Privacy policy and cookies

PRIVACY POLICY

e-containers.eu

§ 1 General Provisions

1. The controller of personal data of users of the Portal available under the domains kontenerowy.pl, e-containers.eu, econtainers.ru, e-containers.de, e-containers.pl, 4containers.eu, 4containers.ru, 4containers.pl, 4containers.de is RR Media Sp. z o.o., with its registered office in Gdynia, ul. Janka Wiśniewskiego 31, unit 328, registered in the Register of Entrepreneurs of the National Court Register maintained by the District Court in Gdańsk, 8th Commercial Division of the National Court Register, under KRS number: 298676, NIP: 9581581485, REGON: 220559694 (hereinafter: “Controller”).
2. The Controller has designated an electronic contact point for direct communication with the authorities of Member States, the Commission, and the Digital Services Council: bok@e-containers.eu. This same contact point may also be used by any User for direct and prompt communication with the Controller. The Controller can also be contacted in writing at the address indicated above, via the contact form available on the website, or by phone at: +48 603 244 040 (Portal working hours: 8:00–16:00 on business days; call charges as per the standard tariff plan of the User’s service provider). Communication may be conducted in Polish or English.
3. The purpose of this Policy is to define the actions taken regarding personal data collected through the Controller’s website and related services and tools used by its users, as well as in the course of concluding and performing contracts outside the website.
4. If necessary, the provisions of this Policy may be amended. Any changes will be communicated to users by publishing the new content of the Policy, and in the case of a database of persons who have consented to data processing via email or provided email data when concluding contracts, they will also be notified of the change by email.

§ 2 Legal Basis, Purposes, and Storage of Personal Data.

1. Users’ personal data are processed in accordance with the General Data Protection Regulation (GDPR), the Personal Data Protection Act, the Personal Data Protection Act of 10 May 2018, and the Act on the Provision of Electronic Services of 18 July 2002, as amended, and for the purpose of making a notification under Article 16(1) of Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act) (OJ L 277, 2022, p. 1, as amended; “DSA”), also under Article 3(h) of the DSA.
2. The Controller may collect the following data for the following purposes:

Purpose of data processing	Legal basis for processing and data retention period	Data retention period	Scope of processed data
Performance of the contract with the Client or taking steps at the request of the data subject prior to entering into the above-mentioned contracts	Article 6(1)(b) of the GDPR (performance of a contract).	• For the duration of the above-mentioned contract, until the expiration of any legal obligations related to accounting • Data will be processed until the end of the period during which claims may be legally pursued	• Company name • Email address • Phone number • Address (street, house number, apartment number, postal code, city, country) • Company name • Tax Identification Number
Direct marketing	Article 6(1)(f) of the GDPR (legitimate interests of the controller). The controller may process data for the purpose of direct marketing only after obtaining consent and in the absence of objection from the data subject.	• Until consent is withdrawn – remember, you can withdraw your consent at any time. Processing of data until you withdraw your consent remains lawful. • Data will be processed until the end of the period during which claims may be legally pursued	• Email address • Phone number
Marketing	Article 6(1)(a) of the GDPR (consent).	• Until consent is withdrawn – remember, you can withdraw your consent at any time. Processing of data until you withdraw your consent remains lawful. • Data will be processed until the end of the period during which claims may be legally pursued. • Until you unsubscribe from the newsletter.	• Company name • Email address • Phone number • Address (street, house number, apartment number, postal code, city, country)
Accounting / Bookkeeping	Article 6(1)(c) of the GDPR in connection with Article 86 §1 of the Tax Ordinance or Article 74(2) of the Accounting Act.	• Data will be processed until the end of the period during which claims may be legally pursued. • Data is stored for the period required by law (tax records or accounting records - usually 5 years).	• Company name • Email address • Phone number • Address • Tax Identification Number (NIP) • Company name
Processing a refund	Performance of the Contract or taking steps at the request of the data subject prior to entering into the Contract (Article 6(1)(b) of the GDPR).	• 5 years after the termination of business relations with the Client	• Company name • Email address • Phone number • Address • Business entity data
Establishing, pursuing, or defending claims that may be raised by the Controller or against the Controller	Article 6(1)(f) of the GDPR	• Data is stored for the duration of our legitimate interest, but no longer than the statute of limitations for claims against the data subject arising from our business activities.	• Email address • Phone number • Address • Tax Identification Number (NIP) • Company name
Conducting research and analyses to improve the performance of available services	Article 6(1)(f) of the GDPR (legitimate interests of the controller).	• Data will be processed until the end of the period during which claims may be legally pursued. • Until the expiration or deletion of cookies used for analytical purposes.	• Company name • Email address • Phone number • Address • Computer components • Settings • Installed software
Collection of telemetry data	Article 6(1)(f) of the GDPR (legitimate interests of the controller).	• Until the expiration or deletion of cookies used for analytical purposes.	• IP address • Approximate location based on IP address • User identifier • Software usage and sharing
Client account registration	Performance of the Contract or taking steps at the request of the data subject prior to entering into the Contract (Article 6(1)(b) of the GDPR).	• 5 years after the termination of business relations with the Client	• Company name • First and last name • Email address • Phone number • Personal Identification Number • Address • Business entity data
Sending notifications to the Client	Performance of the Contract (Article 6(1)(b) of the GDPR) Fulfillment of a legal obligation (Article 6(1)(c) of the GDPR)	• 5 years after the termination of business relations with the Client	• Company name • Email address • Phone number • PESEL • Address • Business entity data
Providing customer service	Performance of the Contract (Article 6(1)(b) of the GDPR).	• 5 years after the termination of business relations with the Client • 2 years after the last update of the Client’s inquiry	• Company name • Email address • Phone number • Address • Business entity data
Proper functioning of the Portal	Maintaining and improving the performance of the Portal (Article 6(1)(f) of the GDPR).	• 5 years after the termination of business relations with the Client	• As in the cell above • Information about actions performed on the Portal (clicks, visit duration, etc.)
Tracking Portal visits for security purposes	Protection and security of the Portal (Article 6(1)(f) of the GDPR).	• 3 years	• User ID • IP address • Browser • Content and URLs accessed • Date and time of connections
Protecting Clients from the use of disclosed login passwords	Protection and security of the Portal (Article 6(1)(f) of the GDPR).	• Time necessary for the Administrator to verify the password	• User ID • Client password
Enabling the Client to reset their password	Protection and security of the Portal (Article 6(1)(f) of the GDPR).	• 5 years after the termination of business relations with the Client	• First and last name • Company name • Email address • Business entity data • Client password • User ID
Monitoring compliance with regulations, contracts, and privacy policies	Protection and security of the Portal (Article 6(1)(f) of the GDPR).	• 5 years after the termination of business relations with the Client	• Transaction data • Business entity data
Processing requests regarding personal data	Article 6(1)(c) of the GDPR	• For the duration of the Administrator’s legitimate interest, but no longer than the statute of limitations for claims.	• First and last name • Company name • Email address • Phone number • Address • Tax Identification Number
Providing information to law-enforcement authorities and other state institutions	Article 6(1)(c) of the GDPR	• The period of the existence of the Controller’s legitimate interest (limitation period for claims).	• First and last name • Email address • Telephone number • Address • Tax ID • Company name
Fulfilment of the legal obligation set out in Article 16(1), (4), (5) and (6) of the DSA	Article 6(1)(c) of the GDPR	• Until notification of the decision made by the Controller regarding the submitted notice • Until notification of the possibility of appealing the decision	• First and last name • Email address • Telephone number • Address • Tax identification number • Company name
Processing of personal data based on proceedings conducted before competent public administration authorities	Article 6(1)(c) of the GDPR	• For the duration of such an obligation.	• First and last name • Email address • Telephone number • Address • Tax identification number • Company name

1. If a separate consent is obtained from the user, their personal data may also be processed by the Controller for the purpose of sending notifications related to the operation of the Portal (Article 6(1)(a) of the General Data Protection Regulation).
2. Users’ personal data are stored no longer than necessary to achieve the purpose of processing, i.e., until consent is withdrawn if processing is based on such consent, until the limitation period for the Controller’s claims and claims of the other party in relation to the execution of concluded contracts expires (in the case of sales/service contracts, 2 years counted until the end of the year), or until an inquiry sent via email is resolved or a complaint is processed. After this period, the Client’s personal data will be processed by the Controller based on Article 6(1)(f) GDPR, i.e., for purposes arising from legitimate interests pursued for marketing campaigns.
3. To the extent necessary for the proper functioning of the website, its features, and the correct execution of payment operations (if such operations are performed via the website), the site uses the User’s metadata. Metadata refers to the process of reading and recognizing by the website’s IT system the configuration and components of the user’s computer in order to adjust the site to its capabilities and establish a secure connection between the user’s computer and the website. Importantly, such metadata cannot lead to the identification of the User and are not harmful to the data stored on the computer. Nevertheless, the User has the right to withdraw consent to the processing of metadata at any time by appropriately configuring their browser or installing a plugin provided by the browser manufacturer. For this purpose, the User should consult the software manufacturer and follow its recommendations.
4. Personal data of users collected for the purpose of performing a user account agreement are stored for 2 years from the last purchase made through the account and no longer than 3 years from that activity.
5. The Controller may use profiling for direct marketing purposes, but decisions made based on profiling do not concern the conclusion or refusal to conclude a contract, or the ability to use electronic services. Profiling may, for example, result in offering a discount or better terms compared to the standard offer. Despite profiling, the individual freely decides whether to use the received discount or better terms. Profiling involves the automatic analysis or prediction of an individual’s behavior on the Controller’s site or through the analysis of previous activity history on the site.
6. To the extent necessary for the proper functioning of the website and its features, the site may collect other information during the User’s use, including: a) IP address; b) information about the device, hardware, and software, such as hardware identifiers and mobile device identifiers (e.g., Apple Identifier for Advertising [“IDFA”] or advertising identifier on an Android device [“AAID”]); c) platform type; d) settings and components; e) approximate geolocation data (based on IP address or device settings); f) web browser data, including browser type and preferred language.
7. Considering the nature, scope, context, and purposes of processing, as well as the risk of infringement of the rights or freedoms of natural persons with varying likelihood and severity of risk, the Controller implements appropriate technical and organizational measures to ensure processing is carried out in accordance with the regulation and to demonstrate compliance. These measures are reviewed and updated as necessary. The Controller applies technical measures to prevent unauthorized access to and modification of personal data transmitted electronically.

§ 3 Sharing of Data / Entrusting the Processing of Personal Data

1. The Controller ensures that all collected personal data are used to fulfill obligations toward users. This information will not be shared with third parties, except in the following cases: a) when explicit consent has been previously given by the individuals to whom the data relate; or b) when the obligation to provide such data arises or will arise from applicable law, e.g., to law enforcement authorities.
2. Additionally, the personal data of service recipients and clients may be shared with the following recipients or categories of recipients: a) service providers supplying the Controller with technical, IT, and organizational solutions enabling the Controller to conduct business activities, including the website and electronic services provided through it (in particular, software providers, marketing agencies, email and hosting providers, software for business management, and technical support for the Controller and product delivery operators) – the Controller shares the Client’s collected personal data with the selected provider acting on its behalf only to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy. b) accounting, legal, and advisory service providers supporting the Controller in accounting, legal, or advisory matters (in particular, accounting offices, law firms, or debt collection companies) – the Controller shares the Client’s collected personal data with the selected provider acting on its behalf only to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy. c) Users providing their services within the Portal – the Controller shares the collected personal data with Users within the Portal to the extent necessary to enable them to perform the ordered service based on the submitted offer and for settlement purposes, in accordance with data processing principles set out in this privacy policy.
3. The Controller may share anonymized data (i.e., data that do not identify specific Users) with external service providers in order to better understand the attractiveness of advertisements and services for users. In this context, due to the location of the software providers, data may be transferred—while ensuring their protection—to third countries that provide an adequate level of protection through standard contractual clauses or bilateral agreements. The entities in this context, in the case of the Controller, include:
   • Google LLC (headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for the following tools/programs:
     • Google Analytics, used for analyzing website statistics;
     • Google Tag Manager, used for managing scripts;
     • Google Ads, used for displaying sponsored links;
     • Google Workspace, enabling comprehensive website editing and coordination;
     • Google Bots, used to index websites. More information: https://developers.google.com/search/docs/crawling-indexing/googlebot?hl=pl
4. The Controller always informs about the intention to transfer personal data outside the EEA at the stage of data collection.
5. The Controller continuously conducts risk analysis to ensure that personal data are processed securely—primarily ensuring that only authorized persons have access to the data.
6. The Controller takes all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures.
7. Third-party analytics technologies integrated with the Controller’s services (including SDKs and APIs) may combine data collected in connection with a User’s use of the Controller’s website with information they have collected separately over time and/or across different platforms.
8. The Controller’s website may use Google Analytics. Google Analytics uses cookies to help website operators analyze how visitors use the site. Information generated by cookies is generally transmitted to and stored on Google’s servers in the United States. IP addresses are anonymized. Google will not associate the IP address provided via Google Analytics with any other data it holds. More information: www.google.com/policies/privacy/partners. Opt-out plugin: http://tools.google.com/dlpage/gaoptout.
9. When sharing data with third parties, the Controller makes every effort to ensure that this is done only with entities meeting the criteria and requirements set out under Articles 46 or 49 of the GDPR.
10. Regarding data transferred to the United States, the Controller ensures that transfers are made in accordance with the “EU-US Data Privacy Framework” or, if the importer is not a participant, based on EU standard contractual clauses.

§ 4 User Rights

1. A User whose personal data are being processed has the right to: a) access, rectification, restriction, deletion, or data portability; b) withdraw consent at any time; c) file a complaint with the supervisory authority (President of the Personal Data Protection Office in Warsaw); d) object to processing; e) object to direct marketing.
2. The exercise of the above rights is carried out based on a request sent by the User to the email address bok@e-containers.eu. The request should include the User’s first and last name.
3. The User guarantees that the data provided or published by them on the Portal are accurate.

§ 5 Cookies

1. “Cookies” are understood as IT data, in particular text files, stored on the end devices of users used by the browser to save certain settings and data for the purpose of using websites.
2. Cookies specifically contain the name of the domain of the website they come from, the duration of storage on the end device, and a unique number used to identify the browser connecting to the website.
3. Cookies are used for the purposes of: a) adapting website content to user preferences and optimizing website usage; b) creating anonymous statistics that help determine how users use the website; c) delivering website content and advertisements tailored to user interests. Cookies do not identify the user.
4. The main classification of cookies is as follows: a) Essential cookies – absolutely necessary for the proper functioning of the website; b) Functional cookies – enhance website functionality and ensure a high level of functionality; c) Business cookies – enable the implementation of the website’s business model (e.g. advertising); d) Configuration cookies; e) Security and reliability cookies; f) Authentication cookies; g) Session-state cookies; h) Process-monitoring cookies; i) Advertising cookies; j) Location-access cookies; k) Analytical, research, or audience audit cookies.
5. The use of cookies to tailor website content to user preferences generally does not involve collecting any information that would identify the user. However, such information may sometimes constitute personal data. Such data are encrypted to prevent unauthorized access.
6. Cookies used on this website are not harmful to the user or the end device used by the user. Therefore, for the proper functioning of the website, it is recommended not to disable cookies in browsers.
7. Cookies are also used to facilitate logging into a user account and to allow navigation between subpages without having to log in again.
8. Within cookie technology, the Controller may use tracking pixels or clear GIF files.
9. The Controller may use web server log files (which contain technical data, such as the user’s IP address) to monitor traffic.
10. The Controller informs that the website does not respond to Do Not Track (DNT) signals.
11. Detailed information on changing cookie settings and manually deleting cookies in the most popular web browsers is available in the browser’s help section and on the following pages: a) Google Chrome b) Mozilla Firefox c) Microsoft Edge d) Opera e) Safari macOS f) Safari iOS/iPadOS
12. Detailed information on managing cookies on a mobile phone or other mobile device should be available in the user manual for that device.