Evergreen Line and its related partnerships, affiliates and global agencies (hereinafter all together referred to as "Evergreen Line", "we", "us", or "our") are committed to protecting Personal Data of individuals with whom we interact, including visitors to our Sites, Apps or our premises, customers, suppliers, and applicants for employment (together, "you" or "your"), and in compliance with Applicable Laws, hereby issue this Privacy Policy, incorporated into and subject to our Terms of Use, explaining how we Process your Personal Data and applying to all Sites and Apps operated and services provided by us. Defined terms used in this Privacy Policy are explained in Clause 20 below.

The Privacy Policy may be revised from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in Applicable Laws. The new, modified, or amended Privacy Notice will apply from that updated date. We encourage you to read our Privacy Policy carefully, and to regularly check this page to review any changes we might make to the terms of this Privacy Policy.

This Privacy Policy was written in English. To the extent any translated version of this Privacy Notice conflicts with the English version, the English version controls.

Depending on the context of your interactions with us, the choices you make (including your privacy settings), the services you use, we may collect or obtain your Personal Data from the following sources:

• Data you provide: We collect or obtain Personal Data when you provide it to us (e.g., you contact us via email or telephone, or by any other means; or when you provide us with your business card, submit a job application, attend commercial events we're involved in, collaborate with us in research or in an advisory/consultancy capacity, or fill in forms or surveys provided either directly by us or at our Sites, or Apps or when we provide service to you).
• Data you make public: We collect or obtain Personal Data when you choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post).
• Automatic information: We collect or obtain Personal Data when you visit any of our Sites or use any features or resources available on or through Sites, or download or use any of our Apps.
• Registration details: We collect or obtain Personal Data when you use, register to use, or visit any of our Sites, Apps, or services provided by us.
• Content and advertising information: We may collect or obtain Personal Data about you from third parties who you choose to interact with and provide any content or advertising on websites and apps you'd ever interacted with, including third party plugins and cookies.
• Third party information: We collect or obtain Personal Data from third parties who provide it to us in connection with services you involve in (e.g., shipper, consignee, employees of shipper or consignee, or other individuals involved in a shipment; credit reference agencies; and law enforcement authorities).

If you cannot provide the Personal Data required for the related Sites, Apps or services or if you provide any incomplete or inaccurate Personal Data, we may not be able to complete our services that you have asked or involved in.

We may create Personal Data about you in certain circumstances, such as records of your communications with us, including interviews in the course applying for a job with us. We may record telephone calls, meetings and other interaction in which you are involved, in accordance with Applicable Laws. We may also combine Personal Data from any of our Sites, Apps, or services, including where those data are collected from different devices.

• Personal details and demographic/identifier information: name, photograph, gender, date of birth, age, nationality, salutation, title, language preferences, or passport/national identity number.
• Contact details: postal address, email address, phone number, online messaging details and social media details.
• Consent records: records of any consents you have given, together with the date and time, means of consent and any related information (e.g., signature for proof of delivery).
• Employer details: where you interact with us in your capacity as an employee, the name, address, telephone number and email address of your employer, to the extent relevant.
• Payment and accounting data: bank account/credit card number, payment preferences, cheques/invoices/payment records, billing address, cardholder or accountholder name, and other data to process payments.
• Public data: press release, certificate of incorporation, court judgement, Specially Designated National (SDN) list.
• Data relating to our Sites and Apps: device type, IP addresses, browser type/settings, operating system, username, password, security login details and similar information used for authentication and account access, dates and times of connecting to a Site or an App, settings of Sites or Apps, usage data, aggregate statistical information and other technical communications information.
• Views and opinions: any views and opinions that you choose to send to us or publicly post about us on social media platforms.
• Content and advertising data: records of your interactions with our online advertising and content, records of advertising and content displayed on Sites or Apps to you, and any interaction you may have had with such content or advertising (e.g., mouse hover, mouse clicks, any forms you complete in whole or in part) and any touchscreen interactions.
• Matter details: transaction documents, evidence or other materials that we Process in the course of providing services.

Generally, we do not seek to collect or Process Sensitive Personal Data in the ordinary course of our business. We may do so only in certain circumstances where it's necessary and rely on one or more of the following legal bases:

• Compliance with Applicable Laws: We may Process your Sensitive Personal Data where the Processing is required or permitted by Applicable Laws (e.g., to comply with our diversity reporting obligations).
• Detection and prevention of crime: We may Process your Sensitive Personal Data where the Processing is necessary for the detection or prevention of crime (e.g., the prevention of fraud).
• Establishment, exercise or defense of legal claims: We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defense of legal claims.
• Consent: We may Process your Sensitive Personal Data where we have, in accordance with Applicable Laws, obtained your prior, express consent prior to Processing your Sensitive Personal Data (this legal basis is not used in relation to Processing that we are legally required to carry out).

Please note that if you provide us with any Sensitive Personal Data, you are responsible for ensuring that it is lawful for you to disclose such information.

With aim to improve and promote use of Sites, Apps and other Services, we may aggregate or otherwise strip information derived from your Personal Data, but such aggregated data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Site feature. In connection with such purposes, we may further share such aggregated data with third parties collectively in an anonymous way.

The legal bases on which we collect and Process your Personal Data are as follows:

• Necessary for performance of any contract that you and/or the company you represent have entered into with us, or to take steps prior to entering into a contract with us; or
• Your consent we obtain (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way); or
• Necessary for the legitimate interests pursued by us or by a third party, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms, including the purpose of providing/improving our Sites, Apps and services, or conducting surveys, satisfaction reports and market research, or ensuring the physical and electronic security of our business and our premises, or detecting and protecting against breaches of our policies and Applicable Laws, or establishing, exercising or defending our legal rights, or recruitment activities and handling job applications, or managing and maintaining our communications and IT systems, or managing and operating the financial affairs of our business); or
• Necessary for compliance with a legal obligation to which we are subject (especially in respect of applicable employment law); or
• Necessary to protect vital interests of yours or of another person; or
• Necessary for any purpose related to public benefits or creation of archives of historical documents, or any purpose related to surveys or statistics supported by proper security measures.

If we Process your Personal Data solely based on your informed consent, for example sending you direct marketing information, we will only use the data for the purposes stated in the consent procedure and within the scope outlined. Please refer to Clause 18. Direct Marketing for more information.

The purposes for which we collect and Process your Personal Data are as follows:

• Provision of shipping services:
  • To execute the shipping instructions for the transportation of goods from one place to another;
  • To design and provide customized services upon your request;
  • To facilitate the exchange of shipping information;
  • To provide customer with the on-time shipping information, e.g. vessel schedule and container status.
• Operating our business:
  • To provide, operate and manage our Sites, Apps, and services;
  • To provide content and display and advertise and other information to you;
  • To improve service operations, solve your problems and drive our sales growth;
  • To identify issue with and plan improvements to our Sites, Apps, and services;
  • To create new Sites, Apps, and services;
  • To apply analytics to business operations and data to describe, predict and improve business performance;
  • To notify you of changes to any of our Sites, Apps, and services.
• Communications and marketing:
  • To communicate and interact with you via our Sites, Apps, and services or other means (including via email, telephone, text message, social media, post or in person) to recommend new services, corporate news and events which you may be interested (subject to obtaining privacy preferences you have expressed to the extent required under Applicable Laws);
  • To maintain and update your contact information where appropriate;
  • To obtain your prior, opt-in consent where required;
  • To record telephone calls, meetings, depositions and other interactions in which you are involved, in accordance with Applicable Laws.
• Security management:
  • To manage and operate our communications, IT and security systems; and audits (including security audits) and monitoring of such systems;
  • To ensure the physical security of our premises (including records of visits to our premises); CCTV recordings; and electronic security (including such us login records and access details).
• Financial management:
  • For sales and finance arrangement;
  • For corporate audit;
  • For vendor management.
• Surveys: to engage with you for the purposes of obtaining your views on our Sites, Apps, or services.
• Investigations:
  • To gather, analyze and collate evidence and materials;
  • To create and maintain recordings of telephone calls, meetings, depositions and other interactions, in accordance with law;
  • To detect, investigate, report and prevent violation of laws/ regulations, Privacy Policy, our Code of Conduct or other policies issued by us.
• Litigation management:
  • To establish facts and claims, including collection, review and production of documents, facts, evidence, and witness statements;
  • To exercise and defend legal rights and claims, including formal legal proceedings;
  • To enforce a judgment.
• Legal Compliance:
  • To comply with our legal and regulatory obligations under Applicable Laws (e.g. anti-corruption, due diligence, sanctions, or conflict of interest);
  • To confirm and verify your identity;
  • To the use of credit reference agencies;
  • To screen against government and/or law enforcement agency sanctions lists and other legal restrictions;
  • To fight against fraud and illicit traffic.
  • To do the "Know Your Customer" checks
• Recruitment and Job Applications: for recruitment activities; advertising of positions; interview activities; analysis of suitability for the relevant position; records of hiring decisions; offer details; and acceptance details.
• Health and Safety:
  • To conduct health and safety assessments and record keeping;
  • To provide a safe and secure environment at our premises;
  • To comply with relayed legal obligations.
  • The purposes and scope specifically outlined on individual consent notice.

