AsstrA Data Protection And Privacy Policy

AsstrA-Associated Traffic AG and its affiliates (AsstrA, the Company, We) respects your right to privacy and is committed to ensuring that you have full control over the personal data We collect, use and store as part of our business activities.

This Privacy Policy (Policy) applies to our customers, suppliers, visitors to our offices, users of the AsstrA Website, users of the AsstrA Track&Trace Driver application, employment candidates and interns.

Please note that our Website and the services on the Website are not intended for minors. AsstrA does not collect or process the personal data of minors. In the event that we are notified of the processing of personal data of minors, AsstrA will take appropriate measures to delete such data from our servers.

MORE INFORMATION

• 1. KEY TERMS TO BE USED IN THIS POLICY

  Personal data is any information relating to an identified or identifiable natural person. For example, it is your name, email, phone number, or any other information through which you can be identified.

  Processing is any action or set of actions performed with personal data with or without the use of automation tools. Processing may include collection, use, storage, transfer, destruction, disclosure, modification of personal data. For example, your personal data entered on the Website, stored in our information systems, may be used for the realization of contractual relations, or may be changed, for example, when your contact details change, etc.

  A controller is any natural or legal person, public authority, institution or other body that independently or jointly with others determines the purposes and means of processing personal data. In other words, it is the one who decides for what purpose (why?) and by what means your personal data will be processed.

  A processor is any natural or legal person, public authority, agency or other body that processes personal data on behalf of another company (called a data controller). The processor does not decide why or how to use the data, but carries out the controller's instructions, such as storing, transmitting or analyzing the data for it.

  A legal basis is a legitimate reason why AsstrA has the right to process your personal data. For example, your consent, performance of a contract, AsstrA's legitimate interests, or fulfillment of a legal obligation.

  User - any person who visits (has visited) the AsstrA Website on the Internet.

• 2. CONTACT DETAILS OF THE CONTROLLER AND THE DATA PROTECTION OFFICER (DPO)

  The person responsible for processing your personal data in accordance with the General Data Protection Regulation (GDPR) and other data protection regulations is AsstrA-Associated Traffic AG.

  Our contact details:

  Staubstrasse 15, 8038 Zurich.

  compliance@asstra.com.

  If the Controller of your personal data will be one of AsstrA's branches, the address of that branch can be found here.

  AsstrA has appointed a Data Protection Officer (DPO) who you can contact by email: compliance@asstra.com.

  You may contact the DPO in all matters relating to the processing of your personal data by the Controller and the exercise of rights in connection with the processing of personal data.

  Please note that the DPO does not deal with other matters such as issues of recruitment procedures, marketing mailings and the like.

• 3. WHAT PERSONAL DATA, FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS ARE PROCESSED BY ASSTRA

  3.1 AsstrA employment candidates and interns
  3.1.1 Purpose: To review resumes assessing a candidate’s suitability for the position and making an employment decision.
  List of personal data processed: First name, last name, telephone number, e-mail, employment history, skills, education, language skills, desired salary, other personal data you specify.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  3.1.2 Purpose: Inclusion of the candidate in the talent pool to inform about newly opened relevant vacancies, according to the CV.
  List of personal data processed: the data you have displayed on your resume.
  Legal basis: Consent (Article 6, paragraph 1, part A GDPR).
  3.1.3 Purpose: To review resumes assessing the intern’s suitability for the position and making a decision on the internship.
  List of personal data processed: First name, last name, e-mail, educational institution, course, specialty, form of study, country and city of internship, direction of internship, type of internship (full day or part of a day), language skills, other personal data that you attach to the form.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  3.1.4 Purpose: To collect references on final candidates from their previous supervisors to assess their competencies, reliability and suitability for the vacancy.
  List of personal data processed: Name, position, phone number of the manager.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: To obtain reliable information about candidates' qualifications and professional achievements in order to make an informed hiring decision. This helps minimize employment risks and ensures the quality of employee recruitment.
  3.1.5 Purpose: To send a job offer letter to a candidate who has been selected for employment.
  List of personal data processed: First name, last name, phone number.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  3.1.6 Purpose: Conclusion of an employment contract and formalization of employment.
  List of personal data processed: Identification data (e.g. First name, last name, identification number, contact details), data on qualifications and work experience (e.g. education, further training courses, etc.), data required for the payment of salaries (e.g. bank account number) and other personal data required to comply with the legislation of the country of employment.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).

