Website Activities
Forto provides a publicly accessible website to provide information about itself, its products, services and activities.
Navigating Forto’s Website
Purpose(s):
- Providing the website
- Ensuring the website is delivered to visitors as expected, including ensuring a smooth navigation experience
- Security monitoring against cyberattacks
Retention period: 3 months since collection
Description
If a visitor wishes to navigate any website, the server hosting the website requires to collect a certain set of information from the visitor, so that the website and visitors servers can communicate, and the visitor may enter and navigate the website, including performing the actions allowed in the website. Each action performed is logged in a single file, hence the name “log file”. A log file stores the personal information relating to the visitor and the activity performed in the website – the list of categories of personal information is displayed above.
Forto processes log files in order to provide a functional website to its visitors, a smooth and secure navigation experience. The processing of log files, in fact, ensures that the website is not only available to its visitors, but is also delivered to the standards expected by Forto. This means retaining log files also for debugging, forensics investigations, and for monitoring against possible third-party cyberattacks, such as DDoS.
The identified period for keeping log files is 3 months since its collection. This means that 3 months after the log file has been generated, it is deleted. Deletion is achieved by anonymising the personal information in the log file.
Content Delivery Network (CDN)
Categories of personal data processed:
- IP address of the requesting server (of the visitor)
Purpose(s): ensuring the website is delivered to visitors as expected, including ensuring a smooth navigation experience
Description:
Content delivery networks (CDN) are a technology currently implemented by most common and successful websites for delivering website content such as texts, fonts, videos and more, with high quality and speed. The end result is that the content of the website is delivered to the visitor instantaneously, improving the website navigation experience.
In very simplified terms, a CDN is made up of a network of servers located in different locations on the planet. Website publishers which employ a CDN have their website content stored in each of these servers. When visitors from each location of the planet call to visit the website, each visitor will be receiving the content of the same website from a different server of the CDN, strictly depending on which of these servers is located closest to the visitor. This makes for faster loading times and ensures the same quality standards of the content, no matter where the visitor is located. For more information on how a CDN works, please visit our partner’s own explanation of how a CDN technically works.
Consent Banner
Categories of personal data processed:
- Visitor ID (randomised alphanumeric sequence)
- Consent state (consent/deny)
- Timestamp (date, time, time-zone)
Purpose(s): allowing visitors to toggle tracking preferences, as required under applicable data protection law
Retention period: 1 year since collection
Description
Visiting Forto’s website for the first time, any visitor would notice a banner popping up at the bottom of the page. In it, the website is asking the visitor to provide the tracking preferences: which tracking activities to allow and which to deny. The tracking preference is collected in a cookie, which visitors can see in the banner itself, listed under “necessary cookies”. After a preference has been provided, the banner vanishes, but the settings may be changed at any time by clicking “Change your consent” under this URL. The banner may also appear, after the first ever visit to Forto’s website, if one of the following circumstances apply:
- Forto has changed its tracking settings or tools, and therefore asks for the tracking preference once more; or
- The website visitor has deleted all cookies since the last visit session.
The tracking preference collected from the visitor is available at this URL. This processing activity is carried out in order to ensure that Forto provides sufficient information to the website visitors on the occurring tracking processes, as well as to provide website visitors with a meaningful and impactful way to control the processing of their personal data. The tracking preferences are stored for one year to ensure an unspoiled navigating experience: It is hard to imagine the average website visitor wanting to toggle tracking settings each visit. After said year, the tracking preference is deleted.
Website Tracking
Information on the deployed tracking tools, including recipients of the collected information and expiration periods, can be found on the consent banner.
Categories of personal information processed, purposes, retention periods applicable and legal bases depend on the individual tracking activity, as detailed in the consent banner.
Description
Forto’s website uses tracking tools to allow for certain functionalities to be carried out, such as connecting to requested information or content stored in servers outside of the website, collection of analytics data and security monitoring for preventing cyberattacks, such as DDoS or traffic overload.
The most used tracking tools are cookies, which are small text files downloaded to and stored within your browser from the moment you visit a website: depending on the cookies’ settings, they may remain stored in the browser for a given amount of time, for example the duration of your browsing session or other specific time period.
