PRIVACY & TERMS

LEGAL

Privacy Statement to Suppliers

JAS Worldwide Management, Inc. with registered office in 6195 Barfield Road, Atlanta, GA 30328, USA, as data controller (hereinafter, “JAS”), informs you, pursuant to the applicable privacy and data protection laws, including but not limited to the EU General Data Protection Regulation 2016/679 (GDPR), the United Kingdom’s GDPR and the Swiss Data Protection Act; the EU Directive 2002/58/EC (e-Privacy Directive), the South Africa Protection of Personal Information Act, Act No. 4 of 2013, the Personal Information Protection Law of the People’s Republic of China (Chairman’s Order No. 91), the General Data Protection Law, Federal Law no. 13,709/2018 of Brazil, the California Consumer Privacy Act of 2018,  and all laws or regulations implementing or supplementing the foregoing, all as amended or replaced from time to time, that in connection with the services you or the entity you represent (“you” or “your”) provide to JAS, personal data shall be processed according to the following modalities and for the following purposes:.

Scope of Data Processing

Subject to applicable law, the Data Controller processes the following personal data communicated by you prior to and upon you providing services to JAS while utilizing with the Data Controller (hereinafter “Data” or “Personal Data”):

Data we process

The Data Controller may process the following Personal Data:

  • Your name, surname, business name, address, business address, email address, phone number, VAT No., ID document, location of you and your employees.
  • Geolocation data, including physical location, camera, and stored photos on company devices used by you or your employees to perform services for JAS.
  • Information about your use of technology and other resources, as well as access to facilities, including, to the extent permitted or required by applicable law, account authentication information (such as username and password), user account profiles, online or device identifiers (such as MAC address or IP address), Internet activity data, configuration information (such as information regarding access rights), log data (such as records tracking your interactions with systems, devices, applications, and telephones).

Your Personal Data shall be processed, for the following purposes and legal basis:

For contractual purposes:

  • recording shipment event details handled by you on behalf of JAS;
  • photographic capture of documentation;
  • recording location data;
  • providing evidence of consignee signatures; and
  • collecting any other pertinent information relevant to the shipment you are handling on behalf of JAS.

the fulfilment by the Data Controller of legal obligations such as:

  • compliance with the obligations established by laws, regulations or national and community legislation or imposed by the competent Authorities;
  • the compilation and processing of tax returns and the related requirements;
  • accounting, book-keeping and the related obligations.

the pursuing of a lawful interest by the Data Controller, in particular:

  • the prevention and identification of fraudulent activities and the exercising of rights by JAS in courts and conducting of litigation.

Modalities of Data Processing

The processing of your Data is carried out, both via hardcopy (paper) and electronic modalities, by means of data collection, registration, organization, storage, consultation, elaboration, amendment, selection, mining, confrontation, usage, interconnection, blockage, communication, cancellation and destruction operations. Personal Data is protected so as to minimize the risk of destruction, loss (including accidental loss), unauthorized access/use or use incompatible with the initial purpose of collection. This is achieved through the technical and organisational security measures implemented by the Data Controller.

Nature of providing data and consequences of refusing to answer

The provision of Data for the use of JAS Go is mandatory and in case you decide not to provide the Data, you will not be able to fulfill your service requirements to JAS and continue the vendor relationship with the Data Controller.

Storage of Data

The Data Controller shall process the Personal Data for the time necessary to fulfil the above purposes and anyway for a period not exceeding 10 years from the termination of the contractual relationship.

Access to Data

  • For the purposes mentioned above, your Data may be shared with:
    • Authorized employees and/or collaborators of the Data Controller or an Affiliate of the Data Controller;
    • Affiliates of the Data Controller with a legitimate need to process the Data for operational, administrative, accounting, legal, compliance and IT purposes;
    • Partners and third-party service providers, carrying out outsourcing activities on behalf of the Data Controller.
    • Partners and third-party service providers, carrying out outsourcing activities on behalf of the Data Controller.
    • In this statement, “Affiliate” means any entity that controls, is controlled by, or is under common control with the designated entity and “control” means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of such entity, whether through the ownership of voting securities, by contract, or otherwise.
    • We require third-party service providers who perform services on our behalf to protect the security and confidentiality of personal data, as required by applicable law. Many of our service providers are located in the U.S. To obtain more information about our third-party service providers processing personal data on our behalf, please contact us as indicated below.
    • Your Data may be shared, even without your prior consent, upon their request, with control bodies, police or judiciary bodies, Budgetary Ministry, Tax Authority, ministerial bodies and competent Authorities, Local Institutions and Tax Commissions, that will process them in their quality of independent Data Controllers for institutional purposes and/or pursuant to the law during investigations and controls. Moreover, your Data may be shared with third parties (for example, insurance funds, independent contractors, etc.) that will process them as independent Data Controllers to carry out activities that are instrumental to the above purposes.

Data Transfer

Your Data shall not be disseminated but may be transferred outside the European Union. For this purpose, according to the GDPR, the Company assesses the impact of data transfers and adopts, where applicable, the most appropriate safeguards (for example, adequacy decisions or standard contractual clauses).

Data Subjects’ rights

Subject to applicable law, you may have the right to request access to and rectification of the personal data we maintain about you, or to request the restriction of the processing of your personal data, or to object to that processing on grounds relating to your situation. In certain situations, subject to applicable law, you may have the right to request erasure of your personal data from our systems. Where provided by applicable law, technically feasible, and upon written request, we will export the personal data we process about you and transmit it to you. You can also lodge a complaint about our processing of your personal data with the body regulating data protection in your country. To exercise these rights, please contact us as indicated below, and we will respond as required by law.

Modalities of exercise of rights

You shall be able to exercise your rights anytime by sending an email to:


privacy@jas.com

Data Controller, data processor and persons in charge of the data processing

The Data Controller is:


  • JAS Worldwide Management, Inc.


The updated list of the data processors and persons in charge of the processing is available at the office of the Data Controller.