  3.2 AsstrA Clients
  3.2.1 Purpose: To inform AsstrA clients about current services, press releases and news related to AsstrA, to send invitations to various events.
  List of personal data processed: First name, last name, e-mail.
  Legal basis: Consent (Article 6, paragraph 1, part A GDPR).
  3.2.2 Purpose: To publish customer feedback on AsstrA's Website to build trust in the Company and promote the services we provide.
  List of personal data processed: E-mail, full name, phone number (optional), other personal data to be specified in the feedback.
  Legal basis: Consent (Article 6, paragraph 1, part A GDPR).
  3.2.3 Purpose: To publish customer feedback and comments about the service provided on AsstrA's social media channels in order to promote the AsstrA brand and to promote the services provided by us.
  List of personal data processed: First name, last name, image (if it is video content), name of the client's company, position.
  Legal basis: Consent (Article 6, paragraph 1, part A GDPR).
  3.2.4 Purpose: Initial communication with a potential client to identify and develop relevant services that the Company can offer to the client.
  List of personal data processed: First name, last name, phone number, e-mail, position.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: To offer relevant services and provide quality service to meet the client's needs and maintain long-term relationships.
  3.2.5 Purpose: To update client contact information to ensure effective and timely communication regarding AsstrA's services.
  List of personal data processed: First name, last name, phone number, e-mail, position, language skills, and country.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: Our legitimate interest: To continue to provide services to the client through communication with the client using up-to-date contact information.
  3.2.6 Purpose: To enter client information into AsstrA's information systems to ensure effective communication.
  List of personal data processed: First name, last name, position, e-mail, phone number, name of the client's company, language skills.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: To improve the quality of services provided, to accelerate the provision of feedback on customer requests.
  3.2.7 Purpose: To send gifts to the client on the occasion of significant events and holidays.
  List of personal data processed: First name, last name, phone number, name of the client's company.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: To maintain and develop long-term relationships with customers, to show care and demonstrate the importance of customers to the Company.
  3.2.8 Purpose: Sending information to third parties in order to provide recommendations about the client.
  List of personal data processed: First name, last name, position, mail, phone number, name of the client's company.
  Legal basis: Consent (Article 6, paragraph 1, part A GDPR).
  3.2.9 Purpose: To send information to third parties about the client's contacts in order to provide recommendations regarding AsstrA.
  List of personal data processed: First name, last name, position, mail, phone number, name of the client's company.
  Legal basis: Consent (Article 6, paragraph 1, part A GDPR).
  3.2.10. Purpose: Communication with the client on legal issues related to the execution of the contract (e.g. financial and other audits, preparation of documents for insurance indemnity, etc.).
  List of personal data processed: First name, last name, e-mail, position.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  3.2.11. Purpose: To send reports to clients to confirm AsstrA's compliance with international standards (e.g. CO2 standards).
  List of personal data processed: First name, last name, e-mail, position, field of activity.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  3.2.12. Purpose: Conducting client surveys to analyze and improve the quality of services provided.
  List of personal data processed: Name, phone number, e-mail, position, language skills, and country.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: To collect relevant feedback from our clients, to continuously improve the quality of our services.
  3.2.13. Purpose: Finding new clients and analyzing their needs in order to offer them relevant services.
  List of personal data processed: First name, last name, phone number, e-mail, position, language skills, and country.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: To offer relevant services and provide quality service to meet the client's needs and maintain long-term relationships.
  3.2.14. Purpose: To form a commercial offer and send it to the Client who has filled in the form on the Website.
  List of personal data processed: First name, last name, e-mail, phone number (optional), name and address of the client's company.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).

