PRIVACY PROTECTION POLICY
This Policy sets out the rules for the collection, processing and the use of personal data.

1. Personal data is processed by: ARRA GROUP Sp. z o.o. Sp. k. with headquarters in Głogów, ul. Piastowskiej 5, tel. +48535507071
2. Data protection officer data: Sylwester Krawczyk, e-mail address: iod@arra.pl
3. Processing of personal data takes place in accordance with the Regulation of the European Parliament and of the European Union Council 2016/679, 27th of April 2016. Regarding the protection of individuals in relation with the processing of personal data and on the free movement of such data and according to the resolution of the 95/46 / EC Directive – hereinafter referred to as „GDPR„.
4. You have the right to: require access to your personal data, rectification, deletion, processing restrictions, opposition to processing, and data transfer.
5. If the processing is based on your consent, you can withdraw it at any time by informing us without affecting the legality of the processing which was previously carried out.
6. You may lodge a complaint with the Chairman of the board at Office for the Protection of Personal Data.

Personal data contained in e-mail correspondence

1. Personal data processing takes place in order to conduct correspondence by means of electronic mail, according to art. 6 par. 1 letter a GDPR.
2. Following personal data provided by you in e-mail correspondence are processed, including: first and last name along with an e-mail address.
3. The recipients of personal data are the recipients of e-mail correspondence. Data can be stored on an external mail server. Access to data may also have external IT companies for the purpose of servicing and delivering IT equipment. In addition, the data will not be disclosed (made available) to other entities, except for foreseen instances outlined in the applicable regulations.
4. Data may be transferred to third countries – only if the recipient of a particular message uses email service providers in such a country. The data will not be transferred to international organizations, unless such an obligation will result from the provisions of generally applicable law.
5. Data will be stored until the conclusion of a particular matter. In the case of correspondence that results into long term cooperation, the data will be stored for a period of 5 years, counting from the end of the calendar year in which the tax payment deadline has passed according to the applicable tax regulations.
6. Providing data is voluntary, however, failure to do so may prevent the administrator from emailing this individual.

Data contained in invoices and other accounting documents

1. Data processing takes place in order to perform the contract obligations and fulfil the legal obligations incumbent on the administrator (accounting records keeping) in accordance with art. 6 par. 1 letter. b & c GDPR
2. The following data are processed: name and address of the seller and buyer, VAT numbers, data of the signatory along with other data found on the invoices and other accounting documents.
3. The administrator may entrust the processing of data to external accounting firms and law firms. Other external companies such as IT companies may also have access to this data for the purpose of servicing, programming and delivering of IT equipment. This also includes postal and courier companies, for the purpose of sending mail correspondence, in case of payments realization your payment details will be transferred to banks. In all other remaining circumstances, the data will not be disclosed (made available) to other entities, except for foreseen instances outlined in the applicable regulations.
4. Data will not be transferred to third countries or international organizations, unless such an obligation will result from the provisions of generally applicable law.
5. Data will be stored for a period of 5 years, counting from the end of the calendar year in which the tax payment deadline has passed according to the applicable tax regulations.
This date is necessary for the realization of a given contract and to fulfil the obligations arising from the tax law.

Personal data of drivers, carriers, shippers, dischargers, forwarders, consignee and addressee of transport orders involved in the transport and forwarding processes

1. Date is being processed for the purpose of the realization of a given contract and legitimate interests of the administrator (business travel, organization of transport and forwarding activities), in accordance with art. 6 par. 1 letter b & f GDPR.
2. The following data may be processed: first and last name, document data, contact number, vehicle registration numbers, position and travelled route, location and other data related to transport and forwarding orders.
3. The administrator may provide data to clients and contractors in relation to the handling of the transport and forwarding orders (other transport and forwarding companies, shippers and dischargers, senders and cargo consignees, ferry carriers, hotels, etc.). Other external companies such as IT companies may also have access to this data for the purpose of servicing, programming and delivering of IT equipment, as well as external accounting firms and law firms. All other remaining data will not be disclosed (made available) to other entities, except for foreseen instances outlined in the applicable regulations.
4. Some of the administrator’s clients and contractors may be established outside the European Union – then they may receive individuals data on the terms set out in point 3 above. To this extent, Article 46 act 2 letter c or d or art. 49 par. 1 letter. b or c GDPR. The data protection regulations applicable in these countries may be less restrictive than those of the EU. In addition, data will not be transferred to third countries or international organizations.
5. Data will be stored for a period of 5 years, counting from the end of the calendar year in which the tax payment deadline has passed according to the applicable tax regulations.
6. Data is obtained directly from clients, customers, contractors and drivers or from transport and forwarding companies with whom we cooperate with.
7. Providing data is voluntary, although should the data be used for the purpose of contract agreement, in particular the provision of forwarding services by the Administrator, failure to do so will results in the inability to fulfil the contract agreement.

