At Gnosis Companies, Inc., including its affiliates (hereafter “Gnosis”, “Gnosis Freight”, “we”, “us”, or “our”), your privacy is of great importance. This Gnosis Freight Privacy Policy (“Policy”) describes our privacy practices. It describes how we collect, share, and use information that can identify you directly or indirectly (“Personal Information”), and how you can exercise your privacy rights wherever you are located. If you are unable to access this Policy due to a disability or any physical or mental impairment, please contact us using the contact details in Section 1 and we will arrange to supply you with the information you need in an alternative format that you can access.
Please read this Policy carefully to learn about how Personal Information that we collect about you and how we use, protect, and disclose your Personal Information when you interact with:
Gnosis Freight is a leading provider of supply chain visibility and execution software, made available through its proprietary Container Lifecycle Management® (CLM) platform—the world’s first supply chain platform focused on the full lifecycle of your shipping containers.
Gnosis Freight’s global footprint encompasses a diverse customer base, including beneficial cargo owners (BCOs), ocean carriers, forwarders, truckers, third-party logistics providers, technology providers, and other critical supply chain partners.
To ask questions, comment, or provide feedback about this Policy and our privacy practices, contact us at: legal@gnosisfreight.com.
This Policy applies to Personal Information in situations where we decide how and why your Personal Information is to be processed (data controller). This Policy does not apply where we are acting merely as a service provider to another organization who decides how and why we process your personal information (data processor).
Furthermore, this Policy does not apply to Personal Information that you provide to, or is collected by, any third party. These third parties have their own privacy notices which we encourage you to read.
While we are a business-to-business company we process Personal Information of various categories of individuals to function and maintain relationships with these individuals. We process the Personal information of the following individuals:
In the course of our business activities and providing our Services, we process Personal Information that you provide directly or indirectly to us when using our Services or interacting with us in any other situation, including:
This Section applies to Personal Information that we collect and process related to individuals who access the Platform (“Platform Users”). In this Section, “you” and “your” refers to Platform Users.
The Platform provides real-time supply chain visibility and execution software to enable you to track and manage your containers, from booking until returned empty.
Where we provide the Platform, we primarily act as a processor on behalf of our customers, however, we do process some of your information for our own purposes. The following information applies only to our role as a data controller.
Information you provide directly to us when using the Platform: There are various areas within the Platform where you may provide Personal Information directly to us when signing up to our Platform or when using the Platform. This Personal Information may include:
Information we receive from you indirectly through other Platform Users: In order to provide our Services to our Platform Users, they may provide Personal Information about you (e.g., as their carrier, forwarder, etc.). This includes your name and contact information in order to facilitate execution software, sending emails, onboarding, etc. Where a Platform User provides us with your Personal Information, we presume that the Platform User is authorized to provide your information and has provided you with relevant privacy information.
Information we may collect automatically through the Platform: When you download, access, and/or use the Platform, we use technology to automatically collect usage and device information as detailed in Section 4. In some countries, including countries in the European Economic Area, the UK, and in Switzerland, Australia, Brazil, Canada, and New Zealand, this information may be considered Personal Information under the law. We may collect this information as part of log files as well as through the use of cookies or other tracking technologies. Our use of cookies and other tracking technologies is discussed more below, and in more detail in our Cookie Policy.
We use the Personal Information that we collect about you or that you or other Platform Users provide to us for the following business and commercial purposes:
In addition, we anonymize and/or aggregate Personal Information that we collect about you or that you or other Platform Users provide to us to prepare reports, studies, analyses; maintain and improve the performance or functionality of the Platform; demonstrate the effectiveness of the Platform, and develop new features, products, and other work product.
Network Collaboration. Some features of the Platform may enable participants in the shipping and/or trucking industry and/or other companies with which we work to communicate and share data, including shippers, carriers, beneficial cargo owners, third-party logistic providers, system integrators, and device manufacturers (“Network”). In order for us to make these features available in the Platform, it is necessary for us to share your Personal Information with these parties. These parties are not allowed to use personally identifiable information except for the purpose of making such features available through the Platform.
This Section applies to Personal Information that we collect and process about individuals who visit the Website or interact with Gnosis online or offline, such as in connection with our events, sales, and marketing activities (“Visitors”). In this Section “you” and “your” refers to Visitors.
Information you provide directly to us when using the Website or interact with us online or offline: Certain parts of our Website will ask you to provide Personal Information. For example, we will ask you to provide certain Personal Information (such as your name, contact details, company name, profile information) in order to find out more about Gnosis or the Services, or otherwise submit inquiries or contact us. We will also collect Personal Information, such as your contact and job details and feedback, when you visit our office, attend our events, take part in surveys, register to receive a gift from us, or through other business or marketing interactions we may have with you for the purposes outlined below. You may choose to provide additional information when you communicate with us or otherwise interact with us.
The Personal Information that you are asked to provide, and the reasons why we want it, will be made clear to you at the point we ask you to provide it. We will also let you know prior to collection whether the provision of the Personal Information we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information.
Information we may collect automatically through the Website: When you visit our Website, we may also collect certain information automatically from your device. In some countries, including countries in the European Economic Area and in the UK, Switzerland, Canada, and Brazil, this information may be considered Personal Information under the law.
Specifically, the information we may collect automatically includes your IP address, your operating system, your browser ID, your browsing activity, and other information about your system and connection and how you interact with our Website. We may collect this information as part of log files as well as through the use of cookies or other tracking technologies when you provide consent for such performance or tracking cookies. Our use of cookies and other tracking technologies is discussed more below and in more detail in our Cookie Policy.
We use the Personal Information we collect through our Website and other online/offline instances for the following business and commercial purposes:
This Section applies to Personal Information that we collect and process related to individuals that we interact with professionally in any other situation than the ones described above. In this Section, “you” and “your” refers to any such individual.
If you are a current or prospective customer, data provider, business partner, or supplier of ours, we will collect and use your Personal Information. For example, we will ask you to provide certain Personal Information (e.g., name, contact details, company name) in order to manage our business relationship with you. We use the Personal Information we collect for the following business and commercial purposes:
We do not collect any sensitive Personal Information through our Services. Sensitive Personal Information, as defined by applicable data protection laws, include details about your race or ethnicity, religious, moral, or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health (including mental), and genetic and biometric data, and financial information such as account numbers. We also do not collect any information about criminal convictions or offenses.
If you are from a country or region (e.g., EEA, Chile, Indonesia, Turkey, Thailand, South Africa, United Kingdom) where a legal basis is necessary for the processing of personal data, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
Legitimate Interest. We will normally collect and use Personal Information from you where the processing is in our legitimate interests (or those of any third party) and not overridden by applicable law, your interests or fundamental rights and freedoms. This interest will normally be to improve, maintain, provide, and enhance our technology and services, communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
Performance of a Contract. If you are someone who forms a contract with us and we will need your Personal Information in order to provide the Services.
Legal Obligation. In some other limited cases, we may also have a legal obligation to collect Personal Information from you. If we ask you to provide Personal Information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not, as well as the possible consequences if you do not provide your Personal Information.
Consent. If you are from a country or region that requires us to ask for consent for any processing or transferring data (e.g., Canada, Colombia, Panama, Turkey, Taiwan) we collect, use, disclose, and otherwise process the Personal Information described above only with your consent. If you do not wish to provide us with any Personal Information which is indicated as compulsory, we may not be able to communicate with you or provide certain services or features to you. Further, if you provide us with details of any other individual (e.g., any other Platform User), you must give a copy of this Privacy Policy to, and obtain consent from, that individual before giving their Personal Information to us where consent is required by applicable laws.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at legal@gnosisfreight.com.
In addition to and based on the specific purposes set out above, we may disclose Personal Information that we collect or that you provide. We may share or disclose your Personal Information to the following categories of recipients:
When you use the Services, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:
These third parties may use tracking technologies to collect information about you when you use the Platform and/or Website. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites, apps, and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Your Privacy Right and Choices section below.
We may combine your Personal Information with other information we collect or obtain about you (such as information we source from our third parties) to serve you specifically, such as to deliver a product or service according to your preferences or restrictions, or for advertising or targeting purposes in accordance with this Policy. When we combine Personal Information with other information in this way, we treat it as, and apply all of the safeguards in this Policy.
Location. If you are using the Services, be aware that your information will be transferred to, and maintained on, IT infrastructure located within the United States and further that your information may be accessed within the United States. The collection, use, retention, and any other processing of your information will be governed by United States law, to the extent applicable, and further by the specific jurisdictions within the United States where that information is stored, unless otherwise specified. Accordingly, your information may be accessible to law enforcement and/or regulatory authorities according to applicable United States law.
Retention. We hold your Personal Information only for as long as necessary to fulfill the purposes set out in this Policy. Gnosis only decides the retention periods are either based upon a legal obligation we have that prescribes the requirement to retain your Personal Information, or a business interest to retain your Personal Information. Our customers decide the appropriate retention periods for Personal Information processed by us in the capacity of a processor on their behalf. If you would like more information about specific retention periods you can email us at legal@gnosisfreight.com.
