Privacy Policy

This Privacy Policy is effective as of August 1st, 2021.

This Privacy Policy explains how Coast To Coast and its affiliated companies (“Coast To Coast”, “we”, “our”) process personal data about you on our websites, mobile applications, or other sites that display this Privacy Policy. You can see Coast To Coast affiliates here at the latest company overview. This Privacy Statement will also apply to information gathered from you visiting our facilities.

Specific provisions

In specific situations other provisions apply or supplement this Privacy Policy:

  • when applying for a job with Coast To Coast only the Privacy Policy for Recruitment applies;
  • when using our websites the Policy on Cookies supplements the Privacy Policy;

Protecting your personal data

With offices and operations throughout the world, personal data will be transferred or be accessible internationally throughout Coast To Coast global business. Any such transfers throughout Coast To Coast's global business take´s place in accordance with the applicable data privacy laws and in accordance with our authority approved Binding Corporate Rules (“BCR”).

Our BCR reflect the standards contained in European data privacy laws (including the General Data Protection Regulation). Having our BCR means that all our Coast To Coast group entities which have signed up to our BCR have to comply with the same internal rules. It also means that your rights stay the same no matter where your data are processed by Coast To Coast.

Coast To Coast Binding Corporate Rules (BCRs) can be downloaded here.

Types of personal data that we process, purpose and the legal basis

Consumers

Coast To Coast rarely process personal data about consumers, but If you are a consumer to customers of Coast To Coast, we might process personal data about you in order to deliver logistic services to our customer, e.g. custom clearance services, document and parcel freight etc., cf. Article 6 (1) (b) of the GDPR, where we process:

  1. Contact information (e.g. name, address, e-mail and phone number)
  2. Delivery information

Coast To Coast customers (excluding consumers)

If you are a customer to Coast To Coast, we process personal data about you in order to fulfil the agreement between the parties, e.g. the administration of the agreement, payment, delivery of goods and services etc., cf. Article 6 (1) (b) of the GDPR, where we process:

  1. Business contact information (e.g. name, address, e-mail and phone number)
  2. Job title

Coast To Coast is also legally required to document the personal data in financial transactions when fulfilling our agreement, e.g. when paying or receiving payment for delivery of goods and services etc., cf. Article 6 (1) (c) of the GDPR.

Supplier to Coast To Coast

If you are a supplier to Coast To Coast, we process personal data about you in order to fulfil the agreement between the parties, e.g. the administration of the agreement, payment, delivery of goods and services etc., cf. Article 6 (1) (b) of the GDPR, where we process:

  1. Business contact information (e.g. name, address, e-mail and phone number)
  2. Job title
  3. Banking Information

Coast To Coast is also legally required to document the personal data in financial transactions when fulfilling our agreement, e.g. when paying or receiving payment for delivery of goods and services etc., cf. Article 6 (1) (c) of the GDPR.

Consultants to Coast To Coast

If you are a consultant to Coast To Coast, we process personal data about you in order to fulfil the agreement between the parties, e.g. the administration of the agreement, payment and services etc., cf. Article 6 (1) (b) of the GDPR, where we process:

  1. Business contact information (e.g. name, address, e-mail and phone number)
  2. Professional CV and job title
  3. Date of birth and other personal information as relevant
  4. Banking Information
  5. Information relating to the consultancy tasks

Coast To Coast is also legally required to document the personal data in financial transactions when fulfilling our agreement, e.g. when paying for delivery of consultancy services etc., cf. Article 6 (1) (c) of the GDPR.

Guests at our facilities

If you visit our facilities, we process personal data about you in order to identify you and to inform you about applicable visitor rules, where our legitimate interest in correctly identifying you and providing you with visitor instructions overrides your interest in the information not being processed, cf. Article 6 (1) (f) of the GDPR, where we process:

  1. Contact information (e.g. name, address, e-mail and phone number)
  2. Other visitor information

Business administration

If you contact us we process personal data about you in order to document quality and compliance (for instance in relation to statutes of limitations, security, litigation, or regulatory investigations) where our legitimate interest in improving our legal position overrides your interest in the information not being processed, cf. Article 6 (1) (f) of the GDPR, where we process:

  1. Contact information (e.g. name, address, e-mail and phone number)
  2. Other applicable information

When you are marketed to

If you sign up for one of our newsletters, you consent to us sending you our newsletters, cf. Article 6 (1) (a) of the General Data Protection Regulation ("GDPR"), where we process:

  1. Contact information (e.g. name, address, e-mail and phone number)
  2. Content and your choices in relation to newsletters – contact forms and content etc.

The marketing in newsletters and on our websites, including social media, is adapted to your personal preferences based on our knowledge of you through profiling, cf. Article 6 (1) (f) of the GDPR, where we process:

  1. Content of newsletters signed up to
  2. Stated areas of interest
  3. Cookies as laid out in our Cookie Policy
  4. Information from your social media profiles
  5. Information from our customer databases

Our legitimate interest in doing an automatic evaluation of your personal data in order to personalize the marketing presented to you overrides your interests and fundamental rights. We do not use automated decisions that have a legal effect or similarly significantly affect you.

Understanding our customers, consumers and suppliers

We also make analyses in order to optimize our products, marketing, website, sales and to know more about our customers' preferences in relation to Coast To Coast's products and maintaining a CRM database. We do this by making analyses of our databases with information about e.g. website use,  customer preferences, purchase history, sales and by sending questionnaires where our legitimate interest in processing the personal data overrides your interest in the data not being processed, cf. Article 6 (1) (f) of the GDPR, where we process:

  1. Information from our customer databases
  2. Cookies as laid out in our Cookie Policy
  3. User behaviour and logs from our websites and databases
  4. The answers you provide regarding suggestions and preferences in the questionnaire

Compliance and security operations for all data subjects

We monitor user behaviour and have implemented security solutions on our website as well as in our solutions and on our premises, where our legitimate interest in anti-corruption, anti-fraud, anti-bribery, technical and physical security overrides your interest in the information not being processed, cf. Article 6 (1) (f) of the GDPR, where we process:

  1. Contact information (e.g. name, address, e-mail and phone number)
  2. Cookies as laid out in our Cookie Policy
  3. User behaviour and logs
  4. Images captured by video surveillance in marked areas at Coast To Coast premises

Transfer and protection of your personal data

As a global organization with offices and operations throughout the world, we will transfer Personal Data collected by us on an aggregated or individual level to various divisions, subsidiaries, joint ventures and affiliated companies of Coast To Coast around the world located inside or outside the European Economic Area for the purposes stated above and in accordance with applicable laws, as well as to sub-contractors to Coast To Coast (data processors) for storage and service purposes. Your Personal Data will not be disclosed to anyone outside Coast To Coast unless permitted or required under applicable legislation and where necessary subject to appropriate written assurances from third parties who have access to your personal data, in which they must guarantee that they will protect the data with security measures designed to provide an adequate level of protection.

Unless you are otherwise notified, any transfers of your Personal Data from within the EEA to third parties outside the EEA will be based on an adequacy decision or are governed by Standard Contractual Clauses and/or Binding Corporate Rules. Any other, non-EEA originating, international transfers of your Personal Data, will take place in accordance with the appropriate international data transfer mechanisms and safeguards. 

You can always request a copy of the transfer agreements, which includes the transfer of personal data, by sending an e-mail to dataprivacy@coasttocoast.ae

Automated decisions

Coast To Coast uses automated decision-making in processing your personal data for some services and products. An example is our fraud prevention and detection efforts on our online platforms.

You may request that Coast To Coast provides information about the decision-making methodology and ask us to verify that the automated decision has been made correctly.

We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify that the algorithm and source data are functioning as anticipated without error or bias.

Security measures.

We choose to use suppliers that implement security in accordance with industry practices for good IT security, and we only use encrypted data communications when transferring sensitive and confidential personal data. We also maintain organizational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake. We store personal data on servers with limited access located in secured facilities, and our security measures are evaluated on an ongoing basis. The servers are protected by anti-virus software and firewalls, among other measures.

Personal Data retention

Coast To Coast stores your personal data for as long as it is necessary to fulfil the purpose of the processing, unless Coast To Coast is obliged under applicable law or is entitled to store the personal data for a longer period, more specifically:

  • We retain your personal data as long as we have an ongoing relationship with you (in particular, if you have an account with us or have not withdrawn your marketing consent).
  • We will only keep the personal data while your account is active or for as long as needed to provide services to you.
  • We retain your personal data for as long as needed in order to comply with our global legal and contractual obligations.

We will also retain your Personal Data where this is advisable to safeguard or improve our legal position (for instance in relation to statutes of limitations, security, litigation, or regulatory investigations).

Data Subjects rights

You are entitled, in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law, to:

  • Request access to the personal data we process about you: You have the right to ask us for information about or access to your personal data. There are some exemptions, which means you may not always receive all the data we process. 
  • Request rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
  • Object to the processing of your personal data: this right entitles you to request that we no longer process your Personal Data. However, it only applies in certain circumstances, and we may not need to stop the processing of your personal data if we can give legitimate reasons to continue using your personal data.
  • Request the erasure of your personal data: this right entitles you to request the erasure of your personal data in certain circumstances.
  • Request the restriction of the processing of your personal data: this right entitles you to request that we only process your personal data in limited circumstances, including with your consent.
  • Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to us, or request us to transmit such personal data to another data controller.
  • Withdraw your consent: You can withdraw your consent at any time by opting out in the e-mail or contacting by us. However this will not affect our right to process personal data obtained prior to the withdrawal of your consent, or our right to continue parts of the processing based on other legal bases than your consent.
  • File a complaint: You can always lodge a complaint with a data protection authority, for example the Danish Data Protection Agency.

Please note that certain personal data may be exempt from the above-mentioned rights pursuant to applicable data privacy or other laws and regulations.