Privacy Policy

This Policy sets out the rules of collection, processing, and use of your personal data.

1. The controllers of your personal data are companies from Arra Group:

• Arra Group Sp. z o.o. based in Głogów (67-200), ul. Piastowska 5
• Arra Sp. z o. o. based in Głogów (67-200), ul. Piastowska 5
• Arra GmbH based in Troisdorf (53840), Kronenstraße 57, Deutschland

hereinafter referred to as "the Controller". The Controller’s email is: arra@arra-group.com.

2. Data Protection Officer details: Wojciech Kolasiński, email address: iod@arra-group.com.

3. The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC - hereinafter referred to as "GDPR"

4. You have the right to request access to, rectification, erasure, restrict processing, exercise of objection, and portability of your personal data.

5. If the processing is based on your consent - you may withdraw it at any time by informing us, without affecting the lawfulness of the processing previously carried out.

6. You have the right to lodge a complaint to the President of the Personal Data Office.

 

Personal data included in email correspondence

1. The processing is carried out in order to implement the legitimate interests of the Controller – i.e. maintaining email correspondence, in accordance with point (f) of Article 6(1) of GDPR.

2. The following data shall be processed: email address, first and last name, and any other data provided in email correspondence.

3. The recipients of the data are the addressees of the email correspondence. The data may be stored on an external mail server. They may also be accessed by external IT companies in the scope of servicing and supplying software and IT hardware. Apart from that, the data will not be disclosed (made available) to other entities, except as provided for in the applicable legislation.

4. The data may be transferred to third countries - only if the recipient of a particular message uses email service providers in such a country. The data will not be forwarded to international organisations unless such an obligation will result from the provisions of generally applicable law.

5. The data will be stored for a period of 7 years - due to the applicable tax regulations and the periods of limitation of claims.

6. Submitting the data is voluntary, however, failure to do so may prevent the Controller from contacting the person by email.

 

Personal data used for marketing purposes (newsletter)

1. The processing is carried out on the basis of the data subject's consent or for the purpose resulting from the legitimate interests pursued by the Controller (marketing of its own services to its own clients), in accordance with point (a) or (f) of Article 6(1) of GDPR.

2. The following data shall be processed: email address, first and last name, and telephone number.

3. The data may be stored on an external mail server. They may also be accessed by external IT companies in the scope of servicing and supplying software and IT hardware. Apart from that, the data will not be disclosed (made available) to other entities, except as provided for in the applicable legislation.

4. The data may be transferred to third countries - only if the recipient of a particular message uses email service providers in such a country. The data will not be forwarded to international organisations unless such an obligation will result from the provisions of generally applicable law.

5. The data will be stored until the person unsubscribes from the newsletter.

6. Submitting the data is voluntary, however, failure to do so may prevent the Controller from contacting the person by email.

 

Personal data included in invoices and other accounting documents

1. The processing is carried out in order to perform the legal obligations incumbent on the Controller (keeping accounting records) and to implement the Controller’s legitimate interests (possible investigation or protection against claims), in accordance with point (c) and (f) of Article 6(1) of GDPR.

2. The following data shall be processed: name and address of the seller and the buyer, tax identification numbers, the data of the signatory, if any, and other data included in invoices and other accounting documents.

3. The Controller may entrust the processing of the data to external accounting companies and legal offices. They may also be accessed by external IT companies in the scope of servicing and supplying software and IT hardware, as well as postal and courier companies, in the case of sending correspondence. In the case of payment processing, the data will be transferred to the banks. In the remaining scope, the data will not be disclosed (made available) to other entities, except as provided for in applicable regulations.

4. The data will not be transferred to third countries or to international organizations, unless such an obligation will result from the provisions of generally applicable law.

5. The data will be stored for a period of 7 years - due to the applicable tax regulations and the periods of limitation of claims.

6. The data is collected from you and from public registers (CEIDG - Central Registration and Information on Business, KRS - National Court Register). Providing the data is necessary in order to fulfil accounting and tax obligations.

 

Personal data on drivers, carriers, shippers, unloaders, forwarders, consignees and recipients of orders in transport and forwarding process

1. The processing is carried out in order to perform the contract and the legitimate interests of the Controller (business trips, organization of transport and forwarding activities), in accordance with point (b) and (f) of Article 6(1) of GDPR.

2. The following data shall be processed: first and last name, document data, contact number, vehicle registration numbers, position and travelled route, location and other data related to transport and forwarding orders.

3. The Controller may transfer data to clients and business partners in the scope related to the handling of transport and forwarding orders (other transport and forwarding companies, shippers and unloaders, shippers and recipients of cargo, ferry carriers, hotels, etc.). They may also be accessed by external IT companies in the scope of servicing and supplying software and IT hardware, as well as external accounting companies and legal companies. In the remaining scope, the data will not be disclosed (made available) to other entities, except as provided for in applicable regulations.

4. Some of the Controller's clients and business partners may be based outside the European Union - in that case they may receive data of the aforementioned persons to the extent and on the terms set out in point 3 above. To the extent shall apply point (c) or (d) of Article 46(2) or point (b) or (c) of Article 49(1) of GDPR. The data protection regulations applicable in these countries may be less restrictive than those of the EU. In addition, the data will not be transferred to third countries or international organizations.

5. The data will be stored for a period of 5 years - due to the applicable tax regulations and the periods of limitation of claims.

6. Data is collected directly from principals, customers, business partners, drivers or from transport and forwarding companies cooperating with us.

7. Submitting the data is voluntary, however, should the data be used for the purpose of contract agreement, in particular the provision of forwarding services by the Controller, failure to do so will result in the inability to conclude the contract.

