PRIVACY POLICY

1. WHO WE ARE AND HOW TO CONTACT US

MBC PRINT LIMITED, trading as IronRoute Cargo ("the Company", "we", "us", "our"), is the data controller responsible for your personal data. As data controller, we determine the purposes and means of processing personal data collected through our website, enquiry forms, telephone, email, and in the course of providing freight and logistics services.

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us in writing at the registered address above, or via the contact form on our website. We are committed to responding to all data protection enquiries within one calendar month in accordance with UK GDPR requirements.

2. WHAT PERSONAL DATA WE COLLECT

Depending on how you interact with us, we may collect and process the following categories of personal data:

• Identity Data: First name, last name, title, job title, and company name.
• Contact Data: Email address, telephone number(s), postal address, and billing address.
• Commercial Data: Details of the freight and logistics services you enquire about or engage, quotation and booking history, cargo descriptions, origins and destinations.
• Financial Data: Invoice records, payment history, bank account details (for refund purposes only), and VAT registration numbers where applicable.
• Communication Data: Records of correspondence with us by email, telephone, contact form, or WhatsApp message.
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, and other technology on the devices you use to access our website.
• Usage Data: Information about how you use our website, including pages visited, time on page, and referral sources.
• Cookie Data: Data collected via cookies and similar tracking technologies as described in Section 9 below.

We do not intentionally collect any Special Category Personal Data (as defined under Article 9 UK GDPR), including data relating to health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, biometric data, or sexual orientation. Please do not send us such data.

We do not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently collected data from a child, please contact us immediately.

3. HOW WE COLLECT YOUR PERSONAL DATA

We collect personal data through the following means:

• Direct Interactions: When you complete an enquiry or quotation form on our website, contact us by telephone or email, send us a message via WhatsApp, or enter into a service agreement with us.
• Automated Technologies: As you interact with our website, we may automatically collect Technical and Usage Data using cookies, server logs, and similar technologies. Please see Section 9 for details.
• Third Parties: We may receive personal data about you from third parties such as freight booking platforms, introducers, or customs authorities where lawfully disclosed to us in connection with a shipment.

4. LEGAL BASIS FOR PROCESSING

We will only process your personal data where we have a valid legal basis to do so under the UK GDPR. The legal bases we rely on are:

• Performance of a Contract (Article 6(1)(b)): Processing necessary to fulfil a freight or logistics service contract with you, or to take steps at your request prior to entering into a contract (e.g. preparing a quotation).
• Legal Obligation (Article 6(1)(c)): Processing required to comply with our legal obligations, including customs and tax regulations, anti-money laundering requirements, and sanctions screening.
• Legitimate Interests (Article 6(1)(f)): Processing for our legitimate business interests, including fraud prevention, network and information security, improving our services, and direct marketing of similar services to existing clients, provided such interests are not overridden by your rights and interests.
• Consent (Article 6(1)(a)): Where we rely on your consent, for example for the placement of non-essential cookies or for sending marketing communications to prospective clients. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

5. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

• To respond to your freight enquiries and provide quotations.
• To process, arrange, and manage freight bookings and shipments.
• To prepare and submit customs documentation and declarations on your behalf.
• To issue invoices, process payments, and manage our financial records.
• To communicate with you about the status of your shipments and any operational issues.
• To verify your identity and conduct due diligence as required by applicable law.
• To comply with customs, tax, sanctions, and export control obligations.
• To improve our website, services, and customer experience.
• To send you relevant service updates, freight industry news, and promotional information where you have consented or where we have a legitimate interest.
• To enforce our Terms and Conditions, pursue or defend legal claims, and protect the rights and property of the Company.

