This website uses cookies to improve (your experience on) our website. We do not use cookies which require your consent. For more information on the cookies that we use, please read  Our Privacy Policy
RMIS PRIVACY POLICY

RMIS PRIVACY POLICY

Version February 2020

This privacy policy sets out how Registry Monitoring Insurance Services, Inc. (hereinafter referred to as: “RMIS”, “we”, “our”) handles personal data of website visitors, account users (hereinafter referred to as: “client”) and carriers as listed on the website (hereinafter jointly referred to as: “user” or “you”).

If you click on one of the topics below, the information on this topic will fold out.

  1. Definitions
    1. In these privacy policy, the following definitions apply:
    Applicable privacy legislation All applicable privacy legislation, such as the General Data Protection Regulation (“GDPR”) and the relevant national implementation acts.
    Personal data Any information relating to an identified or identifiable natural person. Information strictly related to businesses does not fall under the notion of personal data.
    Privacy policy This present privacy policy.
    Processing Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    RMIS Registry Monitoring Insurance Services, Inc.
    5388 Sterling Center Drive
    Westlake Village CA 91361
    United States
    Services RMIS provides an online tool to capture carrier compliance information and share that information (“database”) with the carrier’s and RMIS’ mutual customers (“client”). This data is used by the client to determine if the carrier meets the client’s business rules and requirements for carrying freight for the client and the client’s clients and partners. This data and the RMIS analysis of the data will be used by the client to determine if the carrier meets their requirements to conduct business together. This data might include (but is not limited to) carrier company information, contact information, VAT information, license information, insurance information, agreements between the carrier and client, and any other information pertaining to the requirements of the client for working on their behalf.
    Website www.rmiseurope.com
    1. Other terms that are defined in the applicable privacy legislation, such as (joint) controller, processor, data subject and data breach will have the meaning as described in the applicable privacy legislation.
  2. Scope
    1. The scope of this privacy policy is limited to processing activities to which the General Data Protection Regulation (hereinafter referred to as: “GDPR”) and its national implementation acts apply.
    2. The GDPR applies in this case with regard to the processing of personal data where the processing activities are related to offering our services to users in the European Union.
  3. Responsibility
    1. Insofar as the GDPR is applicable to you, we will only process your personal data in accordance with the applicable privacy legislation and as described in this privacy policy.
    2. Our website does not include links to or plug-ins from third parties. Should this be the case in the future, we will inform you thereof.
    3. You are responsible for the accuracy of the information provided to us. Should any information be inaccurate, please contact us in order for us to correct it.
  4. How we obtain your personal data
    1. We obtain your personal data in various ways:
      1. We obtain information actively provided by you. For example, if you contact us, if you sign up for our newsletter or if you provide information to us in the course of our services.
      2. We obtain some information automatically when you visit our website. For example, we automatically obtain information about you via cookies when you visit our website. For more information on this, please see Article 6.
      3. We also obtain information from third parties. For example, we may request information about your company from the Trade Register of the Chamber of Commerce, Freight Forwarding Authorities, Insurers, Community licensing authorities and European Commission VIES VAT checking service.
    2. It may be that providing certain personal data to us is necessary to enter into a contract or that you are otherwise obliged to provide the data to us. If that is the case, we will inform you thereof separately and will also explain the possible consequences if you fail to provide such personal data to us.
  5. Details of processing
    1. It depends on the processing activity, which personal data we process about you, for which purposes and based on which legal ground. Please find an overview below.

      CATEGORIES OF PERSONAL DATA

      1. If you visit our website, we process the following personal data about you:
        1. IP address;
        2. Location;
        3. Information about your device;
        4. Information obtained through cookies (please see 6).
      2. If you are a client, we additionally process:
        1. Name of the user;
        2. Name of the company where the company is a sole proprietor;
        3. Contact details of the user;
        4. Function within the company;
        5. Username and password;
        6. Other account information identifying the user, such as correspondence.
      3. If you are a carrier, we process the following information in addition to the categories under 1.1:
        1. Name of the company where the company is a sole proprietor;
        2. Contact details of the contact person employed by the carrier;
        3. User-ID number;
        4. Username and password;
        5. Information about your transportation operations, including operating areas, insurance data, address information, VAT information, licenses;
        6. Other information in which the foregoing categories are mentioned, such as the documentation as mentioned in Annex A to this privacy policy;
        7. Other information identifying the user, such as correspondence.

      Please note that not all information of the client or carrier processed by us will be shared with other parties in the database.

