Privacy Policy

Spedimo.eu online platform

Ladies and Gentlemen,

In accordance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, 4.05.2016, p. 1), (hereinafter referred to as GDPR), within the framework of this Privacy Policy we provide information on the details of personal data processing in connection with the processing activities that take place within the Online Platform: https://spedimo.eu (hereinafter referred to as the Platform), as well as within the framework of our business activities.

Our Platform is also available as a mobile application, Spedimo.eu, available in Google Play and the App Store. All provisions of this Privacy Policy relating to the online Platform also apply to the mobile application, unless expressly stated otherwise.

To make this document more accessible, we have taken the liberty of using direct references in its subsequent parts.

If you have any further questions about how we use your personal data, please do not hesitate to contact us at radoslaw.bul@kancelariahawk.pl

Contents

Privacy Policy of the Spedimo.eu online platform

1. Personal data administrator

2. Data Protection Officer and Contact Point

3. General information

4. Person using the user account functionality

5a. A person using the Platform functionalities available after logging in

5b. Persons contacting us by telephone, letter or e-mail.

6. The client or his representative/contact person

7. Potential customer or their representative/contact person

8. A person visiting our social media profiles

9. Transfer of personal data outside the EEA

10. Data subject rights

11. Automated decision-making, including profiling

12. Cookies

1. Personal data administrator

This Privacy Policy applies to all cases in which Spedimo GT Spółka z ograniczoną odpowiedzialnością SKA with its registered office in Kalisz at ul. Kazimierzowska 6/16, 62-800 Kalisz, entered into the Register of Entrepreneurs under the KRS number: 0001191545, NIP: 6182089137, REGON: 300897699 (hereinafter referred to as the Controller), processes personal data.

This applies both to cases in which the company processes personal data obtained directly from the data subject and to cases in which personal data are obtained from other sources.

2. Data Protection Officer and Contact Point

Spedimo GT Spółka z ograniczoną odpowiedzialnością SKA, as the Controller, has appointed a personal data protection officer – Mr. Radosław Bula, who can be contacted (in case of questions regarding the processing of personal data and your rights) via:

  1. e-mail address: radoslaw.bul@kancelariahawk.pl or
  2. in writing to the following address: ul. Kazimierzowska 6/16, 62-800 Kalisz.

3. General information

We process your personal data as:  

  1. Persons using the functionality of the Platform user account
  2. Persons using the Platform functionalities available after logging in
  3. Person contacting by telephone, letter and e-mail.
  4. the Client or his representative/contact person,
  5. A potential client or their representative/contact person,
  6. People visiting our social media profiles

In addition, in the last part of the Privacy Policy, we have described the rules for using cookies and other technologies on our Platform – more information can be found in the Cookies section.

In the further part of the Privacy Policy, we describe in detail the purposes of data processing, legal basis, categories of data recipients, the period of their storage and information on the obligation to provide personal data in connection with the implementation of individual data processing purposes.

4. Person using the user account functionality

Processing purposes 

We process your personal data to create and verify a user account on the Platform, ensure the security of the registration process, and determine, pursue, and defend against claims for unlawful use of the Platform.

As part of the registration process, we employ a user verification procedure. This verification process may result in denial of account creation, and data from individuals whose registration is rejected may be retained to prevent unauthorized re-registration. During the verification process, we also obtain your data from publicly available public registers and credit databases, which allows us to assess your eligibility and reliability to ensure the security and proper functioning of the Platform.

Data source and categories of personal data  

If we did not obtain the data directly from you, it means that the source of your personal data is your employer or the entity you represent as a representative/contact person. We process the following personal data: first name and last name, work email address and phone number, as well as place of work and job title. In such a case, the Platform does not act as a controller of the employee’s personal data in relation to the data provided by the employer, but rather acts as a processor, processing data on behalf of and on behalf of the employer, who is the data controller.

Legal basis for processing 

Your personal data is processed based on the following legal bases:

  1. Your consent (Article 6, paragraph 1, letter a of the GDPR) in the case of cookies and other technologies that are not necessary for the proper use and functioning of the Platform, but are used to develop statistics related to the use of individual functionalities of the Platform or to adapt the content of the Platform in line with your preferences or for marketing files,
  2. Processing is necessary for the performance of the contract for the provision of services by electronic means, i.e. maintaining a user account (Article 6, paragraph 1, letter b of the GDPR),
  3. Processing is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6, paragraph 1, letter f of the GDPR), where the legitimate interest consists in ensuring the security of the registration process, preventing abuse and establishing, pursuing and defending against claims,

Recipients of personal data

We transfer your personal data to suppliers:

  1. Hosting services,
  2. IT support and maintenance services,
  3. Legal advisory services

In cases provided for by law, we may also disclose your personal data to authorized state authorities, in particular the prosecutor’s office or the police.

