Last Updated: September 06, 2025
                                                                                                                        Version 2.0 - Comprehensive Legal Compliance

Global Impressionz Logistics ("we," "our," "us," or "Company") is committed to protecting your privacy and ensuring compliance with applicable data protection laws worldwide, including GDPR, CCPA, VCDPA, CPA, CTDPA, and transportation regulations.

Multi-Jurisdictional Compliance: This policy addresses requirements from EU GDPR, US state privacy laws (California, Virginia, Colorado, Connecticut), Canadian PIPEDA, and industry-specific regulations (DOT, CBP, IATA).

1. LEGAL BASIS FOR PROCESSING (GDPR Article 6)
We process personal data based on these legal grounds:

• Contract Performance (6(1)(b)): Shipping services, delivery, payment processing

• Legitimate Interests (6(1)(f)): Fraud prevention, security, analytics, service improvement

• Legal Obligation (6(1)(c)): Customs, tax, regulatory compliance, DOT requirements

• Consent (6(1)(a)): Marketing, non-essential cookies, precise location data

• Vital Interests (6(1)(d)): Emergency situations, health and safety

• Public Task (6(1)(e)): Customs and transportation authority compliance
   

2. COMPREHENSIVE DATA COLLECTION
2.1 Personal and Business Information

• Contact details: Name, address, email, phone, fax

• Business data: Company name, tax ID, business registration, industry classification

• Financial information: Payment details, credit card data, billing address, bank accounts

• Identification: Government ID, passport, driver license (regulatory compliance)

• Employment data: Job title, department, authorization levels, background checks

2.2 Logistics and Transportation Data

• Shipment details: Origin/destination, contents, weight, dimensions, value

• Tracking information: GPS coordinates, timestamps, delivery confirmations, photos

• Customs data: HS codes, country of origin, commercial invoices, duty calculations

• Hazmat information: Classification, handling requirements, safety data sheets

• DOT compliance: Driver qualifications, vehicle inspections, hours of service

• Supply chain security: C-TPAT data, security assessments

2.3 Technical and Digital Information

• Device data: IP address, browser type, OS, device identifiers, user agents

• Website analytics: Page views, click patterns, session data, heatmaps

• Location data: GPS coordinates (with consent), IP geolocation

• Communication records: Emails, chat logs, recorded calls (with notice)

• Security logs: Login attempts, access patterns, security events
   

3. DATA USAGE WITH LEGAL BASIS
3.1 Service Operations (Contract Performance)

• Process shipping orders and logistics services

• Provide tracking and delivery updates

• Handle customer service and support

• Manage billing and payment processing

• Coordinate with carriers and partners

3.2 Regulatory Compliance (Legal Obligation)

• DOT/FMCSA transportation regulations

• Customs and border protection (CBP) requirements

• Export Administration Regulations (EAR)

• International Traffic in Arms Regulations (ITAR)

• Anti-money laundering (AML) compliance

• Sanctions and restricted party screening

3.3 Automated Decision-Making and Profiling
Automated Processing Notice: We use automated systems for:

• Route optimization and delivery scheduling

• Fraud detection and risk assessment

• Dynamic pricing and quote generation

• Customs classification and duty calculations

• Credit scoring and payment risk evaluation

Your Rights: You can request human review of automated decisions that significantly affect you, object to profiling, and receive explanations of the logic involved.

4. DATA SHARING AND THIRD PARTIES
4.1 Service Providers (Data Processors)
We share data with processors under written Data Processing Agreements (DPAs):

• Shipping carriers (FedEx, UPS, DHL, regional carriers)

• Payment processors (Stripe, PayPal, bank networks)

• Cloud providers (AWS, Microsoft Azure, Google Cloud)

• Customs brokers and freight forwarders

• Insurance providers and claims processors

• Background check and security screening services

4.2 Government and Regulatory Disclosure

• US Customs and Border Protection (CBP)

• Department of Transportation (DOT) and FMCSA

• Transportation Security Administration (TSA)

• International customs authorities

• Tax authorities (IRS, state revenue departments)

• Law enforcement (with legal process)
   

5. INTERNATIONAL DATA TRANSFERS
5.1 Transfer Safeguards
For international transfers, we use:

• Standard Contractual Clauses (SCCs): EU Commission approved clauses

• Adequacy Decisions: Transfers to countries with adequate protection

• Binding Corporate Rules (BCRs): Internal transfer framework

• Certification Programs: Privacy frameworks and industry standards

5.2 Cross-Border Operations
We operate in and transfer data to: United States, Canada, European Union, United Kingdom, Australia, Singapore, Japan, Mexico, and other countries where we provide services.

6. ENHANCED SECURITY MEASURES
6.1 Technical Security

• End-to-end encryption (TLS 1.3, AES-256)

• Database encryption and key management

• Multi-factor authentication (MFA)

• Network security (firewalls, IDS/IPS, VPNs)

• Regular penetration testing and vulnerability assessments

• Secure software development lifecycle (SSDLC)

6.2 Organizational Security

• Employee security training and awareness programs

• Background checks for data access personnel

• Role-based access controls and least privilege

• Regular security audits and compliance assessments

• Incident response and breach notification procedures

• Secure data disposal and destruction policies

6.3 Industry Certifications

• ISO 27001 Information Security Management

• SOC 2 Type II compliance

• C-TPAT (Customs-Trade Partnership Against Terrorism)

• IATA security standards

• PCI DSS for payment processing
   

7. DATA RETENTION SCHEDULE
7.1 Specific Retention Periods
































7.2 Automated Deletion
We implement automated systems to delete data when retention periods expire, with manual review for legal holds and ongoing investigations.

8. YOUR COMPREHENSIVE PRIVACY RIGHTS
8.1 Universal Rights (All Jurisdictions)

• Access: Request copies of your personal data

• Correction: Update inaccurate or incomplete information

• Deletion: Request erasure of your personal data

• Portability: Receive your data in machine-readable format

• Objection: Object to processing based on legitimate interests

8.2 GDPR-Specific Rights (EU Residents)

• Restriction: Limit processing of your data

• Automated Decision Review: Human review of automated decisions

• Data Protection Officer Contact: Direct access to our DPO

• Supervisory Authority Complaint: File complaints with data protection authorities

8.3 US State Privacy Rights

• California (CCPA/CPRA): Know, delete, correct, opt-out of sale/sharing

• Virginia (VCDPA): Access, correct, delete, opt-out of targeted advertising

• Colorado (CPA): Similar rights plus opt-out of profiling

• Connecticut (CTDPA): Comprehensive privacy rights

8.4 How to Exercise Rights
Submit requests via:

• Email: privacy@globalimpressionzlogistics.com

• Online form: [Privacy Request Portal]

• Phone: [Privacy Hotline]

• Mail: Privacy Officer, [Business Address]

Response Time: 30 days (GDPR), 45 days (US state laws), with possible extensions

9. COOKIES AND TRACKING TECHNOLOGIES
9.1 Cookie Categories

• Essential Cookies: Required for website functionality (no consent needed)

• Performance Cookies: Analytics and site improvement (consent required)

• Functional Cookies: Enhanced features and personalization

• Marketing Cookies: Advertising and remarketing (consent required)

9.2 Cookie Consent Management
Cookie Consent: We use a consent management platform that allows you to:

• Accept or reject non-essential cookies

• Manage preferences by category

• Withdraw consent at any time

• View detailed cookie information

9.3 Third-Party Tracking
We use tracking technologies from:

• Google Analytics (with IP anonymization)

• Social media pixels (Facebook, LinkedIn)

• Marketing automation platforms

• Customer support chat systems
   

10. DATA BREACH NOTIFICATION
10.1 Breach Response Procedures

• Detection: 24/7 monitoring and incident detection

• Assessment: Risk evaluation within 24 hours

• Containment: Immediate steps to limit breach impact

• Investigation: Forensic analysis and root cause determination

• Notification: Regulatory and individual notifications as required

10.2 Notification Timelines

• GDPR: Supervisory authority within 72 hours, individuals without undue delay

• US State Laws: Attorney General and individuals as required by state law

• Industry Regulations: DOT, CBP, and other relevant authorities
   

11. DATA PROTECTION OFFICER (DPO)
Data Protection Officer
Global Impressionz Logistics
Email: dpo@globalimpressionzlogistics.com
Phone: [DPO Direct Line]
Address: [DPO Mailing Address]
Role: Our DPO monitors compliance, conducts privacy impact assessments, serves as contact point for supervisory authorities, and handles privacy-related inquiries.

12. CHILDREN'S PRIVACY (COPPA COMPLIANCE)
Age Restrictions: Our services are not intended for children under 13 (US) or 16 (EU). We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately and notify parents/guardians.

13. BUSINESS TRANSFERS AND M&A
In the event of merger, acquisition, or sale of assets, personal data may be transferred. We will:

• Provide advance notice of any ownership change

• Ensure the acquiring party honors this privacy policy

• Offer opt-out options where legally required

• Comply with applicable data protection laws during transfers
   

14. PRIVACY IMPACT ASSESSMENTS
We conduct Privacy Impact Assessments (PIAs) for:

• New data processing activities

• High-risk processing operations

• Automated decision-making systems

• Large-scale data processing

• New technology implementations
   

15. CONTACT INFORMATION AND COMPLAINTS
Privacy Team
Email: privacy@globalimpressionzlogistics.com
Phone: [Privacy Hotline]
Address: Privacy Officer
Global Impressionz Logistics
[Complete Business Address]

Supervisory Authorities
EU: Contact your local data protection authority
UK: Information Commissioner's Office (ICO)
California: California Attorney General
Other States: Respective state attorney general offices

16. POLICY UPDATES
We may update this policy to reflect:

• Changes in applicable laws and regulations

• New business practices or services

• Enhanced security measures

• Feedback from regulators or users
   

Notification: Material changes will be communicated via email, website notice, or other appropriate means at least 30 days before taking effect.
Effective Date: This policy is effective as of September 06, 2025
Version: 2.0 - Enhanced Legal Compliance
Next Review: September 2026 (Annual review schedule)