Effective Date: 11th July 2023
Introduction
Cargo Smart Ltd (referred to as “the
Company,” “we,” “us,” or “our”) is committed
to protecting the privacy and personal data of our customers, employees, and
any other individuals with whom we interact. This General Data Protection
Regulation (GDPR) policy outlines our approach to collecting, processing,
storing, and protecting personal data in compliance with the GDPR requirements.
1. Data Protection Principles
Cargo Smart Ltd adheres to the following
data protection principles:
1.1. Lawfulness, Fairness, and
Transparency: We process personal data lawfully, fairly, and transparently by
providing individuals with clear information about how their data is used.
1.2. Purpose Limitation: We collect
personal data for specified, explicit, and legitimate purposes, and we do not
process it further in a manner incompatible with those purposes.
1.3. Data Minimization: We only collect and
process personal data that is necessary for the purposes stated.
1.4. Accuracy: We strive to keep personal
data accurate and up-to-date. We take reasonable steps to rectify or erase
inaccurate or incomplete data.
1.5. Storage Limitation: We retain personal
data only for as long as necessary to fulfil the purposes for which it was
collected, or as required by law.
1.6. Integrity and Confidentiality: We
ensure the security and confidentiality of personal data by implementing
appropriate technical and organizational measures.
2. Scope and Applicability
This GDPR policy applies to all personal
data processed by Cargo Smart Ltd, regardless of the format or medium, and to
all employees, contractors, or third parties who process personal data on our
behalf.
3. Lawful Basis for Processing Personal
Data
Cargo Smart Ltd ensures that personal data
is processed lawfully, using one or more of the following lawful bases as
defined in the GDPR:
3.1. Consent: We obtain and document clear
and informed consent from individuals before processing their personal data.
3.2. Contractual Necessity: We process
personal data when it is necessary to fulfil contractual obligations with
individuals.
3.3. Legal Obligations: We process personal
data to comply with legal obligations imposed on the Company.
3.4. Legitimate Interests: We may process
personal data if it is necessary for the legitimate interests pursued by the
Company or a third party, provided it does not outweigh the individuals’ rights
and freedoms.
4. Individual Rights
Cargo Smart Ltd respects the rights of
individuals as outlined in the GDPR. These rights include:
4.1. Right to Access: Individuals have the
right to request access to their personal data held by the Company.
4.2. Right to Rectification: Individuals
have the right to request the correction or update of inaccurate or incomplete personal
data.
4.3. Right to Erasure: Individuals have the
right to request the deletion or removal of their personal data under certain
circumstances.
4.4. Right to Restrict Processing:
Individuals have the right to request the restriction or suppression of their
personal data under certain circumstances.
4.5. Right to Data Portability: Individuals
have the right to receive their personal data in a structured, commonly used,
and machine-readable format.
4.6. Right to Object: Individuals have the
right to object to the processing of their personal data based on legitimate
interests or direct marketing.
5. Data Security and Confidentiality
Cargo Smart Ltd takes appropriate technical
and organizational measures to protect personal data against unauthorized access,
alteration, disclosure, or destruction. We implement security measures such as
access controls, encryption, regular backups, and staff training to ensure the
ongoing confidentiality, integrity, availability, and resilience of personal
data.
6. Data Transfers
Cargo Smart Ltd does not transfer personal
data outside the European Economic Area (EEA) unless appropriate safeguards,
such as adequacy decisions, standard contractual clauses, or binding corporate
rules, are in place to ensure an adequate level of data protection.
7. Breach Notification
In the event of a personal data breach,
Cargo Smart Ltd has procedures in place to promptly detect, assess, and report
any breaches to the relevant supervisory authorities and affected individuals,
as required by the GDPR.
8. Data Protection Officer (DPO)
Cargo Smart Ltd has appointed a Data
Protection Officer (DPO) who is responsible for overseeing the Company’s data
protection activities and ensuring compliance with the GDPR. The DPO can be
contacted at [insert contact details].
9. Training and Awareness
Cargo Smart Ltd provides regular data
protection training to employees and contractors to ensure their understanding
and compliance with the GDPR requirements. We also raise awareness among
employees and contractors about the importance of data protection and privacy.
10. Review and Updates
This GDPR policy is reviewed regularly to
ensure its continued relevance and compliance with applicable data protection
laws. Any updates or changes to this policy will be communicated to employees
and made available to relevant stakeholders.
Cargo Smart Ltd is committed to upholding
the rights and privacy of individuals while processing personal data. This GDPR
policy provides a framework for our data protection practices and demonstrates
our commitment to compliance with the GDPR requirements.