Period of storage of personal data

We process your personal data for the duration of your account on the Platform, and after its deletion for the time necessary to comply with legal obligations, establish, pursue or defend against claims, ensure accountability of data processing, prevent re-registration of unauthorized persons, and enable the establishment, pursue or defend claims arising from relationships between Platform users.

After these periods, the data is deleted or anonymized, unless their continued storage is required by applicable law.

Obligation to provide data

Providing personal data is necessary to create and use a user account. Failure to provide this data will prevent the creation of an account. In the case of accounts created by employers, the employer’s provision of data is a condition for the employee’s use of the Platform.

5a. A person using the Platform functionalities available after logging in

Processing purposes 

We process your personal data to enable you to use the Platform functionalities available after logging in to your user account, to compile statistics related to the use of individual Platform functionalities, to adapt the Platform content to your preferences and for marketing purposes, to ensure the IT security of the Platform, and to determine, pursue and defend against claims for damage caused by unlawful use of the Platform.

For this purpose, we use cookies and other technologies – for more information, see the Cookies section.

Legal basis for processing 

Your personal data is processed based on the following legal bases:

  1. Your consent (Article 6, paragraph 1, letter a of the GDPR) in the event of your consent to the sending of commercial information and in the case of cookies and other technologies that are not necessary for the proper use and functioning of the Platform, but are used to develop statistics related to the use of individual functionalities of the Platform or to adapt the content of the Platform in line with your preferences and for marketing purposes (cookies and other technologies relating to the areas of: preferences, statistics, marketing),
  2. Processing is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6, paragraph 1, letter f of the GDPR) – where the legitimate interest consists in enabling you to use the Platform’s functionalities and ensuring the IT security of the Platform, as well as in determining, pursuing and defending against claims for damage caused by unlawful use of the Platform.

Recipients of personal data  

We transfer your personal data to suppliers:  

  1. IT software,
  2. Hosting services,  
  3. IT support and maintenance services,  
  4. Legal advisory services,
  5. SMS gateway services.

In cases provided for by law, we may also disclose your personal data to authorized state authorities, in particular the prosecutor’s office or the police. 

Furthermore, we share your data with other Platform users to the extent necessary, particularly in connection with the publication of advertisements on the freight exchange and with functionalities enabling mutual contact, establishing collaboration, and conducting contractor verification. It should be noted that in situations where collaboration is established, Platform users or the entities they represent may process your personal data as separate data controllers, responsible for the manner and purpose of further processing in connection with this collaboration.

Period of storage of personal data  

We process your personal data for the duration of your use of the Platform, and after its termination for the time necessary to fulfill legal obligations, establish, pursue or defend against claims, ensure accountability of data processing, and enable the establishment, pursuit or defense of claims arising from relationships between Platform users.

After these periods, the data is deleted or anonymized, unless their continued storage is required by applicable law.

Obligation to provide data  

Providing your personal data is necessary to properly use the Platform’s functionality and ensure its IT security. In the case of cookies and other technologies that are not necessary for the proper use and operation of the Platform, providing your personal data is voluntary.

5b. Persons contacting us by telephone, letter or e-mail.

Processing purposes 

We process your personal data in order to consider and resolve the matter you described by telephone, in your letter or in your inquiry and to provide you with an answer.  

Legal basis for processing  

Your personal data is processed based on the following legal bases: 

  1. Processing is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR) – where the legitimate interest consists in considering and settling the matter described by you by telephone, in your letter or inquiry and providing you with an answer.  

Recipients of personal data  

We transfer your personal data to suppliers:  

  1. IT software,  
  2. Hosting services,  
  3. Email services, 
  4. Postal and courier services,    

In cases provided for by law, we may also disclose your personal data to authorized state authorities, in particular the prosecutor’s office or the police.

Period of storage of personal data  

We process your personal data to consider and resolve the matter you described by phone, in your letter or inquiry and to provide you with an answer, but no longer than for 6 years from sending the message by letter or e-mail. 

Obligation to provide data

The provision of personal data by persons contacting us by telephone, letter or e-mail is voluntary, but necessary for the proper consideration and handling of the matter and for answering questions.

