GDPR – ICR Worldwide Express Ltd. Privacy Notice.
The EU General Data Protection Regulation aims to better protect EU citizens from privacy and data breaches. ICR Worldwide Express has set out the following information regarding how we will comply with this new EU regulation, enforced from 25th May 2018.
GDPR in regard to ICR Worldwide Express Ltd. customers
ICR Worldwide Express Ltd. (ICR) provides international express courier services bound by our terms and conditions of carriage. Under our terms and conditions, ICR will use contracts with our customer (the shipper) to collect and process personal data to enable us to carry our work as an international courier company. It is necessary that ICR requires people’s names, addresses and contact information in order to send packages to their destination and confirm the delivery. When you use ICR you consent to us collecting this data and are deemed to be bound by our terms and conditions to enable us to provide the courier services requested, as agreed between our businesses, when you opened your account and every time you subsequently use our services. This includes ICR sharing and processing certain necessary data with our chosen delivery agents, to enable successful delivery of goods. Consent is only one of six lawful grounds for processing data, however other lawful grounds apply when you use ICR in relation to GDPR, and these include:
- A contract with the individual – e.g. using ICR as your chosen courier supplier and providing data we need to carry out delivery of your goods.
- Compliance with a legal obligation – e.g. information required by ICR, for completing the delivery, which may include information requested by Customs Officials at the destination country.
ICR Worldwide will make sure that we only collect as much data as we need, and keep it only as long as necessary. ICR Worldwide will accept credit card payments over the phone, but will not keep credit card details after the transaction has been successfully processed. ICR Worldwide also accepts secure online payments via Stripe, where customers have the option for their details to be remembered for future payments, this is by consent and is processed by our accounts department in line with GDPR regulations.
GDPR in regard to ICR Worldwide Express Ltd. sales & marketing
ICR Worldwide Express Ltd. use a database to keep the contact details of businesses, and people who are involved with the courier needs of their business. The data we hold usually consists of their name, position within the company, business email address and business address. From 25th May 2018 we will continue to use the data we have collected with prior consent, for sales and marketing purposes. There may be multiple sales representatives collecting information, who are employed by ICR. Your data is private and is never shared outside of ICR. You can ‘opt out’ at any time, from receiving sales and marketing information from ICR and we will not email an identifiable email address without prior consent. You have the right to know what information we hold about you, to ask us to correct it if it is inaccurate and to delete it if it is no longer required for the purposes of which the prior consent was given.
GDPR in regard to ICR Worldwide Express Ltd. online booking and tracking software
The General Data Protection Regulation (GDPR) will become effective from the 25th May 2018. The regulation aims to improve the security and protection of personal data in the EU. We are writing to you to outline changes which will be applied to our system in time for May 25th and also attach our Software Company’s security statement, as one of your Data Processor’s.
Changes to software:
Due to new GDPR legislation coming in to effect on the 25th May, changes are going to be made within our online booking portal application, as to how our customers’ passwords (online booking area) are managed. ICR Worldwide Express Ltd. will no longer set passwords for our customers, and instead will email a password reset link to our customers, so they can set their own password. Customers can also use the “Forgotten my password” link on our website, to receive an email link to change your password.
Passwords will not be visible to ICR Worldwide Express Ltd.
Passwords will now be case sensitive.
Customers who have passwords saved on browsers may need to update them, so it is case sensitive. Should any customer not know the password (as it was previously saved on the browser), we recommend they use the “forgotten my password” link on the website, or ICR can email the password reset link to you. These changes are necessary to maintain GDPR compliance, the changes will be made in the coming days and we will advise you, once completed.
An option within our courier tracking software, was the function to display extended tracking on the standard tracking page outside of the login area– this feature is being moderated to remove any name and address data by the 25th May, as it does not comply with GDPR.
ICR has accepted a recommendation to upgrade our website security, to have an SSL Certificate. Once the website is SSL secure, we will update our portal to be likewise secure.
Deleting of Data
ICR Worldwide’s courier tracking Software Company is storing the data on your behalf in a secure cloud environment behind firewalls and IP address restrictions. Corporate data falls outside of the GDPR, but should you have requests to delete data from your systems, ICR can manage this by removing the address data from the consignee address book and user profiles. Should you require to have larger sets of data deleting, this will need to be undertaken by the database administrators and we will be able to quote on request.
ICR take steps to protect all data by using up to date anti-virus software, scan protection and security passwords. Please contact us if you have any questions regarding the data held by ICR.
ICR Worldwide Express Ltd.