CLIENT & CONSIGNEE PRIVACY POLICY

Version control: This privacy notice was last updated on 21 June 2024.

Important information and who we are

Important information and who we are
Starlinks Global Limited (“Starlinks”/“we”/“us”) provides delivery solutions globally to retail and wholesale companies on behalf of their customers. We refer to the retail and wholesale companies as our “clients” and the customers as “consignees” in this privacy notice.
Starlinks is an aggregator which means that it brings together a variety of different logistics services and offers them to its clients as a single solution. Many of the services are carried out on our behalf by our partners.
Starlinks respects your privacy and is committed to protecting your personal data. This privacy notice provides information on how Starlinks collects and processes your personal data. It is important that you read this privacy notice so that you are fully aware of how and why we are using your data.
Starlinks is the data controller and is responsible for your personal data. Starlinks is registered with the UK Information Commissioner’s Office and its registration number is C1331277.


If you have any questions about this privacy notice or our privacy practices, please contact our Managing Director, Beth Chapman using the details below:


Email address: dataprotectionofficer@starlinks-global.com
Telephone: +44203 004 7987 Postal address: James House, Stonecross Business Park, Yew Tree Way, Warrington, Cheshire, England, WA3 3JD

 

How to make a complaint about the use of your personal data by us

If you have any concerns or would like to make a complaint about our processing of your personal data, you may do so via your local data protection authority directly (in the UK this is the ICO contactable at https://ico.org.uk/global/contact-us/) however we would encourage you to contact us on the details above in the first instance as we aim to promptly and satisfactorily resolve any concerns or complaints you may have in relation to our processing of your personal data.

Changes to the privacy notice and your duty to inform us of changes

This privacy notice may be updated from time to time so you may wish to check this page from time to time to ensure that you understand how your personal data will be used and to see any minor updates. If material changes are made to this privacy notice, we will provide a more prominent notice. This notice is effective from 21 June 2024.

Data protection laws and regulations

Starlinks processes personal data of clients and consignees globally and is subject to the different data protection laws and regulations that are in place in each territory, in addition to the UK GDPR. Where there is a conflict between the local law and regulations in a territory and the UK GDPR, Starlinks will always uphold the most stringent standard so that data subjects receive the best protection and most favourable rights.

- KSA citizens
For citizens of the Kingdom of Saudi Arabia (“KSA”), we have included an addendum at the end of this privacy policy which covers the requirements of the Personal Data Protection Law and the Implementing Regulation.

How do we collect your personal information?

We collect personal information from our clients and consignees in the following ways:
• following requests or instructions to complete deliveries;
• use of our services and website;
• contact made with us for any reason including any enquiries or complaints;
• completed forms and receipts (including proof of delivery receipts);
• completed customer satisfaction surveys;
• reviews left on third party websites;
• information entered or submitted via the Starlinks website;
• for entrance to Starlinks’ sites.

What types of information do we collect?

We may collect, use, store and transfer different types of personal data. This includes information provided from our clients and consignees and information we create when providing the services. Our services and website are not intended for children and we do not knowingly collect data relating to children.For more details on the personal data we process, and how this data is collected or obtained, please see the table below

How do we use your personal data?

We use the information that we collect for a number of different purposes in order to:

a) provide our logistics services to our clients and to improve that service;
b) process orders and to provide after sales services;
c) enhance or improve consignees' experience of our services via customer satisfaction surveys or reviews on third party websites;
d) analyse consignees’ delivery preferences or how they interact with or use our websites and applications;
e) record and monitor outbound and inbound telephone conversations to ensure consistent service levels, prevent or detect fraud, resolve queries and complaints and for performance management and training purposes; and
f) undertake research for analytical and statistical purposes.

Subject to applicable laws, we use your personal data in the following circumstances:
•Contract: the processing is necessary for a contract or agreement with you;
•Legal Obligation: the processing is necessary to comply with the law; or
•Legitimate Interests: the processing is necessary for legitimate interests pursued by Starlinks or another party providing that your fundamental rights do not override such interests.