6. The client or his representative/contact person

Purpose of processing

We process your personal data for the purpose of: concluding and performing a contract and providing services, including providing access to the Platform, making settlements, verifying technical reports and complaints, fulfilling legal obligations arising from the provisions of tax and accounting law, debt collection, and establishing, pursuing, or defending against claims arising from non-performance or improper performance of the contract.

Legal basis for processing 

Your personal data is processed based on the following legal bases:

  1. Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract (applies to contracts where our customers are natural persons) (Article 6(1)(b) of the GDPR),
  2. Processing is necessary to fulfill a legal obligation arising from the provisions of tax and accounting law and incumbent on the Controller (Article 6, paragraph 1, letter c of the GDPR),
  3. Processing is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR) – where the legitimate interest consists in concluding and performing a contract, providing services to clients who act through their representatives/proxies and contact persons, collecting receivables arising from contracts and pursuing or defending against claims arising from non-performance or improper performance of a contract.

Data source and categories of personal data 

If we did not obtain the data directly from you, it means that the source of your personal data is your employer or the entity you represent as a representative/contact person. In such cases, we process the following personal data: name and surname, work email address and phone number, as well as place of work and job title.

Recipients of personal data  

We transfer your personal data to suppliers:  

  1. IT software,  
  2. Hosting services,  
  3. Email services, 
  4. IT support and maintenance services,  
  5. Accounting and bookkeeping services,  
  6. Postal and courier services,  
  7. Banking services and payment operators,  
  8. Legal advisory services,
  9. Entities involved in debt servicing.

In cases provided for by law, we may also disclose your personal data to authorized state authorities, in particular the prosecutor’s office or the police.

Period of storage of personal data  

We generally process your personal data for no longer than 3 years from the date of expiry or termination of the contract, however, in certain cases we may process your personal data for purposes related to fulfilling tax and accounting obligations. We process your personal data for 5 years, counting from the end of the calendar year in which the payment deadline expired.

Obligation to provide data  

If you are the source of your data, the provision of your personal data is a condition for concluding a contract and for the proper implementation of services, as well as for the correct settlement of the services provided by us.

7. Potential customer or their representative/contact person  

Purpose of processing

We process your personal data to establish business contacts with potential clients and respond to their enquiries, to present our services, and to establish, pursue, or defend against claims.

Legal basis for processing  

Your personal data is processed based on the following legal bases: 

  1. Processing is necessary to take steps at the request of the data subject before concluding a contract (applies to contracts whose potential clients are natural persons) (Article 6(1)(b) of the GDPR), 
  2. Processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR) – where the legitimate interest is to acquire new customers who act through their representatives/proxies and contact persons, and to respond to received requests for quotations and to present our services, as well as to establish, pursue or defend against claims.

Data source and categories of personal data  

If we did not obtain the data directly from you, it means that the source of your personal data is your employer or the entity you represent as a representative/contact person. In such cases, we process the following personal data: name and surname, work email address and phone number, as well as place of work and job title.

Recipients of personal data  

We transfer your personal data to suppliers:  

  1. IT software,  
  2. Hosting services,  
  3. Email services, 
  4. IT support and maintenance services,  
  5. Postal and courier services,  
  6. Legal advisory services. 

In cases provided for by law, we may also disclose your personal data to authorized state authorities, in particular the prosecutor’s office or the police.  

Period of storage of personal data  

We generally process your personal data for no longer than 3 years from the date of termination of contact.  

Obligation to provide data  

If you are the source of your data, providing your personal data is voluntary, but required to respond to your request for quotation and to present our services.

8. A person visiting our social media profiles

Purpose of processing

We process your personal data for the purpose of managing our social media profiles, including ensuring the order of discussion participants on our profiles, conducting correspondence with you regarding matters you have contacted us about, marketing our services, statistics and analysis of the activity of users of our profiles, including collecting data on the number of likes, comments and shares of our profile or the content posted on it.

Legal basis for processing 

Your personal data is processed based on the following legal bases:

Processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6, paragraph 1, letter f of the GDPR) – where the legitimate interest consists in managing our social media profiles, including ensuring the order of discussion participants on our profiles, conducting correspondence with you related to the topics you contact us with (questions regarding the services we provide), marketing and promotion of our services, statistics and analysis of the activity of users of our profiles, including collecting data on the number of likes, comments and shares of our profile or the content posted on it.

Recipients of personal data 

We transfer your personal data to suppliers: 

  1. Social media, 
  2. Email services,
  3. IT support and maintenance services. 

In cases provided for by law, we may also disclose your personal data to authorized state authorities, in particular the prosecutor’s office or the police. 

Period of storage of personal data  

We process your personal data for the duration of our social media profiles, unless you express your objection to the processing of your personal data in advance, which objection will be taken into account.  

Obligation to provide data  

Providing your personal data is voluntary, but necessary to conduct correspondence with you regarding the matters you contact us about (questions regarding the services we provide) and in the event of your activity: liking, commenting and sharing our profile or the content posted on it.  

Additional information  

The personal data controllers are also the social media providers on which we maintain our profiles:  

  1. Facebook – Meta Platform Ireland Limited, which processes your personal data in accordance with the principles set out in its Privacy Policy and the Regulations indicated therein ( https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 ),
  2. Instagram – Meta Platform Ireland Limited, which processes your personal data in accordance with the principles set out in its Privacy Policy and the Regulations indicated therein ( https://privacycenter.instagram.com/policy ),
  3. LinkedIn – LinkedIn Ireland Unlimited Company, which processes your personal data in accordance with the principles set out in its Privacy Policy and the Regulations indicated therein ( https://pl.linkedin.com/legal/privacy-policy ),
  4. Youtube – Google Ireland Limited, which processes your personal data in accordance with the principles set out in its Privacy Policy and the Regulations indicated therein ( https://www.youtube.com/intl/ALL_pl/howyoutubeworks/our-commitments/protecting-user-data/ https://policies.google.com/privacy?hl=pl-PL ),
  5. TikTok – TikTok Technology Limited and TikTok Information Technologies UK Limited, which processes your personal data in accordance with the principles set out in its Privacy Policy and the Regulations indicated therein ( https://www.tiktok.com/legal/page/eea/privacy-policy/pl ).

As mentioned above, we process your personal data regarding your activity on our profiles for statistical and analytical purposes. In this respect, your data is jointly controlled between us and the social media providers. You can find more information by clicking the appropriate link:

  1. Facebook – more information at the link: https://www.facebook.com/legal/terms/page_controller_addendum ,
  2. Instagram – more information at the link: https://privacycenter.instagram.com/policies/cookies/ ,
  3. LinkedIn – more information at the link: https://www.linkedin.com/help/linkedin/answer/a1338708 ,
  4. Youtube – more information at the link: https://support.google.com/youtube/answer/10364219?hl=pl ,
  5. TikTok – more information at the link: https://ads.tiktok.com/help/article/using-cookies-with-tiktok-pixel?lang=pl-PL

9. Transfer of personal data outside the EEA

Personal data will generally not be transferred outside the European Economic Area or made available to international organizations. However, some of our IT solution providers are based outside the European Economic Area. Therefore, personal data will be transferred outside the EEA.

However, if the Controller uses IT solution providers from outside the EEA, the transfer of personal data outside the EEA is based on a decision of the European Commission confirming the adequacy of the level of protection of personal data or, in the absence of an applicable decision, on the basis of standard contractual clauses adopted by the European Commission by Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.

A copy of the standard contractual clauses and the transfer security measures used can be obtained from the Administrator via e-mail: radoslaw.bul@kancelariahawk.pl

10. Data subject rights

The right to withdraw consent – ​​Article 7 of the GDPR 

You have the right to withdraw your consent if we process your personal data based on consent. Withdrawal of consent is effective only for the future and does not affect any processing we conducted lawfully prior to its withdrawal.

Right of access – Article 15 GDPR  

You have the right to obtain confirmation from the Controller as to whether your personal data is being processed. If so, you are entitled to access it and the following information: the purposes of processing, the categories of personal data being processed, information about the recipients or categories of recipients, the planned retention period for the personal data, and if this is not possible, the criteria for determining this period, information about your rights under the GDPR, all available information about the source of the personal data, information about automated decision-making, including profiling, and information about appropriate safeguards in the event of personal data being transferred outside the EEA. You also have the right to obtain a copy of the personal data being processed.

Right to rectification – Article 16 GDPR  

You have the right to request that the Controller correct any inaccurate personal data you provide. Taking into account the purposes of processing, you have the right to request that incomplete personal data be supplemented, including by providing an additional declaration. 

The right to erasure (“the right to be forgotten”) – Article 17 GDPR 

You have the right to request the Administrator to delete your personal data if one of the following circumstances occurs: 

  1. personal data are no longer necessary for the purposes for which they were collected or otherwise processed,  
  2. you have withdrawn the consent on which the processing is based,  
  3. personal data were processed unlawfully, 
  4. you have objected to the use of your data for marketing purposes, 
  5. you have objected to the processing of your data based on our legitimate interest and the objection has been deemed justified. 

The right to restrict processing – Article 18 of the GDPR 

You have the right to request the Administrator to restrict processing in the following cases:  

  1. you question the accuracy of your personal data – for a period enabling the administrator to check the accuracy of your personal data, 
  2. the processing is unlawful and you oppose the deletion of your personal data, requesting instead that their use be restricted, 
  3. the administrator no longer needs the personal data for processing purposes, but you need them to establish, pursue or defend claims, 
  4. you have objected to the use of your data for purposes other than marketing purposes – until it is determined whether the legitimate grounds on the part of the controller override the grounds for objection of the data subject. 

The right to data portability – Article 20 of the GDPR 

You have the right to receive your personal data that you provided to the Controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this personal data to another controller without hindrance from the Controller’s Platform to which you provided the personal data, provided that the processing is based on your consent or on a contract, and the processing is automated. You have the right to request that the Controller transmit your personal data directly to another controller, provided that this is technically feasible.

Right to object – Article 21 of the GDPR 

You have the right to object at any time – for reasons relating to your particular situation – to the processing of your personal data based on our legitimate interests.

If you have objected to the processing of your data for marketing purposes, we will cease processing it for those purposes. The same applies to objections to the processing of your data for purposes other than marketing, if the objection proves to be justified and we have no other legal basis for further processing of your personal data.

The right to lodge a complaint with the supervisory authority  

Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if he or she considers that the processing of personal data concerning him or her infringes the GDPR.

In Poland, the supervisory authority is the President of the Office for Personal Data Protection (address: ul. Stawki 2, 00-193 Warsaw, link: https://uodo.gov.pl/pl ).  

You can submit all requests and demands via  

  1. email address radoslaw.bul@kancelariahawk.pl or  
  2. by mail to the following address: ul. Kazimierzowska 6/16, 62-800 Kalisz  

11. Automated decision-making, including profiling

In relation to personal data, no automated decision-making processes, including profiling, will be carried out.

12. Cookies

General information  

Cookies are small text files that may be used by Online Platforms to make the Platform more user-friendly.

Types of cookies:

Division by management structure:  

  1. Own cookies – files belonging to the visited Internet Platform, 
  2. Third-party cookies. 

Division according to purpose 

  1. Essential cookies contribute to the usability of the Platform by enabling basic functions such as navigation within the Platform and access to secure areas of the online Platform. The online Platform cannot function properly without these cookies. 
  2. Functional cookies – they enable the extension of the functionality of the Online Platform, making it easier for the user to use additional options.
  3. Analytical cookies – help us understand how different users behave on the Platform by collecting and reporting anonymous information.  
  4. Marketing cookies – These are used to track users on the Online Platform. The goal is to display advertisements that are relevant and interesting to individual users, and therefore more valuable to publishers and advertisers of the Third-Party Platform.  

Division according to storage period 

  1. Session cookies – are deleted when you close your browser.
  2. Persistent cookies – these are saved on the user’s computer and are not automatically deleted when the browser is closed.

Detailed information about cookies 

Current information on the cookies used on the Platform, including their names, suppliers, processing purposes and storage period, is available at the following address: https://spedimo.eu/polityka-cookies-pl/ .

Cookie management 

Deleting cookies 

You can delete all cookies on your device by simply clearing your browser’s browsing history. This removes all cookies from all websites you’ve visited. 

Cookie management  

You can change your cookie preferences at any time by changing your browser settings to restrict cookies. Please note that disabling cookies required for authentication, security, and maintaining user preferences may make using the Platform difficult, and in extreme cases, impossible.

Furthermore, restrictions on the use of cookies may affect some of the functionalities available on the Platform’s websites. 

To manage cookie settings, select your web browser/system from the list below and follow the instructions: 

  1. Chrome 
  2. Safari 
  3. Safari (for mobile devices) 
  4. Firefox 
  5. Opera 
  6. If you are using a different browser, please refer to the “Help” section of the program. 

Web browsing software (web browser) typically allows cookies to be stored on the user’s end device by default. Platform users can change their settings in this regard. The web browser allows the deletion of cookies. It is also possible to automatically block cookies. For detailed information, refer to the help or documentation provided in the web browser.