en
pl lt

Privacy Policy of Adampol S.A.

The protection of Users’ privacy is particularly important to us. For this reason, the users of the PRILO logistics platform (“Platform“) are guaranteed the highest standards of privacy protection.

Given the above and in view of the requirements introduced by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR“), this Privacy Policy is adopted by Adampol S.A. to ensure the security of personal data of the Users of the Platform and inform in details how the User’s personal data are processed via the Platform.

A user is any person – a data subject using the Platform, including websites, communications and services, in particular the entities described in the Platform Regulations – Shipper, Carrier, Driver (hereinafter referred to as the “User”).

This Privacy Policy sets out the rules for the processing and protection of Users’ personal data in connection with their use of the Platform and other related websites, communications, and services.

The controller of personal data on the Platform is ADAMPOL SPÓŁKA AKCYJNA, ul. Usługowa 3, 15-521 Zaścianki near Białystok, KRS number: 0000056707; NIP: 542-000-01-62; REGON: 002347759 – as a legal person that alone or jointly with other entities sets the purposes and methods of processing Personal Data (hereinafter referred to as the “Administrator“).

All concepts and terms used in this Privacy Policy should be understood in the same way as the concepts and terms contained in the Regulations of the Platform.

I. THE BASIS FOR THE PROCESSING OF PERSONAL DATA

To the extent necessary to perform the contract concluded by the User with the Administrator, as well as to the extent necessary for the Administrator to take action at the User’s request and to the extent necessary to fulfil the legal obligation incumbent on the Administrator – the processing of the User’s personal data takes place on the basis of Art. 6 sec. 1 letter b) and letter Art. 6 sec. 1 c) of the GDPR, without the need for the User to consent to the processing of the User’s personal data. In the remaining scope, the provision of personal data by the User is voluntary. However, to the extent that the User expressed consent to the processing of the User’s personal data on the basis of Art. 6 sec. 1 letter a) of the GDPR personal data may be used for marketing purposes and in relation to location data – for the purpose of provision information on the location of the cargo. The provision of the User’s personal data by the User is voluntary. Still, the refusal to give consent may result in the inability to provide individual services and the unavailability of certain functionalities of the Platform. E.g., the refusal to consent to processing of location data or to provide such data can make the confirmation on the loading and/or unloading of the cargo unavailable.

In the case of processing personal data based on the User’s consent, the User has the right to withdraw his/her consent at any time. Withdrawal of consent does not affect the lawfulness of the processing, which was carried out on the basis of consent before its withdrawal. The Administrator informs the User about the possibility of withdrawing consent before the User expresses his/her consent.

II. PERSONAL DATA PROCESSED BY THE ADMINISTRATOR

1. The method of obtaining personal data

The Administrator obtains personal data directly from the User or through other sources, including other Users.

Personal data obtained directly from the User:

  • sending data by the User, thanks to the functionality available on the Platform – e.g., a message sent by e-mail and chat.
  • creating by the User his/her account on the Platform (account registration);
  • the User’s use of the services offered by the Administrator – i.a.location data;

Personal data obtained from other sources:

  • by obtaining data from another User who uses the Platform and the functionalities available there (to the extent that the User has declared that he/she has the rights and that he/she meets all legal requirements for the entities whose data the User provides);
  • by recording the manner in which the User uses the Administrator’s services via cookies and other technologies, and by receiving reports on errors or usage data from software running on the User’s device (after fulfilling the information obligation and collecting relevant User’s consents);
  • from service providers who provide the Administrator with information on the location of Users based on Users’ IP addresses on the basis of contracts held and only after these entities fulfil their legal obligations related to the processing of the User’s personal data;
  • from partners with whom the Administrator offers products and services or conducts joint marketing activities based on the contracts held and only after the entity fulfils its legal obligations related to the processing of the User’s personal data.

2. Types of personal data processed by the Administrator

The scope of personal data collected by the Administrator regarding Users may vary depending on the purpose of personal data processing, including the type of account held on the Platform and the functionalities provided:

The Administrator collects the following personal data:

  • Login;
  • First name and last name;
  • Correspondence address;
  • telephone number provided by the User;
  • E-mail address;
  • Tax identification number;
  • Computer IP;
  • Location data.

If the User refuses to provide the above-mentioned Personal Data, the Administrator will not be able to conclude a contract with the User, and as a consequence, the User will not be able to use the Administrator’s services.

The Administrator informs that it collects data on the content of the User’s files and messages when it is required to provide services and ensure the full functionality of the Platform, including: the subject and content of messages sent using the Platform (including e-mail, chat).

When the User uses the Platform, the Administrator also collects information about activities on the Platforms, including the User’s transaction history, issued Offers, payments and the content of comments.

The Platform collects location data from the Drivers to enable to provide the information on location of the cargo and report its status to Shipper and Carrier even when the Platform is closed or not in use. However, the location data are transferred to the above-mentioned entities only during the transportation.

Denying access to the location data is possible by refusing to grant or withdrawal of the consent, but it may result in the unavailability of some of the functionalities accessible via the Platform, e.g. the confirmation of the loading and/or unloading of the cargo. The User can always change his/her preferences and adjust the settings of his/her phone or mobile device. At any time, the User can also give the consent to use the location data via the Platform.

The User is informed how the Administrator uses the location data in a prominent disclosure through a notification before the Platform’s location runtime permission.

III. THE METHOD OF DATA PROCESSING – PURPOSES OF PERSONAL DATA PROCESSING BY THE ADMINISTRATOR

The manner in which the Administrator processes personal data relating to the User depends on the manner in which the User uses the Platform. The individual purposes of the User’s data processing may differ depending on the type of access to the Platform a given User has and how he/she uses it.

1. Platform services (performance of the subject of the contract)

The Administrator uses the User’s personal data to authenticate and authorise the User’s access to the Platform, including the provision of services offered by the Administrator.

Taking actions related to the handling of the Registration made by the User and the provision of electronic services:

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter b of the GDPR (necessity to conclude and perform the contract) – Personal Data necessary to set up and operate an Account

Retention period: until the end of the service provision.

If the User uses paid services, the Administrator will process the User’s personal data to the extent necessary to conclude the contract and ensure the proper implementation of the contract for the provision of services with the User.

2. Communication with Users

(performance of the contract, legitimate purpose carried out by the Administrator)

The Administrator uses the User’s personal data to communicate with the User. This communication consists of sending e-mails, posting notifications on the Platform and other means of services, including text messages and push notifications. The content communicated to the User relates to the services offered, i.e., the availability of services and the manner of using them, personal data security, network updates, reminders, and the suggested offers of the Administrator and Partners.

Communication with the User also applies to the User’s service. Personal data are used to help the User solve technical problems and respond to the User’s complaints.

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter f of the GDPR (legitimate interest of the Administrator, consisting in the protection of PRILO and Users’ rights)

Storage period: until the complaint is handled or the reported problem is resolved.

The Administrator also uses the User’s personal data to enable the User to comment on the Administrator’s activities and services (handling Users’ requests, in particular, to the User’s service department and via e-mail, when they are not directly related to the performance of the contract)

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter f of the GDPR (the Controller’s legitimate interest in responding to inquiries)

Retention period: until the answer is given.

3. Provision of the information on location of the cargo and status reporting

The Administrator may use the User’s location data to provide the location of the cargo and report its status to Shipper and Carrier based on the User’s consent to such activities. The location data are recorded from the loading until the unloading of the cargo. However, saved and stored are only location data limited to the User’s last reported location.

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter a of the GDPR (the User’s consent)

Retention period: until the consent to use of location data is withdrawn

4. Advertising (consent, legitimate purpose carried out by the Administrator)

The Administrator may use the User’s personal data to offer the User advertisements tailored to the User, if the User has consented to such actions or if an economic relationship is established between the Administrator and the User. These advertisements apply to both the Administrator’s offers and entities cooperating with it.

The advertisements presented to the User are adjusted individually to each User by using:

  • data provided directly by the User,
  • data collected when the User uses the Administrator’s services,
  • information provided by third parties,
  • data from advertising technologies, such as cookies,
  • web beacons, pixels, ad tags, and mobile identifiers.

The Administrator does not share the User’s personal data with third party advertisers or advertising networks without the User’s consent.

The Administrator processes the User’s personal data also in the field of direct marketing. Direct marketing includes own services and the services of the Administrator’s Partners (enabling participation in a competition or promotional campaign)

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter f of the GDPR (legitimate interest consisting in the performance of obligations arising from declarations, organising competitions or similar actions, including in connection with the performance of activities aimed at promoting the Administrator’s activities).

Retention period: until the end of participation in the competition (e.g., the issue of an award) or a promotional campaign or until an effective objection is submitted.

To carry out marketing activities, PRILO may, in some cases, use profiling. This means that, thanks to the automatic processing of Personal Data, we evaluate selected factors relating to Users to analyse their behaviour or create forecasts. This allows the Administrator to better adjust the displayed content to the individual preferences and interests of the User.

In connection with the implementation of marketing activities, the User’s Personal Data are processed according to the rules described below. The User’s Personal Data may also be processed for other purposes, that is for analytical purposes and to ensure the security of the services provided. More information in this regard can be found in further sections of this part of the Policy.

Displaying contextual advertising (conducting marketing):

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter f of the GDPR (the Controller’s legitimate interest in promoting its services)

The period of storage of Personal Data for a specific purpose (retention period) – until the use of the Platform or Mobile Application is stopped.

The Administrator may contact Users (with their consent) for purposes related to permitted marketing activities through available electronic communication channels, including e-mail, telephone and SMS/MMS push.

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter f of the GDPR in connection with Art. 10 of the Act on the provision of electronic services or Art. 172 of the Telecommunications Law (the Controller’s legitimate interest in promoting PRILO)

Storage period: until the consent to receive messages or information is withdrawn (pursuant to the provisions of the Act on the provision of electronic services or telecommunications law) or effective objection to the processing of Personal Data

5. Improving services (legitimate interest of the Administrator)

The Administrator uses the User’s personal data in the field of analytical and statistical activities to constantly improve the products and services offered, provide better solutions, add new functions and possibilities, gather more recipients and help Users establish contacts and find business opportunities.

The Administrator also uses Users’ personal data in the field of market research, public opinion research and economic analysis to constantly improve the Platform.

Conducting statistical analyses:

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter f of the GDPR (the Controller’s legitimate interest in analysing Users’ activity, including historical activities, for the purpose of optimisation of the services provided).

Until the end of the storage of the User’s Personal Data in connection with another active purpose of processing or until an effective objection to the processing of Personal Data is expressed (but no longer than until the last day of the calendar year following the lapse of 3 years from the end of the provision of services).

Traffic management on the Platform, including monitoring of Users’ activity, which includes adding transport offers:

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter f of the GDPR (legitimate interest of the Administrator consisting in the analysis of Users’ activity to optimise the services provided)

Storage period: Personal Data are processed in real time, so they will be stored until the end of the User’s use of the services provided by the Administrator.

6. Security (legitimate interest of the Administrator)

The Administrator uses the User’s personal data to monitor, prevent, detect and combat fraud and abuse, to protect other Users against such abuse and to ensure network and information security. In the event that there is a justified suspicion that a crime has been committed, the User’s personal data will be used to explain the possible crime by undesirable persons or other violations of this Privacy Policy and the Regulations.

Prevention of violations in the conducted communication.

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter f of the GDPR (legitimate interest in ensuring the security of the services provided)

Storage period: until the end of communication

Ensuring the security of services that we provide electronically:

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter b of the GDPR (necessity to perform the contract in accordance with the requirements for the provision of the online trading platform service by the digital service provider within the meaning of the provisions of the Act on the National Cybersecurity System)

Storage period: until the end of using the services by the User

7. Pursuing claims (legitimate interest of the Administrator)

If the User decides to use the Administrator’s services, the Administrator may process the User’s personal data to the extent necessary to pursue any claims of the User or the Administrator, as well as to analyse potential violations regarding the rules of using the Administrator’s services.

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter f of the GDPR (the Administrator’s legitimate interest in securing the obligations resulting from the concluded contract)

Retention period: until the last day of the calendar year following the lapse of 3 years from the end of the service.

8. Accounting services (fulfilment of the statutory obligation)

If the User decides to order the payable Administrator’s services, the Administrator will process the User’s personal data to the extent necessary to keep accounting books and settlements for paid services (commission payment).

The legal basis for the processing of Personal Data:

a) Article 6 section 1 letter c of the GDPR in connection with Art. 70 § 1 of the Tax Ordinance (processing is necessary to fulfil a legal obligation). Retention period: it is 5 years from the end of the calendar year in which the tax payment deadline expired

b) Article 6 sec. 1 letter c of the GDPR in connection with Art. 74 of the Accounting Act (processing is necessary to fulfil a legal obligation) Retention period: up to 5 years from the beginning of the year following the financial year in which the transaction was made

Pursuing claims and defending against claims arising from the concluded contract, including debt collection, conducting court, arbitration and mediation proceedings:

Legal basis for the processing of Personal Data

Art. 6 sec. 1 letter f of the GDPR (the Administrator’s legitimate interest in protecting the Administrator’s rights)

Retention period: until the last day of the calendar year following the lapse of 3 years from the end of the event referred to above.

IV. SHARING OF PERSONAL DATA BY THE ADMINISTRATOR

The User’s personal data are or may be transferred to the following categories of recipients:

  1. advertising or marketing service providers, in the case of achieving the goal of direct marketing of the Administrator’s services;
  2. providers of legal and advisory services and supporting the Administrator in pursuing due claims (in particular law offices, debt collection companies);
  3. IT service providers providing services at the request of the Administrator;
  4. entities processing personal data at the request of the Administrator, e.g., subcontractors of the Administrator’s services;
  5. the location data are or may be transferred to Shipper and/or Carrier; access to the location data have also the admin(s) of the Platform.

The Administrator may disclose Users’ Personal Data to public authorities on the basis of legal provisions in connection with pending proceedings regarding possible violations of the law or combating other possible violations of the Regulations, to the entities authorised to obtain data on the basis of applicable law, e.g., courts or law enforcement authorities, when they make a request based on an appropriate legal basis.

By accepting the Regulations, the User confirms the authorisation of the payment service provider participating in the transaction to provide the Administrator with the data accompanying the payment transaction for verification.

The User is obliged to constantly update all the Personal Data provided by him/her if there are any changes in any scope.

V. USER PERMISSIONS

The User has the right to decide about his/her personal data by making a choice regarding the disclosure of individual personal data, including the choice of privacy settings. The User has also the right to decide whether the location data will be used or not by granting or refusing a consent to processing of such data. However, in such a situation, the User must be aware that failure to provide all personal data required by the Administrator may prevent the use of the Platform or the full functionality of the Platform.

If the User wishes to exercise his/her rights as a subject of personal data, the User may contact the Administrator using the form provided on the Platform or directly to the e-mail address: rodo@adampolsa.com.pl

1. The right to access data

The User is entitled to obtain from the Administrator confirmation whether his/her personal data are being processed, and if this is the case – the User is entitled to access information regarding the details of processing his/her data, including in particular information about the purpose of processing and the categories of processed data.

The User also has the right to request a copy of the personal data being processed.

2. The right to rectify data

The User has the right to rectify false personal data. The User has the right to demand replacement, supplementation or removal of errors, faults and misleading information in the entire data set concerning the User.

The subject of supplementation may not be incorrect personal data, i.e., the User may not demand replacement or supplementation of the existing data with incorrect data.

In a situation where the processed personal data are incomplete, the User may submit an additional statement to complete it. It is permissible to present such a declaration in any form, also by electronic means.

3. The right to delete data (the right to be forgotten)

The User has the right to request the deletion of his/her personal data if one of the following circumstances occurs:

  1. The User has withdrawn the consent on which the processing is based, and there is no other legal basis for the processing;
  2. The User objects to the processing of his/her personal data, and there is no other legal basis for the processing;
  3. the personal data have been processed unlawfully, and there is no legal basis for the processing;
  4. personal data must be removed to comply with the legal obligation provided for in the EU law or the law of the Member State to which the Administrator is subject.

The right to be forgotten is granted to the User only in exercising the right to delete personal data and only in a situation where there is no other legal basis for the processing of such personal data.

4. The right to restriction of processing

The User has the right to limit the processing of his/her personal data in the following cases:

  1. the User questions the correctness of personal data – for a period allowing the Administrator to check the correctness of such data;
  2. the processing is unlawful, and the User opposes the deletion of personal data, requesting instead to limit their use;
  3. the Administrator no longer needs the User’s personal data for processing purposes, but the User needs them to establish, assert or defend claims;
  4. the User has objected to the processing – until it is determined whether the legally justified grounds on the Administrator’s part override the grounds of the User’s objection.

In the event of limitation of processing, the Administrator may process personal data, with the exception of storage, only:

  1. with the consent of the User or
  2. to establish, assert or defend claims, or
  3. to protect the rights of another natural or legal person, or
  4. for reasons of important public interest of the EU or a Member State.

5. The right to data portability

The User has the right to receive, in a structured, commonly used format, personal data concerning him/her that the User provided to the Administrator and has the right to send such data to another administrator.

The User also has the right to request that the Administrator send his/her personal data directly to another administrator, if technically possible.

6. The right to objection

The User has the right to object at any time, for reasons related to his/her particular situation, to the processing of his personal data against the processing of such data for direct marketing purposes, including profiling, as long as it is related to this direct marketing, as well as for the Administrator’s legitimate purpose.

The procedure for considering the objection and all communication is free of charge. It is also possible to file an objection electronically.

7. The right to lodge a complaint

The User has the right to lodge a complaint with the Personal Data Protection Office, i.e., with the President of the Personal Data Protection Office (address: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw).

8. The right not to be subject to a decision based solely on automated processing (including profiling)

The right not to be subject to a decision based solely on automated processing (including profiling) is granted to the User due to the development of technology and marketing techniques based on data collected while using internet services.

Profiling is any form of automated processing of personal data, which consists in the use of personal data to assess certain personal factors of the User – in particular to analyse or forecast aspects related to the effects of his/her work, economic situation, health, personal preferences, interests, credibility, behaviour, location or movement.

The User may exercise such a right in a situation where two conditions are met:

  1. first, the User is subject to a decision based solely on the automated processing of personal data, including profiling,
  2. Furthermore, this decision has legal effects on the User or significantly impacts the User.

Automated decision-making in individual cases, including profiling, cannot be prohibited if the decision:

  1. is required to conclude or perform a contract between the User and the Administrator;
  2. is permitted by the law of the EU or the law of the Member State, to which the Administrator is subject and which provides for appropriate measures to protect the rights, freedoms and legitimate interests of the User; or
  3. is based on the User’s express consent.

VI. COOKIES AND OTHER TECHNOLOGIES USED BY THE ADMINISTRATOR

The Administrator uses cookies and other similar technologies to improve efficiency and offer to Users more and more perfect functionalities of the Platform and more tailored advertisements. Cookie files (“cookies”) are code fragments, which are text files corresponding to HTTP requests sent to the Administrator’s server. They are used to ensure optimal handling of the User’s visit to the Platform and enable faster and easier access to information. Stored information or accessing it does not change the configuration of the User’s device and the software installed on it. The information contained in cookies and similar technologies is considered personal data only in connection with other personal data about a given User. If the User does not agree to saving and receiving information in cookies, the User may change the rules on cookies using the settings of his/her web browser or the use of the so-called opt-out option on the website of the provider of a given technological solution.

Full Cookie Policy available here.

VII. OTHER IMPORTANT INFORMATION

1. Protection of personal data security

The Administrator introduces organisational and technical measures aimed at ensuring the security of the User’s personal data. Safe use of the services offered is ensured by the systems and procedures used to protect against access and disclosure of data to unauthorised persons. In addition, the systems and procedures used by the Administrator are regularly monitored to detect possible threats. Personal data obtained by the Administrator are stored in computer systems to which access is strictly limited.

2. Storage of personal data

The period of storage of Users’ personal data may vary depending on the basis for the processing of personal data, as well as in the event that it is not possible to find other alternative grounds for the processing of personal data in relation to Users’ personal data.

The Administrator stores personal data for such a period as is necessary to achieve specific goals, i.e.:

  1. Personal data processed in order to conclude or perform a contract and to fulfil the Administrator’s legal obligation, i.e., pursuant to Art. 6 sec. 1 letter b) and letter c) of the GDPR will be kept for the duration of the contract, and after its expiry for the period necessary to:
    1. Users’ service (e.g., handling complaints);
    2. secure or pursue any legal claims due to the Administrator or the User (for a maximum of 6 years from the date of termination of the contract – counted until the end of the calendar year);
    3. fulfil the Administrator’s legal obligation (e.g., resulting from tax or accounting regulations),
    4. for statistical and archiving purposes,
  2. Personal data processed on the basis of legitimate legal interest, i.e., on the basis of, i.e., pursuant to Art. 6 sec. 1 letter f) of the GDPR will be processed until an objection is raised by the data subject unless the Administrator is able to find a lawful justification for this process that will invalidate the User’s interest or rights, or due to legal claims.

3. Personal data processed on the basis of a separate consent will be stored until its revocation.

Location data processed on the basis of a separate consent will be processed until the consent to use of location data is withdrawn.

To be accountable, i.e., to prove compliance with the provisions on the processing of personal data, the Administrator will store data for the period in which the Administrator is obliged to keep data or documents containing them to document the fulfilment of legal requirements and enable control of their fulfilment by public authorities. In each of the above cases, after the necessary processing period has elapsed, the data may be processed only to secure the pursuit of claims.

Users’ personal data are stored in the Administrator’s database, in which technical and organisational measures have been applied to ensure the protection of the processed data in accordance with the requirements set out in applicable law. Only the Administrator has access to the database, and to the necessary extent:

  1. Altkom Software & Consulting – for the implementation of maintenance services,
  2. Kreatik 0 – for the implementation of marketing services,
  3. Google – for analytics,
  4. AWS – for the purpose of providing cloud services,
  5. Stream Chat – for the purpose of supporting direct communication between Users.

3. Transferring Personal Data to countries outside the European Economic Area

The User’s Personal Data may be transferred outside the European Economic Area, among others, to:

  1. Google LLC based in Mountain View, in the United States, in connection with the use of the e-mail system and G-Suite tools, for statistical and administrative purposes, and in connection with the use of the Google reCAPTCHA mechanism to ensure security;
  2. Facebook Ireland Limited,
  3. Linkedin Ireland Unlimited Company.

In connection with the transfer of Users’ personal data outside the European Economic Area, the Administrator ensures that the above-mentioned entities provide guarantees of proper protection of personal data, including their commitment to using standard contractual clauses adopted by the Commission (EU), imposing obligations to protect privacy and data security.

4. Changes to the privacy policy

To update the information contained in this Privacy Policy and its compliance with applicable law, this Privacy Policy may be changed. Along with the change of the content of the document, the date of its update, presented at the beginning of this Privacy Policy, will be changed. On the other hand, the User will be notified of any significant change through information posted on the website or directly. To obtain information on the method of personal data protection, the Administrator recommends Users to regularly read these principles of the Privacy Policy.

The current version of the Policy is version 1.01 and is effective from 2nd March 2022.

VIII. CONTACT INFORMATION

In case of any doubts related to the issues of personal data protection or to obtain information regarding this Privacy Policy, the User may contact the Administrator via e-mail: rodo@adampolsa.com.pl or in writing to the following address: ADAMPOL SPÓŁKA AKCYJNA, ul. Usługowa 3, 15-521 Zaścianki near Białystok.

How can we
help you?

Let’s get in touch.

Contact us
Demo Register