Privacy Policy

Privacy declarations for Kradex Sp. z o.o. (www.kradex.com.pl)

The information contained in this declaration relates to the processing of personal data on or through our website and is aimed in particular at informing the User about the scope of processing their personal data, the purposes of this processing, the recipients of data, the legal grounds for processing, the periods of data storage and the rights of the User in connection with the processing of their personal data.

I. Definitions

  • The Controller - Kradex Sp. z o.o., ul. Minerska 4, 04-506 Warsaw, Poland, NIP: 9522187930, REGON: 381603418. Contact details: e-mail kradex@kradex.com.pl, phone +48 22 613-08-88.

  • Personal Data – any information relating to an identified or identifiable individual (“data subject”); an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

  • The Policy - this Personal Data Processing Privacy Policy.

  • The GDPR - the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/41/EC.

  • The Website - website maintained by the Controller at www.kradex.com.pl

  • The User - a person whose personal data is processed by the Controller in connection with the use of the website of www.kradex.com.pl and the services provided through it.

II. Personal data processing in connection with the use of the Website

In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide specific services offered.

The principles and purposes of processing the data collected during the use of the Website by the User are described below.

III. Contact details of the Data Protection Officer

The Data Protection Officer can be contacted by writing to the following address:

E-mail: iod@kradex.com.pl

IV. Purpose, legal basis for processing and the period during which we will process the personal data of the Website Users

1. The legal basis for personal data processing

The Controller may collect personal data of data subjects on the basis of the following legal provisions, depending on the purpose for which the data was collected.

If we obtain the consent of the data subject to the processing of personal data, the legal basis shall be Article 6(1)(a) of the GDPR.

The consent may be withdrawn at any time by writing to kradex@kradex.com.pl, without affecting the lawfulness of the processing carried out before withdrawal.

If the processing of personal data is required for the performance of the contract to which the data subject is a party, the legal basis shall be Article 6(1)(b) of the GDPR. This also applies to processing operations necessary for the implementation of activities prior to the conclusion of the contract, to be carried out at the request of the data subject.

If the processing of personal data is required to fulfil the legal obligation to which the Controller is subject, the legal basis shall be Article 6(1)(c) of the GDPR.

If the processing of data is necessary to protect the legitimate interests pursued by the Controller or a third party and the interests, fundamental rights and freedoms of the data subject do not prevail over the first mentioned interest, the legal basis shall be Article 6(1)(f) of the GDPR.

Indicated below are the purposes, legal bases and the period for which we will process the Users’ personal data.

2. Newsletter

a. Purpose and legal basis of data processing

If you grant your consent to the processing of your personal data for newsletter purposes and provide us with your e-mail address for this purpose, we will regularly send you information about our new products, events and promotions related to the activity of Kradex (e.g. new products, social events, special promotions, our current catalogue). Provision of data for sending the newsletter is voluntary.

The legal basis entitling the Controller to process personal data for newsletter purposes is your voluntary consent (Article 6(1)(a) of the GDPR) granted by ticking the appropriate boxes. If you do not grant your consent, we will not be able to provide the above service.

You have the right to withdraw your consent at any time without affecting the lawfulness of the processing which took place before consent withdrawal. The consent is withdrawn by clicking on the link in the newsletter. In addition, the User can opt out of receiving the newsletter after logging in using the Account Settings.

b. Personal data which we will process in connection with the newsletter service

  • E-mail address

In addition, the following data shall be collected during registration:

  • IP address of the connecting device

  • Date and time of registration

c. The period of personal data processing

Personal data will be processed until the consent is withdrawn. In case of inactivity on your part, no longer than 24 months (the time will be counted from the moment of registering or last updating the newsletter settings available after logging in using the account settings). Other personal data collected during the registration process will normally be deleted after two months

.

2. Direct marketing of own products and services

a. Purpose and legal basis of data processing

We may process the User’s personal data for the purpose of marketing our own products and services. In this respect, the User may, for example, receive information from the Controller about special offers and discount campaigns. The processing of data takes place on the basis of the Controller’s legitimate interest, i.e. Article 6(1)(f) of the GDPR.

b. Processed data scope

  • e-mail address

c. The period of personal data processing

We store personal data processed for direct marketing purposes until the User has effectively objected to such processing. After that time, the data will no longer be processed for the purpose of direct marketing, but its further storage may be necessary due to the performance of the contract or the provisions of law.

3. User inquiries sent via contact form, e-mail and Facebook

a. Purpose and legal basis of data processing

A contact form and an e-mail address can be found on our website, the purpose of which is to allow the User to send an enquiry and submit a report and their identification.

The use of the form requires providing personal data necessary to identify the User, contact the User and answer the question asked. The User may also provide other data to facilitate contact or handling of the enquiry.

Providing data marked with an asterisk is mandatory to accept and handle the enquiry, and failure to provide it results in the inability to handle it. The User’s provision of other data is voluntary.

The legal basis for the processing of data marked with an asterisk is the pursuit of the Controller’s legitimate interests in the form of communication with the Website Users and their identification (Article 6(1)(f) of the GDPR).

The legal basis for the processing of personal data not marked with an asterisk is the consent of the User (Article 6(1)(a) of the GDPR) granted by filling in the optional fields of the form.

The User’s consent may be withdrawn at any time without affecting the lawfulness of the processing prior to the withdrawal of the consent.

b. Personal data which we will process in connection with the possibility of contact by the User

  • full name

  • e-mail address

  • phone number

  • IP address

When the User uses the contact form option, the data entered in the input fields is transferred and saved along with the time of the enquiry. In addition, the IP address of the connecting device is recorded.

c. The period of personal data processing

Personal data which has been provided to us in the course of e-mail communication or using the contact form will be processed until the end of correspondence with the User, and after that time may be processed for the period of limitation of any claims. Correspondence ends when circumstances indicate that the matter has been resolved.

In addition, contact via Facebook is possible. You can send us a message from your Facebook profile. The name of your Facebook profile and, if applicable, your full name will be sent to us.

4. Registration when creating an account on the Website

a. Purpose and legal basis of data processing

The User can create an account on the Controller’s Website, and for this purpose the User must register and provide personal data. The personal data provided is used to identify the User. Creating an account allows the User to place an order, quickly create, manage and use invoice data, easily check the order status and order history.

Registering an account is neither necessary nor mandatory to place an order in the Online Shop.

Personal data will be processed pursuant to Article 6(1)(b) of the GDPR, i.e. in order to perform the contract for the provision of the service by electronic means in the form of keeping an account on the Controller’s Website and in order to create and manage an account.

The Controller will also process personal data for other purposes related to the possession of an account, i.e. for the purpose of:

  • performance of the sales contract, including the delivery of goods or services and contact in connection with the performance of the order pursuant to Article 6(1)(b) of the GDPR;

  • keeping accounting books and tax records, if an invoice is issued pursuant to Article 6(1)(c) of the GDPR in connection with Article 74(2) of the Accounting Act and other special provisions for the purpose of documenting sales;

  • dealing with complaints pursuant to Article 6(1)(c) of the GDPR;

  • establishing, pursuing and defending against claims under business activity, which constitutes the legally justified interest of data processing by the Data Controller (Article 6(1)(f) of the GDPR).

The User’s provision of personal data is voluntary, but necessary to register and maintain an account. Failure to provide data results in the inability to create an account.

b. The scope of the personal data processed in connection with the kept account

Our Website offers the Users the opportunity to register an account by providing personal data. The data is entered into the input fields and sent to the Controller and saved. Data shall not be transferred to third parties. The following data shall be recorded during registration:

  • E-mail address

  • Password

  • Billing and shipping address

The following data shall also be stored at the time of registration:

  • User IP address

  • Date and time of registration

c. The period of personal data processing

Personal data will be processed for the duration of the account, i.e. for the duration of the contract (Article 6(1)(b) of the GDPR).

In the case where we process personal data on the basis of Article 6(1)(c) of the GDPR, personal data will be processed for the period of storage of accounting and tax documentation resulting from the relevant legal provisions, i.e. until the expiry of the relevant storage periods.

Personal data processed pursuant to Article 6(1)(f) of the GDPR will be stored for the period of limitation of claims resulting from the law or until you have effectively objected to such processing.

Personal data will be deleted when the purpose of its processing ceases.

d. Account deletion

As a User, you have the option to cancel your registration at any time. Send us an e-mail to the following address:

E-mail: kradex@kradex.com.pl

or use the “Delete Account” button in the Account Settings.

