Privacy Policy

We inform you that:

To the extent that your personal data is processed through the functionality of https://e100.eu/pl/ (the "Website"), including through the Client's account on the Website (the "Client Account"), by accepting the E100 Data Processing Principles (the "E100 Information") and providing voluntary, unequivocal and informed consent to data processing, you acknowledge and agree that:

1) your personal data controller is E100 International Trade Sp. z o. o. with headquarters in Warsaw, located at the address as follows: 78 Pory Street, Room 7, 02-757 Warsaw, recorded in the National Judicial Register of Entrepreneurs maintained by the District Court of Warsaw, the XIII Commercial Department, under No. KRS 0000636760, NIP 5213745637, REGON 365202749, hereinafter referred to as "E100 IT" or "Administrator".

2) another controller of your personal data is a another member of E100 group, located in EEA country country within the meaning of GDPR, who ensures the Website operation and its technical functionality, performing periodic technical evaluation and introducing modification to the Website with due regard to the needs of E100 IT and E100 IT Clients, collecting data for this purpose, i.e. Baltia Trading Company OÜ (ENG name: Baltia Trading Company LLC) , with its registered seat in Republic of Estonia, Haarju county, Tallinn, 11415, Lasnamäe district, Väike-Paala 1 St., registered in the estonian commercial register under number 14375399, hereinafter referred to as “E100 BTC” or “Co-Administrator”.

Considering abovementioned, E100 IT and E100 BTC are joint controllers of your personal data collected and processed through the Website, they jointly determine the purpose and scope of personal data with due regard to the legitimate interests, if any, or your voluntary, unequivocal and informed consent to the processing rules followed by each member of E100 and data transfer or exchange between them.

By using the Website, the User agrees to share personal data with and between E100 IT and E100 BTC to the extent necessary for the proper operation of the Website and the services provided through it, including through the Client's Account. By expressing consent to processing of data by E100 IT or E100 BTC, the User agrees that such consent for processing may be connected with the data transfer to a third country within the meaning of GDPR (e.g. in case of consenting to processing of personal data by entities with its registered seat in non-EEA country) which as a rule, is carried out on the basis of a decision on adequacy or subject to appropriate safeguards, or in the cases specified in Article 49 of the GDPR, including on the basis of the explicit consent of the user. Therefore we would like to inform you of the possible risk that may be associated with the personal data transfer to third countries, i.e. the possible lack of adequate protection of personal data processing ensured by the GDPR, in the absence of a European Commission decision recognizing an adequate level of personal data protection in some of the countries.

In this regard, we would like to inform you that data transfer to such entities is ensured in accordance with the standards for data transfer to third countries set forth in TSUE, alongside with contractual (standard contract provisions), technical (such as pseudonymization) and organizational (compliance with internal confidentiality and transfer rules) measures to ensure security and confidentiality of the data transfer. The data processed through the Website is ultimately stored on servers in the European Union. In case of transfer of personal data to Great Britain or Switzerland, adequacy decisions issued by European Commission, confirming proper level of protection of personal data shall apply.

The Co-administrators of the Website do not transfer data to third countries unless there is the data subject consent or any other legal grounds. E100 IT is responsible for maintaining the register of data processing activities, thus, notwithstanding possibility to contact each of the data controllers, the Administrator is the contact person for joint personal data processing.

We would like to inform you as well that if the personal data subject provides its personal data to E100 IT only, for example, by ignoring the functionalities offered on the Website, E100 IT shall be deemed the administrator of such data.

To contact the Administrator regarding the personal data processing received through the Website, send an email to [email protected].

Registration on the Website and personal data disclosure is voluntary, but necessary to contact us through the contact form (telephone number or e-mail address) or to use our services through the Client Account (data necessary for the Client's registration and for the ordered services to be performed).

Processing your data, the Administrator and Co-Administrator are governed by the data minimization principle set forth in Article 5(1)(c) of the GDPR.

The Administrator or Co-Administrator process various categories of data, with due regard to your explicit consent or legal interests, including:

• name, business address
• phone number, email address
• position in the organizational structure of the company (if necessary)
• UNP (TIN) of the company
• authorized contact persons
• PESEL (ID no.)
• geolocation data

Within the framework and for the purposes of the concluded contracts, the Administrator also processes the personal data of other persons (for example, guarantors, mortgagors):

• first name, patronymic (if any), last name, PESEL, residential address;
• data on the financial position of persons related to the client.

In addition, on the Website, we also collect information contained in cookies and in server logs (for example, the IP addresses of endpoint devices).

The collected data is used for technical purposes related to the server administration. When processing data on the Website we use recognized mechanisms to analyze or monitor Website traffic (for more information, see the Data Protection Policy available on the Website).

With due regard to the activities performed, the Administrator and the Co-Administrator process your personal data for various purposes as prescribed by law. You may provide us exclusively with data for processing in accordance with applicable law, including the GDPR. Hereby we inform you that we process the data based on:

- the consent to the extent given in E100 Information (so-called "pop-up cookie") which appears when you visit the Website, provided that you give such consent directly to the Administrator, Co-Administrator or E100 Partners pursuant to Article 6(1)(a) GDPR;

- the consent given by you in the E100 Client Form to the extent not processed through the functionality of the Website in accordance with Article 6(1)(a) of the GDPR;

- goals for contract conclusion which the data subject is a party to or for actions to be taken at the request of the data subject prior to the conclusion of the contract, i.e. in accordance with Article 6(1)(b) of the GDPR;

- performance of the legal obligations imposed on the Administrator or Co-Administrator, as prescribed by Article 6 (1) (c) of the GDPR;

- the Administrator or Co-Administrator legitimate interests protection in accordance with Article 6(1) (f) of the GDPR;

- the consent provided in E100 Information (the so-called "pop-up cookie") to data transfer to a third country as defined in the GDPR, i.e. to a country that does not guarantee the same level of personal data protection as required by GDPR and in the EEA, in accordance with Article 49(1)(a) GDPR, to the extent that the personal data transfer is necessary due to the legitimate interests of the Administrator or Co-Administrator and to identify purposes and methods of processing of the personal data collected through the Website in compliance with Article 26 (1) GDPR due to the possibility of transfer of some of data by the Website to the third country. In the case of such transfer, the Administrator carries out the transfer of personal data by applying additional measures/mechanisms for the protection of personal data, such as standard contractual provisions (SCC) adopted by the European Commission, as well as technical and organizational measures to protect the transfer;

- the consent provided in E100 Information (so-called "pop-up cookie") to personal data transfer by the Co-Administrator to the Administrator to the extent required by the legitimate interests of the Administrator and Co-Administrator and their joint purposes and methods of processing of the personal data collected through the Website, that is in compliance with Article 26 (1) GDPR;

- on the basis of the other applicable legal bases.

The Requirement to inform on personal data processing is met by putting on the Website the E100 Information (so-called "pop-up cookie"), this Privacy Policy and the Personal Data Protection Policy.

The processing of personal data is necessary for the purposes of observing the legitimate interests of the Personal Data Administrator, including, but not limited to, for executing contracts with contractors, developing partnerships with customers and suppliers, offering or improving our services to potential clients, conducting business transactions or joint administration, that is, among others, ensuring technical functionality of the Website, its maintenance, debugging, fraud prevention. For a complete list of goals, see the "E100 Information" displayed when you visit our Website.

Our clients are enterpreneurs, including corporate entities, thus there is a need to specify a contact person for our cooperation. We process the personal data of our clients' contact persons for cooperation, settlements, management of receivable and overdue accounts, delivery of goods and services. Contact data submission is optional, but necessary for the performance of the contracts.

To provide services, the retention period for your personal data is as follows:

- for client's personal data: contract duration and the filing period after its termination, and for so long as necessary for tax and accounting purposes

– for contact person’s data: as long as that person performs such functions;

- for other persons’ data: contract duration (e.g., surety agreement).

The right to access data.
You have the right to receive information about the processing of your personal data and to receive a copy of your data that we process. If we do not process your personal data, you are entitled to receive confirmation.

The right to correct data.
You have the right to correct or supplement personal data that is inaccurate or insufficient for the purposes of processing.

