Privacy Policy
Effective Date: December 12, 2023

The New York Shipping Exchange, Inc. (“NYSHEX,” “us”, “we,” or “our”) provides this privacy policy (“Policy”) outlining how we collect, use, disclose and otherwise process information that we receive via www.nyshex.com or any software application made available by NYSHEX for use on a computer, a tablet, mobile phone or other mobile devices (the “Website”) and information received pursuant to the Membership Agreements as well as the choices you have concerning such information. PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THE WEBSITE.

This Policy does not apply to access to NYSHEX’s Platform, whether through the internet or by other means. Access to NYSHEX’s Platform is limited to members and participants who have entered into other contracted agreements with NYSHEX or an affiliate of NYSHEX for such access and is governed by the terms of those other contracted agreements.

I. COLLECTION OF INFORMATION
A. Information You Provide

We may collect personal information about you when you voluntarily provide us with such information.   For example, when you subscribe to receive emails from NYSHEX, we collect personal information such as your name and email address. When you register with our Website, we collect the following information from you during the registration process: your name, country of residence, address, phone number, job title, company, entity type (carrier, beneficial cargo owner, freight forwarder, NVO, etc.), MOT license number, trade interests, email address, and a password that you select.

When you become a member we obtain certain information such as first and last name, employer, business role, professional title, contact information (e.g. email, phone, physical address); usernames; passwords; business network; business experience; business interests; and device identification data.

B. Cookies, Web Beacons, and Other Tracking Technologies

Additionally, when you access our Website, we may collect and store information automatically by using cookies, web beacons, and other tracking technologies. We also use these technologies to collect and store information when you interact with our Website. Examples of this type of information include, but are not limited to, the dates and time of your use of this Website and the route by which you choose to access it, including your IP (Internet Protocol) address, your browser type, your operating system, or domain name, and your use of any hyperlinks or downloadable content available on this Website. We combine this information with other information that we collect about you in order to provide services specifically tailored to your use of the Website.

II. DATA PRIVACY FRAMEWORK

For information about NYSHEX’s method of cross-border data transfer, please see the International Visitors section below.

Additionally, NYSHEX complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce.  NYSHEX has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  NYSHEX has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

This Privacy Policy describes the types of personal information NYSHEX collects, the types of third parties to which we disclose this information, and the purposes for which we do so. Residents of the EU, UK, and Switzerland have the right to access the personal information that NYSHEX maintains, and in some cases, may have the right to limit the use and disclosure of personal information, to the extent allowed by law. To exercise these rights, contact us at compliance@nyshex.com.

NYSHEX is responsible for processing the personal information it receives under the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles (collectively, “DPF Principles”) and subsequently transfers to a third party. NYSHEX complies with the DPF Principles for all onward transfers of personal information from the EU, UK, and Switzerland, including the onward transfer liability provisions.

The U.S. Federal Trade Commission (FTC) has jurisdiction over NYSHEX’s compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, NYSHEX may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, NYSHEX commits to resolve DPF Principles-related complaints about our collection or use of personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal information received in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF should first contact NYSHEX at:

Via Mail:                    

NYSHEX LLC

Atten: Compliance, Data Privacy Framework

One World Trade Center

60th Floor, Suite B

New York, NY 10004

Via Email:

compliance@nyshex.com

Subject: Data Privacy Framework Complaint

In compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, NYSHEX has further committed to refer unresolved privacy complaints regarding our handling of personal information received in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to JAMS Mediation, Arbitration, and Dispute Resolution Services at https://www.jamsadr.com/eu-us-data-privacy-framework. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/file-a-dpf-claim. The services of JAMS are provided at no cost to you.

A binding arbitration option may also be made available to you in order to address DPF-related complaints when other dispute resolution procedures have been exhausted.

You can reset your browser to refuse all cookies or to indicate when a cookie is being sent; however, some Website features or services will not function properly without cookies.

III. IP ADDRESS

We collect your IP address for reasons including to help diagnose and prevent service or technological problems reported by our users or engineers that are associated with the IP address, estimate the total number of users from specific geographical regions using the Website, and to administer the Website. We also collect your IP address to identify you to enforce compliance with this Policy or to protect our services, Website, systems, information, employees, business partners, service providers, users, customers, or others, and for other purposes described in this Policy.

IV. THIRD-PARTY ANALYTICS SERVICES

We use Google Analytics and other third-party services to improve the performance of the Website and for analytics and marketing purposes. For more information about how Google Analytics collects and uses data when you use our Website, visit https://www.google.com/policies/privacy/partners/, and to opt out of Google  Analytics, visit https://tools.google.com/dlpage/gaoptout/.

 

              V. USE OF YOUR INFORMATION

 

We use your information as follows:

  1. To provide our Website and membership services to you and to respond to your inquiries.
  2. To communicate with you, including to respond to your comments or requests for information, to request feedback on our products or services, and to notify you about changes to our products or services.
  3. To deliver our services.
  4. To help us understand our users, tailor and enhance our product and service offerings, anticipate and resolve problems with any products or services supplied to you, create products or services that meet your needs, communicate with you about our products and services, provide access to restricted pages or contents of the Website.
  5. To comply with legal and/or regulatory requirements.
  6. To identify you when you log into your account on our Website.
  7. For marketing and advertising purposes. For example, where permitted by applicable law, we will send you emails about NYSHEX services that we believe would be of interest to you. We do not, however, share your information with third parties for their own marketing purposes. We also will use the information that we collect to evaluate the success of our advertising campaigns.
  8. For Website development, research, analytics, assessing patterns of use, regulatory purposes, planning and assessing marketing initiatives by NYSHEX.
  9. As otherwise required or permitted by law.

We do not use automatic decision-making or engage in profiling.

 

VI. SHARING OF INFORMATION

A. Third-Party Service Providers

To enable us to more efficiently provide the products and services you have requested from us, NYSHEX shares your personal information with selected entities such as government agencies, marketing analytics consulting firms, shipping agencies, industry associations, email service providers, web hosting providers, customer relationship management tools, enterprise resource planning system, etc. that act on our behalf as our agents, suppliers, or providers, or these third parties collect your personal information on NYSHEX’s behalf. The collection, transfer, storage, and processing of your personal information is undertaken by these selected entities for the purpose for which the information was collected. Our service providers are given the information they need to perform their designated functions, and we do not authorize them to use or disclose your personal information for their own marketing purposes.

In some cases, we provide personal information to a service provider only if that entity agrees (1) to provide adequate protections for your privacy interests that are no less protective than those set out in this Policy, and (2) to use the personal information only for the purposes for which the entity has been engaged by NYSHEX.

B. Transfer of Business Asset

We may transfer any information we collect about you in connection with an acquisition, merger, or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of NYSHEX, or as part of a corporate reorganization or other change in corporate control, for the purposes of the continued provision of our services to you described in this Policy.

C. Disclosure for Other Lawful Purposes

As needed, NYSHEX will provide your personal information in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required by applicable law. We also disclose personal information where appropriate for the establishment, exercise, or defense of legal claims, or as otherwise permitted by law. We may share information that has been anonymized or aggregated without limitation.


VII. INTERNATIONAL VISITORS

This section applies to those who visit our Website, or join as members, from the European Economic Area (EEA), United Kingdom (UK), or Switzerland.

D. Lawful Basis for Processing

On certain occasions, we process your personal information when it is necessary for the performance of a contract to which you are a party, such as to provide services to you. We may also process your personal information to respond to your inquiries concerning our services.

On other occasions, we process your personal information where required by law. We may also process your personal information if necessary to protect your interests or the interests of a third party.

Additionally, we process your personal information when necessary for purposes based on our legitimate interests in improving our services and keeping our Website secure.   This includes processing personal information for our direct marketing purposes.

We may also process your personal information when you provide consent to such processing. You have the right to withdraw your consent to the processing of personal information at any time.

If you wish to exercise the right to withdraw your consent, please contact us. See the “Contact Us” section below for contact information.

E. Transfers of Personal Information

Please be aware that the personal information we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, which may have different data protection standards than those that apply in your jurisdiction. Where your personal information is transferred from the EEA, UK, or Switzerland to the United States, we will take steps to ensure that your information is adequately protected through use of approved standard contractual clauses or other approved safeguards.

