1. Introduction & Our Commitment to GDPR
Spirnexs processes personal data lawfully, fairly, and transparently. Our GDPR compliance program is designed to ensure:
- Accountability in data handling
- Data minimization and purpose limitation
- Security and confidentiality
- Respect for individual rights
This page should be read alongside our Privacy Policy, AI Policy, and Cookie Policy.
2. Data Controller Information
For the purposes of GDPR, Spirnexs acts as the Data Controller for personal data processed through its platform, unless stated otherwise in a Data Processing Agreement (DPA).
Data Controller: Spirnexs
Website: https://spirnexs.com
Email (Privacy & GDPR): privacy@spirnexs.com
Support: support@spirnexs.com
A designated Data Protection Officer (DPO) or privacy contact handles GDPR-related inquiries and requests.
3. Legal Basis for Processing Personal Data
Spirnexs processes personal data under one or more of the following legal bases as defined in Article 6 GDPR:
- Contractual Necessity: To provide services requested by users (shipment tracking, document management, analytics)
- Legitimate Interests: Platform improvement, security, fraud prevention, and business operations
- Legal Obligations: Compliance with tax, customs, trade, and financial regulations
- Consent: Marketing communications, cookies, and optional features where required
Where consent is used as the legal basis, it may be withdrawn at any time.
4. Categories of Personal Data Processed
Depending on usage, Spirnexs may process the following categories of personal data:
4.1 Account & Identity Data
- Full name
- Email address
- Mobile number
- Company name and role
4.2 Shipment & Trade Data
- Consignee and shipper details
- Shipment references and tracking data
- Trade documentation data (PO, PI, CI, BL)
4.3 Financial & Transaction Data
- Invoicing and billing information
- Payment records
- Cost and expense data related to shipments
4.4 Technical & Usage Data
- IP address
- Browser and device information
- Log files and usage analytics
Note: Spirnexs does not intentionally collect sensitive personal data unless required by law.
5. Methods of Data Collection
Personal data is collected through:
- User registration and account forms
- Upload of trade and shipment documents
- Automated data collection (logs, cookies, analytics)
- Integrations and third-party data sources authorized by users
6. Purposes of Data Processing
Spirnexs uses personal data for the following purposes:
- Delivering and maintaining platform services
- Shipment tracking and trade management
- Document processing and validation
- Financial reporting and alerts
- Customer communications and support
- Product improvement and analytics
- Marketing communications (where consent is provided)
7. Data Subject Rights (Articles 15-21 GDPR)
Under GDPR, data subjects have the following rights:
- Right of Access - Obtain confirmation and access to personal data
- Right to Rectification - Correct inaccurate or incomplete data
- Right to Erasure - Request deletion of personal data ("Right to be Forgotten")
- Right to Restriction of Processing - Limit processing under certain conditions
- Right to Data Portability - Receive data in a structured, machine-readable format
- Right to Object - Object to processing based on legitimate interests or marketing
- Right to Withdraw Consent - Withdraw consent at any time
- Right to Lodge a Complaint - File a complaint with a supervisory authority
Requests can be submitted via email to privacy@spirnexs.com.
8. Exercising Your Rights
- Requests are processed free of charge
- Response time: within 30 days
- Identity verification may be required to protect user data
- If a request is complex, the response period may be extended as permitted by GDPR
10. Data Retention Periods
Personal data is retained only for as long as necessary:
- Financial and trade records: up to 7 years (legal requirement)
- Account data: Duration of active account + reasonable period
- Marketing data: Until consent is withdrawn
- Technical logs: Limited retention based on security needs
Data is securely deleted or anonymized once retention periods expire.
11. Security Measures
Spirnexs implements appropriate technical and organizational safeguards, including:
- Data encryption at rest and in transit
- Role-based access controls
- Secure infrastructure and monitoring
- Employee confidentiality obligations
- Regular security reviews and audits
12. Data Breach Notification
In the event of a personal data breach:
- Relevant supervisory authorities will be notified within 72 hours, where required
- Affected users will be informed if there is a high risk to their rights and freedoms
13. Automated Decision-Making & Profiling
Spirnexs uses analytics and AI-assisted tools to support:
- Shipment predictions
- Cost analysis
- Operational insights
These systems do not produce legal or similarly significant effects without human oversight. Users may request clarification or human review.
15. Data Processing Agreement (DPA)
Business customers may request a Data Processing Agreement (DPA) governing controller-processor responsibilities. Please contact privacy@spirnexs.com for details.
16. Employee Training & Internal Compliance
- Employees receive GDPR and data protection training
- Access to personal data is limited to authorized personnel
- Internal policies govern data handling and security
17. Complaints & Supervisory Authorities
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority within the EU.
18. Updates to This GDPR Compliance Page
We may update this page to reflect:
- Legal or regulatory changes
- Operational or technical updates
- New platform features
Any changes will be posted on this page with an updated revision date.
19. Contact Information
For GDPR-related questions, requests, or concerns:
Spirnexs - Privacy & Compliance Team
Website: https://spirnexs.com
Email: Hello@spirnexs.com
By using Spirnexs, you acknowledge this GDPR Compliance Statement and our commitment to protecting your personal data.