When we transfer your personal information outside of the jurisdiction in which you live or work, we do this where we are satisfied that adequate levels of protection are in place to protect the integrity and security of your personal data and/or adequate security measures are adopted, in compliance with applicable data protection laws.
Adequacy Decision or Contractual Clauses. This means that whenever your Personal Information is transferred to a different jurisdiction, we make sure that such transfers is either approved by the authorities from the jurisdiction the Personal Information originates from through so called ‘adequacy decisions’ or is subject to appropriate safeguards such as contractual clauses for transfers as approved by those authorities (e.g., Argentina, Brazil, EEA, Indonesia, Israel, Singapore, The Philippines, Uruguay).
Consent. If you are from a country where consent is the only ground available to transfer data (e.g., Canada, Malaysia, Mexico, Panama, Peru, Saudi Arabia, Turkey), we will transfer overseas and process the Personal Information described above only with your consent. International transfers of your personal data shall comply with the legal basis set forth in the applicable law of your country, and any instructions provided by the regulatory authority and/or applicable law.
Data Privacy Framework. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, please visit https://www.dataprivacyframework.gov/.
Gnosis’ responsibility for data it receives pursuant to the DPF and subsequently transfers to third parties is detailed in the DPF Principles. Gnosis complies with the DPF Principles for all onward transfers from the EU, Switzerland, and the United Kingdom, including the onward transfer liability provisions (i.e., the Accountability for Onward Transfer Principle). Gnosis remains responsible and liable under the DPF Principles, unless Gnosis proves that it is not responsible for the event giving rise to the damage.
With respect to Personal Information received or transferred pursuant to the Data Privacy Framework, Gnosis is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including as required to meet national security or law enforcement requirements.
Pursuant to the Data Privacy Framework, EU, Swiss, and UK individuals have the right to obtain our confirmation of whether we maintain Personal Information relating to you in the United States. Upon request, we will provide you with access to the Personal Information we hold about you. You may also correct, amend, or delete the Personal Information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Framework, should direct their query to legal@gnosisfreight.com. If requested to remove data, we will respond within a reasonable timeframe.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Gnosis commits to resolve DPF Principles-related complaints about our collection and use of your Personal Information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of your personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Gnosis at legal@gnosisfreight.com.
Gnosis has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
At Gnosis, protecting the information that we are trusted with is our priority. We take contractual, technical, and organizational security measures in accordance with the state of the technology to protect the processed data against accidental or intentional manipulation, loss, destruction, or against access by unauthorized persons. Your personal data will be protected within the scope of the following points:
Gnosis is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria. Every year Gnosis is subject to independent audit. If you would like more information about specific measures taken to protect your personal information you can email us at legal@gnosisfreight.com.
Based on the law applicable to the use of your Personal Information, you have rights in relation to your Personal Information. Note that we will have to balance your rights and your request to exercise them against our rights and obligations to process your Personal Information and to protect the rights and freedoms of others. A number of the rights you may have in relation to your Personal Information are explained below:
Privacy Rights Procedure. We respond to all requests we receive from individuals wishing to exercise their privacy rights in accordance with applicable data protection laws. This section includes a description of how we handle your request when we choose to exercise your rights.
When we receive your request, we will verify your request and your rights against applicable data protection laws. This means that we will take steps to verify your identity by a method appropriate to the type of request you are making to ensure you are the individual about whom we have Personal Information, confirm your right to exercise these rights, and if confirmed, proceed with the request.
We will respond to your request within a reasonable period and in accordance with the periods prescribed by applicable data protection laws. We may charge you a reasonable fee for processing your request.
We may decline your request and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.
Choices. You can exercise control over the following uses of your information.
Within our Services we provide functionality allowing you to review and update certain aspects of your Personal Information via your account profile page.
Complaint Procedure. If you wish to make a complaint about or provide us with feedback on any processing activity or practice conducted by Gnosis, please contact us by using the contact details in Section 1 and we will take reasonable steps to address the feedback or investigate the complaint and respond to you.
The Website is not intended for children under the age of 18, and we do not knowingly collect Personal Information from children under the age of 18. If we learn we have collected or received Personal Information from a child under the age of 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under the age of 18, please contact us at legal@gnosisfreight.com.
We may update this Policy from time to time in response to changing legal, technology, or business developments. When we update our Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Policy changes if and where this is required by applicable data protection laws.
You are responsible for ensuring we have an up-to-date active and deliverable email address and/or mobile phone number for you and for periodically visiting this Policy to check for any changes.