Last updated: August 7, 2024
Nauta Technologies, Inc. is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our logistics and supply chain management services, including our Software-as-a-Service ("SaaS") offerings.
For clarity and compliance with applicable data protection laws worldwide, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and various national and local data privacy regulations in territories where Nauta, its Design Partners, and its Design Partner Customers operate:
a) "Applicable Data Protection Laws": All laws and regulations relating to the processing of Personal Data and privacy applicable to Nauta, its Design Partners, and its Design Partner Customers, including without limitation: The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). The General Data Protection Regulation (GDPR) and local EU member state implementations. Local data privacy laws in Latin American territories and other jurisdictions where Nauta or its Design Partners process data. Other applicable international and local data protection laws in jurisdictions where Nauta, its Design Partners, or its Design Partner Customers operate or process data.
b) "Controller": Under the GDPR: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; Under the CCPA/CPRA: A "business" that determines the purposes and means of the processing of consumers' personal information. Under other applicable data protection laws: The entity that determines the purposes and means of the processing of personal data, as defined by the relevant legislation.
c) "Company Data": Any electronic data or information provided by a Design Partner to Nauta, or processed by Nauta in connection with the Services. This includes, but is not limited to, data that is collected, stored, transferred, processed, disclosed, or otherwise handled by Nauta. Company Data is owned by the Design Partner and is used by Nauta solely in connection with the Services and in accordance with the Design Partner's documented instructions. Company Data must be managed in compliance with Applicable Data Protection Laws.
d) "Data Subject": The identified or identifiable natural person to whom the Personal Data relates. In the context of Nauta's services, this typically refers to individuals whose data is processed by Design Partners.
e) "Data Supply Chain": The flow of data from Design Partner Customers, through Design Partners, to Nauta for processing. This chain reflects the multi-tiered nature of data processing in Nauta's business model.
f) "Design Partner": Any entity that directly contracts with Nauta to use Nauta's services for processing data. These are typically, but not limited to, importers, exporters, logistics companies, freight forwarders, or other entities in the supply chain industry.
g) "Design Partner Customer": refers to the customers of a Design Partner. These are typically the original controllers of the Personal Data processed through Nauta's services. They may include, but are not limited to, shippers, consignees, or other parties involved in logistics transactions.
h) "Nauta": Refers to Nauta Technologies, Inc., the provider of AI and technology services for the logistics sector.
i) "Operational Territory": Any geographic location or jurisdiction where Nauta provides its services, where Design Partners operate, or where Design Partner Customers are located and their data is processed. This may include, but is not limited to, the United States, European Union member states, and countries in Latin America and other regions.
j) "Processor": A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. In the context of Nauta's services, Design Partners are typically processors, and Nauta itself is a sub-processor.
k) "Personal Data": Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
l) "Processing": Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
m) "Sub-processor": An entity engaged by a Processor to assist in fulfilling data processing obligations on behalf of the Controller. In the context of Nauta's services, Nauta may act as a Sub-processor when it processes Personal Data on behalf of its Design Partners (acting as Processors) who in turn process data on behalf of their Design Partner Customers (acting as Controllers).
This Privacy Policy primarily addresses the processing of Personal Data as defined by Applicable Data Protection Laws. Nauta, acting as either a Processor or Sub-processor, handles Company Data provided by Design Partners or Design Partner Customers in the course of delivering its AI and technology services for the logistics sector.
Company Data, to the extent it does not contain Personal Data, is generally not subject to data protection laws such as the GDPR. Nevertheless, Nauta applies appropriate security measures to all data as outlined in our Terms of Service and applicable data processing agreements.
Where Company Data includes Personal Data (for example, information about individual employees, customers, or other Data Subjects associated with Design Partner Customers), such Personal Data is treated in accordance with this Privacy Policy and Applicable Data Protection Laws across all Operational Territories.
The Data Supply Chain in Nauta's model can vary depending on whether Nauta acts as a Processor or Sub-processor:
a) When Nauta acts as a Processor: i) Design Partner Customers (Controllers) provide data directly to Nauta for processing. ii) Design Partner Customers are responsible for ensuring they have the necessary rights and consents to allow processing of Personal Data by Nauta. iii) Nauta is directly responsible for complying with Applicable Data Protection Laws in its processing activities.
b) When Nauta acts as a Sub-processor: i) The data flow typically goes from Design Partner Customers (Controllers) through Design Partners (Processors) to Nauta (Sub-processor). ii) Design Partner Customers are responsible for ensuring they have the necessary rights and consents to allow processing of Personal Data by Design Partners and, by extension, Nauta. iii) Design Partners, as direct Processors of Design Partner Customer data, are responsible for ensuring they have the necessary rights and permissions to provide Nauta with any Personal Data included in their Company Data. They must ensure that such data has been collected and processed in compliance with Applicable Data Protection Laws in all relevant Operational Territories before sharing it with Nauta. iv) Nauta, as a Sub-processor, relies on the assurances of its Design Partners regarding the lawful collection and processing of data but also implements its own safeguards and compliance measures.
Given the global nature of logistics operations, data flows may cross multiple jurisdictions. Nauta is committed to maintaining compliance with Applicable Data Protection Laws across all Operational Territories involved in the Data Supply Chain, regardless of its role as Processor or Sub-processor.
Whether acting as a Processor or Sub-processor, Nauta implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, complies with the instructions of Controllers (either Design Partner Customers or Design Partners, as applicable), and assists in fulfilling data protection obligations under Applicable Data Protection Laws.
Nauta, acting as either a processor or sub-processor in the Data Supply Chain, may process the following categories of Personal Data:
a) Identity and Contact Information: Names, addresses, email addresses, phone numbers, government-issued identification numbers.
b) Professional Information: Job titles, company affiliations, business addresses.
c) Logistics Data: Sender and recipient details, shipment contents, customs declarations, tracking numbers.
d) Financial Information: Payment details, bank account information, credit ratings.
e) Technical Data: IP addresses, login data, browser types and versions, time zone settings and locations, browser plug-in types and versions, operating systems and platforms, and other technology on devices used to access our services.
f) Usage Data: Information about how our services, AI tools, and platforms are used.
g) Marketing and Communications Data: Preferences in receiving marketing from us and our third parties, and communication preferences.
Nauta processes Personal Data for the following purposes:
a) Service Provision and Contract Performance:
b) Legal and Regulatory Compliance:
c) Legitimate Business Interests:
d) Marketing and Communications:
Nauta processes Personal Data based on the following legal bases, depending on our role as Processor or Sub-processor:
a) Contract Performance: Processing necessary to fulfill contractual obligations or to take steps at the request of the Data Subject before entering into a contract.
b) Obligation: Processing required by law, including keeping records for tax purposes or complying with customs regulations.
c) Legitimate Interests: Processing based on the legitimate business interests of Nauta, our Design Partners, or Design Partner Customers, provided these interests are not overridden by the rights and freedoms of data subjects.
d) Consent: Where required, processing based on the explicit consent obtained from individual data subjects.
When acting as a Sub-processor, Nauta relies on the legal bases established by Design Partners with their Design Partner Customers.
Nauta, whether acting as a Processor or Sub-processor in the Data Supply Chain, is committed to supporting the fulfillment of data subject rights under Applicable Data Protection Laws across all Operational Territories. The following rights may be available to Data Subjects, depending on the Applicable Data Protection Laws:
a) Right to Access: Data Subjects may have the right to request a copy of their Personal Data.
b) Right to Rectification: Data Subjects may have the right to request correction of any inaccurate or incomplete Personal Data.
c) Right to Erasure: In certain circumstances, Data Subjects may have the right to request erasure of their Personal Data.
d) Right to Restrict Processing: In certain circumstances, Data Subjects may have the right to request restriction of Processing of their Personal Data.
e) Right to Data Portability: Data Subjects may have the right to request transfer of their Personal Data to another organization or directly to them, under certain conditions.
f) Right to Object: Data Subjects may have the right to object to Processing of their Personal Data for direct marketing purposes or based on legitimate interests.
g) Rights Related to Automated Decision Making: Data Subjects may have the right not to be subject to decisions based solely on automated Processing, including profiling, which produces legal effects or similarly significantly affects them.
