Personal Data Processing Policy
In this policy, we explain how Sinid International Logistics s.r.o. processes the personal data of website visitors, customers, business partners, contact persons, job applicants and other data subjects.
1. Who Processes Your Personal Data
The controller of personal data is Sinid International Logistics s.r.o., Company ID No.: 53636619, Tax ID No.: 2121431400, with its registered office at Trieda KVP 3111/1, 040 23 Košice, Slovak Republic.
sinid@sinid.eu
+421 940 609 225
ceo@sinid.eu
Šimon Krasnický
2. Who This Policy Applies To
This policy applies mainly to:
- visitors to our website,
- persons who send us an enquiry or another message via a web form, by email or by phone,
- customers and potential customers,
- contact persons of customers, business partners and suppliers,
- senders, recipients or other contact persons involved in transport and logistics services,
- job applicants or cooperation applicants,
- persons to whom we send business information, provided that we have the relevant legal basis.
3. What Personal Data We Process
Depending on the specific situation, we may process mainly the following categories of personal data:
- identification data, such as name, surname, company name, job title, company ID number or other identification data of an entrepreneur,
- contact data, such as email address, phone number, address or billing details,
- data contained in your message, enquiry or order,
- data relating to requested or provided logistics, transport, warehousing, customs or related services,
- data necessary for preparing a price offer, concluding and performing a contract,
- data necessary for issuing an invoice, handling a complaint or defending legal claims,
- data provided in a CV, cover letter or other response from an applicant,
- data on the history of business and customer communication,
- technical data related to the use of the website, such as IP address, date and time of access, basic logs, device and browser data,
- data obtained through cookies or similar technologies according to your settings.
4. From Which Sources We Obtain Data
We usually obtain personal data directly from you when you complete a form, send us an email, call us, order a service or otherwise communicate with us.
In business and logistics relationships, we may also process, to the necessary extent, data obtained from your employer, business partner, customer, supplier, carrier, customs representative, shipment recipient, shipment sender or from publicly available business sources, if this is necessary for the preparation, conclusion or performance of a business relationship.
If we do not obtain personal data directly from you, we will provide you with information to the extent and within the period required by the GDPR, unless a statutory exemption applies.
5. For What Purposes and on What Legal Bases We Process Data
We process personal data only for specific, explicitly defined and legitimate purposes and always on the relevant legal basis.
5.1 Handling Enquiries and Communication Before Entering Into a Contract
We process your data for the purpose of handling a contact enquiry, answering a question, preparing a price offer, communicating about the requested service and taking steps before entering into a contract.
Legal basis: Article 6(1)(b) GDPR, where this concerns steps prior to entering into a contract at your request; or Article 6(1)(f) GDPR, where we communicate with the contact person of a legal entity. Legitimate interest: properly handling business communication and responding to enquiries.
5.2 Conclusion and Performance of a Contract
We process personal data for the purpose of concluding and performing a contract, especially when providing logistics, transport, warehousing, customs and related services, managing transport, communicating with carriers and partners, processing documentation, invoicing, handling complaints and defending legal claims.
Legal basis: Article 6(1)(b) GDPR, where the data subject is a contracting party; Article 6(1)(f) GDPR when processing data of contact persons of customers, partners, suppliers, senders or recipients; or Article 6(1)(c) GDPR, where processing is required by law. Legitimate interest: proper provision of services, organisation of business cooperation and protection of legal claims.
5.3 Management of Business and B2B Communication
We process data of contact persons of customers, partners and suppliers for the purpose of conducting business communication, organising cooperation, recording communication history and protecting our legal claims.
Legal basis: Article 6(1)(f) GDPR. Legitimate interest: effective business communication, management of relationships with customers and partners and protection of legal claims.
5.4 Recruitment Process
If you send us a CV, cover letter or another response to a job or cooperation opportunity, we process your data for the purpose of assessing your response and carrying out the recruitment process.
Legal basis: Article 6(1)(b) GDPR to the extent of steps prior to entering into a contract at the applicant’s request; or Article 6(1)(f) GDPR for the organisational handling of the recruitment process. Legitimate interest: selection of a suitable candidate and administrative handling of the recruitment process.
If we wish to keep your CV for future job or cooperation opportunities, we will ask you for separate consent under Article 6(1)(a) GDPR.
5.5 Compliance With Legal Obligations
We process certain data in order to comply with legal obligations, especially in the areas of accounting, taxation, archiving, handling requests from public authorities and demonstrating compliance with legal regulations.
Legal basis: Article 6(1)(c) GDPR.
5.6 Security of the Website and Information Systems
We process technical data and security logs for the purpose of secure operation of the website and information systems, preventing misuse of forms, protecting the network, resolving security incidents, protecting property and defending legal claims.
Legal basis: Article 6(1)(f) GDPR. Legitimate interest: information and network security, prevention of misuse and protection of legal claims.
5.7 Direct Marketing and Business Information
If you give us your consent, we may process your personal data for the purpose of sending business information, newsletters or marketing messages.
In some cases, we may also send business information to existing customers or to published contact details of entrepreneurs and legal entities, where permitted by the applicable legal regulation and where you always have the option to easily opt out of such communication.
Legal basis: Article 6(1)(a) GDPR, where consent is involved; or Article 6(1)(f) GDPR, where this concerns a legitimate interest in appropriate B2B business communication, provided that this is permitted by applicable legal regulations. Legitimate interest: informing customers and business contacts about our services.
You may object to processing for direct marketing purposes at any time. If you object or withdraw your consent, we will stop sending you business information.
5.8 Cookies and Similar Technologies
We use necessary cookies to ensure the basic functionality and security of the website. Analytical, marketing or other optional cookies are used only based on your settings or consent, where required by the applicable legal regime.
Details on the use of cookies, their purposes, providers, retention periods and setting options are provided in a separate Cookie Policy.
6. Is Providing Data Mandatory?
Providing personal data is voluntary. However, if we request data from you that is necessary for handling an enquiry, preparing a price offer, concluding or performing a contract, without providing such data we may not be able to process your request, prepare an offer or properly provide the service.
Where processing is based on consent, providing data is voluntary and you may withdraw your consent at any time.
7. To Whom We May Disclose Your Data
We may disclose your personal data only to those recipients who need it for a specific purpose and who are bound by a statutory or contractual obligation of confidentiality and personal data protection.
These may mainly include:
- hosting provider,
- website administrator,
- email and cloud service provider,
- anti-spam and security service provider,
- analytics tool provider, where such tools are used,
- CRM or helpdesk system provider, where such a system is used,
- external accountant or accounting firm,
- external payroll or HR provider,
- legal advisers,
- insurance company,
- transport and logistics partners,
- warehousing partners,
- customs representative,
- banking and payment institutions,
- public authorities, where required by legal regulation.
Where a recipient acts as a processor, we have concluded a contract with that recipient under Article 28 GDPR and allow access to data only to the necessary extent.
8. Transfers of Personal Data to Third Countries
If the use of email, cloud, analytics or other technical tools involves the transfer of personal data outside the European Economic Area, we carry out such transfer only where one of the lawful mechanisms under the GDPR is fulfilled.
This may include, in particular, an adequacy decision of the European Commission, the European Commission’s standard contractual clauses or another lawful transfer mechanism.
Upon request, we will provide you with further information about the transfer mechanism used.
9. How Long We Retain Data
We retain personal data only for the period necessary to fulfil the specific purpose and in accordance with the principle of storage limitation. After the relevant period expires, we erase or anonymise the personal data, or continue to retain it only where required by a legal obligation, audit, dispute or defence of a legal claim.
Comparative Matrix of Retention Periods
The following matrix sets out the retention periods for personal data according to individual categories, typical content and purpose of processing. The periods are based on the principle of storage limitation, the need to determine specific time limits according to purpose and statutory archiving obligations, especially for accounting and tax documents.
