This document governs the policy applied by Trans.eu Group S.A. with its registered office in Wrocław, ul. Racławicka 2-4, 53-146 Wrocław, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS number: 0000720763, NIP: 8942764658, REGON: 932920615 (hereinafter: the Controller), with regard to the protection of users’ personal data and information that may constitute trade secrets of the users.
This policy applies to the services offered by the Controller through the website www.trans.eu. The above policy does not apply to third-party websites and services that can be accessed via links from the above website. Detailed information on data protection is available from each service provider separately. The Controller recommends that the documents in question are always consulted on the service providers’ websites.
In order to make full use of the Controller’s services and products, the User may create an account or log in to the Platform.
In order to make use of the services and products offered by the Controller, it is necessary to register an account via the form provided on the website under Registration/Register New Company/Add Account to Company. When registering, the following details must be provided: VAT number, company name, registered office address, postal code and country. In order to verify the user, the company’s VAT number, telephone number, e-mail address and name are required. When logging in, the User enters the following data: TransID number. In addition, the User can update his/her account profile with other additional data. such as date of birth.
As part of the service of accessing the Platform, we obtain the majority of the User data directly from the Users themselves (e.g. information, photos, documents). Some of the data we can obtain from public sources such as: National Court Register, Central Register and Information on Business Activity or similar sources and from private entities that collect and provide information on businesses. From these sources we have data such as identifying information, contact details, etc.
The provision of data is voluntary, although necessary for the provision of the service and for contacting the Controller. If the necessary information is not provided to the Controller, the Controller will not be able to proceed and carry out the service.
Some data is also collected passively, i.e. through the use of the website (e.g. IP address, resolution, location, browser type).
Users’ personal data will be processed:
If the User has given such consent, the Controller sends information on the current and future products and services of the Controller and Group entities by e-mail in the form of an information or advertising campaign.
With regard to personal data, revocation of consent is possible at any time, although this does not affect the processing of personal data prior to revocation.
Personal data may be processed by automated means (including profiling). The purpose of profiling is to collect information about the activity within the Platform and the preferences of Users, which allows us to better tailor the proposal and the messages addressed to them, as well as to detect events that may compromise the safety of Users. The legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR).
Data may be shared with other recipients in order to perform the agreement with the User, to comply with a legal obligation of the Controller, based on the User’s consent or for purposes arising from the legitimate interests of the controller or a third party.
Recipients may be, in particular: entities of the Trans.eu capital group, institutions legally authorised to receive User data under relevant legislation (e.g. law enforcement or judicial authorities), as well as entities processing data on behalf of the Controller and their authorised employees, whereas such entities process data on the basis of an agreement with the Controller and only in accordance with instructions and on condition of confidentiality. Entities performing tasks for and on behalf of the Controller include, but are not limited to, entities providing services to the extent necessary to provide technical facilities for the provision of services, such as payment and IT service providers and entities dealing with the Platform. The Controller shall exercise due diligence in the transmission of data, applying measures and safeguards to prevent unauthorised access to data (e.g. SSL, encrypted connections).
The level of protection of personal data outside the European Economic Area (EEA) may differ from that provided by European law. With this in mind, the Controller only transfers personal data outside the EEA when necessary. In the event of such a transfer, the Controller shall ensure an adequate level of protection of personal data primarily by:
The User has the right to access personal data, as well as to request rectification, restriction or erasure of personal data, to withdraw at any time consent to the processing of data to the extent of such consent, as well as to transfer personal data.
The User has the right to lodge a complaint to the supervisory authority, which in the Republic of Poland is the President of the Office for Personal Data Protection, if the User considers that the processing of his/her data violates the provisions of the GDPR.
In addition, the User has the right to object at any time to the processing of data for reasons related to his/her particular situation, where the Controller processes data for purposes arising from legitimate interests, for direct marketing purposes, including profiling.
Upon confirmation of the User’s identity, the Controller shall exercise the rights indicated on the basis of an analysis of the legitimacy of the request and the applicable legislation. The Controller shall make every reasonable effort to comply with Users’ requests concerning personal data, unless the data must be retained due to applicable law or other legitimate legal interests of the Controller.
Personal data will be processed and stored by the Controller for the period necessary to fulfil the purposes, i.e.:
The Controller uses so-called “cookies” to track Users’ visits to the website and to store their preferences, e.g. language, login data, as well as to adapt the services offered to their needs. The aforesaid files are used to compile general statistics on the use of the website by Users. The files in question will be stored until they become outdated or no longer relevant. Cookies will not be made available to other third parties, they will only be transferred to service providers to the extent necessary to provide technical support for the handling of the aforesaid files and entities belonging to Trans.eu Group.
Cookies can be deactivated in the User’s web browser, which will not prevent the User from using the services, but some difficulties may occur, i.e. the Controller’s website may no longer be fully functional.
Please be advised that the Controller’s Website may include social networking plug-ins, including Facebook, Twitter, LinkedIn, Instagram, etc. In connection with their inclusion on the Controller’s Website, it is the User’s own responsibility to consult the privacy policies of these providers in order to receive up-to-date information on the protection of personal data.
Traffic on the Controller’s websites is monitored by e.g. Google Analytics or other service providers such as Albacross, whose purpose is to collect data on website usage and popularity, as well as to identify users visiting the websites and to adapt advertising content. This data (e.g. the browser used or IP address) will not be made available by the Controller to third parties.
For security purposes, the Controller:
The Controller has appointed a Data Protection Officer who can be contacted by email at: firstname.lastname@example.org.