Effective Date: 11th July 2023

Introduction

Cargo Smart Ltd (referred to as “the Company,” “we,” “us,” or “our”) is committed to protecting the privacy and personal data of our customers, employees, and any other individuals with whom we interact. This General Data Protection Regulation (GDPR) policy outlines our approach to collecting, processing, storing, and protecting personal data in compliance with the GDPR requirements.

 

1. Data Protection Principles

Cargo Smart Ltd adheres to the following data protection principles:

1.1. Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently by providing individuals with clear information about how their data is used.

1.2. Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes, and we do not process it further in a manner incompatible with those purposes.

1.3. Data Minimization: We only collect and process personal data that is necessary for the purposes stated.

1.4. Accuracy: We strive to keep personal data accurate and up-to-date. We take reasonable steps to rectify or erase inaccurate or incomplete data.

1.5. Storage Limitation: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

1.6. Integrity and Confidentiality: We ensure the security and confidentiality of personal data by implementing appropriate technical and organizational measures.

2. Scope and Applicability

This GDPR policy applies to all personal data processed by Cargo Smart Ltd, regardless of the format or medium, and to all employees, contractors, or third parties who process personal data on our behalf.

3. Lawful Basis for Processing Personal Data

Cargo Smart Ltd ensures that personal data is processed lawfully, using one or more of the following lawful bases as defined in the GDPR:

3.1. Consent: We obtain and document clear and informed consent from individuals before processing their personal data.

3.2. Contractual Necessity: We process personal data when it is necessary to fulfil contractual obligations with individuals.

3.3. Legal Obligations: We process personal data to comply with legal obligations imposed on the Company.

3.4. Legitimate Interests: We may process personal data if it is necessary for the legitimate interests pursued by the Company or a third party, provided it does not outweigh the individuals’ rights and freedoms.

4. Individual Rights

Cargo Smart Ltd respects the rights of individuals as outlined in the GDPR. These rights include:

4.1. Right to Access: Individuals have the right to request access to their personal data held by the Company.

4.2. Right to Rectification: Individuals have the right to request the correction or update of inaccurate or incomplete personal data.

4.3. Right to Erasure: Individuals have the right to request the deletion or removal of their personal data under certain circumstances.

4.4. Right to Restrict Processing: Individuals have the right to request the restriction or suppression of their personal data under certain circumstances.

4.5. Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format.

4.6. Right to Object: Individuals have the right to object to the processing of their personal data based on legitimate interests or direct marketing.

5. Data Security and Confidentiality

Cargo Smart Ltd takes appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. We implement security measures such as access controls, encryption, regular backups, and staff training to ensure the ongoing confidentiality, integrity, availability, and resilience of personal data.

6. Data Transfers

Cargo Smart Ltd does not transfer personal data outside the European Economic Area (EEA) unless appropriate safeguards, such as adequacy decisions, standard contractual clauses, or binding corporate rules, are in place to ensure an adequate level of data protection.

7. Breach Notification

In the event of a personal data breach, Cargo Smart Ltd has procedures in place to promptly detect, assess, and report any breaches to the relevant supervisory authorities and affected individuals, as required by the GDPR.

8. Data Protection Officer (DPO)

Cargo Smart Ltd has appointed a Data Protection Officer (DPO) who is responsible for overseeing the Company’s data protection activities and ensuring compliance with the GDPR. The DPO can be contacted at [insert contact details].

9. Training and Awareness

Cargo Smart Ltd provides regular data protection training to employees and contractors to ensure their understanding and compliance with the GDPR requirements. We also raise awareness among employees and contractors about the importance of data protection and privacy.

10. Review and Updates

This GDPR policy is reviewed regularly to ensure its continued relevance and compliance with applicable data protection laws. Any updates or changes to this policy will be communicated to employees and made available to relevant stakeholders.

Cargo Smart Ltd is committed to upholding the rights and privacy of individuals while processing personal data. This GDPR policy provides a framework for our data protection practices and demonstrates our commitment to compliance with the GDPR requirements.