 

Personal data processed on the Controller's profiles on social networking sites

1. The processing is carried out in order to implement the legitimate interests of the Controller:

• maintaining contact with clients and potential clients on the social network,
• informing about the activity and marketing of own services conducted by the Controller,
• communicating with users,
• investigation and defence against possible claims, in accordance with point (f) of Article 6 (1) of GDPR.

2. The following data shall be processed:

• first and last name, image, other data provided by users on their profiles,
• statistical data in order to adapt the content of your profile to your needs and interests, stored via cookies and other tools on your computer.

3. The data will be available to the provider of a given portal and its users. It may also be accessed by external IT companies for the servicing of software and hardware. In addition, the data will not be disclosed (made available) to other entities, except as provided for in applicable regulations.

4. The data will not be transferred to third countries or to international organizations, subject to point 3 above. When using a social networking site, you must be aware that data protection laws of countries outside the European Union may be less restrictive.

5. The actions of the user of the social network are tracked by its provider, among others by means of cookies and other tools on your computers. The Controller also has access to numerous statistical data about visitors and people following the profile. The statistics provide information about the characteristics and habits of people visiting the profile, thus allowing the Controller to better adjust the content presented.

6. The data will be stored for the time it takes a user to follow the Contoller's profile on the given portal or leave comments under the posted post.

7. The data is collected directly from the data subjects and obtained from the social network operator.

 

Personal data included in recruitment processes (CV, cover letters)

1. The processing is necessary to comply with a legal obligation incumbent on the Controller and is carried out on the basis of consent (for the purpose of recruitment), in accordance with point (a) and (c) of Article 6(1) of GDPR.

2. Providing the data is voluntary, it is not required by any regulations, but refusal to provide data will prevent participation in the recruitment process.

3. The data provided in the application of a candidate applying for employment shall be processed.

4. The data may be accessed by external recruitment companies - in the scope of conducting the recruitment process, IT companies - in the scope of servicing and supplying software and IT hardware. In addition, the data will not be disclosed (made available) to other entities, except in cases provided for in the applicable legislation.

5. The data will not be transferred to third countries or to international organizations.

6. The data will be stored during the recruitment process and up to one year later unless the candidate withdraws the consent for data processing.

 

Personal data collected as part of the operation of video surveillance

1. The processing is carried out in order to implement the legitimate interests of the Controller - i.e., to ensure the safety of employees and the protection of the employer's property, in accordance with point (f) of Article 6(1) of GDPR, in accordance with Article 22 (2) of the Labour Code.

2. The following data shall be processed: image of people in the area under surveillance.

3. The data may be disclosed to the relevant services in the event of registration of a crime or damage to property. In addition, the data will not be disclosed (made available) to other entities, except as provided for in the applicable regulations.

4. The data will not be transferred to third countries or to international organizations.

5. The data will be stored for a period of 30 days. In the event that the image recordings constitute evidence in the proceedings, or the employer has learned that they may constitute evidence in the proceedings, the aforementioned time limit is  extended until the final conclusion of the procedure.

 

Cookies

1. In order to give you the best experience, small files, so-called cookies, are stored on your device when you browse our website. These files make it possible to adapt the content of the website to your needs and interests. By storing them on your device it is possible, among other things, to display the site in the most suitable manner for a particular user. Cookies allow us to collect statistical data so that we can develop the site according to the preferences of our users.

2. The user may at any time block or limit the possibility of saving cookies on their device, however, there is a risk that this operation will inhibit the use of the website.

 

Other online tools

1. In order to ensure that the website operates optimally and that the content displayed is appropriate, we use third-party software: Google Analytics and HotJar.

2. The software collects anonymous data about user behaviour and for the purpose of facilitating marketing activities. These data are not combined with other data sets and are collected anonymously, they do not allow the identification of a specific user.

 

Electronic payments

Personal data for payments, included in invoices and other accounting documents

1. The processing is carried out in order to perform the legal obligations incumbent on the Controller (keeping accounting records) and to implement the Controller’s legitimate interests (possible investigation or protection against claims, payment for services), in accordance with point (c) and (f) of Article 6(1) of GDPR.

2. The following data shall be processed: name and address of the seller and the buyer, tax identification numbers, the data of the signatory, if any, and other data included in invoices and other accounting documents. In the case of online payments, the payment details, and the e-mail address of the contact person of the buyer are additionally processed.

3. The Controller may entrust the processing of the data to external accounting companies and legal offices. They may also be accessed by external IT companies in the scope of servicing and supplying software and IT hardware, as well as postal and courier companies, in the case of sending correspondence. In the case of payment processing, the data will be transferred to the banks, and in case of online payments, to external providers of such services. In the remaining scope, the data will not be disclosed (made available) to other entities, except as provided for in applicable regulations.

4. The data will not be transferred to third countries or to international organizations, unless such an obligation will result from the provisions of generally applicable law.

5. The data will be stored for a period of 7 years - due to the applicable tax regulations and the periods of limitation of claims.

6. The data is collected from you and from public registers (CEIDG - Central Registration and Information on Business, KRS - National Court Register). Providing the data is necessary in order to fulfil accounting and tax obligations.

 

Podsumowanie

1. All personal data processed by us is secured in accordance with the requirements of the GDPR. We make every possible effort to secure the data and protect it from the actions of third parties.

2. We reserve the right to update and amend this privacy policy by publishing a new version on this page.

3. Please do not hesitate to contact us should you have any questions or doubts regarding privacy protection.