We may disclose your Personal Data within Evergreen Line, for legitimate business purpose, in accordance with Applicable Laws. In addition, we may disclose your Personal Data to:

• You and, where appropriate, your appointed representatives;
• Our subcontractors, such as trucking companies, terminals, depots and feeder companies, which perform tasks on our behalf and under our instruction, to provide you with the transportation services and to perform the contract of carriage;
• Legal and regulatory authorities, upon request, or for the purposes of customs and tax clearance, security screening with certain shipment data, or reporting any actual or suspected breach of Applicable Laws;
• Accountants, auditors, consultants, lawyers and other outside professional advisors to Evergreen Line, subject to binding contractual obligations of confidentiality;
• Any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights;
• Any relevant party for the purpose of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
• Any relevant third-party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); and
• Any relevant third-party provider, where our Sites and Apps use third party advertising, plugins or content. Please note that if you choose to interact with any such advertising, plugins or content, your Personal Data may be shared with the relevant third-party provider. We recommend that you review that third party's privacy policy before interacting with its advertising, plugins or content.

If we engage Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions, and (ii) use appropriate technical or organizational measures to protect the confidentiality and integrity of the Personal Data, together with any additional requirements under Applicable Laws.

Given the global nature of our business, we may internationally transfer your Personal Data within Evergreen Line and the third parties as noted in Clause 9 above, in connection with the purposes set out herein. For this reason, we may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country you are located.

If an exemption or derogation applies (e.g. where a transfer is necessary to establish, exercise or defend a legal claim), we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we shall transfer your Personal Data from the EEA or the UK to recipients outside the EEA or the UK who are not in Adequate Jurisdictions on the basis of Standard Contractual Clauses. However, please note that when you transfer any Personal Data directly to our entity established outside the EEA, we are not responsible for that transfer of your Personal Data (and such transfer is not based on or protected by our Standard Contractual Clauses), such transfer will take place in accordance with the appropriate international data transfer mechanisms and safeguards.

We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law. The criteria for determining the duration for which we will keep your personal data are as follows, whichever is longer:

• We retain Personal Data in a form that permits identification only for as long as we have an ongoing relationship with you or your Personal Data is necessary in connection with the purposes set out in this Policy;
• We retain Personal Data for the duration of any period under Applicable Laws or necessary to establish, exercise or defend any legal rights, whichever is longer.

We establish, record, implement and maintain an information security management system in accordance with the requirements of the ISO/IEC 27001 standard, and adopt a "Plan-Do-Check-Act" (PDCA) cycle to continuously improve the effectiveness of the system. We have obtained ISO 27001 information security management system certification. Based on the system, we have implemented appropriate and reasonable administrative, physical and technical security measures that are designed to prevent your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure/access, and other unlawful or unauthorized forms of Processing, in accordance with Applicable Laws.

However, because the internet is an open system, the transmission of information via the internet is not completely secure. Although we do and will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to us by using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.

In order to protect your Personal Data as well as our proprietary databases and systems, we recommend you not to share any of your personally identifiable information, such as password or personal identification number, with any third parties that would allow them to access your account information on our Sites, Apps or other e-commerce portals. Evergreen Line will never ask you to disclose your password, and will not be responsible for events arising from third parties gaining unauthorized access to your personal information. If the security of your password has been compromised for any reasons, please change your password immediately and notify us for assistance.

We take every reasonable step to ensure that:

• Your Personal Data that we Process are accurate and, where necessary, kept up to date; and
• Any of inaccurate or incomplete Personal Data that we Process (having regard to the purposes for which they are Processed) are erased or rectified.

In addition, we may ask you to confirm the accuracy of your Personal Data from time to time.

Subject to Applicable Laws, you may have the following rights regarding our collection and Processing of your Personal Data:

• The right not to provide your Personal Data to us, however, please note that we may be unable to provide you with the full benefits of our Sites, Apps or services if you do not provide us with your Personal Data;
• The right to request access to your Personal Data, together with information regarding the nature, processing and disclosure of those Personal Data;
• The right to request rectification, correction or updating of any inaccuracies in your Personal Data;
• The right to request, on legitimate grounds, erasure of your Personal Data or restriction of Processing of your Personal Data;
• The right to have certain Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
• Where we Process your Personal Data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
• The right to lodge complaints with a Data Protection Authority regarding the Processing of your Personal Data by us or on our behalf.

Please note that nothing in this Privacy Policy affects any of your other statutory rights and that certain Personal Data may be exempt from the above-mentioned rights pursuant to Applicable Laws.

