Privacy Policy
Last Updated: March 29, 2024
This privacy policy (“Privacy Policy”) describes and applies to the processing of your personal data by ShipBlue, Inc. (together with any affiliated entities, “ShipBlue,” “we,” or “us”). This Privacy Policy describes:
- the personal data we collect and process about you (we define “personal data” and “processing” below);
- how we will use it and how we secure it;
- who we may disclose it to; and
- your rights and choices in relation to your personal data.
You should read this Privacy Policy carefully and contact us if you have questions or want to make any requests.
When this Privacy Policy Applies
This Privacy Policy applies to personal data processed by or on behalf of ShipBlue in connection with the following: your access to and use of our online services platform; your interactions with our website (hosted at www.ship-blue.com) including browsing our website and active interactions with our website (e.g., filling out forms requesting information, interacting with our chatbot, registering for events, and applying to join our team); in connection with our marketing outreach and communications with you; and anywhere else we post this Privacy Policy (“Services”). This Privacy Policy does not apply where commercial contracts govern the processing of your personal data.
This Privacy Policy describes and applies to only ShipBlue’s processing of your personal data. By using our Services, you agree to the collection, use, disclosure, and procedures described in this Privacy Policy.
We are not responsible for, nor do we make any promises with respect to, processing undertaken by third parties (e.g., other websites). If you are curious as to how other websites or services process your personal data, we encourage you to review their privacy policies.
Important Terms
As used in this Privacy Policy:
“personal data” means any information that can be used directly or indirectly to identify you and/or other individuals you may tell us about. This may include information within the following categories: identifiers (e.g., name, email address, username), commercial information (e.g., records of product or service purchases, information concerning purchase histories), internet or other electronic network activity information (e.g., browsing and search history and information regarding interaction with a website), geolocation data, and professional or employment-related information; and
“processing” means anything we might do with respect to personal data, including collecting it, storing it, using it, disclosing it, and deleting it.
Collection of Your Personal Data
ShipBlue collects the following personal data about you:
- Identifiers: First and last name; tax identification number or other identifications.
- Contact details: Email address, address, phone number, or social media identifiers used to connect with us via our social media accounts.
- Log in details: Log in credentials for accessing your ShipBlue account, including your email address and password.
- Professional or employment-related information: Employer, job title, and work location.
- Internet / network activity information: IP address, device identifier, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, information about your visit to our website, including the URL clickstreams to and from our website, page response times, download errors, length of visits to certain pages, page interaction information (such as clicks, scrolling and mouse-overs) and methods used to browse away from our website.
- Job applications: If we have obtained your personal data (identifiers and professional or employment-related information) in connection with your application for a job at ShipBlue, we intend to use your personal data to evaluate your candidacy and, if applicable, coordinate your interview and onboarding processes.
- Other: If you contact us or provide feedback, any personal data you share during your communications with us.
We collect your personal data in a few ways, but in general it comes from you (for example, when you create an account for our online platform, when you fill out a web form, or when you sign up for an online event) or from our research of public sources (e.g., LinkedIn). If you do not provide your personal data when requested, you may not be able to use our Services if that personal data is necessary to provide you with our Services or if we are legally required to collect it. In some cases, primarily with respect to internet / network activity information collected should you visit our website, we may collect this automatically through technological measures like cookies or from third-party technology providers. You should consult your browser settings regarding cookie settings but note that disabling certain cookies may affect your browsing experience. For more details on how we use cookies, please check out “Cookies” below.
Use of Your Personal Data
Business Purposes
ShipBlue collects, stores, and uses your personal data for the following business purposes:
- Providing Services: Providing our Services, including onboarding you to the Services, authenticating your platform access, keeping records of the transactions you manage through the platform, and operating our website.
- Communicating: Communicating with you, providing you with updates and other information relating to our Services (e.g., order updates, inventory status, etc.), providing information that you request, responding to comments and questions, and otherwise providing customer support.
