Privacy Policy

Evergreen Line, together with its related partnerships, affiliates, and global agencies (collectively referred to as "Evergreen Line", "we", "us", or "our"), is committed to protecting the Personal Data of individuals with whom we interact, including visitors to our Sites, customers, suppliers, and job applicants (collectively referred to as "you" or "your"). In accordance with Applicable Laws, we issue this Privacy Policy, which is incorporated into and subject to our Terms of Use. It explains how we, as a data controller, Process your Personal Data in accordance with core data protection principles, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability. This Privacy Policy applies to all Sites operated and services provided by us. Terms used in this Privacy Policy are defined in Clause 20 below.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The latest version will always be available on our Sites. We encourage you to read this Privacy Policy carefully and review it regularly to stay informed about how we Process your Personal Data.

This Privacy Policy is written in English. In the event of any discrepancy between a translated version and the English version, the English version shall prevail.

Depending on your interactions with us, the choices you make (including your privacy settings), and the services you use, we may collect your Personal Data through various means, including:

1. Data you provide directly;
2. Data from public sources (e.g., social media, press releases, or newsletters);
3. Data collected automatically (e.g., cookies, web beacons, or usage logs);
4. Data from third parties with whom you interact (e.g., shippers, consignees, their employees, or law enforcement authorities).

Unless otherwise required by Applicable Laws, you are not legally obligated to provide us with your Personal Data. However, if you choose not to provide certain information, or if the data you provide is incomplete or inaccurate, we may not be able to deliver the services you have requested, or fulfill our contractual obligations.

In certain circumstances, we may create Personal Data about you, such as when recording your communications with us, including interviews conducted during job applications. We may also record telephone calls, meetings, and other interactions involving you in accordance with Applicable Laws. Additionally, we may combine Personal Data collected through our Sites or services, including data gathered across different devices and platforms, to better serve you and improve our offerings.

When you interact with us, including when you visit our Sites, we may collect the following categories of your Personal Data:

1. Contact information and identification information: name, photograph, gender, date of birth, age, nationality, job title, passport number, national identification number, postal address, email address, phone number, and social media or online messaging details.
2. Consent records: documentation of any consents you have provided, including the date, time, method, and any associated information (e.g., digital signature).
3. Employment-related data: your employer’s name, address, contact information, if you engage with us in your professional capacity.
4. Payment and accounting information: bank account or credit card number, payment preferences or history, billing address, account holder name, and other data required for transaction processing.
5. Public records: data from public sources, such as press releases, court rulings, or government sanctions lists (e.g., Specially Designated National (SDN) list).
6. Technical, usage data and online identifiers: device type, IP address, language preferences, time zone, browser and operating system details, login credentials, cookies, session logs, usage statistics, and other technical identifiers related to your use of our Sites.
7. Feedback and opinions: feedback, comments, or opinions you provide directly to us, or post publicly.
8. Advertising interaction data: records of your interactions with our online content or advertisements (e.g., clicks, impressions, or form submissions).
9. Transactional and inquiry data: records of inquiries about our services, your expressed interest, or documentation related to transactions.

We do not knowingly collect Sensitive Personal Data unless explicitly required by Applicable Laws or unless we have obtained your prior explicit consent. If you voluntarily disclose such data to us, you are responsible for ensuring its disclosure is lawful and that appropriate consent or legal basis has been obtained.

To improve our Sites and services, we may aggregate or anonymize Personal Data in a manner that ensures it can no longer identify you, either directly or indirectly. For example, we may analyze usage patterns across our Sites by compiling user statistics. We may share aggregated or anonymized information with third parties for legitimate business purposes.

We may Process your Personal Data based on one or more of the following legal bases:

1. Your consent;
2. Performance of a contract to which you or your company is a party, or to take steps at your request prior to entering such a contract;
3. Compliance with legal obligations;
4. Protection of your vital interests or those of another natural person;
5. Our legitimate interests, provided they do not override your fundamental rights, freedoms, or interests.

Where Processing relies on your consent, you may withdraw it at any time by contacting us via the information provided at the end of this Privacy Policy. However, the withdrawal of consent does not affect the lawfulness of Processing before the withdrawal.

In addition, where our Processing of Personal Data is likely to result in high risks to your rights and freedoms, particularly when using new technologies or Processing large-scale sensitive data, we will conduct a Data Protection Impact Assessment (DPIA) in accordance with Applicable Laws.

We may collect and Process your Personal Data for the following purposes:

1. Provision of shipping and logistics services;
2. Business operations, service optimization, and analytics;
3. Customer service, communications, and marketing activities;
4. IT and physical infrastructure security;
5. Financial processing and auditing;
6. Legal proceedings, investigations, and enforcement;
7. Compliance with legal obligations (e.g., "Know Your Customer" (KYC) checks, anti-bribery compliance, sanctions screening);
8. Recruitment, hiring, and employment-related evaluations;
9. Any other purposes described in a specific consent notice provided to you.

We may disclose your Personal Data to:

1. You or your authorized representatives;
2. Our subcontractors, such as carriers, terminals, depots, accountants, auditors, consultants, and advisors;
3. Regulatory and legal authorities where required by Applicable Laws;
4. Other parties for the purposes specified in this Privacy Policy;
5. Potential buyers or acquiring entities during business transfers;
6. External service providers, such as cloud hosting providers and analytics vendors;
7. Marketing partners, only with your prior consent.

We ensure that such disclosures comply with Applicable Laws and, where necessary, are subject to appropriate contractual safeguards, such as data processing agreements.

Where we engage Processors, we will require them to enter into written agreements mandating confidentiality, to ensure the confidentiality and integrity of the Personal Data, and to comply with applicable legal obligations.

Given the global nature of our business and the purposes set out in this Privacy Policy, we may transfer your Personal Data internationally to members of Evergreen Line, its related partnerships, affiliates, and global agencies, as well as to the third parties noted in Clause 9 above, some of whom may be located outside your jurisdiction.

Where Personal Data is transferred outside your jurisdiction, we implement appropriate legal, organizational, and technical safeguards to ensure its protection. These safeguards may include the use of Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized mechanisms under Applicable Laws.

We retain your Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required under Applicable Laws. When your Personal Data is no longer needed, we will delete or anonymize it in accordance with our internal policies and applicable legal requirements.

We have established, documented, and implemented an Information Security Management System (ISMS) based on the ISO/IEC 27001 standard. This ISMS is designed and regularly reviewed to ensure a level of security appropriate to the risks, including:

1. Pseudonymization and encryption of Personal Data;
2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems;
3. The ability to restore the availability of, and access to, Personal Data in a timely manner in the event of a physical or technical incident;
4. Regular testing, assessing and evaluating the effectiveness of technical and organizational measures.

Our ISMS operates under the "Plan-Do-Check-Act" (PDCA) cycle to support continuous improvement of its effectiveness. We have also obtained ISO/IEC 27001 certification. Based on this framework, we have implemented a comprehensive set of administrative, physical, and technical safeguards to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and other unlawful forms of processing, in accordance with Applicable Laws.

Please note that the internet is an open system, and data transmission over the internet cannot be fully secured. To protect your Personal Data and our systems, we recommend that you do not share any personally identifiable information, such as passwords or personal identification numbers, with unauthorized third parties. We are not responsible for any unauthorized access resulting from your voluntary sharing of your account credentials. If you believe your password has been compromised, please update it immediately and notify us.

In the event of a Personal Data breach, we will notify the competent supervisory authority and, where required, the affected individuals, in accordance with Applicable Laws.

We take reasonable steps to ensure that the Personal Data we hold remains accurate and updated. We may periodically ask you to review and verify your Personal Data. You may also request corrections or updates by contacting us via the information provided at the end of this Privacy Policy.

Depending on your jurisdiction, and particularly if you are located in the European Economic Area (EEA), you may have the following rights regarding your Personal Data:

1. Request access to your Personal Data we hold and obtain a copy of it;
2. Request rectification of any inaccuracies in your Personal Data;
3. Request deletion of your Personal Data (the “right to be forgotten”);
4. Request restriction or objection to the Processing of your Personal Data;
5. Request data portability;
6. Object to direct marketing;
7. Withdraw your consent at any time where Processing relies on it;
8. Lodge a complaint with a Data Protection Authority if you believe your rights have been violated.

We may Process your Personal Data by using automated means, including profiling, to analyze or predict your interests, preferences, or behavior. This is particularly for the purposes of providing personalized content, delivering marketing communications, and improving our Sites and services. Such automated processing, including profiling, is conducted only where permitted under Applicable Laws and is based on one or more of the following legal grounds: your explicit consent (which you may adjust through our cookie banner or your account settings), the necessity for the performance of a contract, or the authorization from applicable regulations or competent authorities. Where decisions are made solely by automated means (including profiling) that produce legal effects concerning you or significantly affect you, you have the right, under Applicable Laws, to obtain meaningful information about the decision, request human intervention, express your point of view, and contest the decision.

Certain categories of Personal Data may be exempt from the above rights under Applicable Laws. To withdraw your consent or exercise any of your rights regarding your Personal Data, please contact us via the information provided at the end of this Privacy Policy. We may request additional information to verify your identity or confirm relevant details before processing your request. Required information may include your name, contact information, and details about your relationship with us. We may be unable to fulfill your request if we cannot verify your identity or authority.

We do not knowingly collect Personal Data from individuals below the age of digital consent, as defined under Applicable Laws. If you are a minor, we require verifiable consent from a parent or legal guardian prior to collecting your Personal Data.

If you are a California resident, you have the following rights regarding your Personal Data under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, together with their implementing regulations (collectively, the "CCPA"):

1. L – Right to LIMIT the use and disclosure of your Sensitive Personal Information;
2. O – Right to OPT-OUT of the sale of your Personal Information and its sharing for cross-context behavioral advertising;
3. C – Right to CORRECT inaccurate Personal Information we hold about you;
4. K – Right to KNOW the categories of Personal Information we have collected about you, and how we use and share it;
5. E – Right to EQUAL treatment: we will not discriminate against you for exercising your rights under the CCPA;
6. D – Right to DELETE your Personal Information, subject to certain exceptions under the CCPA.

This clause uses terminology specifically defined under the CCPA. To exercise your rights under the CCPA regarding your Personal Data, please contact us via the information provided at the end of this Privacy Policy. We may request additional information to verify your identity or confirm relevant details before processing your request. Required information may include your name, contact information, and details about your relationship with us. We may not be able to fulfill your requests if we cannot verify your identity or authority.

We use cookies and similar technologies to enhance the functionality and performance of our Sites, improve your user experience, and support the purposes outlined in this Privacy Policy and our Cookie Policy. We only use non-essential cookies with your prior consent, you can manage your cookie preferences at any time via the “Manage cookie preferences” link in your account settings or through your browser settings. For more detailed information on the types of cookies we use and your options, please refer to our Cookie Policy.

We may Process your Personal Data to send you promotional materials or updates that may be of interest to you. You may opt out at any time by using the unsubscribe link provided in such communications, or by contacting us via the information provided at the end of this Privacy Policy.

Our Sites may contain links to third-party websites, plug-ins, or applications that are not operated or controlled by us. Clicking on such links may allow third parties to collect or share your Personal Data. As we are not responsible for their privacy practices, we recommend that you review their privacy policies before providing any of your Personal Data.

1. "Applicable Laws" means all relevant personal data protection laws and regulations applicable in your jurisdiction or in any jurisdiction where we operate business.
2. "Controller" means the entity that determines the purposes and means of the Processing of Personal Data.
3. "Data Protection Authority" means a public authority that is legally responsible for overseeing compliance with Applicable Laws.
4. "Personal Data" means any information relating to an identified or identifiable individual, either directly or indirectly, including identifiers such as names, identification numbers, location data, or other identifying characteristics. Anonymized data, which cannot be used to identify an individual either directly or indirectly, is not considered Personal Data.
5. "Process", "Processing" or "Processed" means any operation performed on Personal Data, whether automated or not, including the collection, storage, use, disclosure, access, erasure, or destruction of Personal Data.
6. "Processor" means any person or organization that Processes Personal Data on behalf of the Controller, excluding individuals acting under the direct authority of the Controller.
7. "Sensitive Personal Data" means Personal Data relating to health, genetics, sex life, criminal records, or any data deemed sensitive under Applicable Laws (e.g., such data may be classified as “Special Categories of Personal Data” under the EU General Data Protection Regulation).
8. "Site" means any website or application operated or maintained by us, or on our behalf.

If you have any concerns about this Privacy Policy, or if you wish to exercise your rights under Applicable Laws regarding your Personal Data, please contact us via the information below: