We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential. Data at-rest is stored after being encrypted using industry standards.
Yes (Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognise your browser and capture and remember certain information
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
We collect information from you when you register on our site, fill out a form or interact in anyway with your Shiptheory account.
When subscribing or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number or third party API credentials. Data may also be collected from any third party systems you connect to your Shiptheory account via any third party API's.
Any of the information we collect from you may be used in one of the following ways:
To personalise your experience (your information helps us to better respond to your individual needs)
To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you)
To provide service functions (This includes functions such as creating orders and shipments with third-party partners, such as carriers and technology firm, where data is shared solely for the purpose of providing said service functions)
To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)
To process transactions
To administer a contest, promotion, survey or other site features
To send periodic emails (the email address you provide may be used to send you
information, respond to inquiries, and/or other requests or questions)
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
We will retain your personal information and any data gathered from your Shiptheory usage for so long as you are registered with Shiptheory, and for up to 6 years thereafter. In some cases, data may be deleted sooner, where the requirements of our partners specify.
Moreover, where personal information is no longer necessary we may delete it sooner.
We store your data on servers located across different countries and your data may be stored and processed outside of the country you reside in.
Regardless of the country where we may store and process your data, the principles described in this Policy will apply.
When we transfer data outside the EEA, the following frameworks apply to lawfully transfer EU & EEA data to a third country.
The European Commission has declared in accordance with article 45(3) of the EU GDPR that certain countries offer an adequate level of protection for personal data and that personal data can be transferred to those countries without any extra measures.
When we transfer data outside the EU&EEA to a country with no adequacy status, we rely on the Standard Contractual Clauses(SCCs) approved by the EU in accordance with the EU GDPR Article 46(2).
The SCCs approved and issued by the EU Commission can be found at:
When we act as a data controller or when we act as a processor and appoint sub-processors for certain services, we incorporate the SCCs (2021 Version) approved by the EU Commission into our data processing agreements to lawfully transfer data outside the EEA area.
To obtain a copy of our Data processing Agreement incorporating SCCs, contact us at: supposhiptheory.com
When we transfer data outside the UK, the following frameworks apply:
The UK has approved similar adequacy decisions and when we transfer UK data to these countries & territories, we do not implement any supplementary measures.
The UK Adequacy Regulations, including the list of adequate countries, can be found at:
When we transfer UK data to a non-adequate country, we rely on the old SCCs approved by the EU Commission, by the Commission Decision 2010/87/ on 5 February 2010 in accordance with article 46(2) of the UK GDPR.
The 2010 SCCs we rely on can be found at:
When we act as a data controller or when we act as a processor and appoint sub-processors for certain services, we incorporate the old SCCs(2010 Version) approved by the EU Commission into our data processing agreements to lawfully transfer data outside the UK.
To obtain a copy of our Data processing Agreement incorporating SCCs, contact Us at: firstname.lastname@example.org
Note that the old EU SCCs will remain in force in the UK until March 2024. For more detailed Guidance, please refer to:
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request copies of your personal data. We may charge you a fee for this service.
The right to rectification – You have the right to request we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions. To protect your data, if you wish to request your data is erased, we ask you to complete our data erasure form.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us here.
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
This policy was last modified on 20/05/2022