This document governs the policy applied by Trans.eu Group S.A. with its registered office in Wrocław, ul. Racławicka 2-4, 53-146 Wrocław, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS number: 0000720763, NIP: 8942764658, REGON: 932920615 (hereinafter: the Controller), with regard to the protection of users’ personal data and information that may constitute trade secrets of the users.
This policy applies to the services offered by the Controller through the website https://cargoon.eu/. The above policy does not apply to third-party websites and services that can be accessed via links from the above website. Detailed information on data protection is available from each service provider separately. The Controller recommends that the documents in question are always consulted on the service providers’ websites.
In order to make full use of the Controller’s services and products, the User may create an account or log in to the Platform via a form made available on the website.
In order to make use of the services and products offered by the Controller, it is necessary to register an account via the form provided on the website under Registration/Register New Company/Add Account to Company. When registering, the following details must be provided: VAT number, company name, registered office address, postal code and country. In order to verify the user, the company’s VAT number, telephone number, e-mail address and name are required. In addition, the User can update his/her account profile with other additional data. such as date of birth.
As part of the service of accessing the Platform, we obtain the majority of the User data directly from the Users themselves (e.g. information, photos, documents). Some of the data we can obtain from public sources such as: National Court Register, Central Register and Information on Business Activity or similar sources and from private entities that collect and provide information on businesses. From these sources we have data such as identifying information, contact details, etc.
In addition, the User can enter the following data via the forms provided on the website https://cargoon.eu/: name, surname, e-mail address, telephone number, company name, VAT number.
The provision of data is voluntary, although necessary for the provision of the service and for contacting the Controller. If the necessary information is not provided to the Controller, the Controller will not be able to proceed and carry out the service.
Some data is also collected passively, i.e. through the use of the website (e.g. IP address, resolution, location, browser type).
Users’ personal data will be processed:
- for the purposes necessary for the performance of the service of providing access to the Platform under the agreement concluded with the User and the Controller or for the performance of activities prior to the conclusion of the agreement (section 6(1)(b) of the GDPR),
- if necessary, for purposes resulting from the Controller’s or third party’s legitimate interests (section 6(1)(f) of the GDPR), including but not limited to: providing support to the User, responding to queries/complaints, sending the Controller’s newsletter regarding changes to the software, Trans.eu Platform Terms and Conditions, etc., for the purpose of ensuring IT security of the Controller; for the purpose of customer satisfaction surveys, asserting claims and defending against claims, in direct marketing of the Controller’s products and services and those of the entities of Trans.eu Group, as well as other entities to which the Controller provides services under separate agreements, for the Controller’s internal administrative purposes, such as preparing statistics, analyses, e.g. of the manner of using the website, User preferences,
- on the basis of User’s consent (section 6(1)(a) of the GDPR), given for specific purposes (e.g. to provide the User with information concerning services/newsletters, if the User shows interest, or the transfer of data within Trans.eu Group).
If the User has given such consent, the Controller sends information on the current and future products and services of the Controller and Group entities by e-mail in the form of an information or advertising campaign.
With regard to personal data, revocation of consent is possible at any time, although this does not affect the processing of personal data prior to revocation.
Personal data may be processed by automated means (including profiling). The purpose of profiling is to collect information about the activity within the Platform and the preferences of Users, which allows us to better tailor the proposal and the messages addressed to them, as well as to detect events that may compromise the safety of Users. The legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR).
Personal data recipients
Data may be shared with other recipients in order to perform the agreement with the User, to comply with a legal obligation of the Controller, based on the User’s consent or for purposes arising from the legitimate interests of the controller or a third party.
Recipients may be, in particular: entities of Trans.eu Group, institutions legally authorised to receive User data under relevant legislation (e.g. law enforcement or judicial authorities), as well as entities processing data on behalf of the Controller and their authorised employees, whereas such entities process data on the basis of an agreement with the Controller and only in accordance with instructions and on condition of confidentiality. Entities performing tasks for and on behalf of the Controller include, but are not limited to, entities providing services to the extent necessary to provide technical facilities for the provision of services, such as payment and IT service providers and entities dealing with the Platform. The Controller shall exercise due diligence in the transmission of data, applying measures and safeguards to prevent unauthorised access to data (e.g. SSL, encrypted connections).
Data transfer outside the European Community
The level of protection of personal data outside the European Economic Area (EEA) may differ from that provided by European law. With this in mind, the Controller only transfers personal data outside the EEA when necessary. In the event of such a transfer, the Controller shall ensure an adequate level of protection of personal data primarily by:
a) the transfer of personal data to countries for which a European Commission decision recognising the country as providing an adequate level of protection for personal data has been issued,
b) the use of standard contractual clauses issued by the European Commission,
c) the use of other appropriate safeguards.
Data subject rights
The User has the right to access personal data, as well as to request rectification, restriction or erasure of personal data, to withdraw at any time consent to the processing of data to the extent of such consent, as well as to transfer personal data.
The User has the right to lodge a complaint to the supervisory authority, which in the Republic of Poland is the President of the Office for Personal Data Protection, if the User considers that the processing of his/her data violates the provisions of the GDPR.
In addition, the User has the right to object at any time to the processing of data for reasons related to his/her particular situation, where the Controller processes data for purposes arising from legitimate interests, for direct marketing purposes, including profiling.
Upon confirmation of the User’s identity, the Controller shall exercise the rights indicated on the basis of an analysis of the legitimacy of the request and the applicable legislation.
The Controller shall make every reasonable effort to comply with Users’ requests concerning personal data, unless the data must be retained due to applicable law or other legitimate legal interests of the Controller.
Data retention period
Personal data will be processed and stored by the Controller for the period necessary to fulfil the purposes, i.e.:
- the performance of the agreement concluded between the User and the Controller – until its completion, and thereafter for the period required by law or for the exercise of possible claims;
- to the extent that the data are processed on the basis of consent – the Controller will process it until the consent is withdrawn;
- until the legitimate interests of the Controller underlying such processing are satisfied or until the User objects to such processing, unless there are legitimate grounds for further processing.
The Controller uses so-called “cookies” to track Users’ visits to the website and to store their preferences, e.g. language, login data, as well as to adapt the services offered to their needs. The aforesaid files are used to compile general statistics on the use of the website by Users. The files in question will be stored until they become outdated or no longer relevant. Cookies will not be made available to other third parties, they will only be transferred to service providers to the extent necessary to provide technical support for the handling of the aforesaid files and entities belonging to Trans.eu Group.
Cookies can be deactivated in the User’s web browser, which will not prevent the User from using the services, but some difficulties may occur, i.e. the Controller’s website may no longer be fully functional.
Please be advised that the Controller’s Website may include social networking plug-ins, including Facebook, Twitter, LinkedIn, Instagram, etc. In connection with their inclusion on the Controller’s Website, it is the User’s own responsibility to consult the privacy policies of these providers in order to receive up-to-date information on the protection of personal data.
Data in Google Analytics
Traffic on the Controller’s websites is monitored by Google Analytics which is designed to collect data on website usage and popularity. This data (e.g. the browser used or IP address) will not be made available by the Controller to third parties.
For security purposes, the Controller:
- uses SSL encryption,
- enables access to the account only upon entering the login address and password (it is recommended to set up passwords consisting of min. 8 characters and containing upper and lower case letters, special characters and digits), which the User should keep exclusively for his/her information,
- controls the methods of collecting, storing and processing information, including physical security measures to protect against unauthorised access to the system,
- grants access to personal data only to those employees, contractors and collaborators who need to have access to it in order to process it for the Controller’s purposes; furthermore, they are contractually obliged to maintain strict confidentiality and, in the case of data entrustment, personal data processing agreements.
The Controller has appointed a Data Protection Officer who can be contacted by email at: email@example.com.
The list of Group companies is available at www.trans.eu/pl/o-nas