SF Express (Europe) Co. Ltd. Business Partner Privacy Policy

Effective Date: April 17, 2018

Latest Update and Release Date: March 7, 2019

SF Express (Europe) Co., Ltd. (“SF Europe”, “we” or “us”) always attaches great importance on protection of your personal data. When you make use of our services, or when you provide products and/or services to us, we collect and process your personal data. SF Europe’s activities regarding the collecting and processing of your personal data are set out in this business partner privacy policy (“this Policy”).

Before using our services, or providing products and/or services to us, please read this Policy carefully. SF Europe will display this Policy or the links to this Policy at the website of SF Europe’s parent company (http://www.sf-express.com/gb/en/) (the Website) and in the terms and conditions on the waybill. If we change this Policy, we will inform you about this on the Website. We will at all times publish the up-to-date version on the Website, together with a summary of key changes.

This Policy contains the following contents:

I. What is personal data?

II. Information on the data controller      

III. Ways of Collecting your personal data

IV. Types of personal data SF Europe collects

V. Processing purposes

VI. Lawful basis for the processing of your personal data

VII. Retention periods

VIII. Sharing or disclosure of personal data

IX. Cross-border transfer of personal data

X. Data subjects’ rights and requests

XI. How SF Europe protects your personal data

XII. Protection of personal data of minors

XIII. Disclaimer

XIV. Complaints

I.    What is personal data?

Personal data means any information relating to an identified or identifiable natural person. Examples of personal data include the individual's name, ID number, e-mail address, phone number, postal address, IP address and account name.

II.   Information on the data controller      

The data controller regarding the processing of your personal data is SF Express (Europe) Co., Ltd. If you have any questions with respect to this Policy or the way in which we process your personal data, you may contact us via sales_eu@sf-express.com or via post:Unit B, Crosspoint Distribution Park, Swallowfield Way, Hayes, Middlesex, UB3 1DQ.

III.Ways of collecting your personal data

  1.        SF Europe collects your personal data through its Authorized Business Partners (ABPs) either where you placed your shipment order or where you were submitted as a recipient;
  2.        SF Europe collects your personal data if you are supplying products and/or providing services to us; and
  3.        SF Europe collects your personal data in the context of its direct marketing activities.
  4.         The (categories of) personal data we obtain through our ABPs include:

IV.Types of personal data SF Europe collects

Of the shipper: Name, address, contact details, national ID and shipment information.

Of the consignee: Name, address, contact details, national ID and shipment information.

  1.         The categories of personal data we collect when you are supplying products and/or providing services to us, include:

Name, phone number and business e-mail address of your contact person.

  1.         The categories of personal data we collect in the context of our direct marketing activities, include:

Name,contact number and (business) e-mail address.

V.  Processing purposes

  1.             We process your personal data collected through our ABPs for the purposes of:
  •          Placing the shipment order;
  •          Generating parcel labels;
  •          Generating pro forma invoices;
  •          Taking care of outbound customs clearance in European countries;
  •          Taking care of inbound customs clearance in China; and
  •          Delivering the shipment in China.
  1.             We process your personal data collected in the context of you supplying products and/or providing services to us for the purposes of:
  •          Performance under the contract we have with you; and
  •          Payment or issuance of invoices.
  1.            We process your personal data collected in the context of our direct marketing activities for the purposes of:
  •          The promotion of SF Europe, our products and our services provision.

VI.Lawful basis for the processing of your personal data

For the processing of your personal data, SF Europe needs a lawful basis. The lawful basis for our processing depends on the purposes of the processing. Please note that where we process personal data on the basis that this processing is necessary to for the purposes of our legitimate business interests, such interests are the promotion of SF Europe, our products and our services provision, improvement of your experience when interacting with us.

  1.     The legal basis for processing your personal data collected through our ABP’s is that such processing is necessary for the performance of a contract with you and for the purposes of our legitimate business interests (please see above).

Furthermore, the processing of your personal data in this respect is necessary for compliance with a legal obligation to which SF Europe is subject, namely statutory tax retention periods, and response to requests of government agencies (such as judiciary authorities and customs).

  1.     The legal basis for processing your personal data collected in the context of you supplying products and/or providing services to us is that such processing is necessary for the performance of a contract with you and for the purposes of our legitimate business interests (please see above).