- Marketing: Marketing purposes, such as developing and providing promotional and advertising materials that may be useful, relevant, valuable, or otherwise of interest to you.
- You can opt out of marketing communications by clicking the “Unsubscribe” (or similarly named) link at the bottom of our emails.
- Personalization: Personalizing your experience on our website, such as presenting tailored content.
- Deidentification and Aggregation: Deidentifying and aggregating information collected through our website and using it for lawful purposes.
- Job Applications: Processing your job application.
- Safety Issues: Responding to trust and safety issues that may arise.
- Compliance: For compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
- Auditing Interactions: Auditing related to your interaction with our Services and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with other standards.
- Fraud and Incident Prevention: Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging: Debugging to identify and repair errors that impair existing intended functionality.
- Transient Use: Short-term, transient use.
- Contracting Vendors: Contracting with vendors and service providers to perform services on our behalf or on their behalf, including maintaining or servicing accounts, providing customer service, providing AI-powered chatbot services, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytics services, or providing similar services on behalf of the business or service provider.
- Research: Undertaking internal research for technological development and demonstration.
- Improving Our Website: Undertaking activities to verify or maintain the quality or safety of our Services, and to improve, upgrade, or enhance our website.
- Enabling Transactions: Otherwise enabling or effecting, directly or indirectly, a commercial transaction.
- Notified Purpose: For other purposes for which we provide specific notice at the time the information is collected.
ShipBlue does not process your personal data without a lawful basis for doing so, including: (i) Contractual Necessity. We may process your personal data where required to provide you with our Services. For example, we may need to process your personal data to respond to your inquiries or requests; (ii) Legitimate Interests. We may process your personal data where we or a third party have a legitimate interest in processing your personal data. Lawful legitimate business interests include analyzing and improving the administration of our website, maintaining our Services and ensuring they are being used appropriately (e.g., for lawful reasons), expanding our business by marketing our Services effectively, and otherwise improving the safety, security and performance of our Services. We only rely on our or a third party’s legitimate interests to process your personal data when these interests are not overridden by your rights and interests; (iii) Consent. We may process your personal data where you have consented to certain processing of your personal data; and (iv) Compliance with a legal obligation. We may process your personal data where we have a legal obligation to do so. For example, we may process your personal data to comply with tax, labor and accounting obligations.
Where we use automated decision-making, including profiling, with respect to your personal data, we do so only if necessary to enter or perform a contract with you, as authorized by law, or with your consent. In particular, we may use vendors and service providers for targeted advertising purposes to show you content that we think may interest you.
Data Retention
The period for which we retain your personal data varies, depending on the type of personal data and the purpose for which it was collected. ShipBlue will store your personal data for so long as it is necessary for us to process it to meet the purposes described above. While we may retain the data for a longer period, we will only do so if an appropriate lawful basis applies.
Disclosures to Third Parties
We may disclose personal data to third parties for commercial purposes, as described in this section.
Partners and Affiliates
We may disclose any information we receive to our current or future affiliates for any of the purposes described in this Privacy Policy.
Vendors and Service Providers
Some of our third-party service providers may see your personal data (from all categories) from time to time.
Categories of services for which we engage third parties include the below.
- Customer support platform and service providers.
- Marketing partners, including web analytics providers and tracking tools.
- Recruitment partners.
- Service providers that assist us in enhancing the safety and security of our Services.
- Service providers that we use to maintain and develop our website and Services.
- Accountants, consultants, lawyers, and other professional service providers.
- AI-powered chatbot providers. These third-party chatbot partners receive the content of the messages you send and receive and information about those messages, such as when it was sent or received.
Each of these third party providers may have access to your personal data solely as required to provide their services to us. They are required to maintain the confidentiality of your personal data and keep it secure.
Note that we may use some of these service providers to help us perform statistical analyses regarding our Services (including operation of our websites), to send you email or postal mail with relevant information, provide customer support, or arrange for deliveries.
Professional Advisors
We may share your personal data (in all categories) with our professional advisors, including accountants, lawyers, and auditors, that assist us in carrying out our business activities.
