- The owner of the Online Shop and the controller of personal data is KROSS S.A. with its registered office in Przasnysz (06-300), ul. Leszno 46, entered to the register of entrepreneurs of the National Court Register by the District Court in Białystok, 12th Commercial Division of the National Court Register with the following number: KRS 0000223853, with equity capital amounting to PLN 45,000,000, Tax Identification No.: 7611402748, REGON (Registration No.): 550749108, hereinafter referred to as KROSS S.A.
- Personal data collected by KROSS S.A. through the Online Shop is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter also referred to as the GDPR.
- KROSS S.A. makes the best effort to respect the privacy of the Customers visiting the Online Shop.
I. Type of personal data processed, purposes and legal basis
- KROSS S.A. collects information regarding natural persons who perform legal transactions not directly related to their activities, natural persons conducting business or professional activity on their own behalf and natural persons representing legal persons or organisational units that are not legal persons, to whom the law grants legal capacity, hereinafter referred to as Customers.
- Personal data is collected in the following cases:
- a) placing an order in the Online Shop, in order to perform an agreement. Legal basis: requirement to perform an agreement (Article 6 (1)(b) of the GDPR);
- b) subscribing to the newsletter in order to perform an agreement, the subject of which is a service provided electronically Legal basis - consent of the person to which the data relates, to perform an agreement for providing Newsletter services (Article 6 (1)(a) of the GDPR);
- c) using the contact form in the Online Shop to perform an agreement provided electronically. Legal basis: requirement to perform an agreement on he provision of the contact form service (Article 6 (1)(b) of the GDPR);
- d) using the notify when available service in the Online Shop to perform an agreement provided electronically. Legal basis: requirement to perform an agreement on the provision of the notify when available service (Article 6 (1)(b) of the GDPR);
- e) using the write a review services in order to perform an agreement, the subject of which is a service provided electronically. Legal basis: requirement to perform an agreement on the provision of the write a review service (Article 6 (1)(b) of the GDPR).
- f) Customer satisfaction survey. Legal basis: the necessity of processing to implement the legitimate interest of KROSS S.A., consisting in providing and maintaining high-quality services and the level of customer satisfaction with products and services (Article 6 (1)(f) of the GDPR).
- When registering an account in the Online Shop, the Customer sets an individual password to access the account. The Customer may change the password at a later time, on the terms described in §6.
- When placing an order in the Online Shop, the Customer provides the following data:
a) email address;
a. post code and city;
b. street with street/flat number.
c) full name;
d) telephone number.
- In the case of Entrepreneurs, the above scope of data is additionally extended by:
- a) Entrepreneur's company;
b) Tax Identification Number.
- In the case of the Newsletter service, the Customer only provides their email address.
- In the case of using the contact form service, the Customer provides the following data:
(a) email address;
(b) full name;
(c) telephone number.
- In the case of using the notify when available service, the Customer only provides his/her e-mail address.
- In the case of using the write a review service, the Customer provides the following data:
a) email address;
b) full name or nickname.
- In the case of customer satisfaction survey, KROSS S.A. processes the following data:
(a) email address;
(c) order number.
- When using the website of the Online Shop, additional information may be collected, specifically: IP address assigned to the user's computer or the external IP address of the Internet provider, domain name, type of browser, access time, type of operating system.
- If you the personal data is provided in order to conclude an agreement with the Online Shop, your provision of personal data is a condition for the conclusion of such an agreement. Providing personal data in this situation is voluntary, however, the consequence of not providing this data will be the inability to conclude an agreement with the Online Shop.
- Also, the Customers' browsing data, including information on the links and references the users decide to click or other activities performed in the Online Shop. Legal basis - legitimate interest (Article 6 (1)(f) of the GDPR), consisting in making it easier to use electronic services and improving functionality of said services.
- In order to determine, investigate and enforce claims, some personal data provided by the Customer may be processed as part of using the features of the Online Shop, such as: name, surname, data regarding the use of services, if the claims result from the manner in which the Customer uses services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - legitimate interest (Article 6 (1)(f) of the GDPR), consisting in establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.
II. Who is the data shared with or entrusted to, and how long is it stored for?
- The Customer's personal data is provided to the service providers used by KROSS S.A. when managing the Online Shop. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, are either subject to KROSS S.A.'s instructions regarding the purposes and methods of processing this data (processing entities) or independently define the purposes and methods of its processing.
a) Processing entities. KROSS S.A. uses services of suppliers who process personal data only at the request of KROSS S.A. These include, among others, providers of hosting services, accounting services, providing marketing systems, systems for traffic analysis in the Online Shop, systems for analysing effectiveness of marketing campaigns;
(b) Controllers. KROSS S.A. uses services of suppliers who do not act solely upon order and themselves determine the purposes and methods of using the personal data of Customers. They provide electronic and banking payment services.
