PRIVACY AND COOKIE POLICY OF THE E-CMR.EU WEBSITE

Last updated: March 18, 2026

The protection of personal data is a top priority for Trans Assist, which is why we provide the following information regarding the handling of personal data and the use of cookies.

I. GENERAL INFORMATION

  1. This Privacy and Cookie Policy of the e-cmr.eu website ("Privacy Policy") applies to the website: https://www.e-cmr.eu ("Website"), which enables Users to fill in a form and generate a CMR document in PDF format.

  2. The rules for using the Website are set out in the Terms of Service.

  3. The controller with respect to the personal data of persons using the Website ("Users") is Trans Assist Sp. z o.o. with its registered office in Kielce, ul. Żniwna 21, 25-419 Kielce, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court Lublin-Wschód in Lublin, 6th Commercial Division of the National Court Register, under KRS number 0000805737, NIP 9462691960, REGON 384448444, represented by the President of the Management Board Piotr Śliwiński ("Controller").

  4. For any matter relating to the processing of personal data, the Controller may be contacted at the following e-mail address: [email protected] or by phone: +48 885 244 322.

  5. Fully respecting the right to privacy and protection of Users' personal data, we inform you that if personal data is provided to us, we process it in accordance with the requirements of Polish law and European Union law, and in particular in accordance with the provisions of:

    a. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU L 119, p. 1) ("GDPR");

    b. the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000);

    c. the Act of 18 July 2002 on the Provision of Electronic Services (consolidated text: Journal of Laws of 2020, item 344).

  6. Each time the Website is accessed, the system automatically collects data and information about the User's computer system. This data is stored in system log files and is not stored together with other personal data. The following data is collected:

    a. information about the browser type and version,

    b. information about the operating system,

    c. date and time of accessing the website,

    d. the website through which the User reached the Website,

    e. information about the IP address,

    f. information regarding the number and type of steps taken and the duration of activity.

  7. Users' personal data – if provided to us during the use of the Website – is processed with the consent of the data subjects or on the basis of the legal provisions indicated in this Privacy Policy, and exclusively for the purpose for which it was collected, for no longer than necessary to achieve the purpose of the processing. This data is adequately protected against disclosure to unauthorized persons, acquisition by unauthorized persons, processing in breach of personal data protection regulations, alteration, loss, damage, or destruction.

II. INFORMATION ABOUT THE CMR GENERATION FORM, CONTACT FORM AND NEWSLETTER SUBSCRIPTION FORM

  1. The e-cmr.eu Website features a form that enables Users to enter the data necessary to generate a CMR document in PDF format. Data entered into the CMR generation form is processed solely for the purpose of generating a PDF document at the User's request – it is not saved or stored by the Service Provider after the document has been generated. This data may include, in particular:

    a. sender data: company name, registered office address, contact person's name and surname, phone number, e-mail address,

    b. carrier data (successive carriers): company name, registered office address, contact person's name and surname, phone number, e-mail address,

    c. consignee data: company name, registered office address, contact person's name and surname, phone number, e-mail address,

    d. place of loading and unloading (addresses),

    e. description of goods: type, quantity, weight, volume, markings, method of packaging,

    f. instructions relating to customs clearance and other sender's instructions,

    g. carrier's reservations and remarks,

    h. vehicle registration number,

    i. data concerning documents attached to the consignment note,

    j. User's IP address, date and time of document generation.

  2. The e-cmr.eu Website also provides a contact form enabling the User to send an inquiry to the Service Provider. The following personal data is processed as part of the contact form:

    a. first name,

    b. surname,

    c. phone number,

    d. e-mail address,

    e. message content,

    f. User's IP address, date and time of form submission.

  3. Personal data submitted via the contact form is processed for the purpose of responding to the User's inquiry, handling the submission and properly assigning subsequent inquiries from the User. Providing data in the contact form is voluntary but necessary to submit an inquiry and receive a response.

  4. The legal basis for processing personal data submitted via the contact form is Art. 6(1)(b) GDPR – necessity to take steps at the request of the data subject prior to entering into a contract, as well as Art. 6(1)(f) GDPR – legitimate interest of the Controller consisting in handling User inquiries.

  5. In the case of subscribing to the Newsletter, data is also processed in the SendPulse database and includes: e-mail address, and sometimes also name and surname.

  6. Contact with Trans Assist can also be made via e-mail, in which case the following data is processed: e-mail address, IP address, date and time of contact, as well as other data voluntarily provided by the User – e.g. name and surname.

  7. Personal data from the contact form and from e-mail messages is processed for the purpose of responding to the inquiry. The purpose of processing data is also the proper assignment of subsequent inquiries sent by the User and improving the quality of our responses in case of further inquiries. This data is not disclosed to third parties.

  8. The legal basis for processing data in connection with contact via e-mail is Art. 6(1)(a) GDPR – User's consent, as well as Art. 6(1)(f) GDPR – legitimate interest of the Controller.

  9. In the case of making contact (both via the contact form and via e-mail), the User may object to the processing of personal data at any time. To do so, an e-mail containing the objection should be sent to: [email protected] or by regular mail to the registered office address of Trans Assist. However, in such a case, a response to any inquiry from the User will no longer be possible.

  10. Contact data from the contact form and from e-mail messages is deleted after 6 months or at the latest after providing a complete response to the inquiry. Data is deleted immediately once it is no longer necessary to achieve the purpose for which it was collected.

III. INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA (ART. 13-14 GDPR)

  1. Users' personal data entered in the CMR document generation form will be used solely for the purpose of generating a CMR document in PDF format at the User's request. Data submitted via the contact form is processed for the purpose of handling the User's inquiry. Data may also be processed for the purpose of handling an inquiry sent via e-mail.

  2. When using the Website, the following categories of personal data may be processed:

    a. names and surnames of persons indicated in the CMR generation form (sender, carrier, consignee, contact persons),

    b. company addresses and loading/unloading point addresses,

    c. phone numbers and e-mail addresses of contact persons,

    d. first name, surname, phone number, e-mail address and message content – in the case of using the contact form,

    e. User's IP address,

    f. date and time of document generation or contact form submission.

  3. Depending on the content of the inquiry or the manner of using the Website, Users' personal data will be processed for the purpose of:

    a. generating a CMR document at the User's request – the legal basis for data processing will be Art. 6(1)(b) GDPR – necessity for the performance of a service requested by the User, or Art. 6(1)(a) GDPR – User's consent;

    b. handling inquiries and correspondence – the legal basis for data processing will be Art. 6(1)(f) GDPR – legitimate interest of the Controller;

    c. conducting marketing analyses and marketing communication to improve services – the legal basis for data processing will be Art. 6(1)(f) GDPR – legitimate interest of the Controller;

    d. detecting and preventing abuse (conducting analyses of User activity on the Website, automatic detection of abuse and improper use of the Website) – the legal basis for data processing will be Art. 6(1)(f) GDPR – legitimate interest of the Controller;

    e. potential establishment, pursuit, or defense against claims – the legal basis will be Art. 6(1)(f) GDPR – legitimate interest of the Controller.

  4. Retention period for Users' personal data:

    a. data entered in the CMR generation form – data is not saved or stored by the Controller; it is processed solely in volatile memory for the duration of the PDF document generation and is not retained after its generation;

    b. data submitted via the contact form – is deleted after 6 months or at the latest after providing a complete response to the User's inquiry, unless further processing is necessary for the establishment, pursuit or defense against claims;

    c. data processed in the scope of basic contact data of Users, for the purpose of correspondence and for offering services – processed until an objection to the processing of data for this purpose is submitted or consent is withdrawn, if consent constitutes the basis for data processing.

  5. Users' personal data may be disclosed to external entities: IT service providers, marketing agencies – including those in the field of email marketing – or other cooperating entities.

  6. Users' personal data may be transferred outside the territory of the European Economic Area, but only on the basis of one of the following mechanisms ensuring an adequate level of personal data protection:

    a. a European Commission decision establishing an adequate level of personal data protection in a third country (Art. 45 GDPR), including in particular the adequacy decision regarding the EU-US Data Privacy Framework (DPF) of July 10, 2023 – with respect to entities based in the United States of America that hold a valid certification under the DPF;

    b. standard contractual clauses approved by the European Commission (Art. 46(2)(c) GDPR);

    c. binding corporate rules (Art. 47 GDPR);

    d. other appropriate safeguards provided for in Art. 46 GDPR.

    In each case, these entities take all necessary measures to ensure the security of personal data processing. The Controller monitors the status of data transfer mechanisms and, if necessary, adjusts the safeguards applied to the current legal situation.

  7. Providing data is voluntary but necessary for generating a CMR document or submitting an inquiry via the contact form. Failure to provide the required data will prevent, respectively, the generation of the document or the submission of the inquiry.

  8. Every User whose data has been provided has the right to access their personal data processed by Trans Assist and to rectify, delete, or restrict processing thereof, the right to data portability, as well as the right to object to data processing and the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. To exercise the above rights, a relevant request should be sent via electronic message to the e-mail address: [email protected] or in writing to the registered office address of the Controller.

  9. Furthermore, anyone who considers that the processing of their personal data infringes the provisions of the GDPR has the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).

  10. Automated decision-making and profiling. The Controller informs that within the Website no decisions are made based solely on automated processing, including profiling, that would produce legal effects concerning the User or similarly significantly affect them.

IV. CLOUDFLARE TURNSTILE

  1. To protect the Website from automated, malicious traffic (bots, spam), we use the Cloudflare Turnstile service, provided by Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA.

  2. Cloudflare Turnstile is used to verify whether the User filling in the form is a person and not a computer program. As part of this process, the following data may be processed: IP address, browser and device information, data on interaction with the Turnstile widget, and cookies necessary for its operation.

  3. The legal basis for data processing within Cloudflare Turnstile is Art. 6(1)(f) GDPR – the legitimate interest of the Controller consisting in protecting the Website from abuse and ensuring security.

  4. Data may be transferred to Cloudflare servers in the USA on the basis of the adequacy decision regarding the EU-US Data Privacy Framework (DPF) or standard contractual clauses (SCC).

  5. More information about Cloudflare's data protection can be found in the Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/.

V. COOKIES

A. GENERAL INFORMATION

  1. On the e-cmr.eu Website we use so-called "cookies." These are small pieces of information sent by the Website and stored on the end device (computer, laptop, tablet, smartphone) used while browsing the website.

  2. When using the Website, a cookie may be stored on the User's system. It contains an individual sequence of characters necessary for the proper functioning of the Website.

  3. The User has full control over the use of cookies. They are stored on the User's device and transmit data from that device to the Website. The default settings of most browsers accept cookies; by changing the browser settings, the transmission of cookies can be blocked or restricted. Cookies stored on the device can be deleted at any time. Cookies can also be deleted automatically by adjusting the appropriate browser settings. A general blocking of cookies from the Website may prevent the User from fully using all the functions of the Website. More information about controlling and deleting cookies in most browsers can be found at: http://www.allaboutcookies.org.

  4. Upon visiting e-cmr.eu, a cookie consent management banner (so-called CMP – Consent Management Platform) is displayed, operated by CookieYes. The banner enables the User to make an informed choice by:

    a. accepting all cookies using the "Accept all" button,

    b. rejecting all non-essential cookies using the "Reject all" button (with equal visibility and accessibility as the accept button),

    c. making an individual selection of cookie categories using the "Customize settings" option, where the User can accept or reject specific cookie categories (necessary, functional, analytical, marketing).

    Non-essential cookies (analytical, functional) are not activated before the User gives explicit consent.

  5. At any time, the User may change or withdraw their consent to cookies. Withdrawing consent is as easy as giving it – the User can do so via the permanently available cookie consent management button on the Website, as well as through the appropriate settings of their browser.

  6. The Controller maintains records of the granting, modification, or withdrawal of consent to cookies, including the date and time of consent, the scope of consent granted, the consent identifier, and the version of the information banner, for the purpose of documenting compliance with GDPR provisions. These records are retained for the period required by applicable law.

B. COOKIE CATEGORIES

On the e-cmr.eu Website, we use the following cookie categories:

  1. Strictly necessary cookies – these are cookies essential for the proper functioning of the Website. They enable, among others, the proper operation of the CMR generation form, Cloudflare Turnstile verification, and security assurance. These cookies do not require the User's consent, as use of the Website would not be possible without them.

  2. Functional cookies – used to remember User preferences, such as interface language or display settings. They require the User's prior consent.

  3. Analytical cookies – enable analysis of how Users use the Website, including collecting data on visit frequency, session duration, page views, and bounce rate. Data collected using this type of cookie is pseudonymized using technical measures and cannot be attributed to a specific User. They require the User's prior consent.

A current and detailed list of cookies used on the Website, including information about their name, provider, purpose, expiration time, and category, is available in the CookieYes consent management panel displayed on the Website.

C. ANALYTICAL AND TRACKING TOOLS

  1. The e-cmr.eu Website uses the Google Tag Manager tool, a solution by Google LLC designed for managing website tags through an interface. The Google Tag Manager tool does not use cookies, and does not collect or store personal data. The tool initiates other tags, which in turn may collect data. Google Tag Manager does not access this data. If the tool has been deactivated at the domain or cookie level, the deactivation applies to all tracking tags set by Google Tag Manager.

  2. The e-cmr.eu Website uses the LogRocket tool, a solution designed for recording User sessions on the Website along with logs, network, console, and errors, which allows Trans Assist to improve the Website UX. More information about LogRocket cookies can be found here: https://logrocket.com/privacy/.

  3. The e-cmr.eu Website uses cookies for Google Analytics analysis. The information generated by cookies regarding Users' use of the Website is transmitted to and stored on a Google server. Google uses this information on behalf of the Website operator to interpret the use of the offering, compile reports on activity, and provide other services related to the online offering and internet usage. As part of this analysis, pseudonymized User profiles may be created. The legal basis for data processing within Google Analytics is Art. 6(1)(a) GDPR – User's consent given via the CookieYes banner. Google Analytics cookies are only activated after the User consents to the analytical cookie category. Data transfer to Google servers in the USA is carried out on the basis of the adequacy decision regarding the EU-US Data Privacy Framework (DPF), provided that Google LLC holds a valid DPF certification, or on the basis of standard contractual clauses (SCC).

  4. Trans Assist uses Google Analytics exclusively with the IP address anonymization feature enabled. The IP address transmitted by the User's browser is not combined with other Google data.

  5. Configuring the browser to object to the use of this type of cookie has no negative consequences for Users, as all Website functions remain fully available. To do so, download and install the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=pl.

VI. DATA SHARING

  1. Data is shared with external entities only within the limits permitted by law.

  2. Data enabling the identification of a natural person is disclosed only with the consent of the person to whom the data relates.

  3. The Website operator may be obliged to provide information collected by the website to authorized authorities, on the basis of lawful requests within the scope resulting from the request.

VII. LIST OF DATA PROCESSORS

In order to provide services and ensure the proper functioning of the Website, the Controller uses the services of the following external entities, to which Users' personal data may be transferred:

EntityProcessing purposeRegistered officeTransfer basis (outside EEA)
Google LLC (Google Analytics, Google Tag Manager)Web analytics, tag managementUSADPF / SCC
Cloudflare Inc. (Cloudflare Turnstile)Bot protection, user verificationUSADPF / SCC
SendPulse Inc.Email marketing, newsletterUSASCC
LogRocket Inc.User session analysis, UX improvementUSASCC
CookieYes LimitedCookie consent management (CMP)United KingdomUK adequacy decision

The above list is subject to change. A current list of data processors is available upon request at the e-mail address: [email protected].

VIII. FINAL PROVISIONS

  1. The Controller reserves the right to make changes to this Privacy Policy. The Controller will inform Users of any significant changes through an appropriate notice on the Website.

  2. In matters not regulated by this Privacy Policy, the provisions of the GDPR, the Act on the Protection of Personal Data, and the Act on the Provision of Electronic Services shall apply.

  3. This Privacy Policy is effective as of March 18, 2026.