F. Your Rights

 

You have a right to the following:

  1. To request access to the personal information we hold about you;
  2. To request that we rectify or erase your personal information;
  3. To request that we restrict or block the processing of your personal information;
  4. Under certain circumstances, to receive personal information about you that we store and transmit to another without hindrance from us, including requesting that we provide your personal information directly to another, i.e., a right to data portability; and
  5. Where we previously obtained your consent, to withdraw consent to process your personal information.
  6. To exercise these rights, see the “Contact Us” section below. Please be aware that NYSHEX may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.
  7. Additionally, you have the right to lodge a complaint against us. To do so, contact the supervisory authority in your country of residence.

G. Retention

We will process and store your personal information for a period of time based on the following criteria:

  1. As long as necessary to achieve the purpose of the storage;
  2. In accordance with any applicable legal requirements; or
  3. Pursuant to your request for deletion.

Personal data not subject to a statutory retention period is retained for at least two years. After the expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract the initiation of a contract, or for other lawful purposes.

NYSHEX commits to resolving complaints about our collection or use of personal information. EEA, United Kingdom, or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact NYSHEX at:

Via Mail: NYSHEX LLC

Atten: Privacy Compliance

One World Trade Center, 60th Fl
New York, NY 10007

Via Email: compliance@nyshex.com

VII. USER CHOICE

If you wish to stop receiving information concerning our services or products, please contact us by email as provided in the   Contact   Us section below to notify us of your wishes.

If you have submitted personal information through the NYSHEX Website and you would like to access, update, or correct inaccuracies in your personal information, or have your name removed from our databases, please contact NYSHEX via email at compliance@nyshex.com, or send a letter to NYSHEX Compliance, Attn: Privacy Policy, New York Shipping Exchange, Inc., One World Trade Center, 60th Fl, New York, NY 10007. If you are a registered user of our Website, you may also access your personal account information online and make changes by logging into your account.

VII. SECURITY AND DATA INTEGRITY

We have put in place certain safeguards to help prevent unauthorized access and maintain data security with respect to your personal information. Despite these protections, however, we cannot guarantee that your data will be 100% secure.

 

Your online access to certain of your personal information may be protected by a password you select. We will never ask you for your password in any unsolicited communication (such as letters, phone calls, or email messages). We recommend keeping your user ID, password, and personal information secure by doing the following:

  1. Keep your user ID and password confidential;
  2. Utilize a unique password and change it frequently;
  3. Make sure others are not watching you enter your user ID and/or password on your keyboard when using protected areas of the Website; and
  4. Do not leave your computer unattended while logged onto protected areas of the Website. After you finish accessing your information, exit the protected area.
IX: MINORS

This Website and membership with NYSHEX is not intended for use by minors (persons under the age of 18, or under the age of majority in any area where this Website is used and the age of majority is greater than 18). If you are a minor, do not use this Website or attempt to become a member. If parents believe their minor children have provided us with their personal information, please contact us using the information provided in the “Accessing Your Personal Information” section of this Policy so that we may delete this information.

              X. OTHER SITES

 

Our Website may contain links to other sites that NYSHEX does not own or operate. Also, links to our Website may be featured on third-party websites on which we advertise or are featured. We provide links to third-party websites as a convenience to the user. These links are not intended as an endorsement of or a referral to the linked websites. We recommend you carefully read the privacy statements, notices, and terms of use of any linked websites. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which organizations that operate such linked websites may collect, use or disclose, secure or otherwise treat your personal information.

XI. CHANGES TO THIS POLICY

This Policy is current as of the effective date set forth above. We may change this Policy from time to time. Changes and modifications to this Policy will be effective when posted on the Website, unless otherwise indicated. You should periodically visit this page to review the current Policy. If at any time you choose not to accept the terms of this Policy, you should not use this Website.