| Data Category | Typical Content | Purpose | Recommended Period | Note |
|---|---|---|---|---|
| Contact enquiries without contract conclusion | name, email, phone, message | response to enquiry, basic record of communication | 12 months from the last communication | erase after expiry, including attachments |
| Pre-contractual offers and business preparation | communication, offers, calculations, enquiry attachments | preparation of an offer, negotiation of cooperation | 24 months from closing the file | if a contract is created, transfer to the contractual agenda |
| B2B contact persons of customers and partners | name, work email, phone, position, communication history | business relationship management, coordination of cooperation | for the duration of the relationship + 24 to 48 months | retention for the purpose of protecting legal claims and maintaining an audit trail |
| Contractual agenda | contracts, orders, performance-related communication, delivery documents | contract performance, complaints, claims | for the duration of the contract + 48 months | if a special regulation requires a longer period, apply the longer period |
| Accounting and tax documents | invoices, accounting documents, accounting records | accounting and taxes | 10 years after the year to which they relate | statutory minimum for relevant accounting records |
| Applicants for a specific position | CV, cover letter, recruitment notes | recruitment process | 6 months after the recruitment process ends | erase or anonymise data after the period expires |
| Candidate talent pool | CV, contact details, preferences | future job opportunities | 24 months or until consent is withdrawn | separate consent is required |
| Marketing database | email, name, consent/opt-out history | newsletter and business information | until consent is withdrawn or 24 months from the last activity | after withdrawal of consent or objection, marketing communication will be stopped |
| Records of consents, withdrawals and objections | date, time, method of obtaining consent, withdrawal, objection, contact source | demonstrating compliance and respecting opt-outs | for the period necessary to demonstrate compliance | store separately from the active marketing database |
| Security logs | IP address, access time, security events | network protection, prevention of misuse | 30 to 90 days | in the event of an incident, logs may be retained separately for a longer period |
| Backups | system images and database snapshots | data availability and recovery | 30 to 180 days according to the backup policy | deletion in production must be aligned with backup rotation |
| Cookies and analytics identifiers | cookie ID, consent settings, analytics data | website functionality, preferences, analytics | according to the Cookie Policy and tool settings | necessary and optional cookies should be distinguished separately |
10. What Rights You Have
In connection with the processing of personal data, you have the following rights:
- the right of access to personal data,
- the right to rectification of inaccurate or incomplete data,
- the right to erasure of personal data,
- the right to restriction of processing,
- the right to data portability,
- the right to object to processing based on legitimate interest,
- the right to object at any time to processing for direct marketing purposes,
- the right to withdraw consent, where processing is based on consent,
- the right to lodge a complaint with a supervisory authority.
Where processing is based on consent, its withdrawal does not affect the lawfulness of processing carried out before the consent was withdrawn.
11. How You Can Exercise Your Rights
You can exercise your rights by email at ceo@sinid.eu or in writing at the company’s registered office:
Trieda KVP 3111/1
040 23 Košice
Slovak Republic
Office for Personal Data Protection of the Slovak Republic
Námestie 1. mája 18
811 06 Bratislava
statny.dozor@pdp.gov.sk
To protect your data, we may ask you for reasonable identity verification. We will respond to your request without undue delay, no later than within one month of receiving it. In exceptionally complex cases, we may extend this period by a maximum of two additional months, of which we will inform you.
12. Automated Individual Decision-Making and Profiling
We do not carry out automated individual decision-making or profiling that would have legal effects on the data subject or similarly significantly affect them.
If this changes in the future, we will update this policy accordingly and supplement it with the information required by the GDPR.
13. How We Protect Your Data
We adopt appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, disclosure or destruction.
These measures include mainly:
- management of access rights according to roles,
- use of strong passwords and multi-factor authentication, where appropriate,
- encryption or pseudonymisation where suitable,
- data backup and recovery,
- logging of security events,
- regular system updates,
- contractual arrangements on confidentiality and data protection with processors,
- restriction of access to attachments, CVs and business documentation,
- internal deletion and retention control rules.
Access to personal data is granted only to persons who need it to perform their work or contractual tasks.
14. Cookies
Our website uses cookies and similar technologies. We use necessary cookies to ensure the basic functionality, security and proper operation of the website.
Other cookies, such as analytical or marketing cookies, are used only based on your settings or consent, where such consent is required.
Detailed information about cookies can be found in a separate document: Cookie Policy.
15. Changes to This Policy
We may update this policy as appropriate, especially if the method of personal data processing, website functionality, range of recipients, technical services used or legal requirements change.
The current version will always be published on this page together with the date of the last update.