To exercise any of these rights:
5.1.1 When Nauta acts as a Processor, Data Subjects may contact us directly at dpo@getnauta.com.
5.1.2 When Nauta acts as a Sub-processor, Design Partner Customers and individual Data Subjects should primarily contact the Design Partner (Data Processor) with whom they have a direct relationship.
5.1.3 Nauta will respond to requests within the timeframes required by Applicable Data Protection Laws (e.g., one month under GDPR).
5.1.4 Verification of the identity of the Data Subject may be required to ensure the security and privacy of Personal Data.
Nauta notes that some rights may be limited based on the legal basis for Processing, the nature of the data, or legal requirements. Any such limitations will be communicated to the Data Subject.
For matters relating to Data Subject rights, Nauta can be reached at dpo@getnauta.com. We will address requests directly when acting as a processor, and coordinate with our Design Partners when acting as a sub-processor.
Nauta, acting as either a Processor or Sub-processor in the Data Supply Chain, may process special categories of Personal Data provided by Design Partners or Design Partner Customers. This may include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, or data concerning a person's sex life or sexual orientation. Such processing occurs only in limited circumstances:
a) When necessary for specific AI applications in logistics, such as handling certain types of shipments (e.g., medical supplies) where such data is required for customs clearance or regulatory compliance.
b) To assist in complying with legal obligations in the field of employment and social security law.
c) To protect the vital interests of the Data Subject or of another natural person where the Data Subject is physically or legally incapable of giving consent.
Any processing of special categories of Personal Data by Nauta is conducted with heightened security measures and strictly on a need-to-know basis, in compliance with Applicable Data Protection Laws across all relevant Operational Territories.
Nauta's services are not intended for use by or related to minors under the age of 16. However, in our role as a Processor or Sub-processor, we may process data relating to minors as part of the Company Data provided. In such cases:
a) When acting as a Processor, we ensure appropriate parental or guardian consent has been obtained for the processing of minors' data, as required by Applicable Data Protection Laws.
b) When acting as a Sub-processor, we rely on Design Partners to ensure they have obtained appropriate parental or guardian consent for the processing of minors' data.
c) We implement additional safeguards to protect the privacy and security of any data relating to minors that we may process.
d) If we become aware that we have processed Personal Data of a minor without appropriate consent, we will promptly notify the relevant Design Partner or Design Partner Customer and take steps to delete such information, unless retention is required by law.
When Nauta acts as a Processor, we are directly responsible for ensuring compliance with all relevant laws and regulations regarding the collection and processing of minors' data. When acting as a Sub-processor, Design Partners are responsible for this compliance before sharing such data with Nauta.
Nauta, whether acting as a Processor or Sub-processor, implements
and maintains appropriate technical and organizational measures to
ensure a level of security appropriate to the risk associated with
processing Personal Data. Our security measures consider the state of
the art, implementation costs, and the nature, scope, context, and
purposes of processing, as well as the risk to the rights and freedoms
of Data Subjects.
Our data security measures include, but are
not limited to:
a) Encryption of data in transit and at rest.
b) Regular security assessments and penetration testing.
c) Access controls and authentication mechanisms.
d) Employee training on data protection and security.
e) Incident response and business continuity plans.
f) Physical security measures for our facilities.
We regularly review and update these security measures to ensure ongoing confidentiality, integrity, availability, and resilience of our processing systems and services across all Operational Territories.
Nauta may share Personal Data with the following categories of recipients:.
a) Other entities within the Nauta group of companies.
b) Subcontractors and service providers (e.g., IT service providers, cloud storage providers).
c) Shipping partners and carriers.
d) Customs and regulatory authorities.
e) Financial institutions and payment processors.
f) Professional advisers (e.g., lawyers, auditors).
g) Law enforcement agencies, courts, or other public authorities where required by law.
We share data only to the extent necessary to provide our services, comply with legal obligations, or pursue legitimate business interests. When we engage third-party processors or sub-processors, we enter into data processing agreements that require them to process Personal Data only on our instructions and in compliance with Applicable Data Protection Laws.
Given the global nature of our operations, Nauta may transfer Personal Data across Operational Territories, including countries outside the jurisdictions where the data was originally collected. For clarity and compliance with applicable data protection laws worldwide, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and several other Applicable Data Protection Laws, we ensure a similar degree of protection by implementing at least one of the following safeguards:
a) We only transfer Personal Data to countries deemed to provide an adequate level of protection for personal data by the relevant regulatory authorities.
b) We may use specific contracts approved by the relevant regulatory authorities which give Personal Data the same protection it has in its original jurisdiction.
c) For providers based in certain countries, we may transfer data if they are part of recognized frameworks or mechanisms that ensure data protection compliant with Applicable Data Protection Laws.
We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk involved in such transfers, regardless of our role as Processor or Sub-processor.
Nauta uses cookies and similar tracking technologies to enhance user experience and collect information about how our website and services are used. We categorize our cookies as follows:
a) Strictly Necessary Cookies: Essential for the operation of our website and services.
b) Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and analyze website usage.
c) Functionality Cookies: Used to recognize users when they return to our website.
d) Targeting Cookies: Record user visits to our website, pages visited, and links followed.
We may allow third-party service providers to place cookies on our website for analytics, advertising, and functionality purposes. These providers are subject to their own privacy policies.
Users can set their browsers to refuse all or some browser cookies or to alert them when websites set or access cookies. However, if users disable or refuse cookies, some parts of our website may become inaccessible or not function properly.
We may update this privacy policy to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify users through our website or direct communication. We encourage users to review this policy periodically to stay informed about how we protect their Personal Data across our Operational Territories.
The date of the last update will be clearly indicated at the beginning of the policy. By continuing to use our services after changes take effect, users agree to be bound by the revised policy.
Nauta provides access to its application programming interface (API) as part of the Services. The API is hosted by Nauta and accessed through the Services. Use of the API is subject to this Privacy Policy and our Terms of Service. The API and its functionality are only available through the Services and not separately. Users may not access or use, or attempt to access or use, the API separately from the Services.
Our Design Partners and Design Partner Customers (as applicable) represent, warrant, and covenant that:
a) They possess the necessary rights and consents to grant Nauta the rights set forth in our Agreement with respect to the Company Data.
b) Neither the Company Data nor the use of any Company Data infringes, misappropriates, or violates any rights of any user or third party.
c) All Company Data has been collected, stored, transferred, processed, disclosed, and otherwise handled in accordance with all Applicable Data Protection Laws across relevant Operational Territories.
Design Partners and Design Partner Customers shall ensure they have a valid legal basis for processing Personal Data, including obtaining any necessary consent from Data Subjects, and shall provide Data Subjects with all necessary information regarding the processing of their Personal Data, in accordance with Applicable Data Protection Laws.
Nauta may monitor, collect, use, and store anonymous and aggregate statistics regarding use of the Services and/or any individuals/entities that interact with the Services (collectively, "Nauta Analytic Data"), provided that such Nauta Analytic Data does not include any Personal Data or allow for the re-identification of any individual.
For privacy-related inquiries, please contact our Data Protection Officer:
Email: dpo@getnauta.com
For general inquiries about our privacy practices or to exercise your data protection rights, please contact:
Email: dpo@getnauta.com
This Privacy Policy will be governed by and construed in accordance with the laws of the State of New York applicable to agreements made and to be entirely performed within the State of New York, without resorting to its conflict of law provisions. However, this choice of law does not override the data protection rights of Data Subjects under Applicable Data Protection Laws in their respective Operational Territories.
By using our services, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent to process your Personal Data, we will seek such consent separately and explicitly, in accordance with Applicable Data Protection Laws.