Privacy Policy

We inform you that:

To the extent that your personal data is processed through the functionality of https://e100.eu/pl/ (the "Website"), including through the Client's account on the Website (the "Client Account"), by accepting the E100 Data Processing Principles (the "E100 Information") and providing voluntary, unequivocal and informed consent to data processing, you acknowledge and agree that:

1) your personal data controller is E100 International Trade Sp. z o. o. with headquarters in Warsaw, located at the address as follows: 78 Pory Street, Room 7, 02-757 Warsaw, recorded in the National Judicial Register of Entrepreneurs maintained by the District Court of Warsaw, the XIII Commercial Department, under No. KRS 0000636760, NIP 5213745637, REGON 365202749, hereinafter referred to as "E100 IT" or "Administrator".

2) another controller of your personal data is a another member of E100 group, located in EEA country country within the meaning of GDPR, who ensures the Website operation and its technical functionality, performing periodic technical evaluation and introducing modification to the Website with due regard to the needs of E100 IT and E100 IT Clients, collecting data for this purpose, i.e. Baltia Trading Company OÜ (ENG name: Baltia Trading Company LLC) , with its registered seat in Republic of Estonia, Haarju county, Tallinn, 11415, Lasnamäe district, Väike-Paala 1 St., registered in the estonian commercial register under number 14375399, hereinafter referred to as “E100 BTC” or “Co-Administrator”.

Considering abovementioned, E100 IT and E100 BTC are joint controllers of your personal data collected and processed through the Website, they jointly determine the purpose and scope of personal data with due regard to the legitimate interests, if any, or your voluntary, unequivocal and informed consent to the processing rules followed by each member of E100 and data transfer or exchange between them.

By using the Website, the User agrees to share personal data with and between E100 IT and E100 BTC to the extent necessary for the proper operation of the Website and the services provided through it, including through the Client's Account. By expressing consent to sharing date between E100 IT and E100 BTC, the User agrees that such consent also may be connected with the data transfer to a third country within the meaning of GDPR (e.g. in case of consenting to processing of personal data by entities with its registered seat in non-EEA country) and gives consent to such transfer for the above-mentioned purposes. Therefore we would like to inform you of the possible risk that may be associated with the personal data transfer to third countries, i.e. the possible lack of adequate protection of personal data processing ensured by the GDPR, in the absence of a European Commission decision recognizing an adequate level of personal data protection in the country where the "е-Кард ЮА" (ENG name: LLC “e-Card UA”) with its registered seat in Kiev, Ukraine, is incorporated, including with regard to the protection guaranteed within the EEA.

In this regard, we would like to inform you that data transfer to such entities is ensured in accordance with the standards for data transfer to third countries set forth in TSUE, alongside with contractual (standard contract provisions), technical (such as pseudonymization) and organizational (compliance with internal confidentiality and transfer rules) measures to ensure security and confidentiality of the data transfer. The data processed through the Website is ultimately stored on servers in the European Union.

The Co-administrators of the Website do not transfer data to third countries unless there is the data subject consent or any other legal grounds. E100 IT is responsible for maintaining the register of data processing activities, thus, notwithstanding possibility to contact each of the data controllers, the Administrator is the contact person for joint personal data processing.

We would like to inform you as well that if the personal data subject provides its personal data to E100 IT only, for example, by ignoring the functionalities offered on the Website, E100 IT shall be deemed the administrator of such data.

To contact the Administrator regarding the personal data processing received through the Website, send an email to [email protected].

Registration on the Website and personal data disclosure is voluntary, but necessary to contact us through the contact form (telephone number or e-mail address) or to use our services through the Client Account (data necessary for the Client's registration and for the ordered services to be performed).

Processing your data, the Administrator and Co-Administrator are governed by the data minimization principle set forth in Article 5(1)(c) of the GDPR.

The Administrator or Co-Administrator process various categories of data, with due regard to your explicit consent or legal interests, including:

• name, business address
• phone number, email address
• position in the organizational structure of the company (if necessary)
• UNP (TIN) of the company
• authorized contact persons
• PESEL (ID no.)
• geolocation data

Within the framework and for the purposes of the concluded contracts, the Administrator also processes the personal data of other persons (for example, guarantors, mortgagors):

• first name, patronymic (if any), last name, PESEL, residential address;
• data on the financial position of persons related to the client.

In addition, on the Website, we also collect information contained in cookies and in server logs (for example, the IP addresses of endpoint devices).

The collected data is used for technical purposes related to the server administration. When processing data on the Website we use recognized mechanisms to analyze or monitor Website traffic (for more information, see the Data Protection Policy available on the Website).

With due regard to the activities performed, the Administrator and the Co-Administrator process your personal data for various purposes as prescribed by law. You may provide us exclusively with data for processing in accordance with applicable law, including the GDPR. Hereby we inform you that we process the data based on:

- the consent to the extent given in E100 Information (so-called "pop-up cookie") which appears when you visit the Website, provided that you give such consent directly to the Administrator, Co-Administrator or E100 Partners pursuant to Article 6(1)(a) GDPR;

- the consent given by you in the E100 Client Form to the extent not processed through the functionality of the Website in accordance with Article 6(1)(a) of the GDPR;

- goals for contract conclusion which the data subject is a party to or for actions to be taken at the request of the data subject prior to the conclusion of the contract, i.e. in accordance with Article 6(1)(b) of the GDPR;

- performance of the legal obligations imposed on the Administrator or Co-Administrator, as prescribed by Article 6 (1) (c) of the GDPR;

- the Administrator or Co-Administrator legitimate interests protection in accordance with Article 6(1) (f) of the GDPR;

- the consent provided in E100 Information (the so-called "pop-up cookie") to data transfer to a third country as defined in the GDPR, i.e. to a country that does not guarantee the same level of personal data protection as required by GDPR and in the EEA, in accordance with Article 49(1)(a) GDPR, to the extent that the personal data transfer is necessary due to the legitimate interests of the Administrator or Co-Administrator and to identify purposes and methods of processing of the personal data collected through the Website in compliance with Article 26 (1) GDPR due to the possibility of transfer of some of data by the Website to the third country. In the case of such transfer, the Administrator carries out the transfer of personal data by applying additional measures/mechanisms for the protection of personal data, such as standard contractual provisions (SCC) adopted by the European Commission, as well as technical and organizational measures to protect the transfer;

- the consent provided in E100 Information (so-called "pop-up cookie") to personal data transfer by the Co-Administrator to the Administrator to the extent required by the legitimate interests of the Administrator and Co-Administrator and their joint purposes and methods of processing of the personal data collected through the Website, that is in compliance with Article 26 (1) GDPR.

The Requirement to inform on personal data processing is met by putting on the Website the E100 Information (so-called "pop-up cookie"), this Privacy Policy and the Personal Data Protection Policy.

The processing of personal data is necessary for the purposes of observing the legitimate interests of the Personal Data Administrator, including, but not limited to, for executing contracts with contractors, developing partnerships with customers and suppliers, offering or improving our services to potential clients, conducting business transactions or joint administration, that is, among others, ensuring technical functionality of the Website, its maintenance, debugging, fraud prevention. For a complete list of goals, see the "E100 Information" displayed when you visit our Website.

Our clients are legal entities, so you need to specify a contact person for our cooperation. We process the personal data of our clients' contact persons for cooperation, settlements, management of receivable and overdue accounts, delivery of goods and services. Contact data submission is optional, but necessary for the performance of the contracts. For more information, see "Preferences in data processing", available in "Information E100".

To provide services, the retention period for your personal data is as follows:

- for client's personal data: contract duration and the filing period after its termination, and for so long as necessary for tax and accounting purposes;

– for contact person’s data: as long as that person performs such functions;

- for other persons’ data: contract duration (e.g., surety agreement).

The right to access data
You have the right to receive information about the processing of your personal data and to receive a copy of your data that we process. If we do not process your personal data, you are entitled to receive confirmation.

The right to correct data
You have the right to correct or supplement personal data that is inaccurate or insufficient for the purposes of processing.

The right to delete data
You may ask for your personal data to be deleted or exercise the "right to be forgotten" as prescribed by the GDPR. Your data will be deleted if there is no legal reason to keep it. If your personal data is processed in accordance with your consent, you have the right to withdraw your consent at any time. In order to withdraw your consent, please send an email to [email protected]

Right to object
You have the right to object to the processing of your personal data in order to comply with the legitimate interests of the Administrator or Co-Administrator with respect to your specific situation, i.e. to the processing of personal data under Article 6(1)(e) or (f) GDPR, including profiling. You can object to the processing of your personal data for direct marketing purposes at any time.

The right to request the restriction of data processing
You have the right to request the restriction of your personal data processing. If the restriction is requested, the Administrator or Co-Administrator will only store the personal data. You can make a request for restriction, for example, if you have doubts about the correctness of the data, the lawfulness of its processing or you have filed an objection to the processing and your request is still under consideration.

The right to have the personal data transmitted
You have the right to receive your personal data and have it transmitted to another controller.

All requests for exercising the data subject's rights applicable to the data processing by the Administrator and Co-Administrator, shall be mailed to [email protected]

Your personal data may be transferred to the following categories of recipients:

• Persons authorized to receive data under applicable law (e.g., courts, departments, other government agencies);
• Business entities cooperating with the Administrator (e.g., road operators, agencies involved in the collection of VAT and excise taxes, and others);
• Persons associated with the Administrator who is the members of E100 group, authorized to accept data under contracts or other legal grounds.

Please note that each request for the provision of personal data is reviewed for compliance with the law.

If you believe that the processing of personal data infringes the GDPR, you may lodge a complaint with a supervisory authority in Poland - the Director of the Personal Data Protection Office.

Please note that your personal data may be transferred outside the European Economic Area to companies associated with the Administrator and belonging to E100 group, on the basis of applicable legislation, including explicit consent to the data transfer to a third party in the meaning of GDPR. In view of the above, we inform you of the possible risk of data transfer to third countries with regard to the level of protection of natural persons guaranteed by GDPR on processing of personal data of natural persons, due to the lack of a European Commission decision establishing an adequate level of personal data protection for such countries. If such data transfer is necessary, it should be carried out in accordance with the standards for data transfer to third countries set out in TSUE, alongside with contractual (standard contract provisions), technical (such as pseudonymization) and organizational (compliance with internal confidentiality and transfer rules) measures to ensure security and confidentiality of the data transfer. The data can be transferred to the following companies associated with the Administrator:

ТОВ "е-Кард ЮА" (ENG name: e-Card UA, LLC), with the legal address in Ukraine, Kiev 04073, Banderi Avenue, House No.9, Building No. 2, office 2-301; registered in the Unified State Register of Enterprises and Organizations of Ukraine under number 43246932;

- and other companies that provide services to the Administrator, if the rules of a third country require the provision of personal data to fulfill a contract, for example, with a toll road operator.

Your personal data is used for automated profiling purposes with due regard to your consent and legitimate interests of the Administrator or Co-Administrator to better understand the web traffic on the Website and tailor our offers to your needs. We deliver targeted promos based on your consent to profiling only. Hereby we inform you that no special categories of personal data are processed in this regard.

We do not process your personal data for any purposes other than those set forth in the Privacy Policy and Personal Data Protection Policy available on the Website. If new grounds for processing personal data appear in future, we will inform you about this and the legal grounds for processing or, if any, we will request your consent to the processing of personal data for a new purpose.

For questions related to the processing of your personal data, including those obtained through the Website, you can contact the Administrator responsible for maintaining the register of personal data processing by e-mail: [email protected] or by sending a letter to:

E100 International Trade sp. z o. o.
Pory 78/7
02-757 Warsaw

Without prejudice to the aforementioned, you can also contact the Co-Administrator in view of data processing.

We may update our privacy policy from time to time. We update it to meet the changes in our business activities. If there is a change in the way we use the personal information that users provide to us, or if the purposes or subjects to whom we disclose this information change, we will post a notice of such change on our Website, and continued use of the Website constitutes user acceptance of the changed policy applicable to the Website.

As a service provider, we have the right to interact directly with you, and you (the data subject or the data controller), in turn, within the framework of such interaction, have the right to provide us with your personal data.

This data may be transmitted when you apply for a product offered through E100, subscribe to E100 newsletter, participate in promotions or surveys or apply for a job at E100, among others.

From the moment the data is provided to us, the data subject ceases to be anonymous. We obtain your personal transactional data from financial institutions and other organizations when you request a business relationship and during the relationship.

Based on your consent, legitimate interest or other legal basis, we may also receive information about you from payment processing companies, public information systems, credit reporting agencies and commercial information services.

By submitting a request to E100 for products or services through our websites or through one of our sales representatives, the user may provide us with their company and/or personal information.

Below are the categories of personal data that we may receive and process on various legal grounds:

• Contact information (for example, first and last name, postal and email address, phone and fax numbers)
• Business contact information (for example, position, department and name of the company)
• Information about the applicant and the co-applicant (for example, first and last name, postal address and email, telephone and fax numbers, date of incorporation or date of birth and identification numbers)
• User name and password
• Financial information
• Contact information of other persons with whom the user allows us to contact
• User-generated content (for example, comments)
• Information about employment
• A Mobile Device ID
• IP addresses qualified as personal data
• Data on the geographical location
• Other information

E100 collects certain information, for example, using cookies and web beacons, when a user visits our websites. Data collection using cookies and web beacons is carried out with the consent of the E100 website visitor and only if the visitor clicks on "Agree" button, to the extent specified as storing or accessing information on the end device. If you click on "I disagree" button, data is not collected through cookies. The data we collect in this way includes, but is not limited to, IP address, browser type, operating system, URL of the page from which users were redirected, information on the actions taken when visiting the website, and the date and time of the visit.

A cookie is a small text file stored on your hard drive or mobile device by web pages you visit. A "web beacon", also called a "pixel tag," "clear GIF" and "invisible GIF", is used to send feedback to the server. We use cookies and other internet technologies to better tailor our interactions with you by improving our contact management software tools. The cookie itself usually does not contain any personal identification data.

With regard to the collection of anonymous data and its processing on the basis of your consent, your data may be transmitted via the functionality of our websites to the following companies:

- Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland

- Hotjar Ltd., 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta

- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,

Our site may use plugins, analytical tools and other social media tools provided by popular social networks. When entering the website containing such a plugin (Meta Pixel, Hotjar, Google Analytics), your browser establishes a direct connection to the social networks servers. The content of the plugin is sent directly to your browser by the relevant social network operator and is integrated with our website, and the social network provider is informed that your browser has visited our website, even if you do not have a profile on that social network or are not currently logged in to your profile. In this case, the data, including your IP address is transmitted by your browser directly to the server of the corresponding social network and stored there (some servers may be located in a third country within the meaning of GDPR), and the data is sent using "Like" or "Share" buttons to the server of the social network administrator may be published in the corresponding social network and thus shared with your contacts. Privacy settings and your rights in this regard are governed by the appropriate social network.

You can personalize your data processing preferences for the websites we manage through your browser settings. In addition, you can use the blockers indicated below.

If your browser settings allow us to collect cookies and you have given E100 your consent to collect cookies directly on the website, we may store on your computer a small amount of information about which part of the website you have visited and which features you like best. This allows us to personalize the content to your interests. We may also use cookies to identify authorized users so that they do not have to re-enter their username and password. By allowing us to better understand how you use our website, cookies can help us make browsing the Internet more convenient and relevant for users.

Most web browsers allow users to change security settings to allow or block cookies. The user does not need to activate cookies to be able to visit our website, but without them, the user’s access to some sections may be limited, and navigation adapted to the individual needs of the user may not be available. For more information about the cookies we use and the purposes for which we use them, please refer to the E100 Data Policies notice available on our websites once they are visited.

You can influence the data analysis solutions using 'cookies' used on our websites by using cookie placement and tracking blockers such as: AdBlock Plus: (https://adblockplus.org/) using the options of such solutions.

E100, like many others, use web beacons. Web beacons help us to better understand web traffic and user behavior when visiting our site, as well as to evaluate the reaction to the promotions we offer. This information does not identify a specific user and is used only to create an overall picture of how users use our site. The user can, if desired, deactivate pixel tags by configuring his web browser so that images are not displayed, and disable JavaScript.

You can influence the data analysis by using browser add-ons to disable plugins: https://tools.google.com/dlpage/gaoptout

In the case of the Hotjar Ltd. solution, if you have given your consent, we do not collect your personally identifiable data and data from forms, but if you are concerned you can use the "Do Not Track" option that Hotjar has provided for every internet user - ("Do Not Track" - https://www.hotjar.com/policies/do-not-track/ )

Logging out of the social network before visiting our websites with plugins that establish a direct connection to the servers of such controllers will prevent the direct attribution and sharing of your social network profile data. If you do not want the data that you have provided to us to be processed using such plugins, you can use a program or plugin to block scripts.

As part of some transactions, the user contacts us by phone or we call the user. You may also be contacted via online chats for this purpose. Please keep in mind that it is common practice for E100 to track and in some cases record such interactions for the purposes of staff training or quality control, or to preserve evidence of a specific transaction or interaction, and we will inform our interlocutors about this.

Regardless of the above, we conduct direct marketing or send information that can be classified as commercial, using electronic means of communication, i.e. the phone number or email address specified for communication, only upon the prior consent given by the subject data.

We do not sell or otherwise disclose our users personal data that we collect, except for the cases described in this document or disclosed to the user at the time of data collection. We exchange data for the purpose of conducting transactions or performing other activities as part of business relationshipы. In accordance with the principles of data transfer to third countries in the meaning of GDPR, we may share the personal data we collect with the companies of the group, commercial affiliates, subsidiaries, vendors, suppliers and other organizations involved in the contracting process with E100 clients. We may also share this data with our service providers who perform services on our behalf. We do not authorize such service providers to use or disclose this data, except as necessary to perform certain services on our behalf or to comply with requirements of the applicable legislation. We require such service providers, within the framework of their contract, to adequately protect the confidential and personal data that they process on our behalf.

We may share data with business partners with whom we do business. These business partners may contact the user regarding products or services in which the user may be interested. Such third parties may use personal data in accordance with their own privacy policy. When using such features, we recommend the user to read the third party privacy policy . We reserve the right to transfer personal data in the event we sell or transfer all or part of our business or assets. In the event of such sale or transfer, we will make reasonable efforts to instruct the recipient to use the personal information received from the user in accordance with our privacy policy. Upon completion of such sale or transfer, the user may contact the company that received the user's personal data for any questions related to the processing of that data.

The user has the rights to his personal data that we store. We allow users to choose which personal data we collect.

The User may decide not to disclose their personal data to E100 group by refusing to provide consent when interacting with E100. You have the right to refuse to use cookies to assign a unique identifier to your computer when you use our websites to avoid aggregation and analysis of data collected on our sites.

The user may opt-in or opt-out email marketing through the websites, and may receive or unsubscribe from marketing emails following the instructions for subscribing and unsubscribing from promotions. The user can also opt out of receiving promotions. The user may revoke any previously given consent or at any time legally prohibit us from processing his/her personal data. From this point on, we will adhere to the preferences expressed by the user. In some cases, the withdrawal of consent to the use or disclosure of your personal data will mean that the user will not be able to use certain products or services offered by us.

If the user is located in the European Economic Area, the user may prohibit us from transferring his or her personal data to third countries, except: (i) to service providers we have hired to provide services on our behalf, (ii) if we sell or transfer all or part of our business or assets and a new administrator becomes a party to the user's contract (iii) if disclosure is necessary for good reasons in the public interest, or (iv) if we believe such disclosure is necessary or appropriate in connection with the investigation of suspected fraud or other illegal activity. If the user is located in the European Economic Area, we will use his personal data only for the purposes stipulated by the terms of our privacy policy and other conditions that the user has been notified about, unless we have other grounds, for example, consent, to use data for other purposes. If required by law, E100 obtains prior consent to the collection of (i) personal data for marketing purposes.

All user information can be transmitted and stored in a secure E100 database located on servers in the European Union. If we transfer user data to other countries, we will protect it in accordance with the Privacy Policy applicable to our website, including the Data Protection Policy. The data we collect may be transferred outside the country of origin of the user with his or her consent provided in accordance with the GDPR. Data may also be processed by employees working outside the user's country of origin who work for us or for any of our suppliers in order to prevent data transfer without explicit consent. These employees may be involved in, among other things, fulfilling user orders, processing payment information, and providing support services. By providing the personal data, the user gives consent to the transfer, exchange, storage or other processing of the data. If a user provides us with personal data of his/her company employees or individuals, we can reasonably assume that the user is acting as the administrator of that data and is responsible for obtaining their consent to act as scuh. We will take all reasonable measures to ensure the safety of user data and their protection in accordance with this privacy policy. E100 has a data protection program designed to (i) ensure and maintain the confidentiality of user personal data; (ii) protect personal data against security threats and risks to integrity; (iii) protect against unauthorized access to or use of personal data that could cause serious harm to the user or his/her company; and (iv) comply with applicable law. Our contracts with suppliers and service providers bind them with the obligations to protect the user's personal data.

Unfortunately, the transmission of information over the Internet is never completely secure. Although we will do everything possible to protect the user's personal data, we cannot guarantee 100% security of the data transmitted through our sites. The user provides this data to some extent at his or her own risk. We take all reasonable precautions, including appropriate technical, administrative and physical procedures, to protect the user's personal data from loss, misuse or alteration. The information that the user provides to us is stored on our secure servers.

Under applicable law, users have the right to request access to their personal data that we store, to update and correct inaccuracies in their personal data, and to request that data be blocked or deleted. In some cases, the user's right to access personal data may be restricted by local legislation. To update your preferences, request the removal of your information from our contact list, or make a request, contact us by email.

By using the E100 website and services, the user agrees to the use of his/her personal data in accordance with our privacy policy, i.e. the Privacy Policy applicable to our website, including data protection rules and any other terms and/or conditions that they have been informed about. E100 reserves the right to access and disclose personal and contact data in accordance with applicable law, legal requirements of the government and court orders, subject to the provisions of GDPR. [For a valid reason], such as [the introduction of new services, the termination of existing services, or a significant change in the laws that we are required to comply with], we may have to change our privacy policy. If we do, we will notify you of the changes on this page. Users are encouraged to visit our website for any changes. Continued use of the website by a user shall be deemed as his/her consent to this privacy policy; use of this website following the publication of the amended privacy policy means his consent to the amended privacy policy.

If you wish to opt out of receiving e-mail, fax or telephone messages from E100, or want to update your personal data, ask to delete such data or find out some information about the data that we store, please write to [email protected]. If you have further questions about this privacy policy or would like to file a complaint, please email us at [email protected].

We may update our privacy policy from time to time. We update it to meet the changes in our business activities. If there is a change in the way we use the personal data that users provide to us, or if the purposes or subjects to whom we disclose this information change, we will post a notice of such change on our Website, and continued use of the Website constitutes user acceptance of the changed policy applicable to the Website.