Data controller: Arrow Shipping Group of Companies (the “Company”)
Arrow Shipping Group is an international firm of shipbrokers with offices and associated offices worldwide. For a list of our offices can be found at www.arrowship.com.
The Company is committed to being transparent about how it collects and uses the personal data of its customers, vendors and suppliers, and to meeting its data protection obligations. This policy sets out the Company’s commitment to data protection, and individual rights and obligations in relation to personal data in accordance with the General Data Protection Regulation (the “GDPR“)
The Company is a “data controller“. This means that we are responsible for deciding how we hold and use personal data about you.
The information the Company collects
Personal Data and other terms in this privacy notice has the same meaning as in the GDPR.
We may collect, store and use the following categories of personal data about you which may be limited to personal contact details such as name, company name, department, title, company and personal addresses, telephone numbers, fax numbers and personal email addresses;
How your personal data is collected
We collect personal data, either directly from you or sometimes from public sources such as vendors who provide personal data needed for Anti-Money Laundering or trade sanction compliance. In order that Arrow ensures it meets its legal obligations.
We sometime also collect data via third party research.
The purpose for processing
We will use your personal data only when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to comply with any legal obligations.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal data in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest or for official purposes.
We hold and process a range of data and personal information which we collect from you, or you provide to us in connection with our services. This includes your company details, email address and contact details, for certain legitimate business purposes, which include some or all of the following:
- To identify and prevent fraud
- To hold and process information you provide to us including company (and where applicable group) details, personal and sensitive data
- To hold and process personal details of clients where the holding and processing enables us to enhance, modify, personalise or otherwise improve our services and communications for the benefit of our clients.
- To record the details of any proposed or actual transactions.
- To enhance the security of our network and information systems
- To better understand how people, interact with our websites including but not limited to traffic to our sites, IP addresses of the device connecting to our website and the pages/resources accessed
- To provide communications by email, post and email which we think will be of interest to you
- To determine the effectiveness of promotional campaigns and advertising
- If you apply online for a job you may need to provide information about your education, employment, region of interest and role you are applying for. Your application will constitute your express consent to our use of this information to assess your application and to allow us to carry out any monitoring activities, which may be required of us under applicable law as an employer.
The legal basis for the processing
We will process your personal data based on either the contractual relationship we have with you or on legitimate interests as defined by the Article 6 (1) (f) of the GDPR.
What does Legitimate Interest mean?
“Legitimate Interest” means the interests of our company in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience.
For example, we have an interest in making sure the information and marketing we send is relevant for you, so we may process your data to send you information that is tailored to your interests.
It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud.
Having conducted our Data Impact Assessment that looks at what, where and how we hold and process data as well as communicate with you, we have concluded that our legitimate interests for controlling and processing your data fall within some or all of the following areas:
- Direct marketing
We use your email address and contact details for communications and direct marketing purposes e.g. sending reports, providing you with information about our services and relevant events.
- Relevant and appropriate relationship
We believe we have a relevant and appropriate relationship with you. This is either because you are a current, past or potential client.
- Reasonable expectations
We believe that you have a reasonable expectation that your data will be processed and used by us in to communications to you. If you wish to no longer have your data processed by or receive communications from us then please email DPO@arrowship.com .
Please be assured that we do not sell your data. We have robust systems in place to protect your data. We ensure that any third-party suppliers that we use have the highest levels of security.
You can unsubscribe from receiving any direct marketing from us at any time by selecting the “unsubscribe” button at the bottom of any email you receive or by emailing your request to DPO@arrowship.com
Where we store your data
Individuals have certain rights over their personal data and we as data controllers are responsible for fulfilling these rights. We will endeavour to deal with any request for information as soon as soon as possible and within the legal time limit of 40 days.
Right to object
Whenever we hold or process your data we will ensure that we respect your Personal Data rights and take these rights into account. You can object to this processing at anytime by contacting our Data Protection Officer via the following:
Address: Data Protection Officer,
Arrow Shipping Group, Octavia House,
1 The Boulevard, Imperial Wharf,
London, SW6 2UB
Please bear in mind that if you object, this may affect our ability to carry out the tasks above for your benefit.
Access to personal data
You have a right of access to personal data held by us as a data controller.
Amendment of personal data
To update personal data submitted to us, please email DPO@approwship.com
Once we are informed that any personal data processed by us is no longer accurate, and so long as we can validate the origin of that update we will make corrections based on your updated information.
If you wish to stop hearing from us
You have the right to stop receiving any emails from us and you can do this by replying to the email you have received from us. We will remove you from this specific mailing lists or if you would like us to delete your email from all our mailing lists, please confirm this to DPO@arrowship.com .
Other data subject rights
This privacy statement is intended to provide information about what personal data we collect about you and how it is used. As well as rights mentioned above, individuals may have other rights in relation to the personal data we hold. You can find more information about this on the Information Commissioner’s Office website or from your local data protection authority.
If you wish to exercise any of these rights, please send an email: DPO@arrowship.com .
If you register to receive updates your information will be held on a secure server and will be used only to provide you with email updates on the topics you have requested.
This privacy statement only covers the Arrow website at www.arrowship.com and subsequent subsites of that domain.
Other websites linked to or from the Arrow domain are not covered by this privacy statement. If you have any queries please contact us.
We take the security of personal data seriously. We have internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.
If we discover that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, we will report it to the relevant national supervisory authority for data protection without undue delay but no later than 72 hours of discovery. We will record all data breaches regardless of their effect.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will notify the affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.
If you would like to complain about our use of personal data, please send an email with the details of your complaint to DPO@arrowship.com.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator) or your local data protection regulator.