Data Protection and Privacy Policy
This Data Protection and Privacy Policy (“Policy”) outlines the principles and procedures for the collection, processing, storage, and protection of personal data by Shipbu LLC (“Company”). This Policy applies to all services provided by Shipbu LLC, including its operations in Turkey, China, the United States, and Europe.
1. Definitions
•Personal Data: Any information that identifies or can be used to identify an individual, such as names, contact information, financial details, and other data as defined under applicable laws.
•Processing: Any operation performed on Personal Data, including collection, recording, organization, storage, alteration, retrieval, and destruction.
•Data Subject: The individual whose Personal Data is processed.
2. Applicable Laws
This Policy is aligned with the following data protection regulations:
•United States: California Consumer Privacy Act (CCPA) and other relevant state and federal laws.
•Turkey: Law on the Protection of Personal Data No. 6698 (“KVKK”).
•European Union: General Data Protection Regulation (GDPR) (EU Regulation 2016/679).
•China: Personal Information Protection Law (PIPL) and Cybersecurity Law.
3. Principles of Data Protection
We adhere to the following principles when processing Personal Data:
1.Lawfulness, Fairness, and Transparency: Personal Data is processed in a lawful, fair, and transparent manner.
2.Purpose Limitation: Personal Data is collected for specified, explicit, and legitimate purposes.
3.Data Minimization: Only the data necessary for the purposes of processing is collected.
4.Accuracy: Personal Data is kept accurate and up-to-date.
5.Storage Limitation: Personal Data is retained only for as long as necessary.
6.Integrity and Confidentiality: Personal Data is processed securely to prevent unauthorized access or breaches.
4. Data Collection and Use
4.1. Types of Data Collected
We may collect the following categories of Personal Data:
•Identification information (name, date of birth, nationality).
•Contact details (email address, phone number, physical address).
•Financial information (bank details, credit card information).
•Logistical data (shipping details, delivery preferences).
•Any other data required for service delivery.
4.2. Purpose of Collection
Personal Data is collected for the following purposes:
•To provide logistics and sourcing services.
•To comply with legal and regulatory obligations.
•To enhance customer experience.
•To prevent fraud and ensure security.
5. Legal Basis for Processing
We process Personal Data based on:
1.Consent: Where the Data Subject has provided explicit consent.
2.Contractual Necessity: To fulfill contractual obligations with the Data Subject.
3.Legal Obligation: To comply with applicable laws.
4.Legitimate Interest: For the Company’s legitimate business operations, provided it does not override the rights of the Data Subject.
6. Data Sharing and Transfers
6.1. Sharing with Third Parties
Personal Data may be shared with:
•Logistics providers and suppliers to fulfill services.
•Regulatory authorities to comply with legal obligations.
•Technology providers for platform functionality.
6.2. Cross-Border Data Transfers
•Data may be transferred to countries outside the Data Subject’s location for processing.
•In compliance with GDPR, adequate safeguards such as Standard Contractual Clauses (SCCs) will be applied for transfers to non-EU countries.
•For China, data transfer mechanisms comply with the PIPL.
•In the U.S., data is handled per CCPA and other state laws.
7. Data Security
We implement technical and organizational measures to secure Personal Data, including:
•Encryption of sensitive data during transmission and storage.
•Restricted access controls to databases.
•Regular security audits and vulnerability assessments.
•Employee training on data protection practices.
8. Data Subject Rights
Under this Policy and applicable laws, Data Subjects have the following rights:
1.Access: To request a copy of their Personal Data.
2.Correction: To request corrections of inaccurate or incomplete data.
3.Erasure: To request deletion of their data (right to be forgotten).
4.Restriction: To request a limitation on processing activities.
5.Objection: To object to data processing based on legitimate interests.
6.Data Portability: To request transfer of their data to another provider.
7.Withdraw Consent: To withdraw previously given consent.
Data Subjects can exercise these rights by contacting us at [email protected].
9. Retention Policy
Personal Data is retained:
•For as long as necessary to fulfill service delivery.
•As required by applicable laws and regulations.
•Upon expiry, data is securely deleted or anonymized.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance user experience and analyze website traffic. Data Subjects can manage cookie preferences through browser settings.
11. Breach Notification
In case of a data breach:
•EU: Notification to the supervisory authority within 72 hours under GDPR.
•Turkey: Immediate notification to the Turkish Data Protection Authority (KVKK).
•China: Compliance with reporting obligations under the PIPL.
•US: State-specific breach notification laws will apply.
12. Updates to This Policy
We reserve the right to amend this Policy as necessary. Updates will be communicated via our website.
13. Contact Information
For any questions or concerns about this Policy, please contact us at:
•Email: [email protected]
•Address (China Office): 河南省郑州市中原区农业路升龙天汇六号院西单元1106
•Address (USA Office): 8 The Green Ste 4512 Dover, DE 19901 USA