PRIVACY POLICY


1. This Privacy Policy sets out the rules for the processing of personal data obtained through the online store kross.eu (hereinafter: the "Online Store').



2. The owner of the Online Store and at the same time the data administrator is KROSS S.A. with its registered office in Przasnysz (06-300), ul. Leszno 46, entered into the Register of Entrepreneurs of the National Court Register

maintained by the District Court for the Capital City of Białystok in Białystok, XII Economic Department of the National Court Register under KRS number 0000223853, with share capital of PLN 45,000,000, NIP:

7611402748, REGON: 550749108, hereinafter referred to as KROSS S.A ..



3. Personal data collected by KROSS S.A. through the Online Store are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on

the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation), also called the GDPR.



4. KROSS S.A. takes special care to respect the privacy of customers visiting the Online Store.



II Type of data processed, purposes and legal basis


1. KROSS S.A. collects information on natural persons carrying out legal actions not directly related to their activities, natural persons conducting economic activities on their own behalf

or professional and natural persons representing legal persons or organizational units that are not legal persons, to whom the Act confers legal capacity, hereinafter collectively referred to as Customers.



2. Customers' personal data is collected in the case of:

a) registering an account in the Online Store in order to create an individual account and manage this account. Legal basis: necessity to perform the contract for the provision of the Account service (Article 6 paragraph 1 letter b of the GDPR);

b) placing an order in the Online Store in order to perform the contract. Legal basis: necessary to perform the contract (Article 6 paragraph 1 letter b of the GDPR);

c) subscription to the newsletter (Newsletter), in order to perform a contract the subject of which is a service provided electronically. Legal basis - consent of the data subject to perform the contract for the provision of the Newsletter service (Article 6 paragraph 1 point a of the GDPR);

d) use the contact form service in the Online Store to perform the contract provided by electronic means. Legal basis: the necessity to perform the contract for the provision of the contact form service (Article 6 (1) (b) of the GDPR);

e) use the service to provide an opinion in order to perform a contract the subject of which is an electronic service. Legal basis - necessity to perform the contract for the provision of services, provide an opinion (art.6 par.1 lit.b RODO).



3. When registering an account in the Online Store, the Customer provides:
a) email address.



4. When registering an account in the Online Store, the Customer sets an individual password to access his account. The customer may change the password at a later time, on the terms described in §7.


5. When placing an order in the Online Store, the Customer provides the following data:
a) email address;
b) address details:
a. zip code and city;
b. street with house / flat number.
c) name and surname;
d) telephone number.



6. In the case of Entrepreneurs, the above range of data is further extended by:

a) the Entrepreneur's company;
b) tax identification number.



7. When using the Newsletter service, the Customer shall only provide his email address.



8. In the event of using the contact form service, the Customer shall provide the following data:
a) email address;
b) name and surname;
c) telephone number.



9. If you use the service, provide your opinion, the Customer provides the following data:
a) email address;
b) name and surname or nickname (nickname).


10. When using the Store Website, additional information may be downloaded, in particular: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.



11. Navigational data may also be collected from customers, including information about links and links in which they decide to click or other activities undertaken in the Online Store. Basis
legal - legitimate interest (art.6 par.1 lit.f RODO), consisting in facilitating the use of services provided electronically and improving the functionality of these services.



12. In order to determine, pursue and enforce claims, certain personal data provided by the Customer may be processed as part of using the functionality in the Online Store, such as: name, surname, data regarding the use of services, if the claims result from the manner in which the Customer uses from services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - a legitimate interest (art.6 par.1 lit.f RODO), consisting in the determination, investigation and enforcement of claims as well as defense against claims in proceedings before courts and other state authorities.



13. Transfer of personal data to KROSS S.A. is voluntary in connection with concluded sales contracts or the provision of services via the Online Store Website, but with this reservation,
that failure to provide the data specified in the forms during the Registration process prevents Registration and the creation of a Customer Account, and if the order is placed without the Customer Account registration
and the implementation of the customer's order.



III Who is the data shared or entrusted to and how long is it stored?


1. The Customer's personal data is transferred to service providers used by KROSS S.A. while running the Online Store. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, or are subject to the instructions of KROSS S.A. as to the purposes and methods of processing this data (processors) or independently define the purposes and methods of their processing
(Administrators).



a) Processing entities. KROSS S.A. uses suppliers who process personal data only on the instruction of KROSS S.A .. They include providers of hosting services, accounting services, providing marketing systems, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns;
b) Administrators. KROSS S.A. uses suppliers who do not act solely on instructions and set the purposes and ways of using Customers' personal data themselves. They provide electronic and banking payment services.



2. Location. Service providers are based in Poland and other countries of the European Economic Area (EEA).



3. Customers' personal data are stored:

a) If the basis for the processing of personal data is consent, then the Customer's personal data is processed by KROSS S.A. as long as the consent is not revoked and after the consent has been revoked
for a period of time corresponding to the limitation period for claims that may be raised by KROSS S.A. and what can be raised against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity - three years.

b) If the basis for data processing is the performance of the contract, then the Customer's personal data is processed by KROSS S.A. as long as it is necessary to perform the contract, and after that time for the period corresponding to the limitation period for claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity - three years.


4. If you make a purchase in the Online Store, personal data may be transferred, depending on the customer's choice, to the following entities in order to deliver the ordered goods:

a) Authorized Sales Points;

b) a courier company;
c) InPost Paczkomaty Sp. z o.o. with its registered office in Krakow, providing
delivery and maintenance services of a P.O. box system (Paczkomaty)



5. If the Customer chooses a payment through the PayU system, his personal data is transferred to the extent necessary for the payment to be made to PayU S.A. with its registered office in Poznań (60-166) at ul.
Grunwaldzka 182, entered into the Register of Entrepreneurs kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, VIII Commercial Department of the National Court Register under the number KRS
0000274399.



6. If the customer chooses to pay via the "leaselink" payment system, his personal data is transferred to the extent necessary for the payment to be made to LeaseLink Sp. z o.o. based in Warsaw
(03-840), ul. Grochowska 306/308, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Department of the National Court Register under the number
KRS 0000477046.



7. If the customer chooses the payment through the "BGŻ BNP Paribas Raty" installment system, his personal data is transferred to the extent necessary for the payment to be carried out by Bank BGŻ BNP Paribas S.A.
with its registered office in Warsaw (ul. Kasprzaka 10/16, 01-211 Warsaw), entered into the register of entrepreneurs kept by the District Court for the Capital City of Warsaw Warsaw in Warsaw, 12th Commercial Department of the National Register
Court under the number KRS 0000011571.


8. Navigation data may be used to provide customers with better service, statistical data analysis and adaptation of the Online Store to customer preferences, as well as administration
Online Store.


9. In the event that the Customer subscribes to the newsletter (Newsletter) to his email address KROSS S.A. will send electronic messages containing commercial information about promotions and new ones
products available in the Online Store.



10. In the event of a request from KROSS S.A. discloses personal data to authorized state bodies, in particular organizational units of the Prosecutor's Office, the Police, and the President of the Office for Data Protection
Personal, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.



IV Cookies mechanism, IP address


1. The Online Store uses small files called cookies. They are saved by KROSS S.A. on the end device of the person visiting the Online Store, if the web browser allows it. A cookie usually contains the name of the domain from which it comes, its "expiry time" and an individual, randomly selected number identifying this file. Information collected using this type of files helps to tailor the products offered by KROSS SA to the individual preferences and real needs of people visiting the Online Store They also give the opportunity to compile general statistics of visits to the presented products in the Online Store.



2. KROSS S.A. uses two types of cookies:
a) Session cookies: after the browser session ends or the computer is turned off, the saved information is deleted from the device's memory. The mechanism does not allow session cookies to download any personal data or any confidential information from customers' computers.
b) Persistent cookies: they are stored in the memory of the Customer's terminal device and remain there until they are deleted or expire. The persistent cookies mechanism does not allow you to download any personal data or any confidential information from your customers' computer.



3. KROSS S.A. uses its own cookies to:
a) authenticating the Customer in the Online Store and ensuring the Customer session in the Online Store (after logging in), thanks to which the Customer does not have to re-enter the login and password on each subpage of the Online Store;
b) analysis and research and audience audit, and in particular to create anonymous statistics that help understand how customers use the Store Website, which allows improving its structure and content.


4. KROSS S.A. uses external cookies to:
a) popularizing the Online Store using the Instagram website (external cookies administrator: Instagram LLC.with headquarters in the USA);
b) popularizing the Online Store using the social network facebook.com (administrator of external cookies: Facebook Inc. with its registered office in the USA or Facebook Ireland with its registered office in Ireland);
c) popularizing the Store using the twitter.com social website (external cookie administrator: Twitter Inc. with its registered office in the USA);
d) collecting general and anonymous static data via Google Analytics analytical tools (external cookie administrator: Google Inc. based in the USA);
e) presenting on the Store's information pages a map indicating the location of the KROSS S.A. office, using the maps.google.com website (external cookies administrator: Google Inc.
based in the USA);
f) presentation of the Reliable Certificate Regulations via the rzetelnyregulamin.pl website (external cookie administrator: Rzetelna Grupa sp.z o.o.with headquarters in Warsaw).



5. The cookie mechanism is safe for computers of Online Store Customers. In particular, it is not possible for viruses or other unwanted software or malware to enter your clients' computers in this way. Nevertheless, in their browsers, Customers have the option of limiting or disabling cookies' access to computers. If you use this
option, the use of the Online Store will be possible, in addition to functions that by their nature require cookies.



6. Below we show how you can change popular settings
Internet browsers regarding the use of cookies:
a) Internet Explorer browser;
b) Microsoft EDGE browser;
c) Mozilla Firefox browser;
d) Chrome browser;
e) Safari browser;
f) Opera browser.


7. KROSS S.A. may collect clients' IP addresses. The IP address is the number assigned to the computer of the person visiting the Online Store by the internet service provider. The IP number allows access to the Internet.
In most cases, it is assigned to your computer dynamically, i.e. it changes every time you connect to the Internet. The IP address is used by KROSS S.A. when diagnosing technical problems with the server, creating statistical analyzes (e.g. determining which regions we record the most visits from), as information useful in administering and improving the Online Store, as well as for security purposes and possible identification of server-consuming, unwanted automatic content viewing programs Online Store.



8. The Online Store contains links and references to other websites. KROSS S.A. is not responsible for the privacy policies applicable to them.


V Rights of data subjects


1. Right to withdraw consent - legal basis: art. 7 item 3 GDPR.



a) The customer has the right to withdraw any consent given by KROSS S.A.


b) Withdrawal of consent has effect from the moment of withdrawal of consent.


c) Withdrawal of consent does not affect the processing carried out by KROSS S.A. in accordance with the law before its withdrawal.


d) Withdrawal of consent does not entail any negative consequences for the Customer, however, it may prevent further use of services or functionalities which, in accordance with the law of KROSS S.A. can only testify with permission.

2. Right to object to data processing - legal basis: art. 21 GDPR.


a) The customer has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data, including profiling, if KROSS S.A. processes his data based on a legitimate interest, e.g. marketing of KROSS S.A. products and services, keeping statistics on the use of individual functionalities of the Online Store and facilitating the use of the Online Store, as well as satisfaction surveys.


b) Resignation in the form of an e-mail message from receiving marketing messages regarding products or services will mean the Customer's objection to the processing of his personal data, including profiling for these purposes.


c) If the Customer's objection proves to be well founded and KROSS S.A. will not have any other legal basis for processing personal data, the Customer's personal data will be deleted, for the processing of which,
The customer has raised an objection.


3. The right to delete data ('right to be forgotten') - legal basis: art. 17 GDPR.
a) The customer has the right to request the erasure of all or some personal data.
b) The customer has the right to request the removal of personal data if:
a. personal data are no longer necessary for the purposes for which they were collected or for which they were processed;
b. withdrew specific consent to the extent to which personal data were processed based on his consent;
c. he objected to the use of his data for marketing purposes;
d. personal data is processed unlawfully;
e. personal data must be deleted in order to comply with the legal obligation provided for in Union law or the law of the Member State to which KROSS S.A. subject;

f. personal data was collected in connection with offering information society services.


c) Despite the request to delete personal data, in connection with raising an objection or withdrawing consent, KROSS S.A. may retain certain personal data to the extent that processing is necessary to establish, assert or defend claims, as well as to comply with a legal obligation requiring processing under Union law or the law of the Member State to which KROSS SA is subject. This applies in particular to data personal data including: name, surname, e-mail address, which data is stored for the purposes of examining complaints and claims related to the use of KROSS SA services, or additionally the address of residence / correspondence address, order number, which data are stored for the purposes of considering complaints and claims related to concluded sales contracts or
providing services.


4. The right to limit data processing - legal basis: art. 18 GDPR.


a) The customer has the right to request a restriction on the processing of his personal data. Submission of a request, pending its consideration, prevents the use of specific functionalities or services, the use of which will involve the processing of the data covered by the request. KROSS S.A. will not send any messages, including marketing messages.
b) The customer has the right to request the restriction of the use of personal data in the following cases:
a. when he questions the correctness of his personal data - then KROSS S.A. limits their use for the time needed to check the correctness of data, but not longer than for 7 days;
b. when the processing of data is unlawful, and instead of deleting the data, the Customer will request to limit their use;
c. when personal data cease to be necessary for the purposes for which they were collected or used but they are needed by the Customer to establish, assert or defend claims;
d. when he objected to the use of his data - then the restriction occurs for the time needed to consider whether - due to a special situation - the protection of the interests, rights and freedoms of the Customer outweighs the interests that the Administrator carries out by processing the Customer's personal data.



