BunkerEx Limited (“BunkerEx”, “we” or “us”) are committed to protecting and respecting your privacy.
(https://www.bunker-ex.com/terms/). BunkerEx Limited is registered in England and Wales with Company
Registration Number 10229926 and having its place of business at New Broad Street House, 35 New
Broad Street, London EC2M 1NH.
References to “you” or “your” are to the individual whose personal data we receive and/or access
in connection with our business. References to “the service(s)” and “website(s)” are to the software
products and websites provided by BunkerEx.
The purpose of this policy is to let you know how we will use any personal data we collect from you or access about you in connection with our business. It also explains what rights you have to access or change your personal data.
We are the data processor of the personal data that is provided to us by you or our customer. In the
event that data has been provided by our customer, our customer is the data controller of such
personal data. We will only, therefore, process your personal data in accordance with the instructions of our customer. We may collect extra data about you to provide our service, as per Clause 2.0.
1.0 Customer’s Obligations
The following terms shall have the meaning ascribed to them below:
(i) “Data Controller” has the meaning set out in GDPR;
(ii) “Data Processor” has the meaning set out in GDPR;
(iii) “Data Protection Regulator” means the applicable supervisory authority with jurisdiction over either
party, and in each case any successor body from time to time;
(iv) “Data Subject” has the meaning set out in GDPR;
(v) “Privacy Laws” means all applicable data protection and privacy legislation, regulations, and guidance
governing the protection of Personal Information including but not limited to Regulation (EU) 2016/679
(the “General Data Protection Regulation” or “GDPR”); and
(vi) “Process”, “Processing” or “Processed” have the meaning set out in GDPR.
Data Controller and Data Processor
The Parties acknowledge that the Customer is the Data Controller and BunkerEx is the Data Processor of
the Customer Personal Information. BunkerEx will Process Personal Information in accordance with
Clause 2.0 of this Data Processing Addendum.
Customer’s Obligations as Data Controller
The Customer warrants that the Customer Personal Information has been obtained fairly and lawfully
and, in all respects in compliance with the Privacy Laws. The Customer shall comply with all of its
obligations under Privacy Laws and shall fully indemnify and hold BunkerEx harmless from and against any and all losses, damages, claims, costs, and expenses (including, without limitation, reasonable legal
expenses) suered or incurred by or awarded against BunkerEx as a result of or in connection with any
2.0 Collection, Use, Protection, Storage and Disclosure of your Personal Data
2.1 How we collect your data
When you visit our websites or use our services, we collect personal data. The ways we collect it can be
broadly categorized into the following:
Information that you provide to us:
‘Personal Data is information about an identifiable individual. We will collect and process the following
information about you when you or your employer (our customer):
– create an account to use our website;
– make an inquiry, provide feedback, make a complaint, or submit correspondence by post, by email or
on our website;
– ll in forms on the websites provided by BunkerEx. This includes information provided at the time of
registering for the service or when requesting further information;
– subscribe to our newsletter and mailing lists; and
The information you provide to us will include (depending on the circumstances): – Identity
and contact data: your name, one location, job role, phone/mobile number, Instant Messenger
username and email address;
– Financial data: if you purchase our services, you will also provide payment details, which may include
billing addresses, credit/debit card details, and bank account details.
Information we collect automatically:
We collect some information about you automatically when you visit our websites or use our services, like
your IP address and device type. We also collect information when you navigate through our websites
and services, including what pages you looked at and what links you clicked on. This information is useful
for us as it helps us get a better understanding of how you’re using our websites and services so that we
can continue to provide the best experience possible (e.g. by personalizing the content you see).
Some of this information is collected using cookies and similar tracking technologies.
Information we get from third parties:
As a Data Processor, we will receive information about you from third parties:
– Our customers (your employer): we will receive personal information about you from your employer in
the course of providing our services, such as your name, role, and email address in order to create an
account for you to access and use the service
We might also receive information about you from third parties if you have indicated to such a third party
that you would like to hear from us (e.g. from integration with your existing ERP software).
2.2 How we use your data
First and foremost, we use your personal data to operate our websites and provide you with any services
you’ve requested, and manage our relationship with you. We also use your personal data for other
purposes, which may include the following:
To communicate with you. This may include:
– providing you with information you’ve requested from us (like training or education materials) or
information we are required to send to you.;
– operational communications, like changes to our websites and services, security updates, or assistance
with using our websites and services;
– marketing communications in accordance with your marketing preferences;
– asking you for feedback or to take part in any research we are conducting.
To support you: This may include:
– assisting with the resolution of technical support issues or other issues relating to the websites or
services, whether by email, in-app support, or otherwise.
To enhance our websites and services and develop new ones: For example: – by tracking and
monitoring your use of websites and services so we can keep improving, or by carrying out technical
analysis of our websites and services so that we can optimize your user experience and provide you
with more recent tools.
To protect BunkerEx and our customers:
– so that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is
To analyze, aggregate and report:
– anonymous research about general engagement within our website.
For “Legitimate interests”:
– where we refer to using your information on the basis of our “legitimate interests”, we mean our
legitimate business interests in conducting and managing our business and our relationship with you,
including the legitimate interest we have in personalizing, enhancing, modifying, or otherwise improving
the services and/or communications that we provide to you and improving security and optimization of
our network, sites, and services.
Where we use your information for our legitimate interests, we make sure that we take into account any
potential impact that such use may have on you. Our legitimate interests don’t automatically override
yours and we won’t use your information if we believe your interests should override ours unless we
have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about
our processing please refer to details of “Your Rights” (Clause 3.1) below.
2.3 How we protect your data
BunkerEx endeavours to follow the procedures set out in SOC II for security, availability, processing
integrity, condentiality, and privacy of our system. We actively work with security consultants to ensure
we are compliant with these standards. For further details on these, please contact team@bunker
We take commercially reasonable technical and organizational measures against unauthorized or
unlawful processing of personal data and against accidental loss or destruction of or damage to
personal data. However, the transmission of information via the internet is not completely secure. That
means we cannot guarantee the security of your data. Any transmission of data to our website and
service is completely at your own risk. If you believe somebody has unauthorized access to your account
please notify us immediately.
For details of our security practices, please contact us at (mail to:team@bunker
2.4 Where your data is stored
Personal Data is stored at our hosting provider Microsoft Azure at servers based within the European
Economic Area (“EEA”).
Please also note that the data that we collect from you may be transferred to a destination outside the
European Economic Area (“EEA”). It may also be processed by persons operating outside the EEA who
work for us, for one of our suppliers. Such persons maybe engaged in, amongst other things, the
provision of certain services which support our website and allow us to provide the services to you. It
may also be processed by persons operating outside the EEA who work for our customers as a part of the
service we provide to them.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is
added to it by ensuring at least one of the following transfer solutions are implemented: – We will
only transfer your personal data to countries that have been deemed to provide an adequate level of
protection for personal data by the European Commission. For further details, see European
Commission: Adequacy of the protection of personal data in non-EU countries
– Where we use certain service providers, we may use specific contracts approved by the European
Commission gives personal data the same protection it has in Europe. For further details, see
European Commission: Model contracts for the transfer of personal data to third countries
– Where we use providers based in the US, we may transfer data to them if they are part of the Privacy
Shield which requires them to provide similar protection to personal data shared between Europe
and the US. For further details, see European Commission: EU-US Privacy Shield
2.5 When we might disclose your personal data
your personal information when relevant with third parties such as:
Our service providers:
Providers involved in the delivery and support of the service, who are acting as processors, including for
the storage of data provided that such service providers comply with all applicable laws and regulations
and our instructions in relation to the processing of personal data. We respect your privacy and only pass
on this information to enable the provision of the service.
Other third parties (including professional advisers):
Disclosure of your personal data to third parties may also occur if we are required to disclose your
(https://www.bunker-ex.com/terms/), or to protect the property, rights, or safety of BunkerEx, users of
our services or others. This includes using third party organizations in order to prevent fraud or reduce
Prospective sellers and buyers of our business:
We may also share personal data with third parties in connection with, or during negotiations of, any
merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our
business by or into another company.
We may obtain information about your general internet usage by using a cookie le which is stored on the
hard drive of your computer. Cookies contain information that is transferred to your computer’s hard
2.7 Data retention
We will retain your information for as long as is necessary to provide you with the services that you have
requested from us or for as long as we reasonably require to retain the information for our lawful
business purposes, such as for the purposes of exercising our legal rights or where we are permitted to
do. We operate a data retention policy and look to nd ways to reduce the amount of information we
hold about you and the length of time that we need to keep it. For example, we maintain a suppression
list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply
with their wishes we must store this information permanently.
3.0 Your Rights and How to Exercise Them
3.1 Your rights
It’s your personal data and you have certain rights relating to it. When it comes to marketing
communications, you can ask us not to send you these at any time: just follow the unsubscribe
instructions contained in the marketing communication, or send your request to email@example.com
You also have rights to:
– know what personal data we hold about you, and to make sure it’s correct and up to date; – request
a copy of your personal data, or ask us to restrict processing your personal data or delete it; – object
to our continued processing of your personal data.
You can exercise these rights at any time by sending an email to
If you’re not happy with how we are processing your personal data, please let us know by sending an
email to firstname.lastname@example.org (mail to:email@example.com). We will review and investigate your
complaint, and try to get back to you within a reasonable time frame. You can also complain to your
local data protection authority. They will be able to advise you on how to submit a complaint.
3.2 How to exercise your rights
To exercise these rights, or any other rights you may have under applicable laws, please contact us at
We may need to request specific information from you to help us confirm your identity and ensure your
right to access your personal data (or to exercise any of your other rights). This is a security measure to
ensure that personal data is not disclosed to any person who has no right to receive it. We may also
contact you to ask you for further information in relation to your request to speed up our response.
Our customer is the data controller of any personal data processed by our services. As our customer’s
data processor, we will only process your personal data as instructed by our customer. You will need to
contact our customer directly if you wish to exercise your rights in relation to the data processed by our
service. If you do contact us directly in relation to your rights we will notify our customer as soon as
reasonably practicable and, taking into account the nature of the processing, we will assist the controller
by appropriate technical and organizational measures, to enable the fulfillment of its obligation to you
in respect of your rights.
You will not have to pay a fee to obtain a copy of the personal data that we hold for you (or to exercise
any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded,
repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We will try to respond to all legitimate requests within one month. Occasionally it may take us longer
than a month if your request is particularly complex or you have made a number of requests. In this
case, we will notify you and keep you updated.
4.0 Changes to Our Policy
BunkerEx reserves the right to modify this policy at any time though we will try to give notice when doing
from the time the policy is published on our website.
5.0 Contact Us
Contact (/) | Careers (/) | Terms