2. Location. Service providers are established in Poland and other countries of the European Economic Area (EEA).
3. Personal data of Customers is stored:
a) If the basis for the processing of personal data is a consent, then the Customer's personal data shall be processed by KROSS S.A. until the consent is revoked, and after revoking the consent for a period corresponding to the period of limitation of claims that KROSS S.A. may raise and that may be raised against it. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic services and claims related to conducting business activity - three years.
b) If the basis for data processing is the performance of an agreement, then the Customer's personal data shall be processed by KROSS S.A. for as long as it is necessary for the performance of the agreement, and then for the period corresponding to the period of limitation of claims. Unless a special provision states otherwise, the limitation period is six years, and for claims pertaining to periodical performances and claims related to conducting business activity – three years.4. In the event of a purchase in the Online Shop, personal data may be transferred, depending on the Customer's choice, to the following entities in order to deliver the ordered goods:
a) a courier company, i.e. DPD Polska sp. z o.o. with its registered office in Warsaw (02-274), at ul. Mineralna 15, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, with the following number: KRS 0000028368, Tax Identification Number: 526-020-41-10.
5. In the event that the Customer chooses to pay through the "TPay" payment system, their personal data is provided to the extent necessary to make the payment to the company Krajowy Integrator Płatności S.A. with its registered office in Poznań, plac Andersa 3, 17th floor, 61-894 Poznań, entered into the Register of Entrepreneurs kept by the District Court for Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the number KRS 0000412357.
6. In the event that the Customer chooses to pay through the "PayPal" payment system, their personal data is transferred to the extent necessary to make the payment to PayPal (Europe) S.à r.l.et Cie, S.C.A. (R.C.S. Luxembourg B 118 349).
- Browsing data can be used to provide customers with better service, analysis of statistical data and adaptation of the Online Shop to the preferences of customers, as well as management of the Online Shop.
8. In the event that the Customer subscribes to the newsletter KROSS S.A. will send electronic messages to their email address containing commercial information about promotions and new products available in the Online Shop.
9. 5. In the event of a request, KROSS S.A. provides personal data to authorised state authorities, in particular organisational units of a prosecutor's office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
- The Shop cooperates with Trustmate S.A. with its registered office in Wrocław, post code 50-062, ul. Bartoszowicka 3, KRS 0000737597, Tax Identification Number: 8971854393, in order to monitor and increase the satisfaction of Kross.eu customers by enabling customers to express their opinions regarding the provided services. Thus, the Shop provides Trustmate with the order number along with the email address, name, purchased products and form of delivery chosen by customers who made purchases on the kross.eu website. Trustmate will then send a message to the Internet users' mailbox asking for an opinion about Kross.eu. Feedback is completely voluntary
Terms of service can be found at: https://en.trustmate.io/user-regulations.
III. Cookies, IP address
- Cookies, IP address
1. The Online Shop uses small files, called cookies. They are stored by KROSS S.A. in the end device of the Online Shop's visitor, if the browser allows for doing so. A cookie file usually includes the name of the domain it comes from, its expiry date as well as an individual randomly chosen number identifying the file. The information collected by means of cookies assists in customizing products offered by KROSS S.A. to the individual preferences and actual needs of the Online Shop visitors. They also make it possible to prepare general statistics of visiting pages with the presented products in the Online Shop.
KROSS S.A. uses two types of cookies:
a) Session cookies: after the end of a browser session or when the computer is shut down, the stored information is deleted from the device's memory. The mechanism of session cookies does not allow for downloading any personal data or any confidential information from the Customers' computers.
b) Persistent cookies: they are stored in the memory of the Customer's end device and remain there until they are deleted or expired. The mechanism of persistent cookies does not allow to retrieve any personal data or any confidential information from the Customers' computer.
KROSS S.A. uses its own cookies for the following purposes:
a) to analyse, research and audit of views, and in particular to create anonymous statistics that help to understand how Customers use the Online Shop website, which allows to improve its structure and content.
KROSS S.A. uses external cookies for the following purposes:
a) popularization of the Online Shop using the Instagram service (external cookie administrator: Instagram LLC. based in the USA);
b) present advertisements tailored to the Customer's preferences using the Google AdWords online advertising tool (external cookie administrator: Google Inc. based in the USA);
- c) presenting advertisements tailored to the Customer's preferences using online advertising tools of entities from the Wirtualna Polska capital group (external cookie administrator: Wirtualna Polska Holding Spółka Akcyjna with its registered office in Warsaw);
d) presenting reviews on the Shop's websites, which are downloaded from the external TrustMate website (external cookie administrator: TrustMate S.A. based in Wrocław);
e) popularization of the Online Shop using the social networking site facebook.com (external cookie administrator: Facebook Inc based in the USA or Facebook Ireland based in Ireland);
f) popularizing the Shop using the twitter.com social network service (administrator of external cookies: Twitter Inc. based in the USA);
g) collecting general and anonymous static data via Google Analytics analytical tools (external cookie administrator: Google Inc., based in the USA);
h) presenting, on the Shop's information pages, a map showing the location of the KROSS S.A. office, using the maps.google.com website (administrator of external cookies: Google Inc. based in the USA);
The cookie mechanism is safe for the Online Shop Customers' computers. In particular, it is not possible that viruses, other unwanted software or malware could be installed on a Customer's compuer in this way. However, the Users have a possibility to restrict or block cookies by changing their computer browser settings. If such is the case, using the Online Shop will still be possible with the exception of functions requiring cookies.
Below you can see how to change settings of popular internet browsers with regard to cookies:
a) Internet Explorer;
b) Microsoft EDGE;
c) Mozilla Firefox;
KROSS S.A. may collect customer IP addresses. An IP address is a number assigned to the computer of the Online Shop visitor through an Internet service provider. An IP number makes Internet access possible. In most cases, it is assigned to a computer in a dynamic way, i.e. it changes every time you connect to the Internet. An IP address is used by KROSS S.A. to diagnose technical issues with the server, create statistical analyses (e.g. specifying which regions most visits come from) or facilitate management and optimisation of the Online Shop. It can also used for security purposes or possible identification of server loads or undesirable automatic software for content viewing of the Online Shop which overload the server.
The Online Shop contains links to other websites. KROSS S.A. is not liable for privacy policies applicable on such external websites.
IV. Rights of the data subjects
- The right to withdraw consent - legal basis: Article 7 (3) of the GDPR.
a) The Customer has the right to withdraw any consent granted to KROSS S.A.
b) Withdrawal of consent shall take effect from the moment of withdrawal of
c) The withdrawal of consent does not affect the processing carried out by KROSS S.A. in accordance with the law before its withdrawal.
d) Withdrawal of consent does not entail any negative consequences for the Customer, however, it may prevent further use of the services or features, which according to the law KROSS S.A. may provide only with consent.
The right to object to data processing - legal basis: Article 21 of the GDPR.
a) The Customer has the right to object at any time - for reasons related to his/her particular situation - to the processing of his/her personal data, including profiling, if KROSS S.A. processes his/her data on the basis of a legitimate interest, e.g. marketing of products and services of KROSS S.A., keeping statistics on the use of individual features of the Online Shop and facilitating the use of the Online Shop, as well as for satisfaction surveys.
b) Resignation in the form of an email from receiving marketing messages regarding products or services will mean the Customer's objection to the processing of his/her personal data, including profiling for these purposes.
c) If the Customer's objection proves justified and KROSS S.A. has no other legal basis for the processing of personal data, the Customer's personal data will be deleted, against the processing of which the Customer has raised an objection.
The right to deleting data ("the right to be forgotten") - legal basis: Article 17 of the GDPR.
a) The customer has the right to request the deletion of all or some personal data.
b) The customer has the right to request the deletion of personal data if:
a. personal data is no longer necessary for the purposes for which it was collected or processed;
b. the Customer withdrew a specific consent to the extent that personal data was processed based on his consent;
c. the Customer objected to the use of hi/hers data for marketing purposes;
d. personal data is processed unlawfully;
e. personal data must be deleted in order to comply with a legal obligation provided for in the law of the European Union or the law of the Member State to which KROSS S.A. is subject to;
f. the personal data has been collected in relation to the offering of information society services.
c) Despite the request to delete personal data in connection with the objection or withdrawal of consent, KROSS S.A. may retain certain personal data to the extent that the processing is necessary to establish, assert or defend claims, as well as to fulfill a legal obligation requiring processing under EU laws or the law of a Member State to which KROSS S.A. is subject. This applies in particular to personal data including: name, surname, email address, which are kept for the purpose of processing complaints and claims related to the use of the KROSS S.A.'s services, or additionally the residence/mailing address, which are kept for the purpose of processing complaints and claims related to the concluded sales contracts for the provision of services.
The right to restrict processing - legal basis: Article 18 of the GDPR.
a) The Customer has the right to request restriction of the processing of his/her personal data. Submitting a request, until its processing, prevents the use of certain features or services, the use of which will involve the processing of data covered by the request. KROSS S.A. will also not send any messages, including marketing ones.
b) The Customer has the right to request the restriction of the use of personal data in the following cases:
a. when it questions the accuracy of personal data – then KROSS S.A. limits their use to the time needed to verify the accuracy of the data, but no longer than for 7 days;
b. when the processing of data is unlawful, and instead of deleting the data, the Customer requests to limit their use;
c. when the personal data is no longer necessary for the purposes for which they were collected or used but are needed by the Customer to establish, assert or defend claims;
d. when the Customer has objected to the use of their data – then the limitation occurs for the time necessary to consider whether – due to a special situation – the protection of the interests, rights and freedoms of the Customer outweighs the interests pursued by the Controller when processing the Customer's personal data.
Right to access the data - legal grounds: Article 15 of the GDPR.
a) The Customer has the right to obtain a confirmation from the Controller whether it processes personal data, and if this is the case, the Customer has the right to:
a. access their personal data;
b. obtain information about the purposes of processing, categories of personal data processed, about the recipients or categories of recipients of such data, the planned period of storing the Customer's data or about the criteria for determining this period (when determining the planned period of data processing is not possible), about the rights of the Customer under the GDPR and about the right to lodge a complaint to the supervisory authority, about the source of such data, about automated decision-making, including profiling and about the safeguards applied in connection with the transfer of such data outside the European Union;
c. obtain a copy of their personal data.
The right to rectify data - legal basis: Article 16 of the GDPR.
The right to transfer data - legal basis: Article 20 of the GDPR.
a) The Customer has the right to receive their personal data, which the Customer provided to the Controller, and then send it to another personal data controller of their choice. The Customer also has the right to request that personal data is sent by the Controller directly to such a controller, if it is technically possible. In this case, the Controller will send the Customer's personal data in the form of a csv file, which is a commonly used, machine-readable format that allows sending the received data to another personal data controller.
In the event when the Customer exercises their right included in the above-mentioned rights, KROSS S.A. complies with the request or refuses to comply with it immediately, but no later than within one month after receiving it. However, if due to the complicated nature of the request or the number of requests, KROSS S.A. will not be able to fulfil the request within a month, it will comply with it within the next two months informing the Customer in advance, within one month of receiving the request, about the intended extension of the deadline and the reasons for it.
The Customer may submit complaints, queries and requests to the Controller regarding the processing of their personal data and the exercise of their rights.
The Customer has the right to lodge a complaint to the President of the Office for Personal Data Protection regarding the violation of their rights to the protection of personal data or other rights granted under the GDPR.
V. Services tailored to your preferences and interests (profiling)
- ‘Profiling’ means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a Natural Person, in particular to analyse or predict aspects concerning that Natural Person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Personal data of Customers may be processed in an automated manner (profiling), however, this will not have any legal effects on them or similarly significantly affect the situation of Customers.
Profiling of personal data by KROSS S.A. involves the processing of Customers' data in an automated and manual manner, by using the data to assess certain information about the Customer, in particular to analyse or forecast the Customer's personal preferences and interests.
In order to reach the Customer with marketing messages outside the Online Shop Website, KROSS S.A. uses the services of external suppliers. Such services consist in displaying marketing messages on other websites than the Online Shop Website. For this purpose, external suppliers install, for example, an appropriate code or pixel to retrieve information about the Customer's activity on the Online Shop Website. Details of the cookies used can be found in §3. Legal basis - legitimate interest (Article 6 (1)(f) of the GDPR), consisting in matching marketing messages to preferences and interests.
In order to reach the Customer with marketing messages through the Online Shop Website, KROSS S.A. uses the services of external suppliers. These services consist in displaying marketing messages on the Online Shop pages. For this purpose, external suppliers install, for example, an appropriate code or pixel to retrieve information about the Customer's activity on the Online Shop Website. Details of the cookies used can be found in §3. Legal basis - legitimate interest (Article 6 (1)(f) of the GDPR), consisting in matching marketing messages to preferences and interests.
VI. Security management - password
- KROSS S.A. provides the Customers with a secure and encrypted connection when transferring personal data and when logging into the Customer Account on the Website. KROSS S.A. uses an SSL certificate issued by one of the leading global companies in the field of security and encryption of data sent over the Internet.
KROSS S.A. never sends any mail, including electronic mail with a request to provide login details.
3. Last modified: 24.03.2022.