Furthermore, the processing of your personal data in this respect is necessary for compliance with a legal obligation to which SF Europe is subject, namely statutory tax retention periods, customs requirements, and to respond to requests of government agencies (including judiciary authorities).

  1.     The legal basis for processing your personal data collected in the context of our direct marketing activities is that such processing is necessary for the purposes of our legitimate business interests (please see above).

VII.   Retention periods

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for as set out under Section V, including for the purposes of satisfying any legal, accounting or reporting requirements.

In general terms this means that we will retain your personal information for the duration of your relationship with us and for the length of any applicable limitation period for claims which might be brought against us later (e.g. 6 years in the UK). There are also certain types of information, such as tax records, which require to be retained for a certain period by law. We will remove your personal data if we no longer need it for the purposes set out under Section V.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Please contact us via sales_eu@sf-express.com or via post(Unit B, Crosspoint Distribution Park, Swallowfield Way, Hayes, Middlesex, UB3 1DQ)for more information on the specific retention periods that apply to your personal data.

VIII.Sharing or disclosure of personal data

General: We have not included a list of all recipients of personal data. This is because we are a large, globally operating company that works with a large number of data recipients. Including all these recipients in this Policy would not contribute to its clarity. We will also regularly change suppliers. It would therefore be a large administrative burden to keep an exhaustive list of recipients up to date. We would also have to update you each time we add or remove a recipient, which we feel would be burdensome for you. We therefore believe that giving you a list of categories of recipients is more transparent and user friendly than including a list or all recipients.

 

  1.         The personal data we collect from our ABP’s in relation to our shipment services, we share with:

-           Group companies: we will share personal data we collect from you in relation to our shipment services with other companies in the SF Group, who will process personal data in accordance with this Policy.

-           Companies who work on behalf of SF Europe: We will share personal data collected with third parties who work on behalf of us or provide services to us in this respect. For example: companies that provide storage space and custom clearance service. Any company who receives personal data from us will have to comply with data protection rules and security measures we set. Such rules and measures align with this Policy.

-           New owner or merger partner: If we sell or divest our business or any part of it, and your personal data relates to such sold or divested part of our business, or if we merge with another business, we will share your personal data with the new owner of the business or our merger partner, respectively.

-           Government: If we are legally obliged to do so, we will share data we collect with law enforcement agencies and other governmental bodies.

  1.         The categories of personal data we collect when you are supplying products and/or   providing services to us, we share with:

-          Group companies: we will share personal data we collect from you when you are supplying products and/or services to us with other companies in the SF Group, who will process personal data in accordance with this Policy.

-          Companies who work on behalf of SF Europe: We will share personal data collected with third parties who work on behalf of us or provide services to us in this respect. Any company who receives personal data from us will have to comply with data protection rules and security measures we set. Such rules and measures align with this Policy.

-          New owner or merger partner: If we sell or divest our business or any part of it, and your personal data relates to such sold or divested part of our business, or if we merge with another business, we will share your personal data with the new owner of the business or our merger partner, respectively.

-          Government: If we are legally obliged to do so, we will share data we collect with law enforcement agencies and other governmental bodies.

  1.         The categories of personal data we collect in the context of our direct marketing activities, we share with:

-           Group companies: we will share personal data we collect from you in the context of our direct marketing activities with other companies in the SF Group, who will process personal data in accordance with this Policy.

-           Companies who work on behalf of SF Europe: We will share personal data collected with third parties who work on behalf of us or provide services to us in this respect. Any company who receives personal data from us will have to comply with data protection rules and security measures we set. Such rules and measures align with this Policy.

-           New owner or merger partner: If we sell or divest our business or any part of it, and your personal data relates to such sold or divested part of our business, or if we merge with another business, we will share your personal data with the new owner of the business or our merger partner, respectively.

-           Government: If we are legally obliged to do so, we will share data we collect with law enforcement agencies and other governmental bodies.

IX.Cross-border transfer of personal data

SF Europe may transfer your information to countries other than the country in which the information was originally collected.Those countries may not have the same data protection laws as the country in which you initially provided the information. When SF Europe transfers your personal data outside the European Economic Area (the EEA), it will take relevant measures to protect the information in accordance with applicable laws and regulations. However, regardless of the differences of destination countries of information transfer, SF Europe will protect such information at a level not lower than the data protection level of the country in which the personal data was originally collected.

For transfers outside the EEA, SF Europe uses so-called Standard Contractual Clauses (SCCs) as a way to ensure adequate safeguards are in place. The European Commission has approved these model contracts. You can find more information about the SSCs here.

The personal data we collected when you make use of our services, or when you provide products and or services to us, is transferred to our group companies in China.

X.  Data subjects’ rights and requests

In accordance with the applicable laws in the European Union, you have the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability and the right to object. Please note that most of these rights are not absolute and subject to exemptions in the law, may only apply to certain types of information or processing. Below we set out your rights in more detail and give information on how you can exercise your rights. We will respond to your request within one month, but have the right to extend this period with two months. If we extend the response period, we will let you know within one month from your request.

 

Your right

How to use it

1

We need your consent for some of the ways we use your information, for example for marketing.

You can remove that consent at any time.

You can e-mail your request to sales_eu@sf-express.com.

2

You can ask us to confirm if we are processing your information.

You can e-mail your request to sales_eu@sf-express.com.

3

You can ask to access your information. Please note that to help protect your privacy and maintain security, SF Europe will take steps to verify your identity before granting you access to the information.

You can e-mail your request to sales_eu@sf-express.com.

4

You can ask to correct your information if it is wrong.

You can e-mail your request to sales_eu@sf-express.com.

5

You can ask us to delete certain of your information.

You have a right to be forgotten and you can ask that our systems stop using your information.

You can e-mail your request to sales_eu@sf-express.com.

It may not always be possible for you to use this right if, for example, it is still necessary for us to perform the contract or we need to keep the information by law or because of a legal dispute.

6

You can ask us to restrict how we use your information.

You can e-mail your request to sales_eu@sf-express.com.

7

You can ask us to help you move certain of your information to other companies.

To help with that you have a right to ask that we provide your information in an easily readable format to another company.

You can e-mail your request to sales_eu@sf-express.com.

8

You can ask us to stop using your personal information, but only in certain cases.

You can e-mail your request to sales_eu@sf-express.com.

9

You may request us to stop processing your personal data for direct marketing purposes.

You can e-mail your request to sales_eu@sf-express.com.

10

You have the right to complain to the relevant supervisory authority.

You can get in touch with either:

Information Commissioner’s Office (the ICO); or the local supervisory authority in your country.

 

XI.How SF Europe protects your personal data

SF Europe attaches great importance to the security of your personal data, and it will adopt all reasonable administrative, technical, organizational and physical safeguard measures to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, modification, access, disclosure or use. Specific measures include but are not limited to:

  1.               technical measures that are compliant with industry standards, such as encryption techniques, access control, and information security assessment;
  2.              data security management regulations, such as data compliance policy, security management regulations, non-disclosure agreement, employee training on personal data and data protection, and legally binding contracts or agreements;
  3.             information security response emergency system, that is, in case of information security event, we will immediately start emergency measures according to provisions of laws and regulations.

XII.   Protection of personal data of minors

SF Europe’s products and/or services are not aimed at children below the age of eighteen (18). Children should not provide us with personal data. If you – as a person with parental responsibility over the child – notice that your child has provided us with personal data without your approval (for instance by submitting an incorrect age), you may contact us via sales_eu@sf-express.com.

If we find out that we process personal data of a minor without approval of the person holding parental responsibility over the minor concerned, we will immediately remove the personal data.

XIII.Disclaimer

For your convenience and information, the Website may contain links to websites or applications of third parties. These third parties may have their own privacy policies to protect the personal information they collect. SF Europe’s services also may be made available to you through third-party platforms (such as providers of app stores) or through other third-party channels. SF Europe is not responsible for the privacy protection of information collected through any non-SF Europe places or channels. When clicking related links or accessing related websites, please pay attention to the security of your personal information, and read carefully the privacy policy of the related party.

The information directly collected by any third party applications, tools, widgets and plug-ins (such as Weibo, QQ, WeChat, Alipay and other third party login services) shall be subject to the protection under the privacy policies of the third party service providers, and SF Europe assumes no responsibility thereof.When clicking related links or accessing related applications, tools, widgets and plug-ins, please pay attention to the security of your personal information, and read carefully the privacy policy of the related party.

XIV.Complaints

If you have any complaint about the processing of your personal data, or if you have any doubts about this Policy, you can contact us via sales_eu@sf-express.com. We will give you reply, explanation or follow-up within a reasonable time limit (ultimately within one month from the moment of completion of the investigation of the complaint).