Introduction

    When you use our services, we collect your personal data to support those services. Data privacy is important to us at CartonCloud. This Privacy Policy details our use of personal data and your privacy rights and choices available to you. CartonCloud is a Data Controller that is responsible for determining the purpose and means of personal data processing.

    How we use personal data

    Your data is collected to help us:

    • Deliver our services to you.
    • Provide support and troubleshooting when using our services.
    • Analyse and improve our services.
    • Market our services.
    • Meet our legal and compliance obligations.

    Personal data we may collect

    CartonCloud may collect one or more of the following types of data as a requirement for using our services:

    • Name
    • Contact information
    • IP address
    • Cookie ID
    • Usage Data
    • Location Data

    When using the CartonCloud web application, your IP address will be collected and stored; however, it will not be utilised for purposes outside technical requirements.

    In addition to the data above, which may be requested or required when using our services, additional unsolicited data may be processed that is not reviewed by CartonCloud as part of the services provided. We will apply the same security and privacy protections as the solicited data above, which may not recognise any additional privacy risks of this data.

    Location Data

    When using the CartonCloud transport mobile application and when location-sharing settings on your device are enabled, CartonCloud will utilise your location. We will use your location for certain functionality on the transport CartonCloud application (such as driver tracking, route optimisation, ETA text messages, map view, and sorting) and other services related to your account (such as the BI dashboard).

    In addition, we may use anonymised aggregated location data for statistical analysis; however, this data is not identifiable to your account and will not be shared externally.

    If you do not want to share your location for the above purposes, you can disable location-sharing settings on your device. However, please note you will not have access to the functionality of the CartonCloud transport application that relies on this location data.

    When we share your personal data

    Your personal data may be shared with third parties under one or more of the following scenarios:

    With the sub-processors included in this policy who are subject to agreed terms of service with a basis of processing in line with this policy.

    Your rights

    Your privacy rights are outlined below. For further details of these rights or to make a request from us related to these rights, please see the Privacy Requests and Contacts section below and contact us accordingly.

    The right to be informed. You have the right to be informed about the collection and use of your personal data when the data is obtained by us.

    The right to access and amend your data. You can request a copy of your personal data through a data subject request. You can ask us to explain the means of collection, what data we are processing, and who we share it with.

    The right to rectify your data. If your data is inaccurate or incomplete, you can ask us to rectify that.

    The right to data erasure. You can request we erase your data within 30 days. We will notify you if that cannot be completed or if there are any implications of doing so for using our services.

    The right to transfer your data. You can have your data transferred from one system to another safely and securely.

    The right to restrict your data processing. You can request we restrict or suppress your personal data to limit its use.

    The right to opt-in for sensitive data processing. For any highly sensitive personal data we may collect, we require your explicit consent to opt-in to process that data.

    The right to opt-in by a parent or guardian. We do not collect data from minors. You are required to be over the age of 18 in order to use our services.

    The right not to be subject to fully automated decisions. We do not apply automated processing activities that profile you or make fully automated decisions using your personal data.

    These rights are subject to the relevant privacy regulations, legal requirements, and public interest clauses, and where the above rights may conflict with your use of our services. For any privacy concerns or to request further details of your rights, please see the Privacy Requests and Contacts section below.

    Sub-processors and Locations

    A sub-processor is a third-party data processor engaged by CartonCloud that receives service data (which may contain personal data) from CartonCloud for processing on behalf of our users. and in accordance with the terms of its written subcontract. The list of sub-processors that we use to perform various functions and their location is shown below.

    Cloud Infrastructure

    • Amazon Web Services - Australia & Singapore
    • Sendgrid - United States
    • Twilio - United States
    • Google Cloud Platform - Global

    Data Analytics & BI

    • Snowflake - Australia

    Application Telemetry, Logging and Monitoring

    • New Relic - United States
    • Rollbar - Global
    • Bugsnag - United States
    • MixPanel - United States

    Site Analytics

    • Google - Global

    Advertitising

    • Google - Global
    • Facebook/Meta - Global
    • Microsoft - Global
    • TikTok - Global

    CRM

    • Hubspot - United States

    Finance

    • Xero - United States

    Service & Support

    • Salesforce - Japan

    Communication

    • Slack - United States
    • Gong - Global
    • Zoom - Global

    Retention

    The following types of data must be retained for the periods noted to support CartonCloud's services and compliance requirements effectively:

    • Account management: Supporting customers’ needs by maintaining a history of dealings with them. This includes the history of interactions, contact details, agreements, service information and key conversation records. This data is retained until deletion is requested.
    • Service information: Confidential information is shared during the course of providing CartonCloud’s services. This may include proprietary documentation and confidential data of customers' business activities. This is data retained as required for regulatory compliance purposes.
    • CartonCloud usage: User history and account activity for users of CartonCloud are tracked to support the debugging of issues and to improve the products and services. This data is anonymised where possible to reduce the sensitivity of the information. This data is retained until deletion is requested.
    • Private data: Personally identifiable data is collected, processed and stored for users of CartonCloud’s services. This is subject to those users' privacy rights, including the right to access, modify and delete that information where it does not conflict with CartonCloud’s legitimate needs and regulatory compliance requirements. Where data requests cannot be fulfilled, this is communicated with the reason(s) why. This data is retained until the earliest of when deletion is requested or 12 months after the account is deactivated.

    Privacy requests and contacts

    For further information about our Privacy Policy or practices or to raise any privacy requests or complaints in relation to your data, please contact us using the following methods: