Privacy Policy
The Aramex Group (“Aramex”) has drafted this Privacy Policy in order to explain Aramex’s policy regarding the use of any personal information it collects on Aramex customers and users of other services provided by Aramex (such as Aramex’s websites and applications). This Privacy Policy’s goal is to allow those customers and users to understand how their personal information may be handled by Aramex, as well as the rights they have in relation to their personal information.
In general, Aramex will handle personal information shared by customers or users, as well as other information which may be gathered by Aramex in connection with services provided, in a lawful, fair and transparent manner. Aramex has considered internationally recognised principles on the protection of personal data when defining its policies, such as the principles of purpose limitation, storage limitation, data minimisation, data quality and confidentiality.
Table of Contents
Privacy Policy
1. Controller and Data Protection Officer
2. Personal Data processed
a. Name, contact details and other Personal Data
- Aramex retail outlets
- Aramex websites
- Aramex applications
- Consignees
b. Data related to users’ devices
- Aramex mobile applications
c. Data related to your location
- Aramex mobile applications
d. Call recordings
e. Shipment Inspection
f. Shipment history
g. Special categories of Personal Data
- Aramex websites and applications
h.Personal Data related to criminal convictions and offences
i. Other persons’ Personal Data
- Aramex websites and applications
j. Browsing data
- Aramex websites and applications
k. Cookies, SDKs and tracking technologies
- Aramex websites
- Aramex applications
3. Purposes of processing
4. Grounds for processing and mandatory / discretionary nature of processing
5. Recipients of Personal Data
6. Transfer of Personal Data
7. Retention of Personal Data
8. Data subjects’ rights
9. Amendments
- Controller and Data Protection Officer
The controller regarding all personal data processing carried out via websites or applications managed by Aramex is Aramex International LLC, with registered offices at P.O. Box 95946, Dubai, United Arab Emirates.
Aramex International LLC acts as a joint controller with each individual local Aramex Station, regarding personal data related to customers of a given local Aramex Station, or to consignees of shipments delivered by (or on behalf of) that local Aramex Station. Please refer to the relevant section on the Aramex website (available here) in order to understand which Aramex Station may act as a controller regarding those personal data in your location.
When acting as joint controllers, Aramex International LLC and the relevant local Aramex Station are jointly responsible for ensuring that all rules regarding the handling of your personal data are respected. You can exercise your rights as a Data Subject against either one by:
- Submitting an online support request (here); or
- Reaching out to your relevant local Aramex Station.
Aramex has appointed a Group Data Protection Officer. To contact the Aramex DPO, please submit an online support request (here).
Aramex has also appointed a representative for local Aramex Stations which are established outside of the EU/EEA, under Art. 27 GDPR:
Aramex Nederland B.V.
Fokkerweg 300, 1438 AN, Oude Meer, P.O. Box 728, 2130 AS Hoofddorp, the Netherlands.
To contact the Aramex EU/EEA Representative, please submit an online support request (here).
Back to top
2. Personal Data processed
When providing services to customers, users or consignees, whether through physical retail outlets, websites or applications managed by Aramex (jointly referred to as the “Aramex Services”), Aramex will collect and process information regarding those customers / users / consignees (as individuals) which allows their identification either by itself, or together with other information which is available. Aramex may also be able to collect and process information regarding other persons in this same manner, where those customers / users / consignees choose to provide it to Aramex.
This information may be classified as “Personal Data”, and can be collected by Aramex both when shared by customers / users / consignees (e.g., upon signing up for an account on an Aramex website, when placing an order for delivery services, when preparing a shipping document at retail outlets), by analysing users’ behaviour (e.g., when browsing Aramex websites or using Aramex applications) or when disclosed to Aramex by other sources (e.g., Aramex’s customers, entities providing sanction-list screening services to Aramex).
These Personal Data may include the following categories:
a. Name, contact details and other Personal Data
- Aramex retail outlets
When requesting services from Aramex at a physical retail outlet, you will be asked to submit Personal Data concerning yourself. This may include your name, surname, telephone number, address, delivery address, copies of your government-issued identification cards and information related to your credit card (if you use these cards as a payment method). You can find the relevant information relating to each Aramex’s physical retail outlet stores here.
- Aramex websites
In various sections of Aramex’s websites – including, in particular, account creation pages and forms – you will be asked to submit Personal Data concerning yourself, such as your name, phone / mobile number, e-mail address, gender, date of birth, country of residence and postal address, as well as, in certain cases, information related to your company of employment and position in that company. Where services provided over these websites require payment, you will also need to disclose information as to your preferred mode of payment (e.g., PayPal, credit card).
Whenever you participate in surveys, promotions or contests which may be available on Aramex’s websites, as well as whenever you decide to communicate with Aramex via contact details provided on those websites (or, otherwise, by telephone with Aramex Customer Service), Aramex may collect additional Personal Data which you choose to provide, as far as this is necessary in order to address your request or query. This is also the case regarding information which you choose to disclose in certain sections of Aramex websites which allow your participation in public forums, or the sending of messages directly to Aramex.
- Aramex applications
When creating an account on Aramex applications, you will be asked to submit Personal Data concerning yourself, such as your name (first and last), mobile number, e-mail address and information regarding the credit card to be used as a payment method – number, name, expiry date and card verification number – as well as your shipping address (based on your location, or selected on a map).
- Consignees
Aramex may receive Personal Data concerning yourself from its customers, in order to allow Aramex to complete shipments from those customers to you, as a consignee. In this case, Aramex may also collect Personal Data from you upon shipment delivery. This may include, in particular, your name, surname, telephone number, address and delivery address, as well as, in certain cases, copies of your government-issued identification cards and information related to your credit card (if you use these cards as a payment method, where applicable).
Back to top
b.Data related to users’ devices
- Aramex mobile applications
When choosing to install Aramex applications, you grant permission to Aramex to set up the selected application on your mobile device (“Device”), as well as to access Personal Data and other information stored on your Device which are needed in order to successfully install the application (e.g., Device model, operating system version, screen resolution, network connection type, language, etc.). This collection of information is inherent to the process of installing and setting up Aramex’s applications and, as such, you may not object to it unless you uninstall the application from your Device.
Once an Aramex application has been installed, you may be asked to allow the application to send and read SMS messages from your Device, in order to send you an SMS verification code and to grant you automatic access to the application, upon successful receipt of this code. When using Aramex applications, access may also be requested to your Device’s storage (e.g., when you register shipping addresses on an application), camera (e.g., so that you can scan your credit card in order to insert its details as a payment method in the applications) and Internet access, among other functions where necessary.
Back to top
c. Data related to your location
- Aramex mobile applications
Once you have installed an Aramex application, you may be asked to consent to the application accessing your Device’s location, even when you are not using the application, as well as to your Device’s map functionalities. This is meant to allow Aramex to provide more precise and useful Aramex Services to you via the application, in particular, by allowing you to pinpoint your location, register a shipping address based on your current location (as opposed to searching on a map), track your shipments in real-time (on the day of delivery), ensure correct delivery of your shipments, and so on.
If you believe that the continuous access to your location is too invasive, you can configure your Device in a way to share your position only when the applications are in use. If even this is too invasive, you can always revoke the sharing of your position from the Device settings and simply provide a physical address, zip code or state for the Aramex Services you are interested in (or manually pin your relevant address on a map within the applications).
d. Call recordings
When you contact Aramex’s Customer Support team over the phone, Aramex will store a recording of the call held between you and the Aramex Customer Support agent – this is done, primarily, to retain evidence of service-related requests or complaints handled over the phone (to allow Aramex to demonstrate how they were handled), and for service quality monitoring/training purposes. You will be notified of this through a pre-recorded message presented at the start of the call.
Back to top
e. Shipment Inspection
In order to lawfully provide the Aramex Services, Aramex may be required to physically inspect the shipments which are to be delivered in connection with those Aramex Services, in particular to confirm that any applicable legal shipment restrictions (e.g., due to country of origin or destination, or type of goods shipped) or trade embargoes are respected.
These inspections will be carried out only to detect whether the terms of any applicable legal restrictions regarding incoming and outgoing shipments are respected. In particular, Aramex will not carry out an in-depth inspection of any documents or other items which might reveal Personal Data on the sender, consignee or third persons, unless this is strictly necessary for these compliance purposes. As a result of an inspection, if your shipment is rejected (due to a conflict with, for example, applicable legal import or export restrictions), Aramex will either attempt to arrange for the return of the shipment to its origin (where legally possible to do so) or destroy the shipment, as required by the applicable laws.
