Notification on data protection subject to the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as GDPR)
We inform you that:
To the extent that your personal data is processed through the functionality of https://e100.eu/pl/ (the "Website"), including through the Client's account on the Website (the "Client Account"), by accepting the E100 Data Processing Principles (the "E100 Information") and providing voluntary, unequivocal and informed consent to data processing, you acknowledge and agree that:
1) your personal data controller is E100 International Trade Sp. z o. o. with headquarters in Warsaw, located at the address as follows: 78 Pory Street, Room 7, 02-757 Warsaw, recorded in the National Judicial Register of Entrepreneurs maintained by the District Court of Warsaw, the XIII Commercial Department, under No. KRS 0000636760, NIP 5213745637, REGON 365202749, hereinafter referred to as "E100 IT" or "Administrator".
2) another controller of your personal data is a another member of E100 group, located in EEA country country within the meaning of GDPR, who ensures the Website operation and its technical functionality, performing periodic technical evaluation and introducing modification to the Website with due regard to the needs of E100 IT and E100 IT Clients, collecting data for this purpose, i.e. Baltia Trading Company OÜ (ENG name: Baltia Trading Company LLC) , with its registered seat in Republic of Estonia, Haarju county, Tallinn, 11415, Lasnamäe district, Väike-Paala 1 St., registered in the estonian commercial register under number 14375399, hereinafter referred to as “E100 BTC” or “Co-Administrator”.
Considering abovementioned, E100 IT and E100 BTC are joint controllers of your personal data collected and processed through the Website, they jointly determine the purpose and scope of personal data with due regard to the legitimate interests, if any, or your voluntary, unequivocal and informed consent to the processing rules followed by each member of E100 and data transfer or exchange between them.
By using the Website, the User agrees to share personal data with and between E100 IT and E100 BTC to the extent necessary for the proper operation of the Website and the services provided through it, including through the Client's Account. By expressing consent to transfer of data by E100 IT or E100 BTC, the User agrees that such consent to transfer may be connected with the data transfer to a third country within the meaning of GDPR (e.g. in case of consenting to processing of personal data by entities with its registered seat in non-EEA country) and gives consent to such transfer for the above-mentioned purposes. Therefore we would like to inform you of the possible risk that may be associated with the personal data transfer to third countries, i.e. the possible lack of adequate protection of personal data processing ensured by the GDPR, in the absence of a European Commission decision recognizing an adequate level of personal data protection in countries like e.g. the USA, where some technical services providers providing services for Controller may process data.
In this regard, we would like to inform you that data transfer to such entities is ensured in accordance with the standards for data transfer to third countries set forth in TSUE, alongside with contractual (standard contract provisions), technical (such as pseudonymization) and organizational (compliance with internal confidentiality and transfer rules) measures to ensure security and confidentiality of the data transfer. The data processed through the Website is ultimately stored on servers in the European Union. In case of transfer of personal data to Great Britain or Switzerland, adequacy decisions issued by European Commission, confirming proper level of protection of personal data shall apply.
The Co-administrators of the Website do not transfer data to third countries unless there is the data subject consent or any other legal grounds. E100 IT is responsible for maintaining the register of data processing activities, thus, notwithstanding possibility to contact each of the data controllers, the Administrator is the contact person for joint personal data processing.
We would like to inform you as well that if the personal data subject provides its personal data to E100 IT only, for example, by ignoring the functionalities offered on the Website, E100 IT shall be deemed the administrator of such data.
Registration on the Website and personal data disclosure is voluntary, but necessary to contact us through the contact form (telephone number or e-mail address) or to use our services through the Client Account (data necessary for the Client's registration and for the ordered services to be performed).
Processing your data, the Administrator and Co-Administrator are governed by the data minimization principle set forth in Article 5(1)(c) of the GDPR.
The Administrator or Co-Administrator process various categories of data, with due regard to your explicit consent or legal interests, including:
- name, business address
- phone number, email address
- position in the organizational structure of the company (if necessary)
- UNP (TIN) of the company
- authorized contact persons
- PESEL (ID no.)
- geolocation data
Within the framework and for the purposes of the concluded contracts, the Administrator also processes the personal data of other persons (for example, guarantors, mortgagors):
- first name, patronymic (if any), last name, PESEL, residential address;
- data on the financial position of persons related to the client.
In addition, on the Website, we also collect information contained in cookies and in server logs (for example, the IP addresses of endpoint devices).
The collected data is used for technical purposes related to the server administration. When processing data on the Website we use recognized mechanisms to analyze or monitor Website traffic (for more information, see the Data Protection Policy available on the Website).
With due regard to the activities performed, the Administrator and the Co-Administrator process your personal data for various purposes as prescribed by law. You may provide us exclusively with data for processing in accordance with applicable law, including the GDPR. Hereby we inform you that we process the data based on:
- the consent to the extent given in E100 Information (so-called "pop-up cookie") which appears when you visit the Website, provided that you give such consent directly to the Administrator, Co-Administrator or E100 Partners pursuant to Article 6(1)(a) GDPR;
- the consent given by you in the E100 Client Form to the extent not processed through the functionality of the Website in accordance with Article 6(1)(a) of the GDPR;
- goals for contract conclusion which the data subject is a party to or for actions to be taken at the request of the data subject prior to the conclusion of the contract, i.e. in accordance with Article 6(1)(b) of the GDPR;
- performance of the legal obligations imposed on the Administrator or Co-Administrator, as prescribed by Article 6 (1) (c) of the GDPR;
- the Administrator or Co-Administrator legitimate interests protection in accordance with Article 6(1) (f) of the GDPR;
- the consent provided in E100 Information (the so-called "pop-up cookie") to data transfer to a third country as defined in the GDPR, i.e. to a country that does not guarantee the same level of personal data protection as required by GDPR and in the EEA, in accordance with Article 49(1)(a) GDPR, to the extent that the personal data transfer is necessary due to the legitimate interests of the Administrator or Co-Administrator and to identify purposes and methods of processing of the personal data collected through the Website in compliance with Article 26 (1) GDPR due to the possibility of transfer of some of data by the Website to the third country. In the case of such transfer, the Administrator carries out the transfer of personal data by applying additional measures/mechanisms for the protection of personal data, such as standard contractual provisions (SCC) adopted by the European Commission, as well as technical and organizational measures to protect the transfer;
- the consent provided in E100 Information (so-called "pop-up cookie") to personal data transfer by the Co-Administrator to the Administrator to the extent required by the legitimate interests of the Administrator and Co-Administrator and their joint purposes and methods of processing of the personal data collected through the Website, that is in compliance with Article 26 (1) GDPR.
The processing of personal data is necessary for the purposes of observing the legitimate interests of the Personal Data Administrator, including, but not limited to, for executing contracts with contractors, developing partnerships with customers and suppliers, offering or improving our services to potential clients, conducting business transactions or joint administration, that is, among others, ensuring technical functionality of the Website, its maintenance, debugging, fraud prevention. For a complete list of goals, see the "E100 Information" displayed when you visit our Website.
Our clients are enterpreneurs, including corporate entities, thus there is a need to specify a contact person for our cooperation. We process the personal data of our clients' contact persons for cooperation, settlements, management of receivable and overdue accounts, delivery of goods and services. Contact data submission is optional, but necessary for the performance of the contracts. For more information, see "Preferences in data processing", available in "Information E100".
To provide services, the retention period for your personal data is as follows:
- for client's personal data: contract duration and the filing period after its termination, and for so long as necessary for tax and accounting purposes
– for contact person’s data: as long as that person performs such functions;
- for other persons’ data: contract duration (e.g., surety agreement).
The right to access data.
You have the right to receive information about the processing of your personal data and to receive a copy of your data that we process. If we do not process your personal data, you are entitled to receive confirmation.
The right to correct data.
You have the right to correct or supplement personal data that is inaccurate or insufficient for the purposes of processing.
The right to delete data.
Right to object.
You have the right to object to the processing of your personal data in order to comply with the legitimate interests of the Administrator or Co-Administrator with respect to your specific situation, i.e. to the processing of personal data under Article 6(1)(e) or (f) GDPR, including profiling. You can object to the processing of your personal data for direct marketing purposes at any time.
The right to request the restriction of data processing.
You have the right to request the restriction of your personal data processing. If the restriction is requested, the Administrator or Co-Administrator will only store the personal data. You can make a request for restriction, for example, if you have doubts about the correctness of the data, the lawfulness of its processing or you have filed an objection to the processing and your request is still under consideration.
The right to have the personal data transmitted.
You have the right to receive your personal data and have it transmitted to another controller.
Your personal data may be transferred to the following categories of recipients:
- Persons authorized to receive data under applicable law (e.g., courts, departments, other government agencies);
- Business entities cooperating with the Administrator (e.g., road operators, agencies involved in the collection of VAT and excise taxes, and others);
- Persons associated with the Administrator who is the members of E100 group, authorized to accept data under contracts or other legal grounds.
Please note that each request for the provision of personal data is reviewed for compliance with the law.
If you believe that the processing of personal data infringes the GDPR, you may lodge a complaint with a supervisory authority in Poland - the Director of the Personal Data Protection Office.
Please note that your personal data may be transferred outside the European Economic Area, including countries such as USA in connection with services of some technical services providers for e100.eu website. In view of the above, we inform you of the possible risk of data transfer to third countries with regard to the level of protection of natural persons guaranteed by GDPR on processing of personal data of natural persons, due to the lack of a European Commission decision establishing an adequate level of personal data protection for such countries. If such data transfer is necessary, it should be carried out in accordance with the standards for data transfer to third countries set out in TSUE, alongside with contractual (standard contract provisions), technical (such as pseudonymization) and organizational (compliance with internal confidentiality and transfer rules) measures to ensure security and confidentiality of the data transfer. The data can be transferred to the following entities:
1. Functional Software, Inc. d/b/a Sentry ; 132 Hawthorne St, San Francisco, CA, the United States of America (USA);
- other companies that provide services to the Administrator, if the rules of a third country require the provision of personal data to fulfil a contract, for example, with a toll road operator.
Your personal data is used for automated profiling purposes with due regard to your consent and legitimate interests of the Administrator or Co-Administrator to better understand the web traffic on the Website and tailor our offers to your needs. We deliver targeted promos based on your consent to profiling only. Hereby we inform you that no special categories of personal data are processed in this regard.
Please note that based on your consent or other legal grounds, E100 IT may legally update your personal data through official organizations.
We check the data of our clients in the public databases:
- Bisnode Polska, a limited liability company with its registered office in Warsaw at Plac Europejski 2 (00-844 Warsaw), entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, under the number KRS 0000228478, NIP 774-285-50-54;
- "Krajowy Rejestr Długów Biuro Informacji Gospodarczej S.A.", with its registered office in Wrocław, 51-214, at ul. Danuta Sieików 12, KRS number 0000169851, NIP 895-179-47-07;
- Biuro Informacji Gospodarczej InfoMonitor S.A., with its seat in Warsaw, 02-679, at ul. Zygmunt Modzelewski 77, KRS number 0000201192, NIP 526-274-43-07;
We also verify customer data in public databases CEIDG and REGON, and in the register of the National Court Register.
E100 International Trade sp. z o. o.
Without prejudice to the aforementioned, you can also contact the Co-Administrator in view of data processing.