Privacy policy

This document regulates the policy applied by Goodloading Sp. z o.o., with its registered office in Wrocław, ul. Racławicka 2-4, entered in the register of entrepreneurs of the National Court Register by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under number 0000816430, NIP [Tax ID No.]: 8961591325, REGON [Business Statistical No.]: 384972056 (hereinafter referred to as the Administrator), in the scope of the protection of personal data of the users and information that may constitute the company secret of these users.

This policy concerns the services offered by the Administrator through the website: It does not include websites and services of third parties which can be accessed through the links available on the above website. The detailed information relating to the protection of personal data is available from each service provider separately. The Administrator recommends getting acquainted with the related documents on the providers’ websites.

Data we collect

In order to make full use of the Services offered by the Controller, you need to register an Account using the form provided on the website or log in using an account previously created on one of the selected social networks (Google, Facebook), or log in to the Platform. The provision of personal data is voluntary, although necessary for the conclusion and execution of service agreements and for contacting the Controller. If the necessary information is not provided to the Controller, the Controller will not be able to conclude or execute agreements and provide service.

When registering, you will need to provide your business role and email address. Furthermore, the User may add additional data to their Account Profile, such as name, surname, company name, email address, areas of expertise, and invoice identification data. When logging in, the User enters the following data: email address and TransID number.

Data is also collected passively, i.e. through the operation of the website (e.g. IP address, resolution, location, browser type).

Usage of data

Personal data of users shall be processed:

  • for the purposes necessary to execute the contract concluded between the User and the Administrator or in order to carry out activities prior to the conclusion of the contract (Article 6(1)(b) of the GDPR),
  • if necessary, for purposes resulting from the Controller’s or third party’s legitimate interests (section 6(1)(f) of the GDPR), including but not limited to: providing support to the User, responding to queries/complaints, sending the Controller’s newsletter regarding changes to the Regulations, Price List, etc., for the purpose of ensuring IT security of the Controller; for the purpose of customer satisfaction surveys, asserting claims and defending against claims, in direct marketing of the Controller’s products and services and those of the entities of Group, as well as other entities to which the Controller provides services under separate agreements, for the Controller’s internal administrative purposes, such as preparing statistics, analyses, e.g. of the manner of using the website, User preferences,
  • on the basis of User’s consent (section 6(1)(a) of the GDPR), given for specific purposes (e.g. to provide the User with information concerning services/newsletters, if the User shows interest, or the transfer of data within the Group).

If the user grants such consent, the Administrator sends information on current and future products, as well as services of the Administrator and entities from the Group, via e-mail, in the form of an information or advertisement campaign.

In relation to personal data, withdrawal of the consent is possible at any time, though it does not influence the processing of personal data before the withdrawal.

Personal data may be processed by automated means (including profiling). The purpose of profiling is to collect information about the activity within the Platform and the preferences of Users, which allows us to better tailor the proposal and the messages addressed to them, as well as to detect events that may compromise the safety of Users. The legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR).

Recipients of personal data

Data can be shared with other recipients in order to execute a contract with you, impose a legal obligation on the Administrator based on your consent or for the purposes resulting from the legitimate interests of the Administrator or a third party.

Recipients may be, in particular: entities of the capital group, institutions legally authorised to receive User data under relevant legislation (e.g. law enforcement or judicial authorities), as well as entities processing data on behalf of the Controller and their authorised employees, whereas such entities process data on the basis of an agreement with the Controller and only in accordance with instructions and on condition of confidentiality. Entities performing tasks for and on behalf of the Controller include, but are not limited to, entities providing services to the extent necessary to provide technical facilities for the provision of services, such as payment and IT service providers and entities dealing with the App

One should be aware that the Administrator’s website may contain plugins of some social networking services, such as: Facebook, Twitter, LinkedIn, Instagram, etc. Therefore, the user is obliged to get familiar with the privacy policy of these providers in order to receive current information within the scope of personal data protection.

Sending data outside the European Community

The level of protection of personal data outside the European Economic Area (EEA) may differ from that provided by European law. With this in mind, the Controller only transfers personal data outside the EEA when necessary. In the event of such a transfer, the Controller shall ensure an adequate level of protection of personal data primarily by:
a. the transfer of personal data to countries for which a European Commission decision recognising the country as providing an adequate level of protection for personal data has been issued,
b. the use of standard contractual clauses issued by the European Commission,
c. the use of other appropriate safeguards.

Rights of the data subject

The user bears the right to access the personal data, request its rectification, limitation of processing or its deletion, withdrawing consent for processing the data at any moment within the scope of this consent, as well as transferring the personal data. The user has the right to submit a complaint to the supervisory body (in Poland it is the President of the Office of the Personal Data Protection) if it is found that the processing of the data violates the provisions of the GDPR. Furthermore, at any time, the user has the right to raise an objection against processing the data due to some special circumstances, when the Administrator processes this data for the purposes arising from the legitimate interests, for direct marketing purposes, including profiling. When the user’s identity is confirmed, the Administrator will exercise the indicated rights based on the analysis of the legitimacy of the request and the applicable law. The Administrator will take all measures to fulfill the users’ requests concerning the personal data, unless this data must be kept due to the applicable law or other legitimate interests of the Administrator.

Retention period for personal data

Personal data will be processed and stored by the Administrator for the period necessary to fulfill objectives, i.e.:

  • execute the contract concluded between the User and the Administrator – up to its completion, and after this time, for the period required by law or for the implementation of any claims,
  • to the extent that data is processed based on the consent – as the Administrator will process it until its withdrawal,
  • until the fulfillment of the Administrator’s legitimate interests, which constitute the basis of this processing, or until the user submits objection against this processing, as long as there are no legitimate grounds for further data processing.

Data collected during visits of users on the Administrator’s website will be processed until its obsolescence or loss of usefulness. It applies to the data processed for analytical and statistical purposes, including the usage of cookies and managing the Administrator’s websites.


The Controller uses so-called “cookies” to track Users’ visits to the website and to store their preferences, e.g. language, login data, as well as to adapt the services offered to their needs. These files are used to compile general statistics on the use of the website by Users and they are stored until they become outdated or no longer relevant. Cookies will not be made available to other third parties, they will only be transferred to service providers to the extent necessary to provide technical support for the handling of the aforesaid files and entities belonging to Group.

Cookies can be deactivated in the User’s web browser, which will not prevent the User from using the services, but some difficulties may occur, i.e. the Controller’s website may no longer be fully functional.

Categories of cookies can also be managed via the “Consents” window that appears when the User first visits the Website. Detailed information on the Controller’s use of cookies is set out in the Cookie Policy available on the following website:

Social media

Please be advised that the Controller’s Website may include social networking plug-ins, including Facebook, Twitter, LinkedIn, Instagram, etc. In connection with their inclusion on the Controller’s Website, it is the User’s own responsibility to consult the privacy policies of these providers in order to receive up-to-date information on the protection of personal data.

Data in Google Analytics and other service providers

Traffic on the Controller’s websites is monitored by e.g. Google Analytics or other service providers, whose purpose is to collect data on website usage and popularity, as well as to identify users visiting the websites and to adapt advertising content. This data (e.g. the browser used or IP address) will not be made available by the Controller to third parties.


In order to ensure security, the Administrator:

  • uses SSL encryption,
  • enables access to the account only upon entering the login address and password (it is recommended to set up passwords consisting of min. 8 characters and containing upper and lower case letters, special characters and digits), which the User should keep exclusively for their information,
  • controls the methods of collecting, storing and processing information, including physical security measures to protect against unauthorised access to the system,
  • grants access to personal data only to those employees, contractors and collaborators who need to have access to it in order to process it for the Controller’s purposes; furthermore, they are contractually obliged to maintain strict confidentiality and, in the case of data entrustment, personal data processing agreements.

Privacy policy statement

This Privacy Policy entered into force on 22.11.2023. We may update the Privacy Policy from time to time to reflect changes in our information handling practices and standards. Such modifications may take place without notifying the User. If there are any material changes that modify the principles of personal data processing, the User may be notified by e-mail or by means of a notification made available on the website. Modifications will be effective from the date they are published on with an indication of their date of implementation.

Contact information

Should you have any questions regarding the Privacy Policy, please contact the Administrator: Goodloading Sp. z o.o., Wrocław, ul. Racławicka 2-4, 53-146 Wrocław, (e-mail: