NIC Privacy Notice

Last Updated: August 2023

This Notice has been updated to reflect the acquisition by FourKites and to ensure global expansion is addressed appropriately.

At NIC GmbH (“NIC-Place“, “NIC,we“, “us“, or “our“), your privacy is of great importance. This NIC Privacy Notice (“Notice“) describes who we are, how we collect, share and use information that can identify you directly or indirectly (“personal information”), and how you can exercise your privacy rights. This Notice applies in general to all instances where we collect and process personal information, whether online or offline. Whenever we collect your personal information, we will either refer you to this Notice and the applicable sections, or we will provide a separate notice.

1. NIC 

NIC-Place, a FourKites company, is a logistics software pioneer and the leading Carrier-focused Supply Chain Visibility Solution. We enable advanced visualization, monitoring and analysis of mixed fleets and transport processes using secure telematics data.

NIC GmbH
Rotleitenstraße 1 c
87634 Obergünzburg
Germany

To ask questions or share comments about this Notice and our privacy practices, contact us at: privacy@fourkites.com.

Commercial register number: HRB 13638
Managing director: Mathew Elenjickal, Stephan Elsasser, and Kevin Krükis
Telephone: +49 831 6971745-0
Email: info@nic-place.com

EU Representative. If you are located in the EEA, you can contact FourKites’ EU Representative, FourKites B.V., at Schiphol Boulevard 175, 1118 BG in Schiphol, the Netherland.

UK Representative. If you are located in the UK, you can contact FourKites’ UK Representative Lionheart Squared Limited at FourKites@LionheartSquared.co.uk, or at Lionheart Squared Limited, 17 Glasshouse Studios, Fryern Court Road, Fordingbridge, Hampshire, SP6 1QX, United Kingdom.

2. NIC as a Data Controller

This Notice applies to personal information in situations where we decide how and why your personal information is to be processed and thus act as a data controller. This Notice does not apply where we are acting merely as a service provider to another organization who decides how and why we process your personal information, in other words, where we act as a data processor.

NIC-Place is a FourKites company and therefore the ultimate controller of your information is FourKites, Inc. Read FourKites Privacy Notice for further information on the processing of personal information by the FourKites company. Any of your question are handled by the central team (privacy@fourkites.com) responsible for privacy at FourKites.

3. Who we collect information from

While we are a business-to-business company we process personal information of various categories of individuals in order to function and to maintain relationships with these individuals. We process the personal information of the following individuals:

a. Website visitors
b. Customers, data providers (incl. drivers), suppliers, and business partners
c. NIC-Place user
d. Employees, contractors, and applicants
e. Other visitors and individuals we connect with professionally

4. What kind of personal information we process

In the course of our business activities and providing our services, we process personal information that you provide directly or indirectly to us when using our services or interacting with us in any other situation, including:

  • Identification data, such as your name, online identifier, signature in case of contracting,
  • Contact information, such as your email address, phone number, work address, business card,
  • Professional information, such as your job title/position, employer,
  • User information, such as login credentials, logs, traffic data,
  • Electronic information, such as IP address, unique identifier, unique device or user ID, system and browser type, date and time stamps, referring website address, content and pages you accessed on our website, click-stream information, and
  • Other information you choose to provide to us, for example the purpose of your visit if you visit our office, or any other information when using our contact forms.

5. Collection of personal information through cookies

On the NIC website, certain electronic information is collected using cookies. What kind of cookies we use and the purposes for which we use it, is described in our Cookie Notice. For the purpose of performance and tracking, we will only collect information after you have provided consent through our cookie banner.

6. The purposes for which we process your personal information and legal basis

a. Website Visitors.

Certain parts of our website will ask you to provide personal information. For example, we will ask you to provide certain personal information (e.g., name, contact details, company name) in order to find out more about NIC-Place or the services we provide when using our contact form. We use the personal information we collect through our Website for the following business and commercial purposes:

  • To provide, operate, optimize, manage and maintain the Website, including customizing and improving the content, navigation and layout, system administration and security.
  • To respond to your online inquiries and requests, and to provide you with information and access to resources about the Services that you have requested from us.
  • To identify any server, network or other IT issues.
  • To compile aggregated statistics about usage and to better understand the preferences of our website visitors.
  • To carry out research and development in order to improve the website.
  • For the specific purposes stated on any forms on this website.
  • To enforce our rights arising from any contracts entered into between you and your company and us.
  • To protect our rights, property, or safety of NIC, our customers, or others or to enable us to take precautions against liability.
  • To monitor our website for security purposes to ensure we protect NIC-Place against hacking, viruses, or other unauthorized access.
  • To send you information about NIC Place and its services/products for marketing purposes, in accordance with your marketing preferences.
  • To comply with laws and regulations, under judicial authorization.

Legal Basis. We process this information based on our legitimate interest or based on your consent where appropriate. The personal information that you are asked to provide, and the reasons why we want it, will be made clear to you at the point we ask you to provide it.

  • Legitimate Interest. To conduct our business, we normally collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to improve, maintain, provide and enhance our technology and services, communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
  • Legal Obligation. In some limited cases, we may have a legal obligation to collect personal information from you. We will let you know prior to collection whether the provision of the personal information we are collecting is a statutory or contractual requirement, as well as whether you are obliged to provide it and the possible consequences, if any, of not providing the information.
  • Consent. If you are from a country that requires us to obtain your consent for any processing of your personal information (e.g., collection, usage, transfer), we will do so in accordance with the applicable law. If you do not wish to provide us with any personal information which is indicated as compulsory, we may not be able to communicate with you or provide certain services or features to you.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at privacy@fourkites.com.

b. Customers, data providers (incl. drivers), suppliers, and business partners.

If you are a current or prospective customer, data provider, business partner or supplier of ours, we will collect and use personal information about you. For example, we will ask you to provide certain personal information (e.g., name, contact details, company name) in order to manage our business relationship with you. We use the personal information we collect for the following business and commercial purposes:

  • General business relationship management within NIC, including contract management, for example, to enable us to deliver our services to your company, or to audit the provision of services by your company to NIC.
  • To give you notices about your account or subscriptions, including expiration or renewal notices.
  • To manage our daily business activities, such as executing payments.
  • To manage any queries, complaints or claims relating to the services your company provides to NIC or that NIC provides to you.
  • For direct marketing, advertising and public relations purposes, in connection with NIC’s business activities, products and services (including to make recommendations about our services and products), and to inform you about important developments within NIC.
  • For product development purposes, to allow us to improve our products and services or develop new products and services.
  • To help us conduct our business more effectively and efficiently or check and improve the quality of our products and/or services.
  • To carry out research and development with various NIC partners in order to improve the services we provide to you.
  • To investigate violations of law or breaches of NIC policies.
  • To enforce our rights arising from any contracts entered into between you or your company and us, including agreements for subscriptions to NIC-Place, and for billing and collection.
  • To protect our legal rights, property, or safety of NIC, our customers, or others or to enable us to take precautions against liability, security issues or other damages.
  • Where necessary to comply with laws and regulations, under judicial authorization, such as screening against denied parties’ lists.

Legal Basis. We process this information based on our legitimate interest or based on your consent where appropriate. The personal information that you are asked to provide, and the reasons why we want it, will be made clear to you at the point we ask you to provide it.

  • Legitimate Interest. To conduct our business, we normally collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to improve, maintain, provide and enhance our technology and services, communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
  • Legal Obligation. In some limited cases, we may have a legal obligation to collect personal information from you. We will let you know prior to collection whether the provision of the personal information we are collecting is a statutory or contractual requirement, as well as whether you are obliged to provide it and the possible consequences, if any, of not providing the information.
  • Consent. If you are from a country that requires us to obtain your consent for any processing of your personal information (e.g., collection, usage, transfer), we will do so in accordance with the applicable law. If you do not wish to provide us with any personal information which is indicated as compulsory, we may not be able to communicate with you or provide certain services or features to you.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us atprivacy@fourkites.com.

c. NIC-Place User.

