PRIVACY POLICY

I. BACKGROUND
This Privacy Policy applies to personal data being processed by ROHLIG SUUS Logistics S.A.
Personal Data Controller Pursuant to the Regulations of the European Parliament and Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/WE (hereinafter referred to as “GDPR”), your Personal Data Controller is ROHLIG SUUS Logistics SA (hereinafter referred to as “Company” or “Controller”) with seat in Warsaw (02-235), ul. Równoległa 4A. If you consented to providing your personal data for marketing purposes to Grupa ROHLIG SUUS companies, your Personal Data Controller shall be the affiliated companies – the full list of the companies may be found here.
Who to contact about issues related to personal data processing? We have appointed a Data Protection Officer – you may contact this individual about all issues related to personal data processing and to the application of the rights connected with personal data processing. You may get in touch with the Data Protection Officer via e-mail: iodo@suus.com or in writing at our headquarters: ul. Równoległa 4A, 02-235 Warszawa.
II. PERSONAL DATA PROCESSING RIGHTS
Rights of Data Subjects Pursuant to the principles laid out in GDPR, an individual whose personal data is being processed by the Controller has the following rights: the right to access personal data contents, to demand data be corrected, removed, demand its processing be limited, the right to transfer personal data, to object to its processing – in the event when the data is being processed in the Controller’s legitimate interest. Furthermore, when you consent to the processing of your data, you have the right to withdraw this consent to processing at any time. Consent withdrawal does not affect compliance with the processing law if processing had taken place before consent had been withdrawn. You may also file a grievance with a personal data protection supervising authority e.g. with Prezes Urzędu Ochrony Danych Osobowych.
III. PERSONAL DATA PROCESSING
The Controller processes your data as part of the processes described below. Detailed information on the processing of data as part of each process, including on the purposes and the legal basis for this processing and on the storage period, has been provided under the „more” tab.
1. Implementation of logistics and forwarding services 1.1 Processing of personal data of customers and individuals acting on their behalf [more]
1.2 Processing of personal data of carriers and individuals acting on their behalf [more]
2. Working with suppliers Processing of personal data of suppliers and individuals appointed by them to perform under contract [more]
3. Complaints processing Registration and review of complaints and grievances and defense against potential claims or pursuit and establishment of claims for damages [more]
4. Processing of e-contact forms You may contact the Controller via electronic contact forms. When completing the form, you will be required to provide your personal data which will be essential to get in touch with you and handle your query.
4.1 Rate our services – data provided in the form will be processed to register and analyze a rating as part of improving the quality of services provided by the Company [more]
4.2 Report a problem - data provided in the form will be processed to answer a query submitted in connection with the provision of a contracted service [more]
4.3 Request a quote – data provided in the form will be processed to forward commercial communications about the services provided by the Company [more]
4.4 Media contact [more]
5. Marketing activities 5.1 Distribution of e-mail communications about offers or content of interest which may contain sales information (newsletter) [more]
5.2 Other types of activities related to the direct marketing of goods and services (sales information provided via e-mail or phone) [more]
The Controller processes these data to run marketing activities when it’s in the Controller’s legitimate interest or pursuant to consent which may be withdrawn at any time.
IV. STORAGE OF PERSONAL DATA
The period of storage of personal data depends on the purpose of their processing. Detailed information on the storage periods is available under the “more” tab in Section III above.
V. DATA RECEIVERS
Under the provision of services, personal data may be made available to: 1. Carriers the Company works with as regards the provision of forwarding services.
2. Subcontractors who operate and maintain the Company’s IT systems.
3. Consultancy and audit companies and law firms the Company collaborates with.
4. Entities handling customs clearance processes in transit countries and in the destination country.
5. Marketing agencies (as part of marketing services).
6. Entities affiliated with the Controller, including companies part of Grupa ROHLIG SUUS.
VI. SAFEGURDING OF PERSONAL DATA
Please rest assured that we make the best possible effort to ensure that the Controller processes personal data in a manner that respects privacy and takes utmost care to ensure the personal data is processed securely. Specifically, please be assured that we have undertaken all measures foreseen by law to secure the data provided to us, that is:
1. We use appropriate technologies and administrative means to secure personal data processing to the extent that corresponds with the risk of breach of personal freedoms and rights of data subjects.
2. The measures as spoken of in point 1 above are implemented when determining processing methods (e.g. at the design stage) and during processing itself and take into account the current know-how, implementation cost and the nature, scope, context and purpose of data processing.
3. We process data in adherence to the default data protection principle.
4. We secure personal data against accidental or unlawful damage, loss, modification, unlawful disclosure or unauthorized access.
5. We keep records as required by law, including by appropriate data protection policies.
6. Only individuals with appropriate authorizations are allowed to process data.
7. We keep a record of the individuals authorized to process personal data.
8. We control what sort of personal data has been provided to us, who provided it and when, and who it’s being transferred to.
VII. TRANSFER OF PERSONAL DATA TO A THIRD PARTY COUNTRY OR INTERNATIONAL ORGANIZATION
The Controller transfers personal data outside of the EEA only when necessary and by applying appropriate security measures, primarily by:
1. Working with personal data processing entities in the countries in relation to which the European Commission has issued appropriate decisions.
2. Applying standard contractual clauses as issued by the European Commission:
2a Standard contractual clauses for Customers [more]
2b Standard contractual clauses for Carriers [more]
3. Application of binding corporate bylaws approved by an appropriate supervisory authority.
VIII. COOKIES POLICY
The Company’s website uses cookies. Cookies are computer data which are stored on the end user’s device (e.g. computer memory) among others, to adapt the online service to user needs and for statistics purposes. Cookies are not used to establish user identity and do not affect end device performance. More information about cookies may be found here.

 

Approved By: Data Protection Officer
Last Updated: 09.06.2020