FREIGHT INVESTOR SERVICES: PRIVACY POLICY

Version 2.1.

Data protection is there to safeguard important information from compromise, loss or corruption and is underpinned by principles, regulatory frameworks and legal requirements that have been in effect for decades. There have been a number of changes during this time, with one of the largest revisions being implemented on the 25th May 2018, under the guise of the General Data Protection Regulation (GDPR).
This document has been revised to reflect these changes.

Further information can be found at:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en

For the purposes of the General Data Protection Regulation (GDPR)
• We, Freight Investor Services Ltd and its subsidiaries, Freight Investor Services PTE Ltd and its subsidiaries and any reference hereafter, to “we” or “FIS” are the “Controller” of your information (data) and determine the purposes for which and the manner in which any personal data is, or are to be, processed.
• Any 3rd party that we engage with to host and or support our data platforms are known as “Processors” of your information (data), who act on behalf of FIS and as such they are not controllers of your data.

For the purposes of this document we interchangeably use “your information”, “personal data” and “your data” to have the same meaning.

WHO WE ARE

Freight Investor Services (FIS) offers full brokerage services, trade execution and in-depth market intelligence for dry bulk freight and commodity swaps – as well as providing physical ship and cargo services across the globe.

We are regulated by the UK Financial Conduct Authority (FCA), USA National Futures Association (NFA) and hold an exemption with the Monetary Authority of Singapore (MAS).

Registered Addresses

Freight Investor Services Ltd (FIS)
80 Cannon Street
London, EC4N 6HL
Telephone: +44 (0) 20 7090 1120
Email: info@freightinvestor.com

Freight Investor Services (US FFA)
2777 Summer Street, Suite 209a,
CT 06905, USA
Telephone: +1 203 325 8003
Email: info@freightinvestor.com

Freight Investor Services (US Fertilizer)
711 South Howard Ave, Tampa,
FL 33606 Unit 2, USA
Telephone: +1 212 634 6424
Email: ferts@freightinvestor.com

Freight Investor Services Pte Ltd (FIS)
6 Battery Road, #24-04
Singapore, 049909
Telephone: +65 6535 5189
Email: info@freightinvestor.com

Freight Investor Services Shanghai
Hong Kong New World Tower
Unit 3803, 300 Huaihai Road,
(M) 200021, Shanghai, China
Telephone: +86 21 6335 4002
Email: info@freightinvestor.com

Freight Investor Services PVT. LTD.

104, Lodha Supremus Phase 1,Road no  22, Wagle Estate, Thane (W),Mumbai – 400604
Telephone: +91 22 4881 8900 Email: chartering.mumbai@freightinvestor.in

Freight Investor Solutions DMCC
Unit 306, Platinum Tower
Jumeirah Lake Towers
PO Box 391624 Dubai, UAE
Email: info@freightinvestor.com

INFORMATION WE COLLECT ABOUT YOU

At FIS we only collect enough information to enable us to, and in accordance with applicable laws, Provide, Support, Improve and Market our Services. The types of Personal Information we collect depend on how you use our services, which range from employment, general enquiries to onboarding and providing our services and expertise.

Personal Data

  • Contact Details – You provide your Name, Title, Company Details, Telephone Number/s, Email Address/s, Interests in FIS Services, Job Title, Residing Country, Social Engagement Platform details. This is the minimum information that we require to fulfil general enquiries and initial engagement services such as receiving Market and or Technical reports, invitations to seminars & events and onboarding.  This information can be provided in either an Email, Onboarding Documents, Web Enquiries, Social Engagement Platform messages or Telephone calls.
  • Company Details – You provide your Company Name, Company Address, Telephone Number/s, Email Address/s, Social Engagement details, Primary Contact and Departmental Contact details.
  • Employment Details – You provide your Contact Details, CV, Previous Employer Details, References, Bank Details, Tax Details,
  • Account Details – You provide your Contact Details along with the minimum necessary details to enable us to fulfil our obligations under any contract with you or any legal requirements with the associated authorities and lawful regulations.  This Registration and Onboarding process captures Corporate Documentation and Private Identification information for directors and shareholders for the companies in question.  This includes; Passport, Driving License, National ID and Financial Account information, associated transactional details.   If you require further details, please contact dataprotection@freightinvestor.com.
  • Payment Details – You provide Contact Details, Account Details, BACS, SWIFT, IBAN; Account Number, Credit Card, Debit Card, Invoice, Purchase Order, Transactional Details, Payment Amount.
  • Consent Details – You provide your Consent as outlined within section Lawful Basis for Processing, we capture and store this action, along with the transactional details namely Date & Time and your Contact Details in accordance with the regulated requirements.
  • Customer Support & Improvement Details – You provide your Contact Details and information relating to your enquiry in either an Email, Web Enquiry, Social Engagement Platform or Telephone call.
  • Marketing Details – You provide your Contact Details and where applicable we utilise Connection and Usage Information to improve our marketing engagements with you.
  • Connection Information – We collect information about your device and connection details when you access our website or open one of our Market or Technical reports. This includes details such as IP address, Machine Name, Email Delivery Status.
  • Transactional Details – The collection of these records is dependent on the type of transaction, but include; Data and Time, Reference, Record Count, Record Identifier, Associated Transactional Details – Contact, Company, Account, Payment, Consent, Customer Support & Improvement, Marketing, Usage and Cookie details.
  • Usage Information – We collect information about your activity and engagement with our services, this includes the number of times you have; registered for and or attended one of our seminars or events, contacted us, opened one of our reports, visited our website and each interaction thereafter.

Cookies – We use cookies to provide more effective web-based services to you, by allowing you to customise and improve the performance of your experience, such as changing the language, storing your preferences and improving the responsiveness of our website.  We also use 3rd party add-ins namely, Google Analytics and Yoast SEO Analytics to improve the effectiveness of our site.

Sensitive Data

    • To fulfil our obligations under any contract with you.
    • For the prevention and detection of fraud and crime.
    • Compliance with lawful authorities and applicable laws.We do not collect, store or process any Sensitive data unless legally and or contractually required to do so.  Where we are required to collect this information, we do so under the following circumstances:-

    All Personal and Sensitive data is governed by Data Protection laws and as such you have lawful rights as to how this information is used and stored, refer to section Your Rights.

HOW WE USE YOUR INFORMATION

We use your information to Provide, Support, Improve and Market our Services, as follows:-

Engagement of Service

  • To provide a Service, by enabling us to fulfil our obligations under any contract with you.
  • To provide you with core services and relevant updates to these services.
  • To notify you of any changes to our services that affect you.
  • To process your information on a Fair and lawful basis.
  • To forward your information to regulatory bodies upon conduct of services.

Security and Privacy

  • Where there is a requirement to share your information, we will ensure this is conducted with full compliance of regulatory requirements, refer to Information that we share.
  • We will only ever share your information where there is either a legal requirement or where we need to fulfil our obligations under any contract with you.

Legal Requirements

  • To co-operate with supervisory and lawful authorities to fulfil our legal obligations.
  • To monitor and store transactional details in accordance with regulatory requirements.
  • For the prevention and detection of fraud and crime.
  • To use your information in a manner consistent with any legal frameworks and requirements.
  • To notify you and any lawful authorities of any data breaches.
  • To notify you of any changes to legislation that affect you.
  • To keep records of all processing activities, in accordance with lawful practices.
  • To ensure and maintain the security of your information from both a controller and processor perspective.

Transfers and Change of Control

  • All transfers are conducted in accordance with international laws with the highest legal sovereignty representation taking president. We will take all steps reasonably necessary to safe guard your information, ensuring the security is maintained at the highest level in accordance with lawful practices.
  • By using our services, you consent to the transfer and storage of your information to destinations outside of the European Union for the purposes of data processing.
  • By using our services, you consent to the transfer and storage of your information to wholly owned subsidiaries of FIS.
  • We will transfer your information to the owning entity of any successor with regards to mergers or acquisitions.

Direct Marketing

  • To use the analytical information that we have captured through our Connection and Usage processes to analyse the effectiveness of our services and marketing campaigns.
  • To provide you with information on new services and business opportunities.
  • To provide you with invitations to seminars and events.
  • To transfer your Contact Details to our 3rd party processors in accordance with security, privacy and regulatory requirements.
  • Where your consent is required, we will explicitly request this by asking you to either “consent” or “opt-in” to our services.
  • You can “opt-out” or unsubscribe at any time by emailing unsubscribe@freightinvestor.com stating which service or services you wish to unsubscribe from.

WHERE YOUR INFORMATION IS STORED

We store your information, in accordance with international regulatory guidelines using locally hosted and 3rd party data services platforms, which are hosted within the European, American and Asian regions.  We use 3rd party providers (processors) for such services and we work closely with these parties to ensure they also adhere to the same guidance and controls.

DATA SECURITY

At FIS we take our data security responsibilities seriously and have implemented appropriate technical, procedural and organisational security measures to protect your personal information.