Where we provide NIC-Place, we primarily act as a data processor on behalf of our customers, however we process some of your information for our own purposes. The information included in this notice regards the information that we process in our role as a data controller. For example, we collect your name and password when you decide to sign up for NIC-Place. We use the personal information that we collect about you or that you or other NIC-Place Users provide to us for the following business and commercial purposes:

  • Provide, operate, optimize, manage, maintain and improve NIC-Place, including customizing and improving the content, navigation and layout, system administration and ensuring the functionality and security of NIC-Place.
  • To contact you about onboarding data providers to NIC-Place.
  • Respond to, or follow up on, your comments and questions, and otherwise provide customer service or provide you with any other information that you request from us.
  • Notify you when updates are available and of changes to NIC-Place.
  • Track Platform usage and performance to better serve our customers and improve user experience, including by monitoring usage patterns, storing information about your preferences, allowing us to customize NIC-Place according to your individual settings and recognize you when you use NIC-Place.
  • To send you marketing communications about our Services and events, including via email and in-app notifications, in accordance with your marketing preferences.
  • To enforce our rights arising from any contracts entered into between you or your company and us, including agreements for subscriptions to NIC-Place, and for billing and collection.
  • To protect our rights, property, or safety of NIC, our customers, or others or to enable us to take precautions against liability.
  • To monitor NIC-place for security purposes to ensure we protect NIC-Place against hacking, viruses, inappropriate use of our software, or other misconduct.
  • To comply with laws and regulations, under judicial authorization.
  • To publish your company profile in the NIC-Place Community (search feature) when you opted-in for this functionality.

Legal Basis. We process this information based on our legitimate interest or based on your consent where appropriate. The personal information that you are asked to provide, and the reasons why we want it, will be made clear to you at the point we ask you to provide it.

  • Legitimate Interest. To conduct our business, we normally collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to improve, maintain, provide and enhance our technology and services, communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
  • Legal Obligation. In some limited cases, we may have a legal obligation to collect personal information from you. We will let you know prior to collection whether the provision of the personal information we are collecting is a statutory or contractual requirement, as well as whether you are obliged to provide it and the possible consequences, if any, of not providing the information.
  • Consent. If you are from a country that requires us to obtain your consent for any processing of your personal information (e.g., collection, usage, transfer), we will do so in accordance with the applicable law. If you do not wish to provide us with any personal information which is indicated as compulsory, we may not be able to communicate with you or provide certain services or features to you.

NIC-Place Search. This search feature of NIC-Place enables users to communicate and share data and company profile with other users, including shippers, carriers, beneficial cargo owners, third-party logistic providers, system integrators and device manufacturers. You decide whether to publish the company profile and what kind of contact information you include in your company profile. When you select to opt-in to this feature, we will share your company profile with other users in NIC-Place.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at privacy@fourkites.com.

d. Employees, contactors, and applicants.

For this group we have separate privacy notices that explain the purposes for processing. One internal notice for our employees and one for applicants, which can be found here. Therefore, these groups are not elaborated on in this Notice.

e. Other visitors and individuals we connect with professionally.

