PRIVACY AND COOKIE POLICY OF THE EFTI.EU WEBSITE

Last updated: March 18, 2026

The protection of personal data is a top priority for Trans Assist, which is why we provide the following information regarding the handling of personal data and the use of cookies.

I. GENERAL INFORMATION

  1. This Privacy and Cookie Policy of the efti.eu website ("Privacy Policy") applies to the website: https://www.efti.eu ("Website"), which enables the verification of e-CMR documents issued by the Trans Assist platform and presents informational content regarding the implementation status of eFTI and eCMR regulations in individual countries.

  2. The rules for using the Website are set out in the Terms of Service.

  3. The controller with respect to personal data of persons using the Website ("Users") is Trans Assist Sp. z o.o. with its registered office in Kielce, ul. Żniwna 21, 25-419 Kielce, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court Lublin-Wschód in Lublin, 6th Commercial Division of the National Court Register under KRS number 0000805737, NIP 9462691960, REGON 384448444, represented by Piotr Śliwiński, President of the Management Board ("Controller").

  4. For any matter related to the processing of personal data, the Controller may be contacted at the following e-mail address: [email protected] or by phone: +48 885 244 322.

  5. In full respect of Users' right to privacy and protection of personal data, we inform that if personal data are provided to us, we process them in accordance with the requirements of Polish and EU law, in particular in compliance with:

a. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU L 119, p. 1) ("GDPR");

b. the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000);

c. the Act of 18 July 2002 on the Provision of Electronic Services (consolidated text: Journal of Laws 2020, item 344).

  1. Each time the Website is accessed, the system automatically collects data and information about the User's computer system. This data is stored in system log files and is not stored together with other personal data. The following data is collected:

a. information about the browser type and version,

b. information about the operating system,

c. date and time of accessing the website,

d. the website through which the User reached the Website,

e. IP address information,

f. information about the number and type of steps taken and the duration of activity.

  1. Users' personal data – if provided to us during the use of the Website – are processed with the consent of the data subjects or on the basis of legal provisions indicated in the Privacy Policy and solely for the purpose for which they were collected, no longer than is necessary to achieve the purpose of processing. This data is adequately protected against disclosure to unauthorized persons, access by unauthorized persons, processing in violation of personal data protection regulations, alteration, loss, damage, or destruction.

II. INFORMATION ABOUT THE DOCUMENT VERIFICATION FORM AND E-MAIL

  1. The efti.eu Website features a form that enables verification of the authenticity of e-CMR documents issued by the Trans Assist platform. To carry out the verification, the User enters the following data:

a. signature identifier (Signature ID),

b. document issue date.

  1. Data entered in the verification form will be processed solely for the purpose of verifying the authenticity of the e-CMR document. The verification form does not require the User to provide personal data – the signature identifier and date are data identifying the document, not the person performing the verification. However, during the verification process, the User's IP address and the date and time of verification are processed.

  2. The efti.eu Website also presents informational content regarding the implementation status of eFTI (Electronic Freight Transport Information) and eCMR (electronic CMR consignment note) regulations in individual countries. Browsing this content does not require the provision of any personal data.

  3. In the case of subscribing to the Newsletter, data is also processed in the SendPulse database and includes: e-mail address, and sometimes also first and last name.

  4. Contact with Trans Assist can also be established via e-mail, in which case the following data is processed: e-mail address, IP address, date and time of contact, as well as other data voluntarily provided by the User – e.g., first and last name.

  5. Personal data from e-mail messages is processed for the purpose of responding to inquiries. The purpose of data processing also includes the appropriate assignment of subsequent inquiries from the User and improving the quality of our responses in the event of a further inquiry. This data is not shared with third parties.

  6. The legal basis for the processing of data in connection with contact made via e-mail is Art. 6(1)(a) of the GDPR – User's consent, as well as Art. 6(1)(f) of the GDPR – legitimate interest of the Controller.

  7. In the event of contact being made, the processing of personal data may be objected to at any time. To do so, an e-mail containing the objection should be sent to: [email protected] or by traditional mail to the registered office address of Trans Assist. In such a case, however, a response to any inquiry from the User will no longer be possible.

  8. Contact data from e-mail messages is deleted after 6 months or at the latest after a complete response to the inquiry has been provided. Data is deleted without delay once it is no longer necessary to achieve the purpose for which it was collected.

III. INFORMATION ON THE PROCESSING OF PERSONAL DATA (ART. 13-14 GDPR)

  1. The scope of personal data processing on the efti.eu Website is limited due to the informational nature of the Website and the simple document verification mechanism. Users' personal data may be processed for the purpose of handling inquiries submitted via e-mail or through the contact form.

  2. During the use of the Website, the following personal data may be processed:

a. the User's IP address,

b. date and time of using the Website (including document verification),

c. e-mail address – in the case of contact via e-mail or subscribing to the Newsletter,

d. first and last name – in the case of voluntary provision of such data as part of correspondence.

