Privacy Policy

 

Protection of your personal data is very important to us. This document contains information on types of personal data collected by us, purposes for which the data will be used, the legal basis for processing of the data, types of cookie files used by us, and also the rights of the user.

  1. Definitions

 

  1. Controller – CRAG SPORT Klocek Matrejek Spółka Jawna, address: Cholerzyn 406, 32-060 Liszki, Poland, NIP: 6762464801, REGON: 122854450;
  2. Personal Data – shall mean any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  3. EEA – the European Economic Area – is an area of free trade and single market including the countries of the EU and the EFTA, with the exception of Switzerland;
  4. Privacy Policy – the Privacy Policy as described in this document;
  5. Cookie Files – IT data, in particular short text files stored on the user’s device by the website, in order to allow the user to take advantage of the website’s functionality.
  6. Profiling – is any form of automated processing of personal data intended to evaluate certain personal aspects relating to the Natural Person, or to analyse or predict in particular that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
  7. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  8. Website – the website provided by the web administrator at the internet address: https://cragsport.pl/ or respectively https://cragmagazine.pl/;
  9. User – any natural person that visits the Website or uses its functionality (in particular uses tools for conducting communication).

 

  1. Types, Purposes and Legal Basis for Personal Data Processing

We collect only necessary Personal Data and process the data in accordance with the regulations of the GDPR. Types of collected data, purposes for their collecting and the legal basis for the data processing will be described hereafter.

  1. Using the Website

In order to allow the User to display the Website, we collect such Personal Data as the IP address and data gathered by cookie files. We process the data in order to provide the User with an electronic service – namely: providing the User with an access to the content of the Website. The legal basis for the Personal Data processing for this purpose is an obligation to perform a contract – Article 6 (1) (b) GDPR.

 

If the Website allows for posting comments by the Users, it will result in processing of the such Personal Data as your name and/or online nickname. The legal basis for the Personal Data processing as part of the system of comments is an obligation to perform a contract – Article 6 (1) (b) GDPR.

Moreover, in order to provide access to the Website, we may use your Personal Data to optimise your use of the Website, and also to ensure that the Website is displayed in a convenient and uninterrupted manner. The Personal Data may be also used for statistical and analytical purposes (e.g. Google Analytics), and also to guarantee a secure use of the Website (e.g. to detect bots and abuses). The legal basis for the Personal Data processing for these purposes is the legitimate interests pursued by the Controller – Article 6 (1) (f) GDPR.

The Website may redirect the User to our platform used to place b2b orders. The platform will process the Personal Data that are necessary for placing and managing orders. The legal basis for this is an obligation to perform a contract – Article 6 (1) (b) GDPR – and also compliance with a legal obligation to which the Controller is subject – Article 6 (1) (c) GDPR.  

  1. Contacting the Personal Data Controller

The User may contact us via an electronic contact form available on the Website, an e-mail, a telephone call, and also by means of instant messengers provided by social media. Contacting the Personal Data Controller requires submitting Personal Data necessary for us to contact the User and send answers to the User’s enquiries (in particular: your first name, surname, e-mail address, telephone number; your enquiry may contain also other types of data facilitating contacting you).

The legal basis for processing of the Personal Data provided by the User through an online contact form available at the Website is the consent given by the subject – Article 6 (1) (a) GDPR. In the case of the User contacting us via other communication channels, the legal basis are the legitimate interests pursued by the Controller – Article 6 (1) (f) GDPR.

  1. Marketing

We may process your Personal Data to perform marketing actions as described in our Privacy Policy. To perform some of these actions we will use Profiling, due to which the displayed advertising content will be better adjusted to individual preferences and interests of the User.

  1. Newsletter

The Website offers an option to subscribe to our Newsletter. Through the Newsletter, we will send to your e-mail address messages connected with our trade offer, and also information on new products or special price offers. In order to operate the Newsletter, we may use services of software providers specialized in mailings and newsletters.

Subscribing to the Newsletter requires sharing your Personal Data with us (e.g. first name, surname, e-mail). Refusal to provide the Data will disable the possibility to use this service.

The legal basis for processing of the Personal Data provided by the User in order to receive the Newsletter is the consent given by the subject – Article 6 (1) (a) GDPR.

  1. Direct Marketing

We may process your Personal Data for purposes of direct marketing actions, which involve sending direct messages to selected individual customers, often in relation with their interests (e.g. behavioural advertising). We may also conduct other forms of analytical and statistical actions, and/or send you trade information by e-mail, and/or contact you by phone. We also predict a possibility that such messages will be send to you by post or delivery services. We may undertake also other legitimate actions that are required for purposes of signing a contract or initiating a cooperation. We perform such actions by ourselves or by dedicated IT tools (e.g. marketing automation).    

The legal basis for processing of the Personal Data in order to perform direct marketing is the consent given by the subject – Article 6 (1) (a) GDPR – which may be withdrawn at any time.

As part of direct marketing, your Personal Data may be processed also through public profiles in social media, including Facebook, LinkedIn, YouTube, and Instagram, which are managed by us or on our behalf. Owners of the aforementioned social media publish on their websites rules of processing  Personal Data. Therefore, we process Personal Data mainly of Users that visit our profiles, to which we have access in connection with comments, likes or as part of other interactions. We process the data in order to allow you to be active on our social profiles, to optimize administration of the profiles, to share information about products offered by us, events or contests organised by us, and as well for statistical and analytical purposes by means of tools provided by owners of the social media.   

The legal basis for the Personal Data processing for these purposes is the legitimate interests pursued by the Controller – Article 6 (1) (f) GDPR.

At any time you may object to processing of your Personal Data for purposes of direct marketing, including profiling, to an extend to which this processing is related to direct marketing. 

  1. Claims management

If you contact us by an online contact form, by e-mail or phone call in order to register a complaint concerning products offered by us, we will process only the Personal Data necessary for management of the claim. We may also ask you to provide other information necessary for managing the claim. The legal basis for processing your Personal Data for these purposes is compliance with a legal obligation to which the Controller is subject – Article 6 (1) (c) GDPR, and also the legitimate interests pursued by the Controller – Article 6 (1) (f) GDPR.

  • Cookie Policy

Both we, the Personal Data Controller, and the entities performing for us analytical, statistical and advertising services use Cookie Files in order to ensure the highest possible performance of the Website and adjust its content to needs of the User. We use the data collected in this process to optimize the Website, guarantee its security, and also for analytical and statistical purposes. However, the Cookie Files used by us do not allow us to receive direct information about the User’s identity.

You may manage the settings of the Cookie Files through your Internet browser. The most popular browsers offer various options, including accepting all Cookie Files, accepting only selected Cookie Files used on a given website, managing settings of different Cookie Files or blocking/deleting Cookie Files. Detailed information on managing settings of Cookie Files, including their blocking and deleting, is available in the settings of your Internet browser.

Changes in Cookie Files settings may negatively impact some features of the Website. If you do not change the settings of your Internet browser, Cookie Files will be stored at your end device. Changes to settings of the Internet browser may be introduced at any time.

We distinguish the following types of Cookie Files due to their life span:

  • session – those files are stored on your end device until you leave the Website or switch off the browser;
  • persistent – those files are stored on your end device for a period defined by a given cookie file or until you delete them from your device.

We distinguish the following types of Cookie Files due to their purposes:

  • necessary (including secure cookies) – these files make using the Website possible, e.g. enable sustaining the session, detect bots and abuses in services;
  • statistics (including analytical) – these cookies collect statistical data concerning the Website and increase performance of the Website through collecting information such as: e.g. number of visits and sources of traffic on the Website; these files are employed to establish which pages are more popular and have a bigger number of visits and also to help understand how visitors use the Website;
  • functional (including performance cookies) – these cookies help to remember the User’s preferences and adjust the appearance of the Website accordingly, e.g. by adjusting language, regional settings or font settings; these files also enable collecting information about ways in which visitors use the Website for purposes of optimization;
  • marketing – these files help to adjust the content of advertisings displayed on our Website (and also outside the Website, e.g. on other sites and in mobile apps) to the User’s interests.

 

The legal basis for processing your Personal Data in connection with necessary and secure Cookie Files in order to allow you to use the Website is an obligation to perform a contract – Article 6 (1) (b) GDPR. The legal basis for processing your Personal Data in connection with all other types of Cookie Files is the consent given by the User – Article 6 (1) (a) GDPR.

  1. Data Processing outside EEA

The level of Personal Data protection outside the EEA differs from the one that is required by the EU law. Therefore, we share your Personal Data outside the EEA only when necessary, e.g. to guarantee the highest level of IT services or to ensure security of the Personal Data. As the Personal Data Controller, we make sure that entities from outside of the EEA, processing the Personal Data on our request, have access to the Data only in a scope that is necessary to perform their services and with a suitable level of security. Consequently, we cooperate with entities processing Personal Data in countries that the European Commission considers as guaranteeing an appropriate protection level for Personal Data; additionally, we use the standard agreement clauses as prescribed by the European Commission.     

  1. Recipients of Personal Data

We may transfer your Personal Data to:

  1. our authorised employees and cooperators;
  2. entities providing services to us (e.g. server maintenance, software or IT technical support, e-mail and newsletter distribution, marketing services, data analysis and collection of statistics, transport services, deliveries, counselling, auditing, bookkeeping, legal services and their authorised employees and cooperators);
  3. entities authorised to receive your Personal Data on the basis of mandatory provisions of the law.

 

  1. Rights of the User

The Use has the following rights:

  1. to access the content of their Personal Data;
  2. to edit their Personal Data;
  3. to delete their Personal Data;
  4. to limit processing of their Personal Data;
  5. to request a transfer of their Personal Data;
  6. to object to processing of their Personal Data – if the Data are processed by the Personal Data Controller in order to pursue the legitimate interests of the Controller, and also – for reasons related to a particular situation of the User – in other cases, when the legal grounds of the Data processing is the legitimate interest pursued by the Controller;
  7. to withdraw the consent to their Personal Data processing – if the processing takes place on the grounds of the consent expressed by the User; withdrawing of the consent does not affect the legality of the Personal Data processing that took place before the User revoked their consent; in order to revoke your consent to the Personal Data processing you should contact the Personal Data Controller as described in the Point VIII of this Privacy Policy;
  8. to register a complaint concerning processing of their Personal Data to a supervisory body, which in Poland is the President of the Personal Data Protection Office.

The aforementioned rights you may exercise exclusively in accordance with the applicable GDPR regulations.

  • Period of Personal Data Processing

We will process your Personal Data for a period not longer than necessary.

A period for which your Personal Data will be processed depends on the type of performed service and the purpose of processing. We will process your Personal Data during the period of performing a service (e.g. managing an order, answering an enquiry, subscribing to the Newsletter) until your consent is revoked or a valid objection to processing of your Personal Data was registered in cases when the legal basis for Personal Data processing is a legitimate interest of the Controller.

If processing of your Personal Data is necessary for establishing and pursuing potential claims, or for defending against such claims, then the processing period may be extended. After the period, we will process your Personal Data when it is allowed by current legal regulations and to an extend allowed in the regulations.

When the processing period expires, we will delete your Personal Data or make them anonymous.

  • Contact to Personal Data Controller

With issues concerning your Personal Data you may contact us by e-mail at dane@cragsport.pl or by sending a letter to the Personal Data Controller’s address – see: Point I.

  1. Security of Personal Data

We systematically analyse the risks involved in order to ensure that your Personal Data are processed by us in a secure way. We pay special attention to making sure that only authorised people have access to your Personal Data and only when necessary for tasks performed by them. We employ technical and organisational measures in order to: guarantee security of your Personal Data processing; prevent unauthorised people from accessing or acquiring the Data; prevent processing of the Data against the legal regulations concerning personal data protection; protect the Data against changing, losing or damaging them (for example through SSL certificates protecting data transmission, passwords listed in a secure database, changes of access passwords, software updates). When transferring or sharing the Personal Data with our subcontractors or cooperators we make sure that they also guarantee suitable security measures.    

  1. Changes to Privacy Policy

We verify our Privacy Policy on the current basis and when necessary we update the Policy.

The current version of the Privacy Policy shall apply from 23rd August 2022.