ZEONSHIP

LEGAL / 02

Privacy policy

Effective June 2026. This Policy explains what personal data ZEONSHIP collects from visitors to this website and from carrier-partner prospects, how we use it, who we share it with, how long we keep it, and the rights you have over it.

Jurisdiction-specific addenda (EU/UK GDPR, California CPRA, Brazil LGPD) are issued at MSA execution for partners in those regions.

1. Who we are

ZEONSHIP is operated by ZEONLOGISTICS together with its origin-country affiliates. For personal data described in this Policy, ZEONLOGISTICS acts as the data controller. You can reach our data protection team via the contact form — pick the "Privacy / data request" topic.

2. Scope

This Policy applies to personal data we collect from or about (i) visitors to zeonship.com, (ii) prospective carrier partners who submit the application form at /carriers.php, (iii) authorised personnel of active Carrier Partners with whom we exchange operational data, and (iv) other contacts at partner-prospect organisations.

ZEONSHIP is not a consumer service. We do not collect data from end-customers placing parcel orders — they are served by Carrier Partners under those partners' own privacy policies. We do receive parcel-level routing metadata (sender, recipient, address, customs declaration) which is shared with Carrier Partners as needed to fulfill delivery; that data is processed as a controller-to-controller transfer under the relevant MSA.

3. Personal data we collect

  • From the application form: legal company name, trading name, country, city, years operating, website, contact name, role, email, phone, coverage area, fleet description, current and spare delivery capacity, technology stack, existing carrier partnerships, support languages, source attribution, and any free-text notes.
  • From email and call exchanges: contents of partner-ops correspondence, scheduled call notes, attached documents (KYC bundle, financials, licenses), and meeting attendees.
  • From the website: IP address, browser, device, time zone, language preference, referrer, pages visited, session identifiers, and audit logs of form submissions and notable actions.
  • From parcel routing (active partners): sender and recipient name and address, declared value, customs documentation, and tracking events — exchanged via API to fulfill the partnership.

We do not knowingly collect special categories of personal data (health, biometric, political) except where you voluntarily include them in a message; in that case we use them only to handle the request and delete them when it is resolved.

4. Why we use your data

  • To review and respond to partnership applications — performance of pre-contractual measures at your request.
  • To operate an active partnership — performance of the MSA; this includes parcel routing, settlement calculation, exception handling, and reporting.
  • To comply with law — sanctions and restricted-party screening, customs and tax records, anti-money-laundering checks, and responding to lawful authority requests.
  • To keep the website secure — fraud and abuse prevention, anti-bot defence, audit logging (legitimate interests in platform security).
  • To improve the service — aggregated and pseudonymised usage analysis (legitimate interests).
  • To establish or defend legal claims — including managing disputes, regulatory proceedings, and insurance claims (legitimate interests).

5. How we share your data

  • ZEONLOGISTICS affiliates in the relevant origin country so they can act on the partnership.
  • Carriers involved in routing parcels (DHL, FedEx, UPS, USPS, Aramex, regional postal operators) — limited to data needed to dispatch.
  • Customs and government authorities in origin and destination countries, as required for lawful import/export.
  • Identity-verification and sanctions-screening providers who help us comply with regulatory obligations.
  • Cloud infrastructure, email, and customer-support providers acting strictly as processors under written contracts that restrict use of the data to delivering services to us.
  • Professional advisers — auditors, accountants, lawyers — under confidentiality obligations.
  • Acquirers or successors in the event of a merger, acquisition, reorganisation, or sale of business assets, subject to confidentiality.
  • Law enforcement and regulators when required by valid legal process or where we believe in good faith that disclosure is necessary.

We do not sell personal data and we do not share it with advertising networks for cross-context behavioural advertising.

6. International transfers

Because we operate across five origin countries and partner with carriers in 200+ destinations, personal data is transferred internationally as a matter of course. Where data leaves the European Economic Area, the United Kingdom, or another jurisdiction that requires safeguards, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms, supplemented by technical and organisational measures such as encryption in transit and pseudonymisation.

7. How long we keep your data

  • Application data — 24 months from submission if no partnership results; for the life of the partnership otherwise.
  • Partnership records (MSA, rate cards, settlement statements) — 10 years from end of partnership.
  • Customs and tax records — 5 to 10 years from creation depending on jurisdiction.
  • Email correspondence — 36 months from the date the thread was last active.
  • Technical and security logs — typically 12 months; longer when required to investigate an active incident.

When retention periods expire we securely delete or irreversibly anonymise the data.

8. Your rights

  • Access — request a copy of the data we hold about you and information about how we process it.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete data where it is no longer needed and we have no overriding obligation to retain it.
  • Restriction — ask us to limit our processing of data while a query is resolved.
  • Objection — object to processing based on our legitimate interests.
  • Portability — receive certain data you provided to us in a structured, machine-readable format.
  • Lodge a complaint with a data protection supervisory authority in your country.

To exercise any of these rights, submit a request via the contact form (topic: "Privacy / data request"). We will respond within the timeframe required by applicable law (commonly 30 days).

9. Security

We use industry-standard organisational and technical measures to protect your data, including encryption of data in transit, encryption at rest for sensitive fields, role-based access controls, network segmentation, multi-factor authentication for administrators, vulnerability management, and regular independent security review.

10. Cookies

We use a minimal set of strictly necessary cookies (security and load balancing) and first-party analytics. We do not use third-party advertising cookies. You can manage cookies through your browser settings.

11. Region-specific rights

If you are in the European Economic Area or the United Kingdom, your processing is governed by the GDPR or UK GDPR respectively. California residents have rights under the CPRA. Brazilian residents have rights under the LGPD. We honour equivalent rights in other jurisdictions to the extent local law requires.

12. Changes to this Policy

We may update this Policy. The "effective" date above will change. Material changes will be notified to active Carrier Partners by email at least fourteen (14) days before they take effect.

13. Contact

For any question about this Policy or about how we handle your personal data, use the contact form with the "Privacy / data request" topic.