Effective February 4, 2021
This Policy does not apply to access to NYSHEX’s Contracting System, whether through the internet or by other means. Access to NYSHEX’s Contracting System is limited to members and participants who have entered into other contracted agreements with NYSHEX or an affiliate of NYSHEX for such access, and is governed by the terms of those other contracted agreements. Your use of this Website, and any dispute over privacy, is subject to this Policy and our Terms and Conditions, available here and from our homepage, including any applicable limitations on damage and the resolution of disputes. Our Terms and Conditions are incorporated by reference into this Policy.
COLLECTION OF INFORMATION
When you subscribe to receive emails from NYSHEX, we collect personal information such as your name and email address. When you register with our Website, we collect the following information from you during the registration process: your name, country of residence, address, phone number, job title, company, entity type (carrier, beneficial cargo owner, freight forwarder, NVO, etc.), MOT license number, trade interests, email address, and a password that you select.
When you become a member we obtain certain information such as first and last name, employer, business role, professional title, contact information (e.g. email, phone, physical address); usernames; passwords; business network; business experience; business interests; and device identification data.
NYSHEX is responsible for processing the Personal Information it receives or, where applicable, transfers to a third party acting as an agent on its behalf. NYSHEX complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, EEA and Switzerland, including the onward transfer liability provisions.
NYSEX is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, NYSHEX may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Atten: Compliance, Privacy Shield
30 Broad Street, Ste 1401
New York, NY 10004
Via Email: email@example.com
Subject: Privacy Shield Complaint
NYSHEX has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles and the Swiss-US Privacy Shield Principles to JAMS Mediation, Arbitration, and Dispute Resolution Services at https://www.jamsadr.com/eu-us-privacy-shield. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim.
A binding arbitration option may also be made available to you in order to address Privacy Shield complaints not resolved by any other means.
COOKIES AND OTHER TRACKING TECHNOLOGIES
Cookies, Web Beacons, and Other Tracking Technologies
Our Website uses various technologies to collect and store information when you visit, including using cookies and similar technologies to collect certain information about traffic to the Website. We also use these technologies to collect and store information when you interact with our Website. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent, however, some Website features or services will not function properly without cookies.
We use your IP address for reasons including to help diagnosis and prevent service or technological problems reported by our users or engineers that are associated with the IP address controlled by a specific web company or ISP, estimate the total number of users from specific geographical regions using the Website, and to administer the Website. We also use your IP address to identify you when we feel it is necessary to enforce compliance with this Policy or to protect our services, Website, systems, information, employees, business partners, service providers, users, customers or others, and for other purposes described in this Policy.
Third Party Analytics Services.
We use Google Analytics and other third-party services to improve the performance of the Website and for analytics and marketing purposes. For more information about how Google Analytics collects and uses data when you use our Website, visit https://www.google.com/policies/privacy/partners/, and to opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.
USE OF YOUR INFORMATION
We primarily use your information to provide our Website and membership services to you and to respond to your inquiries. We also use your information as follows:
1. To communicate with you, including to respond to your comments or requests for information, to request feedback on our products or services, and to notify you about changes to our products or services.
2. To deliver our services.
3. To help us understand our users, to tailor and enhance our product and service offerings, anticipate and resolve problems with any products or services supplied to you, create products or services that meet your needs, communicate with you about our products and services, provide access to restricted pages or contents of the Website.
4. To comply with legal and/regulatory requirements.
5. To identify you when you log into your account on our Website.
6. For marketing and advertising purposes. For example, where permitted by applicable law, we will send you emails about NYSHEX services that we believe would be of interest to you. We do not, however, share your information with third parties for their own marketing purposes. We also will use the information that we collect to evaluate the success of our advertising campaigns.
7. For Website development, research, analytics, assessing patterns of use, regulatory purposes, planning and assessing marketing initiatives by NYSHEX.
8. As required or permitted by law.
We do not use automatic decision-making or engage in profiling.
SHARING OF INFORMATION
Third Party Service Providers To enable us to more efficiently provide the products and services you have requested from us, NYSHEX shares your personal information with selected third parties such as government agencies, marketing analytics consulting firms, shipping agencies, industry associations, email service providers, web hosting providers, customer relationship management tools, enterprise resource planning system, etc. that act on our behalf as our agents, suppliers, or providers, or these third parties collect your personal information on NYSHEX behalf. The collection, transfer, storage, and processing of your personal information is undertaken by these selected third parties for the purpose for which the information was collected. Our service providers are given the information they need to perform their designated functions, and we do not authorize them to use or disclose your personal information for their own marketing purposes. In some cases, we provide personal information to a third party only if that party agrees (1) to provide adequate protections for your privacy interests that are no less protective than those set out in this Policy, and (2) to use the personal information only for the purposes for which the third party has been engaged by NYSHEX. Transfer of Business Assets As we continue to develop our business, we might acquire or buy other businesses or assets. In such transactions, customer information generally is one of the transferred business assets. Also, we transfer any information we have about you as an asset to third parties in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of NYSHEX, or as part of a corporate reorganization or other change in corporate control, for the purposes of such third parties carrying on the business of NYSHEX in relation to the continued provision of our services to you described in this Policy. Disclosure for Other Lawful Purposes As needed, NYSHEX will provide your personal information in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required by applicable law. We also disclose personal information where appropriate for the establishment, exercise or defense of legal claims, or as otherwise permitted by law.
We share information that has been anonymized or aggregated without limitation.
This section applies to those that visit our Website, or join as members, from the European Economic Area or Switzerland.
Lawful Basis for Processing
On certain occasions, we process your personal information when it is necessary for the performance of a contract to which you are a party, such as to provide services to you. We may also process your personal information to respond to your inquiries concerning our services.
On other occasions, we process your personal information where required by law. We may also process your personal information if necessary to protect your interests or the interests of a third party.
Additionally, we process your personal information when necessary to do so for our direct marketing purposes and this interest is not overridden by your data protection rights. Where we process your personal data for this purpose, our legitimate interest is to improve our services and keep our Website secure.
If the processing of personal information is necessary and there is no statutory basis for such processing, we will ask you for consent to process your personal information. You have the right to withdraw your consent to processing of personal information at any time.
If you wish to exercise the right to withdraw consent, please contact us. See the “Contact Us” section below for contact information.
Transfers of Personal Information
You have a right to the following:
· To request access to the personal information we hold about you;
· To request that we rectify or erase your personal information;
· To request that we restrict or block the processing of your personal information;
· Under certain circumstances, to receive personal information about you that we store and transmit to another without hindrance from us, including requesting
that we provide your personal information directly to another, i.e., a right to data portability; and
· Where we previously obtained your consent, to withdraw consent to processing your personal information.
To exercise these rights, see the “Contact Us” section below. Please be aware that NYSHEX may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.
Additionally, you have the right to lodge a complaint against us. To do so, contact the supervisory authority in your country of residence.
We will process and store your personal information only for the period necessary to achieve the purpose of the storage, or as permitted by law. The criteria used to determine the period of storage of personal data is the respective statutory period of at least five years, or at least two years for the period of storage of personal data that does not have a statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract or for other lawful purposes.
If you wish to stop receiving information concerning our services or products, please contact us by email as provided in the Contact Us section below to notify us of your wishes.
ACCESSING YOUR PERSONAL INFORMATION
SECURITY AND DATA INTEGRITY
We have put in place certain safeguards to help prevent unauthorized access and maintain data security with respect to your personal information. Despite these protections, however, we cannot guarantee that your data will be 100% secure. You should take measures to protect your personal information.
USER SECURITY OBLIGATIONS
Your online access to certain of your personal information may be protected by a password you select. We will never ask you for your password in any unsolicited communication (such as letters, phone calls or email messages). You have an obligation to keep your user ID, password and personal information secure. As part of maintaining this obligation we recommend that you do the following:
1. Keep your user ID and password confidential;
2. Utilize a unique password and change it frequently;
3. Make sure others are not watching you enter your user ID and/or password on your keyboard when using protected areas of the Website; and
4. Do not leave your computer unattended while logged onto protected areas of the Website. After you finished accessing your information, exit the protected area.
This Website and membership with NYSHEX is not intended for use by minors (persons under the age of 18, or under the age of majority in any area where this Website is used and the age of majority is greater than 18). If you are a minor, do not use this Website or attempt to become a member. If parents believe their minor children have provided us their personal information, please contact us using the information provided in the “Accessing Your Personal Information” section of this Policy so that we may delete this information.
CHANGES TO THIS POLICY
This Policy is current as of the effective date set forth above. We reserve the right to change this Policy from time to time without notice. Changes and modifications to this Policy will be effective immediately upon posting of the changes and modifications on the Website, except where prohibited by law. You are bound by any such revisions and should therefore periodically visit this page to review the current Policy. If at any time you choose not to accept the terms of this Policy, you should not use this Website.
If you have any questions, comments, or concerns about this Policy, please contact us in our role as data controller, at:
30 Broad St, Ste 1401
New York, NY 10004 firstname.lastname@example.org
For visitors from the European Economic Area or Switzerland, to contact our Data Protection Officer, please contact:
30 Broad St, Ste 1401
New York, NY 10004 email@example.com
Telephone: +1 646-893-4489
California residents have certain rights with respect to the personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:
· The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell about you; the categories of sources from which we collected personal information about you; our purposes for collecting or selling personal information about you; the categories of personal information about you that we have either sold or disclosed for a business purpose; and the categories of third parties with which we have shared personal information.
· The right to request that we delete the personal information we have collected from you.
· The right to opt-out of our sale(s) of your personal information. Please note that if you opt out of certain types of sales, we will be unable to provide you with the services that rely on such sales.
· The right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.
California’s “Shine the Light” law provides that entities who do business with California residents who provide personal information in obtaining products or services for personal, family, or households provide those residents with information about the customer information shared with other businesses for the direct marketing uses of said third party businesses once per year upon request. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g. requests made in 2008 will receive information regarding 2007 sharing activities).
To obtain this information, please send an email message to firstname.lastname@example.org with “Request for California Privacy Information, in the subject line and in the body of your message. We will provide the requested information to you at your e-mail address in response.
Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information classified as covered sharing will be included in our response.