Tracking pixels may also be deployed. These are 1×1 pixels — so practically invisible to the naked eye — embedded on the web page, which collect information on the visitor’s use of the website to the same extent a cookie would.
All processing activities carried out in the website, described in the subsequent subsections, require some form of information collection and storage in the tracking tools, in order to be successfully carried out. An example of this necessary processing is the displaying of forms in the website, which can be used for providing information to Forto upon the visitor’s wishes: without the activation of those cookies, the forms would not be displayable.
Some of the tracking activities are based on the visitor’s explicit consent. It can be provided and revoked, at any time, from the consent banner.
Visits Conversion
Categories of personal data processed:
- Session ID
- Timestamp (date, time, time-zone)
- Source URL
- Actions performed
Purpose(s): tracking of the number of visitors of Forto’s website, their origin, and whether they perform specific actions on said website.
Retention period: depends from the tracker – for more information, please access the consent banner.
Description
Conversion tracking is a very common and important process for any website publisher, as it essentially determines whether the website is receiving hits – it is being visited –, and whether the website leads visitors to perform certain actions, as well. These “selected” actions will differ from website publisher to website publisher, depending on what the objective of the website is. Forto’s ultimate goal is to inform visitors about our products and services, leading to new customers – hopefully. Therefore, the Forto website will track the origin of its website visitors, hence the tracking of the source URL, and the actions performed by the visitor.
Forto’s website uses 3rd party cookies and pixels to carry out this form of tracking. The latter are code snippets loaded in the website which collect data about the visit session but, unlike a cookie, store it directly in the pixel’s server of origin – usually a third-party server – instead of the user’s browser.
All methods of tracking visits conversion are deployed only after the visitor’s prior explicit consent, which can be provided (and later revoked) from the consent banner. Not providing consent to the deployment of these tracking tools does not impact the visitor’s navigation experience in Forto’s website, but it does help Forto improve its website, as well as assessing its marketing efforts online.
Therefore, Your consent would be greatly appreciated!
Please keep in mind that at no point your name or any other directly identifiable information is collected by these trackers, therefore neither Forto or any other third-party service provider is able to identify you by name, by carrying out these activities.
Social Media
Purpose(s): provide visibility to Forto’s company profile and content across multiple platforms.
For information on categories of personal data processed and retention periods, please refer to the description below.
Description
Forto does not make use of social media plugins in its website. Rather, the website contains links to Forto’s company profile pages found in social media platforms. When a visitor clicks on a social media widget of choice, the visitor will be redirected to Forto’s company profile page on the selected social media platform. Performing this action produces data which is collected by the social media platform operator and later shared with Forto. If the visitor has a profile in the selected social media platform and is still logged on in it, then the activity will be associated with said profile.
Forto does not decide which data is generated and collected by the third party operators. However, details about the collection and retention of personal data generated by this activity, as well as the type, scope and purpose of the processing by the respective social media platform operator can be found in the following privacy notices:
Playing Videos on the Website
Categories of personal data processed:
- IP address
- Browser information
- Unique identifier, for associating to the user’s usage history
- Activity log, such as actions performed on the video player
- Activity timestamps
Purpose: playing the recordings as requested by visitors.
Description
Forto produces videos informing its audience about its company, products, services, and the logistics market. These recordings are uploaded onto Forto’s Vimeo account and are made available for access in Forto’s website. The videos are embedded directly from Forto’s Vimeo account: thus, if one of these recordings is played, the personal data of the visitor listed above is going to be collected and further processed by Vimeo.
Signing up to the Newsletter
Categories of personal data processed:
- Full name
- Email address
- Job title
- Company
- Country
- Agreement for receiving the newsletter
- Agreement for processing personal data
- Activity timestamp (time, date, time-zone)
Purpose: sending the newsletter to all who have agreed to receiving it.
Retention period: until revocation of consent.
Description
Every two weeks Forto creates newsletter posts and emails them to each individual who has signed up to the newsletter recipient list. The newsletter list sign-up can be made at this URL. While the recipient email address is used to send the newsletters, the rest of the collected information is of Forto’s interest mainly (hoping) for initiating a business relationship with the recipient’s company. The data collected is saved in a recipient list repository, hosted by a third party service provider – Hubspot –, which then automatically sends out newsletters to all registered recipients the moment they are ready to be shipped out.
Visitors may also choose to sign up to Forto’s “Coffee & Logistics” video journal. Visitors may choose to receive new content directly by email, by subscribing to the “Coffee & Logistics” recipient list in the same way as for the newsletters.
Forto’s marketing communications are sent to the recipient only on the basis of the latter’s prior explicit consent. The recipient is able to unsubscribe from the newsletter and/or Coffee & Logistics list at any time: the link for doing so is found at the bottom of each marketing email received.
Contact Requests and Account Creation
Categories of personal data processed:
- First and last name
- Email address
- Phone number
- Company
- Country
- Agreement for receiving communications from Forto
- Agreement for processing personal data
- Activity timestamp (time, date, time-zone)
Purpose(s): establishing inbound contact with a potential customer. Enabling customers to create accounts in Forto’s customer platform.
Retention period(s):
- Personal data processed for fulfilling business and legal obligations is retained for a minimum period between 5-10 years, depending on the obligatory retention period applicable to each category of personal data processed;
- The personal data processed on the basis of consent is processed until valid revocation.
The remaining personal data processed on the basis of this activity, for which the previously mentioned retention periods do not apply, is retained for a minimum period of time compatible with the minimum statutory limitations, as it may be used as proof for establishing, exercising or defending legal claims.
Description
For creating an account in Forto’s customer platform (ship.forto.com), the company of the interested visitor must first become a Forto customer. The first step towards becoming a customer is to provide the contact information in this form and agree to the processing of personal data for further contact.
The collection and processing of the personal data provided in the form is dependent on whether the visitor has provided explicit consent to the processing activity. Without such consent, Forto would not be able to contact the interested visitor further, nor to create the desired account, later on.
After Forto has received said information, a member of Forto’s sales team will reach out. Once the general terms and conditions are accepted, then an account will be activated. The customer account will be associated with the company purchasing Forto services. Each customer account may have one or more user accounts, each one associated with an individual operator of the customer. The description of the processing connected to the user account creation is found in the Product Privacy Notice.
Help Subdomain (help.forto.com)
Categories of personal data processed: see “Navigating Forto’s website” section.
Purpose(s): provide visitors looking for information on generic topics about Forto’s products and services with suitable answers.
Description
Forto’s “Help Center” page is designed to provide information on Forto’s products and services, as well as on logistics terminology, for users of Forto services. Though Forto is ready to receive support questions from users and welcomes the opportunity to support, the simplicity and speed of publishing answers to commonly asked questions is recognised. Hence, Forto has published this page for this reason: to save its platform users valuable time.
The Help Center page is published and maintained using a third party service. This allows Forto to plug-and-play the user interface offered by the third party service, designed with support pages in mind, while only worrying about updating and upgrading the Help Center’s content, when required. All the personal data commonly collected for connecting to the web page (please scroll up to the “Navigating Forto’s website” section for more information) is sent to this third party service provider, so that the Help Center pages may be displayed.
Support Subdomain (explore.forto.com/support_en)
Categories of personal data processed:
- Full name
- Company name
- Contact information
- Support type
- Support topic description
- Attachments (if uploaded by the requestor)
- Agreement to receiving marketing communications (not necessary)
- Agreement to processing of personal data to fulfil the support request (necessary)
- Activity timestamp (time, date, time-zone).
Purpose(s): provide visitors with a contact form for requesting support from Forto.
Retention period: until the purpose of processing is fulfilled.
Description
If the visitor still prefers to contact Forto directly requesting support, the form found in this page can be filled out and sent directly to Forto, specifying the data of the support requestor, along with details of the topic for which support is needed.
The processing activity is carried out only on the basis of prior explicit consent. Not providing the consent would not enable Forto to reach back out to the requestor with the requested support. Regardless, consent can be revoked at any time by informing Forto of this choice through its numerous published communication channels.