  3.3 AsstrA Suppliers
  3.3.1 Purpose: Registration in the Supplier's Cabinet for timely acceptance and confirmation of the transport order for execution.
  List of personal data processed: First name, last name, phone number, e-mail, position, language of communication, name of the supplier company, country, city.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  3.3.2 Purpose: Prepare responses to supplier inquiries in the Supplier Cabinet.
  List of personal data processed: First name, last name, position, phone number, e-mail, name of the supplier's company.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  3.3.3 Purpose: To verify that the supplier (supplier's drivers) is in compliance with AsstRA requirements for safe transportation.
  List of personal data processed: First name, last name, photo, position, phone number, e­mail, passport data, driver's license, vehicle number, technical passport for the vehicle.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: Ensuring the safety and reliability of our services, mitigating operational risks and protecting AsstrA's reputation.
  3.3.4 Purpose: To enter supplier information into AsstrA's information systems to ensure effective communication.
  List of personal data processed: First name, last name, position, phone number, e-mail, name of supplier company, vehicle number.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: To improve the quality of services provided, to accelerate the provision of feedback on supplier requests.
  3.3.5 Purpose: To send reports to suppliers to confirm AsstrA's compliance with international standards (e.g. CO2 emission standards).
  List of personal data processed: First name, last name, e-mail, position, field of activity.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  3.3.6 Purpose: Find new suppliers and analyze their needs in order to offer them relevant services.
  List of personal data processed: First name, last name, position, e-mail, phone number, place of work.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: To offer relevant services and provide quality service to meet the supplier's needs and maintain long-term relationships.
  3.3.7 Purpose: To send information to third parties in order to provide recommendations about the supplier.
  List of personal data processed: First name, last name, position, mail, telephone, name of the supplier's company.
  Legal basis: Consent (Article 6, paragraph 1, part A GDPR).
  3.3.8 Purpose: Communication with the supplier on legal and financial issues related to the fulfillment of the contract (e.g. recording business transactions, sending invoices, receiving VAT returns, etc.).
  List of personal data processed: First name, last name, e-mail, telephone number, position.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  3.3.9 Purpose: To update provider contact information to ensure effective and timely communication regarding AsstrA services.
  List of personal data processed: First name, last name, phone number, e-mail, position, language skills, and country.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: Maintain effective communication with the supplier regarding the provision of logistics services.

  3.4 Users of the AsstrA Track&Trace Driver mobile application
  3.4.1 Purpose: To ensure safe transportation through the AsstrA Track&Trace Driver application.
  List of personal data processed: Phone number, geolocation of mobile device.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  How our application works: Mobile Application "AsstrA Track&Trace Driver (T&T) collects the data of user's location and transfers all this data to the AsstrA Supplier's Portal web application where they are used to display the location of the cargo transported by the T&T user on the map. Location data is only collected when the user has tied the cargo load in the T&T application. Location data is collected even if the user has closed the T&T application, but there is a cargo load tied by the user to the application. AsstrA collects only the information that is necessary to broadcast the location of the cargo for the user in web application.

  3.5 Users of the Website and Visitors to AsstrA's offices
  3.5.1 Purpose: To address complaints filed by users on the AsstrA website.
  List of personal data processed: First name, last name, position, company name, e-mail, phone number (optional), other data that you will leave in the complaint window.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: To investigate possible irregularities in the provision of services, to maintain the high quality of the service provided.
  3.5.2 Purpose: To prepare a response to a user request with the assistance of an AsstrA industry expert to clarify all details required for a particular shipment.
  List of personal data to be processed: First name, last name, e-mail, telephone number (optional), other data that you leave in the request window.
  Legal basis: Contract (Article 6, paragraph 1, part B GDPR).
  3.5.3 Purpose: To prepare a response to the user's inquiry left in the "AsstrA offices” section of the Website.
  List of personal data processed: First name, last name, e-mail, telephone number, and other data that you will leave in the request window.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: Providing transparent and timely communication with the user, and providing effective feedback on the issues in the request.
  3.5.4 Purpose: To prepare a response to the user's request sent to AsstrA's e-mail.
  List of personal data processed: E-mail, other data you specify in your request.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: Providing transparent and timely communication with the user, and providing effective feedback on the issues in the request.
  3.5.5 Purpose: To issue a temporary pass to visitors to the office to ensure compliance with security standards and control access to AsstrA premises.
  List of personal data processed: First name, last name, and passport data.
  Legal basis: Legitimate interest (Article 6, paragraph 1, part F GDPR).
  Our legitimate interest: To ensure compliance with security standards set by the office space owner and to maintain our own access control standards to protect AsstrA's employees, visitors and property.

• 4. WHAT HAPPENS IF YOU REFUSE TO PROVIDE ASSTRA WITH YOUR PERSONAL DATA FOR THE PURPOSES SET OUT IN SECTION 3 OF THE POLICY?

  4.1 If you choose not to provide us with your personal data, We may not be able to provide you with certain services and facilities. For example, this may affect our ability
  to notify you of our new business offers, to assess the quality of the services provided by AsstrA or to provide you with timely feedback.
  4.2 Where the processing of data is necessary for the performance of a contract (legal basis - "Contract"), refusal to provide the data may result in us being unable to fulfill the terms of the contract We have entered into with you.

• 5. WHEN MAY ASSTRA ACT AS PROCESSOR IN THE PROCESSING OF YOUR PERSONAL DATA?

  5.1 We may act as a data processor when we process personal data based on instructions from the client (data controller) in accordance with the terms of the contract entered into with the customer. In these cases, the data processing is necessary for the provision of logistics services such as:
  Admission of the Supplier's driver to load to the Client: AsstrA may process first name, last name, passport data, telephone number, vehicle number, driver's license data and vehicle technical passport.
  Supplier's admission to a particular transportation: in order to meet customer requirements for transportation standards, AsstrA may process Supplier's personnel data, such as First name, last name, contact details, position, qualifications and training, and driver's license data.
  Incident Investigation: at the request of the client or supervisory authorities, AsstrA may process first name, last name, date of birth, driver's license data and information on training completed (e.g. ADR).
  Ensuring safe transportation: in order to comply with client safety standards, AsstrA may process vehicle geolocation data and driver information (first name, last name).
  AsstrA processes only the data necessary to fulfill the client's instructions and strictly in accordance with the client's instructions.

• 6. AUTOMATED DECISION-MAKING IN THE PROCESSING OF YOUR PERSONAL DATA

  6.1 We do not use automated decision making. AsstrA also does not use your personal data to automatically assess aspects of your personality (automated profiling, profiling).

• 7. HOW LONG DOES ASSTRA KEEP YOUR PERSONAL DATA?

  7.1 We will retain your personal data for no longer than is necessary to fulfill the purposes set out in section 3 of the Policy. The exact retention periods may depend on the type of data and legal obligations, for example:
  - Data related to the performance of the contract may be kept until its completion and for the period necessary to settle possible claims, or as required by the laws of the country of presence.
  - Data relating to the CV review process for a particular vacancy may be retained until the process is completed, or, if you have agreed to be included in the talent pool, for two years from the date of your agreement to do so.
  - Data related to AsstrA's legitimate interest may be retained for as long as necessary to achieve a specific purpose. For example, the results of our customers' questionnaires are stored for 3 months from the date of the questionnaire, data required to verify a supplier for transportation safety is stored until the end of the cooperation with the supplier, etc.

• 8. HOW CAN ASSTRA OBTAIN YOUR PERSONAL DATA?

  8.1 From you personally (from communications, including from completed forms on the Website);
  8.2 Other data controllers for the purpose of providing or assisting AsstrA in providing services or any requests between you as the ultimate recipient of a particular service and AsstrA. We may at any time provide you with information about these parties at your request;
  8.3 Publicly available sources;
  8.4 Information on your company's website;
  8.5. Your public profile on social media;
  8.6 From cookies that our website sets on your browser. Our cookie policy is https://asstra.us/cookies-policy/;
  8.7 In some circumstances, we may collect your personal data by making requests from third party sources such as government agencies, credit reporting agencies, database and information service providers or from publicly available records.

   

• 9. WHO MAY ASSTRA SHARE YOUR PERSONAL DATA WITH?

  9.1 To Clients - if you are a supplier, to implement the services contracted with you.
  9.2 To employees of AsstrA's offices - for the realization of services provided for in the contract with clients and suppliers.
  9.3 Web analytics services - if you are a user of the Website, to improve the services provided by AsstrA:
  9.4 Google Analytics is a web analytics service provided by Google, Inc. Address: Google, Google Data Protection Office, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. Google Analytics personal data processing policy.
  9.5 Yandex Metrica is a web analytics service provided by Yandex LLC. Address: 16, Lev Tolstoy St., Moscow, 119021. Policy of personal data processing Yandex.
  9.6 To the security service of the offices where AsstrA is located - if you are a visitor to one of our offices, to enforce security rules and control access to AsstrA's premises.
  9.7 To the public authorities of the countries where AsstrA offices are present, if requested by them.

• 10. CROSS-BORDER TRANSFER OF YOUR PERSONAL DATA

  10.1 In some cases, AsstrA may transfer your personal data across borders to countries that provide an adequate level of personal data protection in accordance with the laws of the countries in which we operate and international data protection standards. Such transfers may be necessary to fulfill contractual obligations or where there is a legitimate business interest of AsstrA.
  10.2 In the event that personal data is transferred to countries that do not provide this level of protection, AsstrA will take all necessary measures to protect your data, including entering into agreements providing adequate data security safeguards with our partners and service providers who may be involved in the processing of your personal data abroad.

• 11. HOW DOES ASSTRA ENSURE THE SECURITY OF YOUR PERSONAL DATA?

  11.1 We take all necessary measures to ensure the security of your personal data. These measures include technical, organizational and legal mechanisms to protect data from unauthorized access, alteration, disclosure or destruction. Such measures include:
  - The use of encryption in data transmission;
  - Restrict access to personal data, only to authorized employees;
  - Regular monitoring and updating of security systems;
  - Storing data in secure systems and backing it up.

• 12. WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PROCESSING OF PERSONAL DATA?

  12.1 Right of Access:
  You can request information about what personal data We process about you and receive a copy of that data.
  12.2 The right to correction:
  You can request a correction or update of your data if it is inaccurate or out of date. 12.3 Right of removal:
  You can ask for your data to be deleted if it is no longer needed for the purposes for which it was collected or if the processing is unlawful.
  12.4 The right to restrict processing:
  You can request the restriction of the processing of your data if it is inaccurate, the processing is unlawful or you object to the processing.
  12.5 The right to portability of your personal data:
  You can request that your data be transferred to another controller (e.g. another company) in a machine-readable format.
  12.6 The right to object to the processing of your personal data:
  You can object to the processing of your data in certain situations, for example if the processing is based on our legitimate interest.
  12.7 The right to object to automatic decision-making, including profiling:
  You may object to decisions that are purely automatic (without human input) if they have a significant impact on you.
  12.8 The right to withdraw consent to the processing of your personal data:
  You can withdraw your consent to data processing at any time, if it has been used as a legal basis for processing.
  12.9 The right to file a complaint with a supervisory authority:
  You have the right to file a complaint with the supervisory authority of the state in which your permanent residence, place of employment or where the alleged violation of your information privacy occurred.

• 13. UPDATING THIS POLICY AND INFORMING ABOUT CHANGES

  13.1 We may update this Policy periodically to reflect changes in our personal data processing practices or as required by law.
  13.2 All changes will be posted on the Website and we will notify you by email, or other available means, if there are material changes.
  13.3 We recommend that you periodically review the Policy to keep abreast of any updates.