David/xpeditis2.0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10b45599ae
xpeditis2.0/apps/frontend/src/pages/privacy.tsx
David 2069cfb69d feature
2025-11-04 07:30:15 +01:00

389 lines
16 KiB
TypeScript
Raw Blame History

/**
* Privacy Policy Page
* GDPR Compliant
*/
import React from 'react';
import Head from 'next/head';
export default function PrivacyPage() {
return (
<>
<Head>
<title>Privacy Policy | Xpeditis</title>
<meta
name="description"
content="Privacy Policy for Xpeditis - GDPR compliant data protection"
/>
</Head>
<div className="min-h-screen bg-gray-50 py-12 px-4 sm:px-6 lg:px-8">
<div className="max-w-4xl mx-auto bg-white shadow-lg rounded-lg p-8">
<h1 className="text-4xl font-bold text-gray-900 mb-6">Privacy Policy</h1>
<p className="text-sm text-gray-500 mb-8">
Last Updated: October 14, 2025
<br />
GDPR Compliant
</p>
<div className="prose prose-lg max-w-none">
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">1. Introduction</h2>
<p className="text-gray-700 mb-4">
Xpeditis ("we," "our," or "us") is committed to protecting your privacy. This
Privacy Policy explains how we collect, use, disclose, and safeguard your
information when you use our maritime freight booking platform.
</p>
<p className="text-gray-700 mb-4">
This policy complies with the General Data Protection Regulation (GDPR) and other
applicable data protection laws.
</p>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">2. Data Controller</h2>
<div className="bg-gray-50 p-4 rounded-lg mb-4">
<p className="text-gray-700">
<strong>Company Name:</strong> Xpeditis
<br />
<strong>Email:</strong> privacy@xpeditis.com
<br />
<strong>Address:</strong> [Company Address]
<br />
<strong>DPO Email:</strong> dpo@xpeditis.com
</p>
</div>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">
3. Information We Collect
</h2>
<h3 className="text-xl font-semibold text-gray-800 mb-2">3.1 Personal Information</h3>
<p className="text-gray-700 mb-4">We collect the following personal information:</p>
<ul className="list-disc pl-6 text-gray-700 mb-4">
<li>
<strong>Account Information:</strong> Name, email address, phone number, company
name, job title
</li>
<li>
<strong>Authentication Data:</strong> Password (hashed), OAuth tokens, 2FA
credentials
</li>
<li>
<strong>Booking Information:</strong> Shipper/consignee details, cargo
descriptions, container specifications
</li>
<li>
<strong>Payment Information:</strong> Billing address (payment card data is
processed by third-party processors)
</li>
<li>
<strong>Communication Data:</strong> Support tickets, emails, chat messages
</li>
</ul>
<h3 className="text-xl font-semibold text-gray-800 mb-2">
3.2 Technical Information
</h3>
<ul className="list-disc pl-6 text-gray-700 mb-4">
<li>
<strong>Log Data:</strong> IP address, browser type, device information, operating
system
</li>
<li>
<strong>Usage Data:</strong> Pages visited, features used, time spent, click
patterns
</li>
<li>
<strong>Cookies:</strong> Session cookies, preference cookies, analytics cookies
</li>
<li>
<strong>Performance Data:</strong> Error logs, crash reports, API response times
</li>
</ul>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">
4. Legal Basis for Processing (GDPR)
</h2>
<p className="text-gray-700 mb-4">
We process your data based on the following legal grounds:
</p>
<ul className="list-disc pl-6 text-gray-700 mb-4">
<li>
<strong>Contract Performance:</strong> To provide booking and shipment services
</li>
<li>
<strong>Legitimate Interests:</strong> Platform security, fraud prevention,
service improvement
</li>
<li>
<strong>Legal Obligation:</strong> Tax compliance, anti-money laundering, data
retention laws
</li>
<li>
<strong>Consent:</strong> Marketing communications, optional analytics, cookies
</li>
</ul>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">
5. How We Use Your Information
</h2>
<ul className="list-disc pl-6 text-gray-700 mb-4">
<li>Provide, operate, and maintain the Platform</li>
<li>Process bookings and manage shipments</li>
<li>Communicate with you about your account and services</li>
<li>Send transactional emails (booking confirmations, notifications)</li>
<li>Provide customer support</li>
<li>Detect and prevent fraud, abuse, and security incidents</li>
<li>Analyze usage patterns and improve the Platform</li>
<li>Comply with legal obligations</li>
<li>Send marketing communications (with your consent)</li>
</ul>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">
6. Data Sharing and Disclosure
</h2>
<p className="text-gray-700 mb-4">We may share your information with:</p>
<h3 className="text-xl font-semibold text-gray-800 mb-2">6.1 Service Providers</h3>
<ul className="list-disc pl-6 text-gray-700 mb-4">
<li>
<strong>Shipping Carriers:</strong> Maersk, MSC, CMA CGM, etc. (for booking
execution)
</li>
<li>
<strong>Cloud Infrastructure:</strong> AWS/GCP (data hosting)
</li>
<li>
<strong>Email Services:</strong> SendGrid/AWS SES (transactional emails)
</li>
<li>
<strong>Analytics:</strong> Sentry (error tracking), Google Analytics (usage
analytics)
</li>
<li>
<strong>Payment Processors:</strong> Stripe (payment processing)
</li>
</ul>
<h3 className="text-xl font-semibold text-gray-800 mb-2">6.2 Legal Requirements</h3>
<p className="text-gray-700 mb-4">
We may disclose your information if required by law, court order, or government
request, or to protect our rights, property, or safety.
</p>
<h3 className="text-xl font-semibold text-gray-800 mb-2">6.3 Business Transfers</h3>
<p className="text-gray-700 mb-4">
In the event of a merger, acquisition, or sale of assets, your information may be
transferred to the acquiring entity.
</p>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">
7. International Data Transfers
</h2>
<p className="text-gray-700 mb-4">
Your data may be transferred to and processed in countries outside the European
Economic Area (EEA). We ensure adequate protection through:
</p>
<ul className="list-disc pl-6 text-gray-700 mb-4">
<li>Standard Contractual Clauses (SCCs)</li>
<li>EU-US Data Privacy Framework</li>
<li>Adequacy decisions by the European Commission</li>
</ul>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">8. Data Retention</h2>
<p className="text-gray-700 mb-4">We retain your data for the following periods:</p>
<ul className="list-disc pl-6 text-gray-700 mb-4">
<li>
<strong>Account Data:</strong> Until account deletion + 30 days
</li>
<li>
<strong>Booking Data:</strong> 7 years (for legal and tax compliance)
</li>
<li>
<strong>Audit Logs:</strong> 2 years
</li>
<li>
<strong>Analytics Data:</strong> 26 months
</li>
<li>
<strong>Marketing Consent:</strong> Until withdrawal + 30 days
</li>
</ul>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">
9. Your Data Protection Rights (GDPR)
</h2>
<p className="text-gray-700 mb-4">You have the following rights:</p>
<h3 className="text-xl font-semibold text-gray-800 mb-2">9.1 Right to Access</h3>
<p className="text-gray-700 mb-4">
You can request a copy of all personal data we hold about you.
</p>
<h3 className="text-xl font-semibold text-gray-800 mb-2">
9.2 Right to Rectification
</h3>
<p className="text-gray-700 mb-4">You can correct inaccurate or incomplete data.</p>
<h3 className="text-xl font-semibold text-gray-800 mb-2">
9.3 Right to Erasure ("Right to be Forgotten")
</h3>
<p className="text-gray-700 mb-4">
You can request deletion of your data, subject to legal retention requirements.
</p>
<h3 className="text-xl font-semibold text-gray-800 mb-2">
9.4 Right to Data Portability
</h3>
<p className="text-gray-700 mb-4">
You can receive your data in a structured, machine-readable format (JSON/CSV).
</p>
<h3 className="text-xl font-semibold text-gray-800 mb-2">9.5 Right to Object</h3>
<p className="text-gray-700 mb-4">
You can object to processing based on legitimate interests or for marketing
purposes.
</p>
<h3 className="text-xl font-semibold text-gray-800 mb-2">
9.6 Right to Restrict Processing
</h3>
<p className="text-gray-700 mb-4">
You can request limitation of processing in certain circumstances.
</p>
<h3 className="text-xl font-semibold text-gray-800 mb-2">
9.7 Right to Withdraw Consent
</h3>
<p className="text-gray-700 mb-4">
You can withdraw consent for marketing or optional data processing at any time.
</p>
<h3 className="text-xl font-semibold text-gray-800 mb-2">
9.8 Right to Lodge a Complaint
</h3>
<p className="text-gray-700 mb-4">
You can file a complaint with your local data protection authority.
</p>
<div className="bg-blue-50 border-l-4 border-blue-500 p-4 mt-4">
<p className="text-blue-900">
<strong>To exercise your rights:</strong> Email privacy@xpeditis.com or use the
"Data Export" / "Delete Account" features in your account settings.
</p>
</div>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">10. Security Measures</h2>
<p className="text-gray-700 mb-4">
We implement industry-standard security measures:
</p>
<ul className="list-disc pl-6 text-gray-700 mb-4">
<li>
<strong>Encryption:</strong> TLS 1.3 for data in transit, AES-256 for data at rest
</li>
<li>
<strong>Authentication:</strong> Password hashing (bcrypt), JWT tokens, 2FA
support
</li>
<li>
<strong>Access Control:</strong> Role-based access control (RBAC), principle of
least privilege
</li>
<li>
<strong>Monitoring:</strong> Security logging, intrusion detection, regular audits
</li>
<li>
<strong>Compliance:</strong> OWASP Top 10 protection, regular penetration testing
</li>
</ul>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">
11. Cookies and Tracking
</h2>
<p className="text-gray-700 mb-4">We use the following types of cookies:</p>
<ul className="list-disc pl-6 text-gray-700 mb-4">
<li>
<strong>Essential Cookies:</strong> Required for authentication and security
(cannot be disabled)
</li>
<li>
<strong>Functional Cookies:</strong> Remember your preferences and settings
</li>
<li>
<strong>Analytics Cookies:</strong> Help us understand how you use the Platform
(optional)
</li>
<li>
<strong>Marketing Cookies:</strong> Used for targeted advertising (optional,
requires consent)
</li>
</ul>
<p className="text-gray-700 mb-4">
You can manage cookie preferences in your browser settings or through our cookie
consent banner.
</p>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">12. Children's Privacy</h2>
<p className="text-gray-700 mb-4">
The Platform is not intended for users under 18 years of age. We do not knowingly
collect personal information from children.
</p>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">
13. Changes to This Policy
</h2>
<p className="text-gray-700 mb-4">
We may update this Privacy Policy from time to time. We will notify you of
significant changes via email or platform notification. Continued use after changes
constitutes acceptance.
</p>
</section>
<section className="mb-8">
<h2 className="text-2xl font-semibold text-gray-900 mb-4">14. Contact Us</h2>
<p className="text-gray-700 mb-4">
For privacy-related questions or to exercise your data protection rights:
</p>
<div className="bg-gray-50 p-4 rounded-lg">
<p className="text-gray-700">
<strong>Email:</strong> privacy@xpeditis.com
<br />
<strong>DPO Email:</strong> dpo@xpeditis.com
<br />
<strong>Address:</strong> [Company Address]
<br />
<strong>Phone:</strong> [Company Phone]
</p>
</div>
</section>
</div>
</div>
</div>
</>
);
}
Reference in New Issue View Git Blame Copy Permalink