Arco Transport AS Data Protection Rules

  1. Who are we?

Arco Transport AS (“Our”, “Us”, “We”) provide international transportation services.

Our clients are companies who require road transportation, container shipping, multimodal transport and/or related customs services or cargo insurance in order to ship their goods. We also provide services to natural persons on rare occasions.

  1. Whose personal data we process? Are we a controller or processor of personal data?

We process the personal data of representatives of Our associates and clients, as well as the personal data of persons who contact Us via our website (“You”).

Personal data may be processed as a controller or processor. A controller establishes the purposes and means of processing personal data. A processor must process personal data according to the written instructions of a controller.

We process personal data as controller as well as processor and predominantly take the role of processor.

As controller, We receive personal data directly from You when You contact Us via Our website as a natural person.

As processor, We receive personal data from Our clients as legal persons, with whom We have concluded a contract for provision of services. The personal data received are the personal data of representatives of clients (incl. associates of clients).

  1. Which personal data we process?

We process personal data to the minimum possible extent and only on specific legal basis (clause 4).

Among other, We process the following personal information:

  • personal data, such as first name, surname, ID code, date of birth;
  • contact details, such as address, telephone number, e-mail address;
  • document data, e. data concerning identity document (such as copy of passport or ID card, document number, issuer and validity).
  1. Why we process personal data? What is the legal basis for processing personal data?

Processing personal data is part of our daily business activities. We do not provide services to anonymous clients; therefore We know who Our clients and the representatives of Our clients are.

We process personal data lawfully and with transparency and in compliance with requirements of legislation valid in Estonia.

We process personal data for the following purposes:

No. Purpose of processing personal data Legal basis for processing personal data
1 Provision of services, negotiating over terms of providing services, incl. issuing a price offer, analysis of provided service. For performing a contract concluded with You.
2 Exercising Our rights and performing obligations arising from the law, incl. compliance with accounting obligations. For performing a contract concluded with You and for performing Our legal obligations.
3 Processing Your inquiries and petitions. For performing a contract concluded with You and for performing Our legal obligations.
4 For sending You messages. Upon Our justified interest.
5 For receiving and processing Your inquiries, for responding to Your inquiries. Upon Our justified interest.


  1. What are cookies and why we use them?

We use cookies on Our website which You can accept if you decide to use Our website. Cookies are small text files that are saved on the hard drive of the computer of a website’s visitor and help Us improve the website services offered to You and make them more convenient to use.

We collect data on how You interact with Our website. In addition, We may collect information from Your computer or device, such as the IP address, Your browser and language settings. We use these data for statistical purposes for improving Our website and displaying information adapted to Your preferences.

If You prefer for Your personal data not to be processed on the website, You can activate the private browsing function of Your browser.


  1. What values and general principles We follow in processing personal data?

We protect Your personal data. We process Your personal data with due diligence and do Our best to ensure that Your personal data remains protected. We adopt various measures (physical, technical, organizational) to protect personal data from unlawful or unauthorized destruction, loss, alteration, disclosure, acquisition or unauthorized access.

We operate legally. We will always have legal basis for processing Your personal data and we will process Your personal data on that basis in particular.

We are guided by the purpose. We will establish a lawful purpose for processing personal data and process personal data only for that purpose. We will disclose the purpose of processing personal data to You clearly and in an understandable manner.

We will process personal data to the minimum extent. We will only collect relevant and necessary personal data. When collecting personal data, We are guided by the purpose of processing personal data, i.e. We do not collect more personal data than is necessary.

We select Our associates carefully. We forward personal data to Our processors with whom We have previously concluded a data processing contract. We require and expect Our associates to exercise due diligence and ethics when processing personal data and to preserve the safety of personal data.

Restriction of storage. We will store personal data only as long as it is required pursuant to the law or the contract or necessary for achieving the purpose established in the data protection rules. Personal data related to disputes are stored until the claim expires. After the expiry of the term of storing personal data, We will delete personal data for good.


  1. What are Your rights in regards to personal data?

The General Data Protection Regulation grants you extensive rights in regards to Your personal data. You have the right to access personal data, request that they be rectified or deleted entirely, restrict the use of Your personal data and submit objections to the use of Your personal data.

You have the right to demand for the transfer of personal data if that is technically viable. You have the right to know if We carry out automated decision-making regards to You.

If You wish to exercise any right related to processing of personal data or if You have any questions concerning the processing of personal data, please send Us an email at We will normally respond within one month and if the response requires issuing personal data then We will verify the identity of the petitioner beforehand.

If You are dissatisfied with Our response, then You can always submit a complaint to the supervising authority (

More detailed information concerning the rights of the data subject can be found in Chapter 3 of the General Data Protection Regulation.


  1. What to do when personal data have been breached?

Please notify Us immediately of any breaches of processing personal data or risk thereof that is known to You at We take the security of personal data very seriously and We will immediately react to a potential breach.


  1. Where can I find valid Data Protection Rules?

The valid Data Protection Rules can be found on Our website at Please bear in mind that We may update the Data Protection Rules from time to time.