THE CLICKTRANS PLATFORM AND THE MOBILE APP
The personal data controller (hereinafter also as: ‘Controller’) is Clicktrans sp. z o.o. with its registered office in Gdańsk (80-314), Aleja Grunwaldzka 303, NIP: 5842810908, REGON: 52049502200000, entered into the register of entrepreneurs of the National Court Register kept by District Court Gdańsk-Północ in Gdańsk, VII Commercial Division of the National Court Register under KRS number 0000934060, with share capital in the amount of PLN 50,000.00, tel. +48-58-558-80-76.
The personal data collected by the Controller, are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Journal of Laws EU L 119, p. 1, hereinafter referred to as: ‘GDPR’.
Words starting with capital letters have the meaning given to them in the Terms of Service of the Clicktrans Platform and the Terms of Service of the Clicktrans Mobile Application (hereinafter ‘Terms of Service’).
The Controller makes special efforts to protect the privacy and information provided to him regarding the Platform and Application users. The controller selects and applies appropriate technical measures with due diligence, including programming and organisational measures, to ensure the protection of processed data, in particular, by safeguarding the data against unauthorised sharing, disclosure, loss and destruction, unauthorised modification, as well as against their processing in violation of applicable law.
The Services are not directed to persons under 16 years of age. The personal data Controller does not intend to collect data concerning persons under 16 years of age.
If, as part of certain processing purposes, our organiation is the controller jointly with another entity, information in this regard will be provided separately, including under the terms of service of the social media site.
The Platform and Application may use the so-called plugins and other social media tools, including those enabling logging in to the Platform and Application, by using accounts from external social networking sites (e.g. Facebook.com). The providers of such tools may also process your personal data as independent controllers. If there is a situation where we process your personal data as a processor, you will receive information about the processing of personal data from the controller on whose behalf we process personal data.
DATA PROTECTION OFFICER
Personal data controller designated the Data Protection Officer (DPO), Paweł Mielniczek. You can contact him concerning your personal data at:
- e-mail: data.protection[at]clicktrans.com;
- mail: al. Grunwaldzka 303, 80-314 Gdańsk, Poland.
PURPOSES & LEGAL BASIS FOR PERSONAL DATA PROCESSING
As we provide various Services both for users who signed in and who did not, we process your data for various purposes, to a different extent and upon a different legal basis enshrined in the GDPR. Below we have grouped the information relating to the processing of your personal data to provide you with the most transparent information possible.
- Services not requiring setting up an account on the Platform:
When you use the Services or Platform functionalities that do not require an Account, such as browsing or searching for content on the webpages of our Platform, we process personal data in order to ensure the functionality of the Platform (Art. 6(1)(f) of the GDPR), and within the scope of specified in the Terms of Service or other agreements concluded with the Controller - in order to take the steps leading to the conclusion or performance of the contract (art. 6(1)(b) of the GDPR).
- Services not requiring setting up an account on the Platform or the App:
When you use our Services based on the Terms of Service or other binding agreement, the legal basis for the processing of personal data is the necessity to perform the contract (Art. 6(1)(b) of the GDPR).
- Data concerning Couriers’ activity, including shipment tracking:
To provide the Couriers with the best suited Listings and provide the Customers with a possibility to find the Couriers best matching routes and criteria they search for, we process data concerning the activity of the Courier, as well as data included in the Courier’s account, including location, shipment types serviced so far, routes on which the Shipments were delivered, evaluation and opinions about the Courier.
The Mobile application plays a special role in providing the rich functionality of the Platform - thanks to its use by a Courier, we can provide the Customer with accurate information on available Couriers, as well as on the Courier’s route and the current position of a shipment ordered by the Customer.
The legal basis for the processing of the personal data, are a legitimate interest of the Controller or a third party, namely to provide the best functionalities of the Service and App, to meet both the needs of the Customers and of the Couriers (Art. 6(1)(f) of the GDPR), or a consent to the processing of personal data, if given (Art. 6 (1)(a) of the GDPR).
- Courier’s identity & credibility verification:
To prevent the use of the Platform and Application for criminal purposes and other abuses, in particular by acting to the detriment of the Platform’s and Application’s administrator and users. For this purpose, we process the data provided by the Couriers in the process of registering and updating the Account, the Courier's registration documents provided by the Courier, and required by the Terms of Service, and data provided in publicly available sources, such as the official business registers, reports of statistical offices or debt exchanges.
For the processing of data indicated above, the legal basis is the legitimate interest of the Controller or of a third party, namely the prevention of abuse or violations of law while using the Platform and the Application (Art. 6(1)(f) of the GDPR).
In order to deal with complaints and requests and to answer your questions, we may process some personal data provided by you in the Account, as well as data regarding the use of our Services or Couriers' services that caused the complaint or request, as well as data included in the documents attached to the complaint or the request. We can also mediate in the transfer of your complaints to the Couriers.
The legal basis for the processing of the indicated data is the legitimate interest pursued by the Controller or a third party (Art. 6(1)(f) of the GDPR).
- Establishment, exercise, or defence of legal claims:
If appropriate, we may process personal data for the establishment, exercise, defence, or proving legal claims. The legal basis for the processing of the indicated data is the legitimate interest pursued by the Controller or a third party (Art. 6(1)(f) of the GDPR) or the necessity to establish, exercise or defend legal claims (Art. 9(2)(f) of the GDPR).
- Statistics of using particular Services and functions of the Platform and App, content matching and information security
- Direct marketing of Controller’s own products or services, including newsletter and remarketing
For this purpose, we process the personal data provided by you when creating the Account and its updating, data on your activity on the Platform and in the Application, including activities that are recorded and stored using cookies, in particular the history of activity, ordered Services and functionalities, search history, clicks on the Platform and Application, login and registration dates, history and your activity related to our communication with you. In the case of remarketing, we use data about your activity to provide you with our marketing messages outside the Platform and Application, and for this purpose we use the services of external suppliers. These services consist in displaying our messages on websites other than our Platform. Details on this matter can be found in the information on cookies later in this document.
The legal basis for the processing of the indicated data is the legitimate interest pursued by the Controller (Art. 6(1)(f) of the GDPR). Providing business information electronically as well as direct marketing calls require prior, express consent of the user (Art. 6(1)(a) of the GDPR).
- Research on market and your opinion
For this purpose, we process information about the Services and functionalities you use, your data provided in the Account or when using the Services and functionalities, a contact e-mail address and responses contained in surveys and forms used for market research. The data collected as part of market research and opinion polling, are not used by us for advertising purposes.
The legal basis for the processing of the indicated data is the legitimate interest pursued by the Controller (Art. 6(1)(f) of the GDPR).
- Fulfilment of legal obligations
Personal data will be processed to fulfil obligations resulting from legal provisions, in particular to fulfil obligations under the accounting act, as well as tax law (Art. 6(1)(c) of the GDPR).
- Consents to personal data processing
Personal data will also be processed for the purposes indicated in the consent to the processing of personal data (Art. 6(1)(a) or Art. 9(2)(a) of the GDPR), provided that such consent had been given. In principle, the consent is given by accepting the consent clause, but in accordance with the guidelines of the European Data Protection Board, the consent may also be expressed through active action.
NOTE: providing information that exceeds the minimum scope of data required during the use of the Platform and Application, is an active action equivalent to consenting to the processing of data for the purpose for which you provided such data to us. Provision of such data does not affect your use of the Platform and Application. Similarly, indicating the recipients of shipments, or persons acting on your behalf or to your benefit, is an active action expressing a consent to contact them.
PERSONALISED ADS & SOCIAL MEDIA PLUGINS
SOURCE AND CATEGORIES OF PERSONAL DATA
As a rule, we process the data provided by you. If you did not provide us with your data, their source is an entity that had your consent to disclose it to the Controller, or another valid legal basis. In this case, the obtained personal data includes the data necessary to process the data for the purposes for which they were made available to us (typically, these are first name, surname, company name, tax identification number, e-mail address, telephone number and / or correspondence address).
To verify the Account, personal data may also be collected from the sources and to the extent indicated in point 4. Courier’s identity & credibility verification, under the section ‘purposes & legal basis for personal data processing’.
OBLIGATION TO PROVIDE YOUR PERSONAL DATA
Providing data is necessary to conclude contracts and carry out financial settlements, as well as to fulfil the Controller’s legal obligations. In the remaining scope, and in particular for the purpose of processing data by the Controller for marketing purposes, providing data is voluntary.
Within the Platform and Application, there may be automated decision-making with a significant effect, to the extent resulting from the provisions of the Terms of Service pursuant to art. 6(1)(b) in conjunction with art. 22(2)(a) of the GDPR. The significant effects are:
- temporary blocking, suspension or deletion of the User Account or content that violates the Terms of Service. Such a decision may be taken as a result of automated processing and may occur as a result of the lack of timely payment of the Platform administrator's remuneration or other acts that have been indicated in the Terms of Service as unacceptable
- presenting selected Couriers with Listings that are more suitable to them. Such a decision is made using the Courier selection algorithm in order to enable the Courier to accept the transportation service of the Delivery in accordance with the Delivery Listing.
- presenting to Customers, the Couriers adjusted to their listings.
- presenting to Users, as a part of the Quick Deal service, with the proposed price of the transportation service of the Delivery. Such a decision may be made based on statistical data.
- assigning promotional labels, including the Top Transporter status or comparative information in relation to other Users or similar ordered deliveries, based on statistical data.
- hiding the advertisement in the search engine after the desired date of transport or in the absence of the Customer’s activity related to the advertisement.
Regarding automated decision-making with a significant effect, you have the right to obtain human intervention from the Controller, to express your own position and to challenge taken decision. Except for the cases above, decisions with significant effect are not taken solely on the basis of automated processing.
RECIPIENTS OF PERSONAL DATA
We provide your personal data to the following categories of recipients:
- Customers, Couriers and persons acting on their behalf or to their benefit, respectively. The Customer and the Courier determine the purposes and means of processing data on their own, without being subject to our instructions in this regard. The Courier, after obtaining the Customers' personal data from the Controller, is obliged to fulfil all obligations under the GDPR towards them. Everyone can see your publicly posted and created offers on the Platform, as well as publicly posted mailings, comments, opinions and messages. By using the functionality, the Courier may also provide Customers with data about his or her location;
- state authorities, e.g. the prosecutor's office, the Police, the Personal Data Protection Office, the Tax Office, if they request it or if it is necessary to fulfil our legal obligations, including financial reporting;
- entities supporting us in our activities on our behalf, in particular: the suppliers of external ICT systems supporting our activities, subcontractors, entities auditing our activities, appraisers, or entities cooperating with the Controller as part of marketing campaigns, and such entities will process data on the basis of contracts with the Controller and only in accordance with his instructions
- entities providing accounting, HR or legal services - to the extent necessary to ensure the implementation of legal obligations or for determination, exercise or defence of legal claims
- banks and payment institutions - if it is necessary to process payments and conduct settlements
- debt registries and exchanges - in the event of non-timely debt repayment and within appropriate legal basis
- service providers that we use to run the Platform, e.g. to fulfil an order. Depending on contractual arrangements and circumstances, these entities act on our behalf or independently define the purposes and means of their processing
- courier and postal companies as well as companies securely disposing or archiving documents and other media - to the extent that data is processed on paper or on these media
PERSONAL DATA TRANSFERS OUTSIDE THE EEA
In principle, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, bearing in mind the services provided by the Controller's subcontractors when implementing support for ICT services and IT infrastructure, the Controller may commission specific IT activities or tasks to recognised subcontractors operating outside the EEA, which may result in the transfer of your data outside the EEA. Countries that are not members of the EEA, which are covered by the decision of the European Commission, ensure an adequate level of protection of personal data in accordance with EEA standards. In the case of recipients in the territory of countries not covered by the decision of the European Commission, in order to ensure an adequate level of this protection, the Controller concludes contracts with recipients of personal data on the basis of standard contractual clauses issued by the European Commission in accordance with Art. 46(2)(c) of the GDPR. A copy of the standard contractual clauses may be obtained from the Controller by using our contact details provided above. The means of safeguarding data comply with the principles set out in Chapter V of the GDPR. You can ask us for additional information on the security measures applied in this regard, obtain a copy of these security measures and information on the place of their disclosure.
DATA SUBJECT RIGHTS
Under circumstances provided for by law, you have the right to: access data and receive a copy of it, rectify (change) data, delete personal data, limit data processing, to data portability - if the legal basis for their processing is consent (Art. 6(1)(a) or Art. 9(2)(a) of the GDPR) or a contract (Art. 6(1)(b) of the GDPR), the right to withdraw consent to data processing when it is the basis for data processing (Art. 6 (1)(a) of the GDPR), the right to object to the processing of personal data - if the legal basis for processing is a legitimate interest (Art. 6(1)(f) of the GDPR). If you find that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority.
More information on the rights of data subjects is available in Art. 12-23 of the GDPR, the text of which can be found at:
As you browse the webpages of the Platform, we use cookie files, hereinafter referred to as ‘Cookies’, i.e. small text information that is stored on your end device in connection with the use of the Platform. Their use is aimed at, among others, the correct operation of the Platform’s webpages.
These files allow you to identify the software used by you and adjust the Platform individually to your needs.
Cookies usually contain the name of the domain they come from, their storage time on the device and the assigned value.
Due to the use of the so-called social plugins, including those enabling the customer to log in to the Platform using accounts on social networks and similar platforms (such as Facebook), the providers of these platforms may also process your personal data as independent controllers. When you visit our Platform, the browser you use may make a direct connection with the servers of entities providing these plug-ins and tools, thanks to which these entities receive information about your use of our Platform and, inter alia, your IP address. If you have an account with such an entity and you are logged in to it, this information may additionally be linked and assigned to your account on the social network. In the event of using the plug-in, in particular including using your account on the platform of an external entity to log into the Account on our Platform, information about it may also be sent directly to that entity. If you do not want the providers of plug-ins, tools or social networking sites to assign your data collected during your visits to our Platform to your profile with a given provider, then before visiting our Platform, make sure you log out of this social networking site. Remember that you can also prevent the loading of plugins on the Platform by using appropriate mechanisms within the browser you use - in accordance with its settings.
The controller tries to exercise due diligence to select only software, including the above-mentioned plugins, from reputable entities that comprehensively outline their rules for the protection of personal data.
The purposes, scope and rules for the collection and further processing of personal data by these entities can be found in their privacy protection rules. We encourage you to read them, you will find them, among others at the following address: http://www.facebook.com/policy.php.
SECURITY AND FILE TYPES
The cookies we use are safe for your devices. In particular, it is not possible for viruses or other unwanted software or malware to enter your devices through cookies.
These files allow, in particular, to identify the software used by you and customise the Platform individually to each User and to create statistics that help to understand how Platform Users use webpages, which allows improving their structure and content and maintaining your session on the Platform (after logging in), thanks to which you do not have to re-enter your login and password on every subpage of the Platform. Cookies usually contain the name of the domain they come from, their storage time on the device and the assigned value.
We use two types of cookies:
⎯ Session cookies: they are stored on your device and remain there until the end of the browser session. The saved information is then permanently deleted from the memory of your device. The session cookies mechanism does not allow the collection of any personal data or any confidential information from your device.
⎯ Permanent cookies: they are stored on your device and remain there until they are deleted. Ending a browser session or turning off the device does not delete them from your device. The persistent cookies mechanism does not allow the collection of any personal data or any confidential information from your device.
PROCESSING PURPOSES - CLICKTRANS PLATFORM
Below we indicate in detail for what purpose they are used and by which entities. Each of these entities also independently determines the principles of their privacy - links to these principles of individual suppliers can also be found below. We encourage you to read them.
As part of the Clicktrans Platform, we use the following cookies:
|Cookie name||Time of existence||Objective||Own/third party||Supplier||Category|
|SFESSID3, SRVID, ct_test_group - until the browser is closed
device_view - 30 days
ctsp-auction-form-estimated-price-range - 1 year
ct_redirect_after_login - 24 hours
|Collecting statistical information on the use of the Platform and the launch of certain Platform actions.|
The basic operation of the Platform - return to the appropriate page after logging in (ct_redirect_after_login)
If you do not want to transfer data to Google Analytics, you can download the add-on for your browser https://tools.google.com/dlpage/gaoptout/
|Third party||Google Ireland based in Ireland||Analytical|
|Third party||Quality Unit, sro based in Slovakia||Necessary|
|Third party||Google Ireland based in
|Third party||Facebook Inc. based in the USA or Facebook Ireland based in Ireland||Marketing|
|Third party||Google Ireland based in Ireland||Marketing|
|From the duration of one session to 1 year||HotJar - cookies are used to monitor user activity for statistical purposes, as well as to make decisions about improving the Platform;
|Third party||Hotjar Ltd,. based in Malta||Analyticalcreated_auction_id|
|created_auction_id||30 days||Basic operation of the Platform (remembering the added listing until logging in or registration)||Own||Controller||Necessary|
PROCESSING PURPOSES - MOBILE APP
As part of the Clicktrans Mobile application, the following applies:
These files allow you to identify the software used by you and adjust the Application individually to your needs.
Cookies usually contain the name of the domain they come from, their storage time on the device and the assigned value.
Cookies are stored on your device and remain there until they are deleted.
We also use third party cookies for the following purposes:
To learn the rules of using Cookies, we recommend that you read the privacy policies of the above-mentioned companies.
Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to your preferences. For this purpose, information about the way you navigate the web or the time you use the Application may be saved.
To view and edit information about your preferences collected by the Google advertising network, you can use the tool available at www.google.com/ads/preferences/
LOCAL STORAGE & SESSION STORAGE
When you use the Services and the functionality of the Mobile application, the Application may use Local Storage and Session Storage technologies that allow you to save files created by you on the Device, facilitating and accelerating the correct operation of the Application. The files saved in the Local Storage enable primarily: the identification of the software used on your Device, individualisation of the Application system to the needs related to the Services offered in our Application, maintenance of the login session as well as keeping statistics of the Application use for further development of the Application.
The Local Storage and/or Session Storage technologies used in our Application are safe for devices. In particular, it is not possible for viruses or other unwanted software or malware to get through using them.
We use Local Storage and/or Session Storage in particular to adjust our Application, including the content displayed in it (including advertising), to your Device, preferences and needs. For this purpose, information about how you navigate in the network, in the Application or when you use the Application, may be saved.
Cookies saved and used by us as well as files saved in Local Storage and/or Session Storage are deleted when you remove (uninstall) the Application, performed in accordance with the messages in the Application and the preferences of the Mobile Device you use.
EDITING, ENABLING, OPT-OUT
We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set optional cookies unless you enable them, using the tool provided to your attention when you first open the website. Using this tool will set a cookie on your device to remember your preferences.
Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org
Before deciding to completely block any cookies, please be aware that necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
Find out how to manage cookies on popular browsers:
Instructions for changing cookie settings for the most popular browsers are available at the following links: