of CO3 spółka z ograniczoną odpowiedzialnością (Limited Liability Company)
Date of last update: 11.07.2024


Dear User, 

considering that this Privacy Policy is addressed to users residing in Illinois, Indiana, Michigan, Maryland, Ohio and North Dakota and the fact that the Administrator is based in the European Union, we have made every effort to protect our users based on GDPR and PIPA, which constitute a comprehensive regulation in this area and set high standards of data protection. 

If any provisions of the policy are less favorable than state, local or provincial laws in the State of Illinois or other designated states, only those laws that are more favorable to you will apply.

If a disability causes difficulties in using this Privacy Policy, please contact us at We will be happy to help you as quickly as possible.


  • 1. Definition of terms used in this Privacy Policy

Whenever this Privacy Policy refers to: 

  1. Controller – it means the controller of Personal Data within the meaning of Article 4(7) of the GDPR, namely CO³ Spółka z ograniczoną odpowiedzialnością with its registered office in Wrocław (53-332), ul. Powstańców Śląskich 17, NIP: 8961583248, for which the District Court for Wrocław Fabryczna in Wrocław, 6th Commercial Division of the National Court Register maintains registration files in the Register of Entrepreneurs under the KRS number: 0000764323, e-mail: dpo@CO³.eu.
  2. Cookies Banner – a computer program on the Website used to manage Cookies by the User, displaying information about the Cookies and providing the possibility for the User to consent to their use by the Controller when using the Website or the Platform.
  3. Chatbot – a computer program for handling User inquiries, with which the User can conduct simple conversations, especially about the Controller’s services and products;
  4. Software – it means the Internet browser used to access the Platform; 
  5. Cookies – it means computer data, in particular text files, which are stored on the User’s Device and which facilitate the use of the Platform; 
  6. Platform – it means the ICT system by means of which CO³ provides services electronically, as described in the General Contractual Terms and Conditions (GCTC), available at the following internet address: ;
  7. GDPR – it means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – the legal act governing the protection of personal data;
  8. Website – shall be understood to mean the website operating at the following address: www.CO³.eu;
  9. Device – it means the electronic device by which the User accesses the Platform, in particular: PCs, laptops, tablets, smartphones;
  10. PIPA – it means Illinois Personal Information Protection Act (815 Ill. Comp. Stat. 530/5 et seq). 
  11. User – shall be understood to mean a User of the Platform and a User of the Website;
  12. Platform User – shall be understood to mean any person who has a user account on the Platform, which entitles them to use the functionality of the Platform within the limits specified in the T&Cs;
  13. Website User – means any person who uses the Website.
  • 2. General provisions
  1. The Controller ensures that it uses its best efforts to ensure that the processing of personal data by the Controller is carried out with the greatest respect for the privacy of the data subjects.
  2. The Controller shall ensure that technical and organizational measures are in place to ensure the protection of the processed personal data, appropriate to the risks and categories of data being protected, and in particular that the data is protected against its disclosure to unauthorized persons, acquisition by an unauthorized person, processing in violation of the Act, and change, loss, damage or destruction. 
  3. The Controller shall comply with the following principles regarding the processing of personal data: 
    1. processes personal data lawfully, fairly and in a transparent manner for the data subject;
    2. collects personal data for specified, explicit and legitimate purposes and does not further process it in a way incompatible with those purposes;
    3. processes personal data in a way that is adequate, relevant and limited to what is necessary for the purposes of the processing;
    4. personal data is processed correctly and is updated when necessary; the Controller takes all reasonable steps to ensure that personal data which is inaccurate in light of the purposes of its processing are erased or rectified without delay;
    5. keeps the personal data in a form which enables identification of the data subject for no longer than is necessary for the purposes for which the data is processed. 
  4. The User information may be transferred and processed via servers located in the United States or in one of the European Union countries. When information is transferred from the User’s home country to another country, the rights and rules protecting their personal data in the country to which this information is transferred may differ from those in the country where the User resides. This transfer may occur to: 
    1. countries where GDPR applies or where the European Commission has issued adequacy decisions on the protection of personal data ( without the need to meet additional requirements;
    2. other countries, primarily on the basis of Standard Contractual Clauses with additional security measures (technical and legal) or Binding Corporate Rules or pursuant to Article 49(1)(c) of GDPR, if the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the Controller and a User outside the EEA.
  • 3. Children under the age of thirteen
  • The Controller Services are not intended for use by children under 13 years of age and the Controller does not knowingly collect personal information from children under 13 years of age.
  • If a parent or guardian discovers that his or her child has provided personal information to the Controller, the Controller will use commercially reasonable efforts to delete such information from its database upon such request. To request the deletion of your child’s data, please send an email to
  • 4. Processing of Personal Data of Users and other persons
  1. Personal data of Users and other persons interacting with the Controller or the Users can be processed by the Controller: 
    1. in order to perform the contract concluded with the Controller for the provision of services by electronic means within the Platform- then the legal basis for the processing of personal data is the necessity of the processing for the performance of the contract (Article 6(1)(b) of GDPR);
    2. in order to provide geolocation data such as information about the GPS location of the User’s vehicle, the registration number of the localized vehicle and the ignition status (if available) – the legal basis for processing is consent (Article 6(1)(a) of GDPR);
    3. in order to establish contact and enable the use of services provided on the Platform or the Service, including the use of the Chatbot to the extent relating to the processing of data provided in the chat window – the legal basis for the processing is the legitimate interest of the Controller (Article 6.1.f. GDPR);
    4. in order to comply with statutory obligations incumbent on the Controller, resulting in particular from tax and accounting regulations – the legal basis of processing is a legal obligation (Article 6(1)(c) of GDPR);
    5. for analytical and statistical purposes, including improving the Platform functionalities applied – the legal basis of the processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR) consisting of conducting analyses of Users’ activities on the Platform, as well as of their preferences in order to improve the applied functionalities;
    6. in order to establish and pursue claims or defend against claims – the legal basis of the processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR);
    7. for technical and administrative purposes, to ensure the security of the Controller’s ICT systems and to manage these systems – in this regard, the legal basis of the processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR);
    8. for direct marketing purposes – in this case, the legal basis for the processing is also the legally legitimate interest pursued by the Controller or by a third party (Article 6(1)(f) of GDPR).