Partner Marketing
For users visiting the ShipBlue website, we sometimes participate in partner marketing events with third parties. The applicable event registration page will indicate the marketing partners for each event. If you opt-in to a partner marketing event, we may provide your registration information to our third-party marketing partners for use in marketing and in designing or providing their own services, to send you information about its products and to notify you if you win a contest. You may opt out of us providing such information by opting out of our email newsletter and/or not registering for partner marketing events. You should contact the other third party directly to request that communications from them stop, and to review their privacy policies.
Merger, Sale, or Other Asset Transfers
We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.
As Required by Law and Similar Disclosure
We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (i) comply with law enforcement requests and legal process, such as a court order or subpoena; (ii) respond to your requests; or (iii) protect your, our, or others’ rights, property, or safety. For the avoidance of doubt, the disclosure of your information may occur if you post any objectionable content on or through the Services.
Consent
We may also disclose your information with your permission.
Where Your Personal Data Goes
ShipBlue is based in the United States and processes personal data in the United States.
Where you provide information directly to us, you understand and agree that you are transferring your personal data across borders to the United States, where the laws may differ from those in the region where you are located, and your personal data will be processed in accordance with the laws of the United States. Where your personal data was obtained by ShipBlue through a third party, any cross-border transfers were carried out pursuant to appropriate safeguards that the relevant third party has applied.
A Note for users located in the European Economic Area and United Kingdom
If you are located in the European Economic Area or the United Kingdom, ShipBlue is the controller of your personal data as described in this Privacy Policy, and the controller’s contact details are included in the “Contacting ShipBlue” section. With respect to transfers of your personal data from European Economic Area and United Kingdom to the United States, ShipBlue implements standard contractual clauses approved by the European Commission and the United Kingdom Information Commissioner’s Office, and other appropriate solutions to address cross border transfers as required and/or permitted by Articles 46 and 49 of the General Data Protection Regulation or other applicable laws. If you have any questions about the tools that we use to transfer your personal data from the European Economic Area and the United Kingdom to the United States, please contact us using the information included in the “Contacting ShipBlue” section.
A Note for users located in Australia
With respect to transfers of your personal data collected from individuals within Australia, some of ShipBlue’s related entities, service providers and agents are located outside the country where you are located or where the information was initially collected and your personal data may be transferred outside of Australia, including to recipients located in the United States, India, United Kingdom and the European Economic Area in order to perform the Services and conduct our business. These other jurisdictions may have data protection laws that are different from the laws where you are located (and, in some cases, not as protective).
Data Security
ShipBlue maintains technical, administrative and organizational measures to help us secure your personal data from unauthorized access, use, or disclosure. This includes limiting access to your personal data to those personnel with a need to know that data and ensuring they keep it confidential and protected. To the extent possible, we work to ensure that our service providers (the third parties described above in the section titled “Disclosures to Third Parties” apply similarly stringent security measures. However, because no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information.
Cookies and Tracking Technologies
The ShipBlue website uses tracking technologies, including “cookies” and “pixel tags” to monitor certain aspects of how our users interact with the website. Cookies are small text files placed on your computer when you visit the ShipBlue website, and which allow us to recognize you. Pixel tags are small blocks of code placed on webpages and apps that enable us to identify users when providing our Services, and track interactions with our website.
Cookies help our pages function and make certain of our Services more user-friendly, more effective, and safer. Below is an overview of the types of cookies we and third parties may use to collect information:
- Strictly Necessary Cookies. Some cookies are strictly necessary to make our Services available to you. We cannot provide you with our Services without this type of cookie.
- Functional Cookies. Functional cookies are used to recognize you when you return to our website. This enables us to adapt our content for you and remember your preferences. For example, we use functional cookies to remember your choice of language or region.
- Analytical or Advertising Cookies. We also use cookies for website analytics purposes in order to operate, maintain and improve our Services, and for advertising purposes. We may use our own analytics cookies or use third-party analytics providers.
