Scope of Policy
- Visitors to the Descartes websites, public forums, and other publicly accessible internet sites maintained by the Descartes.
- Visitors to offices, conferences, or trade show booths run by the Descartes.
- Subscribers to Descartes mailing lists, email lists, newsletters, and social media channels and feeds.
- Individuals negotiating commercial contracts or similar such agreements with Descartes.
What is personal information
Personal information is information about an identifiable individual or household. Depending on local law, publicly available information — such as a public directory listing of your name, address, telephone number, email or other electronic address — may not be considered personal information.
What we use personal information for
Under various data privacy laws, business may be limited to only collecting and using information for which they have a legitimate business purpose for collecting and using that information or the information is collected and used on the consent of the individual who that information belongs to. The Descartes may gather personal information for the following purposes:
- to respond to your request for further information or follow-up contact;
- to understand your needs as it relates to our products and services, to qualify you for those products and services, and to make recommendations to you based on those needs;
- for prospective customers who are in the process of contracting with us for products or services, to verify that we are permitted by law to sell to you;
- to administer subscriptions to our newsletters, social media channels, and other resources that you may subscribe to;
- to allow our websites to provide certain functions and features designed to improve the website user’s overall experience or to manage the security of our websites;
- to allow us to analyze, develop, improve, and optimize the use, functionality, and performance of our sites or products and/or the responsiveness of our staff to potential customer inquiries;
- to allow us to understand and predict future changes in our customer’s and potential customer’s needs; and
- to meet any legal and regulatory requirements we may have.
Where we discover a need to use your personal information for a purpose not described above, we will do so only if we are explicitly permitted by law to do so.
Personal Information Collected or Processed
- Your name, employer, role with your employer, and contact information;
- Your professional associations, such as your membership in industry trade groups;
- Your attendance at conferences or trade shows;
- The products and or services you have expressed an interest in obtaining further information about or ultimately purchased;
- Data from any surveys or questionnaires that we may have provided to you;
- Past requests that you may have made for information from us;
- Transactional data necessary to facilitate or qualify your attendance to events hosted by Descartes including any special requests you may make related to your attendance;
- Unique IDs such as your mobile device identifier or cookie ID on your browser;
- IP address and information that may be derived from IP address, such as geographic location; and
- Information about a device you use, such as browser, device type, operating system, the presence or use of "apps", screen resolution, and the preferred language.
Duration of Processing
Descartes maintains personal information only as long as it is required to fulfill the purpose under which it was gathered, unless required by law to retain Descartes maintains personal information only as long as it is required to fulfill the purpose under which it was gathered, unless required by law to retain for longer periods or other purposes. Where Descartes determines that personal information is no longer required, we will securely destroy such information as soon as it is commercially reasonable to do so.
Sharing of Information
As Descartes is a global organization, our network operations span multiple data centers across the world. Our products and services rely on this interconnected network of data centers to provide you with efficient and resilient experiences. By providing us your personal information, you consent to us transferring your personal information to the various countries that Descartes operates in and amongst the various companies that make up the Descartes group of companies.
Descartes may also make use of subprocessors to process personal information on our behalf. We engage subprocessors for the following reasons:
- To allow us to better manage the information including the storage of, access to, identification of, modification of, and removal of that information;
- To allow us to communicate with you or respond to your requests;
- To provide you with products and services;
- In the event of a transaction or proposed transaction involving the transfer of all of a portion of the assets of Descartes or one or more of its businesses to another entity, whether an affiliate or a third party, your personal information may be shared in the diligence process or to otherwise facilitate the transaction and may be transferred as part of the transaction; and
- To allow us to use the information in a more useful manner, including allowing us to analyze the usage of our website, engagement on our social media channels, our ability to effectively communicate with our customers and potential customers, and understand ways to improve our products or services.
All third-parties used by Descartes to process personal information are required to use industry standard security to protect any data they have access to and may only process the information for the purpose, duration, and in the manner specified by Descartes. A list of the subprocessors used by Descartes can be found in the Supplemental Privacy Information section (https://www.descartes.com/legal/privacy-center/supplemental-privacy-information). Where Descartes transfers personal information, as described above, from the European Union, Switzerland, or United Kingdom to jurisdictions not deemed “adequate” by the European Union Commission (EU), the Federal Council (Switzerland), or the Information Commissioner’s Office (UK) respectively, such transfers will be made subject to safeguards as required by law, including but not limited to Standard Contractual Clauses as approved by the appropriate regulatory authority.
