Privacy policy.

Privacy policy

  1. General provisions
    1. The administrator of the personal data is Dauman Logistics Sp. z o.o. with its registered office in Warsaw, Wspólna 70 Street, 5th Floor, 00-687 Warsaw, entered into the register of entrepreneurs kept by the District Court for the capital city of Warsaw in Warsaw, XII Economic Department of the National Court Register under the KRS number 0000880287, NIP 7011017344, REGON 388025901, share capital of PLN 20,000.00 (hereinafter referred to as "Administrator").
    2. The personal data of persons using the Administrator's website (hereinafter the "Portal") or the services provided by the Administrator (hereinafter the "Service") (hereinafter the "Users") shall be processed in compliance with the principles provided for in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC(General Data Protection Regulation, hereinafter "RODO"), as well as those provided for in the Polish Personal Data Protection Act, its implementing acts and the Act on the provision of services by electronic means of 18 July 2002 (Journal of Laws of 2002, No. 144, item 1204, as amended).
    3. Personal data is any information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by means of an identifier such as a name, an email address, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
    4. As a general rule, processing of personal data is any action performed on personal data, whether by automated or non-automated means, including, for example, collection, storage, recording, organisation, modification, consultation, use, disclosure, restriction, erasure or destruction.
    5. The Administrator kindly asks Users to read this Privacy Policy carefully before using the Portal or the Services
  2. Legal basis for data processing
    1. The legal basis for the Administrator's processing of personal data for:
      1. sending a contact form to the Administrator via the Portal, is Article 6(1)(a) of the RODO, i.e. the User's consent to the processing of data;
      2. to carry out the actions aimed at concluding and performing the Service, is Article 6(1)(b) of the RODO, i.e. to take the actions necessary for the conclusion of the agreement the subject of which is the performance of the Service and the necessity of its performance by the Administrator for the User concerned;
      3. ordering the Administrator's newsletter, is Article 6(1)(a) of the RODO, i.e. the User's express consent to the processing of data given using the interactive forms on the Portal;
      4. necessary for the fulfilment of the Administrator's legal obligations is Article 6(1)(c) of the DPA, i.e. the fulfilment of the Administrator's legal obligations relating to the Administrator's activities, in particular on the basis of customs, accounting and tax legislation and anti-money laundering legislation;
      5. ordering an e-book offered by the Administrator, is Article 6(1)(a) of the RODO, i.e. the User's expressed consent to the processing of data;
      6. necessary for the fulfilment of the Administrator's legitimate interests, including the conduct of marketing activities and advertising campaigns for the Administrator's Services by e-mail or telephone on the basis of a separate consent given by the User under Article 6(1)(a) of the RODO, i.e. the User's express consent to the processing of such data given using the interactive forms on the Portal;
      7. necessary for the fulfilment of the legitimate interests of the Administrator or of third parties, is Article 6(1)(f) of the RODO, i.e. because of the legitimate purposes pursued by the Administrator, in particular for the establishment, investigation or defence of claims, the Administrator's internal administrative purposes, including the Administrator's internal analysis, statistics and reporting and, within the group to which the Administrator belongs, ensuring the Administrator's IT security.
    2. The Administrator shall process the personal data voluntarily provided by the Users and the data collected automatically from the use of the Portal in accordance with Article 6(1)(f) of the RODO, i.e. due to the legally justified purposes pursued by the Administrator, and in particular for the purpose of direct marketing of the Administrator's Services, as well as for the purpose of optimisation, improvement and personalisation of the Portal's functions and the creation of statistics. The Administrator shall ensure that such processing will not infringe the rights and freedoms of the data subjects.
    3. Personal data provided voluntarily by the User shall not be combined with automatically collected data regarding the User's use of the Portal. The Administrator informs that due to technical reasons such a connection may occur, however in such a situation the data combined in this way will be processed by the Administrator only due to legally justified purposes performed by the Administrator, and in particular in order to optimise, improve and personalise Portal functions and to create statistics for the Administrator's internal needs.
    4. With the User's separate consent, his/her personal data may be processed in order to send him/her commercial information on the Administrator's Services by electronic means. The User has the right to request at any time to stop sending him/her commercial information by e-mail or to stop using his/her telephone number for direct marketing purposes.
    5. Users' personal data will be processed for the period necessary to fulfil the processing purposes indicated above, i.e.:
      1. in the case of your consent, until you withdraw it;
      2. in respect of the performance of activities aimed at concluding and implementing the Service at your request - until the completion of their performance, and thereafter - in respect of the establishment, investigation or defence of claims related to these activities - until the expiry of the period of limitation of these claims specified by law;
      3. with regard to the fulfilment of legal obligations incumbent on the Administrator in connection with the running of the business and the provision of Services - for the periods indicated in the relevant legal provisions concerning the Administrator's business, in particular:
        1. for tax records, for a period of 5 years from the end of the calendar year in which the tax deadline expired,
        2. for accounting records, for a period of 5 years from the end of the calendar year in which operations, transactions and proceedings are finally completed, paid off, settled or time-barred,
        3. for anti-money laundering documentation, for a period of 5 years, starting from the date on which the business relationship with the User is terminated or on which occasional transactions are carried out;
      4. where the processing is carried out for purposes arising from the legitimate interests pursued by the Administrator or third parties - until the purposes are fulfilled, or until the User objects to such processing, unless there are legitimate grounds for further processing of the User's data by the Administrator;
      5. where processing is carried out for the Administrator's marketing purposes by e-mail or telephone, will be processed until any withdrawal of the relevant consents;
      6. as far as the information necessary to handle the complaint is concerned, will be processed until the expiry of the entitlement;
      7. in the case of personal data obtained for the purpose of contacting the Administrator, they will be processed during the period of that contact and then archived for a period of 3 years after the end of the contact, which is justified by the need to reconstruct the content of such contact in connection with the assertion of possible claims;
      8. in the case of processing for archiving purposes, will be processed for 3 years after the end of the Services.
  3. Purpose and scope of the collection of personal data and recipients of the data

    1. In each case, the purpose of processing, the scope of personal data and the possible recipients of the personal data of the User who submits the data to the Administrator for processing result from the User's consent or the provisions of the law; additionally, the data may be further specified as a result of actions taken by the User on the Portal or within the framework of other channels of communication with the User.
    2. The controller shall take special care to protect the rights and freedoms of the persons whose data it processes and, in particular, shall ensure that the data it collects are processed:
      1. lawfully, fairly and transparently to the person to whom they relate (lawfulness, fairness and transparency);
      2. for specific, explicit and legitimate purposes and are not further processed in a manner incompatible with those purposes (purpose limitation);
      3. adequately, appropriately and limited to what is necessary for the purposes for which they are processed (data minimisation);
      4. correctly and, where necessary, personal data are updated (accuracy);
      5. in a form which permits identification of the data subject, for no longer than is necessary for the purposes for which the data are processed (retention restriction);
      6. in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures (integrity and confidentiality).
    3. For the purposes of the processing of personal data, the User shall provide the following data: name and surname, telephone number, e-mail address, company name, the industry in which he/she operates, data necessary for the conclusion and execution of the Service, including mutual settlements and taking action prior to the conclusion of the Service at the User's request.
    4. The provision of personal data by the User is voluntary. The User may choose not to provide his/her personal data, however, in this case the Administrator may not be able to provide the Services to the User. Due to the nature of some of the Services, the User may be asked to provide additional personal data. The extent of the additional personal data will be indicated by the Administrator.
    5. The purposes for the collection of the User's personal data by the Administrator are set out in Section II, in points 1 and 2 above.
    6. In connection with the processing of data for the purposes indicated in points 1 and 2, Users' personal data may be made available to other recipients of personal data. Recipients of Users' personal data may be, in particular:
      1. employees, collaborators of the Administrator;
      2. entities in the group to which the Administrator belongs;
      3. other entities authorised to receive Users' personal data on the basis of the relevant legislation;
      4. entities that process Users' personal data on behalf of the Administrator on the basis of an agreement concluded with the Administrator for the entrustment of the processing of personal data (so-called processors), e.g. those providing IT services, marketing services, accounting services, legal services and other services supporting the Administrator's operations.
    7. Entities entrusted with the processing of personal data under a separate agreement (contract of entrustment of personal data processing) are obliged to observe the principles of confidentiality and security of personal data, and in particular not to provide access to personal data to unauthorised persons, and to apply physical and technical security measures adequate to the manner of processing such data. The Administrator shall provide the User, upon his/her request, with detailed information on the entity to which he/she has entrusted data processing, the scope of the personal data entrusted for processing and the date of their transfer. Furthermore, in this procedure, the Administrator also provides access to up-to-date and detailed information on the technical measures used or made available by the Administrator to prevent unauthorised persons from acquiring and modifying the personal data sent electronically by the User.
    8. In running the Portal, the Administrator uses tools provided by external entities and the Administrator belongs to a group that includes entities outside the European Economic Area (EEA). User data may be transferred outside the EEA. Personal data may be transferred only to such third countries (countries outside the EEA) or entities in third countries for which an adequate level of data protection has been established by a decision of the European Commission, standard data protection clauses have been applied in contracts with these entities or appropriate other safeguards have been applied as referred to in generally applicable laws. In relation to the transfer of data outside the EEA, the User may request further information on the applicable safeguards in this regard, obtain a copy of these safeguards or information on where they can be accessed by contacting the Controller.
    9. Your personal data will not be sold or passed on to third parties for purposes other than those described above.
  4. User rights
    1. Each User whose personal data is processed by the Administrator is entitled to:
      1. The right of access to the content of the data. This is the right to obtain confirmation from the Controller as to whether it is processing the User's personal data and the right to obtain access to that data (including a copy) and, in particular, to the following information:
        1. about the purposes of processing your personal data,
        2. about the categories of personal data processed,
        3. information on the recipients or categories of recipients to whom the Administrator has disclosed or intends to disclose the User's personal data,
        4. about your data protection rights and how to exercise them,
        5. about the right to lodge a complaint with a supervisory authority,
        6. about automated decision-making, including profiling, as well as the consequences of such processing for the User, insofar as this does not apply to the processing of personal data for the purposes of preventing money laundering and terrorist financing and preventing other crimes;
      2. Right to rectification of data. This is the right to request the Administrator to immediately rectify the User's personal data that is incorrect and to request the completion of incomplete personal data;
      3. right to erasure. This is the right to request from the Administrator the immediate deletion of personal data concerning the User (also known as the "right to be forgotten"). The Administrator is then obliged to delete the User's personal data, provided that one of the following conditions is met:
        1. personal data are no longer necessary for the purposes for which they were collected,
        2. the consent on which the processing is based has been withdrawn and the Administrator has no other legal basis for the processing,
        3. personal data were processed unlawfully,
        4. personal data must be erased in order to comply with a legal obligation. It is not possible to exercise the right to erasure where the Controller is obliged by law to continue to process personal data to the extent specified by the relevant law or for the purposes necessary to establish, assert or defend claims;
      4. The right to restrict data processing. This is the right to request the Administrator to restrict the processing of your personal data when:
        1. The User questions the accuracy of the personal data processed by the Administrator,
        2. the processing of the User's personal data is unlawful and the User objects to the deletion of his/her personal data,
        3. The Administrator no longer needs the User's personal data, but they are needed by the User to establish, assert or defend claims. If the right to restrict the processing of personal data is exercised, the Administrator may process the User's personal data, with the exception of storage, only with the User's consent or in order to establish, assert or defend claims or to protect the rights of another natural or legal person or for compelling reasons of public interest;
      5. right to data portability. This is the right to receive in a structured, commonly used machine-readable format the personal data provided to the Controller by the User and the right to request that the personal data be sent to another controller, if technically possible. The User has this right if the following conditions are cumulatively met:
        1. processing is carried out by automated means,
        2. data are processed on the basis of consent or on the basis of a contract.However, if the data to be transferred at the User's request constitute a business secret of the Administrator, then the Administrator has the right to refuse to comply with the User's request to transfer such data, of which the User will be informed;
      6. The right to object to data processing. The User has the right to object at any time - on grounds related to the User's particular situation - to data processing based on the legitimate interest of the Administrator (i.e. on the basis of Article 6(1)(f) RODO), including profiling. In such a situation, the Administrator will not be able to process the data further for these purposes unless there are valid legitimate grounds for the processing or the data are needed by the Administrator to establish, assert or defend claims. If the User's personal data is processed for direct marketing purposes, the User has the right to object at any time to the processing for such marketing, including profiling, to the extent that the processing is related to such direct marketing. The Administrator will then not be allowed to process the User's personal data for such purposes.
    2. Where the processing of the User's personal data is based on the User's consent (Article 6(1)(a) RODO), the User has the right to withdraw this consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
    3. The provision of data by the User is voluntary, but the consequence of failing to provide the necessary data will be the impossibility of taking action to contact the Administrator with the User or to conclude services with the Administrator at the User's request.
    4. The processing of the User's personal data may be carried out by automated means, which may involve profiling. Profiling involves creating a profile of the User, using computer algorithms, on the basis of information held by the Administrator in order to identify what the User's possible characteristics and preferences are. These activities will serve the User to prepare and present marketing offers/information that are best suited to the User's needs.
    5. Withdrawal of consent or objection to the processing of personal data is made by sending a message to the Administrator's e-mail address: biuro@daumanlogistics.pl.
    6. Once consent has been withdrawn or an objection has been expressed, the User's personal data will no longer be processed for the purposes for which they were provided. The User may change/complete his/her personal data by sending an appropriate request to the Administrator's e-mail address: biuro@daumanlogistics.pl.
    7. In cases where the Administrator's processing of the User's personal data is deemed to violate the provisions of the RODO, the User has the right to lodge a complaint with a supervisory authority (in the territory of Poland this is the President of the Office for Personal Data Protection).
    8. Contact with the person who supervises the processing of personal data in the Administrator's organisation is possible by e-mail at: biuro@daumanlogistics.pl.
  5. Contact with the Administrator
    1. The User may, at any time, contact the Administrator directly by sending an appropriate message in writing or by e-mail to the Administrator's address, i.e. :
      1. in writing to the following address: ul. Wspólna 70, 5th Floor, 00-687 Warsaw;
      2. electronically to the e-mail address: biuro@daumanlogistics.pl.
    2. The Administrator shall store the correspondence with the User for statistical purposes and for the best and quickest possible response to queries arising, as well as for the purposes of resolving complaints and possible decisions on administrative interventions concerning the data indicated on the basis of the requests. The addresses and data collected in this way will not be used to communicate with the User for any other purpose than the fulfilment of the request.
    3. Any request by the User for the Administrator to carry out activities relating to personal data will be carried out by the Administrator after prior verification of the User. For this purpose, the Administrator reserves the right to ask the User again to confirm his or her data, including personal data such as name, surname, e-mail address, etc. The aforementioned applies to the same data, including personal data, which was previously provided by the User and to the processing of which the User has given his/her consent. The provision of this data is not obligatory, but may be necessary in order to carry out the activity or obtain the information requested by the User.
  6. Security
    1. The controller shall apply appropriate technical and organisational measures to ensure the security of personal data processed, adequate to the risks and the category of personal data protected, and in particular to protect the data against their disclosure to unauthorised persons, against their being viewed or taken by an authorised person, against their being processed in violation of the applicable regulations, and against their alteration, loss, damage or destruction.
    2. Having regard to the state of the art, the cost of implementation and the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Administrator shall implement appropriate technical and organisational measures to ensure a degree of security appropriate to the risk, including, inter alia, where appropriate:
      1. the ability to continuously ensure the confidentiality, integrity, availability and resilience of the processing systems and services;
      2. the ability to quickly restore the availability of and access to personal data in the event of a physical or technical incident;
      3. regular tests, measurements and assessments of the effectiveness of technical and organisational measures to ensure the security of processing.
  7. Final provisions
    1. In order to make the Portal even more attractive to the User, the Administrator uses "cookies". A "cookie" is a small file containing a string of characters which is sent to the User's computer when using the Portal. Information collected automatically by means of "cookies" allows customising the services and content offered by the Administrator to the individual needs and preferences of the User, as well as to develop general statistics concerning the use of the Portal by the User. Thanks to the "cookie" file. User's browser can be recognised by websites belonging to the Administrator. Most of the "cookies" used by the Administrator are deleted from the User's hard drive after the end of the session ("session cookies"). Other "cookies" remain on the User's computer to enable recognition of the User's computer on a subsequent visit ("persistent cookies"). If the User disables the option which allows the storage of cookies in their web browser, this may make it difficult or impossible to use the Portal.
    2. The Administrator uses various systems for monitoring User web activity offered by third parties, such as Google Analytics, a service offered by Google Inc. Google Analytics uses "cookies", which are text files placed on the User's computer to analyse how the Portal is used. The Administrator also uses standard web server log files to count visitors to the Portal and to assess its technical capabilities. The Administrator uses this information to determine how many people visit the Portal in order to arrange the Portals in the most user-friendly manner and to make the Portal simpler and more user-friendly. By choosing to use the goods/services available on the Portal, the User is aware of and consents to the above actions.
    3. Bearing in mind that the market for monitoring services is developing very dynamically, the Administrator endeavours to inform the Users about the use of new entities in this field, and the User agrees that in the future these may also be other companies. At the same time, the Administrator informs that the User may withdraw their consent in this regard at any time by changing their browser settings.
    4. The information generated by the "cookies" on the User's use of the Portal (including the User's IP address) is sent, among other things, to a Google Inc. server located in the USA and stored in accordance with Google's privacy policy (available at: http://www.google.com/intl/pl/privacy/privacy-policy.html). Google uses this information for the purpose of evaluating your use of the Portal, compiling reports for website operators on website activity and providing other services relating to the use of the Portal and the Internet.
    5. The details of the Administrator's cookie policy are made available to the public and can be found later in this document.
    6. The Portal may contain links (e.g. in the form of third-party logos) which, when activated, redirect the User to an external website. Under no circumstances shall the Administrator be held liable for the consequences of such redirections, nor does he have any influence on the content of such websites. The Administrator is not responsible for the content of privacy and security policies in force on such websites, nor for the "cookies" used when browsing them. Users using such redirects are encouraged to familiarise themselves with the content of the relevant legal documents applicable to such websites.
    7. The services and functions within the Portal may expand over time, which means that the Administrator reserves the right to make changes to this Privacy Policy, but the rights previously acquired by the Users will be preserved. The Privacy Policy applies to each User. Changes may be made for the following important reasons, among others:
      1. changes to the applicable regulations, in particular those concerning personal data protection, telecommunications law, electronic services and consumer rights, affecting the rights and obligations of the Administrator or the rights and obligations of the Users;
      2. developments in functionality or Services dictated by advances in Internet technology, including the use/implementation of new technological or technical solutions, affecting the scope of the Privacy Policy.
    8. Each time the Administrator will post a notice of changes to the Privacy Policy within the Portal. With each change, the new version of the Privacy Policy will be made available to the public with the new date.
    9. In the event of doubts or contradictions between the Privacy Policy and the consents given by the User for the processing of personal data, irrespective of the provisions of the Privacy Policy, the voluntary consents given by the User or the provisions of law shall always be the basis for the Administrator to take and determine the scope of actions.