Privacy Policy

Global Access LLC: Privacy Statement

1. Who We Are

Global Access, LLC, (“Global Access”) is an international logistics organization that provides services for retailers, distributors and end-user customers, enabling international delivery of purchased products. Global Access operates the www.goopping.com and www.expatexpress.com websites as user interfaces for end-user customers that are not associated with a business client. Each of these websites has a separate Privacy Statement specific to their operations.

For its business clients, Global Access acts on behalf of its clients to deliver goods internationally and facilitate associated services including website language translation and hosted checkouts. Data is collected from client systems via API calls and FTP and browser-based file uploads.

Global Access maintains corporate offices and warehouses in the United States and Japan. Global Access utilizes third-party Processors to provide services, including: logistics, payments, insurance and communication. Local regulations for customs and tax require the sharing of Personal Data with regulatory authorities.

2. Link to the Global Data Privacy Policy of Global Access Group, LLC.

Global Access, as a wholly owned subsidiary of Global Access Group, LLC, complies with the Global Data Privacy Policy, which can be viewed by accessing the link below:

https://www.globalaccess.com/about/Global-Data-Privacy-Policy

This Privacy Statement details specific information related directly to Global Access and its business clients. Separate Privacy Statements exist for its websites www.goopping.com and www.expatexpress.com. These can be viewed by accessing the links below:

Goopping.com

https://www.goopping.com/about/Privacy-Policy

ExpatExpress.com

https://www.expatexpress.com/about/Privacy-Policy

3. Personal Data We Process

We collect personal data that we (a) receive from our business clients and (b) obtain for marketing purposes for potential clients, customers or others. We may process your personal data with or without automatic means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of your personal data.

a. Data received from our business clients. Our business clients submit personal data to us in order for us to be able to provide the services requested, which may include delivery of products, processing of payments, calculation and submission of relevant taxes, submission of customs forms, reporting of shipping volumes and frequency, and reconciliation of distributor commissions. The personal data collected generally includes the name, physical address and phone number of the ‘Ship-to’ party, and the name, physical address, phone number, email, payment information, business client and Personal Client ID. A Personal Client ID is typically the ID number used by the business client to identify a salesperson such as a distributor, who is responsible for the product sale. Personal Client IDs are assigned by the business client and may be the social security number or other national ID of the person.

Related services offered to our business clients include access to a web module that provides tracking and reporting information on shipping orders. Business clients have the option to extend access to this module to their agents, salespersons or distributors so that they can manage, track, and obtain reporting on the orders for which they are responsible.

Processing of this personal data is performed on behalf of the business client and for the purpose of providing the services requested by the business client. Personal data received from our business clients is done so in accordance with the Service Level Agreement or other agreement entered with the business client.

b. Data obtained for marketing purposes for potential clients, customers or others. We obtain marketing data that we use to reach out to inform potential clients, customers and others of the services offered by our organization. The personal data collected generally includes the email address of a potential client, customer or contact and may also include their name and phone number.

c. Personal data not actively collected or processed. We do not actively collect or otherwise process personal data from minors and include in our Terms and Conditions a condition that the customer is not a minor and does not provide personal data of minors. The age of a minor varies by country. For the purposes of personal data collected from the European Union, the age of a minor is under age sixteen (16).

We do not actively collect or otherwise process special categories of personal data as identified in the GDPR including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

We do not actively collect or otherwise process personal data relating to criminal convictions and offences.

4. Tracking Technologies, Cookies and Clear GIFs

We use tracking technologies, cookies and clear GIFs to collect information. Tracking technologies are used to collect information from your web browser through our servers or filtering systems when you visit any of our sites. Cookies are small bits of data used to transfer information to your computer’s hard drive or your web browser for record-keeping purposes, including recognizing your web browser when you return to our sites. A clear GIF is a transparent graphic image placed on a website. The use of clear GIFs allows us to monitor your actions when you open a web page and makes it easier for us to follow and record the activities of recognized browsers. Clear GIFs are used in combination with cookies to obtain information on how visitors interact with our websites.

Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites. We collect this information to better understand how you use and interact with our sites in order to improve your experience. We also collect this information to better understand what services and marketing promotions may be more relevant to you. We may also share this information with our employees, service providers and customer affiliates as well as between affiliated entities.

You can change your web browser settings to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, you may not be able to use some sections or functions of our sites.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.

5. Purposes for Processing Personal Data

We process Personal Data for logistics, payment, insurance, customs, tax, other regulatory requirements, communication, customer service, marketing, web analytics, system monitoring, data security and other operational and administrative purposes.

We use Personal Data to provide logistics and other related services to enable international product purchase and delivery for our customers and business clients while meeting the regulatory requirements of the relevant countries. We may use Personal Data to (a) provide you order shipping and reporting information, (b) package and inventory product for you, (c) store product for you, (d) deliver product to you, (e) insure product, (f) submit customs or other regulatory forms on your behalf, (g) contact you, (h) create and maintain account profiles for your agents/distributors/salespersons, (i) fulfill requests you make. (j) seek your voluntary feedback, (k) customize features or content on our websites and software, (l) verify identity, (m) administer our services, including through use of third-party services providers, or (n) communicate with you for marketing purposes where you are the contact for a potential business client.

In this context, the legal basis for our Processing of your Personal Data is either the necessity to perform contractual and other obligations that we have towards you or our business clients or carrying out our legitimate activities as a logistics organization.