The provision refers to the GDPR, due to the comprehensive regulation of the basis for processing, but the Controller respects the local law in Illinois regarding the processing of User’s personal data.

  1. Providing personal data by the User is voluntary but necessary in order to provide electronic services by the Controller within the Platform.
  2. The Controller processes or may process the following personal data: 
    1. name and surname,
    2. e-mail address,
    3. IP address,
    4. telephone numbers,
    5. position, 
    6. series and number of identity document, 
    7. Tax/company identification number (e.g. NIP),
    8. registered or business address,
    9. professional entitlements and qualifications,
    10. geolocation data (including the country and city from which the User browsed the Service or logged into the Platform);
    11. vehicle identification numbers, alternatively driving license number
    12. data collected during interaction with the Controller or its representatives through electronic communication.
    13. the name of the company within which the user works or with which she/he cooperates;
    14. social media account information for contact purposes;
    15. the URL of the sites visited, the time and date of such visits;
    16. technical information about the Device (e.g., screen resolution, device type, browser type or operating system).
  3. The recipients of personal data processed by the Controller are or may be: 
    1. persons authorized by the Controller to process data within the Controller’s enterprise;
    2. entities providing the Controller with IT services (e.g., Chatbot service), accounting, human resources, legal and tax advisory services, as well as advertising, courier, postal services, protection of persons and property, and cleaning services – in particular, on the basis of agreements on entrustment of personal data processing;
    3. other Users to whom the Controller grants access to the Platform- in accordance with the provisions of GCTC;
    4. public administration bodies and entities performing public tasks or acting on behalf of public administration bodies, as well as judicial authorities – within the limits of their rights provided by provisions of law.
  4. The Controller processes the Users’ personal data for the duration of the legal relationship with the User and the time of the limitation period, however, not longer than 6 years. The Controller processes personal data of other persons for a period not longer than 6 years.
  5. The Controller does not use systems used for profiling and automated decision-making.
  6. The Controller declares that it may use tools designed to analyse traffic on the Platform, such as Google Analytics and other similar tools.
  7. The Controller reserves the right to use anonymized geolocation data for analytical and statistical purposes, serving the development of services offered by the Controller.   
  • 5. Rights of the data subject
  1. Persons whose data is processed by the Controller are entitled to: 
    1. the right of access to their personal data and the right to correct it;
    2. the right to supplement, update, rectify, transfer and request restriction of processing as well as erasure of personal data;
    3. the right to object to the processing of personal data;
  2. In order to access, correct, supplement, update, rectify, limit processing, transfer, delete and object to the processing of one’s personal data, please send your request to the e-mail address of the Controller: dpo@CO³.eu or in writing to the address: ul. Powstańców Śląskich 17, 53-332 Wrocław.
  3. At the request of a given Person, the Administrator will provide information as to whether we have this Person’s data. 
  4. In certain circumstances, you have the right to request a copy of your personal data in an easily accessible format. 
  5. If the User needs further assistance, he or she may contact the Administrator at The administrator will respond to the request within a reasonable time.
  6. If the Controller uses the User’s data for direct marketing purposes, the User can always object to this by using the unsubscribe link included in such communication.


  • 6. Do Not Track Disclosure
  1. Although the User can control the use of cookies through their web browser, as described in §7 below, some web browsers may also give the User the option to enable a “do not track” setting. This setting sends a special signal to websites that the User visits while browsing the web. This “do not track” signal differs from disabling certain forms of tracking by rejecting cookies in browser settings, because browsers with “do not track” enabled still have the ability to accept cookies. 
  2. Currently, the Controller does not respond to web browser “do not track” signals; if this changes, the Controller will describe it in this Privacy Policy. For more information about “do not track”, visit


  • 7. Cookies
  1. The Controller uses Cookies on the Platform.
  2. The Platform may use two basic types of Cookies: 
    1. session cookies – these are temporary files that are stored on the User’s Device until leaving the Platform or switching off the Software;
    2. permanent – these are files stored on the User’s Device for the period specified in the parameters of the Cookies or until they are deleted by the User.
  3. The Platform may use all or some of the following types of Cookies: 
    1. “essential”, which enable the use of the Platform,
    2. “performance”which allows the collection of information about the manner of using the Platform;
    3. “functionality”, which enable retention of User-selected settings and personalization of the User interface, e.g. through language, font size, appearance of the Platform;
    4. “advertising”, which makes it possible to provide Users with advertising content more tailored to their interests.
  4. The different types of Cookies used within the Platform or Service are specified in the Cookies Banner available to Users at any time.
  5. The solutions used within the Platform are safe for the Devices of the Users who use the Platform.
  6. The User may at any time change the settings concerning Cookies. These settings may be changed, in particular, so as to block the automatic handling of Cookies in the settings of your web browser, or to inform you each time they are placed on your Device. If you restrict or disable access of Cookies to your Device, your use of the Platform or the Website may be impaired and may disable some functionality that requires Cookies. Detailed information about the possibility and methods of handling Cookies is available in the Software settings and in the Cookies Banner.
  • 8.  Use of technologies monitoring User activity
  1. The platform uses social plugins, which are tools allowing connection to popular social networks. These plugins allow the browser of a User visiting the Platform to retrieve content from the plugin provider and transmit data about the User, including personal data, to that provider.
  2. The following social plugins are currently in use: 
    1. Facebook Ireland Ltd. – On the Platform, there are “Like” and “Share” plugins to link to Facebook and a plugin that links directly to Instagram. By using one of the aforementioned plugins, the User logs in to Facebook or Instagram respectively, which have different privacy policies than the Platform. You can read them by using the link: or for information on plugins:;
    2. LinkedIn Ireland Unlimited Company – there is a plugin on the Platform that allows referring to LinkedIn and sharing a post on it. By using such a plugin, the User logs in to the aforementioned portal, which has different privacy policies than the Platform. You can read them by using the link:
    3. Google Ireland Limited – the Service includes a plug-in that allows the use of the Google Maps service to locate the Controller’s premises, and there are video or audio-video materials permanently embedded (so-called embeddable) from YouTube. The use of these services has privacy policies different from the Service. You can get acquainted with them by going to the link:    
  • 9. Using Chatbot
  1. As part of the Service, the Controller uses Chatbot.
  2. The Chatbot provider is an entity external to the Controller – s.r.o., VAT ID CZ03668681 located at Šumavská 31, 602 00 Brno (Czech Republic), acting as the Controller’s processor. 
  3. The Controller has a processing entrustment agreement with s.r.o.. s.r.o. processes data only for the purpose and to the extent necessary for the operation of the conversation via Chatbot and acts only in accordance with the Controller’s instructions.
  4. Additional information on data privacy and data processing of, s.r.o. can be found at
  • 10. Profiling
  1. As part of the use of the Service, a system is used that tracks the activity of Users based on information, including Cookies, stored on Users’ Devices, e-mail addresses, as well as the activity history of Users of the Service. Based on this tracking, it is possible to profile Users in order to send individually tailored marketing messages.
  2. The profiling referred to in the paragraph above shall not have any legal effect on the User or, to a similar extent, shall not materially affect the User.
  • 11. Final provisions
  1. If any personal data breaches occur, the Controller will take all actions required by law, including notifying in accordance with PIPA, interested persons as soon as possible and without undue delay after detecting such a data breach. The notice will include information about the breach, the type of information disclosed, and any steps, that the User can take to protect themself. This provision does not apply to data encrypted in a way that makes it impossible to read or use it. Breach means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the data collector.
  2. In the case of residents of individual states of the United States, i.e.: Indiana, Michigan, Maryland, Ohio and North Dakota, when specific regulations/legal acts apply in a given state or region and there is a conflict of these regulations with the provisions of the GDPR and/or PIPA, to the User who is a resident of a given state, those laws that offer a higher level of protection for personal information will apply (including accordingly in Maryland, where the Maryland Personal Information Protection Act (Md. Code Ann., Com. Law § 14-3501 et seq.) applies, and Ohio, which has the Ohio Data Protection Act (Senate Bill 220, ORC § 1354)).
  3. The Platform may contain links to other websites, such as those of advertisers or telematic service providers. Such websites operate independently of the Controller and are in no way supervised by the Controller. These websites may have their own privacy policies and regulations, which we recommend that you read. 
  4. Please submit questions or concerns regarding this Privacy Policy by sending an email to: dpo@CO³.eu.

The Controller reserves the right to change this Privacy Policy, which will be communicated within the Platform and on the Controller’s website.

Odwiedź nas na Targach TransLogistica w Warszawie.

Hala 1 Stoisko A8

Zarejestruj się

Visit us at the TransLogistica trade fair in Warsaw.

Hall 1 Stand A8


Besuchen Sie uns auf der Messe TransLogistica in Warschau.

Halle 1 Stand A8