Depending on your browser, you may be able to reject cookies and tracking technologies outright or manually delete them. You should note, however, that rejecting these technologies, or deleting cookies, can affect how the website works and may reduce its usability or functionality. Our website does not currently respond to browser-based do-not-track signals. You can adjust your cookie and online tracking preferences by visiting our Privacy Preference Center by clicking the cookie icon on our website.
Our use of tracking technologies may require assistance from third parties, including those that help us collect and analyze the relevant data and those that help us craft our targeted advertising practices. Information collected using tracking technologies may also be combined with other information we collect about or from you (personal or otherwise) and processed as described elsewhere in this notice. For example, our website uses analytics tools such as Google Analytics, a web analytics service provided by Google, Inc. that uses cookies to help us analyze how users navigate the website. The information generated by this tool (including IP address) will be transmitted to and stored by Google in aggregate form and used to evaluate use of our website, compile reports on website activity and other services relating to website usage. You can learn more about Google Analytics and how to opt out here: https://tools.google.com/dlpage/gaoptout. We do not permit third parties to track your online activities over time and across other websites based on your use of our website.
Children and Minors
ShipBlue does not knowingly process or sell personal data from children, nor are our Services directed at minors under the age of 18.
If you are under the age of 18, you must ask your parent or guardian for permission to use this website.
Your Privacy Rights
Depending on where you live, you may have specific rights regarding our processing of your personal data. These rights may include:
- Right to Know: You may have the right to request information about the processing of your personal data. You may also have the right to know what specific pieces of personal data of yours we process.
- Right to Access: You have the right to access your personal data that we process and information about how we use it, subject to certain exemptions.
- Right to Rectification: You have the right to request that we fix errors or omissions in your personal data that we process.
- Right to Deletion: Also known as the “right to erasure” or the “right to be forgotten,” you may have the right to have us delete your personal data in certain circumstances.
- Right to Object: You may have the right to our processing of your personal data or to stop it altogether in certain circumstances and subject to certain exemptions.
- Right to Restrict Processing: You may have the right to limit the ways in which we process your personal data in certain circumstances.
- Right to Data Portability: You may have the right to request a portable version of your personal data, either to be given to you or an alternative provider, where it is technically feasible and in certain circumstances.
- Right to Withdraw Consent: You have the right to withdraw your consent at any time where we rely on consent to use your personal information. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.
- Right to Non-Discrimination: We will not treat you unfairly as a result of your choice to exercise any of the above rights.
Some of these rights are subject to prerequisites for their exercise. We will fill you in on those prerequisites should you seek to exercise one of these rights. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
Exercising Your Rights
You may exercise these rights by contacting us through one of the methods set forth below under “Contact Information.” Upon receiving your request, we may take certain actions to verify your identity before acting on your request.
While those steps depend on the nature of your request, we will usually use your personal data in our possession to verify your identity.
Problems or Concerns
You should reach out to us right away if you have questions about our processing of your personal data or believe we have violated this Privacy Policy or applicable law or regulation. This does not prevent you from filing complaints concerning alleged violations with appropriate government agencies.
We take all complaints seriously and will respond within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need to investigate appropriately.
For persons located in Australia, if you are dissatisfied with the handling of your complaint after you have followed the complaints procedure outlined above, you may contact the Office of the Australian Information Commissioner who can be contacted at GPO Box 5218, Sydney, NSW 2001, Telephone: 1300 363 992, Email: enquiries@oaic.gov.au.
For persons located in the European Economic Area and United Kingdom, you also have the right to complain to the relevant data protection authority. In the United Kingdom, this is the Information Commissioner’s Office which can be contacted on 0303 123 1113.
Changes to the Privacy Policy
We may update this Privacy Policy at any time and may apply changes to previously collected information, as permitted by applicable law. We will post any changes to this Privacy Policy on the website and will indicate the last updated date of the changes. Your continued use of the website covered by this Privacy Policy indicates your consent to the changes as of the last updated date indicated on this Privacy Policy.