Technical Measures – Our Data Services utilise encryption technology (both at rest and in flight) and where possible all administrative service accounts utilise 2 factor authentication.  We limit access to your personal data by using methods such as Role Based Access Control (RBAC) and by restricting general access to a “needs to have” basis.

Procedural Measures – We have trained our IT staff to understand and follow our internal security policies and procedures.  This includes stringent requirements that challenge any data access and transfer requests to ensure we adhere to our least privilege access policy and regulatory requirements.

Organisational Measures – We have trained our staff to identify, understand and respect personal data, they are also aware of who to contact for data protection requests.

 

Whilst we take every reasonable effort to protect the systems and services that we use, no one system is guaranteed as 100% secure.  Upon awareness of any system vulnerabilities, we will work with our internal IT staff and 3rd party providers to apply and rectify these as quickly as practically possible.

Breach Notification.

We have procedures in place that deal with personal data breaches, upon discovery we will investigate the extent of the breach and notify you and any regulatory body of any such occurrence, where lawfully required to do so and within the required timescales.

INFORMATION WE SHARE

At FIS we believe information privacy is critical in maintaining trust with our clients, therefore we will never sell or knowingly give away your data and we only process your data on a fair and lawful basis.

We only share your personal information, that is necessary, with our appointed 3rd party processors, regulatory agencies and those necessary to fulfil our contractual obligations, all in accordance with our security, privacy and any regulatory requirements and obligations.

Where legally required, we will also share your personal information with any lawful authorities.

International Transfer of Personal Data.

Because of the international nature of our business, we are required to share and transfer your personal information with subsidiaries of the FIS groups and 3rd parties in accordance with this Policy.  This is to reduce any material inaccuracies of your information (Key once and share) and to meet our legal obligations.

Data transfers are conducted, with the highest legal sovereignty representation taking president, which ensures the maximum security and privacy actions are taken irrespective of where your data is located.  The transfers are encrypted during their transit (in-flight) and then again when they reach and are stored within their new location (at rest).  Refer to section Data Security

Purposes Of The Processing.

The processing of your personal information is necessary for a number of reasons as outlined below:-

Contact and Company Details

  • Provide you with Marketing and Technical Analysis Reports.
  • Provide you with Invitations to Seminars; Conferences and Events.
  • Provide you with information on changes to our products and services.
  • Provide you with information on changes to regulatory requirements.

For processing of these details, we use 3rd party SaaS Customer Management and Email marketing solutions to manage and store your personal details.  These platforms store and use this data in accordance with this policy.

Account, Payment, Contract and Employment Details

  • To engage and fulfil our Contractual obligations.
  • For Registration and Onboarding purposes.
  • For Employment purposes.
  • For submission to regulatory bodies.
  • Creation of Account and Payroll services.
  • Compliance with our legal obligations and requirements.
  • To detect and prevent fraud.

Lawful basis for Processing

We use both Consent and Legitimate interest as the lawful basis for the processing of your data.

Our primary lawful purpose is to ascertain and use ‘Consent’, this is given by you on the basis that you wish to allow FIS and our subsidiaries to store and use your data and agree with the details as given within this Privacy Policy.  This is achieved via a trackable email (which we send) that records your actions and associated transactional details for record keeping and regulatory purposes.

For circumstances where we are initially unable to gain formal recorded consent from you, however you have “expressed an interest in our services”, then we use ‘Legitimate Interest’ as follows:-

  • You have made an enquiry about our services.
  • Where we are already conducting business and are awaiting your reply to our retrospective Consent request.
  • You have made an enquiry about employment opportunities.
  • You have attended one of our Seminars, Conferences or Events and exchanged contact details with a member of our staff.
  • To assist lawful authorities in the execution of their duties.
  • For the detection and prevention of fraud.
  • To protect our IT systems.
  • To protect our company from legal pursuit.

For the above circumstances we will seek your consent at the earliest opportunity thereafter, where applicable.

DATA RETENTION

We take reasonable steps to ensure that we retain your personal information only for as long as is necessary and in accordance of the original purpose for which it was collected, or as required under any contract or by applicable law.

  • Contact Details are stored for a period of 12 months, if upon the rolling 12 month basis you have not made an enquiry or undertaken any services or have consented to us holding your information then it will be deleted from our data platforms.
  • Account, Contract, Employment and Payment Details are stored for as long as we are lawfully permitted and or legally obliged to and in accordance with our backup and retention policy.
  • Consent Details are stored for as long as we are lawfully permitted and or obliged to.
  • Where data subjects have invoked the right to be Forgotten, we are required to keep a record of this request including your Name, so as to ensure this request can be maintained.