In certain instances, we collect personal information, such as your contact and job details and feedback, when you attend our events, take part in surveys, register to receive a gift from our swag store or through other business or marketing interactions we have with you for the purposes outlined below. You may choose to provide additional information when you communicate with us or otherwise interact with us, and we will keep copies of any such communications for our records for as long as necessary and permissible. We collect and use this personal information about you for the following business and commercial purposes:

  • For the management of our guest list.
  • To create content for promotion materials, in accordance with necessary authorizations.
  • Photos and video footage may be taken to document and promote our events, business and activities.
  • To send you information about NIC-Place and its services/products for marketing purposes, in accordance with your marketing preferences.
  • To respond to your online inquiries and requests, and to provide you with information and access to resources about the Services that you have requested from us.
  • To carry out research and development to improve our services.
  • To enforce our rights arising from any contracts entered into between you or your company and us, including agreements for subscriptions to NIC-Place, and for billing and collection.
  • To protect our rights, property, or safety of NIC, our customers, or others or to enable us to take precautions against liability, security issues or other damages.
  • To investigate violations of law or breaches of NIC policies.
  • To comply with laws and regulations, under judicial authorization.

Legal Basis. We process this information based on our legitimate interest or based on your consent where appropriate. The personal information that you are asked to provide, and the reasons why we want it, will be made clear to you at the point we ask you to provide it.

  • Legitimate Interest. To conduct our business, we normally collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to improve, maintain, provide and enhance our technology and services, communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
  • Legal Obligation. In some limited cases, we may have a legal obligation to collect personal information from you. We will let you know prior to collection whether the provision of the personal information we are collecting is a statutory or contractual requirement, as well as whether you are obliged to provide it and the possible consequences, if any, of not providing the information.
  • Consent. If you are from a country that requires us to obtain your consent for any processing of your personal information (e.g., collection, usage, transfer), we will do so in accordance with the applicable law. If you do not wish to provide us with any personal information which is indicated as compulsory, we may not be able to communicate with you or provide certain services or features to you.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us atprivacy@fourkites.com.

7. Sensitive Personal Information

We do not collect any sensitive personal information through our Services. Sensitive personal information, as defined by applicable data protection laws, may include details about your race or ethnicity, religious, moral, or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health (including mental), and genetic and biometric data; financial information such as account numbers.  We also do not collect any information about criminal convictions or offences.

8. Automated Decision-Making

At NIC-Place, individuals are not subject to a decision based solely on automated processing which produces legal effects concerning the individual or similarly significantly affects the individual.

9. The recipients who have access to your personal information

In addition to and based on the specific purposes set out above, we disclose personal information that we collect or that you provide. We may share or disclose your personal information to the following categories of recipients:

  • Holding company, subsidiaries, affiliates, and employees. We may share your personal information with our holding company FourKites, Inc., and subsidiaries and affiliates, including FourKites India Private Limited (India), FourKites B.V. (the Netherlands) and FourKites Singapore Pte. Ltd. If and to the extent necessary for the performance of their tasks, access will be granted to your personal information to our employees who are bound by confidentiality.
  • Third-party vendors and other service providers. We may share your personal information with our third-party vendors, contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
  • Business transfers. We may share your personal information with a buyer or other successor in the event of a merger, divestiture, restricting, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by NIC about NIC-Place users and/or Website visitors is among the assets transferred.
  • Compliance with laws. We may share your personal information with any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • Service delivery. For Platform and CarrierLink Users, we may share your personal information to shippers, carriers, brokers and other participants in the shipping and/or trucking industry only as necessary to provide the Services, pursuant to agreements with each such licensee.
  • Community users. For the Community Site Users, we may share your personal information to other Users of the Community Site.
  • To any other third party you authorize us to disclose it to (e.g., NIC-Place Community).

10. Protection of your Personal Information

We take contractual, technical and organizational security measures in accordance with the state of the technology to protect the processed data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Your personal data will be protected within the scope of the following points:

  • Safeguarding the confidentiality of your personal data. To maintain the confidentiality of your data stored by us, we have taken various measures such as access control, pseudonymization and encryption. Additionally, we ensure that actual or suspected data breaches are investigated and reported in accordance with applicable law.
  • Safeguarding the integrity of your personal data. To maintain the integrity of your data stored by us, we have taken various measures to control disclosure and input, and train our employees as part of our information security program.
  • Maintaining the availability of your personal data. To maintain the availability of your data stored with us, we have taken various control measures to ensure the resilience of processing systems and services.
  • Testing, assessing, and evaluating the effectiveness of measures implemented. The security measures in place are continuously improved in line with technological developments.

11. Location and Retention of your Personal Information

a. Location. If you are using NIC-Place, be aware that your information collected by NIC as part of the FourKites company, will be transferred to, and maintained on, IT infrastructure located within the United States and further that your information may be accessed within the United States and/or our teams in India and Singapore. The collection, use, retention and any other processing of your information will be governed by United States law, to the extent applicable, and further by the specific jurisdictions within the United States where that information is stored, unless otherwise specified. Accordingly, your information may be accessible to law enforcement and/or regulatory authorities according to applicable United States law.
b. Retention. We hold your personal information only for as long as necessary to fulfil the purposes set out in this Privacy Notice. If you would like more information about specific retention periods you can contact us at privacy@fourkites.com. NIC Place only decides the retention period for the personal information processed as described in this notice in the capacity of a controller. Our customers decide the appropriate retention periods for personal information processed by us in the capacity of a processor on their behalf.

12. International Transfer of your Personal Information

When we transfer your personal information outside of the jurisdiction in which you live or work, we do this where we are satisfied that adequate levels of protection are in place to protect the integrity and security of your personal data and/or adequate security measures are adopted, in compliance with applicable data protection laws.

This means that whenever your personal information is transferred to a different jurisdiction, we make sure that such transfers is subject to appropriate safeguards, and we obtain your consent when required by applicable law. For the European Economic Area, such transfers to third parties (outside the European Economic Area) will be governed by a contract based on the model contractual clauses for data transfers approved by the European Commission or other appropriate safeguards, such as the EU-US Data Privacy Framework.

Data Privacy Framework. FourKites complies with the EU-U.S. Data Privacy Framework (“DPF”), and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from EU member countries and Switzerland to the United States pursuant to DPF. FourKites has certified to the Department of Commerce that it adheres to the DPF principles with respect to such data. If there is any conflict between the policies in this Privacy Policy and the Privacy Principles, the Privacy Principles shall govern.

The EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union and Switzerland while ensuring data protection that is consistent with EU and Swiss law. To learn more about the DPF program, and to view our certification page, please visit www.dataprivacyframework.gov.

13. Your Privacy Rights

Based on the law applicable to the use of your personal information, you have rights in relation to your personal information. Note that we will have to balance your rights and your request to exercise them against our rights and obligations to process your personal information and to protect the rights and freedoms of others. A number of the rights you have in relation to your Personal Data, as applicable in the European Economic Area, are explained below:

  • You can access, correct, update or delete your personal information by emailing us at privacy@fourkites.com. Note that we cannot delete your personal information without also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement (including contractual) or cause the information to be incorrect. Proper access and use of information in connection with the Services is governed by our agreements with the company licensing access to the Services.
  • You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information by emailing privacy@fourkites.com.
  • When you have previously opted in for receiving marketing from us and if you do not want us to use your email address anymore to promote our own or third parties’ products or services, you can opt-out of receiving marketing emails at any time by sending an email to unsubscribe@fourkites.com by using the unsubscribe function on the marketing communication.
  • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time by emailing privacy@fourkites.com. Withdrawing your consent will not affect the lawfulness of any processing conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details are available here.

14. Children under the Age of 13 and Minors

NIC-Place and the Website are not intended for children under the age of 13, and we do not knowingly collect personal information from children under the age of 13. If we learn we have collected or received personal information from a child under the age of 13 without verification of parental consent, we will delete that information immediately. If you believe we might have any information from or about a child under the age of 13, please contact us at privacy@fourkites.com.

15. Changes to this Privacy Notice

We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.

You are responsible for ensuring we have an up-to-date active and deliverable email address and/or mobile phone number for you and for periodically visiting this Notice to check for any changes.