If the data is required for the performance of the contract or for taking action prior to the conclusion of the contract or if there are legal retention obligations, premature deletion of the data is possible only to the extent that contractual or legal obligations do not prevent deletion.

Additional information about how we process your personal data in connection with your account can be found in the Shop’s Terms and Conditions at www.kradex.com.pl/shopconditions

5. Website security and creation of log files

a. Purpose and legal basis of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the Website to the User’s device. To do so, the User’s IP address must be stored for the duration of the session.

The data is stored in log files to ensure the functionality of the Website.

In addition, the data is used to optimise the Website and ensure the security of our IT systems. The evaluation of data for marketing or other purposes does not take place in this context.

Our legitimate legal interest in the processing of data is also included in these processing purposes.

The legal basis for the temporary storage of data and log files shall be Article 6(1)(f) of the GDPR.

b. The scope of the processed personal data

Every time you visit our Website, our system automatically collects data and information from the computer access device system (computer, smartphone, tablet, etc.).

The following data shall be collected:

  • Information about the browser type used and its version;

  • The operating system of the connecting device;

  • IP address of the connecting device

  • Date and time of access;

  • The website from which the system of the access device reaches our Website.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the User.

c. The period of personal data processing

The data shall be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For collecting data to share the Website, this is the case when the given session ends.

If the data is stored in log files, this will happen at the latest after two months. In this case, however, the IP addresses of the Users are deleted or become anonymous so that it is no longer possible to identify the Customer’s access

.

6. Use of cookies

a. Purpose and legal basis of data processing

Cookies are text files which are stored in the memory of a web browser or through a web browser in the User’s computer system.

We need cookies for the following applications:

  • Possibility to apply the settings of allowed cookie types;

  • Possibility to apply language settings;

  • Technical implementation of the login function;

  • Possibility to maintain the state of visibility of one-time pop-ups;

  • Shared cart content in browser windows/tabs.

  • Anonymous usage analysis using an anonymous User ID.

An anonymous User ID is used to improve the quality of our Website and its content. Thanks to analytical cookies, we learn how the Website is used and thus we can constantly optimise our portfolio.

Cookies we use can be divided into three groups: technical, analytical and third party. We process the first of those as it is a requirement for displaying the Website correctly and to provide the Website service in a secure manner. It is therefore our legitimate interest to process the data. The legal basis is Article 6(1)(f) of the GDPR.

We process analytical and third party cookies based on the User’s consent. If the User visits the Website, after granting their consent, the cookie may be stored in the User’s operating system. This cookie contains a characteristic string which allows for a unique identification of the browser when the Website is visited again.

The following data is stored and transmitted in cookies:

  • User privacy options and granted consents;

  • Language settings;

  • Login details;

  • Pop-up settings;

  • Cart content;

  • An anonymous User ID for Google Analytics (explained below);

  • User ID for the Facebook Pixel feature.

b. The period of personal data processing

Before sending the relevant cookies, the Website will ask for appropriate consent, divided into several categories. The consent may be changed by selecting an appropriate option in . Cookies are stored on the User’s device from which they access the Website for no more than 12 months and are sent to our Website. Therefore, as a User, you have full control over the use of cookies. In addition, you can disable or limit the transmission of cookies by changing the settings in your web browser. Cookies which have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our Website, you may not be able to use all of its features.

7. Analysis of User behaviour with Google Analytics

a. Purpose and legal basis of data processing

Our Website uses Google Universal Analytics, an online analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Universal Analytics uses “cookies” which are text files placed on Users’ computers, to help the website analyse how the Users use the website. The information generated by cookies regarding the use of the Website by users is usually transferred to a Google server in Europe but it can also be transferred to the USA. IP anonymisation has been activated for this Website so that the IP addresses of Google Users in the Member States of the European Union or in other countries signatory to the Agreement on the European Economic Area will be abbreviated beforehand. In some cases, the full IP address shall be transferred to the Google server in the USA and abbreviated there. On behalf of this Website’s Operator, Google will use this information to evaluate the Users use of the Website, to prepare reports on the activity on the Website, and to provide the Website Operator with further services related to the use of the Website. The anonymised IP address transmitted by the browser within the framework of Google Universal Analytics shall not be merged with other Google data. Before launching external Google scripts, the Website will ask for the appropriate consent. The Data Controller shall not be responsible for external Google scripts.

