At Surgewave, we prioritize the privacy and security of your personal data in accordance with global data protection regulations including GDPR, CCPA, and Global's NDPR. This policy explains how we handle information related to your shipments, payments, and account management.

As an international logistics provider, we process personal data across borders while maintaining strict confidentiality standards. By using our services, you consent to the practices described in this policy.

Personal Information

• Contact Details: Name, email, phone, address of shippers and recipients
• Business Information: Company name, tax ID, import/export licenses
• Identification: Government-issued ID for customs clearance when required

Shipping Data

• Shipment Details: Contents, value, weight, dimensions, HS codes
• Tracking Data: Location history, delivery confirmation signatures
• Customs Documentation: Commercial invoices, certificates of origin

Financial Information

• Payment Details: Card tokens (processed through PCI-compliant gateways)
• Transaction Records: Payment history, refund requests

We retain shipment data for 7 years to comply with customs regulations and financial reporting requirements. Account data is retained for 3 years after last activity unless legally required otherwise.

• Contractual Necessity: Processing required to fulfill shipping contracts
• Legal Obligation: Compliance with customs, tax, and transport laws
• Legitimate Interest: Fraud prevention and service improvement
• Consent: For marketing communications and non-essential cookies

We share minimum necessary data with:

We never sell customer data. Third-party access is governed by strict data processing agreements.

As an international logistics provider, your data may be transferred to and processed in:

• Origin and destination countries for customs clearance
• Transit countries where shipment tracking occurs
• Our regional offices in Lagos, London, and Dubai

All transfers utilize Standard Contractual Clauses or other approved mechanisms under GDPR. Sensitive data is encrypted in transit.

We maintain ISO 27001 certification and undergo regular SOC 2 Type II audits. Despite our measures, no internet transmission is 100% secure.

To exercise these rights, contact our Data Protection Officer at dpo@hotmail.com. We respond within 30 days and may request verification.

We use cookies to enhance your experience on our platform:

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: Help us understand user behavior to improve services
• Marketing Cookies: Used for personalized ads, with your consent

You can manage cookie preferences through our cookie banner or browser settings. Essential cookies cannot be disabled.

We may update this policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via email or website notifications at least 30 days before they take effect.

Continued use of our services after changes constitutes acceptance of the updated policy.

For privacy concerns or data requests: