II. Manual and Automatic Collection of Personal Information of Customers
- All customers will be asked to provide necessary information for the purpose of registering in the Site. For purposes of this provision, personal information may include, but are not limited to, the names of shipper and consignee, real full name, address, location, phone number, electronic mail (e-mail) addresses, age, sex, among others.
- In addition to the aforementioned personal information, customers will also be required to provide details about the shipment such as, but not limited to, the mode of transportation desired, the mode of services desired, the mode of payment, pick-up branch, date of pick-up, cargo destination, description of cargo, and special handling instructions.
- When facilitating the transaction, the customers may also be required to provide details regarding bank account numbers, billing and delivery information, credit/debit card type, credit/debit card numbers, expiration dates and security code, as well as tracking information from cheques or money orders, or of similar payment methods, among others, in cases of payment made online.
- CaPEx will also be able to secure the customer’s personal information if said customer registers an account with CaPEx through his/her/its social media account. The extent of the details that may be received by CaPEx depends on the privacy settings of the customer. This may include, but are not limited to, information such as username or nickname registered with the social media account, profile picture in the social media account, contact details in the social media account, registered e-mail address with the social media account, and company name registered in the social media account.
- In cases of filing a complaint, the customer will be required to provide details concerning his/her/its complaint. The customer might also be required to provide additional information relevant to the settlement of the dispute.
- In instances where a customer will communicate with CaPEx through its customer service, or any other department, CaPEx may request for details or information from said customer for purposes of verification and/or due diligence. CaPEx may also record the correspondence with the customer for improving its services and for record-keeping concerning complaints and similar matters. For this purpose, the customer consents to the recording of the phone calls to, and by, him/her/it by CaPEx. As such, the customer waives any right or claim against CaPEx and holds the latter, its incorporators, directors, stockholders, shareholders, officers, employees and the like, free from any liability for the use of such recorded calls.
- In instances where the customer interacts with CaPEx through electronic services, programs or application or use services on the website, CaPEx automatically requires certain data using different technologies, programs or applications which may be downloaded to the customer’s device and which may modify the device’s settings. The data collected may primarily include, but is not limited to, the device’s operating system, the device’s Internet Protocol (IP) address, the device’s make/model/type, the device’s viewport, the sites and/or applications simultaneously visited while in the site, the pages in the site visited, the number of times visited, the device’s mobile equipment identifier or unique device identifier, and the referral/source link.
- Applications to the website may involve gathering of information about the location of the customer’s device using technologies such as GPS, Wi-Fi, and the like. CaPEx may collect, use, disclose and/or process this information for the purpose of, but not limited to, determining the location-based services that the customer has requested and/or to deliver relevant content to the customer based on his/her/its location. If the customer does not want CaPEx to gather this kind of information, it is the responsibility of the customer to adjust his/her/its device settings. The customer bears the risk of being liable for damages and losses directly or indirectly connected with providing, intentionally or unintentionally, inaccurate location data/information. Use of VPNs, or other applications or programs, that may affect the location data/information is upon the customer’s responsibility.
- In any other instances when the customer submits their personal information to CaPEx.
- Please note that the above mentioned list does not purport to be an exhaustive list of instances when CaPEx secures personal information but only sets out some general instances when personal information of the customer may be collected. Additional data may also be required due to changes in applicable laws and rules.
III. Use of Personal Information
- CaPEx will collect and use the personal information gathered from the customer for one or more purposes, as enumerated below. The enumeration is not an exclusive list but merely itemizes the common use of personal information.
- To know the customers;
- To identify and/or verify the identity of the customer and/or his/her/its eligibility to register and/or to delete an account and/or for any other transactions/matters that necessitates a customer to prove that he/she/it owns a certain account;
- To create security measures in detecting and preventing fraud, such as, among other things, to prevent or investigate any suspected unlawful or fraudulent activity or suspected misconduct directly or indirectly related to the use of the site;
- To prevent violations of law, such as, but not limited to, Anti-Money Laundering Laws and Anti-Fencing Laws;
- For due diligence and background checks before setting up a customer account;
- To properly manage and/or administer the use of and/or access to site;
- To properly manage and/or administer the relationship of every customer in the site, such as inter customer interaction within the site, if and when allowed, which may include notifying customers of messages received from other customers. This is especially true in cases where customers are logged through social media accounts;
- To properly save and back up personal data in servers which may be located under various jurisdictions;
- When legally required in response to a subpoena or other lawful processes;
- To enforce CaPEx’ applicable agreements/policies with the customer;
- To facilitate, manage, and/or administer the transaction and/or communication of every customer in the site;
- To provide customer service support (i.e. managing claims and/or disputes, and responding to feedbacks and queries);
- To inform customers of any issues and/or unusual account actions relative to his/her/its own account and/or others’ account to which he/she/it has a pending transaction or have previously transacted;
- To improve the content and layout of the site and product/service offerings through performing research or statistical analysis, which may include, among others, sending survey forms;
- To create statistical data for research concerning internal reports and/or business development;
- For marketing purposes such as sending promotional contents via e-mail or postal mail;
- For research analysis and development activities for the purpose of improving customer experiences, which may include surveys, product profiling, and an analysis of how customers utilize the site;
- To contact or communicate with customers via e-mail, phone call, text message and/or fax message for site related matters or transactions, or when required by law. For this purpose, the customer gives consent to CaPEx to contact him/her/it at the numbers, e-mail, fax and address given by him/her/it and to record the same for purposes of record-keeping and business development;
- For software related updates and/or other necessary updates which may be required for the site to properly function;
- For CaPEx’ internal audit in compliance with applicable laws, as well as to investigate possible internal problems, if any;
- For all other purposes similar or connected, directly or indirectly, to those previously mentioned, as well as for purposes that are germane and are necessary to carry out the earlier identified purposes.
- Since the above list is not exclusive, the use of personal information depends on the situation. In such case, CaPEx will first secure the customer’s consent unless CaPEx may access the available personal information of the customer, even without consent, as may be permitted by law.
IV.Sharing of Personal Information
- CaPEx may share the personal information gathered and/or provide access to different persons, whether natural or juridical. The enumeration is not an exclusive list but merely itemizes the common list to which personal information gathered by CaPEx may be shared with or given access:
- To other customers, for the purpose of facilitating transactions between customers (e., the shipper and the consignee, among others);
- To third party service providers needed to complete or facilitate the transaction, such as, but not limited to, other logistics companies and other forwarding companies which deliver cargoes.
- To independent or connected third parties that perform services directly or indirectly related to the site. This includes independent third parties who provide rating services, such as when the customer opts to rate the services of the site.
- To all other third party service providers that provide/perform similar products/services to those earlier mentioned.
- To CaPEx’ employees directly and indirectly employed, including independent service contractors, such as independent risk assessors;
- CaPEx’ insurers, underwriters and/or their agents;
- To CaPEx’ business partners or any other entity working with or for CaPEx, concerning, directly or indirectly, the site and/or the services provided in or by the site;
- To cloud service providers, which may require or obtain data that are stored for purposes of carrying its cloud storage services.
- To CaPEx’ lawyers for the purpose of legally protecting CaPEx’ interests.
- To Government agencies, courts of law and law enforcement bodies, in compliance with applicable laws and as to the extent required by law, to protect CaPEx’ and the customers’ interest, such as, but not limited to, customs officers.
- To potential buyers. In the event of a merger, consolidation, and dissolution of some or all of the assets of CaPEx.
- To others who view the customer’s account concerning data that the customer himself/herself/itself placed in his/her/its account or matters that are required to be placed on said account.
- To any person, natural or juridical, with prior consent of the customer.
V. Third Party Suppliers and Third Party Sites
- As earlier mentioned, third party service providers and/or third party sites may also obtain personal data. CaPEx will implement security measures but despite these measures, CaPEx cannot guarantee the security of the personal data obtained by these third party service providers and/or third party sites as these entities have their own protocol and procedure. The customers bear the risk of giving personal data to these entities, as well as the option to choose which third party services providers and/or third party sites to use.
- CaPEx will retain the personal information of the customer in accordance with the Data Privacy Act and/or other applicable laws.
- CaPEx will retain the personal information of the customer as long as the customer is using its site.
- CaPEx will retain the personal information of the customer as long as there is a legitimate business transaction in the site that needs to be completed.
- CaPEx will destroy or anonymize the personal information of the customer under these circumstances: (i) the purpose for securing the personal information of the customer no longer exists; (ii) the purpose of retaining the personal information of the customer is no longer being served by such retention or for any legal or business purposes; and (iii) no other legitimate interests warrant further retention of such personal information.
VII. Security Measures
- CaPEx adopts commercially reasonable security measures to protect the personal information of the customer from unauthorized use and access.
- The personal information of the customer will be protected under a secured network and can be accessed by a limited number of employees.
- CaPEx will adopt reasonable measures to protect the personal information of the customer already gathered by CaPEx. However, with respect to the personal information of the customer that is yet to come to the possession of CaPEx, the company has no obligation and/or capability to secure such information. Thus, the customer must be cautious in the transmission of information. Data transmission through the internet or any wireless network cannot be guaranteed by CaPEx. The customer assumes the risk during the data transmission stage.
VIII . Age of Majority under the Laws of the Philippines Applied – Eighteen (18) Years Old
- Only those who are of majority age, which is eighteen (18) years of age under the laws of the Philippines, and are not legally incapacitated to enter into contracts are allowed to use the site’s services. As such, CaPEx does not intend to obtain personal data of persons below eighteen (18) years of age.
IX .Customer’s Rights
- The right to access and update his/her/its personal information.
- The right to request for modification, correction and/or deletion of some and/or all of his/her/its personal information. This right is without prejudice to liabilities which may be created by law for previously giving an erroneous information.
- The right to restrict the processing of some and/or all of his/her/its personal information.
- The right to refuse the processing of his/her/its personal information even if such processing is for a legitimate purpose, including marking and promotional purposes. However, depending on the type of personal information withheld, since certain features of the site rely on the personal information given by the customer, the customer may not be able to accept some and/or all the features of the site should the customer refuse to process and/or give the needed personal information.
- The right to withdraw the previous consent given provided that the withdrawal of the consent will not affect any pending processes conducted prior to the withdrawal and provided that the same is allowed by law. The subsequent withdrawal of consent, even if approved by CaPEx, is without prejudice to any liabilities of the customer which may have been created by law or the situation concerning such withdrawal.
- CaPEx implements http cookies or “cookies” and other similar technologies, such as JSON Web Tokens and beacons, to improve the direct and indirect services provided in the site. These are small pieces of data downloaded or transferred to the customer’s device while the customer is using the site or browsing the site, which allows CaPEx to identify the device and obtain information on how and when the direct and indirect services provided by the site are utilized by the customers, to provide specific contents particular to a customer’s interest, and to keep track of shopping carts among others.
- Among the cookies used by the site are: (1) basic/required cookies – essential for the site to function and provide its direct and indirect services properly, these include, but are not limited to, authentication cookies which allows the site to determine whether a customer is logged-in to the site; (2) marketing related cookies – which are used to assist in customizing advertisement and content-related promotions to customers who are interested or are in need thereof; (3) customer identifier cookies – which are used to identify a customer’s device and save the customer’s past transactions/activities such as, but not limited to, the customer’s login details, shopping carts, preferences and interests. These include, but are not limited to, tracking cookies that compile long-term records of a customer’s browsing histories; (4) analytical related or statistics related cookies – which are used by the site to determine, among others, traffic in the site, how customers interact or utilize the site and to identify needed improvements in the site’s services, problem areas, if any.
- For purposes of this section, the customer agrees and gives informed consent to CaPEx and the site of its use/transfer of cookies and similar technologies. Should the customer eventually/subsequently decide to reject the cookies, it is the customer’s responsibility to set-up his/her/its browser/device settings.
IX. Sharing of Information Between Customers
- To complete a transaction, it may be inevitable to share personal data between the parties (e., shipper and consignee). These transfers are out of the hands of CaPEx and the personal data transferred between the parties are beyond CaPEx’ control.
- These parties, among other things, understand that personal data does not only go through and from CaPEx, but are also passed around between or among customers. In obtaining any data or information of other customers during their transactions using the site, the customerwho obtains such information (“receiving party”), whether such customer be a Seller, Buyer, Shipper, or Consignee or otherwise, agrees and acknowledges his/her/its responsibility under Data Privacy Act, and other related laws, if any. Thus, in connection with privacy laws, customers agree to observe the following:
- comply with all applicable personal data protection laws, such as, but not limited to, the Data Privacy Act, with respect to any such data; and
- allow the “disclosing party” (e., the party disclosing any information, who may be a Seller, Buyer, Shipper, Consignee or otherwise) whose personal data has been collected by the “receiving party” to review what information has/have been collected by the “receiving party” and give the “disclosing party” the opportunity to remove his/her data so collected from the “receiving party’s” database.
- Confidential Information means any proprietary information, technical data, trade secrets, or know-how, including, but not limited to, business plans, research, product plans, products, services, customer lists, markets, developments, inventions, processes, formulas, technology, designs, drawings, engineering, hardware configuration information, marketing, finances, or any other business information disclosed by either party directly or indirectly to each other in the course of their relationship.
