1. INTRODUCTION AND SCOPE

This privacy policy describes how we use your personal data when you use our website www.dubuy.com (“Our Website”), any apps we provide (as applicable), when you correspond or otherwise engage with us or when we provide products or services to you. We have provided this policy to ensure that you understand what personal data we collect and hold about you, why we use it and how we keep it safe.  It also explains the rights you have in this respect.

You can read, print and save this whole policy. We use sub-headings to help you find specific information that you may be looking for more easily.   


2. INFORMATION WE COLLECT FROM OR ABOUT YOU AND WHY WE USE IT 

We collect and process the following types of personal data:

  1. Personal identifiers such as name, address, employer, job title, telephone number which you provide to us through our registration, enquiry or contact forms or if you correspond with us via email. We use this for the following purposes: a) to fulfil any request you make (e.g. submitting a query on Our Website, subscribing to a communications service, fulfilling requests for information etc.); b) to create a database of people who have expressed interest in our companies, products or services; and c) to allow you to participate in any interactive features of our service, when you choose to do so; d) to create and maintain a mailing list of people who have expressed an interest in receiving electronic marketing communications from us (and where applicable, have giving their consent thereto).

  2. Feedback and opinions which you provide to us through our enquiry or contact forms; we process this to allow us to answer queries and complaints you may have and to help us evaluate the quality and consistency of our services.

  3. Details of your visits to Our Website including your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from Our Website (including date and time), products or services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number; we collect this information from your browser to enable us to monitor the performance and relevance of Our Website and our ad words campaigns, to ensure that content from Our Website is presented in the most effective manner for you and for your computer, and to keep Our Website safe and secure. 

  4. Our Website uses cookies to distinguish you from other users of Our Website. This helps us to provide you with a good experience when you browse Our Website and also allows us to improve it. For detailed information on the cookies we use and the purposes for which we use them, please read our Cookie Policy at https://dubuy.com/privacy-notice. 

  5. In addition, we use the information we collect to create profiles and to segment our database for analytical and direct marketing purposes, including sending marketing and promotional materials. We may combine information we obtain from other sources, such as Google Analytics and LinkedIn, with information we collect from Our Website to improve our business analysis and customer understanding.

  6. If you join our communications program we collect information about each email we have sent to you and your interaction with them, including, without limitation, the number of times opened, deliverability, which sections you clicked on etc. We use this information to measure the effectiveness of our email campaigns, to plan marketing campaigns and to segment our database.

  7. For (representatives of) professional customers and suppliers we collect your title, position, name of your company, payment data, such as your bank account number, IBAN, BIC and, where applicable, your VAT number, as well as your purchase/sales history to a) perform the agreements we have with you or your employer and to manage our relationship in this respect, b) monitor our activities (measuring and compiling statistics on sales, purchases, payments, number of customers, etc.), c) improve the quality of our products and services and d) safeguard our economic interests.

  8. To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.

  9. To consider you for any job vacancy within our Group.

  10. For the purpose of assessing your credit score where this is a condition of us entering into a contract with you.

The above information is also processed in the context of the management of our IT systems, the management of our infrastructure and the continuity of the business, for defence in legal proceedings, including answering questions from a public authority or court, for compliance with statutory obligations, for fraud prevention and, where relevant, in the context of mergers and acquisitions. 

Any data processing activities we undertake, will be compatible with any of the purposes above unless we have informed you otherwise.  

Information you submit to us must be true, accurate, complete and not misleading. You are not under a legal obligation to provide us with any of your personal data but please note that if you elect not to provide us with your personal data we may be unable to provide our products or services to you. 

In some cases, we also collect personal data indirectly, such as through information you have published about yourself, the company you are working for or through one of your colleagues. 

5. RELATED WEBSITES

We operate several other websites which can be accessed via this website each of which has privacy information informing you how personal data are handled through that website. These other websites include: Cezanne on-demand used to advertise and manage job vacancies and job applications and accessed via the “Careers” link; and Community Network Services (CNS) used to provide our vehicle booking, driver registration and container location system and accessed via the “Vehicle Booking System” icon and links.

6. LEGAL BASIS FOR PROCESSING

We are required to tell you the legal basis for processing your information. As a result, we will process your personal data if:

  1. the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request;

  2. the processing is necessary to comply with our legal or regulatory obligations; 

  3. the processing is necessary to protect your vital interests of the relevant individual or that of another person; 

  4. the processing is necessary for our legitimate interests, and does not unduly affect your interests or fundamental rights and freedoms (see below); 

  5. the processing is necessary for the performance of a task carried out in the public interest; or 

  6. in some cases, and if requested from you from time to time, we have obtained your prior consent.

Examples of the ‘legitimate interests’ referred to above are: 

  1. the administration and management of our business and the improvement of our services;

  2. seeking to promote, develop and grow our businesses through the sale of products and services and to provide excellent customer services or to otherwise exercise our fundamental rights to property and to operate a business under articles 16 and 17 of the EU’s Charter of Fundamental Rights;

  3. to benefit from cost-effective services (e.g. we may opt to use certain IT platforms offered by suppliers);

  4. to prevent fraud or criminal activity, misuse of our products or services as well as the security of our IT systems, architecture and networks and security of our premises; and

  5. to meet our corporate and social responsibility objectives.

Where we ask your consent, you are not required to give such consent just because we ask for it. If you do give consent you can change your mind and withdraw it at a later date.  

If you subscribe to our email communications program we may send to you direct email marketing materials but only where you have granted your consent or if they relate to products and services similar to those you have previously bought from us or expressed interest in. You can ask us to only send you marketing communications by particular methods (for example, you may be happy to receive emails from us but not telephone calls), about specific subjects or you may ask us not to send you any marketing communications at all.

We may ask you to indicate your marketing preferences when you first register an account on Our Website and/or app (as applicable). You can check and update your current marketing preferences at any time by logging into your account on Our Website and/or our app (as applicable), calling or emailing us using the details set out in section 11 below.

We will only share your personal data with third parties for marketing purposes if you provide us with your consent to do so by ticking a box on a form we use to collect your personal data.

7. DISCLOSING, SHARING AND TRANSFERRING PERSONAL DATA

We make available personal data to members of our personnel who need to have access to this data to perform their tasks for the purposes as set out above. We also share information about you with other companies within the DP World Group, such as other terminals where we think you may have an interest in their products and services. We undertake data sharing on the basis of our legitimate interests in promoting our products and services and undertaking direct marketing. The other companies in DP World Group either act as another controller under this policy or only process personal data on behalf of a controller in the DP World Group.

To share your personal data with any terminals outside of the European Economic Area, we have suitable mechanisms in place to safeguard your rights and your personal data including, without limitation, adequacy decisions made by the European Commission or model contractual clauses between terminals in the EU and those not in the EU. Details of these measures are available upon request, please send an email to EUR Data Protection eur.dataprotection@dpworld.com for any further clarification.

The table below indicates categories of organisations to whom we may disclose information about you in the day-to-day running of our business which are suppliers processing data on our behalf to help us to provide services to you and for the purposes described above.  

Categories of Organisation

Purpose

Location

Marketing agencies, database hosting companies, data cleansing companies, and mailing houses.

To provide marketing services and fulfil our CRM and email program.

UK or European Economic Area

Email broadcasters (Emarsys)

To fulfil our CRM and email program.

UAE and European Economic Area

Analytics and search engine providers

To assist us in the improvement and optimisation of Our Website

UK, European Economic Area or USA

Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others 

For the purposes of the third parties commercial interests and/or to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience

UK, European Economic Area or USA

Logistics operators

To enable such operators to provide their services to you

UAE and Rwanda


We may collect, transfer and store your personal data within any member of the DP World group, which means the Company, its subsidiaries, our ultimate holding company and its subsidiaries (the “
Group”) including outside the European Economic Area and the United Arab Emirates.   

We may also disclose your personal information to other third parties from time to time:

  1. if we are under a duty to disclose or share your personal data to comply with any legal obligation or if required or requested to do so by a government or law enforcement agency or if we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;

  2. to enforce or apply our terms of use and other agreements;  

  3. to protect the rights, property, or safety of our company, our customers, or others including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We do not make use of automated decision making or profiling in the sense of the GDPR.

