Privacy Policy

Version 1.0

I PREAMBLE

This legal notice presents the principles of processing and protection of personal data in accordance with the provisions of the General Data Protection Regulation (GDPR).

II  DEFINITIONS AND INFORMATION

What is GDPR?

GDPR is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter “GDPR”)

What are personal data and what does their processing mean?

Personal data means information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Personal data processing is any action performed on personal data, whether by automated means or not, such as collection, storage, recording, organization, structuring, modification, consultation, use, disclosure, restriction, erasure, or destruction.

Who is the Data Controller?

The controller of personal data is a natural or legal person, public authority, entity or other entity that, alone or jointly with others, determines the purposes and means of processing personal data.

Who is the Data Protection Officer?

The primary role of the Data Protection Officer (DPO) is to ensure that organisation processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.

III  Information about the data controller

The controller of the personal data of website users is Raf Trans Sp. z o. o. with its registered office in Warsaw, Pasaż Ursynowski 9/4B, 02-782 Warsaw, entered into the Register of Entrepreneurs maintained by the District Court for the capital city of Warsaw, 13th Commercial Division, under the KRS number 0000161497, Tax Identification Number (NIP) 9512075477, National Business Registry Number (REGON) 015479583, with the share capital of PLN 50,000.

You have the right to contact us using the communication channels indicated below:

• by sending us an email to: biuro@raftrans.com.pl
• by traditional mail, sent to the following address:
  Raf Trans Sp. z o. o.
  ul. Pasaż Ursynowski 9 paw. 4B,
  02-782 Warszawa,
  with the note “personal data”.

IV  Data Protection Officer

The Controller has appointed a Data Protection Officer, Mr. Maciej Kłos, whom you can contact if you have any questions regarding our processing of your personal data.

You can contact the Data Protection Officer via one of the communication channels indicated below:

• by sending an email to: iod@raftrans.com.pl
• by traditional mail, sent to the following address:
  Raf Trans Sp. z o. o.
  ul. Pasaż Ursynowski 9 paw. 4B,
  02-782 Warszawa,
  with the note “DPO”.

V  Purposes, Legal basis, Scope and Period of personal data processing

ZakThe scope of personal data we process depends on your activity on our website. Below, we present the purposes, legal basis, scope, and duration of processing your personal data:

1. Purpose of collecting personal data

• managing and customizing the website,
• enabling you to contact us,
• enabling you to visit our social media,

2. Scope, legal basis and period of data processing:

a)  For website management:

When you visit our website, a connection is established with your web browser. The information collected during this process is stored temporarily and serves to properly display the website.

The legal basis for processing your personal data for a specific processing purpose is the legitimate interest of the data controller – article 6 paragraph 1 letter f) of the GDPR

b)  In case of contact with us:

We have included a contact form and contact details on our website so you can contact us. Below, we outline the scope of processing your personal data when contacting us via:

• email: name and surname; email address; and other data that may constitute the content of correspondence.
• telephone call: name and surname; telephone number; and other information that may be provided during a telephone conversation.
• contact form: name and surname; telephone number; email address; and other data that may constitute the content of correspondence.

The legal basis for the processing of your personal data for a specific processing purpose is:

• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  – article 6 paragraph 1 letter b) of the GDPR,
• the legitimate interest of the data controller in handling correspondence and in defending against claims or pursuing claims – article 6 paragraph 1 letter f) of the GDPR.

Your personal data will be processed for the period resulting from the limitation period for civil law claims, counted from the date of termination of the correspondence or counted from the date of termination of the relationship with the data controller.

c)  When you visit our social media:

We have included a link to our social media profiles on our website. If you use the link to our social media, your personal data will be processed in accordance with our privacy policy regarding social media, the content of which is available at: https://www.raftrans.com.pl in the GDPR section.

VI  Cookies

Our website uses cookies, which are files stored on your device. By default, we only use those cookies without which the website cannot function properly. The use of other types of cookies is at your discretion. Please be advised that our website uses two basic types of cookies: “session cookies” and “persistent cookies.” “Session” cookies are temporary files that are stored on the user’s end device until logging out, leaving the website, or disabling the software (web browser). “Persistent” cookies are stored on the user’s end device for the time specified in the cookie parameters or until deleted by the user. Our website uses the following types of cookies:

• „Necessary” – cookies contribute to the website’s usability by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
• Cookies security – cookies used to ensure security, e.g., to detect authentication abuse within the Service.
• „performance” – cookies, enabling the collection of information about how the Service’s web pages are used.
• „functional” – cookies, enabling the “remembering” of settings selected by the User and personalizing the User interface, e.g., in terms of the selected language or region of the User’s origin, font size, website appearance, etc.
• „advertising” – cookies, enabling the delivery of advertising content to Users that is more tailored to their interests.

In many cases, web browsing software (web browser) allows cookies to be stored on the user’s end device by default. Website users can change their cookie settings at any time. Below, we provide information on how to block cookies in the most popular web browsers.

• Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=pl
• Safari: https://support.apple.com/pl-pl/HT201265
• Opera: https://help.opera.com/pl/latest/web-preferences/
• Firefox: https://support.mozilla.org/pl/kb/usuwanie-ciasteczek-i-danych-stron-firefox?re
• Microsoft Edge: https://support.microsoft.com/pl-pl/microsoft-edge/usuwanie-plików-cookie-w-przeglądarce-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
• Internet Explorer: https://support.microsoft.com/pl-pl/topic/jak-usunąć-pliki-cookie-w-programie-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

VII  Recipients of Your personal data

1.  Your personal data may be transferred to:

a) companies that perform activities necessary for the provision of services by the data controller
(e.g., hosting providers, IT support, etc.)

b) institutions authorized to do so under applicable law);

c) based on your request.

2.  Data transfer outside the European Economic Area (EEA)

We do not intend to transfer personal data to third countries (outside the European Economic Area). However, if necessary, we may do so, ensuring an adequate level of data protection and complying with applicable legal provisions.

VIII  Automated individual decision-making, including profiling

Your personal data may be processed automatically, but by default no decisions are made that have a significant impact on you. This type of processing has no legal effect on you and does not affect your situation.

IX  Source of personal data

Your personal data that we process in connection with your activity on our website comes directly from you.

X  Your rights

In connection with the processing of your personal data, you have the following rights:

• The right to access and obtain a copy of your data (Article 15 of the GDPR);
• The right to update your data, (Article 16 of the GDPR);
• The right to request the erasure of your personal data (Article 17 of the GDPR);
• The right to restrict the processing of your personal data (Article 18 of the GDPR);
• The right to data portability (Article 20 of the GDPR);
• The right to object to the processing of your personal data (Article 21 of the GDPR);
• The right not to be subject to decisions based on automated processing, including profiling (Article 22 of the GDPR);
• The right to file a complaint against the controller’s actions with the data protection authority (Article 77 of the GDPR). Note: The data protection authority in Poland is Prezes Urzędu Ochrony Danych Osobowych, details: https://uodo.gov.pl/en

XI  Security

We make every effort to protect users against unauthorized access, unauthorized modification, disclosure and destruction of information held by the data controller, in particular:

• we control our methods of collecting, storing and processing information, including physical security measures, to protect data from unauthorized access;
• we cooperate only with those companies that guarantee compliance with personal data protection regulations, in particular the provisions of the GDPR;
• we are constantly improving the security level of our IT systems to ensure that their protection is up-to-date with all cyber threats and that the use of our services is safe and comfortable for you;
• we provide access to personal data only to those employees, contractors and representatives who have the necessary knowledge and qualifications to ensure their security and protection;
• we constantly check the risks associated with the processing of your personal data;
• we always apply the principles of „privacy by design”, and „privacy by default;

XII  Final provisions

This Privacy Policy may change from time to time. Any changes to the Privacy Policy will be posted on our website and, where appropriate, notification of changes will be sent directly to you.

Document version 1.0 | This document was last updated on 01/05/2025.