Updated: March 30, 2026
A Note to Our Users
At Kaleris, we believe privacy is a fundamental right, not a compliance checkbox. This Policy is written in plain language so you can understand exactly what data we collect, why we collect it, how we protect it, and what choices you have. If you have any questions, our Data Protection Office is always available at dpo@kaleris.com.
1. Who We Are
Kaleris (“Kaleris,” “we,” “us,” or “our”) is a supply chain and logistics technology company headquartered at 3460 Preston Ridge Rd., Suite 600, Alpharetta, GA 30005. We provide cloud-based and on-premise software solutions to transportation, terminal, and logistics operators worldwide.
For purposes of this Policy, “Kaleris” refers to Navis LP d/b/a Kaleris and its covered U.S. entities and subsidiaries: ShipXpress LLC (U.S.A.), RailcarRx Inc (U.S.A.), and PINC Solutions (SCES Topco LLC, U.S.A.).
This Policy applies to personal data processed by Kaleris in connection with:
Term | Meaning |
Personal Data / PII | Any information relating to an identified or identifiable natural person, as defined under applicable data protection laws. |
Usage Data | Information collected automatically when you access or use the Services, such as IP address, browser type, OS, device identifiers, pages viewed, and access times. |
Cookies | Small text files placed on your device by a website or application to enable functionality, enhance experience, analyze usage, and support security. |
Data Controller | The entity that determines the purposes and means of processing Personal Data. |
Data Processor / Service Provider | An entity that processes Personal Data on behalf of a Data Controller pursuant to documented instructions. |
Data Subject / User | An identified or identifiable natural person whose Personal Data is processed in connection with the Services. |
Services | The Kaleris public website (kaleris.com), any other Kaleris-operated websites, and all related applications, platforms, products, and services. |
4. When Kaleris Acts as a Data Processor
When providing products and services to our Customers, Kaleris most commonly acts as a data processor, meaning we process Personal Data on behalf of our Customers, who serve as data controllers, in accordance with applicable agreements, documented Customer instructions, and relevant data protection laws.
As a data processor, Kaleris:
Customer Responsibility: Customers, acting as data controllers, are responsible for determining the categories of Personal Data processed through the Services, establishing a lawful basis for processing, setting retention periods, and ensuring their use of the Services complies with applicable data protection laws.
In limited circumstances, Kaleris independently determines the purposes and means of processing and acts as a data controller. This occurs primarily when:
When acting as a data controller, Kaleris processes Personal Data in accordance with the principles and practices described in Part III of this Policy.
6. Categories of Personal Data Collected
When Kaleris acts as a data controller, we may collect the following categories of Personal Data:
Directly from you:
Automatically through your use of our Services:
Providing certain personal information is voluntary; however, where specific information is required to respond to an inquiry or provide a requested Service, we will notify you at the time of collection.
Kaleris uses Personal Data for the following purposes:
For individuals located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, Kaleris processes Personal Data based on one or more of the following legal bases under the GDPR, UK GDPR, and Swiss nFADP:
Legal Basis | When We Rely on It |
Contract | Processing is necessary to perform a contract with you or to take steps at your request prior to entering a contract |
Legal Obligation | Processing is necessary to comply with a legal or regulatory requirement |
Legitimate Interests | Processing is necessary for our legitimate business interests (such as fraud prevention, network security, and service improvement), where those interests are not overridden by your rights and freedoms |
Consent | Where required by law, we will ask for your consent before processing; you may withdraw consent at any time |
Where Kaleris sends marketing communications, we rely on either your consent or our legitimate interests as the legal basis, depending on applicable law and the nature of the communication.
Kaleris uses cookies and similar tracking technologies, including web beacons, tags, and scripts, to operate, secure, analyze, and improve the Services.
Cookie Type | Purpose |
Session Cookies | Maintain your session and enable core Service functionality |
Preference Cookies | Remember your settings and personalization choices |
Security Cookies | Support authentication, fraud prevention, and account protection |
Analytics Cookies | Collect aggregated usage data to help us understand how the Services are used and where improvements can be made |
You may configure your browser to refuse all cookies or to alert you when a cookie is being sent. Please note that disabling cookies may limit your ability to use certain features of our Services. For information about opting out of specific analytics and advertising cookies, see Section 14.
Kaleris retains Personal Data only for as long as necessary to fulfill the purposes described in this Policy, or as required or permitted by applicable law. Retention periods are determined based on the nature of the data, our contractual obligations, legal requirements, and legitimate business needs. When Personal Data is no longer required, it is securely deleted or anonymized.
Usage Data is generally retained for a shorter period, unless it is required for security, fraud prevention, or legal compliance purposes.
Marketing Communications: You may opt out of receiving marketing or promotional communications from Kaleris at any time by clicking the “unsubscribe” link in any email or by contacting us at dpo@kaleris.com. Opting out does not affect our ability to send you transactional or service-related communications.
New Uses of Personal Data: If we intend to use your Personal Data for a materially new purpose that differs from the purpose for which it was originally collected, or to disclose it to a non-agent third party in a manner not described in this Policy, we will provide you with notice and a meaningful opportunity to opt out before doing so.
Sensitive Personal Information: Certain categories of data, such as information relating to health or medical conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation, constitute Sensitive Personal Information. Kaleris will not use or disclose Sensitive Personal Information for any purpose other than the purpose for which it was originally collected or subsequently authorized, unless we have received your affirmative, explicit consent (opt-in).
To request that we limit the use or disclosure of your Personal Data or Sensitive Personal Information, contact us at dpo@kaleris.com.
For more information about your choices under the Data Privacy Framework, visit:
Kaleris may disclose Personal Data to the following categories of third parties for the purposes described:
Third-Party Category | Examples | Purpose |
IT Infrastructure and Cloud Providers | Microsoft Azure, Amazon Web Services | Hosting, storage, and operational support of the Services |
Analytics Providers | Google Analytics | Monitoring and improving Service performance and usage patterns |
Advertising and Remarketing Partners | Google AdWords | Delivering relevant advertising based on prior interactions with our Services |
Legal and Professional Advisors | Outside counsel, auditors | Legal compliance, risk management, and claims handling |
Regulatory and Government Authorities | Courts, law enforcement, regulators | Compliance with legal obligations and response to lawful requests |
Business Partners and Affiliates | Subsidiaries, integration partners | Delivering contracted Services and supporting joint operations |
Kaleris does not sell your Personal Data to third parties for their own independent use.
We may also disclose Personal Data where required by law, in response to valid requests from public authorities, or to protect or defend the rights or property of Kaleris, prevent fraud or misuse, or establish, exercise, or defend legal claims.
To request further details about specific third-party disclosures, contact us at dpo@kaleris.com.
Kaleris uses third-party sub-processors to support the delivery of our products and services. We maintain an up-to-date list of our sub-processors, organized by product, on our Trust Center:
We will notify Customers of any intended changes to sub-processors, including additions or replacements, providing an opportunity to object prior to any change taking effect. Kaleris shares only the minimum information necessary with each sub-processor, and all sub-processors are bound by contractual obligations requiring confidentiality, data protection, and appropriate security measures consistent with this Policy and applicable law.
Kaleris maintains contracts with all third-party service providers and sub-processors that restrict their access to, use of, and disclosure of Personal Data; require compliance with the EU-U.S. DPF Principles, including the onward transfer provisions; and obligate them to maintain appropriate security and confidentiality measures.
Kaleris remains responsible and liable under the DPF Principles if a third-party agent processes Personal Data in a manner inconsistent with those Principles, unless Kaleris demonstrates that it is not responsible for the event giving rise to the harm.
Google Analytics: Kaleris uses Google Analytics to track and report website usage. You may opt out by installing the Google Analytics Opt-Out Browser Add-On. For more information, visit Google’s Privacy Policy.
Google AdWords: Kaleris uses Google AdWords remarketing to display relevant advertisements on third-party websites after you visit our Services. You may customize or opt out via Google Ads Settings.
Your Personal Data may be transferred to, stored in, and processed in countries outside of your country of residence, including countries where data protection laws may differ from those in your jurisdiction. Kaleris takes all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.
Kaleris currently operates in or may transfer data to the following countries:
United States | United Kingdom | Germany | Netherlands | Spain | Australia | New Zealand | Hong Kong | India | Mexico
All Personal Data transferred internationally is encrypted in transit. No transfer will take place unless adequate safeguards are in place, consistent with applicable data protection law.
17. Privacy Rights—All Individuals
Regardless of where you are located, you may contact us at dpo@kaleris.com to:
If you are located in the EEA, UK, or Switzerland, you have the following rights:
If you are a California resident, you have the following additional rights:
Residents of other U.S. states with applicable comprehensive privacy laws — including but not limited to Virginia, Colorado, Connecticut, Texas, Montana, Oregon, and Iowa — may have rights similar to those described in this Section, such as the right to access, correct, delete, or opt out of certain processing of their personal data. The specific rights available to you will depend on the law of your state of residence.
To exercise any rights available to you under your state’s applicable privacy law, please contact us at dpo@kaleris.com or at the address in Section 20. We will respond in accordance with the requirements of applicable law.
Contact us at:
Kaleris — Data Protection Office
3460 Preston Ridge Rd., Suite 600 Alpharetta, GA 30005
Email: dpo@kaleris.com
Phone: 480-714-8395
We will verify your identity before fulfilling any request. Requests will be acknowledged within 10 business days and completed within the applicable statutory timeframe, typically 30 days (extendable by an additional 30 days where lawfully permitted) for GDPR/UK GDPR/CCPA requests.
If you submit a request through an authorized agent, we may require written authorization and independent identity verification. If we deny your request, we will explain the reason and describe any applicable appeal or escalation mechanism.
Navis LP d/b/a Kaleris and its covered U.S. entities and subsidiaries — ShipXpress LLC (U.S.A.), RailcarRx Inc (U.S.A.), and PINC Solutions (SCES Topco LLC, U.S.A.) — comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as set forth by the U.S. Department of Commerce.
Kaleris has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
Kaleris has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
In the event of any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
To learn more about the DPF program and to view our certification, please visit https://www.dataprivacyframework.gov/.
Navis LP d/b/a Kaleris is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Step 1 — Contact Kaleris directly: Individuals located in the EEA, UK, or Switzerland with DPF-related questions or complaints should first contact us at dpo@kaleris.com or at the address in Section 20.
Step 2 — Independent Recourse Mechanism (IRM): If you have not received a timely or satisfactory response from Kaleris within 45 days, you may escalate your complaint at no cost to you to our independent recourse mechanism:
ICDR-AAA DPF Independent Recourse Mechanism https://go.adr.org/dpf_irm.html
Step 3 — Binding Arbitration: Under certain conditions, and as a measure of last resort for residual claims not resolved through the steps above, you may have the right to invoke binding arbitration before the DPF Panel. Kaleris is obligated to arbitrate such claims and follow the terms set forth in Annex I of the DPF Principles, provided that you have first: (1) raised the matter directly with Kaleris; (2) used the IRM process; and (3) raised the matter with the relevant data protection authority. For more information, visit https://www.dataprivacyframework.gov/.
This section applies specifically to the operation of Kaleris’s on-premises and cloud-based product platforms (e.g., terminal and yard management systems), where Kaleris collects and processes PII on behalf of Customers as data controller.