5. Right of access to data - legal basis: art. 15 GDPR.


a) The Customer has the right to obtain from the Administrator confirmation whether he is processing personal data, and if this is the case, the Customer has the right to:

a. gain access to your personal data;
b. obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of these data, the planned period of storing the Customer's data or the criteria for determining this period (when determining the planned period of data processing is not possible), about the rights of the Customer GDPR and the right to lodge a complaint with a supervisory authority about the source
these data, on automated decision making, including profiling, and on the safeguards used in connection with the transfer of such data outside the European Union;
c. obtain a copy of your personal data.


6. The right to rectify data - legal basis: art. 16 GDPR.


a) The Customer has the right to request the Administrator to immediately correct his personal data that is incorrect. Taking into account the purposes of processing, the data subject has the right to request supplementing incomplete personal data, including by submitting an additional statement, directing the request to the e-mail address in accordance with §8 Privacy Policy.


7. Right to data portability - legal basis: art. 20 GDPR.


a) The Customer has the right to receive his personal data, which he provided to the Administrator, and then send it to another personal data administrator of his choice. The customer also has the right to request that personal data be sent by the Administrator directly to such an administrator, if it is technically possible. In this case, the Administrator will send the Customer's personal data in the form of a csv file, which is a commonly used, machine-readable format that allows you to send the received data to another personal data administrator.


8. In the event of the Customer having the right under these rights, KROSS S.A. meets the request or refuses to comply with it immediately, but not later than within one month after receiving it. However, if - due to the complex nature of the request or the number of requests - KROSS S.A. will not be able to comply with the request within a month, will fulfill it within the next two months informing the Customer
previously within one month of receipt of the request - on the intended extension of the deadline and its reasons.


9. The Customer may submit to the Administrator complaints, queries and requests regarding the processing of his personal data and the exercise of his rights.


10 The customer has the right to demand from KROSS S.A. providing copies of standard contractual clauses by directing the inquiry in the manner indicated in §8 of the Privacy Policy.


11. The customer has the right to lodge a complaint to the President of the Office for Personal Data Protection regarding the violation of his rights to the protection of personal data or other rights granted under the GDPR.


VI Services tailored to your preferences and interests (profiling)


1. Profiling means any form of automated Processing of Personal Data that involves the use of Personal Data to assess certain personal factors of a Physical Person, in particular to analyze or forecast aspects of the physical person's work effects, his economic situation, health, personal preferences, interests, credibility, behavior, location or movement.



2. Customers' personal data may be processed in an automated way (profiling), however, this will not have any legal effects on them or similarly significantly affect the situation of customers.



3. Profiling of personal data by KROSS S.A. consists in processing Clients' data in an automated and manual manner by using them to evaluate certain information about the Customer, in particular to analyze or forecast his personal preferences and interests.



4. In order to reach the Customer with marketing messages outside the Online Store Website, KROSS S.A. uses the services of external suppliers. These services consist of displaying marketing messages on pages other than the Online Store Website. For this purpose, external suppliers install e.g. the appropriate code or pixel to download information about the Customer's activity on the Online Store Website. Details regarding cookies used can be found in §4. Legal basis - legitimate interest (Article 6 paragraph 1 letter f of the GDPR), consisting in matching marketing messages to preferences and interests.



5. In order to reach the Customer with marketing messages via the Online Store Website, KROSS S.A. uses the services of external suppliers. These services consist in displaying marketing messages on the Online Store Pages. For this purpose, external suppliers install e.g. the appropriate code or pixel to download information about the Customer's activity on the Online Store Website. Details regarding cookies used can be found in §4. Legal basis - legitimate interest (Article 6 paragraph 1 letter f of the GDPR), consisting in matching marketing messages to preferences and interests.


VII Security management - password


1. KROSS S.A. provides customers with a secure and encrypted connection when sending personal data and when logging into the Customer Account on the Website. KROSS S.A. uses an SSL certificate issued

by one of the world's leading companies in the field of security and encryption of data transmitted via the Internet.



2. In the event that the Customer having an account in the Online Store has lost the access password in any way, the Online Store allows you to generate a new password. KROSS S.A. does not send a reminder

password. The password is stored in an encrypted form in a way that makes it impossible to read. To generate a new password, enter the e-mail address in the form available under the link "No.

you remember the password "provided on the login form to the account in the Online Store. The customer will receive to the e-mail address provided during registration or saved in the last account profile change

an electronic message containing a redirection to a dedicated form available on the Store Website, where the Customer will be able to set a new password.



3. KROSS S.A. he never sends any correspondence, including electronic correspondence, asking for login details, in particular the password to access the Customer's account.


VIII Changes to the Privacy Policy


1. The Privacy Policy may change, about which KROSS S.A. will inform customers 7 days in advance.

2. Questions regarding the Privacy Policy should be directed to: iodo@kross.pl.

3. Date of last modification: 30.03.2020.