To exercise one or more of the rights described in this Policy, or to ask a question about these rights, or any other provision of this Policy, or about our Processing of your Personal Data, please use the contact details provided in the end of this Privacy Policy below. Please note that we may require proof of your identity before we can give effect to these rights, and where your requests involve the establishment of additional facts (e.g. a determination of whether any Processing is non-compliant with Applicable Laws) we will investigate your request reasonably and promptly, before deciding what action to take.

Our Sites, Apps and other services are not intended for use by children who is under the age of 13, 16 or 18 depending on the Applicable Laws. We do not knowingly collect children Personal Data. You represent and warrant that you have the right capacity and legal capacity required for using our Services. If you are a minor, you represent and warrant that you are using our Services with the consent of your guardian. If we become aware that any children Personal Data inadvertently transferred to or collected by us without the consent and supervision of their parent or guardian, we will take appropriate actions in compliance with Applicable Laws without undue delay.

If you are a California resident, you have the following rights with respect to your Personal Data under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) and its implementing regulations (collectively the "CCPA"):

• L – Right to LIMIT the use and disclosure of your Sensitive Personal Information.
• O – Right to OPT-OUT of the Sale of your Personal Information and the right to opt-out of the Sharing of your Personal Information for cross-context behavioral advertising.
• C – Right to CORRECT your inaccurate Personal Information that we have.
• K – Right to KNOW what your Personal Information we have collected and how we use and share it.
• E – Right to EQUAL treatment. We do not discriminate in response to your requests for exercising the CCPA rights.
• D – Right to DELETE your Personal Information we have collected (subject to some exceptions stated in the CCPA).

You may exercise your CCPA rights by sending us an email at Dataprivacy@tw.evergreen-line.com. However, we will probably ask you for information that we consider necessary to verify your identity for the purposes of security and fraud prevention. This information may include name, contact information, and information related to your transaction or relationship with us. Requests may be unable to be fulfilled due to factors such as an inability to verify a user's control of an account from which a request is made. This section uses certain terms that have the meaning given to them in the CCPA.

When you use our Sites or Apps, we may place Cookies onto your device, or read Cookies already on your device, subject to obtaining your consent, where required, in accordance with Applicable Laws. We use Cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. We may process your Personal Data through Cookies and similar technologies in accordance with our Cookie Policy.

All use of our Site, Apps or services is subject to our Terms of Use, which we might make any changes from time to time, we therefore recommend you to review it regularly.

We may Process your Personal Data to contact you via email, telephone, direct mail or other communication formats and to provide you with upcoming promotions and other information regarding Sites, Apps or our other services that may be of interest to you or display content tailored to your use of our Sites, Apps, or our services.

You may unsubscribe from our promotional email list/newsletters at any time by clicking the "contact us" button on our Sites or other unsubscribe link included in every promotional email list/newsletter we send. After you unsubscribe, we will stop sending you further promotional emails, but may continue to contact you to the extent necessary for the purposes of Sites, Apps, or services you have requested.

Our Sites or Apps may contain links to third-party websites, plug-ins and applications for your convenience and information which are not within our control and not covered by our Privacy Policy. Clicking on those links or enabling those connections may allow third parties to collect or share Your Personal Data. We are not responsible for their privacy statements, practices nor information contained therein. We encourage you to read privacy policies of these third-party websites, plug-ins and applications you visit before using and providing any of your information.

• "Adequate Jurisdiction" means a jurisdiction that has been formally designated by the European Commission or the United Kingdom Government as providing an adequate level of protection for Personal Data.
• "App" means any application made available by us (including where we make such applications available via third party stores or marketplaces, or by any other means).
• "Applicable Laws" means the laws and regulations applicable in countries and regions where we are conducting business, including but not limited EU, UK, US.
• "Controller" means the entity that decides the purposes and means of Processing of Personal Data.
• "Data Protection Authority" means an independent public authority that is tasked, by law, with overseeing compliance with Applicable Laws.
• "EEA" means the European Economic Area (the Member States of the European Union, together with Norway, Liechtenstein and Iceland).
• "Personal Data" means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, and identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual, however, it does not include data where the identification has been removed (anonymous data).
• "Process", "Processing" or "Processed" means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alternation, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• "Processor" means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
• "Sensitive Personal Data" means Personal Data about medical records, healthcare data, genetic data, data concerning a person's sex life, records of physical examination, criminal records, or any other information that may be deemed to be sensitive under applicable law.
• "Site" means any website operated or maintained by us or on our behalf.
• "Standard Contractual Clauses" means template data transfer clauses approved by the European Commission or by a Data Protection Authority for transferring data outside of the EEA or the United Kingdom.