Privacy Policy

Shipfix Technologies S.A.S. and its affiliates (together, ” Shipfix “, ” we “, ” us “, or ” our “) respect your privacy and are committed to protecting your personal data.

This Privacy Policy explains how and why Shipfix processes personal data and is provided pursuant to the European Union General Data Protection Regulation (or GDPR) and other applicable privacy laws. Reading it will help you understand your privacy rights and choices.

ISO 27001 Certified

ISO 27001 is the international gold standard for information security management. It proves the strength of our security posture to prospects and existing customers in global shipping and commodity markets.

ISO 27001 provides standard requirements for establishing, implementing, maintaining and continually improving an information security management system

Download Certification

ISO 27701 Certified

ISO 27701 certifies Shipfix when it comes to the protection of privacy, including the handling and management of personal information, in compliance with privacy regulations around the world.

ISO 27701 is an extension of the former certification focused on Personally Identifiable Information (PII) and privacy.

Download Certification

ISO Statement of Applicability

The statement of applicability (SoA) is the main link between risk assessment and risk treatment in an enterprise or in an organisation within an enterprise and, therefore, is a requirement for information security management system (ISMS) implementations.

Download Document


This Privacy Policy applies to the processing of personal data we collect when you:

  • Visit our website (“Site”) or branded social media pages;
  • Receive communications from us, including emails or phone calls;
  • Use and interact with our Services (for example, when you create an individual user account with Shipfix as an employee or representative of our Subscribers – “Corporate Users”), or are designated as a point of contacts for administrative tasks regarding the Services such as billing and notifications.

This Privacy Policy does not apply to our processing of personal data in our capacity as processor or service provider on behalf of our customers, including where we offer to our customers various tools through which they can collect personal data about individuals who exchange emails with Corporate Users or are included in Corporate Users’ contact lists. Our processing of that information is governed by our agreement with our customers.

About Shipfix

Shipfix provides an Internet based subscription service for the maritime and trade industries that offers businesses subscribing to the services (“ Subscribers ”) collaborative tools to structure trading information, improve email management, obtain valuable insights on the market and counter-parties, and identify new business opportunities (“ Services ”).


Shipfix Technologies S.A.S. and Shipfix LTD are responsible for how your personal data is handled as joint controllers. You can find our contact information in the “Contact Us” section below. Additionally, we have appointed a Data Protection Officer (“DPO”). To contact our DPO, please email .

Personal Data We Collect

We have provided below an overview of the information we collect when you interact with our Services or the Site, and examples of how we use the specific types of information.

Personal Data That You Provide

Identification data : Depending on your use of the Services, we may collect your name, email address, phone number, and mailing/billing addresses. You also have the option of adding a profile picture, a display name, job title, phone number, location and other details to your profile information to be displayed in our Services.

Professional life data : Depending on your interaction with us, we collect professional email address, job title, phone number, location, and information that you may provide when you request user support.

Payment information : We collect certain payment and billing information when we receive payments for our Services such as billing address, payment card details and bank account information, which we collect via secure payment processing services.

Communications data : If you communicate with us via a phone call or videoconference, we may record that call for training, quality assurance, and administration purposes. If required under applicable law, we will obtain your prior consent or give you the option to object to a call being recorded.

Personal Data We Collect From Other Sources

We also collect information about you from other sources, in particular:

  • Cognism Limited, through which we can obtain information to assist us in better marketing to potential prospects and others who may be interested in our Services, including first name, contact details, job description. For information about Cognism’s privacy practices, please visit

  • LinkedIn, used to search for prospects and obtain insights into the engagement with advertisement on LinkedIn. Please refer to LinkedIn Privacy Policy for further information:; and

  • Other customers or our employees or contractors who may provide us with your business contact information for the purposes of obtaining services.

Automatically Collected Data

When you visit, use and interact with the Site or the Services, we may receive certain information about your visit, use or interactions. For example, we may monitor the number of people that visit our Site, peak hours of visits, which page(s) are visited on our Site, the domains our visitors come from (e.g., , , etc.), and which browsers people use to access and visit our Site (e.g., Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and Site-navigation pattern. In particular, the following information is created and automatically logged in our systems:

  • Log data : Information that your browser automatically sends whenever you visit the Site (“log data”). Log data includes your Internet Protocol (“IP”) address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Site.;

  • Cookies : Please see the “Cookies” section below to learn more about how we use cookies.

  • Device information : Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.

  • Usage Information : We collect information about how you use our Services, including statistical usage data derived from the operation of our Services, data regarding configurations, log data, filtering choices and information regarding the performance results for the Services.

How We Use Personal Data

We process your personal data as necessary to:

  • Perform our contract with you or your employer (“ Contractual Necessity ”),
  • Comply with legal obligations (“ Legal Obligation ”), and
  • Where it is necessary for our legitimate business purposes, your interest or the interests of a third party (“ Legitimate Interests ”).

In some cases we need your consent for processing your personal data, such as to send you marketing emails or for the use of cookies and other similar technologies where required by the applicable law, as explained in more detail below.

The specific purposes for which we process your personal data and the legal bases we rely on for the processing are listed below.

Type of Personal Data
Legal Basis for Processing
Identification data
To create, maintain and support your account
Contractual Necessity
Identification data
To respond to your inquiries

To communicate with you about the Services, including by sending you announcements, updates, security alerts, support and administrative messages
Contractual Necessity

Legitimate Interests in (i) providing you the information that you request, (ii) keeping our Services, network and information systems secure, and (iii) sending you information on our own products and services that may be of interest to you and informing our marketing strategy

Consent, for sending marketing communications regarding other products and services that may be of interest to you
Professional life data
To support your account
Contractual Necessity
Payment information
To process your transactions with us
Contractual Necessity
Communication data
To retain the record of transactions/relationships, and for training, quality assurance, and administration purposes
Legitimate Interests in improving the overall experience of our prospects and customers
Automatically Collected Data
To administer and protect our Site and the Services, to measure the audience and analyse the general behaviour of visitors to the Site to understand what our customers are mostly focused on and help us understand how we can improve our sale process, tailor your user experience, improve the Site and the Services, and for marketing purposes
Legitimate Interests in (i) enhancing user experience; (ii) improving the Site or the Services and developing new features and services; (iii) optimizing our marketing efforts; keeping our Services, the Site, network and information systems secure

Consent, in relation to cookies and other similar technologies where required under the applicable law
Personal Data We Collect From Other Sources
To assist us in improving and optimizing our marketing processes
Legitimate Interests in developing our business and customer baseConsent where required by applicable law

How We Share Personal Data

We share your personal data with third parties in the following situations:

  • Vendors and Service Providers : To assist us in meeting business operations needs and to perform certain services and functions, we may share personal data with service providers, including hosting and other information technology services; email communication software providers and email newsletter providers; database and sales/customer relationship management services; payment service providers; and web analytics services (for more details on the third parties that place cookies through the Site, please see the “Cookies” section below). Pursuant to our instructions, these parties will access, process or store personal data in the course of performing their duties to us.

  • Business Transfers : Your personal data will be used by us or shared with our affiliated companies for internal reasons, primarily for business and operational purposes. If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your personal data may be shared in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.

  • Legal Requirements : If required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal or regulatory obligations, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.

Data Retention

We retain personal data for as long as it is reasonably necessary for the purposes described in this Privacy Policy, as long as we have a legitimate business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes), whichever is longer.
To determine the appropriate retention period for your personal data, we consider factors such as the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your data, the purposes for which we use your data, and whether we can achieve those purposes through other means, as well as the applicable legal requirements.
At the expiry of the retention period, data will be removed from the company’s active database. Due to the technical challenges, data may be present in backup storage facilities until a new backup overwrites the previous record. The backup storage expires after 30days. We may also take steps to anonymise or pseudonymise certain data for analytical and statistical purposes

Data that expires after a specific period of time: For each type of data, we set retention timeframes based on the reason for its collection. For example:

  • For prospecting, prospect data may be kept in an active database until consent is withdrawn, or for 3 years from the last contact from the prospect (e.g. request for documentation or click on a hypertext link in an email). In this case, the starting point of the period can be “delayed” with each new contact from the prospect.
  • Cookies are stored for up to two years; please see our Cookie Policy for more details.
  • Data related to the exercise of rights under GDPR will be retained for a period of 3 years after the closure of the request.

Information retained until you remove your consent: When you subscribe to our newsletter, your data will be kept indefinitely after consent has been given, unless consent is withdrawn.

Information retained until your Shipfix Account is deleted: We keep some data for the life of your Shipfix Account if it’s useful for helping us understand how users interact with our features and how we can improve our services.

Some information will be retained for an extended period of up to 10 years for limited purposes: Sometimes, business and legal requirements oblige us to retain certain information for specific purposes for an extended period of time. For example, when Shipfix processes a payment for you, or when you make a payment to Shipfix, we’ll retain this data for longer periods of time as required for tax or accounting purposes. Reasons we might retain some data for longer periods of time of up to 10 years for the following purposes:

  • Security, fraud, and abuse prevention
  • Financial record-keeping
  • Complying with legal or regulatory requirements
  • Ensuring the continuity of our services
  • Direct communications with Shipfix

Your Rights

The GDPR grants European data subjects the following rights:

  • Access . You can request a copy of the personal data that we maintain about you. If you require additional copies, we may need to charge a reasonable fee.

  • Deletion and Correction . You can ask us to delete or correct the personal data that we hold about you.

  • Objection . You may have the right to object to how we use your personal data.

  • Restrict Processing . You may ask us to suspend our processing of your personal data, for example, if you want us to establish its accuracy or the reason for processing it.

  • Data Portability . If required to do so, we will give you your personal data in a structured, commonly used, and machine-readable format.

  • Withdraw Consent : Where we rely on your consent to process personal data about you, you have the right to later withdraw your consent in the manner indicated when you consent or by contacting us as described in this Privacy Policy.
  • Right to decide the fate of your data after death: the right to impose the fate that you wish to reserve your Personal Data in the event of death.

The rights described above are not applicable in all situations. Indeed, in accordance with the applicable regulations, we may be entitled to refuse certain requests. For each request, we carefully assess whether such an exemption applies and inform you accordingly. We may, for example, refuse your request to access if this is necessary to protect the rights and freedoms of other individuals or refuse to erase your personal data if the processing of such data is necessary to comply with legal requirements. The right to data portability does not apply, for example, if you did not provide the personal data or if we process the data based on other legal grounds than your consent or the performance of a contract.

To exercise these rights, please email our DPO at . You also have the right to submit a complaint to the Commission Nationale de l'Informatique et des Libertés (CNIL) sending a letter to the following mailing address:

3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07

You may also submit a complaint to then CNIL here .

You may also contact the Information Commissioner’s Office (ICO) in the United Kingdom. You can find details about how to do this on the ICO’s website at .

Data Transfers

In connection with the operation of our Services, your personal data will be transferred to Shipfix LTD in the United Kingdom, pursuant to the European Commission’s adequacy decision for transfers of personal data to the United Kingdom (Commission Implementing Decision of 28 June 2021). We also rely on service providers that process personal data on our behalf in the United States. The United States may have data protection laws less stringent than or otherwise different from the laws in effect in Europe. We have taken measures to protect the confidentiality and security of your personal data, and your rights as a data subject.


We have implemented physical, technical, and administrative security measures designed to protect the confidentiality of personal data we process both online and offline from loss, misuse, and unauthorised access, disclosure, alteration or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Services or e-mail. Please keep this in mind when disclosing any personal data to Shipfix via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services, or third party websites.


The Site and our Services are not directed to children who are under the age of 18. Shipfix does not knowingly collect personal data from children under the age of 18. If you have reason to believe that a child under the age of 18 has provided personal data to Shipfix through the Site or the Services please contact us and we will endeavor to delete that information from our databases.

Links to other Sites

The Site may contain links to other websites not operated or controlled by Shipfix, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.


We and our partners use cookies to operate and administer our Site, make it easier for you to use the Site during future visits, and gather usage data on our Site. For more information about the cookies used on our Site, please refer to our Cookie Policy , which forms part of this Privacy Policy.

Changes To The Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Site. If required by law, we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Site. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Site or the Services after the effective date of any modified Privacy Policy indicates your acknowledgment of the modified Privacy Policy.

Contact Us

If you have any questions about our Privacy Policy, please feel free to contact our DPO at , or send a letter to the following mailing address:

112 Avenue de Paris - CS 60002
94306 Vincennes Cedex,

Last Updated February 17th 2023

Try Shipfix today

Join the community

 Get access to advanced tools and data intelligence that drive chartering and operational efficiency in the maritime industry.

Latest Market Research