  1. Depending on the manner in which the Website is used, Users' personal data will be processed for the purpose of:

a. enabling the verification of e-CMR document authenticity – the legal basis for data processing is Art. 6(1)(f) of the GDPR – the legitimate interest of the Controller consisting in ensuring the ability to verify documents issued through the Trans Assist platform;

b. handling inquiries and correspondence – the legal basis for data processing is Art. 6(1)(f) of the GDPR – the legitimate interest of the Controller;

c. conducting marketing analyses and marketing communications to improve services – the legal basis for data processing is Art. 6(1)(f) of the GDPR – the legitimate interest of the Controller;

d. detecting and preventing abuse (conducting analyses of User activity on the Website, automatic detection of abuse and improper use of the Website) – the legal basis for data processing is Art. 6(1)(f) of the GDPR – the legitimate interest of the Controller;

e. possible establishment, assertion, or defense against claims – the legal basis is Art. 6(1)(f) of the GDPR – the legitimate interest of the Controller.

  1. Retention period for Users' personal data:

a. technical data (IP address, verification logs) – processed for the period necessary to ensure the security of the Website, but no longer than 12 months;

b. data processed in the scope of basic contact data of Users, for the purpose of exchanging correspondence, as well as for the purpose of offering services – processed until an objection to the processing of data for this purpose is raised or consent is withdrawn, if consent constitutes the basis for data processing.

  1. Users' personal data may be shared with external entities: IT service providers, marketing agencies – including those in the field of e-mail marketing – or other cooperating entities.

  2. Users' personal data may be transferred outside the territory of the European Economic Area, but only on the basis of one of the following mechanisms ensuring an adequate level of protection of personal data:

a. a decision of the European Commission confirming an adequate level of personal data protection in a third country (Art. 45 GDPR), including in particular the adequacy decision regarding the EU-US Data Privacy Framework (DPF) of 10 July 2023 – with respect to entities based in the United States of America that hold valid certification under the DPF;

b. standard contractual clauses approved by the European Commission (Art. 46(2)(c) GDPR);

c. binding corporate rules (Art. 47 GDPR);

d. other appropriate safeguards provided for in Art. 46 GDPR.

In each case, these entities take all necessary measures to ensure the security of personal data processing. The Controller monitors the status of data transfer mechanisms and, if necessary, adjusts the applied safeguards to the current legal framework.

  1. Providing data in the verification form (Signature ID, date) is voluntary but necessary to carry out the verification of an e-CMR document.

  2. Every User, if their data has been provided, has the right to access the content of their personal data processed by Trans Assist and to rectify, erase, or restrict the processing thereof, the right to data portability, as well as the right to object to data processing and the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal. To exercise the above rights, a relevant request should be sent via an electronic message to the e-mail address: [email protected] or in writing to the registered office of the Controller.

  3. Furthermore, anyone who considers that the processing of their personal data violates the GDPR has the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office (UODO).

  4. Automated decision-making and profiling. The Controller informs that within the Website, no decisions are made based solely on automated processing, including profiling, that would produce legal effects concerning the User or similarly significantly affect the User.

IV. CLOUDFLARE TURNSTILE

  1. In order to protect the Website against automated malicious traffic (bots, spam), we use the Cloudflare Turnstile service, provided by Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA.

  2. Cloudflare Turnstile is used to verify whether the User filling in the e-CMR document verification form is a person and not a computer program. As part of this process, the following data may be processed: IP address, browser and device information, data about interaction with the Turnstile widget, and cookies necessary for its operation.

  3. The legal basis for data processing within Cloudflare Turnstile is Art. 6(1)(f) of the GDPR – the legitimate interest of the Controller consisting in protecting the Website against abuse and ensuring security.

  4. Data may be transferred to Cloudflare servers in the USA on the basis of the adequacy decision regarding the EU-US Data Privacy Framework (DPF) or standard contractual clauses (SCC).

  5. More information about data protection by Cloudflare can be found in Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/.

V. COOKIES

A. GENERAL INFORMATION

  1. On the efti.eu Website, we use so-called "cookies." These are small pieces of information sent by the Website and stored on the end device (computer, laptop, tablet, smartphone) used while browsing the website.

  2. When using the Website, a cookie may be stored on the User's system. It contains an individual character sequence necessary for the proper functioning of the Website.

  3. The User has full control over the use of cookies. They are stored on the User's device and transmit data from that device to the Website. The default settings of most browsers accept cookies; by changing browser settings, the transfer of cookies can be blocked or restricted. Cookies stored on the device can be deleted at any time. Cookies can also be deleted automatically through appropriate browser settings. A general blocking of cookie reception from the Website may prevent the User from fully using all Website functions. More information on controlling and deleting cookies in most browsers can be found at: http://www.allaboutcookies.org.

  4. Upon entering the efti.eu website, a cookie consent management banner (so-called CMP – Consent Management Platform) is displayed, operated by CookieYes. The banner enables the User to make an informed choice by:

a. accepting all cookies using the "Accept All" button,

b. rejecting all non-essential cookies using the "Reject All" button (with equal visibility and accessibility as the accept button),

c. making an individual selection of cookie categories using the "Customize Settings" option, where the User can accept or reject individual cookie categories (necessary, functional, analytical, marketing).

Non-essential cookies (analytical, functional) are not activated before the User has given explicit consent.

  1. At any time, the User can change or withdraw their consent to cookies. Withdrawing consent is as easy as giving it – the User can do so via the permanently available cookie consent management button on the Website, as well as through appropriate browser settings.

  2. The Controller keeps records of the granting, modification, or withdrawal of cookie consent, including the date and time of consent, the scope of consent given, the consent identifier, and the version of the information banner, in order to document compliance with the GDPR. These records are retained for the period required by applicable law.

B. COOKIE CATEGORIES

The following categories of cookies are used on the efti.eu Website:

  1. Strictly necessary cookies – these are cookies essential for the proper functioning of the Website. They enable, among other things, the proper operation of the document verification form, Cloudflare Turnstile verification, and ensuring security. These cookies do not require the User's consent, as without them the use of the Website would not be possible.

  2. Functional cookies – used to remember User preferences, such as interface language or display settings. They require prior User consent.

  3. Analytical cookies – enable the analysis of how Users use the Website, including collecting data on visit frequency, session duration, page views, and bounce rate. Data collected using this type of cookies is pseudonymized using technical measures and cannot be attributed to a specific User. They require prior User consent.

The current and detailed list of cookies used on the Website, along with information about their name, provider, purpose, expiry time, and category, is available in the CookieYes consent management panel displayed on the Website.

C. ANALYTICAL AND TRACKING TOOLS

  1. The efti.eu Website uses Google Tag Manager, a solution by Google LLC designed for managing website tags through an interface. Google Tag Manager does not use cookies, does not collect or store personal data. The tool initiates other tags, which in turn may collect data. Google Tag Manager does not access this data. If the tool has been deactivated at the domain or cookie level, the deactivation applies to all tracking tags set by Google Tag Manager.

  2. The efti.eu Website uses LogRocket, a solution designed for recording User sessions on the Website along with logs, network, console, and errors, which allows Trans Assist to improve the Website's UX. More information about LogRocket cookies can be found here: https://logrocket.com/privacy/.

  3. The efti.eu Website uses cookies for Google Analytics analysis. Information generated by cookies regarding Users' use of the Website is transmitted to a Google server and stored there. Google uses this information on behalf of the Website operator to interpret the use of the offering, compile reports on activity, and provide other services related to the online offering and Internet usage. As part of this analysis, pseudonymized User profiles may be created. The legal basis for data processing within Google Analytics is Art. 6(1)(a) of the GDPR – User consent given via the CookieYes banner. Google Analytics cookies are activated only after the User has given consent to the analytical cookie category. The transfer of data to Google servers in the USA is based on the adequacy decision regarding the EU-US Data Privacy Framework (DPF), provided that Google LLC holds valid certification under the DPF, or on standard contractual clauses (SCC).

  4. Trans Assist uses Google Analytics exclusively with the IP address anonymization feature enabled. The IP address transmitted by the User's browser is not combined with other Google data.

  5. Configuring the browser to object to the use of this type of cookie has no negative consequences for Users, as all Website functions remain fully available. To do so, download and install the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

VI. DATA SHARING

  1. Data is shared with external entities only within legally permissible limits.

  2. Data enabling the identification of a natural person is shared only with the consent of the person to whom the data relates.

  3. The Website operator may be obliged to provide information collected through the website to authorized authorities, on the basis of lawful requests, to the extent resulting from such requests.

VII. LIST OF DATA PROCESSORS

In order to provide services and ensure the proper functioning of the Website, the Controller uses the services of the following external entities, to whom Users' personal data may be transferred:

EntityPurpose of processingRegistered officeTransfer basis (outside EEA)
Google LLC (Google Analytics, Google Tag Manager)Web analytics, tag managementUSADPF / SCC
Cloudflare Inc. (Cloudflare Turnstile)Bot protection, user verificationUSADPF / SCC
SendPulse Inc.Email marketing, newsletterUSASCC
LogRocket Inc.User session analysis, UX improvementUSASCC
CookieYes LimitedCookie consent management (CMP)United KingdomUK adequacy decision

The above list is subject to change. The current list of data processors is available upon request at the e-mail address: [email protected].

VIII. FINAL PROVISIONS

  1. The Controller reserves the right to make changes to this Privacy Policy. The Controller will inform Users of any significant changes through an appropriate notice on the Website.

  2. In matters not regulated by this Privacy Policy, the provisions of the GDPR, the Act on the Protection of Personal Data, and the Act on the Provision of Electronic Services shall apply.

  3. This Privacy Policy is effective as of March 18, 2026.