Landing Pages (explore.forto.com)
Categories of personal data processed:
- Full name
- Company name
- Contact information
- Support type
- Support topic description
- Attachments (if uploaded by the requestor)
- Agreement to receiving marketing communications (not necessary)
- Agreement to processing of personal data to fulfil the support request (necessary)
- Activity timestamp (time, date, time-zone).
Purpose(s):
- Provide visitors with the webpage requested.
- Provide visitors with a contact form for requesting specific actions from Forto.
Retention period: until the purpose of processing is fulfilled.
Description
All explore.forto.com subdomain pages are landing pages created with the intent of acquiring the visitor’s contact information for a variety of possible reasons, for instance providing support to whomever makes the request – as is the case of the previous subsection. Most commonly, though, landing pages are created for marketing leads generation. This is not different in Forto’s website: whenever a visitor sees the explore.forto.com subdomain in the URL bar (except for the support subpage) it means that the visitor is currently navigating a landing page.
All landing pages are created and published thanks to the service provided by a third party. This third party receives all connection information necessary for displaying the landing page correctly. As for previous processing activities, though, the personal data gathered in the form is collected and further processed only on the basis of prior explicit consent. Without this consent, Forto would not be legally able to contact the visitor further or perform the desired action, as requested.
Careers@Forto – Job Openings Portal (careers.forto.com)
Categories of personal data processed:
- Full name
- Email address
- Phone number
- CV – Resumé
- Presentation letter (not necessary)
- LinkedIn profile (not necessary)
- Website URL (not necessary)
- Demographics information (not necessary)
- Permission confirmation to process personal data for the purpose of initiating the job interview process
- Information about the candidate profile and conducted interviews.
Purpose(s): initiate the job application process and evaluate the candidate.
Retention period: 180 days since collection. May be extended further upon consent.
Description
Visitors of the Forto website who would like to apply for a job at Forto may do so by providing the requested information in the form for the corresponding job opening. The information necessary for initiating the application process is marked by a *. Without providing this information Forto may not initiate the application process.
All the information provided in the context of this processing is stored in Forto’s application tracking system (ATS), itself provided as a service by a third party. All conducted interviews and their outcome are logged in the ATS for reference.
If an application does not result in a successful hiring, that does not mean that Forto does not consider the applicant profile interesting! Forto may ask, in fact, to extend the storage period of the applicant profile for longer than the usual 180 days, in the hope to match said profile with a suitable position. This is done only on the basis of explicit consent of the applicant. Without the provided consent, the applicant profile will be deleted automatically.
Additionally, consent to the processing of the personal data provided in addition to the necessary one for the application process, as well as to the prolonged storage of the applicant profile beyond the normal retention period, may be revoked at any time by the applicant, using the appropriate channels of communication.
Legal Bases of Processing
The activities described in this section have been carried out mainly on the basis of Forto’s legitimate interest — based on Art. 6 (1) lit. f GDPR — where applicable. Depending on the individual activity, the following legitimate interests may be applicable:
- provision of information to the public about itself, its services and its activities, by means of a functioning website;
- maintain its website’s safety and security for itself and its visitors;
- improvement its services and products to fit customer needs better;
- provide information about its products and services to previous customers;
- approach potential customers — intended exclusively as commercially active legal entities;
- provision of communication channels with which interested parties may contact Forto;
- where processing is necessary towards the establishment, exercise or defence of legal claims.
As a data subject, you have the right to object to the processing of personal information that involves you, personally: please scroll down to the ‘Right to Object’ sub-section to learn under which circumstance and how you may express your objection.
Where the above-mentioned legal basis is applicable, Forto ensures that your consent for processing personal information relating to you is requested and obtained prior to commencement of said activity. You may revoke your consent at any time, without justification: please scroll down to the ‘Right to Withdraw Consent’ sub-section for more information.
Consent is applied as a legal basis for example, in the context of your application for a job opening posted on our website’s portal, the deployment of tracking when these are not strictly necessary and your sign-up to our newsletter mailing list.
3rd-Party Service Providers
Forto uses a number of services from third party providers to carry out its processing activities. The table below illustrates all the ones engaged by Forto for carrying out the processing activities described in this privacy notice.