Aramex maintains logs of all inspection activities performed, including details on the origin and destination countries of the shipment, the name of the shipper and consignee, a general description of the shipment contents (e.g., “documents”, “shower curtains”, etc.), the country of origin of those contents, the contents’ Harmonized System (HS) code, and the air waybill number for the shipment.
Back to top
f.Shipment history
Aramex will keep logs of details, actions taken and interactions had with you in connection with deliveries made at your request (as a shipper), as well as of deliveries made to you (as a consignee). This may include information such as shipment order date/time, shipment contents (generic description), shipper details (name, contact details, billing address), consignee details (name, contact details, delivery address), delivery method, delivery status, delivery date/time, delivery location, number of failed delivery attempts, preferred communication channel for delivery updates, number of returned deliveries, and so on.
These data will be collected from shipment records, but also from logs generated from the different channels through which you may interact with Aramex (such as our applications and websites, our call centres and SMS/instant messaging channels).
Back to top
g.Special categories of Personal Data
Aramex does not typically need to process more sensitive categories of Personal Data, such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or other types of sensitive information relating to you, such as your genetic data, biometric data or data concerning your health, sex life or sexual orientation, in order to provide the Aramex Services. Though this information may potentially be inferred from some of the Personal Data collected by Aramex (e.g., goods to be shipped), it is not the intention of Aramex to process those categories of Personal Data, and those categories of Personal Data will not be specifically processed for any purpose (other than to provide the Aramex Services).
- Aramex websites and applications
Certain areas of Aramex websites and applications may include free text fields where you can write messages to Aramex, or otherwise allow you to post various types of content, which may contain Personal Data. Where these fields are completely free, you may use them to disclose, or may post content which discloses (inadvertently or not) more sensitive categories of Personal Data such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The content you upload in these fields may also (inadvertently or not) include other types of sensitive information relating to you, such as your genetic data, biometric data or data concerning your health, sex life or sexual orientation
Aramex asks that you do not disclose any sensitive Personal Data in these free text fields or in your posts on Aramex websites or applications, unless you consider this to be strictly necessary. While Aramex does not intend to collect sensitive Personal Data on customers or website / application users (except where this is explicitly stated by Aramex), this may occur where those individuals voluntarily choose to disclose those data.
If you do disclose sensitive Personal Data to Aramex in this manner, then Aramex will process those Personal Data only to the extent that they are adequate, relevant and not excessive regarding the purposes of processing described in this Privacy Policy (see below, Purposes of processing). This will be done, in particular, where necessary to perform a contract with you or to answer a request you make, or otherwise where Aramex can be said to have a legitimate interest in processing those data, due also to the fact that, when you decide to disclose sensitive Personal Data through Aramex websites and applications, you may be manifestly making those Personal Data public.
Back to top
h.Personal Data related to criminal convictions and offences
In order to lawfully provide the Aramex Services, Aramex may be required to screen customers / users / consignees against applicable government denied parties, sanctions and watch lists, as well as politically exposed persons databases. Aramex may also be required to confirm whether its customers or users are allowed to export goods outside of their country of location upon requesting Aramex Services, and/or that customers / users / consignees meet other requirements necessary for customs clearance purposes.
This process may involve asking for a copy of your national identification documents or passport, as well as accessing information on prior sanctions or limitations (of a criminal nature or otherwise) which may have been imposed upon you by order of a court or other competent authority. Aramex will only access this information where this is authorised under the applicable law, and solely to the extent necessary to comply with any legal requirements which may apply.
As a result of a screening exercise, if you are identified as a partial or potential match on any applicable lists, you may be asked to provide further information to confirm your identity (such as a copy of your national identification documents or passport, if you have not been asked for this already). If you are identified as an exact match, Aramex will not be able to complete your shipment; in this case, Aramex will either attempt to arrange for the return of the shipment to its origin (where legally possible to do so) or destroy the shipment, as required by the applicable laws.
Aramex maintains logs of all screening activities performed, including details on the origin and destination countries of the shipment, the name of the shipper and consignee, a general description of the shipment contents (e.g., “documents”, “shower curtains”, etc.), the country of origin of those contents, the contents’ Harmonized System (HS) code, and the air waybill number for the shipment.
i. Other persons’ Personal Data
When requesting Aramex Services, you may decide to provide information on other persons which is relevant for the correct provision of those services (e.g., where you wish to have a delivery made to another person – i.e., a consignee – you will be required to provide information on the consignee). This may include information such as those persons’ name, delivery address and phone number.
In any situation where you decide to share Personal Data related to other persons, you will be considered as an independent data controller regarding those Personal Data, and must assume all inherent legal obligations and responsibilities. This means, among other things, that you must fully indemnify Aramex against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, brought by the third parties whose information you provide to Aramex.
As Aramex does not collect this information directly from these third parties (but rather collects them, indirectly, from you), you must make sure that you have these third parties’ consent before providing any information regarding them to Aramex; if not, then you must make sure there is some other appropriate grounds on which you can rely to lawfully give Aramex this information.
- Aramex websites and applications
Additionally, as mentioned in the previous section, certain areas of the Aramex websites / applications include free text fields where you can write messages to Aramex, or which otherwise allow you to post various types of content. These messages and content may (inadvertently or not) include Personal Data related to other persons. Other sections of Aramex’s websites may ask you to submit Personal Data related to third parties, such as other contact persons in your company or your relatives who are employees of Aramex.
The final two paragraphs of the above subsection (regarding your liability for Personal Data on other persons which you choose to share with Aramex, and your obligation to ensure that you are lawfully entitled to do so) also apply in full in this case.
Back to top
j.Browsing data
- Aramex websites and applications
The operation of Aramex’s websites and applications involves the use of computer systems and software procedures, which collect information about website and application users as part of their routine operation. While Aramex does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.
This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the websites or applications, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
These data are used to compile statistical information on the use of the websites and applications, as well as to ensure their correct operation and identify any faults and/or abuse.
Back to top
k. Cookies, SDKs and tracking technologies
Aramex may process your Personal Data through cookies, SDKs (Software Development Kits) and similar technologies to improve your experience on Aramex’s websites or Aramex applications.
- Aramex websites
Information regarding the use of cookies on each of our websites can be found in the Cookie Policy made available on each website.
- Aramex applications
Information regarding the use of SDKs and tracking technologies on Aramex applications can be found in the SDK Policy which is made available on each applications.
Back to top
3. Purposes of processing
Aramex intends to use the above Personal Data, collected in connection with the provision of Aramex Services, for the following purposes:
- Generally, to allow Aramex to provide Aramex Services to you, including (without limitation) express, freight and logistics services, as well as to allow you to request and receive Aramex Services which are specifically delivered through Aramex’s websites and applications (“Service Provision”). This may include the use of Personal Data in order to (for example):
○ Create shipment labels and airway bills;
○ Track shipment deliveries;
○ Provide updates to customers on shipment status through online portals;
○ Contact consignees in order to narrow down and confirm delivery addresses, and ensure successful completion of deliveries;
○ Allow users to create registered accounts and participate in forums and discussions on Aramex websites and applications;
○ Process payments for Aramex Services, including those requested via Aramex websites or applications;
○ Sending alerts to users regarding Aramex applications, via push notifications on user Devices.
- To gain a better understanding of your preferences in relation to the Aramex Services, based on prior interactions we have had with you (such as deliveries made for you), and better tailor Aramex Services to you, in order to increase their efficiency and improve your experience (“Service Analytics”). This may include the use of Personal Data in order to (for example):
○ Complete or correct inaccurate delivery addresses;
○ Identify the timeslots which you prefer for receiving shipments;
○ Identify whether you prefer picking up shipments yourself (at a retail store or drop-off point), or having shipments delivered to you;
○ Identify your preferred communication channel for shipment updates (SMS, e-mail, apps, phone calls, etc.);
○ Determine the likelihood of any obstacles which may arise to correct and timely service delivery.
- For future marketing, promotional and publicity purposes (“Marketing”). This may include the use of Personal Data in order to (for example):
○ Allow you to participate in contests and promotions held or sponsored by Aramex;
○ Send you direct marketing messages, through e-mail, SMS, push notifications (on mobile devices) or telemarketing calls;
○ Send you surveys and other messages aimed at market research, through e-mail, SMS, push notifications (on mobile devices) or telemarketing calls;
○ Show you advertisements related to Aramex goods and services on other websites and platforms, by sharing limited amounts of your Personal Data (for example, your e-mail address) with third-party website/platform providers.
- To create a profile of you as a user of Aramex’s websites / applications, through the use of Marketing cookies or SDKs (see Cookies, SDKs and tracking technologies, above) and by collecting and analysing information on the preferences you select and choices you make in Aramex’s websites / applications, as well as through your Device data (e.g., IFDA). This information will be used to personalise the Aramex Services provided through the websites and applications, where possible, to suit your preferences and choices, as well as to serve you with information and advertisements which may be relevant to you and your interests. All algorithms involved in this processing are regularly tested, to ensure the processing’s fairness and control for bias (“Profiling”);
- To keep records of requests, complaints or transactions carried out over the phone between you and an Aramex Customer Support agent, to prove that those requests, complaints or transactions took place at a given date and time, as well as for quality assurance purposes – namely, to incidentally confirm that Aramex Customer Support agents provide high-quality support to Aramex customers (“Call Recording”);
- For compliance with laws which impose upon Aramex the collection and/or further processing of certain kinds of Personal Data (“Compliance”);
- For development and administration of Aramex’s websites and applications, in particular by use of data analytics regarding how you and other users use those websites / applications, as well as the information and feedback you provide, in order to improve Aramex’s offerings (“Analytics”);
- To prevent and detect any misuse of Aramex’s websites or applications, or any fraudulent activities carried out through the Website (“Misuse/Fraud”).
Back to top
4. Grounds for processing and mandatory / discretionary nature of processing
Aramex’s legal bases to process your Personal Data, according to the purposes identified in Purposes of processing above, are as follows:
-
Service Provision: processing for these purposes is necessary to provide the Services and, therefore, is necessary for the performance of a contract with you. It is not mandatory for you to give Aramex your Personal Data for these purposes; however, if you do not, Aramex will not be able to provide any Services to you.
-
Service Analytics: processing for this purpose is generally based on Aramex’s legitimate interests, namely, in improving the efficiency and effectiveness of the Aramex Services, as well as improving the Aramex customer/consignee experience. You are allowed to object to this, and also to ask for more information about the assessments carried out by Aramex regarding its legitimate interests, by sending us a support request (please see Data subjects' rights, below, for more information).
- Marketing: processing for this purpose is based on your consent. It is not mandatory for you to give consent to Aramex for use of your Personal Data for these purposes, and you will suffer no consequence if you choose not to (aside from not being able to receive further marketing communications from Aramex). Any consent given may also be withdrawn at a later stage (please see Data subjects' rights, below, for more information).
- Profiling: processing for this purpose is based on your consent, given by accepting the use of Marketing cookies or SDKs (see Cookies, SDKs and tracking technologies, above). It is not mandatory for you to give consent to Aramex for use of your Personal Data for this purpose, and you will suffer no consequence if you choose not to (aside from not being able to benefit from greater personalisation of your user experience regarding Aramex’s websites and applications). Any consent given may also be withdrawn at a later stage (please see Data subjects' rights, below, for more information).
- Call Recording: processing for this purpose is generally based on Aramex’s legitimate interests, namely, in retaining evidence of requests, complaints and transactions carried out with Aramex customers over the phone – so that Aramex can demonstrate when they took place, and ensure that they are properly addressed by Aramex – and in ensuring that Aramex Customer Support agents provide high-quality assistance to Aramex customers (by incidentally reviewing calls held by each agent). You are allowed to object to this, and also to ask for more information about the assessment carried out by Aramex regarding its legitimate interests, by sending us a support request (please see Data subjects' rights, below, for more information).
In some jurisdictions, Aramex may not be legally allowed to record phone calls you take part in without your consent. Where this is the case, processing for this purpose will be based on your consent. In this case, it is not mandatory for you to give consent to Aramex for use of your Personal Data for this purpose, though you may be redirected to another communication channel in order to address your support request with Aramex. Any consent given may also be withdrawn at a later stage (please see Data subjects' rights, below, for more information).
- Compliance: processing for this purpose is necessary for Aramex to comply with its legal obligations. When you provide any Personal Data to Aramex, Aramex must process it in accordance with the laws applicable to it, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations.
In some cases – notably regarding screening of senders/consignees against existing blacklists or the inspection of shipments – Aramex may base the related processing activities on its legitimate interests, namely, in ensuring that any applicable shipment restrictions are complied with. You are allowed to object to this, and also to ask for more information about the assessment carried out by Aramex regarding its legitimate interests by sending us a support request (please see Data subjects' rights, below, for more information).
- Analytics: processing for this purpose is generally based on Aramex’s legitimate interests, namely, in understanding how users interact with Aramex’s websites and applications through collected browsing data and to improve them accordingly, with the aim to providing a better user experience. You are allowed to object to this, and also to ask for more information about the assessment carried out by Aramex regarding its legitimate interests by sending us a support request (please see Data subjects’ rights, below, for more information).
Where Statistics cookies or SDKs are specifically used to collect this information (see Cookies, SDKs and tracking technologies, above), this is based on your consent, given by accepting the use of Statistics cookies or SDKs (see Cookies, SDKs and tracking technologies, above). It is not mandatory for you to give consent to Aramex for use of your Personal Data for this purpose, and you will suffer no consequence if you choose not to. Any consent given may also be withdrawn at a later stage (please see Data subjects’ rights, below, for more information).
- Misuse/Fraud: processing for this purpose is generally based on Aramex’s legitimate interests, namely, in preventing and detecting fraudulent activities or misuse of Aramex’s websites and applications (for potentially criminal purposes), and ensuring the security of Aramex’s websites and applications. You are allowed to object to this, and also to ask for more information about the assessment carried out by Aramex regarding its legitimate interests by sending us a support request (please see Data subjects’ rights, below, for more information).
Back to top
5. Recipients of Personal Data
Your Personal Data may be shared with the following list of persons / entities (“Recipients”):
- The specific Aramex customer on behalf of which Aramex is providing Aramex Services to you, where are a consignee;
- Entities engaged in order to screen Aramex customers and consignees against applicable government denied parties, sanctions and watch lists, as well as politically exposed persons databases, as required or authorised by the applicable law;
- Individuals or entities engaged in order to provide Aramex Services on Aramex’s behalf (e.g., couriers, call center agents, service partners, hosting providers or e-mail platform providers), as well as persons authorised by Aramex to process Personal Data needed to carry out activities strictly related to the provision of the Aramex Services (e.g., Aramex employees), who are bound to obligations of confidentiality, may only process Personal Data under Aramex’s instructions and must comply with security measures set by Aramex;
- Persons, companies or professional firms providing Aramex with advice and consultancy regarding accounting, administrative, analytics, legal, tax, financial and debt collection matters related to the provision of Aramex Services;
- Entities engaged as data processors, to carry out processing activities related to Marketing, Profiling and/or Analytics on Aramex’s behalf, where you have consented to processing of your Personal Data for these purposes (e.g., SMS engines, certain third-party cookie providers);
- Third-party providers of websites and online platforms, to carry out processing activities related to Marketing (in particular, displaying Aramex advertisements on their websites / online platforms):
- Persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks);
- Companies within the Aramex Group (which may also assist in providing Aramex Services to a customer / user / consignee, depending on his/her location); and
- Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities;
Back to top
6. Transfer of Personal Data
Considering Aramex’s worldwide presence and business operations, your Personal Data may be transferred to Recipients located in several different countries. In particular, whenever you rely on Aramex Services for any cross-border operations (such as the delivery of a shipment from one country to another), Personal Data may be transferred to the receiving country.
Aramex implements appropriate safeguards to ensure the lawfulness and security of these Personal Data transfers, in particular regarding transfers of Personal Data from within the EEA to outside the EEA. As a rule, whenever an adequacy decision from the European Commission is not available for the recipient country, Aramex enters into agreements with recipients containing standard data protection clauses adopted by the European Commission, or otherwise relies on any other more appropriate lawful transfer mechanisms available under the applicable data protection law.
Back to top
7. Retention of Personal Data
Personal Data processed for Service Provision will be kept by Aramex for the period deemed strictly necessary to fulfil such purposes – in any case, as these Personal Data are processed for the provision of Aramex Services, Aramex may continue to store this Personal Data for a longer period, as may be necessary to protect Aramex’s interests concerning potential liability linked to the provision of Aramex Services.
Personal Data processed for Service Analytics, as well as Analytics which are based on Aramex’s legitimate interests (analytics performed on browsing data; see Purposes of processing, above), will be aggregated as soon as feasible, and thus will be kept as Personal Data only for the period deemed strictly necessary to allow for such aggregation.
Personal Data processed for Analytics, where based on your consent (analytics performed using Statistical cookies or SDKs; see Purposes of processing, above), will be kept by Aramex from the moment you give consent until the moment you withdraw the consent given. Once consent is withdrawn, Personal Data will no longer be used for these purposes, although it may still be kept by Aramex, in particular as may be necessary to protect Aramex’s interests concerning potential liability linked to this processing.
Personal Data processed for Marketing and Profiling will be kept by Aramex from the moment you give consent until the moment you withdraw the consent given. Once consent is withdrawn, Personal Data will no longer be used for these purposes, although it may still be kept by Aramex, in particular as may be necessary to protect Aramex’s interests concerning potential liability linked to this processing.
Personal Data processed for Call Recording (in particular, the recordings themselves) will be kept by Aramex, as a rule, for up to 1 year from the date on which a call to the Aramex Customer Support team is made. In jurisdictions where Aramex may only legally record phone calls you take part in with your consent, call recordings may be retained from the moment you give consent until the moment you withdraw the consent given.
However, in the event that selected call recordings are reasonably necessary for Aramex to establish, exercise or defend against legal claims, or otherwise to protect Aramex’s interests concerning potential liability linked to the provision of the Aramex Services, they may be kept for a longer period.
Personal Data processed for Compliance will be kept by Aramex for the period required by the specific legal obligation or by the applicable law. In particular, logs related to screening or inspection exercises carried out by Aramex will be kept for up to 5 years, after which they will be archived. Archived logs will only be accessed where this is reasonably necessary for Aramex to establish, exercise or defend against legal claims, or otherwise to protect Aramex’s interests concerning potential liability linked to the provision of the Aramex Services.
Personal Data processed for Misuse/Fraud will be kept by Aramex for as long as deemed strictly necessary to fulfil the purposes for which it was collected, unless you validly object to the processing of your Personal Data for these purposes (please see Data subjects' rights, below, for further information).
Back to top
8. Data subjects’ rights
Under the Regulation, you, as a data subject, are entitled to exercise the following rights before Aramex, at any time:
-
Access your Personal Data being processed by Aramex (and/or a copy of that Personal Data), as well as information on the processing of your Personal Data;
-
Correct or update your Personal Data processed by Aramex, where it may be inaccurate or incomplete;
-
Request erasure of your Personal Data being processed by Aramex, where you feel that the processing is unnecessary or otherwise unlawful;
-
Request the restriction of the processing of your Personal Data, where you feel that the Personal Data processed is inaccurate, unnecessary or unlawfully processed, or where you have objected to the processing;
-
Exercise your right to portability: the right to obtain a copy of your Personal Data provided to Aramex, in a structured, commonly used and machine-readable format, as well as the transmission of that Personal Data to another data controller; or
- Withdraw your consent to processing (for Marketing, Profiling, Analytics and, where applicable, for Call Recording).
Regarding processing purposes which are based on our legitimate interests (see Purposes of processing, above) you are also entitled to object to the processing of your Personal Data, based on relevant grounds related to your particular situation, which you believe must prevent Aramex from processing your Personal Data. If you do, then we will only continue processing your Personal Data for the purpose in question if we can demonstrate that we have a compelling legitimate interest to continue doing so, or if we need to in order to establish, exercise or defend against any legal claims.
Please note that most of the personal information you provide to Aramex can be changed at any time, including your e-mail preferences, by accessing the user profile you can create on Aramex’s websites and applications.
You can also withdraw consent regarding processing for Marketing by selecting the appropriate link included at the bottom of every marketing e-mail message received. Specifically, regarding Marketing carried out via push notifications, you can withdraw this consent via the options made available through Aramex’s applications, or through your Device’s settings:
You can withdraw consent regarding processing for Profiling and Analytics performed using Marketing or Statistics cookies, SDKs or other tracking technologies by using the consent management platform made available on Aramex websites / tracking settings made available on Aramex applications.
Aside from the above means, you can also exercise your rights described above by sending us a support request via Aramex’s websites, by filling out the form available here.
In any case, please note that, as a data subject, you are also entitled to file a complaint with the competent supervisory authorities for the protection of Personal Data, if you believe that the processing of your Personal Data carried out by any Aramex Station is unlawful. If you are located within the EU, you are entitled to file these complaints with supervisory authorities located (1) in the Member State of your habitual residence, (2) in the Member State of your place of work or (3) in the Member State where you believe the unlawful processing occurred.
Back to top
9. Amendments
This Privacy Policy entered into force on November 15, 2022. Aramex reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, e.g., as a result of changes in applicable law. Aramex will inform you of any substantial changes as soon as they are introduced (through a pop-up on Aramex’s website, and through e-mail notifications sent to customers / users / consignees included in Aramex’s mailing lists). Changes will be binding as soon as they are published.
Back to top