Google Analytics’ processing of User data allows us to analyse the Users’ Website browsing behaviour. We are able to collect information about the use of individual components of our Website by evaluating the obtained data. This helps us continuously improve our Website and its ease of use. These purposes include our legitimate interest in the processing of data. By anonymising the IP address, the interest of the Users in the protection of their personal data is sufficiently taken into account.

The legal basis for the processing of such data is Article 6(1)(a) of the GDPR.

b. The period of personal data processing

Before launching external Google scripts, the Website will ask for the appropriate consent. Consents can be changed by selecting the appropriate option in . Cookies are stored on the User’s device from which they access our Website for no more than 12 months and are sent to our Website. Therefore, as a User, you have full control over the use of cookies. In addition, you can disable or limit the transmission of cookies by changing the settings in your web browser. Cookies which have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our Website, you may not be able to use all of its features.

You may object to the collection of the data described above at any time with effect for the future by changing the settings of the allowed types of cookies on our Website or by using the Google Analytics browser deactivation plug-in at http://tools.google.com/dlpage/gaoptout?hl=en. Data will then no longer be sent to Google Universal Analytics.

You can also prevent Google Universal Analytics from collecting data by clicking this link. The cookie set allows you to opt out of collecting your data when you visit our Website. The opt-out cookie is only valid for this browser and only for our Website and is stored on the User’s device. If you delete cookies in this browser, you must reset the opt-out cookie

.

For more information on the terms of use and data protection, see:

https://www.google.com/analytics/terms/us.html

https://www.google.com/intl/en/analytics/privacyoverview.html

https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=2790009

c. Data recipient and transfer to third countries

The data recipient is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In cases where personal data is transferred to the USA, the data transfer is based on the so-called contractual clauses (SCC), referred to further on.

8. Analysis of User behaviour with Facebook Pixel

a. Purpose and legal basis of data processing

In order to conduct effective marketing campaigns and promote our products and services, we use the “Facebook Pixel” feature which is provided by Facebook, a social networking service operated by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA or, for users who are EU residents - Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Facebook Pixel is a piece of code placed on our Website. It allows Facebook to identify visitors to our web content as a target group for the display of Facebook advertisements on their social media profiles (e.g. as part of sponsored advertising) which we understand as our legitimate interest (Article 6(1)(f) of the GDPR). As part of the Facebook Pixel feature, it is therefore possible to display advertisements we publish on Facebook only to Facebook users who have shown interest in our services or who have certain common coefficients (such as interest in certain topics or products determined on the basis of our Website tabs visited, products viewed) which we provide to Facebook (this is the result of the Pixel feature’s activity, installed on our Website). The Facebook Pixel feature also helps us understand the effectiveness of Facebook ads for statistical and market research purposes, showing whether Users have been redirected to our services after clicking on a Facebook ad (so-called conversion, allowing to determine on which devices the User performs the action), to create so-called similar audiences or statistical twins (i.e. show ads to target groups similar to the existing customers) and to obtain comprehensive statistics on Website usage. During the User’s visit to our website, the Facebook Pixel feature establishes a direct connection to the Facebook servers. This way, the Facebook server is notified that the user has visited our website and Facebook assigns this information to the Facebook user’s personal account. Before launching external Facebook Pixel scripts, the Website will ask for the appropriate consent. The Data Controller shall not be responsible for external Facebook scripts.

You may object to our use of the Facebook Pixel feature using your personal data in the following manner:

We would like to draw your attention to the fact that when the cookie blocker is removed, data will again start being collected by Facebook Pixel.

b. Personal data processing period

Cookies are stored on the User’s device from which they access our Website for no more than 12 months and are sent to our Website. As a User, you have full control over the use of cookies. In addition, you can disable or limit the transmission of cookies by changing the settings in your web browser. Cookies which have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our Website, you may not be able to use all of its features.

c. Data recipient and transfer to third countries

Your data may be transferred to third countries in accordance with Facebook’s (Meta’s) Terms of Service and Privacy Policy. Facebook uses Standard Contractual Clauses when transferring data outside the EEA, and you can read more about that at this link.

Standard Contractual Clauses (SCCs) are a legal mechanism used by Facebook and other companies to transfer personal data outside the European Economic Area (EEA). To better protect individuals and respond to market needs, the European Commission updated its Standard Contractual Clauses in June 2021. The new SCC P2P streamline the contractual relationship for data transfers by eliminating the need for each advertiser or customer to directly enter into SCC agreements with Facebook. Companies, including Facebook, which want to rely on the SCC in the future must include the updated SCC in their agreements. Accordingly, we have updated our European Data Transfer Addendum to include the new SCC P2P.

Further information about Facebook’s data collection and use, as well as the User’s privacy rights and options, can be found in Facebook’s data protection policy at https://www.facebook.com/about/privacy/update.

Specific information and details about the Facebook Pixel feature and how it functions can be found in Facebook’s help section at https://www.facebook.com/business/help/651294705016616.

This feature can be disabled as shown at https://de-de.facebook.com/business/help/1415256572060999?helpref=uf_permalink or https://www.facebook.com/settings?tab=ads. To do this, you need to log into Facebook.

V. Data transmission

1. The Controller may transfer User data to third parties for the purposes described in the Policy, i.e.:

  • principals with whom the Controller has concluded service contracts;

  • entities involved in processes necessary for the performance of the contract, including postal and courier services, payment services, services provided by electronic means (e.g. newsletter);

  • entities providing legal, accounting and advisory services, including in the case of pursuing claims related to the Controller’s business activities and defence against claims;

  • entities providing us with marketing services;

  • entities with equity links to Kradex Sp. z o.o.;

  • public bodies or entities carrying out public tasks.

2. The Controller may be required to provide information collected from the Website to authorised bodies based on legitimate demands arising from the demand.

Provided that the provision of User data to the above mentioned entities takes place in accordance with the applicable legal regulations and in keeping to the entirety of principles related to its security.

VI. Rights of the Users

The User has the following rights with respect to their personal data in accordance with Article 15 et seq. of the GDPR:

  • The right to access - on this basis, the User may request us to provide information on the processing of personal data, and we will provide information on the data processing, including in particular the purposes and legal bases for the processing, the scope of possessed data, the entities to which it is disclosed and the planned date of erasure;

  • The right to obtain a copy of the data - on this basis, on request, we will provide a copy of the personal data we process;

  • The right to rectification - as the Controller, we are obliged to remove any inconsistencies or errors in the processed personal data and supplement it if incomplete;

  • The right to erasure - on this basis, the User may request the erasure of data, the processing of which is no longer necessary for the fulfilment of any of the purposes for which the data was collected;

  • The right to restrict the processing - in the event of such a request, we will stop performing operations on personal data, with the exception of operations for which consent has been granted, and its storage, in accordance with the adopted retention rules or until the reasons for restricting the processing of data cease (e.g. a decision of the supervisory bodies allowing further processing of data has been issued);

  • The right to transfer data - on this basis, to the extent that the data is processed in connection with the concluded contract or the granted consent, as the Controller, we will issue the data provided by the User in a computer-readable format. It is also possible to request the transfer of this data to another entity - provided, however, that there are technical possibilities in this respect, both on our part and on the part of this other entity;

  • The right to object - the User has the right to object at any time to the processing of personal data for marketing purposes, without the need to justify this objection. They may also object at any time to the processing of data carried out on the basis of our legitimate interest as the Controller (e.g. for analytical or statistical purposes);

  • The right to withdraw consent - if we process personal data on the basis of the granted consent (Article 6(1)(a) of the GDPR), the User has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the consent withdrawal;

  • The right to a complaint - in the event that the User considers the processing of their personal data to be in violation of the provisions on the protection of personal data, they may lodge a complaint with the President of the Office for the Protection of Personal Data, whose registered office is in Warsaw at ul. Stawki 2 (00-193) (https://uodo.gov.pl)

  • .

When exercising the above rights, we may ask for confirmation of the User’s identity in order to verify them.

VII. Changes to the Privacy Policy

Individual parts of this personal data protection declaration may be modified or updated. If any changes are introduced, the Users will be notified via different channels (for example, by displaying a banner, a pop-up or push notification) or by e-mail if the change would have a major impact on their privacy. In any case, before using our Website, we recommend that you always check the personal data protection declaration to find out the current status which may have been modified or updated.

Status of the personal data protection declaration as at: January 2022.