Effective Date: 29 September 2024 Document Reference: CG-PP-V1-29.09.24
This Privacy Policy explains how Carra Globe Ltd (“we,” “us,” or “our”) collects, uses, stores, and discloses your personal information when you use our website (https://carraglobe.com) and the services we offer (collectively the “Services”). This Policy is provided in accordance with Articles 13 and 14 of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller Carra Globe Ltd determines the purposes and means of processing personal data collected through this website and our services, and is therefore a data controller within the meaning of the UK GDPR. We are committed to fulfilling all obligations applicable to data controllers under UK law. Where our services extend to individuals or organisations in the European Economic Area, the EU GDPR also applies.
Registered Name: Carra Globe Ltd
Company Number: 16657216
Registered Office: Baylis Business Centre, Stoke Poges Lane, Slough, England, SL1 3PB
Email: info@carraglobe.com
Contact Page: https://carraglobe.com/contact-us/
Information We Collect (Article 13(1)) We collect various types of information to fulfil our service obligations and enhance your experience, limited to what is strictly necessary for the purposes described in this policy:
Business Identity Details (Article 13(2)(a)): Company name, trading name, registered address, company registration number, VAT number, and the names of individuals acting on behalf of client or partner organisations.
Contact Information (Article 13(2)(a)): Email addresses, telephone numbers, job titles, and postal addresses of individuals representing client or partner organisations.
Communication Records (Article 13(2)(a)): Emails, messages, enquiry form submissions, quote requests, and all written or electronic correspondence relating to our services.
Transactional and Shipment Data (Article 13(2)(b)): Shipment details, cargo descriptions, HS commodity codes, declared invoice values, consignee and consignor information, supplier details, customs documentation, import and export declarations, and related trade compliance records necessary to perform our services.
Usage Data (Article 13(2)(c)): We may collect information on how you use the Service, such as IP address, browser type, device type and operating system, pages visited, time on pages, referring URLs, and traffic source data collected automatically when you visit our website.
IP Address Collection and Use: We collect your IP address when you visit our website to better understand visitor behaviour, improve site performance, and ensure security. Your IP address helps us identify the general geographic region of visitors, diagnose technical issues, and detect fraudulent or suspicious activity. We do not sell your IP address to any third party. We do not use it for invasive tracking or advertising unrelated to our services. All IP address data is stored securely, transmitted exclusively over HTTPS, and subject to the same access controls and retention limits as all other personal data we hold.
Service Usage Patterns: Data about how you interact with our website and digital platforms, used to improve user experience and service quality.
Cookies and Tracking Technologies (Article 13(2)(f)): We may use cookies and similar technologies to track activity on the Service and store certain information in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR).
Essential Cookies: Strictly necessary for the website to function correctly. These cannot be disabled as they are required for core site operation. No consent is required for these cookies.
Performance and Analytics Cookies: Used to analyse visitor behaviour, measure page performance, and understand traffic sources. We use Google Analytics 4 for this purpose. Data collected is anonymised and aggregated and does not identify individuals. Placed with your consent only.
Preference Cookies: Remember your settings and preferences such as language or region. Placed with your consent.
Interest-Based Cookies: Used to personalise content and measure digital marketing effectiveness. Placed with your explicit consent only.
You may manage, restrict, or withdraw consent for non-essential cookies at any time through our cookie consent tool or your browser settings. Withdrawing cookie consent does not affect your ability to use our website or request our services.
Legal Basis for Processing (Article 13(2)(d)) We process your information based on the following legal grounds:
Contractual Necessity (Article 6(1)(b) GDPR): We use your personal information to fulfil our service agreement with you. This applies to all processing directly related to delivering our Importer of Record (IOR), Exporter of Record (EOR), Delivered Duty Paid (DDP) shipping, freight forwarding, customs clearance, white glove delivery, and warehousing services.
Legal Compliance (Article 6(1)(c) GDPR): We may use your information to comply with customs regulations, HMRC requirements, anti-money laundering obligations, sanctions screening, export control compliance, and all other statutory requirements governing international trade across our 175+ country network.
Legitimate Interests (Article 6(1)(f) GDPR): We may use your information to improve the Service, personalise your experience, conduct fraud prevention and security monitoring, and for internal administrative purposes, while balancing these interests with your data protection rights. We have conducted a Legitimate Interests Assessment confirming that our interests do not override your rights.
Consent (Article 6(1)(a) GDPR): Where you have given explicit and informed consent to receive marketing communications or for the placement of non-essential cookies. You may withdraw consent at any time by contacting info@carraglobe.com. Withdrawal does not affect the lawfulness of processing carried out before that withdrawal.
How We Use Your Information Your data is used for legitimate purposes such as:
Delivering and managing international logistics services including IOR, EOR, DDP shipping, freight forwarding, customs clearance, white glove delivery, and warehouse logistics across 175+ countries.
Processing customs declarations, obtaining regulatory approvals, and fulfilling import and export compliance obligations in destination countries.
Responding to enquiries, providing quotations, and communicating throughout service delivery.
Sending relevant service notifications, shipment status updates, and compliance alerts.
Improving our website, digital platforms, and service efficiency based on usage data.
Conducting fraud prevention, sanctions screening, compliance monitoring, and security checks in accordance with our legal obligations under UK and international trade law.
Sending marketing communications where you have provided consent or where we have a legitimate interest and you have not opted out.
Supporting business planning, reporting, research, and operational troubleshooting.
Complying with all legal and regulatory requirements applicable to international trade, customs, and logistics in every jurisdiction in which we operate.
Data Recipients (Article 13(1)(e)) We share personal information only where strictly necessary to deliver our services or meet our legal obligations. We do not sell personal data to any third party. We do not permit third parties to use personal data for their own independent purposes.
Customs Authorities and Regulatory Bodies: Government customs agencies, tax authorities, port and airport authorities, and regulatory bodies in origin and destination countries. This sharing is required by law.
Global Partner Network: Trusted freight forwarders, customs brokers, warehousing partners, last-mile delivery providers, and in-country IOR and EOR agents. Partners receive only the information necessary to perform their specific function and are bound by confidentiality obligations and data processing agreements.
Professional Advisers: Solicitors, accountants, auditors, and compliance consultants acting on our behalf, each bound by professional confidentiality obligations.
IT and Technology Service Providers: Cloud hosting, analytics, email, and business software providers who process data on our behalf under formally executed data processing agreements.
Law Enforcement and Government Bodies: Where required by applicable law, court order, or regulatory authority.
Business Transfers: In the event of a merger, acquisition, or sale of all or part of Carra Globe’s business, personal data may transfer to the relevant acquiring entity subject to the same protections set out in this policy.
International Data Transfers (Article 13(1)(f)) Carra Globe operates across 175+ countries. The nature of our services means that shipment data, consignee information, and customs documentation are routinely transmitted to customs authorities and logistics partners outside the United Kingdom. Where we transfer personal data to countries not covered by a UK adequacy decision, we ensure appropriate safeguards are in place including the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office. We limit international data transfers to only the personal information strictly necessary to fulfil our obligations in each jurisdiction. For information about safeguards in place for a specific transfer, contact info@carraglobe.com.
Data Retention (Article 13(2)(a)) We will retain your personal information for as long as necessary to fulfil our service obligations and comply with legal requirements.
Client and transactional records: 7 years from the end of the commercial relationship, in accordance with HMRC requirements and the Limitation Act 1980.
Customs and trade compliance records: As required by applicable customs law in each jurisdiction, typically 4 to 7 years from the date of the customs declaration.
Marketing and communication records: Until consent is withdrawn, or 2 years from your last interaction with Carra Globe, whichever is earlier.
Website analytics data: 26 months from collection, in line with Google Analytics 4 default data retention settings.
Enquiry and pre-contract correspondence: 3 years from the date of last correspondence where no contract resulted.