      PURPOSES AND LEGAL GROUNDS

      If you visit our website, we may process your personal data for the following purposes:

      1. To improve (your user experience on) our website: we use your personal data for instance to change the settings based on your device, improve technical features of the website and to store your preferences. These processing activities take place on the basis of our legitimate interests, namely to conduct our normal business activities.

      If you are a client, we process personal data for the following additional purposes:

      1. Performance of a contract: we use your personal data to carry out a contract that you have concluded with us or in order to take steps at your request prior to entering into such a contract. These processing activities take place on the basis of the necessity for the performance of a contract.
      2. Communication: we use your personal data to communicate with you about our products and services and to inform you of matters that are important for your account and/or use of the website. These processing activities take place on the basis of necessity for the performance of a contract or for purposes of our legitimate interests, namely to conduct our normal business activities.
      3. Marketing purposes: we may use your personal data to provide you with marketing-related communication and/or advertisements via e-mail. These activities are carried out on the basis of the following grounds:
        • Legitimate interest: if you have provided us with contact details specifically intended to receive marketing related e-mails.
        • Consent: we send you our newsletters and marketing e-mails in any other case than the above on the basis of your prior consent. You always have the option to unsubscribe from our mailings, e.g. via the unsubscribe link in our newsletter and marketing e-mails.
      4. Customer service: if you contact our customer service, your personal data are used to provide you with our customer service. These processing activities take place on the basis of necessity for the performance of a contract or for purposes of our legitimate interests, namely to conduct our normal business activities.

      If you are a carrier, we process personal data for the following additional purposes:

