Privacy policy

Cargofiv S.A. registered under 514950749, at Parque Tecnológico de Óbidos, Rua da Criatividade, 2510-216 Óbidos, Portugal (“Cargofive”, “we”, “us”, or “our”) is the supplier of a specialized, AI-driven, cloud-based service for freight forwarders to automate, manage, and optimize ocean, air, and multimodal freight rates through its platform (“Platform”). Our Privacy Policy addresses information we collect at our web sites and in offline sales and marketing activities, i.e., the information we collect with regards to our own (potential) clients, suppliers, and/or organizational/business partners. 

We take the protection of your personal data and the legal obligations serving this protection very seriously. The legal requirements demand comprehensive transparency regarding the processing of personal data. Only if you, as a data subject, fully understand our data processing, you are sufficiently informed about the meaning, purpose and scope of the processing. Our data protection declaration therefore explains in detail which personal data is processed by us when using our website, Platform, and all other websites referring to it. 

Using our website, Platform, and/or any other websites referring to it, our clients instruct Cargofive to process personal data on their behalf in connection with the use of the Platform. Such permission allows us access to our clients’ data to perform support, hosting, or other related services related to the applications. 

Please note that links on our website may take you to other Internet pages which are not operated by us but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and safe handling of your personal data on these websites operated by third parties.

  1. General Use of Personal Information 

When individuals visit our website, interact with our marketing activities, or communicate with us directly, Cargofive acts as the controller of the personal data processed. 

When personal data is processed within the Platform on behalf of our customers, Cargofive acts as a data processor and processes such data solely in accordance with the instructions of the respective customer, who acts as the controller.

We process personal data only to the extent permitted by law. Personal data will only be passed on in the cases described below. Personal data will be deleted or protected by technical and organizational measures (e.g. pseudonymization, encryption) as soon as the purpose of processing ceases to apply. This also takes place if a prescribed storage period expires, unless there is a necessity for further storage of the personal data for the conclusion or fulfilment of a contract. Unless we are legally obliged to store or pass on your personal data to third parties (in particular law enforcement authorities), the decision as to which personal data we collect, how long it is stored and to what extent you may have to disclose it depends on which functions of the website you use in individual cases.

It is the clients responsibility to ensure that the data they collect can be legally collected in the country of origin. The client is responsible for giving its employees and end-users the appropriate level of notification that Personal Information is being collected and maintained.

Cargofive may access, collect and/or use client services data under the following conditions:

  • To comply with our legal and regulatory obligations;
  • For the performance of our contract with you or to take steps at your request before entering into a contract;
  • For our legitimate interests or those of a third party; or
  • Where you have given consent.

Cargofive S.A. is part of the cargo.one group of companies. Personal data may be shared within the Cargo One GmbH group where necessary for operational, administrative, security, or technical purposes. Such processing is carried out based on our legitimate interests in operating and maintaining the services within our corporate group.

  1. Data Processing 

The use of the website and its functions regularly requires the processing of certain personal data.

  1. Informational use of our website

When you access our website and use it purely for information purposes, i.e. without using additional functions such as contact forms or social media plug-ins, we may still automatically collect personal data. This data may include: IP address of your terminal device and the date and time when the website was accessed. This information is transmitted by your browser unless you have configured it to suppress the transmission of the information.

The processing of these personal data takes place for the purposes of the functionality and optimization of the website, as well as to guarantee the security of our information-technical systems. This use constitutes our legitimate interest, making it a permissible use under Article 6(1)(f) GDPR.

The personal data is stored for a period of 30 days, unless a longer retention period is required under applicable law. We do not combine this personal data with other data sources. Data is only passed on to third parties if this is necessary for the operation of our website. For this purpose, the personal data is sometimes transferred to certain services, as listed below, and to the providers (air freight companies). Other personal data processed for sales, marketing, and business relationship management purposes is retained for as long as necessary to fulfill the purposes described in this Privacy Policy, including maintaining business relationships, complying with legal obligations, and resolving disputes. Data may be retained for the duration of the business relationship and for a reasonable period thereafter where required for legal, contractual, or compliance purposes.

  1. Service Providers 

We use third-party service providers that process personal data on our behalf in order to operate our website, support the Platform, communicate with users and customers, analyze usage, manage sales and marketing activities, send emails, and provide related business and technical services.

Depending on the context in which you interact with us, these providers may support us with the following activities:

  • website analytics and user behaviour insights;
  • customer communication and support;
  • CRM and sales pipeline management;
  • marketing automation and outreach;
  • transactional and marketing email delivery;
  • cloud hosting and infrastructure;
  • product and usage analytics;
  • workflow automation and document processing;
  • technical and API-related services;
  • business intelligence and reporting;
  • currency and pricing-related services.

Service providers used by Cargofive may include Hotjar, Intercom, HubSpot, Google Analytics, Pipedrive, Google Ads, Knock2, Lemlist, Mailchimp, Maildoso, Mixpanel, Metabase, n8n, PDF.co, Postman, SendGrid, Amazon Web Services (AWS), and Currencylayer.

Where these providers process personal data on our behalf, they do so subject to appropriate contractual, confidentiality, and data protection obligations.

  1. Data Collection

We collect most of the personal information listed directly from you via our website and webforms linked from the website, license agreement(s) we enter into with you directly, and other agreements for products and services, such as training.  Cargofive does not monitor and is not responsible for any personal information collected and/or processed either directly, or indirectly by any third-party websites linked on the Cargofive website. We may also collect information:

  • From publicly accessible sources; 
  • Directly from a third-party;
  • From cookies and other means on our website as provided above; and 
  • Via our IT systems, including automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems.
  1. Data Sharing

We may routinely share personal information with:

  • Service providers we use to help deliver our products and/or services to you, who have a “need to know” in order to perform such services and who are bound by confidentiality agreement(s) with Cargofive;
  • Third parties approved by you, include those designated herein and/or in any license agreement(s) concluded with us, as well as third-party payment providers;
  • Other third parties we use to help us run our business as outlined herein; or
  • Certification bodies and/or auditors.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations, as well as to the extent provided in any separate agreement(s) between you and Cargofive. 

We may also need to share some personal information with other parties with a bona fide need to know in order to accomplish a business transaction that does not exploit or sell the consumer’s information, such as potential buyers or successors in connection with a merger, acquisition, restructuring or sale of assets involving Cargofive. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by enforceable confidentiality obligations preserving the privacy of such information as provided herein.

  1. International Data Transfers

Some of our service providers may be located outside the European Economic Area. Where personal data is transferred internationally, such transfers are protected through appropriate safeguards including Standard Contractual Clauses approved by the European Commission.

  1. Your Rights under GDPR

Under the GDPR, you have the:

  • Right to access: the right to be provided with a copy of your personal information;
  • Right of rectification: the right to require us to correct any mistakes in your personal information;
  • Right to be forgotten: the right to require us to delete your personal information in certain situations;
  • Right to restriction of processing: the right to require us to restrict processing of your personal information in certain circumstances;
  • Right to data portability: the right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third-party in certain situations;
  • Right to object: the right to object, (a)  at any time to your personal information being processed for direct marketing, or (b)  in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests; and
  • Right not to be subject to automated individual decision-making: the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you. For the avoidance of doubt, automated decisions, including profiling, are not made on an individual case basis.

If you would like to exercise any of your rights described in this Privacy Policy, please contact our privacy & legal team at legal@cargo.one or privacy@cargo.one. When contacting us, please provide us with (i) enough information to identify you, and (ii) a description of what right you want to exercise and the information to which your request relates. 

We are not obligated to act on your request if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.  For your own security, we will investigate your identity before providing any information.

We believe our privacy & legal team can resolve any query or concern you raise about our use of your information. The GDPR also gives you the right to lodge a complaint with a supervisory authority in the EU (or EEA) state where you work, normally live, or where any alleged infringement of data protection laws occurred. 

  1. Changes to this Privacy Policy

This Privacy Policy was published on 05 March 2026.

We may change this Privacy Policy from time to time. When we do, we will inform you via our website or other means of contact.

If you have any questions about this Privacy Policy or the information we hold about you, please contact our privacy & legal team at legal@cargo.one or privacy@cargo.one