Version:LBG-Privacy Policy-04-v 2021.09.01

YUNEXPRESS PRIVACY STATEMENT


1. INTRODUCTION

This is the Privacy Statement of the YunExpress Netherlands B.V., YunExpress’ group of companies in The Netherlands where YunExpress processes personal data of clients and business partners . Personal data pertains to data of an identified or identifiable natural person. YunExpress shall hereafter also be referred to as the Company, we or us.

In this Privacy Statement we describe who we are, how and for which purposes and on what legal basis we process your personal data, how you can exercise your privacy rights and all other information that may be relevant to you.

We did our best to provide you with all information in a clear and readable format. However, if you have any questions about our use of your personal data after reading this Privacy Statement, you can of course always contact us through the contact details provided at the end of this Privacy Statement.

This Privacy Statement may be changed over time. This Privacy Statement applies since 9/8/2021. The last modifications to this Privacy Statement have been made on 9/1/2021.

2.When does this privacy statement apply?

This Privacy Statement is applicable to the processing by the Company of all personal data of its clients and business partners in the EU. This Privacy Statement does not address the processing of personal data of applicants or employees in the context of their employment relationship with the Company.

3.Who is responsible for your personal data?

This Privacy Statement applies to the processing of personal data where the Company acts as a controller in the sense of the General Data Protection Regulation (GDPR). This Privacy Statement indicates what personal data are collected and used (processed) by the Company and for what purpose, and to which persons or entities the data may be provided.

4. 4.What personal data do we collect?

When we provide our services we have a need to process personal data. We typically process the following personal data when you use our services or website:

Contact details

This will include your name, address, e-mail address and phone number.

Financial and account information

This will include your bank account number, payment and invoice status.

Identification information

We use this to ensure that we can identify you, but we strive to be as little privacy invasive as possible.

Information in relation to shipment

This is typically track and trace information. For this we will need you to log in using your email address and/ or mobile phone number.

Other services and preferences

When you order other services from us, give us a compliment, file a complaint or set your preferences, in such instances we also need process the personal data. This is typically the personal data that you supply to us in the process.

Automatically generated information

Some personal data just gets generated automatically, such as IP address, or MAC address, and browser type.

5. FOR WHICH PURPOSES AND ON WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA?

(a) For the conclusion and execution of agreements

When you work together with us as a supplier or business partner, we process your personal data for administrative purposes such as sending invoices and making payments per our agreement. If you are a client, the Company will process your personal data in order to further execute our agreement in relation to dispatch of mail and/or parcels.

For this purpose, we process your contact details such as your address, personal details such as your name and payment information on the basis of the performance of our agreement with you.

(b) For business process execution and internal management

We process your personal data in the performance and organization of our business. This includes general management and management of our assets. The Company also processes your personal data for its internal management. We implement business controls and manage and use business partner and client directories. Also, we process your personal data for finance and accounting, archiving and insurance purposes, legal and business consulting and in the context of dispute resolution.

For this purpose, we process your contact details such as your address and email address, personal details such as your name and date of birth, payment information, payment history, correspondence with us and data generated during the performance of the agreement between you and the Company.

Above-mentioned processing is necessary for the performance of our agreement with you or for the purposes of the legitimate interests of the Company.

(c) For organizational analysis and development and management reporting

At the Company, we may process your personal data in the preparation and performance of management reporting and analysis.

For this purpose, we process your contact details such as address and email address, personal details such as your name, payment history, correspondence with us and the information you provide when responding to our surveys.

Above-mentioned processing is necessary for the purposes of the legitimate interests of the Company.

(d) When you interact with the Company (online or offline)

If you get in touch with us we will use your personal data in order to reply to and answer your question. For this purpose, we process your name, contact details, your correspondence with us your question and all other personal data which are necessary to answer your question.

If you have contacted us then your data will not be retained longer than necessary for the purposes described above.

Above-mentioned processing is necessary for the performance of our agreement with you or for the purposes of the legitimate interests of the Company. We only process the data that is absolutely necessary for answering your question.

(e) For product and relationship management and marketing of commercial activities

We process personal data for and in the development and improvement of our products services, account management, client services and the performance of targeted marketing activities towards our suppliers, business partners and clients.

Above-mentioned processing is necessary for the purposes of the legitimate interests of the Company.

(f) To comply with the law

In some cases, we process your personal data to comply with laws and regulations. This could, for example, be the case where tax or business conduct related obligations apply or when required for safety or security purpose . In order to comply with relevant laws and regulations, we may need to disclose your personal data to government institutions or supervisory authorities.

For this, we process your contact details such as your address, personal details such as your name and date of birth, payment information, residence, payment history and tax details on the basis of the need to comply with a legal obligation that the Company is subject to.

6. WHO HAS ACCESS TO YOUR PERSONAL DATA?

6.1 Access to your personal data within the Company

As a global organization data we collect may be transferred internationally throughout our worldwide organization. Your personal data may be exchanged with other group companies of YunExpress. We exchange your data for administrative purposes and so that we can have a complete overview of your contacts and contracts within the Company group. We may also exchange your data in order to better offer you a complete package of services and products.

Our employees are authorised to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs.

6.2 Access to your personal data by third parties

The following third parties have access to your personal data, where relevant, for the provisioning of their products or services to us:

Logistics service partners,including air cargo companies, ocean shipping companies

Tax authorities

Public agencies

Group companies

When third parties are given access to your personal data, we will take the required contractual, technical and organizational measures to ensure that your personal data are only processed to the extent that such processing is necessary.

If your personal data are transferred to a recipient in a country that does not provide an adequate level of protection for personal data, we will take measures to ensure that your personal data are adequately protected, such as entering into EU Standard Contractual Clauses with these recipients.

In other cases, your personal data will not be supplied to third parties, except where required or allowed by law.

6.3 The use of your personal data by data processors

We have the need to instruct certain third parties to process your personal data on our behalf. The Company will enter into agreements with these parties, so called processors, for the processing of personal data. In this agreement we include obligations to ensure that your personal data are processed by the processor solely to provide services to us. These include:

Confidentiality

The use of (sub-)processors

Technical and organizational security obligations

Notifications regarding personal data breaches

Data Protection Impact Assessments and prior notification

Transfer of Personal Data outside the EU/EEA

Right to audit

Inspections or audits by public authorities

Cooperation enquiries & data subject rights

Government agencies requests

7. How are your personal data secured?

The Company has taken adequate safeguards to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.

8. How long are your personal data retained?

Your personal data will be removed or made anonymous when your personal data are no longer necessary for the purposes for which these personal data are processed.

9. How can you exercise your privacy rights?

Under the GDPR you have the right to request access of an overview of your personal data, and under certain conditions, rectification and/or erasure of personal data. In addition, you may also have the right of restriction of processing concerning your personal data, the right to object to processing, as well as the right to data portability.

To invoke your right of access, rectification, and/or erasure of personal data, your right of restriction of processing, and/or your right to object to processing as well as to invoke your right to data portability, please contact us by using the contact details at the bottom of this Privacy Policy. Please keep in mind that we may ask for additional information to verify your identity.

If you have given your consent to a certain purpose, you can withdraw your consent at any time. Please keep in mind that withdrawal does not have retroactive effect.

10.Data protection for children?

We do not provide services directly to children or knowingly collect or use any personal data from children without prior, verifiable parental consent. Children means any individuals who is under the age of 16 (or the minimum legal age at which personal data is consented to be collected and processed where applicable law differs). We do not knowingly allow children to use our services, communicate with us, or use any of our website service. By using the Services, you represent that you are at least 16 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If you become aware that a child has provided us with personal data, please contact us as indicated in Section “How can you contact us”. We will take all reasonable measures to delete the information as soon as possible and to not use such information for any purpose, except where necessary to protect the safety of the child or others as required by law.

11.CONTROLS FOR DO-NOT-TRACK FEATURES ?

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy policy.

12. HOW CAN YOU CONTACT US OR LODGE A COMPLAINT?

If you have any questions about the way we process your personal data, please read this Privacy Policy Statement first. For additional questions please contact us via the following email address DPO@ztn.com. . Please note that we take your satisfaction very seriously. Should you have a complaint, please also direct it to the same email address and we will respond to you as soon as we can.

You can of course also lodge a complaint with your local data protection authority when you have a complaint about the use or processing of your personal data by the Company. For example, if you believe that we do not use your personal data carefully, or because you have sent us a request to access or rectification of your personal data and you are not satisfied with our reply or we did not reply in a timely manner.