XII. CONTACT US

If you have any questions, comments, or concerns about this Policy, please contact us in our role as data controllers, at:

NYSHEX Compliance

One World Trade Center, 60th Fl, Suite B

New York, NY 10004
compliance@nyshex.com

For visitors from the EEA, UK, or Switzerland, to contact our Data Protection Officer, please contact:

Cid Dominique
One World Trade Center, 60th Fl, Suite B
New York, NY 10007
Cid.Dominique@nyshex.com
Telephone: +1 332-282-0208

XIII. CALIFORNIA RESIDENTS

This section contains disclosures required by the California Consumer Privacy Act (“CCPA”) and applies only to “personal information” that is subject to the CCPA.

Personal Information We Collect. In the preceding 12 months, we collected the following categories of personal information about California consumers. We do not sell personal information.

1. Personal and online identifiers (such as first and last name, email address, or unique online identifiers);
2. Categories of information described in Section 1798.80(e) of the California Civil Code (such as physical characteristics or description, insurance policy number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information);

3. Characteristics of protected classifications under California or federal law (such as race or gender);

4. Commercial or transaction information (such as records of personal property or products or services purchased, obtained or considered);

5. Internet or other electronic network activity information (such as browsing history, search history, interactions with a website, email, application, or advertisement);

6. Biometrics information (such as call recordings);

7. Geolocation information;

8. Sensory information (such as audio, electronic, visual, thermal, olfactory, or similar information);

9. Professional or employment-related information;

10. Education information;

11. Inferences drawn from the above information about your predicted characteristics and preferences;

12. Other information about you that is linked to the personal information above.

 

Categories of Sources. We collect personal information from the following categories of sources:

  1. Consumers;
  2. Advertising networks;
  3. Internet service providers;
  4. Data analytics providers;
  5. Operating systems and platforms;
  6. Social networks;
  7. Service providers;
  8. Affiliates not under the NYSHEX brand;
  9. Nonprofit organizations; and
  10. Government entities.

Why We Collect, Use, and Share California Information. We use and disclose the personal information we collect for our commercial and business purposes, as further described in this privacy policy. These commercial and business purposes include, without limitation:

  1. Our commercial purposes, including marketing, advertising, and enabling commercial transactions.
  2. Our business purposes as identified in the CCPA, which include:
  3. Auditing related to our interactions with you;
  4. Legal compliance;
  5. Detecting and protecting against security incidents, fraud, and illegal activity;
  6. Debugging;
  7. Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics;
  8. Internal research for technological improvement;
  9. Internal operations;
  10. Activities to maintain and improve our services; and
  11. Other one-time uses.

Recipients of California Personal Information. We do not sell personal information.

We disclose the categories of personal information designated above to the categories of third parties listed below for business purposes:

  1. Our members;
  2. Service providers;
  3. Affiliates not under the NYSHEX brand;
  4. Government entities;
  5. Advertising networks;
  6. Internet service providers;
  7. Data analytics providers;
  8. Operating systems and platforms;
  9. Social networks; and
  10. Consumer data resellers.

Your Rights Regarding Personal Information. California residents have certain rights with respect to the personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:

  1. The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell about you; the categories of sources from which we collected personal information about you;   our purposes for collecting or selling personal information about you; the categories of personal information about you that we have either sold or disclosed for a business purpose; and the categories of third parties with which we have shared personal information.
  2. The right to request that we delete the personal information we have collected from you.
  3. The right to opt out of our sale(s) of your personal information. Please note that if you opt out of certain types of sales, we will be unable to provide you with the services that rely on such sales.
  4. The right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.
  5. To exercise any of the above rights, please contact us using the following information and submit the required verifying information, as further described below:
  6. By phone at +1 332-282-0208
  7. By email at compliance@nyshex.com

Verification Process and Required Information. Note that we may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will require you to provide, at a minimum your name, your business title, and your business email address.

Authorized Agent. You may designate an authorized agent to make a CCPA request on your behalf by sending an email to compliance@nyshex.com with your name, business title, and business email address. 

Minors’ Right to Opt In. We do not sell personal information. We do not have actual knowledge that we sell the personal information of minors under 16 years of age.

Contact for More Information. For questions or concerns about NYSHEX’s privacy policy or practices, please contact us by using the information below.

NYSHEX Compliance
One World Trade Center, 60th Fl, Suite B
New York, NY 10007
compliance@nyshex.com