Scope of Policy
- Visitors to the Descartes websites, public forums, and other publicly accessible internet sites maintained by the Descartes.
- Visitors to offices, conferences, or trade show booths run by the Descartes.
- Subscribers to Descartes mailing lists, email lists, newsletters, and social media channels and feeds.
- Individuals negotiating commercial contracts or similar such agreements with Descartes.
What is personal information
Personal information is information about an identifiable individual. Depending on local law, publicly available information — such as a public directory listing of your name, address, telephone number, email or other electronic address — may not be considered personal information.
What we use personal information for
Under various data privacy laws, business may be limited to only collecting and using information for which they have a legitimate business purpose for collecting and using that information or the information is collected and used on the consent of the individual who that information belongs to. The Descartes may gather personal information for the following purposes:
- to respond to your request for further information or follow-up contact;
- to understand your needs as it relates to our products and services, to qualify you for those products and services, and to make recommendations to you based on those needs;
- for prospective customers who are in the process of contracting with us for products or services, to verify that we are permitted by law to sell to you;
- to administer subscriptions to our newsletters, social media channels, and other resources that you may subscribe to;
- to allow our websites to provide certain functions and features designed to improve the website user’s overall experience or to manage the security of our websites;
- to allow us to analyze, develop, improve, and optimize the use, functionality, and performance of our sites and/or the responsiveness of our staff to potential customer inquiries;
- to allow us to understand and predict future changes in our customer’s and potential customer’s needs;
- to meet any legal and regulatory requirements we may have.
Where we discover a need to use your personal information for a purpose not described above, we will do so only if we are explicitly permitted by law to do so.
Personal Information Collected or Processed
- Your name, employer, role with your employer, and contact information;
- Your professional associations, such as your membership in industry trade groups;
- Your attendance at conferences or trade shows;
- The products and or services you have expressed an interest in obtaining further information about or ultimately purchased;
- Data from any surveys or questionnaires that we may have provided to you;
- Past requests that you may have made for information from us;
- Transactional data necessary to facilitate or qualify your attendance to events hosted by Descartes including any special requests you may make related to your attendance;
- Unique IDs such as your mobile device identifier or cookie ID on your browser;
- IP address and information that may be derived from IP address, such as geographic location; and
- Information about a device you use, such as browser, device type, operating system, the presence or use of "apps", screen resolution, and the preferred language.
Duration of Processing
The Descartes maintains personal information only as long as it is required to fulfill the purpose under which it was gathered, unless required by law to retain for longer periods or other purposes. Where Descartes determines that personal information is no longer required, we will securely destroy such information as soon as it is commercially reasonable to do so.
Sharing of Information
As Descartes is a global organization, our network operations span multiple data centers across the world. Our products and services rely on this interconnected network of data centers to provide you with efficient and resilient experiences. By providing us your personal information, you consent to us transferring your personal information to the various countries that Descartes operates in and amongst the various companies that make up the Descartes group of companies.
Descartes may also make use of subprocessors to process personal information on our behalf. We engage subprocessors for the following reasons:
- To allow us to better manage the information including the storage of, access to, identification of, modification of, and removal of that information;
- To allow us to communicate with you or respond to your requests; and
- To allow us to use the information in a more useful manner, including allowing us to analyze the usage of our website, engagement on our social media channels, our ability to effectively communicate with our customers and potential customers, and understand ways to improve our products or services.
All third-parties used by Descartes to process personal information are required to use industry standard security to protect any data they have access to and may only process the information for the purpose, duration, and in the manner specified by Descartes. A list of the subprocessors used by Descartes can be found in the Supplemental Privacy Information section (https://www.descartes.com/legal/privacy-center/supplemental-privacy-information). Where Descartes transfers personal information, as described above, from the European Union or United Kingdom to jurisdictions not deemed “adequate” by the European Union Commission or the Information Commissioner’s Office respectively, such transfers will be made subject to safeguards as required by law, including but not limited to Standard Contractual Clauses as approved by the appropriate regulatory authority.
In the event of an emergency or valid court order, we may also share personal information with law enforcement agencies or government regulators if permitted by law to do so.
Selling of Personal Information
The Descartes does not collect any personal information for the purpose of selling that personal information. Despite this, some jurisdictions require us to make the following additional statements:
- We have not sold any personal information in the past twelve months.
- We do not sell personal information to third parties.
Requesting access, changes, or limits on your own Information
Under applicable law, you may request from us the following:
- a copy of any of your personal information which we may have;
- to update or correct any inaccuracies in your personal information that we may have;
- to request that we limit our use of your personal information, including but not limited to instructing us not using your personal information for a specific purpose;
- to erase some or all of your personal information that we do not have a legal entitlement to keep; or
- withdraw any previously provided consent for our use of your personal information.
To make any of the above requests to access, change, or impose limits on the use of your personal information, please contact us at firstname.lastname@example.org wit details of your request. For the purposes of verifying your identity we may ask that you provide us sufficient personal details to allow us to identify you, which may include but may not be limited to your full legal name, your email address, your phone number, and/or your mailing or physical address. Such information will only be used for the purpose of verifying your identity.
In addition, while Descartes does not sell personal information to third parties, some jurisdictions still require that we provide you a means to opt out of the sale of your personal information to third parties.
What are cookies and how are they used?
Cookies are unique identifiers or tokens of agreement from a web server that are saved in a small text file on your computer when you access a Descartes web site through a browser. We can use this information to track visits to web pages (which ones, how many times) or to personalize web page content.
Contacting the Data Protection Officer
Michael Verhoeve, Data Privacy Officer
Mail: 120 Randall Drive, Waterloo, Ontario, Canada, N2V 1C6
Personal Information from European Union, European Economic Area, and Switzerland
The following Descartes affiliates or subsidiaries (collectively referred to as “Descartes US”) comply with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Frameworks, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States:
- Descartes Insurance Services, Inc.
- Descartes Systems (USA) LLC
- Descartes Systems VM LLC
- Descartes U.S. Holdings, Inc.
- Descartes Visual Compliance (USA) LLC
- MacroPoint LLC
- Peoplevox LLC
The Federal Trade Commission has jurisdiction over Descartes US’ compliance with Privacy Shield.
All Descartes US employees who handle personal information from the European Union or Switzerland are required to comply with the Privacy Shield Principles states in this policy.
Disputes covered by Privacy Shield
In compliance with the Privacy Shield Principles, Descartes US commits to resolve complaints about our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact the Data Protection Officer using the contact information provided for in the section titled “Contacting the Data Protection Officer”.
Descartes US has further committed to refer unresolved Privacy Shield complaints to the ICDR/AAA, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit the ICDR/AAA (http://go.adr.org/privacyshield.html) for more information or to file a complaint. The services of the ICDR/AAA are provided at no cost to you.
If you are not satisfied with the resolution provided by the ICDR/AAA, under certain conditions you may be able to invoke binding arbitration to address complaints regarding Descartes US’ compliance with Privacy Shield. Further instructions on binding arbitration are available at https://www.privacyshield.gov/article?id=ANNEX-1-introduction.
Verification of Privacy Shield compliance
Descartes US utilizes the self-assessment approach to assure its compliance with its Privacy Shield obligations and regularly verifies that this policy is accurate, comprehensive, prominently displayed, completely implemented, and in conformity with the EU-US Privacy Shield and Swiss-US Privacy Shield. Descartes US conducts its self-assessment on an annual basis to ensure all relevant privacy practices are followed.
[End of policy.]