In general, Aramex will handle personal information shared by customers or users, as well as other information which may be gathered by Aramex in connection with services provided, in a lawful, fair and transparent manner. Aramex has considered internationally recognised principles, and where necessary, specific localised principles on the protection of personal data when defining its policies, such as the principles of purpose limitation, storage limitation, data minimisation, data quality and confidentiality.
Table of Contents
1. Controller and Data Protection Officer
The controller regarding all personal data processing carried out via websites or applications managed by Aramex is Aramex International LLC, with registered offices at P.O. Box 95946, Dubai, United Arab Emirates.
Aramex International LLC acts as a joint controller with each individual local Aramex Station, regarding personal data related to customers of a given local Aramex Station, or to consignees of shipments delivered by (or on behalf of) that local Aramex Station. Please refer to the relevant section on the Aramex website (available here) in order to understand which Aramex Station may act as a controller regarding those personal data in your location. When acting as joint controllers, Aramex International LLC and the relevant local Aramex Station are jointly responsible for ensuring that all rules regarding the handling of your personal data are respected. You can exercise your rights as a Data Subject against either one by:
2. Personal Data processed
When providing services to customers, users or consignees, whether through physical retail outlets, websites or applications managed by Aramex (jointly referred to as the “Aramex Services”), Aramex will collect and process information regarding those customers / users / consignees (as individuals) which allows their identification either by itself, or together with other information which is available. Aramex may also be able to collect and process information regarding other persons in this same manner, where those customers / users / consignees choose to provide it to Aramex.
This information may be classified as “Personal Data”, and can be collected by Aramex both when shared by customers / users / consignees (e.g., upon signing up for an account on an Aramex website, when placing an order for delivery services, when preparing a shipping document at retail outlets), by analysing users’ behaviour (e.g., when browsing Aramex websites or using Aramex applications) or when disclosed to Aramex by other sources (e.g., Aramex’s customers, entities providing sanction-list screening services to Aramex).
These Personal Data may include the following categories:
When requesting services from Aramex at a physical retail outlet, you will be asked to submit Personal Data concerning yourself. This may include your name, surname, telephone number, address, delivery address, copies of your government-issued identification cards and information related to your credit card (if you use these cards as a payment method). You can find the relevant information relating to each Aramex’s physical retail outlet stores here.
In various sections of Aramex’s websites – including, in particular, account creation pages and forms – you will be asked to submit Personal Data concerning yourself, such as your name, phone / mobile number, e-mail address, gender, date of birth, country of residence and postal address, as well as, in certain cases, information related to your company of employment and position in that company. Where services provided over these websites require payment, you will also need to disclose information as to your preferred mode of payment (e.g., PayPal, credit card).
Whenever you participate in surveys, promotions or contests which may be available on Aramex’s websites, as well as whenever you decide to communicate with Aramex via contact details provided on those websites (or, otherwise, by telephone with Aramex Customer Service), Aramex may collect additional Personal Data which you choose to provide, as far as this is necessary in order to address your request or query. This is also the case regarding information which you choose to disclose in certain sections of Aramex websites which allow your participation in public forums, or the sending of messages directly to Aramex.
When creating an account on Aramex applications, you will be asked to submit Personal Data concerning yourself, such as your name (first and last), mobile number, e-mail address and information regarding the credit card to be used as a payment method – number, name, expiry date and card verification number – as well as your shipping address (based on your location, or selected on a map).
Aramex may receive Personal Data concerning yourself from its customers, in order to allow Aramex to complete shipments from those customers to you, as a consignee. In this case, Aramex may also collect Personal Data from you upon shipment delivery. This may include, in particular, your name, surname, telephone number, address and delivery address, as well as, in certain cases, copies of your government-issued identification cards and information related to your credit card (if you use these cards as a payment method, where applicable).
When choosing to install Aramex applications, you grant permission to Aramex to set up the selected application on your mobile device (“Device”), as well as to access Personal Data and other information stored on your Device which are needed in order to successfully install the application (e.g., Device model, operating system version, screen resolution, network connection type, language, etc.). This collection of information is inherent to the process of installing and setting up Aramex’s applications and, as such, you may not object to it unless you uninstall the application from your Device.
Once an Aramex application has been installed, you may be asked to allow the application to send and read SMS messages from your Device, in order to send you an SMS verification code and to grant you automatic access to the application, upon successful receipt of this code. When using Aramex applications, access may also be requested to your Device’s storage (e.g., when you register shipping addresses on an application), camera (e.g., so that you can scan your credit card in order to insert its details as a payment method in the applications) and Internet access, among other functions where necessary.
Once you have installed an Aramex application, you may be asked to consent to the application accessing your Device’s location, even when you are not using the application, as well as to your Device’s map functionalities. This is meant to allow Aramex to provide more precise and useful Aramex Services to you via the application, in particular, by allowing you to pinpoint your location, register a shipping address based on your current location (as opposed to searching on a map), track your shipments in real-time (on the day of delivery), ensure correct delivery of your shipments, and so on.
If you believe that the continuous access to your location is too invasive, you can configure your Device in a way to share your position only when the applications are in use. If even this is too invasive, you can always revoke the sharing of your position from the Device settings and simply provide a physical address, zip code or state for the Aramex Services you are interested in (or manually pin your relevant address on a map within the applications).
Certain areas of Aramex websites and applications may include free text fields where you can write messages to Aramex, or otherwise allow you to post various types of content, which may contain Personal Data. Where these fields are completely free, you may use them to disclose, or may post content which discloses (inadvertently or not) more sensitive categories of Personal Data such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The content you upload in these fields may also (inadvertently or not) include other types of sensitive information relating to you, such as your genetic data, biometric data or data concerning your health, sex life or sexual orientation
Aramex asks that you do not disclose any sensitive Personal Data in these free text fields or in your posts on Aramex websites or applications, unless you consider this to be strictly necessary. While Aramex does not intend to collect sensitive Personal Data on customers or website / application users (except where this is explicitly stated by Aramex), this may occur where those individuals voluntarily choose to disclose those data.
Additionally, as mentioned in the previous section, certain areas of the Aramex websites / applications include free text fields where you can write messages to Aramex, or which otherwise allow you to post various types of content. These messages and content may (inadvertently or not) include Personal Data related to other persons. Other sections of Aramex’s websites may ask you to submit Personal Data related to third parties, such as other contact persons in your company or your relatives who are employees of Aramex.
The final two paragraphs of the above subsection (regarding your liability for Personal Data on other persons which you choose to share with Aramex, and your obligation to ensure that you are lawfully entitled to do so) also apply in full in this case.
The operation of Aramex’s websites and applications involves the use of computer systems and software procedures, which collect information about website and application users as part of their routine operation. While Aramex does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.
This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the websites or applications, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
These data are used to compile statistical information on the use of the websites and applications, as well as to ensure their correct operation and identify any faults and/or abuse.
Information regarding the use of SDKs and tracking technologies on Aramex applications can be found in the SDK Policy which is made available on each applications.
3. Purposes of processing
Aramex intends to use the above Personal Data, collected in connection with the provision of Aramex Services, for the following purposes:
Generally, to allow Aramex to provide Aramex Services to you, including (without limitation) express, freight and logistics services, as well as to allow you to request and receive Aramex Services which are specifically delivered through Aramex’s websites and applications (“Service Provision”). This may include the use of Personal Data in order to (for example):
To gain a better understanding of your preferences in relation to the Aramex Services, based on prior interactions we have had with you (such as deliveries made for you), and better tailor Aramex Services to you, in order to increase their efficiency and improve your experience (“Service Analytics”). This may include the use of Personal Data in order to (for example):
For future marketing, promotional and publicity purposes (“Marketing”). This may include the use of Personal Data in order to (for example):
4. Grounds for processing and mandatory / discretionary nature of processing
Aramex’s legal bases to process your Personal Data, according to the purposes identified in Purposes of processing above, are as follows:
5. Recipients of Personal Data
Your Personal Data may be shared with the following list of persons / entities (“Recipients”):
6. Transfer of Personal Data
Considering Aramex’s worldwide presence and business operations, your Personal Data may be transferred to Recipients located in several different countries. In particular, whenever you rely on Aramex Services for any cross-border operations (such as the delivery of a shipment from one country to another), Personal Data may be transferred to the receiving country.
Aramex implements appropriate safeguards to ensure the lawfulness and security of these Personal Data transfers, in particular regarding transfers of Personal Data from within the EEA to outside the EEA. As a rule, whenever an adequacy decision from the European Commission is not available for the recipient country, Aramex enters into agreements with recipients containing standard data protection clauses adopted by the European Commission, or otherwise relies on any other more appropriate lawful transfer mechanisms available under the applicable data protection law.
7. Retention of Personal Data
Personal Data processed for Service Provision will be kept by Aramex for the period deemed strictly necessary to fulfil such purposes – in any case, as these Personal Data are processed for the provision of Aramex Services, Aramex may continue to store this Personal Data for a longer period, as may be necessary to protect Aramex’s interests concerning potential liability linked to the provision of Aramex Services.
Personal Data processed for Service Analytics, as well as Analytics which are based on Aramex’s legitimate interests (analytics performed on browsing data; see Purposes of processing, above), will be aggregated as soon as feasible, and thus will be kept as Personal Data only for the period deemed strictly necessary to allow for such aggregation.
Personal Data processed for Analytics, where based on your consent (analytics performed using Statistical cookies or SDKs; see Purposes of processing, above), will be kept by Aramex from the moment you give consent until the moment you withdraw the consent given. Once consent is withdrawn, Personal Data will no longer be used for these purposes, although it may still be kept by Aramex, in particular as may be necessary to protect Aramex’s interests concerning potential liability linked to this processing.
Personal Data processed for Marketing and Profiling will be kept by Aramex from the moment you give consent until the moment you withdraw the consent given. Once consent is withdrawn, Personal Data will no longer be used for these purposes, although it may still be kept by Aramex, in particular as may be necessary to protect Aramex’s interests concerning potential liability linked to this processing.
Personal Data processed for Call Recording (in particular, the recordings themselves) will be kept by Aramex, as a rule, for up to 1 year from the date on which a call to the Aramex Customer Support team is made. In jurisdictions where Aramex may only legally record phone calls you take part in with your consent, call recordings may be retained from the moment you give consent until the moment you withdraw the consent given.
However, in the event that selected call recordings are reasonably necessary for Aramex to establish, exercise or defend against legal claims, or otherwise to protect Aramex’s interests concerning potential liability linked to the provision of the Aramex Services, they may be kept for a longer period.
Personal Data processed for Compliance will be kept by Aramex for the period required by the specific legal obligation or by the applicable law. In particular, logs related to screening or inspection exercises carried out by Aramex will be kept for up to 5 years, after which they will be archived. Archived logs will only be accessed where this is reasonably necessary for Aramex to establish, exercise or defend against legal claims, or otherwise to protect Aramex’s interests concerning potential liability linked to the provision of the Aramex Services.
Personal Data processed for Misuse/Fraud will be kept by Aramex for as long as deemed strictly necessary to fulfil the purposes for which it was collected, unless you validly object to the processing of your Personal Data for these purposes (please see Data subjects' rights, below, for further information).
8. Data subjects’ rights
Under the Regulation, you, as a data subject, are entitled to exercise the following rights before Aramex, at any time:
In general, Aramex will handle personal information collected through cookies, in a lawful, fair, and transparent manner. Aramex has considered internationally recognised principles on the protection of personal data when defining its policies, such as the principles of purpose limitation, storage limitation, data minimisation, data quality and confidentiality.
The controller regarding all personal data processing carried out via cookies that Aramex uses on the Website, is Aramex South Africa [Pty] Ltd., with registered offices at 3 Henna Dolf West Richmond Park, Milnerton, Western Cape, 7441.
You can exercise your rights as a Data Subject against Aramex by submitting an online support request (here) or by sending a written request to Aramex at the following address: email@example.com. Aramex has also appointed a Group Data Protection Officer. To contact the Aramex DPO, please submit an online support request (here).
Definitions, characteristics, and application of standards
Cookies are small text files that may be sent to and registered on your computer by a website you visit, to then be re-sent to the same site when you visit it again. It is thanks to these cookies that the website can “remember” your actions and preferences (e.g., login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within the website.
When browsing a website, you may also receive cookies from websites or web servers other than the website being visited (i.e., “third-party cookies”).
There are various types of cookies, depending on their characteristics and functions, which may be stored on your computer for different periods of time: “session cookies”, which are automatically deleted when you close your browser, and “persistent cookies”, which will remain on your device until their pre-set expiration period passes.
According to the law which may be applicable to you, your consent may not always be necessary for cookies to be used on a website. In particular, “technical/necessary cookies” – i.e. cookies which are only used to send messages through an electronic communications network, or which are needed to provide services you request – typically do not require this consent. This includes browsing or session cookies (used to allow users to login) and function cookies (used to remember choices made by a user when accessing the website, such as language or products selected for purchase).
On the other hand, “profiling/marketing cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.
Types of cookies used by the Website.
The Website uses the following types of cookies:
|Cookie types and purposes
Google (Analytics, DoubleClick, YouTube, AdSense)
First-party cookies present on the Website.
In detail, the first-party cookies present on the Website are as follows:
|Cookie types and purposes
This cookie is used for checking if the user has a retina display.
You can choose not to consent to the use of certain cookies, or otherwise withdraw your consent (and thereby block or delete) certain cookies, via the cookie consent management platform made available to you on the Website.
You can also change your cookie settings through your browser options. Your cookie preferences will be reset if different browsers are used to access the Website. For more information on how to set the preferences for cookies via your browser, please refer to the following instructions: