PLENDE
Submit MRN →
PortsPricingKnowledgeClose MRNContact
PLENDE
Submit MRN →
CURRENT ORDER PROCESSING TIMEHamburg1hBremerhaven2hWilhelmshaven2hRotterdam2hAmsterdam2hAntwerpia1hZeebrugge1h

Privacy Policy

§1. Data controller

The controller of your personal data is closemrn.com (operated by [Company name — placeholder], [registered office — placeholder], VAT ID [placeholder]). Contact details of the controller are available at /en.

For any matter concerning your personal data, please contact us at dpo@closemrn.com.

§2. What data we collect

When you use the Service, we collect and process the following categories of personal data:

  • email address (registration and login)
  • company name and VAT / tax ID number (client identification)
  • phone number (communication regarding orders)
  • port filing data (MRN, exporter details, container number, port of exit)
  • invoicing data (on request)
  • technical data (IP address, access logs, session cookies, device and browser metadata)
  • content of emails sent to us in connection with orders — such emails may contain personal data of third parties (contacts at the Client’s counterparties, carriers, terminal staff).

§3. Purpose and legal basis

We process personal data for the following purposes:

  • performance of the Service Agreement with the Client — Article 6(1)(b) of Regulation (EU) 2016/679 (GDPR);
  • compliance with legal obligations (in particular tax and accounting obligations) — Article 6(1)(c) GDPR;
  • legitimate interests of the controller, including security of the service, prevention of fraud, and the establishment, exercise or defence of legal claims — Article 6(1)(f) GDPR;
  • processing the content of emails sent to us by or about the Client in connection with the handling of orders — Article 6(1)(f) GDPR (legitimate interest in handling commercial correspondence).

§4. Retention

We retain personal data for as long as necessary to perform the Service and, after termination, for the period required by law. In particular:

  • transactional data (orders, invoices): 5 years from the end of the tax year in which the service was performed (Polish tax law), extended to 10 years for German clients where the German Commercial Code (§ 257 HGB) and Tax Code (§ 147 AO) apply;
  • content of incoming emails: anonymised after 24 months from the last action on the relevant case, metadata retained for statistical purposes;
  • technical and analytics data: 90 days (event level) / 365 days (aggregated level);
  • audit logs: 5 years.

§5. Your rights

Under the GDPR you have the right to:

  • access your personal data (Article 15);
  • rectification (Article 16);
  • erasure — the “right to be forgotten” (Article 17);
  • restriction of processing (Article 18);
  • data portability (Article 20);
  • object to processing (Article 21).

You also have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for closemrn.com is the Polish Data Protection Authority (Prezes Urzędu Ochrony Danych Osobowych, uodo.gov.pl). You may also contact the supervisory authority of your Member State of residence or habitual work.

§6. Recipients of data — sub-processors

We engage the following sub-processors and recipients to provide the Service. An up-to-date list is published at /en/subprocessors.

Sub-processorRoleLocation / transfer
MongoDB AtlasDatabase (all personal data)EU region
Amazon Web Services EMEA SARL (S3)Storage of order attachmentsEU region
Resend, Inc.Transactional email deliveryUSA — DPF + SCC
Twilio, Inc.WhatsApp Business messagingUSA — DPF + SCC
Google LLC — Gmail APIProcessing of our business mailboxUSA — DPF
Google LLC — Cloud Vision APIOCR of order documentsUSA — DPF
Google Cloud — Pub/SubPush notifications for GmailUSA — DPF
Fakturownia Sp. z o.o.Invoice issuancePoland
Vercel, Inc.Application hostingUSA — DPF (EU CDN)

We do not sell personal data and we do not share it with third parties other than those listed above, except where required by law or to respond to lawful requests from public authorities.

§7. International transfers

Some of our sub-processors are established outside the European Economic Area, primarily in the United States. Transfers to these recipients are carried out in accordance with Chapter V of the GDPR, relying on:

  • the European Commission’s adequacy decision (EU) 2023/1795 — EU-U.S. Data Privacy Framework — for recipients certified under the DPF Active List;
  • the Standard Contractual Clauses set out in Commission Implementing Decision (EU) 2021/914, for any transfers not covered by the adequacy decision.

On request, we will provide information about the safeguards in place for any specific transfer.

§8. Security

We implement appropriate technical and organisational measures in accordance with Article 32 GDPR, including TLS 1.2+ encryption in transit, encryption at rest, role-based access control, multi-factor authentication on administrative accounts, comprehensive audit logging, automated backups, and documented incident response procedures.

§9. Cookies

closemrn.com uses only cookies strictly necessary for the operation of the Service (session management, authentication). We do not use marketing or analytics cookies on the public website. You may disable cookies in your browser settings, which may limit the functionality of the Service.

§10. Automated decision-making

We do not use your personal data for automated decision-making, including profiling, within the meaning of Article 22 GDPR. We do not process your documents using third-party large language models; document parsing is performed with deterministic, rule-based parsers only.

§11. Data protection contact

For any matter regarding this Privacy Policy or your personal data, please contact us at dpo@closemrn.com.

Last updated: 12 April 2026.

Legal notice:The information in this article is for general informational purposes only. It does not constitute legal or customs advice. For individual matters, we recommend consulting a licensed customs agent.