Privacy Policy 

GENERAL INFORMATION

This Privacy Policy explains how CROS Sp. z o.o. processes personal data and Informs Users about rights in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR). Protecting personal data is a priority for CROS and all data is processed with due care and appropriate security measures.


DATA CONTROLLER

​The controller of personal data is CROS Sp. z o. o. with its registered office in Łady, ul. Długa 34, entered into the Register of Entrepreneurs under the KRS number: 0001181425, for which the registration files are kept by the District Court of capital city Warsaw, 13th Commercial Department of the National Court Register, Tax Identification Number: 5342697076, REGON: 542154108.

You can contact the Data Administrator in following ways:
– by post: ul. Długa 34, 05-090 Łady, Poland;
– by e-mail: info@cros-cro.com. 

SCOPE OF PROCESSED DATA

Depending on the purpose, the Controller may process the following categories of personal data:

  • identification data (name, surname),
  • contact data (e-mail address, telephone number, postal address),
  • company and business-related data,
  • correspondence data,
  • data included in job applications,
  • technical data such as IP address, device information, browser type, website, usage data.

Providing personal data is voluntary, but in some cases necessary to conclude contract, respond to inquiries or provide services. Failure to provide required data may result in the inability to achieve these purposes.

PURPOSES AND LEGAL BASIS OF PROCESSING

1. Personal data is processed for the following purposes and legal bases:

Your data is processed by us as in one or several of the following purposes:

  • handling inquiries and correspondence (legal basis: Article 6 (1) letter (f) of the GDPR) – legitimate interest of the Controller);
  • marketing of the Controller’s own products and services (legal basis: Article 6 (1) letter (a) of the GDPR – consent (where required), Article 6 (1) letter (f) of the GDPR – legitimate interest – direct marketing);
  • recruitment processes - (legal basis: Article 6 (1) letter (a) and Article 6 (1) letter (b) of the GDPR);
  • fiscal and accounting obligations (legal basis: Article 6 paragraph 1) letter (c) of the GDPR);
  • determination, investigation and defense in the event of mutual claims (legal basis: Article 6 paragraph 1) letter f) of the GDPR);
  • implementation of the contract arrangements with CROS CRO Sp. z o.o. (legal basis: Article 6 paragraph 1 letter b) of the GDPR);
  • archiving (basis: Article 6 paragraph 1) letter f) of the GDPR;
  • website analytics and improvement (legal basis: Article 6 paragraph 1 letter (a) of the GDPR – consent – cookies).

2. Your personal data will not be processed in an automated manner (including profiling).

DATA RECIPIENTS

Personal data might be transferred to entities CROS cooperates with (processors) if it is necessary to fulfill contract arrangements or other services:

  • IT service providers, hosting providers, and software vendors,
  • Accounting and legal service providers,
  • Marketing and analytical service providers,
  • Public authorities, where required by law.

All recipients process data based on appropriate data processing agreements or legal obligations.

We have the right to share your personal data with entities authorized under the applicable law. If it will be needed, you will be informed about this issue.

Your personal data will be processed until the objective for their collection is achieved but no longer than 15 years from the day of your consent for their processing.

We reserve the right to process your data after the end of the processing period or withdrawal of your consent only for possible claims before the court or if legal regulations oblige us to retain data.

TRANSFER OF DATA OUTSIDE THE EEA

Personal data may be transferred outside the European Economic Area (EEA), including to the United States, in connection with the use of tools such as Google Analytics, Meta Platforms or LinkedIn. Such transfers are carried out in accordance with GDPR, based on:

  • Standars Contractual Clauses approved by the European Commission and/or
  • Participation in the EU-US Data Privacy Framework (where applicable).

RIGHTS OF DATA SUBJECTS

In connection with the processing of your personal you have the right to:

  • remove your consent to process your personal data;
  • access to your personal data, including receiving copy of processed data;
  • rectify your personal data if data which CROS posses is incorrect or incomplete;
  • erase your personal data if it is no longer needed for the aim it was collected to and CROS CRO has no more right to process it;
  • restrictions on the processing of personal data i.e. in case of following cases:
    - you have objections to correctness of your data;
    - you think we shall not process your data but you don’t want us to remove them;
    - your data are no longer needed for us but they are necessary for potential claims;
    - you objected to the processing of your data and it is our responsibility to verify whether we should process them;
  • object to the processing of your personal data in special circumstances related to your situation;
  • transfer of your personal data if it was shared in electronic form.

You may object to the processing of your data at any time. An objection may be made as follows:

  • in person in CROS headquarter;
  • by traditional mail, to the address of our headquarter;
  • by e-mail: info@cros-cro.com;

If you believe that CROS violates the legal regulations on the protection of personal data when processing your data, you have the right to lodge a complaint.

The complaints might be lodged at Office of the President of the Personal Data Protection, located: Stawki 2 St., 00-193 Warsaw, Poland.

COOKIES

Detailed information regarding the use of cookies is available in the Cookies Policy published on the Website.

SECURITY

The Controller applies appropriate technical and organizational measures to ensure the security of personal data, including protection against unauthorized access, loss or destruction.

PRIVACY POLICY UPDATE

​CROS CRO Sp. z o. o. reserves the right to change the Privacy Policy.

  • Privacy Policy is updated in accordance with changes introduced by legal regulations or Company’s procedures.
  • The current version of the Privacy Policy is always available on the Website. Changes take effect on the date of publication.

Cookies Policy 

GENERAL INFORMATION

This Cookies Policy set out the rules for storing and accessing information saved on end-user devices of Users who use the Website available at www.cros-cro.com (hereinafter referred to as the “Website”).

The Cookies Policy has been prepared in accordance with:

  • Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR);
  • The Polish Telecommunications Law of 16 July 2004;
  • Other generally applicable provisions of law.

DATA CONTROLLER

​The controller of personal data is CROS Sp. z o. o. with the registeredoffice in Łady (05-090), ul. Długa 34, entered into the Register of Entrepreneurs the National Court Register under the KRS number: 0001181425, for which the registration files are kept by the District Court of capital city Warsaw, 13th Commercial Department of the National Court Register, Tax Identification Number: 5342697076, REGON: 542154108.

The administrator processes personal data in accordance with the principles set out in the GDPR and ensures their security and confidentiality.

DEFINITIONS

  • Website/Service – internet service available under address www.cros-cro.com
  • External service – internet service of CROS partners, vendors or clients.
  • Controller/Administrator – CROS Sp. z o. o. company with the registered office in Łady (05-090), ul. Długa 34, entered into the Register of Entrepreneurs under the KRS number: 0001181425, for which the registration files are kept by the District Court of capital city Warsaw, 13th Commercial Department of the National Court Register, Tax Identification Number: 5342697076, REGON: 542154108, providing electronically services through the Service and storing and accessing to information in Users’ devices.
  • User – natural person, to whom the Administrator provides services electronically through the Service.
  • Device – electronical device with the software through which the User gains access to the Website
  • Cookies – text data collected in files format placed in User’s devices.

TYPE OF COOKIES USED

The Website uses the following categories of cookies:

  • Internal cookies – files uploaded from Users’ device and read by the Service’s IT system
  • External Cookies – files uploaded from Users’ device and read by the External Service’s IT system
  • Session Cookies – files uploaded from Users’ device and read by the Service or External Service’s IT system during one session of the device. After the session, the files are removed from the User’s device.
  • Permanent Cookies – files uploaded from Users’ device and read by the Service or External Service’s IT system until they are manually removed. The files are not automatically removed after the end of the session unless the User’s device’s configuration is in the mode of removing cookies after the device’s session.
  • Essential (Technical) Cookies:
    - enable the proper functioning of the Website,
    - are necessary for the provision of services by electronic means,
    - do not require the User’s consent.
    Legal basis: Art. 6 (1) (f) GDPR – legitimate interest of the Controller.
  • Analytical (Statistical) Cookies
    - are used to analyze Website traffic,
    - help improve the operation of the Website,
    - are used only after the User has given consent.
    Legal basis: Art. 6 (1) (a) GDPR – User’s consent.
  • Marketing Cookies
    - are used to conduct marketing activities,
    - enable the display of tailored advertising content,
    - are used only after the User has given consent.
    Legal basis: Art. 6 (1) (a) GDPR – User’s consent.

SECURITY

  • Storage and reading devices – the mechanisms don’t allow to download any personal data or confidential information from User’s device. Transferring any viruses, trojans or other bugs to the User’s device is practically impossible.
  • Internal cookie – internal cookie used by the Administrator is secure for Users’ devices. 
  • External Cookie – Administrator is not responsible for security of files derived from Service’s partners. List of partners is listed in p. 5 of the Cookies Policy.

AIMS THE COOKIES ARE USED FOR

Cookies are used for the following purposes:

  • Ensuring the proper functioning of the Website,

  • Improving and facilitating access to the Website – Administrator can store in cookie files information about User’s preferences and settings of the Website to improve and speed up services of the Website.

  • Marketing and advertising – Administrator and external Servies use cookie files for marketing purposes and to serve Users advertisements. 
  • Statistical data – Administrator and external Services use files such as statistics of visits, Users’ devices or Users’ behaviors.  This data is collected for analysis and improvement of the Service.

EXTERNAL SERVICES

1. Administrator uses services with following external services which may place cookie files on User’s devices:

  • Google Analytics – for statistical analysis,
  • Facebook (Meta Platforms) – form maketing activities,
  • LinkedIn – form marketing and analytical activities.

2. Some data may be transferred outside the European Economic Area (EEA), in particular to the United States.
3. Such transfers are carried out in accordance with GDPR, based on:
a. Standrd Contractual Clauses approved by the European Commission and/or
b. participation in the EU-US Data Privacy Framework (where applicable).

CONSENT TO COOKIE

Upon the User’s first visit to the Website, the User is informed about the use of cookies.

The User has the option to:

  • give consent to all cookies,
  • refuse cookies other than essential ones,
  • make an individual selection of cookie categories.Consent may be withdrawn at any time.

POSSIBILITIES TO DETERMINE CONDITIONS OF STORAGE AND ACCESSING ON USER’S DEVICES BY THE SERVICE OR EXTERNAL SERVICES

1. User at any time can change settings of recording, removing and accessing data of saved cookie files.
2. Information about how to turn off cookies in the most popular
3. Websites and mobile devices is available at the website: how to turn off cookies.
4. User a tany time can remove saved cookie files by using tools in the User’s device used to use Website services.

SERVICE’S REQUIREMENTS

  • Limitations of records and acces to cookies files on User’s device may cause incorrect functionality of some actions of the Service.
  • Administrator is not responsible for incorrect functionality of the Service if User limitate In any way possibility of saving or reading cookie files.

CHANGES IN COOKIES POLICY

1. CROS CRO Sp. z o. o. may amend this Cookie Policy for important legal or technical reasons.
2. The current version of the Cookie Policy is always available on the Website.
3. Any amendments shall enter into force on the date of their publication.