Privacy Policy

1. Who We Are

This Privacy Policy explains how ArbourShipping (“we”, “us”, “our”) collects, uses, shares and protects personal data when you visit or interact with our website arbourshipping.com and when you contact us or use our services. For the purposes of European Union and United Kingdom data protection laws, ArbourShipping is the “controller” of your personal data.

2. Scope and Applicability

This policy applies to personal data we process through:

  • Our website arbourshipping.com;
  • Contact and enquiry channels (such as email and phone);
  • Service delivery and business operations (e.g., freight and logistics services, supplier management); and
  • Marketing and communications activities.

Additional notices may apply to specific services or jurisdictions. In case of conflict, the more specific notice prevails.

3. The Data We Collect

3.1 Data you provide to us

  • Identification and contact details: name, job title, company, email address, phone number, postal address.
  • Business details: company name, role, preferences, service requirements, shipment details you provide.
  • Communications: contents of emails, messages, feedback, and any attachments you send.
  • Billing and payment details: invoicing information, transaction records (we do not store full payment card numbers on our systems).
  • Recruitment data (if you apply): CV/resume, cover letter, qualifications, references.

3.2 Data we collect automatically

  • Device and usage data: IP address, device identifiers, browser type, operating system, pages viewed, time and date of visits, referring/exit pages, and general interaction data.
  • Location data: approximate location derived from your IP address.
  • Cookies and similar technologies: see Section 8.

3.3 Data from third parties

  • Business partners and suppliers (e.g., carriers, agents, customs brokers) for shipment handling and service coordination.
  • Public sources or professional platforms for business contact verification.
  • Screening and compliance providers for due diligence where legally required.

We do not intentionally collect special category data (e.g., health, biometric, racial or ethnic origin) or data about children. Our services and website are not directed to individuals under 16 years of age.

4. Purposes and Legal Bases for Processing

Where EU/UK data protection law applies, we rely on the following legal bases:

  • Contract: to provide and manage our services, respond to requests, prepare quotes, fulfil shipments, and administer accounts.
  • Legitimate interests: to operate, secure, and improve our website and services; manage relationships; prevent fraud and misuse; and conduct business analytics, provided these interests are not overridden by your rights.
  • Consent: for non-essential cookies/analytics/marketing communications where required by law. You may withdraw your consent at any time.
  • Legal obligation: to comply with laws and regulations (e.g., tax, customs, sanctions, recordkeeping), and to respond to lawful requests.
  • Vital interests or public interest: only where necessary, such as safety or security incidents.

How we use personal data

  • Service delivery and operations (Contract/Legitimate interests): handling enquiries, quoting, bookings, shipment coordination, customer support, supplier management, and invoicing.
  • Communications (Contract/Legitimate interests/Consent): responding to messages, sending service notices, and—where permitted—marketing communications you can opt out of at any time.
  • Website performance and analytics (Legitimate interests/Consent): understanding usage to improve content, functionality, and user experience.
  • Security and fraud prevention (Legitimate interests/Legal obligation): monitoring, auditing, and protecting our systems and users.
  • Compliance (Legal obligation): sanctions screening, customs and tax compliance, and regulatory reporting.
  • Recruitment (Legitimate interests/Consent where required): evaluating candidates and managing applications.

5. Sharing of Personal Data

We may share personal data with:

  • Service providers acting as processors (e.g., IT hosting, email, analytics, security, customer support) under contractual obligations to protect your data.
  • Business partners and logistics providers (e.g., carriers, port and terminal operators, customs brokers, insurance providers) as needed to perform services you request.
  • Professional advisers (e.g., auditors, legal counsel) and insurers.
  • Authorities and regulators where required by law or to protect rights, safety, and security.
  • Corporate transactions: in connection with mergers, acquisitions, reorganisations, or similar events, subject to appropriate protections.
  • With your consent or at your direction.

We do not allow our processors to use your personal data for their own purposes and only permit them to process data for specified purposes and in accordance with our instructions.

6. International Data Transfers

We may transfer personal data to countries outside your country of residence, including outside the United Kingdom and European Economic Area. Where we do so, we implement appropriate safeguards, such as:

  • An adequacy decision by the European Commission or UK government for the destination country; or
  • Standard Contractual Clauses adopted by the European Commission and/or the UK International Data Transfer Agreement/Addendum, supplemented where necessary with additional measures.

We assess the legal environment of the destination and ensure that your rights remain protected.

7. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy, including to satisfy legal, accounting, or reporting requirements. Typical retention periods are:

  • Enquiries and correspondence: up to 24 months after last contact, unless needed longer for a dispute or regulatory purpose.
  • Client and shipment records: generally 7 years from the end of the financial year in which the transaction completed (or longer where required by law or for the establishment, exercise, or defence of legal claims).
  • Supplier and partner records: for the duration of the relationship and typically 7 years thereafter.
  • Marketing preferences and suppression lists: retained indefinitely to respect your opt-out choices.
  • Recruitment data: usually up to 12 months after the process ends, unless you consent to a longer period.
  • Website logs and security records: typically up to 12 months, unless required longer for security or legal reasons.
  • Cookies: see Section 8 for typical lifespans.

8. Cookies and Similar Technologies

We use cookies and similar technologies to operate our website, remember your preferences, analyse traffic, and—where applicable—personalise content. Cookies fall into these categories:

  • Strictly necessary: required for the website to function (e.g., security, load balancing). These do not require consent.
  • Functional: remember choices and enhance features.
  • Analytics: help us understand usage to improve performance.
  • Advertising: enable measurement or tailored advertising where used.

Where required by law, we use non-essential cookies only with your consent. You can manage your cookie choices via your browser settings and, where available, our cookie preferences tool shown on the website. Typical lifespans: session cookies expire when you close your browser; persistent cookies may last from 1 day to 13 months (or, for advertising cookies where used, up to 24 months).

Blocking or deleting cookies may impact some site features. Browser-level “Do Not Track” signals may not be consistently honoured due to a lack of standardisation.

9. Data Security

We implement technical and organisational measures designed to protect personal data, including access controls, encryption in transit, network security, least-privilege principles, staff training, vendor due diligence, and incident response procedures. No method of transmission or storage is completely secure; if we become aware of a data breach affecting your personal data, we will notify you and relevant authorities as required by law.

10. Your Rights (EEA/UK)

Subject to conditions and exemptions under applicable law, you may have the right to:

  • Access your personal data and obtain a copy;
  • Rectify inaccurate or incomplete data;
  • Erase your data (“right to be forgotten”);
  • Restrict processing;
  • Data portability;
  • Object to processing based on our legitimate interests, and to direct marketing;
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

You also have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner’s Office.

To exercise your rights, please contact our Data Protection Officer using the details in Section 13.

11. California Privacy Notice (CPRA/CCPA)

If you are a California resident, the following applies in addition to the rest of this policy:

11.1 Categories collected

We may collect the following categories: identifiers (e.g., name, email, phone, IP address), customer records (e.g., billing details), commercial information (e.g., services purchased), internet or network activity (e.g., browsing data, interactions), geolocation (approximate), and professional or employment information (business contact details). We do not knowingly collect sensitive personal information beyond what is necessary to provide our services or comply with law.

11.2 Purposes and disclosures

We use and disclose personal information for the business purposes outlined in Sections 4 and 5. We disclose information to service providers and contractors bound by written contracts to use it only for specified business purposes.

11.3 Sale/Sharing

We do not sell personal information. We do not share personal information for cross‑context behavioral advertising unless you consent to non‑essential advertising cookies or similar technologies. You can opt out by rejecting such cookies or by contacting us (Section 13).

11.4 Your CPRA rights

  • Right to know and access: request details about categories and specific pieces of personal information we collected about you.
  • Right to delete: request deletion of personal information, subject to legal exceptions.
  • Right to correct: request correction of inaccurate information.
  • Right to opt out of sale or sharing: as described above.
  • Right to limit use and disclosure of sensitive personal information: we do not use such information for purposes requiring this right.
  • Right to non‑discrimination: we will not discriminate against you for exercising your rights.

To exercise your rights, contact us as set out in Section 13. If you use an authorised agent, we may require proof of authorisation and verification of your identity.

12. Children’s Privacy

Our website and services are intended for business use by adults. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, please contact our Data Protection Officer so we can delete it.

13. Contact and Data Protection Officer

For questions about this Privacy Policy, to exercise your rights, or to contact our Data Protection Officer (DPO):

  • Email the DPO: dpo@arbourshipping.com
  • General privacy enquiries: privacy@arbourshipping.com
  • Postal: write to “Data Protection Officer, ArbourShipping” using the postal address published on our website, and include “Data Protection Officer” in the address line.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If changes are material, we will take appropriate steps to inform you (for example, by posting a prominent notice on our website). Please review this Policy periodically.

15. Effective Date

Effective date: 8 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 ArbourShipping