Authentication data (mandatory for all users):
Trucking company data (shared by default, configurable):
Data Element |
Driver name, email, date of birth, Card ID, BAT number |
Truck license plate number and expiration date |
Trucking company name, SCAC code, BIC code |
Trucking company email, telephone, address, fax, and website |
By default, Kaleris does not collect PII relating to shipping lines, consignees, or agents without a specific Customer request. Customers may configure their application settings to remove any or all default trucking company data from the data-sharing scope.
PII collected on Kaleris platforms is used solely to:
It is not the intent or purpose of Kaleris’s platforms to independently collect, process, or store PII beyond what is operationally necessary. Trucking company PII is stored but not independently processed by Kaleris. Customers retain full configuration control over the data shared with Kaleris.
Data is transferred from on-premises Customer applications to the Kaleris cloud (hosted in the European Union) on a continuous basis, in batches approximately every 4 minutes.
A current list of sub-processors used in connection with Kaleris product platforms, organized by product, is maintained on our Trust Center:
https://kaleris.com/compliance/
Kaleris shares only the minimum information necessary with sub-processors. Customers will be notified of any intended changes to sub-processors, including additions or replacements, with an opportunity to object prior to any change taking effect.
Kaleris, in its capacity as a data processor on its product platforms, will not directly respond to privacy rights requests submitted by individual PII holders. If you are an individual whose data has been processed through a Customer’s use of a Kaleris platform, you must direct your request to the relevant Customer, who is the data controller responsible for responding. For privacy rights requests where Kaleris acts as a data controller, see Part V.
For processing activities related to Kaleris Yard Management Solutions, Kaleris has appointed Prighter as its designated EU and UK privacy representative and point of contact for data subjects exercising their rights under the GDPR and UK GDPR.
To exercise your data subject rights or to contact us through Prighter, please visit: https://prighter.com/q/13894718090
Our Services are intended exclusively for individuals 18 years of age and older. Kaleris does not knowingly collect, use, or retain personal information from anyone under 18. If you are a parent or legal guardian and believe your child has provided us with personal information, please contact us immediately at dpo@kaleris.com. Upon confirmation, we will promptly delete the information from our systems in accordance with applicable law.
Our Services may contain links to websites operated by third parties not affiliated with Kaleris. We have no control over and assume no responsibility for the content, privacy practices, or data handling of any third-party site or service. We strongly encourage you to review the privacy policy of every website you visit.
Do Not Track (“DNT”) is a browser preference setting designed to signal that you do not wish to be tracked. You may enable or disable DNT through your browser’s settings. At this time, our Services do not alter their data collection practices in response to DNT signals. We will update this Policy if our practices change.
Kaleris implements a layered set of administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:
For more information about our security practices and certifications, please visit our Trust Center at https://kaleris.com/compliance/.
No method of transmission over the Internet or electronic storage is completely secure. While we take our security obligations seriously, we cannot guarantee the absolute security of your Personal Data.
Kaleris is not responsible for security incidents arising from the misuse of administrative credentials granted to Customers, including unauthorized creation of user profiles, credential leakage, or vulnerabilities attributable to Customer-managed devices or systems.
In the event of a personal data breach, Kaleris will notify the relevant supervisory authority within 72 hours of becoming aware of the breach where required by applicable law, and will notify affected individuals without undue delay where the breach is likely to result in high risk to their rights and freedoms.
Kaleris may update this Privacy Policy from time to time to reflect changes in our data practices, Services, or applicable law. When we make material changes, we will:
We encourage you to review this Policy periodically. Your continued use of the Services after any changes are posted constitutes your acknowledgment of the updated Policy.
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Office:
Kaleris — Data Protection Office
3460 Preston Ridge Rd., Suite 600 Alpharetta, GA 30005, USA
Email: dpo@kaleris.com
Phone: 480-714-8395
For EU/UK Yard Management Solutions inquiries via our appointed representative, visit: https://prighter.com/q/13894718090
This Privacy Policy was prepared in accordance with the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the Swiss Federal Act on Data Protection (nFADP), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and the EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Frameworks.
