Easyship Solutions & Updates

How Easyship is complying with GDPR

Tommaso Tamburnotti

by Tommaso Tamburnotti

On 2018 M05 23

by Tommaso Tamburnotti

We built Easyship with the mission to provide transparency to the complex and intricate world of shipping. The same applies to how we handle your data.

Starting May 25, 2018, the new EU privacy regulation, the General Data Protection Regulation (GDPR) will become effective.

GDPR has been called one of the most significant and strictest data protection regulation in the past 20 years. We’ve worked with our engineering team and lawyers for four months to make sure everything we are doing is compliant with the new regulation for EU residents.

This post will explain the measures we’ve taken to become compliant and how, as an Easyship customer, you can expect your data and your clients’ data to be protected.

What is GDPR?

GDPR stands for General Data Protection Regulation. From May 25, 2018, it will be the new framework regulating how companies treat the personal information of EU residents. Read the entire document here.

GDPR will replace DPD (Data Protection Directive, also known as Directive95/46/EC) which is the current data protection regulation that was adopted in 1995.

Who is affected by GDPR?

As an Easyship user, this blog is for you if you are an EU resident.

What kind of data does Easyship collect, and why?

Easyship collects data related to two parties: the senders that are Easyship users, and the receivers that are not required to use Easyship.

As a Data Controller, Easyship collects the following information from senders: full name, physical address, billing address, company name, email, phone number, and payment details.

As a Data Processor, Easyship processes the personal data for the receivers of each shipment, on behalf of the senders. Easyship processes the following information for receivers: full name, full physical address, phone number, email, and products they purchased.

This data is collected with the purpose of providing shipping services, getting in touch with the parties (both sender and receiver) in case a shipment is delayed while its out for delivery or stuck in customs, and to conduct surveys, always with the parties consent (i.e. legitimate interest).

See our Privacy Policy for more details.

How can I have my data deleted (right to be forgotten)?

Easyship does not automatically delete any data that we process as a controller. This is because our users use our platforms as a transportation management system (TMS) and therefore may need this data in the future.

Since we work with both shipping companies and customs departments around the world, they may require information about past shipments. Therefore, we will not be able to delete data for shipments within 12 months from the date of delivery.

If you are an Easyship sender and want all your data to be deleted, please contact us at [email protected].

How can I export my data (right to data portability)?

You can export the personal data used for your shipments from your Easyship dashboard.

To do this, go to the Manage Shipments page. In the top right corner, click on the Export button.

What did Easyship do to become GDPR compliant?

We appointed a Data Protection Officer (DPO)

The DPO ensures Easyship remains compliant with GDPR and the other privacy policies around the world. If you have any questions about how Easyship is using your data, contact our DPO at [email protected].

We reviewed our shipping couriers

Easyship works with many couriers around the world. We verified that our partners are taking the necessary actions to be GDPR compliant.

We reviewed our vendors

It is also our responsibility to make sure the vendors that we work with are GDPR compliant. Examples of the these vendors include providers who handle data storage, payments, and fraud prevention on our platform.

To confirm, the DPO and our engineering team have scrutinized all our vendors to make sure they are implementing the best practices to be GDPR compliant.

We trained our teams

All Easyship employees are required to sign a confidentiality agreement prior to employment. Moreover, we held a mandatory privacy training session to make sure everyone is aware of the current best practices in data privacy.

We updated our Terms & Conditions

Our Terms & Conditions were updated on May 16, 2018 in response to these GDPR regulations.