you want further information on the specific mechanism(s) used by us when transferring personal data out of the EEA.

9 Data security

Shipex is committed to trying to make sure that your personal data is secure and makes all reasonable and appropriate efforts to protect the confidentiality of your personal data. We have implemented appropriate technical and organizational measures, safeguards and assurances to process your personal data in accordance with the GDPR, in particular to protect your personal data against loss, misuse, or unauthorized alteration or destruction.

Please contact us if you would like more information on the specific measures taken.

Despite the measures taken by us, you should be aware that there are always risks associated with sending personal data over the internet. The security and protection of your personal data can never be fully guaranteed, nor can we guarantee that unauthorized third parties will never be able to defeat those measures or use your personal data for improper purposes.

10 Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes determined in section 4 of this privacy notice, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or the organization you work for. Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed in a file and such back-ups or archives will be deleted automatically in accordance with our back-up and archiving policies.

The applicable retention periods are set out in the table above under section 4.

11 Your legal rights

Within the limits defined in Articles 15-22 of the GDPR, you have the following legal rights in relation to your personal data:

Right of access and information: you have the right to obtain confirmation from us as to whether or not we are processing your personal data, to access that personal data and how and why it is being processed, as well as to receive a copy of that data.
Right to rectification: you have the right to obtain a rectification of your personal data or to request that we complete your personal data when you become aware that we are processing incorrect or incomplete data about you.
Right to erasure ('right to be forgotten'): you have the right to obtain erasure of your personal data in certain specific cases.
Right to restriction: you have the right to have the processing of your personal data restricted in certain specific cases.
Right to portability: you have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable form, and to transfer (have transferred) that personal data to another controller.
Right to object: you have the right to object to the processing of your personal data on the basis of our legitimate interest for reasons relating to your specific situation.

The exercise of these rights is in principle free of charge. Only in the event of unreasonable or repeated requests we may charge a reasonable administrative fee. We will always inform you of the applicable fee before charging it.

You can exercise your rights by sending an e-mail to: privacy@shipex.be.

In your request, make sure to clearly specify which right you wish to exercise so we can help you as efficient as possible. Please note that in some case we may require you to give more information about yourself to ensure that we are dealing with the correct person.

If you contact us to exercise your rights we will respond within one (1) month. Exceptionally this may take longer (up to three (3) months), but then we will inform you within one (1) month of the reasons why.

12 Your right to lodge a complaint with a supervisory authority

If you consider that our processing of personal data infringes the GDPR, you have the right to file a complaint with a supervisory authority, in particular in the member state of your habitual residence, the place of work or the place of alleged infringement.

In Belgium the competent supervisory authority is the Data Protection Authority (“Gegevensbeschermingsauthoriteit” “Autorité de protection des données”):

www.gegevensbeschermingsautoriteit.be

Drukpersstraat 35, 1000 Brussels, Belgium

+32 (0)2 274 48 00

contact@apd-gba.be.

However, we would appreciate the chance to deal with your concerns before you approach the authority, so please contact us in first instance.

13 Third party links

The Platform may contain links to third party platforms, websites and/or applications. Shipex is not responsible for the content of these platforms, websites and applications and is not responsible for the privacy standards and practices of such third parties. We recommend you to read the relevant privacy policies of these third parties and their platforms, websites and/or applications before you accept their cookies and visit them to ensure yourself that your personal data is sufficiently protected.

14 Liability

If Shipex has legitimately transmitted your personal data to a third party (not being its processor), Shipex shall not be liable for any unlawful processing or unlawful use by that third party.

Shipex is in any case only liable for the damage caused by the processing of personal data if it did not comply with its specific obligations under the GDPR and our liability shall not exceed an amount equal to the amounts actually paid out by our insurer for the damage causing event. Shipex shall in no event be liable for any special, incidental, indirect or consequential losses or damages.

The foregoing exclusions and limitations shall only apply to the maximum extent permitted by applicable law.

15 Changes to this privacy notice

Shipex may amend this privacy notice at all times. Any changes we may make to our privacy notice will be indicated on the Platform and when proportionate and in line with the significance of the changes, may be notified to you by email or advised to you on your next login to the Platform. Please review Shipex’ privacy notice periodically to stay informed of changes that may affect you.

Amended versions of this privacy notice take effect ten (10) days after their publication on the Platform and/or other form of announcement and, if necessary, will always be submitted for approval, unless such modifications are necessary to comply with a legal requirement. In the latter case, such changes will take effect immediately.

16 Applicable law and jurisdiction

This privacy notice shall be governed, interpreted, and implemented in accordance with Belgian laws.

The courts of Antwerp (department Antwerp) shall have exclusive jurisdiction to decide on any dispute that may arise from the interpretation or implementation of this privacy notice, without prejudice to the consumer’s right to submit a dispute before a competent court on the basis of a mandatory legal provision.

Last updated: 21 November 2024

PRIVACY STATEMENT SHIPEX NV

Version 1.0 dated 06/2025

Thank you for visiting our website. We attach great importance to the protection of your privacy and personal data. In this privacy statement, we explain in a transparent and clear way how we handle your personal data.

This privacy statement applies to all personal data that we collect and process when you use our services, visit our website, or otherwise contact us.

In this statement, you will find information on:

What personal data we collect
Why we collect and use this data
Your rights in relation to your personal data
How you can contact us

1. WHO IS THE DATA CONTROLLER ?

The controller for your personal data is:
NV SHIPEX
Ijzerlaan 54, bus 2
2060 Antwerp
Ondernemingsnummer: 0423.055.897

Hereinafter referred to as "Shipex".

f you have any questions regarding the processing of your personal data, you can always contact us via the contact details mentioned under point 9.

2. FROM WHOM AND WHY DO WE PROCESS PERSONAL DATA?

Shipex processes personal data for different purposes, depending on the nature of your relationship with our company. The legal basis is always indicated next to the processing activity.

2.1. Customer management - contractual requirement / legitimate interest

Shipex keeps the contact details of its contact person with its customers. This always involves the professional contact data such as the name, e-mail address and telephone number of the contact person.

In addition, bank details (such as IBAN) of sole traders may also be processed.

2.2. Know Your Client - legitimate interest

In the context of due diligence, Shipex processes the personal identification data of the CEO or another member of management at the client company. This processing relies on the consent of the concerned member of management.

2.3. Supplier management - legitimate interest / contractual requirement

Shipex also keeps the personal data, such as name, e-mail address, signature and telephone number, of the contact person at the supplier. This processing is done on the basis of the legitimate interest, namely to efficiently contact suppliers

2.4. Customs processing - legal obligation

The services provided by Shipex also include compliance with applicable customs formalities. This involves generating contact and identification details of the seller, consignee and shipper.

2.5. Direct marketing - legitimate interest

When Shipex engages in direct marketing, we process personal identification data for this purpose (e.g. name and professional e-mail address of the contact person at the organisation).

2.6. Job applicants - legitimate interest

If you apply to us, either spontaneously or by responding to one of the vacancies on the job page of our website, we process the information you provide to us yourself by means of your CV or cover letter.

This includes contact details such as a name, telephone number and e-mail address, as well as any other information you would provide to us.

As the recruitment process progresses, additional personal data such as training courses taken, results of assessments, etc., may be kept. This processing is also based on the legitimate interest of selecting the right candidate for a vacancy.

3. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Shipex retains the personal data of the data subject as reasonably necessary to achieve the purposes mentioned above or to comply with a legal obligation resting on Shipex.

The retention period of the aforementioned personal data is in any case limited to:

- Client management: up to 10 years after end of relationship
- Know Your Client': end of relationship
- Supplier management: up to 10 years after end of relationship
- Applicants: up to 1 year after application

4. RECIPIENTS OF DATA AND DISCLOSURE TO THIRD PARTIES

We share your personal data with third parties only when necessary for our services, when we are required to do so by law or when you have given us your explicit consent. We conclude processing agreements with all parties processing your data to ensure the security of your personal data.

We use external service providers for some of our processing activities.

For our IT services, such as hosting, maintenance and support of our systems.

As part of the application process, we use an assessment office.

For our customs processing, we use a customs agent.

These parties may have access to your data, but may only process it according to our instructions.

In the event of a business transaction, such as a merger, acquisition or sale of all or part of our business, your personal data may be transferred to the relevant third party. In such a case, we will inform you accordingly and your rights under this privacy notice will continue to be guaranteed.

5. TRANSFER OUTSIDE THE EU/EER

Shipex does not transfer personal data to countries outside the European Union or the European Economic Area.

6. AUTOMATED DECISION-MAKING

Shipex does not make decisions based on automated decision-making, including profiling.

7. WHAT ARE YOUR RIGHTS?

You have various rights regarding the personal data we process about you. You can exercise these rights by contacting us via the contact details described under point 9.

As part of our identification obligation, we may ask you to provide us with a copy of your identity card.

(a) Right of access and correction
If you want to know what personal data Shipex processes about you and for what purposes, you can contact us. You can also request that any incorrect personal data be corrected or that your data be amended.

(b) Right to erasure and restriction of processing
You have the right to request us to delete your personal data. Certain data may be retained by Shipex after your deletion request. This is for example because we have a legal obligation to keep the data for a certain period of time.

If you have legitimate reasons to do so, you can request us to restrict the processing of your personal data. This can be done, for example, because you dispute the accuracy of your data.

(c) Right to object
If the processing of your personal data is based on our legitimate interest or is part of the fulfilment of a task of public interest or public authority, you may object to the processing of your personal data in a reasoned manner.

(d) Right to data portability
If we process your personal data on the basis of your (explicit) consent or in the context of the performance of the agreement between you and us, you may request that we provide you with the personal data you have provided to us in a structured, common and machine-readable form or transfer it to another controller, provided that the processing is carried out through automated processes.

(e) Right to withdraw your consent
Where the processing of your personal data by Shipex is based on your (explicit) consent, you have the right to withdraw this consent again at any time. However, the withdrawal of your consent does not affect the lawfulness of the processing prior to its withdrawal.

(f) Right to lodge a complaint
You have the right to file a complaint to the supervisory authority if you have an unresolved concern about Shipex's use of your personal data. In Belgium, this is the ‘Gegevensbeschermingsautoriteit’

Gegevensbeschermingsautoriteit
Drukpersstraat 35
1000 Brussels
Email: contact@apd-gba.be

8. CONTACT

If you have any questions about the processing of your personal data by Shipex, this privacy statement or wish to exercise your rights as described in point 8, please contact us at :

By e-mail : privacy@shipex.be,

9. CHANGES

Shipex reserves the right to keep this Privacy Statement up to date. The data subject can always find the latest version on the website: https://www.Shipex.com/

10. APPLICABLE LAW AND COMPETENT COURT

This Privacy Statement is governed exclusively by Belgian law. Any dispute shall be submitted to the courts of the judicial district of the registered office of Shipex NV.