The purposes for which we process personal data and the legal bases for doing so in each case can be seen in the table at the bottom of this webpage

Who do we share your personal data with?

Our employees, contractors or agents may access information:
• to provide delivery of goods to consignees, or management of a service;
• to process, deal or respond to any enquiry, complaint or other contact you have made with us;
• to contact you regarding reviews left on third party websites;
• to evaluate customer satisfaction surveys and reviews and improve service delivery; and
• for troubleshooting and maintenance purposes.

Our Clients:
We share consignee personal data with our clients for the purposes of providing services to them, for example the provision of proof of delivery and status of delivery information for items we are delivering to consignees on their behalf.

Other Third Parties:
We use data processors who are third parties providing elements of services for us, these may be our partners who we sub-contract parts of the services to, our suppliers or other parties related to the services. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

We may share your data with other third parties (including the police, law enforcement agencies, credit reference and fraud prevention agencies and other bodies) to protect our or another person’s rights, property, or safety, in connection with the prevention and detection of crime.

In some circumstances we are legally obliged to share information. For example, under a court order or where we cooperate with a regulator undertaking an investigation into complaints or criminal conduct. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

We may transfer your personal data to the following third parties:
• Logistics and warehousing sub-contractors – our partners who may transport or store goods on our behalf;
• Processing and export partners – our partners who facilitate customs clearance when exporting and importing goods;
• Technology service providers – our partners who provide IT, applications and website services including tracking services and parcel processing software;
• Verification service providers – our partners who provide address verification and address location data to improve the speed and accuracy of our delivery service;
• Customer service providers – our partners who work with us to administer your delivery and provide you with any help you may need;
• Telephony providers – our partners who provide telephone services and functionality;
• Regulators, lawyers, courts and or other governmental agencies or law enforcement agencies. Starlinks may be required to disclose certain personal information because it is required to by law or for the purposes of legal proceedings.
• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

Transfer of Information

We are a UK based business with data centres in Europe. We operate globally; our clients and consignees are based all over the world. To provide the services, we will often be transferring the data that we collect from you to third parties and partners who are located in a different country (this may be outside the EEA and/or United Kingdom) for support, processing or maintenance of the purposes. Any such transfer of information will only be in connection with the services that Starlinks provides and for a purpose that is stated in this privacy policy. Whenever we transfer your personal data out of the EEA and/or the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
• we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (in the case of transfers out of the EEA) or the United Kingdom Government (in the case of transfers out of the United Kingdom); and/or
• where we use certain service providers, we may use specific contracts approved by the European Commission (in the case of transfers out of the EEA) and/or the United Kingdom Government (in the case of transfers out of the United Kingdom), in both cases which give personal data the same protection it has within the EEA and/or United Kingdom as applicable.

Will you be contacted for marketing purposes?

We send commercial e-mails to individuals at our clients or other companies with whom we want to develop or maintain a business relationship in accordance with applicable laws. Individuals at our clients can opt out of receiving marketing emails at any time by using the contact details at the end of this notice.

We do not conduct any form of direct marketing targeted at consignees and we will not share personal data with any third parties for the purposes of direct marketing.

How do we keep your data safe?

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including:

• the pseudonymisation and encryption of personal data;
• the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
• a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach where we are legally required to do so.

How long do we keep your information for?

We will hold your personal information securely for as long as is necessary to provide our services. Once the services are completed, we will determine how long to retain the different types of information about you based on our Retention Policy and the following requirements:

• How long the information is needed for the specific purpose or purposes it is used for;
• Legal and regulatory requirements – For example, if Starlinks is required to retain client and or consignee records for an additional period of time in order to comply with a legal (including regulatory) requirement; and
• To maintain records in the event of any potential or actual legal claims or regulatory investigations.

In the case of consignees, to prove export of the goods, we will need to hold your personal information for 7 years pursuant to legal requirements.
In some circumstances you can ask us to delete your data: see ‘What are your legal rights’ below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

What are your legal rights?

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

• Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, Starlinks may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.•
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

o If you want us to establish the data's accuracy.
o Where our use of the data is unlawful but you do not want us to erase it.
o Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
o You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
• Right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect on you.
If you wish to exercise any of the rights set out above, please contact us on the contact details above.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help it confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How can you exercise your legal rights?

If you wish to exercise any of your legal rights, please contact us on the details above.

Addendum for citizens of KSA

Click here to view table below

What types of information do we collect?

Types of data

Description

Source

Contact information

This includes your full name, address, email address and telephone number(s).
If you work for one of our clients we will record your business’s name, your position in the business and the business’s address, email address and telephone number(s).
If you visit one of our sites, we will request your name, job role and vehicle registration.

This information is collected from you if you use our services directly or from our clients or other consignees when you are a recipient of services from one of our clients or another customer.
Alternatively, we may obtain personal details from third parties. For example, where we acquire third party data or information to verify delivery addresses and or delivery locations.
When we take information on a site visit this is to confirm your identity for security purposes.

Information for customs clearance

Your national ID number (where applicable).

Customs regulations in certain countries require you to provide ID for customs clearance. We safely & securely store the ID information in order to transmit the information to the carrier and Customs officials.

Financial Details

Records of payments and payment information such as payments for loss or damage.

You provide this information yourself if we need to make a payment to you.

 

Client records

Records of services that you have used. This includes records of deliveries you have requested and details of consignee details provided.

You provide much of this information yourself when you use our services. We will also generate information in the course of providing our services.

Consignee records

Records of services and deliveries that have been received by you and all interactions with us.

Information will be provided from our clients you have placed orders with, yourself, interactions with you and records created by us when providing the service.

Address and Address history

We will hold records of addresses, for example, billing, delivery, previous and rearranged delivery addresses and locations used.

Information will be provided from clients, information you provide if you changed or rearranged delivery services or third party address verification services.

Address data

A building or delivery point address including latitude and longitude data may also include personal data (for example, where a delivery point/property is identified by personal data being processed).

Information provided by clients, you or third parties used to verify address details to improve delivery accuracy.

Contact history, including enquiries and complaints

These are details of any enquiry, complaint or claim you have made to us and may include copies of correspondence and call recordings.

You will provide this information to us when you contact us to make an enquiry or complaint. We will also create records relating to this contact. This will include any information you provide including any sensitive information provided.

Call recordings

Records of calls for training, quality purposes or to investigate complaints or for the detection, investigation and prevention of crime (including fraud).

You will be advised when calling us if a call is being recorded. We will record inbound calls for delivery bookings and enquiries. We will also create records relating to telephone calls.

Proof of delivery information

Records of delivery including the signature, name and address of people who sign for or accept delivery of items.

You provide this information if you accept delivery of an item, including when you accept delivery of an item for another person, such as a neighbour.

Recipient information

If a recipient is different from the consignee (for example, if a delivery has been arranged or ordered for a third party). Recipients name and address are used to collect, sort, track and deliver an item. A client or consignee may also provide us with contact information, such as your phone number or email address, so that we can provide delivery updates.

We receive this information from clients arranging deliveries or consignees requesting alternative delivery or placing orders on another person’s behalf.

Recordings of you

Images recorded on CCTV and other equipment used to protect our consignees, employees and property.

We will record images of you if you a visit a location where CCTV is in operation, such as our warehouses, receptions, transport areas or depots. Vehicles may be fitted with reversing cameras as well as forward-facing / cab cameras.

‘Safe Place’ Images

Digital images of parcels left in situ and delivery exceptions. These may contain location or other information that links the image to a consignee or otherwise identifies an individual.

We create this information when digital images are taken of parcels left in situ , images of property and delivery exceptions are taken.

Customer satisfaction survey data

Completed customer surveys used to review and improve our services.

You provide this information if you agree to complete a survey or questionnaire about the service you received.

Reviews on third party websites

Reviews on third party websites used to evaluate and improve our services.

If you include personal identifiers or order details in your review, we will use this to identify your order to evaluate and improve our services.

Cookie data

A cookie is a piece of information in the form of a very small text file, which is transferred to an end user’s device when a website or internet based service/application is accessed by a user.

For details of Cookies used by Starlinks, please see the Cookies section below.

How do we use your personal data?

Purpose

Lawful bases for processing

Providing services to the consignee where there is a contract or agreement in place (between the consignee and the client) as a result of an order placed with one of our clients.

Contract – we need to process your data to provide our services to you in accordance with that contract.

Providing delivery services to a third party recipient, such as when someone sends you a delivery for a third party and we use your data to deliver it or provide delivery updates.

Legitimate Interests – we need to process your data to provide these delivery services and fulfil our contracts with our clients, including delivering the parcels to you and providing additional services, such as delivery updates.

Where we provide a service which informs both the sender and recipient of services about the delivery status and timing of that service.

Contract and Legitimate Interests – we need to monitor the delivery status of items to keep senders and recipients informed and to improve our service delivery and provide better information to our clients and consignees.

Customer services – dealing with enquiries, complaints or claims relating to our services.

Contract and Legitimate Interests – we may need to process your data so we can handle and resolve any enquiry, complaint or claim raised by you or another person related to a contract and or other issue.

Providing data services to our clients, to help them run their businesses better and fulfil their contracts with you. For example, we provide services for the delivery of items ordered from our clients and for the purposes of maintaining and updating accurate address data used for delivery, to process order status information.

Contract and Legitimate Interests – our clients may have contractual obligations with the consignee to be fulfilled and have a legitimate interest to process data in these ways, and we have a legitimate interest to process personal data to support them to do so. In each case, we need to process the consignees’ personal data to fulfil contractual obligations and or to pursue those Legitimate interests.

Enhancing our client and consignees' experience of our services and websites. For example, we use information on your visits to our websites to evaluate and understand how different people navigate our websites and how long they spend on particular pages.

Legitimate Interests – we sometimes need to process personal data to understand how you use our services so we can enhance and improve them.

Customer and market research and analysis, and the development of new services. For example, we may use customer satisfaction surveys and reviews left with third parties to evaluate and understand how our services are working, how they can be improved and for the purposes of developing new delivery services or new enhanced services. We may contact you to discuss a survey or review.

Legitimate Interests – we sometimes need to process personal data to evaluate and improve our services and to develop new service offerings.

Security, preventing fraud and money laundering, and taking action against fraudsters or people who commit an offence.

Legitimate Interests and Legal Obligation – we sometimes need to process personal data to protect rights, property and peoples’ safety.

Tax.

Legal Obligation – we need to process personal data to comply with revenue and customs regulations.

Prevention and detection of crime – including the use of CCTV to protect our client, consignees, employees, the public and property.

Legitimate Interests and Legal Obligation – we sometimes need to process personal data to protect the rights, property and the safety of people.

Complying with the law, including regulatory requirements.

Legal Obligation and Legitimate Interests – to comply with our legal obligations, including regulatory conditions relevant to our services, and health and safety legislation, we sometimes have to process personal data.

 

Addendum for citizens of KSA

The table below provides the information required by Article 13 of the PDPL and Article 4 of the Implementing Regulation.

 

Controller’s identity

Starlinks Global Limited

Controller’s contact details

Email address: dataprotectionofficer@starlinks-global.com

Telephone: +44203 004 7987

Mobile: +447375 447267

Postal address: James House, Stonecross Business Park, Yew Tree Way, Warrington, Cheshire, England, WA3 3JD

Contact us via our website - https://starlinks-global.com/contact

Contact details of the data protection officer appointed where applicable

Beth Chapman (Managing Director) is responsible for data protection compliance

Source from which the personal data is collected

Personal data collected indirectly
In the case of consignees, most of the personal data will be collected by Starlinks from the retailer from which you purchased the goods – please see the privacy notice on their website for their contact details.
In some circumstances, we may collect the personal data from a wholesaler who collected the personal data from the retailer. The retailer can provide this information to you.
Information collected indirectly includes any data which is required to perform the services such as your name and address and also reviews left on third party websites.
For data subjects other than consignees, we will be collecting your personal data directly.

•Personal data collected directly
If you contact us directly, use our website, complete our customer satisfaction surveys or access our sites, we will be collecting this information directly.

The legal basis for collecting personal data

To the extent that personal data is not collected from you directly, Starlinks relies on Article 10(7) of the PDPL which permits collection from a different source where the collection is necessary to achieve our legitimate interests, without prejudice to your rights and interests (provided no sensitive data is processed).

The legal basis for processing personal data

Starlinks does not rely on consent for processing the personal data. Instead Starlinks relies on:
• Article 6(1) of the PDPL - where the processing serves your actual interests of but communicating with you is impossible or difficult;
• Article 6(2) of the PDPL - where the processing is pursuant to another law or in implementation of a previous agreement to which you are a party (ie in the case of consignees, the contract between you and the retailer for the purchase and delivery of the goods); and/or
• Article 6(4) of the PDPL - where the processing is necessary for the purposes of our legitimate interests, without prejudice to your rights and interests (provided no sensitive data is processed).

The specific, clear and explicit purpose for collecting and processing personal data

We use the information that we collect for a number of different purposes in order to:

a)      provide our logistics services to our clients and to improve that service;

b)      process orders and to provide after sales services;

c)       enhance or improve consignees' experience of our services via customer satisfaction surveys or reviews on third party websites;

d)      analyse consignees’ delivery preferences or how they interact with or use our websites and applications;

e)      record and monitor outbound and inbound telephone conversations to ensure consistent service levels, prevent or detect fraud, resolve queries and complaints and for performance management and training purposes; and

f)        undertake research for analytical and statistical purposes.

Your personal data will not subsequently be processed in a manner which is inconsistent with the purpose for which it was collected unless: you have given your consent, the personal data was publicly available or collected from a publicly available source or the processing is necessary in order to achieve our legitimate interests without prejudice to your rights and interests (providing no sensitive personal data is to be processed).

Categories of personal data

Please see ‘What types of information do we collect?’ Depending on the retailer/wholesaler, for KSA citizens, we may also process the following additional categories:

  • ID valid number or Iqama number
  • ID or Iqama expiry date
  • Consignee date of birth

The entities to which the personal data will be disclosed and their capacity

Please see ‘Who do we share your personal information with?’

Whether the personal data will be transferred, disclosed or processed outside of the Kingdom

Personal data will be transferred, disclosed and processed outside the Kingdom. In the case of consignees, our retail and wholesale clients will transfer your personal data from KSA to our data centres in Europe and we will transfer your personal data to the entities described in the row above. Any such transfer of information will only be in connection with the services that Starlinks provides and for a purpose that is stated in this privacy policy.

Whenever we transfer your personal data outside of the Kingdom, wherever possible, we ensure that there is an adequate level of protection or that there are appropriate safeguards in the territory it is being transferred to.

The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period

Please see ‘How long do we keep your information for?’

The potential consequences and risks that may result from not collecting the personal data

All personal data that we collect/process (with the exception of customer satisfaction surveys and information relating to how you interact with or use our websites and applications) is required to provide the services. If we do not collect this personal data, depending on what it is, we can’t provide the services or all aspects of the services.

If you do not complete customer satisfaction surveys, unless you have provided feedback by another means, we are unable to take your views and suggestions into account to improve the services. Similarly, if we do not collect and analyse how you interact with or use our websites and applications, we cannot use this information to improve these platforms.

Data subjects rights and how to exercise them

Please see ‘What are your legal rights?’

How data subjects can withdraw their consent

Not applicable - we do not rely on consent to process your personal data.

Whether collection of the personal data is mandatory or optional

In the case of consignees, subject to the exceptions stated below, all collection of personal data is mandatory as it is required to provide the services.

The exceptions to this are where we collect your personal data as part of customer satisfaction surveys or with regards to how you interact with or use our websites and applications, which are optional.

To view the full privacy policy, please switch from mobile view to browse our website on a desktop device