This document regulates the policy applied by Group S.A. with its registered office in Wrocław, ul. Racławicka 2-4, 53-146 Wrocław, entered into the Register of Entrepreneurs kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Department of the National Court Register under number 0000720763, NIP [tax ID no.]: 8942764658, REGON [National Business Registry No.]: 932920615 (hereinafter: Controller), regarding the protection of personal data of the users and information that may constitute a trade secret of the users.
This policy applies to the services offered by the Controller through the website The above policy does not extend to third-party websites and services that can be accessed through links on the aforementioned website. Detailed information on data protection can be obtained from each of the service providers separately. The Controller recommends that the documents in question on the providers’ websites be consulted each time.

Data collected

In order to make full use of the Controller’s services and products, the User may create an account or log in to the Platform.
In order to make use of the services and products offered by the Controller, it is necessary to register an account via the form made available on the website under Registration/Register Company/Add an Employee. During registration, the following data must be provided: NIP number, company name, registered office address, postal code and country. In order to verify the User, the following data is required: the company’s NIP number, telephone number, e-mail address and first and last name. When logging in, the User enters the following data: TransID number. In addition, the User may supplement his/her account profile with additional data, such as: date of birth.

We obtain most of the User data as part of the Platform access service directly from the Users (e.g. information, photos, documents) . We may obtain some of the data from public sources, such as the National Court Register, the Central Register and Information on Business Activity or similar sources, as well as from private entities that collect and share information about entrepreneurs. These sources provide us with data, such as identification details, contact details, etc.

The provision of data is voluntary, although necessary for the performance of the service and for the contact with the Controller. If you do not provide the Controller with the necessary information, they will not be able to perform and carry out the service.

Certain data is also collected passively, i.e. through the use of the website (e.g. IP address, resolution, location, browser type).

Data use

Personal data of the Users will be processed:

  • for the purposes necessary for the performance of the service of access to the Platform under the contract concluded between the User and the Controller or for the performance of pre-contractual activities (Article 6 Clause 1 Letter “b” of the GDPR),
  • if necessary, for the purposes resulting from the legally justified interests pursued by the Controller or a third party (Article 6 Clause 1 Letter “f” of the GDPR), among others: providing user support, responding to inquiries/complaints, sending the Controller’s newsletter concerning changes in the software, Regulations of the Platform, etc.; in order to ensure the Controller’s IT security; for the purpose of examining customer satisfaction, investigating claims and defending against claims, in direct marketing of the Controller’s products and services and those of the entities of the group, as well as other entities to which the Controller provides services under separate contracts, for the Controller’s internal administrative purposes, such as preparing statistics, analyses, e.g. the manner of using the website, User preferences,
  • on the basis of your consent (Article 6 Clause 1 Letter “a” of the GDPR), given for specific purposes (e.g. to provide the User with information concerning services/newsletter, if the User shows interest, or transmission of data within the group).

If the User has given such consent, the Controller sends information on the current and future products and services of the Controller and the Group entities by means of an e-mail in the form of an information or advertising campaign.

With regard to personal data, revocation of consent is possible at any time, although this does not affect the processing of personal data prior to revocation.

Personal data may be processed by automated means (including profiling). The purpose of profiling is to collect information about the activity within the platform and the preferences of the Users, which allow better adaptation of the offer and the messages addressed to them, as well as to detect events that may threaten the safety of the Users. The legal basis for the processing is the legitimate interest of the Controller (Article 6 Clause 1 Letter “f” of the GDPR). 

Personal data recipients

Data may be shared with other recipients in order to perform our contract with you, to comply with a legal obligation incumbent on the Controller, based on your consent or for purposes arising from legally justified interests of the Controller or a third party.
Recipients may include, in particular: entities of the capital group(2), institutions statutorily authorised to receive your data on the basis of relevant legislation (e.g. law enforcement or judicial authorities), as well as entities processing data upon the Controller’s commission and their authorised employees, whereby such entities process data on the basis of a contract with the Controller and strictly in accordance with the instructions and under the condition to maintain confidentiality. Entities performing tasks on behalf of and for the Controller include, but are not limited to, entities providing services to the extent necessary to ensure the technical background for the provision of services, such as payment and IT services providers and entities in charge of the Platform. The Controller shall exercise due diligence in the transmission of data, applying measures and safeguards to prevent unauthorised persons from gaining access to the data (e.g. SSL, encrypted connections).

Transmission of data outside the European Community

The level of protection of personal data outside the European Economic Area (EEA) may differ from that provided by European law. Bearing this in mind, the Controller transfers personal data outside the EEA only when necessary. In the event of such a transfer, the Controller shall ensure an adequate level of protection of personal data primarily by:

a. transferring personal data to countries for which a European Commission decision recognising the country as providing an adequate level of personal data protection has been issued,
b. applying the standard contractual clauses issued by the European Commission,
c. applying other adequate security measures.

Data subject rights

The User has the right to access their personal data, as well as to request their rectification, restriction of their processing or their deletion, to withdraw at any time the consent to the processing of their data to the extent of such consent, as well as to have their personal data transferred. 

The User has the right to lodge a complaint to the supervisory authority, which is the President of the Personal Data Protection Authority in case of the Republic of Poland, if the User considers that the processing of their data violates the provisions of the GDPR. 

Furthermore, the User has the right to object at any time to the processing of data for reasons related to their particular situation, where the Controller processes data for purposes arising from legally legitimate interests, for direct marketing purposes, including profiling. 

Once the User’s identity has been confirmed, the Controller will exercise the rights indicated on the basis of an analysis of the legitimacy of the request and the applicable law. The Controller will make every reasonable effort to comply with the Users’ requests concerning personal data, unless the data must be retained due to applicable law or other legally justified interests of the Controller.

Data retention period

Personal data will be processed and stored by the Controller for the period necessary to fulfill the purposes, i.e.:

  • the performance of the contract concluded between the User and the Controller – until its completion, and after that time for the period required by law or for the execution of possible claims;
  • insofar as the data is processed on the basis of consent – the data will be processed by the Controller until the consent is withdrawn;
  • until the fulfillment of legally justified interests of the Controller forming the basis for such processing or until the User objects to such processing, unless there are legally justified grounds for further processing.

Data collected during Users’ visits to the Controller’s website will be processed until it becomes obsolete or no longer relevant. This applies to data processed for analytical and statistical purposes, including the use of cookies and the administration of the Controller’s websites.


The Controller uses so-called “cookies” to track the website Users’ visits and save their preferences, e.g. language, login data, as well as to adapt the services to their needs. The above mentioned files are used to compile general statistics on the use of the website by Users. These files will be stored until they become obsolete or no longer useful. Cookies will not be made available to other third parties, they will be transferred only to entities providing services to the extent necessary to ensure the technical support of the aforementioned files and entities belonging to Group.

It is possible to disable cookies in your web browser, which will not prevent you from using the services, but there may be some inconvenience, i.e. the Controller’s website may no longer function fully correctly. 

It is also possible to manage the categories of “cookies” through the “Consents” window that appears when the User first visits our website. Detailed information on the rules for the use of “cookies” by the Controller is set out in the Cookies Policy available at:

Social networks

Please be advised that the Controller’s website may include social networking plug-ins, including but not limited to: Facebook, Twitter, LinkedIn, Instagram etc. Due to their inclusion on the Controller’s website, it is the User’s own responsibility to read the privacy policies of these providers in order to receive up-to-date information regarding the protection of personal data.

Data in Google Analytics

Traffic on the Controller’s websites is monitored by the Google Analytics system, the purpose of which is to collect data on the way the websites are used and their popularity. This data (e.g. browser used or IP address) will not be made available by the Controller to third parties.


To ensure security, the Controller:

  • applies the SSL encryption,
  • allows access to the account only after entering the login address and password (it is recommended to set passwords consisting of min. 8 characters and containing upper and lower case letters, special characters and digits), which the User should keep exclusively for his/her information, 
  • controls the methods of collecting, storing and processing of information, including physical security measures to prevent unauthorised access to the system,
  • grants access to personal data only to those employees, contractors and associates who need to have access to it in order to process it for the Controller’s purposes; furthermore, they are obliged by contract to maintain strict confidentiality and, in the case of entrustment of data, personal data processing entrustment contracts.

Privacy Policy Statement

This Privacy Policy took effect from 26.10.22 We may update the Privacy Policy from time to time to reflect changes in our information handling practices and standards. Such modifications may be implemented without notifying the User. If there are any material changes that modify our personal data processing rules, the User may be notified by email or by means of a notice posted on the website. The modifications will be effective as of the date they are published on the website with an indication of the date of their introduction.

Contact details

Should you have any questions or comments with regard to the Privacy Policy, please contact the Controller: Group S.A., Wrocław, ul. Racławicka 2-4, 53-146 Wrocław, (contact: 71 734 17 00,

The Controller has appointed a Data Protection Officer who can be contacted by email at:
1,2,3. The list of companies from the group is available on the website