The right to delete data.
You may ask for your personal data to be deleted or exercise the "right to be forgotten" as prescribed by the GDPR. Your data will be deleted if there is no legal reason to keep it. If your personal data is processed in accordance with your consent, you have the right to withdraw your consent at any time. In order to withdraw your consent, please send an email to [email protected]

Right to object.
You have the right to object to the processing of your personal data in order to comply with the legitimate interests of the Administrator or Co-Administrator with respect to your specific situation, i.e. to the processing of personal data under Article 6(1)(e) or (f) GDPR, including profiling. You can object to the processing of your personal data for direct marketing purposes at any time.

The right to request the restriction of data processing.
You have the right to request the restriction of your personal data processing. If the restriction is requested, the Administrator or Co-Administrator will only store the personal data. You can make a request for restriction, for example, if you have doubts about the correctness of the data, the lawfulness of its processing or you have filed an objection to the processing and your request is still under consideration.

The right to have the personal data transmitted.
You have the right to receive your personal data and have it transmitted to another controller.

All requests for exercising the data subject's rights applicable to the data processing by the Administrator and Co-Administrator, shall be mailed to [email protected]

Your personal data may be transferred to the following categories of recipients:

• Persons authorized to receive data under applicable law (e.g., courts, departments, other government agencies);
• Business entities cooperating with the Administrator (e.g., road operators, agencies involved in the collection of VAT and excise taxes, and others);
• Persons associated with the Administrator who is the members of E100 group, authorized to accept data under contracts or other legal grounds.

Please note that each request for the provision of personal data is reviewed for compliance with the law.

If you believe that the processing of personal data infringes the GDPR, you may lodge a complaint with a supervisory authority in Poland - the Director of the Personal Data Protection Office.

Please note that your personal data may be transferred outside the European Economic Area, including countries such as USA in connection with services of some technical services providers for e100.eu website. In view of the above, we inform you of the possible risk of data transfer to third countries with regard to the level of protection of natural persons guaranteed by GDPR on processing of personal data of natural persons, due to the possible lack of a European Commission decision establishing an adequate level of personal data protection for such countries. In the absence of a decision confirming the adequacy of the level of protection specified in Art. 45 section 3 GDPR, if such data transfer is necessary, it should be carried out in accordance with the standards for data transfer to third countries set out in TSUE, alongside with contractual (standard contract provisions), technical (such as pseudonymization) and organizational (compliance with internal confidentiality and transfer rules) measures to ensure security and confidentiality of the data transfer. Data may also be transferred based on the express consent of the data subject. The data can be transferred to the following entities:

- Functional Software, Inc. d/b/a Sentry ; 132 Hawthorne St, San Francisco, CA, the United States of America (USA);

- D&B Holding Inc. with its registered office in USA and its affiliated entities (some servers located in USA);

and

- other companies that provide services to the Administrator, users, or if the rules of a third country require the provision of personal data to fulfil a contract, for example, with a toll road operator or in other situations provided for by law.

Data may also be transferred via Google Analytics for processing to Google servers in the USA according to the rules and frequency specified by the service provider.

Your personal data is used for automated profiling purposes with due regard to your consent and legitimate interests of the Administrator or Co-Administrator to better understand the web traffic on the Website and tailor our offers to your needs. We deliver targeted promos based on your consent to profiling only. Hereby we inform you that no special categories of personal data are processed in this regard.

We do not process your personal data for any purposes other than those set forth in the Privacy Policy and Personal Data Protection Policy available on the Website. If new grounds for processing personal data appear in future, we will inform you about this and the legal grounds for processing or, if any, we will request your consent to the processing of personal data for a new purpose.

For questions related to the processing of your personal data, including those obtained through the Website, you can contact the Administrator responsible for maintaining the register of personal data processing by e-mail: [email protected] or by sending a letter to:

E100 International Trade sp. z o. o.
Pory 78/7
02-757 Warsaw

Without prejudice to the aforementioned, you can also contact the Co-Administrator in view of data processing.

We may update our privacy policy from time to time. We update it to meet the changes in our business activities. If there is a change in the way we use the personal information that users provide to us, or if the purposes or subjects to whom we disclose this information change, we will post a notice of such change on our Website, and continued use of the Website constitutes user acceptance of the changed policy applicable to the Website.