Privacy Policy

Nauta Privacy Policy

Last updated: August 7, 2024

  1. INTRODUCTION
  2. Nauta Technologies, Inc. is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our logistics and supply chain management services, including our Software-as-a-Service ("SaaS") offerings.

  3. DEFINITIONS
  4. For clarity and compliance with applicable data protection laws worldwide, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and various national and local data privacy regulations in territories where Nauta, its Design Partners, and its Design Partner Customers operate:

    a) "Applicable Data Protection Laws": All laws and regulations relating to the processing of Personal Data and privacy applicable to Nauta, its Design Partners, and its Design Partner Customers, including without limitation: The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). The General Data Protection Regulation (GDPR) and local EU member state implementations. Local data privacy laws in Latin American territories and other jurisdictions where Nauta or its Design Partners process data. Other applicable international and local data protection laws in jurisdictions where Nauta, its Design Partners, or its Design Partner Customers operate or process data.

    b) "Controller": Under the GDPR: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; Under the CCPA/CPRA: A "business" that determines the purposes and means of the processing of consumers' personal information. Under other applicable data protection laws: The entity that determines the purposes and means of the processing of personal data, as defined by the relevant legislation.

    c) "Company Data": Any electronic data or information provided by a Design Partner to Nauta, or processed by Nauta in connection with the Services. This includes, but is not limited to, data that is collected, stored, transferred, processed, disclosed, or otherwise handled by Nauta. Company Data is owned by the Design Partner and is used by Nauta solely in connection with the Services and in accordance with the Design Partner's documented instructions. Company Data must be managed in compliance with Applicable Data Protection Laws.

    d) "Data Subject": The identified or identifiable natural person to whom the Personal Data relates. In the context of Nauta's services, this typically refers to individuals whose data is processed by Design Partners.

    e) "Data Supply Chain": The flow of data from Design Partner Customers, through Design Partners, to Nauta for processing. This chain reflects the multi-tiered nature of data processing in Nauta's business model.

    f) "Design Partner": Any entity that directly contracts with Nauta to use Nauta's services for processing data. These are typically, but not limited to, importers, exporters, logistics companies, freight forwarders, or other entities in the supply chain industry.

    g) "Design Partner Customer": refers to the customers of a Design Partner. These are typically the original controllers of the Personal Data processed through Nauta's services. They may include, but are not limited to, shippers, consignees, or other parties involved in logistics transactions.

    h) "Nauta": Refers to Nauta Technologies, Inc., the provider of AI and technology services for the logistics sector.

    i) "Operational Territory": Any geographic location or jurisdiction where Nauta provides its services, where Design Partners operate, or where Design Partner Customers are located and their data is processed. This may include, but is not limited to, the United States, European Union member states, and countries in Latin America and other regions.

    j) "Processor": A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. In the context of Nauta's services, Design Partners are typically processors, and Nauta itself is a sub-processor.

    k) "Personal Data": Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    l) "Processing": Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    m) "Sub-processor": An entity engaged by a Processor to assist in fulfilling data processing obligations on behalf of the Controller. In the context of Nauta's services, Nauta may act as a Sub-processor when it processes Personal Data on behalf of its Design Partners (acting as Processors) who in turn process data on behalf of their Design Partner Customers (acting as Controllers).

  5. COMPANY DATA AND PERSONAL DATA DISTINCTION
  6. This Privacy Policy primarily addresses the processing of Personal Data as defined by Applicable Data Protection Laws. Nauta, acting as either a Processor or Sub-processor, handles Company Data provided by Design Partners or Design Partner Customers in the course of delivering its AI and technology services for the logistics sector.

  7. DATA PROCESSING

  8. DATA SUBJECT RIGHTS
  9. Nauta, whether acting as a Processor or Sub-processor in the Data Supply Chain, is committed to supporting the fulfillment of data subject rights under Applicable Data Protection Laws across all Operational Territories. The following rights may be available to Data Subjects, depending on the Applicable Data Protection Laws:

  10. SPECIAL CATEGORIES OF DATA AND DATA OF MINORS

  11. DATA SECURITY AND PROTECTION
  12. Nauta, whether acting as a Processor or Sub-processor, implements and maintains appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with processing Personal Data. Our security measures consider the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the risk to the rights and freedoms of Data Subjects.

    Our data security measures include, but are not limited to:

    a) Encryption of data in transit and at rest.

    b) Regular security assessments and penetration testing.

    c) Access controls and authentication mechanisms.

    d) Employee training on data protection and security.

    e) Incident response and business continuity plans.

    f) Physical security measures for our facilities.

    We regularly review and update these security measures to ensure ongoing confidentiality, integrity, availability, and resilience of our processing systems and services across all Operational Territories.

  13. DATA SHARING AND DISCLOSURE
  14. Nauta may share Personal Data with the following categories of recipients:.

    a) Other entities within the Nauta group of companies.

    b) Subcontractors and service providers (e.g., IT service providers, cloud storage providers).

    c) Shipping partners and carriers.

    d) Customs and regulatory authorities.

    e) Financial institutions and payment processors.

    f) Professional advisers (e.g., lawyers, auditors).

    g) Law enforcement agencies, courts, or other public authorities where required by law.

    We share data only to the extent necessary to provide our services, comply with legal obligations, or pursue legitimate business interests. When we engage third-party processors or sub-processors, we enter into data processing agreements that require them to process Personal Data only on our instructions and in compliance with Applicable Data Protection Laws.

  15. INTERNATIONAL DATA TRANSFERS
  16. Given the global nature of our operations, Nauta may transfer Personal Data across Operational Territories, including countries outside the jurisdictions where the data was originally collected. For clarity and compliance with applicable data protection laws worldwide, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and several other Applicable Data Protection Laws, we ensure a similar degree of protection by implementing at least one of the following safeguards:

    a) We only transfer Personal Data to countries deemed to provide an adequate level of protection for personal data by the relevant regulatory authorities.

    b) We may use specific contracts approved by the relevant regulatory authorities which give Personal Data the same protection it has in its original jurisdiction.

    c) For providers based in certain countries, we may transfer data if they are part of recognized frameworks or mechanisms that ensure data protection compliant with Applicable Data Protection Laws.

    We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk involved in such transfers, regardless of our role as Processor or Sub-processor.

  17. COOKIES AND SIMILAR TECHNOLOGIES
  18. Nauta uses cookies and similar tracking technologies to enhance user experience and collect information about how our website and services are used. We categorize our cookies as follows:

    a) Strictly Necessary Cookies: Essential for the operation of our website and services.

    b) Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and analyze website usage.

    c) Functionality Cookies: Used to recognize users when they return to our website.

    d) Targeting Cookies: Record user visits to our website, pages visited, and links followed.

    We may allow third-party service providers to place cookies on our website for analytics, advertising, and functionality purposes. These providers are subject to their own privacy policies.

    Users can set their browsers to refuse all or some browser cookies or to alert them when websites set or access cookies. However, if users disable or refuse cookies, some parts of our website may become inaccessible or not function properly.

  19. CHANGES TO THIS PRIVACY POLICY
  20. We may update this privacy policy to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify users through our website or direct communication. We encourage users to review this policy periodically to stay informed about how we protect their Personal Data across our Operational Territories.

    The date of the last update will be clearly indicated at the beginning of the policy. By continuing to use our services after changes take effect, users agree to be bound by the revised policy.

  21. API ACCESS AND USE
  22. Nauta provides access to its application programming interface (API) as part of the Services. The API is hosted by Nauta and accessed through the Services. Use of the API is subject to this Privacy Policy and our Terms of Service. The API and its functionality are only available through the Services and not separately. Users may not access or use, or attempt to access or use, the API separately from the Services.

  23. COMPANY REPRESENTATIONS AND WARRANTIES
  24. Our Design Partners and Design Partner Customers (as applicable) represent, warrant, and covenant that:

    a) They possess the necessary rights and consents to grant Nauta the rights set forth in our Agreement with respect to the Company Data.

    b) Neither the Company Data nor the use of any Company Data infringes, misappropriates, or violates any rights of any user or third party.

    c) All Company Data has been collected, stored, transferred, processed, disclosed, and otherwise handled in accordance with all Applicable Data Protection Laws across relevant Operational Territories.

    Design Partners and Design Partner Customers shall ensure they have a valid legal basis for processing Personal Data, including obtaining any necessary consent from Data Subjects, and shall provide Data Subjects with all necessary information regarding the processing of their Personal Data, in accordance with Applicable Data Protection Laws.

  25. NAUTA ANALYTIC DATA
  26. Nauta may monitor, collect, use, and store anonymous and aggregate statistics regarding use of the Services and/or any individuals/entities that interact with the Services (collectively, "Nauta Analytic Data"), provided that such Nauta Analytic Data does not include any Personal Data or allow for the re-identification of any individual.

  27. CONTACT INFORMATION
  28. For privacy-related inquiries, please contact our Data Protection Officer:

    Email: dpo@getnauta.com

    For general inquiries about our privacy practices or to exercise your data protection rights, please contact:

    Email: dpo@getnauta.com

  29. GOVERNING LAW
  30. This Privacy Policy will be governed by and construed in accordance with the laws of the State of New York applicable to agreements made and to be entirely performed within the State of New York, without resorting to its conflict of law provisions. However, this choice of law does not override the data protection rights of Data Subjects under Applicable Data Protection Laws in their respective Operational Territories.

    By using our services, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent to process your Personal Data, we will seek such consent separately and explicitly, in accordance with Applicable Data Protection Laws.