In the event of an emergency or valid court order, we may also share personal information with law enforcement agencies or government regulators if permitted by law to do so.
Selling of Personal Information
Descartes does not collect any personal information for the purpose of selling that personal information. Despite this, some jurisdictions require us to make the following additional statements:
- We have not sold any personal information in the past twelve months.
- We do not sell personal information to third parties.
- We do not disclose your personal information to third parties for their own direct marketing purposes.
Sharing of Personal Information for Cross Context Advertising
Descartes does not share personal information with third parties for purposes of cross context advertising by Descartes.
Requesting access, changes, or limits on your own Information
Under applicable law, you may request from us the following:
- a copy of any of your personal information which we may have;
- to update or correct any inaccuracies in your personal information that we may have;
- to request that we limit our use of your personal information, including but not limited to instructing us not using your personal information for a specific purpose;
- to erase some or all of your personal information that we do not have a legal entitlement to keep; or
- withdraw any previously provided consent for our use of your personal information.
We will not discriminate against you for exercising your rights conferred by applicable law and as described here.
To make any of the above requests to access, correct, delete, or impose limits on the use of your personal information, please contact us at firstname.lastname@example.org or call 1-800-419-8495 with details of your request. For the purposes of verifying your identity we may ask that you provide us sufficient personal details to allow us to identify you, which may include but may not be limited to your full legal name, your email address, your phone number, and/or your mailing or physical address. Such information will only be used for the purpose of verifying your identity.
In addition, while Descartes does not sell personal information to third parties, some jurisdictions still require that we provide you a means to opt out of the sale of your personal information to third parties.
What are cookies and how are they used?
Cookies are unique identifiers or tokens of agreement from a web server that are saved in a small text file on your computer when you access a Descartes web site through a browser. We can use this information to track visits to web pages (which ones, how many times) or to personalize web page content.
Contacting the Data Protection Officer
Peter Nguyen, Data Privacy Officer
Mail: 120 Randall Drive, Waterloo, Ontario, Canada, N2V 1C6
Data Privacy Framework
The following Descartes affiliates or subsidiaries (collectively referred to as “Descartes US”) comply with the EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Framework (collectively the “DPF”), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, Switzerland, and the United Kingdom to the United States:
- Descartes Insurance Services, Inc.
- Descartes Systems (USA) LLC
- Descartes Systems VM LLC
- Descartes U.S. Holdings, Inc.
- Descartes Visual Compliance (USA) LLC
- Green Mile, LLC
- GroundCloud Safety, LLC
- MacroPoint LLC
- NetCHB, LLC
- Rock Solid Internet Systems, LLC
- Trans-Soft, LLC
- VitaDex Solutions, LLC
- Windigo Logistics, Inc.
- XPS Ship, LLC
- XPS Technology LLC
The Federal Trade Commission has jurisdiction over Descartes US’ compliance with DPF.
All Descartes US employees who handle personal information from the European Union, Switzerland, or the United Kingdom are required to comply with the DPF Principles as stated in this policy.
Disputes covered by DPF
In compliance with the DPF Principles, Descartes US commits to resolve complaints about our collection or use of your personal information. European Union, Swiss, and United Kingdom individuals with inquiries or complaints regarding our DPF policy should first contact the Data Protection Officer using the contact information provided for in the section titled “Contacting the Data Protection Officer”.
Descartes US has further committed to refer unresolved DPF complaints to the ICDR/AAA, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit the ICDR/AAA (https://go.adr.org/eu-us_dpf_annexi.html) for more information or to file a complaint. The services of the ICDR/AAA are provided at no cost to you.
If you are not satisfied with the resolution provided by the ICDR/AAA, under certain conditions you may be able to invoke binding arbitration to address complaints regarding Descartes US’ compliance with DPF. Further instructions on binding arbitration are available at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Verification of DPF compliance
Descartes US utilizes the self-assessment approach to assure its compliance with its DPF obligations and regularly verifies that this policy is accurate, comprehensive, prominently displayed, completely implemented, and in conformity with DPF. Descartes US conducts its self-assessment on an annual basis to ensure all relevant privacy practices are followed.
[End of policy.]