- Thus, these parties, among other things, agree not to disclose any Confidential Information to third parties without the prior written consent of the other Party to whom such Confidential Information relates. This obligation shall not apply if (a) at the time of disclosure, such information is part of the public domain; (b) after the disclosure, such information becomes part of the public domain except as a result of the acts or omissions of either Party; (c) it is agreed in writing by the disclosing Party that such information may be disclosed; or (d) information is disclosed pursuant to any judicial order.
XIII. Period of Storage
- Personal information or personal data obtained shall be stored as long as the customer maintains an account with CaPEx, except as otherwise earlier provided.
- Deletion of the account does not necessarily result to the deletion of the personal information or data, as the deletion of personal information or data depends on the reason and/or manner of the deletion of the account. It will be dealt with in a case to case basis, to the extent allowed by law. For instance, if personal data would or might still be needed by government agencies, officers or courts of law to determine previous fraudulent or criminal acts, and these personal information or data might be needed for such determination, personal information or data would not be deleted even if an account was deleted. For this purpose, and when these circumstances are present, the customer agrees and gives full consent to CaPEx to hold personal information or data even after the account had been deleted.
XIII. Access to Personal Information or Data
- Customers have access to their personal information or data via the site, and may modify and/or correct certain personal data on their own.
- Certain personal information or data, however, cannot be modified or corrected without previously applying for such change or modification with CaPEx’ Personal Information Controller Head. This type of security on personal data is imposed to prevent possible fraud and criminal activity. These types of requests may be sent to the Personal Information Controller Head’s e-mail address, who will act on such request within thirty (30) days after the customer successfully identifies himself/herself/itself as the proper account holder.
- Personal information or data which do not appear on the site may be requested by the customer from CaPEx’ Personal Information Controller Head’s e-mail address, who will, in turn, provide the data to the customer via e-mail within thirty (30) days after the customer successfully identifies himself/herself/itself as the proper account holder.
XV. Subsequent Modification or Correction of Personal Data and/or Subsequent Withdrawal of Consent
- The site allows access to certain personal information or data previously given for purposes of modification, correction and/or deletion.
- Certain personal information or data that cannot be accessed, modified, edited, corrected or deleted through the site may be accessed, modified, edited, corrected and/or deleted by contacting the Personal Information Controller, particularly, CaPEx’ Personal Information Controller Head via e-mail or phone calls (at the e-mail and numbers indicated below), who will act on such request within thirty (30) days after the customer successfully identifies himself/herself/itself as the proper account holder.
- For e-mail subscriptions, the same can be requested by the customer to be withdrawn by sending an e-mail to CaPEx’ Personal Information Controller Head, who will act on such request within thirty (30) days after the customer successfully identifies himself/herself/itself as the proper account holder.
- The customer may also request the withdrawal of any consent he/she/it has previously given concerning the use and/or sharing of his/her/its personal information or data (which he/she/it cannot personally delete or modify through the site) by sending an e-mail to CaPEx’ Personal Information Controller Head, who will act on such request within thirty (30) days after the customer successfully identifies himself/herself/itself as the proper account holder.
- For purposes of this section, personal information or data which the customer cannot modify are those that are not allowed by the site to be edited by the customer himself/herself/itself.
- The customer may also request the modification and/or correction of any personal data which he/she/it has previously given and which personal information or data he/she/it cannot delete or modify through the Platform by sending an e-mail of such request to CaPEx’ Personal Information Controller Head, who will act on such request within thirty (30) days after the customer successfully identifies himself/herself/itself as the proper account holder.
- Requests for modification and/or correction of personal information or data shall be acted upon only after the requesting customer successfully verifies his/her/its identity with CaPEx.
- Legally required personal information or data cannot be withdrawn or deleted even with the request of the customer unless such withdrawal or deletion is allowed by law. The customer agrees that withdrawal of consent may result to a number of legal consequences that may affect pending transactions already entered into either by the customer, other customer, CaPEx, and/or other entities to whom personal data were shared. In which case, the customer holds CaPEx, its incorporators, directors, stockholders, shareholders, officers, employees and the like, free from any liability for damages or losses that may be incurred, directly or indirectly, from such withdrawal.
- CaPEx reserves the right to act of customer’s request for modification, correction or deletion of his/her personal information or data especially if such modification and/or correction might create a liability for the customer, other customers, third parties and/or CaPEx, as well as to prevent suspected fraud and/or unlawful activities, all to the extent allowed by law.
XV. Customer’s Consent and Warranty
XV. Personal Information Controller Head to Entertain Questions, Concerns or Complaints
- For purposes of contacting or coordinating with the Personal Information Controller Head via e-mail, the e-mail’s subject should read either “Data Privacy Question”, “Data Privacy Concern” or “Data Privacy Complaint”.