At the Leschaco Group, we are committed to protecting your privacy and ensuring that your personal data is processed in a responsible and transparent manner. This document is intended to inform individuals who are our business contacts within customer, supplier, and other business partner organizations about how we handle personal data in the context of these commercial relationships.

1. Data Controller 
The company within the Leschaco Group that engages in a commercial relationship with you, your employer, or the organization you represent (whether as a customer, supplier, service provider, or other business partner) will be the Data Controller responsible for processing your personal data.

If you are unsure about Leschaco´s concerned entity, you can refer to the relevant agreement between the organizations, contact your usual business contact person, or our Data Protection Officer referred below.

2. Information collected
We collect a range of personal information, encompassing but not limited to:

• Basic identification details like your name, title, professional information, signature, e-mail address, and contact information.
• Identification numbers, such as passport numbers in cross-border shipments, employee ID numbers within partner organizations, and government-issued IDs.
• Communication records, which include emails, messages, call history, and other correspondences tied to business transactions and logistics operations.
• Transaction history, which involves purchase orders, invoices, and shipping details when personal data is linked to these transactions.
• Screening data, including whether your name appears on government-issued or industry-specific sanctions and watchlists, for compliance with applicable export control, trade, and financial regulations;
• A history of service usage, survey responses, participation in webinars and training sessions, and the metadata associated with these activities.
• Authentication and access credentials for secure use of Leschaco’s online platforms and systems, where applicable.

3. Purposes of collection and legal bases
We process this personal information for a variety of purposes, including:

• Managing and fulfilling commercial relationships with customers, suppliers, and other business partners;
• Delivering our products and services, including logistics, freight forwarding, customs clearance, and related services;
• Issuing and managing documentation such as invoices, Bills of Lading, shipping instructions, and other contractual or regulatory documents;
• Processing and managing orders, shipments, and payments;
• Providing customer service, including the handling of inquiries, complaints, and incident management;
• Conducting day-to-day business communication and coordination of transactions, and keeping evidence of these communications;
• Managing the evaluation, communication, and selection processes related to potential suppliers, including handling bids and proposals;
• Enhancing the functionality, performance, and reliability of the digital tools, automated systems, and software platforms that support Leschaco’s business processes, including through the analysis of operational and interaction data;
• Conducting internal analytics and performance monitoring to optimize service delivery and operational processes;
• Carrying out marketing and customer relationship management activities (subject to applicable legal requirements, including consent where required. For more information about the processing of your data in the context of the newsletter, please visit our Website Privacy Policy);
• Managing business operations, including audits, reporting, compliance tracking, and resource planning;
• Ensuring compliance with legal and regulatory requirements, including customs and trade controls, anti-corruption laws, and record-keeping obligations;
• Safeguarding our legal rights, property, systems, and personnel, including IT security and fraud prevention.

The processing of your personal data is primarily based on our legitimate interests. These include the effective management of our commercial relationships with customers, suppliers, service providers, and other business partners, particularly where you act as their employee or representative. 

Our legitimate interests also cover essential internal functions such as contract administration, accounting, compliance screening, sustainability initiatives, safeguarding our physical and digital infrastructure, defending against legal claims, and ensuring the efficiency and continuity of our operations.

This also encompasses our legitimate interest in improving and developing the digital systems and tools that support our business processes, including through the analysis of interaction data to enhance functionality, performance, and reliability.

In addition, we process your personal data where necessary to comply with legal obligations to which we are subject. These may include tax, commercial, and customs regulations, foreign trade laws, or anti-money laundering and sanctions compliance requirements. For example, we may verify your identity against applicable sanctions lists.

Where a direct or potential contractual relationship exists between you and Leschaco, we may also process your personal data to perform that contract or to take steps at your request prior to entering into such an agreement.

4. Third parties who may receive your data 
We only disclose your personal data to third parties where permitted or required by applicable law. These recipients include, for example:

• Credit institutions and financial service providers for the purpose of processing payments;
• Legal representatives or collection agencies in the context of asserting or defending legal claims, such as debt enforcement proceedings.

We also engage external service providers to support our operations. These include providers of IT infrastructure, cloud platforms, secure data storage, archiving and destruction services, printing and communication services, and technical service providers who assist in the development of our internal systems and digital tools. Whenever such providers act on our behalf, they are contractually bound to comply with applicable data protection requirements.

Where personal data is transferred to a service provider or Leschaco group entity located outside the country in which it was originally collected, we ensure that the transfer is carried out in accordance with applicable data protection regulations. In cases involving transfers from the European Economic Area (EEA) to countries outside the EEA, we rely on one of the following safeguards:

• An adequacy decision by the European Commission confirming an equivalent level of data protection in the recipient country;
• The use of EU Standard Contractual Clauses or equivalent contractual mechanisms ensuring appropriate data protection safeguards;
• Your explicit consent, where no other safeguard applies and such consent is legally valid.

We may also share your data with Leschaco affiliates and subsidiaries worldwide, to the extent necessary for internal administrative and operational purposes, subject to applicable data protection standards.

Please note that we do not sell or otherwise commercialize your personal data. Protecting your privacy and safeguarding your personal data are the core principles of our data handling practices.

5. Retention periods
Personal data will be retained for as long as necessary to fulfill the above-mentioned purposes, or if there are legal or contractual retention obligations.  Some legal retention obligations may arise from tax law, contract law, or laws on the prevention of money laundering, terrorism financing, and corruption. 

6. Your Rights as Data Subject
You have the right to request access to your personal data, to have inaccurate or incomplete data corrected or deleted, to request the restriction of processing, to object to certain types of processing, and to receive a copy of your data in a structured, commonly used, and machine-readable format (data portability), where applicable.

Please be aware that, depending on your jurisdiction, additional rights may apply under local data protection laws.

We are committed to respecting and facilitating the exercise of your rights. However, we may decline to act on a request where we have overriding legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defense of legal claims.

You can exercise your rights at any time by contacting us at:

privacy@remove-this.leschaco.com

In addition, you have the right to lodge a complaint with a competent data protection authority if you believe that the processing of your personal data violates applicable data protection laws. If you are in the European Union, a list of national supervisory authorities is available at:

https://edpb.europa.eu/about-edpb/about-edpb/members_en 

7. Contact Details of the Data Protection Officer 
For questions, comments or complaints, please contact our data privacy officer:

FIRST PRIVACY GmbH

Web: www.first-privacy.com

E-Mail: office@remove-this.first-privacy.com