8.  DATA RETENTION

We will hold information about you in our data systems only for as long as we need to hold it for the purposes for which it was collected or to comply with legal, regulatory or internal policy requirements, which generally is as follows:

  1. We will retain and process information about you for as long as you continue to use or express an interest in our services, log into Our Website, use our interactive services, or for as long as we feel that our business, products and services may be of interest to you where you have not indicated otherwise and in any event your data will be removed [1] years after your last interaction with us.  

  2. We will hold information about how you interact with our electronic communications for as long as they are relevant to helping us analyse the performance of our digital marketing activities or customers and prospects but in any event your data will be removed [1] years after your last communication with us.

9.  YOUR RIGHTS

Data protection law grants you certain rights which provide you with:

Right of access.

You have the right of access to information we hold about or concerning you.  If you would like to exercise this right you should contact us as outlined above.

Right of rectification or erasure.

If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data.  

Right to restriction of processing.

You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.

Right to object.

You have a right to object to our processing of your personal data, for instance where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.

Right to Withdraw Consent.

You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent (without this withdrawal affecting the lawfulness of any processing that took place prior to the withdrawal). To withdraw your consent for direct mailings, please select the unsubscribe option in the most recent electronic marketing communication you have received or alternatively you can contact us as set out below.

Right of data portability. 

You have the right to have the information we hold about you transferred to another data controller in some circumstances.

Right of Complaint.

If you are unhappy with the way we have used or are handling your personal data you have the right to lodge a complaint with the UK ICO.


Please note that these rights are not absolute and they may not always apply in your particular circumstances. 

To exercise the above rights, you may send an email to Group.Compliance@dpworld.com.

You can find full details of your personal data rights on the Information Commissioner’s Office website at www.ico.org.uk.  

We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to better understand your request. If we do not comply with your request, we will explain why. 

10. HOW WE KEEP YOUR PERSONAL DATA SAFE

We take care to ensure that your personal data is kept secure. The security measures we take include: 

  1. only storing your personal data on our secure servers; 

  2. ensuring that our staff receive regular data security awareness training;

  3. keeping paper records to a minimum and ensuring that those we do have are stored in locked filing cabinets on our office premises;

  4. maintaining up to date firewalls and anti-virus software to minimise the risk of unauthorised access to our systems;

  5. defence in depth: multiple levels of protection are used to provide effective defence in depth, including perimeter security, network security, application security, data security, endpoint security, operations and prevention;

  6. security by design: security is treated as an integral part of the system architecture;

  7. secure coding practices;

  8. system hardening; and 

  9. Having in place guidelines for implementing new infrastructure systems.

Please remember that you are responsible for keeping your passwords secure. If we have given you (or you have chosen) a password which enables you to access certain parts of Our Website or app (as applicable), you are responsible for keeping this password confidential. Please do not to share your passwords with anyone.

In the interests of keeping personal data properly up to date and accurate, we ask you to inform us of any change in relation to your personal data (such as a change of address).Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of personal data sent to Our Website; you send us personal data at your own risk. Once we have received your personal data, we will use strict procedures and security features (some of which are described above) to try to prevent unauthorised access.

11.  WHO ARE WE AND HOW DO WE KEEP THIS POLICY UP TO DATE

The controller is DP World FZE, a company registered in the United Arab Emirates with company number 468 and whose registered office is located at 5th Floor, LOB 17, PO Box 17000, Dubai UAE and our affiliates (the “Company” or “we”). We are committed to protecting and respecting the personal data of all those whose data we are handling and to working within the guidelines set out by applicable data protection law. Our representative is Mantraraj Budhdev, Group Head of Compliance and Head of Legal, Europe and Russia. 

We will review and update this privacy policy from time to time, for instance to reflect a change in the products or services we offer or to our internal procedures or it may be to reflect a change in the law.  

The easiest way to check for updates is by looking for the latest version of this policy on Our Website. You can also contact us at 5th Floor, LOB 17, PO Box 17000, Dubai UAE or email us at Group.Compliance@dpworld.com.. 

Each time we update our privacy policy we will update the policy version number shown at the end of the privacy policy and the date on which that version of the privacy policy came into force. We will also communicate to you by the usual means we correspond with you.

This is policy version is Version 0.1 dated [16 November 2020].

ENDS

View More