      1. Listing your services in our database: we use your personal data to list your services in our database as requested by our mutual client, who will then assess your carrier services. In some cases, we might validate the information provided by you with third parties, such as Freight Forwarding Authorities, Insurers, Community licensing authorities and European Commission VIES VAT checking services or carry out compliance services. Publicly available information, such as the VAT-number and Community licenses of your company, will be visible for all clients who have requested your listing in our database. Information regarding your business relationship with a specific client will only be available for that specific client. Your personal data may be included in the obligatory information. These processing activities take place on the basis of your consent.
      2. Communication: we use your personal data to communicate with you about our products and services and to inform you of matters that are important for your account and/or use of the website. These processing activities take place on the basis of necessity for the performance of a contract or for purposes of our legitimate interests, namely to conduct our normal business activities.
      3. Customer service: if you contact our customer service, your personal data are used to provide you with our customer service. These processing activities take place on the basis of necessity for the performance of a contract or for purposes of our legitimate interests, namely to conduct our normal business activities.
      4. Legal obligations: your personal data might be processed in order for us comply with a legal obligation that is applicable to us. These processing activities take place on the basis of necessity regarding compliance with a legal obligation.
    2. If and insofar your personal data is processed on the basis of legitimate interests, information can be obtained by you as to the so-called balancing test that was carried out to allow us to rely on this processing ground. Please find our contact details below.
    3. It may be that we intend to further process your personal data for a purpose other than those for which the personal data have been collected. In such case, we will provide you with information about the(se) other purpose(s) and all relevant further information prior to that further processing.
  6. Cookies
    1. We only use functional cookies to improve (your user experience) on our website. We do not use any tracking cookies or affiliate cookies. Should we do so in the future, we will inform you thereof. Please see below an overview of the cookies that we use:
    Name cookie Purpose of the cookie Is this cookie placed by a third-party or is the cookie information shared with third parties by RMIS? Validity period Consent required
    Functional cookies .AspNet.Consent Tracks if the GDPR cookie policy has been acknowledged. Placed by RMIS. Not shared. The duration of the web browser session. Yes
    .AspNetCore.Antiforgery.* Used by the server to maintain security and prevent cross site scripting attacks. Placed by RMIS. Not shared. The duration of the web browser session No
    .AspNetCore.Cookies Used by the server to maintain state information. Placed by RMIS. Not shared The duration of the web browser session No
    .AspNetCore.Culture Used by the server to store language used by the user. Placed by RMIS. Not shared The duration of the web browser session. No
    rmisRegSessionID Used by the server to store data during a new carrier registration/application. Placed by RMIS. Not shared The duration of a new registration/application session. No
    1. You can change your cookie settings in general – for all websites you visit – via your browser settings. Within your browser you can change your cookie preferences and choose whether you wish to accept cookies or not. If differs per browser which sort of choices you can make, such as denying all third-party cookies. For further information on how you can change your browser settings, please be referred to: www.aboutcookies.org/how-to-control-cookies/.
    2. Please note that if you refuse functional cookies, it may disable you to use our database.
  7. Sharing with third parties
    1. For the provision of our services we share your personal data on a strictly need-to-know-basis with:
      1. affiliate companies of RMIS;
      2. clients if you are carrier;
      3. the selected carrier(s) if you are a client;
      4. subcontractors and service providers involved, such as auditing companies, consulting and law firms, insurance companies, other authorities and hosting and payment providers;
        • AWS as our hosting provider regarding the website and information gathered thereon;
        • Auth0 as our hosting provider regarding the user-data (usernames and passwords).
      5. competent authorities, such as the authorities of the country of transit or destination for customs clearance in as far as required by the laws of the respective country.
  8. Processing in the United States
    1. When you visit our website or use our services, your personal data are processed in the United States because that is where RMIS is located. Your personal data are stored with our processor in the EU. RMIS will in any case process your personal data in accordance with the applicable privacy legislation. As the GDPR applies to us with regard to our processing activities related to offering our services to users in the European Union, no additional safeguarding measures as listed in Chapter V of the GDPR are needed for the processing activities by us in first instance.
    2. Where we involve processors in relation to us offering our services to users in the European Union, regardless of their location, these processors will also fall under the scope of the GDPR. For this reason, we will enter into a processing agreement with such processing party. Additional safeguarding measures as listed in Chapter V of the GDPR are not necessary.
    3. Where we involve third parties located outside the European Economic Area for any other reasons than our processing activities related to offering our services to users in the European Union, such transfer is based on:
      1. The consent of the data subject whose personal data are included the documents to be transferred; or
      2. The necessity for the performance of our contract with you.
  9. Security
    1. We take appropriate organizational and technical security measures to protect your personal data and to prevent misuse, loss or alteration thereof. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who need to have access in view of their work/services. Also, the aforementioned persons involved are bound by a confidentiality obligation, either in their employment agreements or (data processing) agreements.
    2. Examples of technical security measures taken by us are:
      1. logical and physical security (e.g. safe, doorman, firewall, network segmentation);
      2. technical control of the authorizations (as limited as possible) and keeping log files;
      3. management of the technical vulnerabilities (patch management);
      4. keeping software up-to-date (e.g. browsers, virus scanners and operating systems);
      5. making back-ups to safeguard availability and accessibility of the personal data;
      6. automatic erasure of outdated personal data;
      7. encryption of personal data;
      8. applying hashing or (other) pseudonymization methods to personal data; and
      9. provide secure storage facilities for end-users (e.g. file server storage).
    3. Examples of organizational security measures taken by us are:
      1. assign responsibilities for information security;
      2. promote privacy and security awareness among new and existing employees;
      3. establish procedures to test, assess and evaluate security measures periodically;
      4. check logfiles regularly;
      5. using a protocol for handling data breaches and other security incidents;
      6. conclude confidentiality, data processing and data protection agreements;
      7. assess whether the same objectives can be achieved with less personal data;
      8. provide access to personal data to as few people within the organization as possible; and
      9. define the decision-making and underlying considerations per processing.
    4. We have internal security policies in place in which it is further described how we ensure an appropriate level of technical and organizational security measures. We also have a data breach policy in place in which it is described how we deal with a (possible) data breach.
  10. Retention periods
    1. In principle, we do not store your personal data any longer than is strictly necessary for the purposes for which we process your personal data. RMIS has put in place a Retention Policy to ensure that your personal data are deleted after a reasonable period.
    2. We have the following retention terms in place:
      1. Session data collected during carrier registration/application is retained for 30 days. Data collected during the session, but not completed/submitted will be destroyed after 30 days.
      2. Completed registration/application data is stored for 7 years after the end of the business relationship between the client and the carrier or until the client requests deletion.
    3. In exceptional cases, we may process your personal data longer. This is the case if we need to process your personal data for a longer period in view of:
      1. a longer minimum statutory retention period that applies to us or other specific statutory obligation;
      2. a legal procedure;
      3. the right to freedom of expression and to information;
      4. a task carried out in the public interest or in the exercise of official authority vested in the controller; or
      5. public health.
    4. Please contact us via our contact details displayed below, should you wish to be further informed on how long RMIS processes your personal data.
  11. Your rights
    1. In relation to our processing of your personal data, you have the below privacy rights. For more information on your privacy rights, please be referred to this webpage of the European Commission.
      1. Right to withdraw consent: in so far as our processing of your personal data is based on your consent (see above), you have the right to withdraw consent at any time.
      2. Right of access: you have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you (but not necessarily the documents themselves). We will then also provide you with further specifics of our processing of your personal data.
      3. Right to rectification: you have the right to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
      4. Right to erasure: you have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where: (i) the personal data are no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing activities, (iv) the personal data have been unlawfully processed, (v) the personal data have to be erased on the basis of a legal requirement, or (vi) where the personal data have been collected in relation to the offer of information society services. We do not have to honour your request to the extent that the processing is necessary: (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation which requires processing, (iii) for reasons of public interest in the area of public health, (iv) for archiving purposes, or (v) for the establishment, exercise or defence of legal claims. In case we honor your request, we will take reasonable steps to inform our mutual clients thereof, however we are not responsible for the way our mutual clients handle your request. We therefore recommend to additionally file a request for deletion with the respective client where necessary.
      5. Right to object: you have the right to object to processing of your personal data where we are relying on legitimate interests as processing ground (see above). Insofar as the processing of your personal data takes place for direct marketing purposes, we will always honour your request. For processing for other purposes, we will also cease and desist processing, unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that are related to the institution, exercise or substantiation of a legal claim.
      6. Right to restriction: you have the right to request restriction of processing of your personal data in case: (i) the accuracy of the personal data is contested by you, during the period we verify your request, (ii) the processing is unlawful and restriction is requested by you instead of erasure, (iii) we no longer need the personal data but they are required by you for the establishment, exercise or defence of legal claims, or (iv) in case you have objected to processing, during the period we verify your request. If we have restricted the processing of your personal data, this means that we will only store them and no longer process them in any other way, unless: (i) with your consent, (ii) for the establishment, exercise or defence of legal claims, (iii) for the protection of the rights of another natural or legal person, (iv) or for reasons of important public interest
      7. Right to data portability: you have the right to request to transfer of your personal data to you or to a third party of your choice (right to data portability). We will provide to you, or such third, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies if it concerns processing that is carried out by us by automated means, and only if the our processing ground for such processing is your consent or the performance of a contract to which you are a party (see above).
      8. Automated decision-making: you have the right not to be subject to a decision based solely on automated processing, which significantly impacts you (“which produces legal effects concerning you or similarly significantly affects you”). In this respect, please be informed that when processing your personal data, we do not make use of automated decision-making.
      9. Right to complaint: in addition to the above mentioned rights you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or of an alleged infringement of the GDPR at all times. Please be referred to this webpage for an overview of the supervisory authorities and their contact details. However, we would appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us beforehand.
    2. The exercise of the abovementioned rights is free of charge and can be carried out by phone or by e-mail via the contact details displayed below. If requests are manifestly unfounded or excessive, in particular because of the repetitive character, we will either charge you a reasonable fee or refuse to comply with the request.
    3. We may request specific information from you to help us confirm your identity before we comply with a request from you concerning one of your rights.
    4. We will provide you with information about the follow-up to the request without undue delay and in principle within one month of receipt of the request. Depending on the complexity of the request and on the number of requests, this period can be extended by another two months. We will notify you of such an extension within one month of receipt of the request. The applicable privacy legislation may allow or require us to refuse your request. If we cannot comply with your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
  12. Contact details
    1. For any questions, comments or requests, you may contact us via eu_support@rmis.com.
  13. Miscellaneous
    1. RMIS is entitled at all times to delete your personal data without notice. In such a case, RMIS owes no compensation to you as a result of the termination of the account.
    2. If provisions from this privacy policy are in conflict with the law, they will be replaced by provisions of the same purport that reflects the original intention of the provision, all this to the extent legally permissible. In that case, the remaining provisions remain applicable unchanged.
    3. RMIS reserves the right to change this privacy policy on a regular basis. Where required, RMIS will inform you of updates made to this privacy policy. The current version is always available on our website. This privacy policy was last amended and revised in February 2020.
  14. Annex A – Information that we gather from you, which might contain personal data
    • Affidavits;
    • Agreements between carrier and client;
    • Certificate of Insurance;
    • Commercial register information;
    • Company charter information;
    • Contact information;
    • Corporate registration data
    • Equipment information;
    • Insurance data;
    • License information;
    • Operating areas;
    • Questionnaires required by the client;
    • Social situation information;
    • VAT information.