Personal data processed on the administrators profile pages on the social networks

1. Processing is carried out for the purpose of maintain closer contact with the customers and potential clients via the administers social networks profiles, at: https://www.facebook.com/arratransport/ and https://www.instagram.com/arra_group_poland/, in accordance with art. 6 par. 1 letter a GDPR.
2. The following data are processed: first and last names, images, other data provided by users on their profiles.
3. The data will be available to the providers of the portals and its users. Other external companies such as IT companies may also have access to this data for the purpose of servicing, programming and delivering of IT equipment. All other remaining data will not be disclosed (made available) to other entities, except for foreseen instances outlined in the applicable regulations.
4. Data will not be transferred to third countries or international organizations, subject to point 3 above. It must be noted that when using a social networking site, regulations on the protection of personal data of countries outside the European Union may be less restrictive.
5. The data will be stored for the period in which the user will be tracking the administrator or until the termination of the correspondence conducted via the portal.
6. Providing data is voluntary.

Personal data included in recruitment processes (CVs, cover letters)

1. Personal data will be processed on the basis of art. 6 par. 1 letter a & c GDPR and the Labour Code – Act of June 26th, 1974 (Journal of Laws of 2018, pos 108) to recruit for work in the company.
2. Personal data will be processed my means of a website operated by eRecruitment Solutions Sp. z o.o. Other external companies such as IT companies may also have access to this data for the purpose of servicing, programming and delivering of IT equipment. All other remaining data will not be disclosed (made available) to other entities, except for foreseen instances outlined in the applicable regulations.
3. Personal data will be stored during the recruitment period or for one year from submitting the application (if the applicant agrees to the processing of personal data for „future recruitment„).
4. Providing personal data is not required by any regulations but failure to do so will prevent participation in the recruitment process.
5. Your data will be processed in an automated way, this including way of profiling. Automated decision-making will be carried out on the terms set out in the recruitment regulations, the result of such processing will be contact only with selected candidates.

Personal data collected as part of video monitoring

1. The processing is carried out on the basis of processing is art. 6 par. 1 letter. f GDPR and the Labour Code – Act of June 26th , 1974 (Journal of Laws of 2018, item 108), and monitoring is used to protect property and ensure security in the monitored area.
2. The following data are processed: images of individuals in the area covering the monitored zone.
3. Personal data may be disclosed to the relevant local law authorities should a crime or damage to the property been committed. In addition, the data will not be disclosed (made available) to other entities, except as provided for in the applicable regulations.
4. Data will not be transferred to third countries or international organizations.
5. The data will be kept for a period of 30 days. In the case where the image recordings are evidence in the proceedings or the employer has received information that they may be evidence in the proceedings, the term is extended until the final conclusion of the proceedings.

Cookies (cookies)

1. In order to ensure the best possible use of our website, when browsing, small files are saved on your device, so-called cookie. These files allow you to adjust the content of the website to your needs and interests. By saving them on your device it is possible to displaying the page in a way that is most appropriate for a particular user. Cookies enable us to collect statistical data, thanks to which we develop a website in accordance with the preferences of our users.
2. The User may at any time block or limit the option of saving cookies on his device; however, there is a risk that this action will hinder the use of the site.

Summary

1. All personal data processed by us are secured in accordance with the requirements of the GDPR. We make all efforts to protect your data and guard them against third parties actions.
2. We reserve the right to update and change this privacy policy by publishing a new version on the website.
3. In case of any doubts or additional questions regarding the protection of privacy, please contact us.