YOUR RIGHTS

Subject to the applicable data protection regulation, you as the data subject, have certain legal rights which we have outlined within this section.

Please note that these rights are subject to change and while we make every effort to maintain the integrity of our literature, we would recommend you refer to the official sources –

https://ico.org.uk/for-organisations/guide-to-data-protection/principle-6-rights/

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC

To protect both of our interests from potential fraudulent or malicious incidents, FIS reserves the right to request further identification methods to satisfy that we are dealing with the lawful data subject.

We do not knowingly have any business interactions or store information about children.

Right to be Informed

Articles 13 & 14 state that data subjects have the right to be informed of the collection and use of your personal data.

The information contained within this Privacy Policy is a concise and transparent collection of how we collect and use your information, however if you require further assistance then please email us at dataprotection@freightinvestor.com.

Right of Access

Article 15 states that individuals have the right to access their data (you cannot request information in regards of other subjects) and you can obtain:

  • Confirmation that we are processing your data,
  • a copy of your personal data and
  • other supplementary information such as that outlined within this Privacy Policy.

Subject Access Requests (SAR) can be submitted for you to see what information we hold about you, we may require further information before any disclosure is given:

  • We must be satisfied you are the genuine data subject.
  • We may ask you for information to enable us to locate the information which you seek.

This request can be made via an electronic submission refer to our website, in writing or verbally and upon receipt of any satisfactory request we will reply without any undue delays within 40 calendar days of submission of all of the required information or payment, whichever is later.

Our fees in relation to SAR requests are £10, however we will notify you if any fees are not applicable and the reason/s for this.

Right of Rectification

Article 16 states that Data Subjects have the right to have inaccurate personal data rectified or incomplete personal data completed.

This request can be made in writing or verbally and upon receipt of any satisfactory request we will reply without any undue delays within one month.  You can also email dataprotection@freightinvestor.com and outline what data requires rectification.

Your right of Rectification is not absolute, where requests are denied we will reply outlining said reasons.

You can also email dataprotection@freightinvestor.com and outline your data rectification requirements.

Right to Erasure

Article 17 provides you with the right to have your data erased, it is also known as the Right to be Forgotten.

This request can be made in writing or verbally and upon receipt of any satisfactory request we will reply without any undue delays within one month.

Your right to Erasure is not absolute and only applies to certain circumstances, where requests are denied we will reply outlining said reasons.

In most circumstances there is no fee for this service, however we will notify you if any fees are applicable and the reason/s for this.

Right to Restrict Processing

Article 18 provides you with the right, in certain circumstances, to restrict the processing of your personal data. This means that you can limit the way that we use your data. This is often seen as an alternative or interim measure, to the right of erasure of their data.

When processing is restricted, we are permitted to continue to store your personal data but are not allowed to further process it.  We will retain just enough information about you as the data subject to ensure that the restriction is respected in future.

This request can be made in writing or verbally and upon receipt of any satisfactory request we will reply without any undue delays within one month.

In most circumstances there is no fee for this service, however we will notify you if any fees are applicable and the reason/s for this.

Your right to Restrict Processing is not absolute and where requests are denied we will reply outlining said reasons.

Right to Data Portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.  Information given to you, within the scope of the right to data portability, would only be the personal information that you have provided to us.  This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

Note, if our lawful purpose for processing your data is ‘Legitimate Interests’ then your right to portability does not apply.

This request can be made in writing or verbally and upon receipt of any satisfactory request we will reply without any undue delays within one month.

In most circumstances there is no fee for this service, however we will notify you if any fees are applicable and the reason/s for this.

Your right to Data Portability is not absolute and where requests are denied we will reply outlining said reasons.

We use csv as our default format, we can supply the information in XML or JSON upon request.

Right to Object

Article 21 provides you with the right to object to the processing of your personal data. This effectively allows you to request that we stop processing your personal data.

This request can be made in writing or verbally and upon receipt of any satisfactory request we will reply without any undue delays within one month.

In most circumstances there is no fee for this service, however we will notify you if any fees are applicable and the reason/s for this.

Your right to Object is not absolute and only applies to certain circumstances, where requests are denied we will reply outlining said reasons.

Right to be Forgotten

Refer to section Right to Erasure, which is you right for removal.

SUBJECT ACCESS REQUEST (SAR) FORM

Your Details

Your Address

Company Details

Company Name (applicable)