GDPR - ARRA GROUP

PRIVACY PROTECTION POLICY

This Policy sets out the rules for the collection, processing and the use of personal data.

1. Personal data is processed by: ARRA GROUP Sp. z o.o. Sp. k. with headquarters in Głogów, ul. Piastowskiej 5, tel. +48535507071
2. Data protection officer data: Sylwester Krawczyk, e-mail address: iod@arra.pl
3. Processing of personal data takes place in accordance with the Regulation of the European Parliament and of the European Union Council 2016/679, 27th of April 2016. Regarding the protection of individuals in relation with the processing of personal data and on the free movement of such data and according to the resolution of the 95/46 / EC Directive – hereinafter referred to as „GDPR„.
4. You have the right to: require access to your personal data, rectification, deletion, processing restrictions, opposition to processing, and data transfer.
5. If the processing is based on your consent, you can withdraw it at any time by informing us without affecting the legality of the processing which was previously carried out.
6. You may lodge a complaint with the Chairman of the board at Office for the Protection of Personal Data.

Personal data contained in e-mail correspondence

1. Processing is carried out for the purpose of legitimate interests of the administrator, so that e-mail correspondence is realized, according to art. 6(1)(f) of GDPR.
2. Following personal data provided by you in e-mail correspondence are processed, including: first and last name, along with all other data found within the correspondence of a particular e-mail.
3. The recipients of personal data are the recipients of e-mail correspondence. Data can be stored on an external mail server. Access to data may also have external IT companies for the purpose of servicing and delivering IT equipment. In addition, the data will not be disclosed (made available) to other entities, except for foreseen instances outlined in the applicable regulations.
4. Data may be transferred to third counties – only if the recipient of a particular message uses email service providers in such a country. The data will not be transferred to international organizations, unless such an obligation will result from the provisions of generally applicable law.
5. Data will be stored for a period of 7 years. due to applicable tax regulations and term of a submitted claim
6. Providing data is voluntary, however, failure to do so may prevent the administrator from emailing this individual.

Personal data use for marketing purposes (newsletter):

1. Processing of date takes place on the basis of issued consent or for the purpose resulting from legitimate interests pursued by the administrator (marketing of own services for own clients), in accordance with art. 6(1)(a) or (f) GDPR.
2. The following data is processed: email address, name and surname, telephone number.
3. Data can be stored on an external mail server and a mailing company. External IT companies in the field of software and IT equipment servicing may also have access to them. In addition, the data will not be disclosed (made available) to any other entities, except as provided for in applicable regulations.
4. Data may be transferred to third countries – only if the recipient of a particular message uses e-mail service providers in such a country. The data will not be transferred to international organizations, unless such an obligation results from the provisions of generally applicable law.
5. The data will be stored until the person unsubscribe from the newsletter.
6. Providing data is voluntary, however, failure to do so may prevent the administrator from contacting the person by e-mail.

Data contained in invoices and other accounting documents

1. Data processing takes place in order to perform the contract obligations and fulfil the legal obligations incumbent on the administrator (accounting records keeping) in accordance with art. 6(1)(b&c) of GDPR
2. The following data is processed: name and address of the seller and buyer, VAT numbers, data of the signatory along with other data found on the invoices and other accounting documents.
3. The administrator may entrust the processing of data to external accounting firms and law firms. Other external companies such as IT companies may also have access to this data for the purpose of servicing, programming and delivering of IT equipment. This also includes postal and courier companies, for the purpose of sending mail correspondence, in case of payments realization your payment details will be transferred to banks. In all other remaining circumstances, the data will not be disclosed (made available) to other entities, except for foreseen instances outlined in the applicable regulations.
4. Data will not be transferred to third world countries or international organizations, unless such an obligation will result from the provisions of generally applicable law.
5. Data will be stored for a period of 5 years, counting from the end of the calendar year in which the tax payment deadline has passed according to the applicable tax regulations.
This date is necessary for the realization of a given contract and to fulfil the obligations arising from the tax law.

Personal data of drivers, carriers, shippers, dischargers, forwarders, consignee and addressee of transport orders involved in the transport and forwarding processes

1. Date is being processed for the purpose of the realization of a given contract and legitimate interests of the administrator (business travel, organization of transport and forwarding activities), in accordance with art. 6(1)(b & f) of GDPR.
2. The following data may be processed: first and last name, document data, contact number, vehicle registration numbers, position and travelled route, location and other data related to transport and forwarding orders.
3. The administrator may provide data to clients and contractors in relation to the handling of the transport and forwarding orders (other transport and forwarding companies, shippers and dischargers, senders and cargo consignees, ferry carriers, hotels, etc.). Other external companies such as IT companies may also have access to this data for the purpose of servicing, programming and delivering of IT equipment, as well as external accounting firms and law firms. All other remaining data will not be disclosed (made available) to other entities, except for foreseen instances outlined in the applicable regulations.
4. Some of the administrator’s clients and contractors may be established outside the European Union – then they may receive individual’s data on the terms set out in point 3 above. To this extent, Article 46 (2)(c or d) or art. 49 (1)(b or c) of GDPR. The data protection regulations applicable in these countries may be less restrictive than those of the EU. In addition, data will not be transferred to third countries or international organizations.
5. Data will be stored for a period of 5 years, counting from the end of the calendar year in which the tax payment deadline has passed according to the applicable tax regulations.
6. Data is obtained directly from clients, customers, contractors and drivers or from transport and forwarding companies with whom we cooperate with.
7. Providing data is voluntary, although should the data be used for the purpose of contract agreement, in particular the provision of forwarding services by the Administrator, failure to do so will results in the inability to fulfil the contract agreement.

Personal data processed on the administrators profile pages on the social networks

1. Processing is carried out for the purpose of legitimate interests of the administrator, so that closer contact with the customers and potential clients is maintained via the administers social networks profiles, in accordance with art. 6(1)(f) of GDPR.
2. The following data are processed: first and last names, images, other data provided by users on their profiles.
3. The data will be available to the providers of the portals and its users. Other external companies such as IT companies may also have access to this data for the purpose of servicing, programming and delivering of IT equipment. All other remaining data will not be disclosed (made available) to other entities, except for foreseen instances outlined in the applicable regulations.
4. Data will not be transferred to third countries or international organizations, subject to point 3 above. It must be noted that when using a social networking site, regulations on the protection of personal data of countries outside the European Union may be less restrictive.
5. The data will be stored for the period in which the user will be tracking the administrator or until the termination of the correspondence conducted via the portal.

Personal data included in recruitment processes (CVs, cover letters)

1. Personal data will be processed on the basis of art. 6 par. (1)(a) GDPR
2. Providing data is voluntary, it is not required by any regulations, but refusal to provide data will prevent participation in the recruitment process.
3. The data provided in the application form by the applicant seeking employment are processed.
4. External recruitment companies may have access to the data – during the process of employee recruitment other external companies such as IT companies may also have access to this data for the purpose of servicing, programming and delivering of IT equipment. All other remaining data will not be disclosed (made available) to other entities, except for foreseen instances outlined in the applicable regulations.
5. Data will not be transferred to third countries or international organizations
6. Personal data will be stored during the recruitment period and for a period of 6 months post recruitment stage, unless the applicant retracts his previous issued consent to process data.

Personal data collected as part of video monitoring

1. Processing is carried out for the purpose of legitimate interests of the administrator, so that to provide safety and wellbeing of all employees as well as and protection of employer’s property, according to art. 6 (1)(f) of GDPR and art. 222 of the Labour Code.
2. The following data are processed: images of individuals in the area covering the monitored zone.
3. Personal data may be disclosed to the relevant local law authorities should a crime or damage to the property been committed. In addition, the data will not be disclosed (made available) to other entities, except as provided for in the applicable regulations.
4. Data will not be transferred to third countries or international organizations.
5. The data will be kept for a period of 30 days. In the case where the image recordings are evidence in the proceedings or the employer has received information that they may be evidence in the proceedings, the term is extended until the final conclusion of the proceedings.

Cookies (cookies)

1. In order to ensure the best possible use of our website, when browsing, small files are saved on your device, so-called cookie. These files allow you to adjust the content of the website to your needs and interests. By saving them on your device it is possible to displaying the page in a way that is most appropriate for a particular user. Cookies enable us to collect statistical data, thanks to which we develop a website in accordance with the preferences of our users.
2. The User may at any time block or limit the option of saving cookies on his device; however, there is a risk that this action will hinder the use of the site.

Other online tools:

1. In order to ensure optimal operation of the website, as well as the appropriate selection of displayed content, we use third-party software: Google Analytics and HotJar.
2. The indicated software collects anonymous data on user’s behaviour and to facilitate marketing activities. Collected data are not combined with other data and are collected anonymously; they do not allow identification of a specific user.

Summary

1. All personal data processed by us are secured in accordance with the requirements of the GDPR. We make all efforts to protect your data and guard them against third parties actions.
2. We reserve the right to update and change this privacy policy by publishing a new version on the website.
3. In case of any doubts or additional questions regarding the protection of privacy, please contact us.

Electronic payments

Personal data for payments, included in invoices and other accounting documents

1. The processing takes place in order to perform the legal obligations incumbent on the administrator (keeping accounting records) and to pursue the legitimate interests of the administrator (possible investigation or protection against claims, payments collection for services), in accordance with art. 6 para. 1 letter c and f GDPR.
2. The following Data is processed: the name and address of the seller and the buyer, tax identification numbers (NIP), data of the signatory, if any, and other data included in invoices and other accounting documents. In the case of online payments, the payment details and the e-mail address of the contact person of the buyer are also processed.
3. The administrator may entrust the processing of your data to external accounting companies and law firms. External IT companies may also have access to them in the field of servicing and delivering software and hardware, as well as postal and courier companies, in the case of sending correspondence. In the case of payment, your data will be transferred to banks, and in the case of online payments – to external providers of such services. In the remaining scope, the data will not be disclosed (made available) to other entities, except as provided for in applicable regulations.
4. The Data will not be transferred to third countries or to international organisations, unless such an obligation arises under generally applicable law.
5. The Data will be stored for a period of 7 years – due to applicable tax regulations and periods of limitation of claims.
6. The Data is obtained from you and from public registers (Central Registration and Information on Business – CEIDG, National Court Register – KRS). Providing the data is necessary in order to fulfil accounting and tax obligations.