Accounting and financial records: 6 years from the end of the relevant financial year, in accordance with the Companies Act 2006.
At the end of each retention period, data is securely deleted or irreversibly anonymised so it can no longer be attributed to any identifiable individual.
Your Rights (Articles 13(2)(b)-(d), 15-22 GDPR) You have several rights regarding your personal information under the UK GDPR:
Right of Access (Article 15 GDPR): You can request a copy of the personal information we hold about you and information about how we process it.
Right to Rectification (Article 16 GDPR): You can request correction of inaccurate or incomplete personal information we hold about you.
Right to Erasure (Article 17 GDPR): You can request deletion of your personal information under certain circumstances, including where it is no longer necessary for the purpose collected.
Right to Restriction of Processing (Article 18 GDPR): You can restrict the processing of your personal information in certain circumstances, for example while we verify disputed accuracy.
Right to Data Portability (Article 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you can receive your personal information in a structured, machine-readable format.
Right to Object to Processing (Article 21 GDPR): You can object to the processing of your information for marketing purposes. Where you object to direct marketing, we will cease processing for that purpose immediately.
Rights Related to Automated Decision-Making (Article 22 GDPR): Carra Globe does not make decisions about you solely by automated means that produce legal or similarly significant effects.
To exercise these rights, please contact us using the information provided below. We will respond within one calendar month. We may need to verify your identity before processing your request. There is no charge for exercising your rights unless requests are manifestly unfounded, repetitive, or excessive.
Data Security (Article 32 GDPR) We are committed to ensuring the security of your personal information. We implement robust security measures, including:
Encryption: All data is encrypted both in transit using HTTPS and TLS protocols and at rest within our systems using industry-standard encryption protocols.
Access Controls: Strict access controls are in place to ensure that only authorised personnel can access your information. All staff, contractors, and third-party partners with access to personal data are subject to confidentiality obligations.
Data Anonymisation: Where possible, we anonymise data to further protect your privacy and limit exposure in the event of any security incident.
Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and mitigate potential risks.
Incident Response Plan: We maintain a comprehensive incident response plan to address any personal data breach swiftly and effectively.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Carra Globe will notify the Information Commissioner’s Office within 72 hours of becoming aware of the breach in accordance with Article 33 of the UK GDPR, and will notify affected individuals without undue delay where required under Article 34.
Your Choices & Responsibilities You may request limitations on how your information is used by contacting info@carraglobe.com. Keeping your information accurate is your responsibility. If your details change, please notify us as soon as possible so we can maintain accurate records.
Children’s Privacy (Article 8 GDPR) Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently received information from or about a child, please contact us immediately at info@carraglobe.com and we will delete it without delay.
Links Beyond Our Website Our website may contain links to third-party websites, partner portals, or external resources. Once you leave carraglobe.com, this Privacy Policy no longer applies. Carra Globe is not responsible for the privacy practices or content of any third-party website. We recommend reviewing the privacy policy of any external site you visit independently.
Changes to This Privacy Policy We may update this Policy from time to time to reflect changes in our services, legal requirements, or data protection best practice. We will notify you of material changes by posting the updated policy on this page with a revised effective date and updated document reference. The current version is always the version published at https://carraglobe.com/privacy-policy/.
How to Complain If you have concerns about how we have handled your personal information, please contact us in the first instance at info@carraglobe.com. We investigate all privacy complaints seriously and will respond within 30 days.
Get in Touch Questions or requests regarding this Privacy Policy can be sent to:
Email: info@carraglobe.com
Website: https://carraglobe.com
Phone (UK): +44 7748 533273
Phone (US): +1 (786) 9360 405
Address: Baylis Business Centre, Stoke Poges Lane, Slough, England, SL1 3PB, United Kingdom
We acknowledge all privacy enquiries within 2 Working Days and provide a full response within the statutory one-month period.
This Privacy Policy has been prepared in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR). Document Reference: CG-PP-V1-29.09.24
