The Aramex Group (“Aramex”) has drafted this Privacy Policy in order to explain Aramex’s policy regarding the use of any personal information it collects on Aramex customers and users of other services provided by Aramex (such as Aramex’s websites and applications). This Privacy Policy’s goal is to allow those customers and users to understand how their personal information may be handled by Aramex, as well as the rights they have in relation to their personal information.

In general, Aramex will handle personal information shared by customers or users, as well as other information which may be gathered by Aramex in connection with services provided, in a lawful, fair and transparent manner. Aramex has considered internationally recognised principles, and where necessary, specific localised principles on the protection of personal data when defining its policies, such as the principles of purpose limitation, storage limitation, data minimisation, data quality and confidentiality.

This Privacy Policy does not cover the use of personal information on customers and users related to Aramex SMART. For more information on this, please visit the Aramex SMART website, at: https://smart.aramex.com/.

Table of Contents
Privacy Policy

1. Controller and Data Protection Officer
2. Personal Data processed
   1. Name, contact details and other Personal Data
      • Aramex retail outlets
      • Aramex websites
      • Aramex applications
      • Consignees
   2. Data related to users’ devices
      • Aramex mobile applications
      • Data related to your location
      • Aramex mobile applications
   3. Call recordings
   4. Shipment Inspection
   5. Shipment history
   6. Special categories of Personal Data
      • Aramex websites and applications
   7. Personal Data related to criminal convictions and offences
   8. Other persons’ Personal Data
      • Aramex websites and applications
   9. Browsing data
      • Aramex websites and applications
   10. Cookies, SDKs and tracking technologies
       • Aramex websites
       • Aramex applications
3. Purposes of processing
4. Grounds for processing and mandatory / discretionary nature of processing
5. Recipients of Personal Data
6. Transfer of Personal Data
7. Retention of Personal Data
8. Data subjects’ rights
9. Amendments

1. Controller and Data Protection Officer
The controller regarding all personal data processing carried out via websites or applications managed by Aramex is Aramex International LLC, with registered offices at P.O. Box 95946, Dubai, United Arab Emirates.

Aramex International LLC acts as a joint controller with each individual local Aramex Station, regarding personal data related to customers of a given local Aramex Station, or to consignees of shipments delivered by (or on behalf of) that local Aramex Station. Please refer to the relevant section on the Aramex website (available here) in order to understand which Aramex Station may act as a controller regarding those personal data in your location. When acting as joint controllers, Aramex International LLC and the relevant local Aramex Station are jointly responsible for ensuring that all rules regarding the handling of your personal data are respected. You can exercise your rights as a Data Subject against either one by:

• Submitting an online support request (here); or
• Reaching out to your relevant local Aramex Station.

Aramex has appointed a Group Data Protection Officer. To contact the Aramex DPO, please submit an online support request (here).

Aramex has also appointed a representative for local Aramex Stations which are established outside of the EU/EEA, under Art. 27 GDPR:

Aramex Nederland B.V. Fokkerweg 300, 1438 AN, Oude Meer, P.O. Box 728, 2130 AS Hoofddorp, the Netherlands.

To contact the Aramex EU/EEA Representative, please submit an online support request (here).

2. Personal Data processed
When providing services to customers, users or consignees, whether through physical retail outlets, websites or applications managed by Aramex (jointly referred to as the “Aramex Services”), Aramex will collect and process information regarding those customers / users / consignees (as individuals) which allows their identification either by itself, or together with other information which is available. Aramex may also be able to collect and process information regarding other persons in this same manner, where those customers / users / consignees choose to provide it to Aramex.

This information may be classified as “Personal Data”, and can be collected by Aramex both when shared by customers / users / consignees (e.g., upon signing up for an account on an Aramex website, when placing an order for delivery services, when preparing a shipping document at retail outlets), by analysing users’ behaviour (e.g., when browsing Aramex websites or using Aramex applications) or when disclosed to Aramex by other sources (e.g., Aramex’s customers, entities providing sanction-list screening services to Aramex).

These Personal Data may include the following categories:

1. Name, contact details and other Personal Data
   
   • Aramex retail outlets

     When requesting services from Aramex at a physical retail outlet, you will be asked to submit Personal Data concerning yourself. This may include your name, surname, telephone number, address, delivery address, copies of your government-issued identification cards and information related to your credit card (if you use these cards as a payment method). You can find the relevant information relating to each Aramex’s physical retail outlet stores here.

   • Aramex websites

     In various sections of Aramex’s websites – including, in particular, account creation pages and forms – you will be asked to submit Personal Data concerning yourself, such as your name, phone / mobile number, e-mail address, gender, date of birth, country of residence and postal address, as well as, in certain cases, information related to your company of employment and position in that company. Where services provided over these websites require payment, you will also need to disclose information as to your preferred mode of payment (e.g., PayPal, credit card).
     
     Whenever you participate in surveys, promotions or contests which may be available on Aramex’s websites, as well as whenever you decide to communicate with Aramex via contact details provided on those websites (or, otherwise, by telephone with Aramex Customer Service), Aramex may collect additional Personal Data which you choose to provide, as far as this is necessary in order to address your request or query. This is also the case regarding information which you choose to disclose in certain sections of Aramex websites which allow your participation in public forums, or the sending of messages directly to Aramex.

   • Aramex applications

     When creating an account on Aramex applications, you will be asked to submit Personal Data concerning yourself, such as your name (first and last), mobile number, e-mail address and information regarding the credit card to be used as a payment method – number, name, expiry date and card verification number – as well as your shipping address (based on your location, or selected on a map).

   • Consignees

     Aramex may receive Personal Data concerning yourself from its customers, in order to allow Aramex to complete shipments from those customers to you, as a consignee. In this case, Aramex may also collect Personal Data from you upon shipment delivery. This may include, in particular, your name, surname, telephone number, address and delivery address, as well as, in certain cases, copies of your government-issued identification cards and information related to your credit card (if you use these cards as a payment method, where applicable).

2. Data related to users’ devices
   • Aramex mobile applications

     When choosing to install Aramex applications, you grant permission to Aramex to set up the selected application on your mobile device (“Device”), as well as to access Personal Data and other information stored on your Device which are needed in order to successfully install the application (e.g., Device model, operating system version, screen resolution, network connection type, language, etc.). This collection of information is inherent to the process of installing and setting up Aramex’s applications and, as such, you may not object to it unless you uninstall the application from your Device.
     
     Once an Aramex application has been installed, you may be asked to allow the application to send and read SMS messages from your Device, in order to send you an SMS verification code and to grant you automatic access to the application, upon successful receipt of this code. When using Aramex applications, access may also be requested to your Device’s storage (e.g., when you register shipping addresses on an application), camera (e.g., so that you can scan your credit card in order to insert its details as a payment method in the applications) and Internet access, among other functions where necessary.

3. Data related to your location
   • Aramex mobile applications

     Once you have installed an Aramex application, you may be asked to consent to the application accessing your Device’s location, even when you are not using the application, as well as to your Device’s map functionalities. This is meant to allow Aramex to provide more precise and useful Aramex Services to you via the application, in particular, by allowing you to pinpoint your location, register a shipping address based on your current location (as opposed to searching on a map), track your shipments in real-time (on the day of delivery), ensure correct delivery of your shipments, and so on.
     
     If you believe that the continuous access to your location is too invasive, you can configure your Device in a way to share your position only when the applications are in use. If even this is too invasive, you can always revoke the sharing of your position from the Device settings and simply provide a physical address, zip code or state for the Aramex Services you are interested in (or manually pin your relevant address on a map within the applications).

4. Call recordings
   When you contact Aramex’s Customer Support team over the phone, Aramex will store a recording of the call held between you and the Aramex Customer Support agent – this is done, primarily, to retain evidence of service-related requests or complaints handled over the phone (to allow Aramex to demonstrate how they were handled), and for service quality monitoring/training purposes. You will be notified of this through a pre-recorded message presented at the start of the call.
   
5. Shipment Inspection
   In order to lawfully provide the Aramex Services, Aramex may be required to physically inspect the shipments which are to be delivered in connection with those Aramex Services, in particular to confirm that any applicable legal shipment restrictions (e.g., due to country of origin or destination, or type of goods shipped) or trade embargoes are respected.
   
   These inspections will be carried out only to detect whether the terms of any applicable legal restrictions regarding incoming and outgoing shipments are respected. In particular, Aramex will not carry out an in-depth inspection of any documents or other items which might reveal Personal Data on the sender, consignee or third persons, unless this is strictly necessary for these compliance purposes. As a result of an inspection, if your shipment is rejected (due to a conflict with, for example, applicable legal import or export restrictions), Aramex will either attempt to arrange for the return of the shipment to its origin (where legally possible to do so) or destroy the shipment, as required by the applicable laws.
   
   Aramex maintains logs of all inspection activities performed, including details on the origin and destination countries of the shipment, the name of the shipper and consignee, a general description of the shipment contents (e.g., “documents”, “shower curtains”, etc.), the country of origin of those contents, the contents’ Harmonized System (HS) code, and the air waybill number for the shipment.
   
6. Shipment history
   Aramex will keep logs of details, actions taken and interactions had with you in connection with deliveries made at your request (as a shipper), as well as of deliveries made to you (as a consignee). This may include information such as shipment order date/time, shipment contents (generic description), shipper details (name, contact details, billing address), consignee details (name, contact details, delivery address), delivery method, delivery status, delivery date/time, delivery location, number of failed delivery attempts, preferred communication channel for delivery updates, number of returned deliveries, and so on.
   
   These data will be collected from shipment records, but also from logs generated from the different channels through which you may interact with Aramex (such as our applications and websites, our call centres and SMS/instant messaging channels).
   
7. Special categories of Personal Data
   Aramex does not typically need to process more sensitive categories of Personal Data, such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or other types of sensitive information relating to you, such as your genetic data, biometric data or data concerning your health, sex life or sexual orientation, in order to provide the Aramex Services. Though this information may potentially be inferred from some of the Personal Data collected by Aramex (e.g., goods to be shipped), it is not the intention of Aramex to process those categories of Personal Data, and those categories of Personal Data will not be specifically processed for any purpose (other than to provide the Aramex Services).
   • Aramex websites and applications

     Certain areas of Aramex websites and applications may include free text fields where you can write messages to Aramex, or otherwise allow you to post various types of content, which may contain Personal Data. Where these fields are completely free, you may use them to disclose, or may post content which discloses (inadvertently or not) more sensitive categories of Personal Data such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The content you upload in these fields may also (inadvertently or not) include other types of sensitive information relating to you, such as your genetic data, biometric data or data concerning your health, sex life or sexual orientation
     
     Aramex asks that you do not disclose any sensitive Personal Data in these free text fields or in your posts on Aramex websites or applications, unless you consider this to be strictly necessary. While Aramex does not intend to collect sensitive Personal Data on customers or website / application users (except where this is explicitly stated by Aramex), this may occur where those individuals voluntarily choose to disclose those data.
     
     If you do disclose sensitive Personal Data to Aramex in this manner, then Aramex will process those Personal Data only to the extent that they are adequate, relevant and not excessive regarding the purposes of processing described in this Privacy Policy (see below, Purposes of processing). This will be done, in particular, where necessary to perform a contract with you or to answer a request you make, or otherwise where Aramex can be said to have a legitimate interest in processing those data, due also to the fact that, when you decide to disclose sensitive Personal Data through Aramex websites and applications, you may be manifestly making those Personal Data public.

8. Personal Data related to criminal convictions and offences
   In order to lawfully provide the Aramex Services, Aramex may be required to screen customers / users / consignees against applicable government denied parties, sanctions and watch lists, as well as politically exposed persons databases. Aramex may also be required to confirm whether its customers or users are allowed to export goods outside of their country of location upon requesting Aramex Services, and/or that customers / users / consignees meet other requirements necessary for customs clearance purposes.
   
   This process may involve asking for a copy of your national identification documents or passport, as well as accessing information on prior sanctions or limitations (of a criminal nature or otherwise) which may have been imposed upon you by order of a court or other competent authority. Aramex will only access this information where this is authorised under the applicable law, and solely to the extent necessary to comply with any legal requirements which may apply.
   
   As a result of a screening exercise, if you are identified as a partial or potential match on any applicable lists, you may be asked to provide further information to confirm your identity (such as a copy of your national identification documents or passport, if you have not been asked for this already). If you are identified as an exact match, Aramex will not be able to complete your shipment; in this case, Aramex will either attempt to arrange for the return of the shipment to its origin (where legally possible to do so) or destroy the shipment, as required by the applicable laws.
   
   Aramex maintains logs of all screening activities performed, including details on the origin and destination countries of the shipment, the name of the shipper and consignee, a general description of the shipment contents (e.g., “documents”, “shower curtains”, etc.), the country of origin of those contents, the contents’ Harmonized System (HS) code, and the air waybill number for the shipment.
   
9. Other persons’ Personal Data
   When requesting Aramex Services, you may decide to provide information on other persons which is relevant for the correct provision of those services (e.g., where you wish to have a delivery made to another person – i.e., a consignee – you will be required to provide information on the consignee). This may include information such as those persons’ name, delivery address and phone number.
   
   In any situation where you decide to share Personal Data related to other persons, you will be considered as an independent data controller regarding those Personal Data, and must assume all inherent legal obligations and responsibilities. This means, among other things, that you must fully indemnify Aramex against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, brought by the third parties whose information you provide to Aramex.
   
   As Aramex does not collect this information directly from these third parties (but rather collects them, indirectly, from you), you must make sure that you have these third parties’ consent before providing any information regarding them to Aramex; if not, then you must make sure there is some other appropriate grounds on which you can rely to lawfully give Aramex this information.
   • Aramex websites and applications

     Additionally, as mentioned in the previous section, certain areas of the Aramex websites / applications include free text fields where you can write messages to Aramex, or which otherwise allow you to post various types of content. These messages and content may (inadvertently or not) include Personal Data related to other persons. Other sections of Aramex’s websites may ask you to submit Personal Data related to third parties, such as other contact persons in your company or your relatives who are employees of Aramex.
     
     The final two paragraphs of the above subsection (regarding your liability for Personal Data on other persons which you choose to share with Aramex, and your obligation to ensure that you are lawfully entitled to do so) also apply in full in this case.

10. Browsing data
    
    • Aramex websites and applications

      The operation of Aramex’s websites and applications involves the use of computer systems and software procedures, which collect information about website and application users as part of their routine operation. While Aramex does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.
      
      This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the websites or applications, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
      
      These data are used to compile statistical information on the use of the websites and applications, as well as to ensure their correct operation and identify any faults and/or abuse.
      

11. Cookies, SDKs and tracking technologies
    Aramex may process your Personal Data through cookies, SDKs (Software Development Kits) and similar technologies to improve your experience on Aramex’s websites or Aramex applications.
    
    • Aramex websites

      Information regarding the use of cookies on each of our websites can be found in the Cookie Policy made available on each website.

    • Aramex applications

      Information regarding the use of SDKs and tracking technologies on Aramex applications can be found in the SDK Policy which is made available on each applications.

3. Purposes of processing
Aramex intends to use the above Personal Data, collected in connection with the provision of Aramex Services, for the following purposes:

• Generally, to allow Aramex to provide Aramex Services to you, including (without limitation) express, freight and logistics services, as well as to allow you to request and receive Aramex Services which are specifically delivered through Aramex’s websites and applications (“Service Provision”). This may include the use of Personal Data in order to (for example):
  

  • Create shipment labels and airway bills;
  • Track shipment deliveries;
  • Provide updates to customers on shipment status through online portals;
  • Contact consignees in order to narrow down and confirm delivery addresses, and ensure successful completion of deliveries;
  • Allow users to create registered accounts and participate in forums and discussions on Aramex websites and applications;
  • Process payments for Aramex Services, including those requested via Aramex websites or applications;
  • Sending alerts to users regarding Aramex applications, via push notifications on user Devices.

• To gain a better understanding of your preferences in relation to the Aramex Services, based on prior interactions we have had with you (such as deliveries made for you), and better tailor Aramex Services to you, in order to increase their efficiency and improve your experience (“Service Analytics”). This may include the use of Personal Data in order to (for example):

  • Complete or correct inaccurate delivery addresses;
  • Identify the timeslots which you prefer for receiving shipments;
  • Identify whether you prefer picking up shipments yourself (at a retail store or drop-off point), or having shipments delivered to you;
  • Identify your preferred communication channel for shipment updates (SMS, e-mail, apps, phone calls, etc.);
  • Determine the likelihood of any obstacles which may arise to correct and timely service delivery.

• For future marketing, promotional and publicity purposes (“Marketing”). This may include the use of Personal Data in order to (for example):

  • Allow you to participate in contests and promotions held or sponsored by Aramex;
  • Send you direct marketing messages, through e-mail, SMS, push notifications (on mobile devices) or telemarketing calls;
  • Send you surveys and other messages aimed at market research, through e-mail, SMS, push notifications (on mobile devices) or telemarketing calls;
  • Show you advertisements related to Aramex goods and services on other websites and platforms, by sharing limited amounts of your Personal Data (for example, your e-mail address) with third-party website/platform providers.

• To keep records of requests, complaints or transactions carried out over the phone between you and an Aramex Customer Support agent, to prove that those requests, complaints or transactions took place at a given date and time, as well as for quality assurance purposes – namely, to incidentally confirm that Aramex Customer Support agents provide high-quality support to Aramex customers (“Call Recording”);
• For compliance with laws which impose upon Aramex the collection and/or further processing of certain kinds of Personal Data (“Compliance”);
• For development and administration of Aramex’s websites and applications, in particular by use of data analytics regarding how you and other users use those websites / applications, as well as the information and feedback you provide, in order to improve Aramex’s offerings (“Analytics”);
• To prevent and detect any misuse of Aramex’s websites or applications, or any fraudulent activities carried out through the Website (“Misuse/Fraud”).

4. Grounds for processing and mandatory / discretionary nature of processing
Aramex’s legal bases to process your Personal Data, according to the purposes identified in Purposes of processing above, are as follows:

• Service Provision: processing for these purposes is necessary to provide the Services and, therefore, is necessary for the performance of a contract with you. It is not mandatory for you to give Aramex your Personal Data for these purposes; however, if you do not, Aramex will not be able to provide any Services to you.
• Service Analytics: processing for this purpose is generally based on Aramex’s legitimate interests, namely, in improving the efficiency and effectiveness of the Aramex Services, as well as improving the Aramex customer/consignee experience. You are allowed to object to this, and also to ask for more information about the assessments carried out by Aramex regarding its legitimate interests, by sending us a support request (please see Data subjects' rights, below, for more information).
• Marketing: processing for this purpose is based on your consent. It is not mandatory for you to give consent to Aramex for use of your Personal Data for these purposes, and you will suffer no consequence if you choose not to (aside from not being able to receive further marketing communications from Aramex). Any consent given may also be withdrawn at a later stage (please see Data subjects' rights, below, for more information).
• Profiling: processing for this purpose is based on your consent, given by accepting the use of Marketing cookies or SDKs (see Cookies, SDKs and tracking technologies, above). It is not mandatory for you to give consent to Aramex for use of your Personal Data for this purpose, and you will suffer no consequence if you choose not to (aside from not being able to benefit from greater personalisation of your user experience regarding Aramex’s websites and applications). Any consent given may also be withdrawn at a later stage (please see Data subjects' rights, below, for more information).
• Call Recording: processing for this purpose is generally based on Aramex’s legitimate interests, namely, in retaining evidence of requests, complaints and transactions carried out with Aramex customers over the phone – so that Aramex can demonstrate when they took place, and ensure that they are properly addressed by Aramex – and in ensuring that Aramex Customer Support agents provide high-quality assistance to Aramex customers (by incidentally reviewing calls held by each agent). You are allowed to object to this, and also to ask for more information about the assessment carried out by Aramex regarding its legitimate interests, by sending us a support request (please see Data subjects' rights, below, for more information).
  
  In some jurisdictions, Aramex may not be legally allowed to record phone calls you take part in without your consent. Where this is the case, processing for this purpose will be based on your consent. In this case, it is not mandatory for you to give consent to Aramex for use of your Personal Data for this purpose, though you may be redirected to another communication channel in order to address your support request with Aramex. Any consent given may also be withdrawn at a later stage (please see Data subjects' rights, below, for more information).
• Compliance: processing for this purpose is necessary for Aramex to comply with its legal obligations. When you provide any Personal Data to Aramex, Aramex must process it in accordance with the laws applicable to it, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations.
  
  In some cases – notably regarding screening of senders/consignees against existing blacklists or the inspection of shipments – Aramex may base the related processing activities on its legitimate interests, namely, in ensuring that any applicable shipment restrictions are complied with. You are allowed to object to this, and also to ask for more information about the assessment carried out by Aramex regarding its legitimate interests by sending us a support request (please see Data subjects' rights, below, for more information).
• Analytics: processing for this purpose is generally based on Aramex’s legitimate interests, namely, in understanding how users interact with Aramex’s websites and applications through collected browsing data and to improve them accordingly, with the aim to providing a better user experience. You are allowed to object to this, and also to ask for more information about the assessment carried out by Aramex regarding its legitimate interests by sending us a support request (please see Data subjects’ rights, below, for more information).
  
  Where Statistics cookies or SDKs are specifically used to collect this information (see Cookies, SDKs and tracking technologies, above), this is based on your consent, given by accepting the use of Statistics cookies or SDKs (see Cookies, SDKs and tracking technologies, above). It is not mandatory for you to give consent to Aramex for use of your Personal Data for this purpose, and you will suffer no consequence if you choose not to. Any consent given may also be withdrawn at a later stage (please see Data subjects’ rights, below, for more information).
• Misuse/Fraud: processing for this purpose is generally based on Aramex’s legitimate interests, namely, in preventing and detecting fraudulent activities or misuse of Aramex’s websites and applications (for potentially criminal purposes), and ensuring the security of Aramex’s websites and applications. You are allowed to object to this, and also to ask for more information about the assessment carried out by Aramex regarding its legitimate interests by sending us a support request (please see Data subjects’ rights, below, for more information).

5. Recipients of Personal Data
Your Personal Data may be shared with the following list of persons / entities (“Recipients”):

• The specific Aramex customer on behalf of which Aramex is providing Aramex Services to you, where are a consignee;
• Entities engaged in order to screen Aramex customers and consignees against applicable government denied parties, sanctions and watch lists, as well as politically exposed persons databases, as required or authorised by the applicable law;
• Individuals or entities engaged in order to provide Aramex Services on Aramex’s behalf (e.g., couriers, call centre agents, service partners, hosting providers or e-mail platform providers), as well as persons authorised by Aramex to process Personal Data needed to carry out activities strictly related to the provision of the Aramex Services (e.g., Aramex employees), who are bound to obligations of confidentiality, may only process Personal Data under Aramex’s instructions and must comply with security measures set by Aramex;
• Persons, companies or professional firms providing Aramex with advice and consultancy regarding accounting, administrative, analytics, legal, tax, financial and debt collection matters related to the provision of Aramex Services;
• Entities engaged as data processors, to carry out processing activities related to Marketing, Profiling and/or Analytics on Aramex’s behalf, where you have consented to processing of your Personal Data for these purposes (e.g., SMS engines, certain third-party cookie providers);
• Third-party providers of websites and online platforms, to carry out processing activities related to Marketing (in particular, displaying Aramex advertisements on their websites / online platforms):
  • Google (Privacy Policy);
  • Facebook/Instagram (Privacy Policy);
• Persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks);
• Companies within the Aramex Group (which may also assist in providing Aramex Services to a customer / user / consignee, depending on his/her location); and
• Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities;

6. Transfer of Personal Data
Considering Aramex’s worldwide presence and business operations, your Personal Data may be transferred to Recipients located in several different countries. In particular, whenever you rely on Aramex Services for any cross-border operations (such as the delivery of a shipment from one country to another), Personal Data may be transferred to the receiving country.

Aramex implements appropriate safeguards to ensure the lawfulness and security of these Personal Data transfers, in particular regarding transfers of Personal Data from within the EEA to outside the EEA. As a rule, whenever an adequacy decision from the European Commission is not available for the recipient country, Aramex enters into agreements with recipients containing standard data protection clauses adopted by the European Commission, or otherwise relies on any other more appropriate lawful transfer mechanisms available under the applicable data protection law.

7. Retention of Personal Data
Personal Data processed for Service Provision will be kept by Aramex for the period deemed strictly necessary to fulfil such purposes – in any case, as these Personal Data are processed for the provision of Aramex Services, Aramex may continue to store this Personal Data for a longer period, as may be necessary to protect Aramex’s interests concerning potential liability linked to the provision of Aramex Services.

Personal Data processed for Service Analytics, as well as Analytics which are based on Aramex’s legitimate interests (analytics performed on browsing data; see Purposes of processing, above), will be aggregated as soon as feasible, and thus will be kept as Personal Data only for the period deemed strictly necessary to allow for such aggregation.

Personal Data processed for Analytics, where based on your consent (analytics performed using Statistical cookies or SDKs; see Purposes of processing, above), will be kept by Aramex from the moment you give consent until the moment you withdraw the consent given. Once consent is withdrawn, Personal Data will no longer be used for these purposes, although it may still be kept by Aramex, in particular as may be necessary to protect Aramex’s interests concerning potential liability linked to this processing.

Personal Data processed for Marketing and Profiling will be kept by Aramex from the moment you give consent until the moment you withdraw the consent given. Once consent is withdrawn, Personal Data will no longer be used for these purposes, although it may still be kept by Aramex, in particular as may be necessary to protect Aramex’s interests concerning potential liability linked to this processing.

Personal Data processed for Call Recording (in particular, the recordings themselves) will be kept by Aramex, as a rule, for up to 1 year from the date on which a call to the Aramex Customer Support team is made. In jurisdictions where Aramex may only legally record phone calls you take part in with your consent, call recordings may be retained from the moment you give consent until the moment you withdraw the consent given.

However, in the event that selected call recordings are reasonably necessary for Aramex to establish, exercise or defend against legal claims, or otherwise to protect Aramex’s interests concerning potential liability linked to the provision of the Aramex Services, they may be kept for a longer period.

Personal Data processed for Compliance will be kept by Aramex for the period required by the specific legal obligation or by the applicable law. In particular, logs related to screening or inspection exercises carried out by Aramex will be kept for up to 5 years, after which they will be archived. Archived logs will only be accessed where this is reasonably necessary for Aramex to establish, exercise or defend against legal claims, or otherwise to protect Aramex’s interests concerning potential liability linked to the provision of the Aramex Services.

Personal Data processed for Misuse/Fraud will be kept by Aramex for as long as deemed strictly necessary to fulfil the purposes for which it was collected, unless you validly object to the processing of your Personal Data for these purposes (please see Data subjects' rights, below, for further information).

8. Data subjects’ rights
Under the Regulation, you, as a data subject, are entitled to exercise the following rights before Aramex, at any time:

• Access your Personal Data being processed by Aramex (and/or a copy of that Personal Data), as well as information on the processing of your Personal Data;
• Correct or update your Personal Data processed by Aramex, where it may be inaccurate or incomplete;
• Request erasure of your Personal Data being processed by Aramex, where you feel that the processing is unnecessary or otherwise unlawful;
• Request the restriction of the processing of your Personal Data, where you feel that the Personal Data processed is inaccurate, unnecessary or unlawfully processed, or where you have objected to the processing;
• Exercise your right to portability: the right to obtain a copy of your Personal Data provided to Aramex, in a structured, commonly used and machine-readable format, as well as the transmission of that Personal Data to another data controller; or
• Withdraw your consent to processing (for Marketing, Profiling, Analytics and, where applicable, for Call Recording).

Regarding processing purposes which are based on our legitimate interests (see Purposes of processing, above) you are also entitled to object to the processing of your Personal Data, based on relevant grounds related to your particular situation, which you believe must prevent Aramex from processing your Personal Data. If you do, then we will only continue processing your Personal Data for the purpose in question if we can demonstrate that we have a compelling legitimate interest to continue doing so, or if we need to in order to establish, exercise or defend against any legal claims.

Please note that most of the personal information you provide to Aramex can be changed at any time, including your e-mail preferences, by accessing the user profile you can create on Aramex’s websites and applications.

You can also withdraw consent regarding processing for Marketing by selecting the appropriate link included at the bottom of every marketing e-mail message received. Specifically, regarding Marketing carried out via push notifications, you can withdraw this consent via the options made available through Aramex’s applications, or through your Device’s settings:

• If you have an IOS Device, please see more information here: https://support.apple.com/en-us/HT201925#manage-alerts.
• If you have an Android Device, please see more information here: https://support.google.com/android/answer/9079661?hl=en.

You can withdraw consent regarding processing for Profiling and Analytics performed using Marketing or Statistics cookies, SDKs or other tracking technologies by using the consent management platform made available on Aramex websites / tracking settings made available on Aramex applications.

Aside from the above means, you can also exercise your rights described above by sending us a support request via Aramex’s websites, by filling out the form available here.

In any case, please note that, as a data subject, you are also entitled to file a complaint with the competent supervisory authorities for the protection of Personal Data, if you believe that the processing of your Personal Data carried out by any Aramex Station is unlawful. If you are located within the EU, you are entitled to file these complaints with supervisory authorities located (1) in the Member State of your habitual residence, (2) in the Member State of your place of work or (3) in the Member State where you believe the unlawful processing occurred.

9. Amendments
This Privacy Policy entered into force on September 11, 2023. Aramex reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, e.g., as a result of changes in applicable law. Aramex will inform you of any substantial changes as soon as they are introduced (through a pop-up on Aramex’s website, and through e-mail notifications sent to customers / users / consignees included in Aramex’s mailing lists). Changes will be binding as soon as they are published.

Aramex South Africa [Pty] Ltd. (“Aramex”) has drafted this Cookie Policy in order to explain Aramex’s policy regarding the use of any personal information it collects on visitors of the Aramex websites (i.e., aramex.co.za or clickwaycouriers.co.za) (the “Website”) through cookies which may be stored on and accessed from visitors’ devices when they use or visit aramex.co.za or clickwaycouriers.co.za. This Cookie Policy’s goal is to allow those visitors to understand how their personal information may be handled by Aramex through cookies, as well as the rights they have in relation to their personal information.

In general, Aramex will handle personal information collected through cookies, in a lawful, fair, and transparent manner. Aramex has considered internationally recognised principles on the protection of personal data when defining its policies, such as the principles of purpose limitation, storage limitation, data minimisation, data quality and confidentiality.

The controller regarding all personal data processing carried out via cookies that Aramex uses on the Website, is Aramex South Africa [Pty] Ltd., with registered offices at 3 Henna Dolf West Richmond Park, Milnerton, Western Cape, 7441.

You can exercise your rights as a Data Subject against Aramex by submitting an online support request (here) or by sending a written request to Aramex at the following address: privacy@aramex.com. Aramex has also appointed a Group Data Protection Officer. To contact the Aramex DPO, please submit an online support request (here).

This Cookie Policy is part of Aramex’s Privacy Policy. For more information regarding Aramex’s personal data processing activities, please read Aramex’s Privacy Policy (accessible here).

COOKIES

Definitions, characteristics, and application of standards
Cookies are small text files that may be sent to and registered on your computer by a website you visit, to then be re-sent to the same site when you visit it again. It is thanks to these cookies that the website can “remember” your actions and preferences (e.g., login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within the website.

