Data protection

Privacy
Policy

At Xpeditis, protecting your personal data is a top priority. This policy explains how we collect, use, and protect your information.

Last updated: January 2025

1. Data we collect

We collect the following data: • Identification data: first name, last name, business email address, phone number • Business data: company name, role, business registration number • Connection data: IP address, login records, browsing data • Transaction data: booking history, quotes, invoices • Communication data: exchanges with our customer service

2. Use of data

Your data is used to: • Provide and improve our maritime freight booking services • Manage your account and preferences • Process your quote requests and bookings • Send you commercial communications (with your consent) • Ensure the security of our platform • Meet our legal and regulatory obligations

3. Data protection

We implement robust security measures: • SSL/TLS encryption for all communications • Encryption of sensitive data at rest (AES-256) • Two-factor authentication available • Regular security audits • Continuous training of our teams • Hosting on ISO 27001-certified servers

4. Your rights

Under the GDPR, you have the following rights: • Right of access: get a copy of your personal data • Right of rectification: correct your inaccurate data • Right of erasure: request deletion of your data • Right of portability: receive your data in a structured format • Right to object: object to the processing of your data • Right to restriction: limit the processing of your data To exercise these rights, contact us at: privacy@xpeditis.com

5. International transfers

Your data may be transferred to non-EU countries as part of our international maritime freight services. These transfers are governed by: • Standard contractual clauses approved by the European Commission • Appropriate certifications (e.g. Privacy Shield for some providers) • Explicit consent for certain specific transfers

6. Data retention

We retain your data for the following durations: • Account data: duration of the business relationship + 3 years • Transaction data: 10 years (accounting obligations) • Connection data: 1 year • Marketing data: 3 years after the last contact After these periods, your data is deleted or anonymised.

Any questions?

For any question regarding our privacy policy or your personal data, contact our Data Protection Officer.

privacy@xpeditis.com