Privacy Policy

1 Information We Collect

Globex Sky collects personal data to provide, improve, and secure our Services. We collect information in three primary ways: information you provide directly, information collected automatically through your use of the platform, and information we receive from third parties.

Information You Provide: When you register an account, complete a purchase, submit an RFQ, or contact our support team, you may provide us with name, email address, postal address, phone number, business registration details, payment information, and any communications content.

Automatically Collected Data: We automatically collect technical information including IP addresses, browser type and version, device identifiers, operating system, referring URLs, pages viewed, time spent on pages, and other clickstream data. This is collected via log files, cookies, web beacons, and similar technologies.

Third-Party Sources: We may receive information about you from third-party identity verification services, fraud prevention providers, payment processors, social media platforms (if you connect social accounts), and public business registries for supplier verification purposes.

2 How We Use Your Information

We process your personal data on the following legal bases under GDPR: (a) performance of a contract, (b) our legitimate interests, (c) your consent, and (d) compliance with legal obligations. We use your information for the following purposes:

• Providing, maintaining, and improving the Globex Sky platform and Services.
• Processing transactions, orders, and payments, and sending related confirmations and receipts.
• Verifying your identity and the identity of businesses, suppliers, and carriers on the platform.
• Detecting and preventing fraud, abuse, security incidents, and other potentially illegal activities.
• Communicating with you about your account, platform updates, and promotional offers (where you have consented).
• Personalizing your experience and delivering relevant product recommendations and search results.
• Conducting analytics to understand platform usage patterns and improve our Services.
• Complying with legal obligations, including tax reporting, anti-money laundering (AML), and know-your-customer (KYC) requirements.

We will not use your personal data for purposes incompatible with those described in this policy without providing you additional notice and, where required, obtaining your consent.

3 Data Sharing & Disclosure

Globex Sky does not sell your personal data. We may share your information with carefully selected third parties in the following circumstances, and only to the extent necessary for the stated purposes:

• Service Providers: We engage third-party vendors to provide services including payment processing (Stripe, PayPal), cloud infrastructure (AWS), email delivery (SendGrid), fraud prevention, and customer support software. These providers are contractually bound to handle your data in accordance with our instructions and this Policy.
• Business Partners: When you engage with a supplier or carrier on the platform, we share necessary transactional data with them to facilitate the commercial relationship.
• Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

All third-party processors are required to sign Data Processing Agreements (DPAs) with Globex Sky and are prohibited from using your data for purposes beyond those we authorize.

4 Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and deliver personalized content. Cookies are small data files stored on your browser when you visit our site.

Types of cookies we use:

• Strictly Necessary Cookies: Essential for the platform to function, including session management, authentication, and security. These cannot be disabled.
• Performance & Analytics Cookies: Help us understand how users interact with the platform (e.g., Google Analytics). These are only activated with your consent.
• Functional Cookies: Remember your preferences such as language settings and display options.
• Marketing & Targeting Cookies: Used to serve relevant advertisements and track campaign performance. Activated only with explicit consent.

You can manage your cookie preferences via our Cookie Consent Manager accessible from the footer of any page. You may also configure your browser to refuse cookies, though this may affect platform functionality. For detailed information, see our full Cookie Policy.

5 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, as outlined in this Privacy Policy, and to comply with our legal, accounting, and regulatory obligations.

Account data is retained for the duration of your active account. Upon account deletion, personal data is marked for deletion and permanently removed within 90 days, except where retention is required for legal compliance, dispute resolution, or fraud prevention purposes.

Transaction records are retained for a minimum of 7 years in accordance with applicable financial and tax regulations. Communication records may be retained for up to 3 years following the end of the business relationship for dispute resolution purposes.

Technical log data is typically retained for 12 months, after which it is anonymized or deleted. Anonymized or aggregated data that cannot be used to identify you may be retained indefinitely for analytics and research purposes.

6 Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), if you are located in the European Economic Area (EEA), you have the following rights with respect to your personal data. California residents have similar rights under CCPA:

To exercise any of these rights, please submit a request to our Data Protection Officer at dpo@globexsky.com. We will respond within 30 days of receiving your request. We may need to verify your identity before processing certain requests.

7 International Transfers

Globex Sky operates globally and your personal data may be transferred to, and processed in, countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.

When we transfer personal data from the EEA or UK to third countries, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, binding corporate rules, or reliance on adequacy decisions.

Transfers to our cloud infrastructure provider (AWS) are covered by Standard Contractual Clauses and AWS's GDPR Data Processing Addendum. Our payment processor (Stripe) participates in the EU-U.S. Data Privacy Framework and maintains SCCs for EEA-to-US transfers.

For a list of countries to which we transfer data and the applicable safeguards, or to obtain a copy of the relevant SCCs, please contact our Data Protection Officer.

8 Security Measures

Globex Sky takes the security of your personal data seriously and implements appropriate technical and organizational measures to protect it against unauthorized access, disclosure, alteration, or destruction.

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3. Sensitive data at rest, including payment card data, is encrypted using AES-256 encryption.
• Access Controls: Access to personal data is restricted on a need-to-know basis. Employees with access to personal data are subject to strict confidentiality obligations.
• Infrastructure Security: We use industry-leading cloud infrastructure with multiple layers of security, including firewalls, intrusion detection systems, and DDoS protection.
• Security Audits: We conduct regular security assessments, penetration tests, and vulnerability scans. We maintain a responsible disclosure program for security researchers.
• Breach Response: In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR.

While we implement robust security measures, no system is completely impenetrable. If you become aware of any security vulnerabilities or have concerns about the security of your account, please contact us immediately at security@globexsky.com.

9 Contact Our DPO

Globex Sky has appointed a Data Protection Officer (DPO) as required under GDPR. Our DPO is responsible for overseeing our data protection practices and can be contacted directly for any privacy-related inquiries, including requests to exercise your data rights.

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with applicable privacy law. In the UK, the relevant authority is the Information Commissioner's Office (ICO), and in the EU, you may contact your local data protection authority.