Cookies are used for electronic authentication, monitoring of sessions and storage of information regarding your activities when accessing a website. They may also contain a unique ID code which allows tracking of your browsing activities within a website, for statistical or advertising purposes. Some operations within a website may not be able to be performed without the use of cookies which, in certain cases, are technically necessary for operation of the website.

When browsing a website, you may also receive cookies from websites or web servers other than the website being visited (i.e., “third-party cookies”).

There are various types of cookies, depending on their characteristics and functions, which may be stored on your computer for different periods of time: “session cookies”, which are automatically deleted when you close your browser, and “persistent cookies”, which will remain on your device until their pre-set expiration period passes.

According to the law which may be applicable to you, your consent may not always be necessary for cookies to be used on a website. In particular, “technical/necessary cookies” – i.e. cookies which are only used to send messages through an electronic communications network, or which are needed to provide services you request – typically do not require this consent. This includes browsing or session cookies (used to allow users to login) and function cookies (used to remember choices made by a user when accessing the website, such as language or products selected for purchase).

On the other hand, “profiling/marketing cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.

Types of cookies used by the Website.
The Website uses the following types of cookies:

• Necessary cookies, which are strictly necessary for the Website’s operation, and/or to allow you to use the Website’s content and Aramex services made available via the Website.
• Preference cookies, which are used to activate specific website functions and to configure the Website according to your choices, in order to improve your experience.
• Statistics cookies, which allow Aramex to understand how users make use of the Website, and to track traffic to and from the Website.
• Marketing cookies, which are used to observe the preferences you reveal through your use of the Website and to send you advertising messages in line with those preferences.

Aramex also uses third-party cookies – i.e., cookies from websites / web servers other than Aramex’s own website, which are owned by third parties. These third parties will either act as independent data controllers from Aramex regarding their own cookies (using the data they collect for their own purposes and under terms defined by them) or as data processors for Aramex (processing personal data on Aramex’s behalf). For further information on how these third parties may use your information, please refer to their privacy policies:

Provider	Cookie types and purposes	Further information
Google (Analytics, DoubleClick, YouTube, AdSense)	Necessary cookies Estimate users’ bandwidth on pages with integrated YouTube videos. Measure bandwidth that determines whether the user gets the new or old player interface. Allow the reCAPTCHA system to function, so that human users can be distinguished from bots. Determine whether a user’s browser accepts cookies. Preference cookies Store users’ video player preferences for embedded YouTube videos. Track the views of embedded videos on YouTube pages. Statistics cookies Generate statistical data about how users make use of our website. Allow the tracking of users across devices and marketing channels. Store data about what YouTube videos a user has seen. Register anonymous statistical data for embedded YouTube-videos. Marketing cookies Record and report users’ actions after viewing or clicking on advertisements displayed on our website, to measure advertisement effectiveness and for targeted advertising. Store information about how the user uses the website to present them with relevant ads and according to the user profile.	Privacy Policy Policy on data collected from sites/apps using Google services
Bombora	Advertising Cookies Advertising cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests. Collect information that is used either in aggregate form, to help understand how websites are being used or how effective marketing campaigns are, or to help customize the websites for visitors.	Privacy Policy

Aramex uses Google Analytics on the Website. This is a tool developed by Google and used to collect information, which permits evaluation of the use of the Website, analysis of your behaviour and improvement of your experience with the Website. You can obtain more information about how to opt out of Google Analytics at:https://tools.google.com/dlpage/gaoptout.

First-party cookies present on the Website.
In detail, the first-party cookies present on the Website are as follows:

Name	Cookie types and purposes	Duration
trx_addons_is_retina	This cookie is used for checking if the user has a retina display.	1 day

Cookie settings
You can choose not to consent to the use of certain cookies, or otherwise withdraw your consent (and thereby block or delete) certain cookies, via the cookie consent management platform made available to you on the Website.

You can also change your cookie settings through your browser options. Your cookie preferences will be reset if different browsers are used to access the Website. For more information on how to set the preferences for cookies via your browser, please refer to the following instructions:

• Internet Explorer
• Firefox
• Chrome
• Safari

CAUTION: If you block or delete any Necessary cookies used by the Website through your browser settings, the Website may become impossible to browse, certain of its services or functions may become unavailable or other malfunctions may occur. In this case, you may have to modify or manually enter some information or preferences every time you visit the Website.

AMENDMENTS
This Cookie Policy entered into force on September 11, 2023. Aramex reserves the right to partly or fully amend this Cookie Policy, or simply to update its content, e.g., as a result of changes in applicable law. Aramex will inform you of any substantial changes as soon as they are introduced (through a pop-up on Aramex’s website, and through e-mail notifications sent to customers / users / consignees included in Aramex’s mailing lists). Changes will be binding as soon as they are published.