We may also use your data to comply with applicable laws and exercise legal rights as the basis for our data Processing.

We may also use your Personal Data for internal purposes, including auditing, data analysis, system troubleshooting, and research. In these cases, we base our Processing on legitimate interests in performing the activities of the organization.

6. Sharing of Personal Data

We share your Personal Data with other parties in the following circumstances:

  1. Third-Party Providers. We may provide Personal Data to third parties for their Processing in performing functions on our behalf as data Processors (for example, logistics, insurance, payments, security, data analysis, surveys, and so forth). In such instances, the providers will be contractually required to protect Personal Data from additional Processing (including for marketing purposes) and transfer in accordance with this Data Privacy Policy and applicable laws. This may include transfers or onward transfers to third parties that are outside of the EEA and outside of the United States. In these circumstances, relevant protections approved under the GDPR will be undertaken to protect your Personal Data. Under certain data protection laws, including the GDPR, Global Access Group, LLC, Global Access, LLC, and Shipito, LLC, are liable if a third-party provider that we have engaged to Process Personal Data fails to fulfil its data protection obligations.

  2. Legal Requirements. We may access and disclose your Personal Data to regulatory bodies if we have a good-faith belief that doing so is required under regulation. This may include screening against the Consolidated Screening List for which the United States Government maintains restrictions on certain exports, re-exports or transfers of items. This may also include submitting Personal Data required by local customs authorities and tax authorities. Additionally, we may disclose your Personal Data and other information as required by law, including in response to lawful requests by public authorities or to meet national security or law enforcement requirements. We may also disclose your Personal Data to exercise or defend legal rights; to take precautions against liability; to protect the rights, property, or safety of the resource, of any individual, or of the general public; to maintain and protect the security and integrity of our services or infrastructure; to protect ourselves and our services from fraudulent, abusive, or unlawful uses; or to investigate and defend ourselves against third-party claims or allegations.

7. Storage of Personal Data

We may store your Personal Data in data centers in the United States, cloud storage solutions, or on our premises, including corporate offices and warehouses. You may be entitled to review our data sharing and Processing agreements if you contact us per the contact details provided at the end of this Data Privacy Policy. We endeavor to utilize third-party service providers from the United States that have certified with the EU-U.S. Privacy Shield Framework.

8. Personal Data Security

Global Access uses technical and organizational measures to protect the Personal Data received against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. We regularly consider appropriate new security technology and methods as we maintain and develop our software and systems. Security measures implemented include:

  1. (1) SSL is used on all pages where Personal Data is collected;

  2. (2) Data requiring a higher level of protection, such as payment card account numbers and passport numbers, is encrypted prior to transmission to the database for storage;

  3. (3) Web and database servers are protected using firewalls;

  4. (4) Passwords used for account registration cannot be ‘defaulted’;

  5. (5) User access is tracked;

  6. (6) Role-based security is applied to system access;

  7. (7) All employees are contractually obligated to maintain the confidentiality of Personal Data accessible through their employment;

  8. (8) Regular system backups are made;

  9. (9) Regular maintenance is performed on systems; and

  10. (10) Systems are monitored for security.

9. Retention of Personal Data

Global Access retains Personal Data, including Personal Data collected via website and mobile applications, API calls and FTP and browser-based file uploads, upon instructions of our business clients, who are the Controllers.

We continue to retain Personal Data that we are required to retain in order to meet our regulatory obligations including tax records and transaction history. We comply with the Retention Policy of our parent company Global Access Group, LLC, which is regularly reviewed to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Data is only stored and archived in alignment with the Retention Policy.

10. Personal Data Rights

Where we act as the Personal Data Processor, we rely upon our business clients maintaining accurate Personal Data in their client systems that we access through API calls and FTP and browser-based file uploads in order to facilitate logistics services.

You may contact the business client who provided your Personal Data to request changes to your Personal Data or exercise any rights you may have, including the right to: access, rectification, data portability, objection, Processing restriction, and erasure of your Personal Data, or for assistance in modifying or updating your Personal Data.

On your request, we are happy to assist you with the contact details of the business client(s) who provided your Personal Data to us. You may also contact us to assist you with your inquiries or in exercising your rights in regards to our business clients. Our contact details are provided at the end of this Privacy Statement.

For marketing communication to contacts of potential business clients, an opt-out process applies. An ‘unsubscribe’ option is provided in the footer of every marketing communication. In addition, we may be contacted directly to unsubscribe. Our contact details are provided at the end of this Privacy Statement.

11. Effective Date and Amendments

This document is effective May 25, 2018. This document may be amended from time to time.

12. Contact Details

Inquiries may be made to:
Organization: Global Access Group, LLC.
Contact: Data Protection Officer (Chris Bauer)
Address: 9815 South Monroe St, Suite 510, Salt Lake City, UT 84070
Email: [email protected]

EU Representative
Contact: EU Representative (Daniel Eigner)
Address: Rastenfeld 151 Rastenfeld, 3532 Austria
Email: [email protected] Please note that organizations participating in the EU-U.S. Privacy Shield Framework must respond within 45 days of receiving a complaint.

In the event that your Personal Data was processed on behalf of another company, you may also directly contact that company about your Personal Data. Global Access Processes Personal Data on behalf of other companies who are its business clients. On your request, we are happy to assist you with the contact details of the business client(s) who provided your Personal Data to us.