6. SHARING YOUR PERSONAL DATA

We may share your personal data with the following categories of recipients for the purposes described in this policy:

• Carriers and Transport Operators: Shipping lines, airlines, road hauliers, and port/airport handling agents as necessary to arrange carriage of your goods.
• Customs Authorities: HM Revenue & Customs (HMRC) and overseas customs authorities as required for clearance of imports and exports.
• Insurance Providers: Where cargo insurance is arranged on your behalf.
• IT and Technology Service Providers: Website hosting, email, and CRM providers who process data on our behalf as data processors under appropriate contractual safeguards.
• Legal and Professional Advisors: Solicitors, accountants, and auditors where necessary for legal compliance or defence of claims.
• Law Enforcement and Regulatory Bodies: Where required by law, court order, or legitimate regulatory request.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

7. INTERNATIONAL DATA TRANSFERS

The nature of freight and logistics services means that personal data included in shipping documents (such as bills of lading, air waybills, and customs declarations) will necessarily be transmitted to countries outside the United Kingdom, including countries that may not provide the same level of data protection as the UK.

Where we transfer personal data to countries outside the UK that are not covered by UK adequacy regulations, we implement appropriate safeguards, which may include standard contractual clauses approved by the UK Information Commissioner's Office (ICO), or other appropriate transfer mechanisms in accordance with the UK GDPR. By using our freight services, you acknowledge and consent to the necessary international transfer of your data for the performance of those services.

8. DATA RETENTION

We retain your personal data only for as long as necessary for the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Our standard retention periods are as follows:

• Quotation and enquiry records (where no booking placed): 12 months from date of last contact.
• Active client and booking records: 7 years from the date of the final transaction, in compliance with HMRC requirements for accounting records.
• Customs documentation: Minimum 4 years as required by HMRC, or longer where required by applicable law.
• Marketing consent records: Until you withdraw consent or 3 years from last engagement, whichever is sooner.
• Website technical and usage data: Up to 26 months from date of collection.

At the end of the applicable retention period, personal data will be securely deleted or anonymised.

9. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar tracking technologies to improve your browsing experience and to analyse how the site is used. Cookies are small text files placed on your device by websites you visit.

We use the following types of cookies:

• Strictly Necessary Cookies: Essential for the website to function properly (e.g. remembering your cookie preference). These do not require your consent.
• Analytical/Performance Cookies: Help us understand how visitors interact with our website so we can improve it. We only place these cookies with your prior consent.
• Functionality Cookies: Remember your preferences and settings to improve your experience.

When you first visit our website, you will be presented with a cookie consent banner. By clicking "Accept Cookies" you consent to our use of non-essential cookies. You may withdraw your consent at any time by clearing your browser cookies and not accepting on a subsequent visit. Most browsers also allow you to refuse or delete cookies via browser settings.

Please note that disabling cookies may affect the functionality of our website.

10. YOUR RIGHTS UNDER UK GDPR

Subject to certain legal exceptions, you have the following rights in relation to your personal data:

• Right of Access: To request a copy of the personal data we hold about you (Subject Access Request).
• Right to Rectification: To request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): To request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you withdraw consent and no other legal basis applies.
• Right to Restrict Processing: To request that we limit the processing of your personal data in certain circumstances.
• Right to Data Portability: To receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller, where processing is based on consent or contract.
• Right to Object: To object to processing based on legitimate interests or for direct marketing purposes.
• Rights Related to Automated Decision Making: To not be subject to solely automated decisions that produce significant legal or similarly significant effects, except where certain conditions apply.
• Right to Withdraw Consent: Where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please submit a written request to the address above or via our contact form. We will respond within one calendar month. We may need to verify your identity before processing your request. We do not charge a fee for processing rights requests unless they are manifestly unfounded or excessive.

If you are dissatisfied with our handling of your personal data or our response to a rights request, you have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at www.ico.org.uk, by telephone on 0303 123 1113, or by post at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

11. SECURITY

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, or disclosure. These measures include access controls, secure transmission protocols (HTTPS/TLS), and staff training on data protection obligations.

However, please be aware that no method of electronic transmission or storage is completely secure. Whilst we strive to protect your personal data, we cannot guarantee its absolute security. In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR.

12. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal requirements, or the services we provide. The current version of this policy, with the date of last update, will always be available on our website.

Where changes are material, we will take reasonable steps to notify you, which may include displaying a prominent notice on our website or contacting you directly. We encourage you to review this policy periodically. Your continued use of our website or services following the posting of changes constitutes your acknowledgement of, and where applicable, consent to, those changes.

This Privacy Policy was last reviewed and updated in May 2025.