Privacy Policy - Cross-Border Commerce Association

This privacy policy is based on the legal provisions on data protection found in the General Data Protection Regulation (GDPR – REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016).

Controller

The data controller within the meaning of Article 24 GDPR is:

Cross Border Commerce Assocaction
Urszuli 31/2
65-147 Zielona Góra
Poland
contact@cross-border-association.com
+48 727 660 202

Subject Matter

This privacy policy explains which personal data are stored, processed and transferred when you visit our website, how and for what purpose.

Article 4(1) GDPR: “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Information on Transfers to Third Countries pursuant to Article 13(1)(f) GDPR

Data may be transferred to third countries such as the USA via subcontractors or affiliated companies when the user accesses and uses our website and related offerings. Processing is based on the EU–US adequacy decision of 10 July 2023. In addition, we minimize risk where possible by concluding data processing agreements where a contractual relationship exists and by entering into standard contractual clauses, including effective supplementary measures required by supervisory authorities.

Data Collected on the Basis of Legitimate Interests pursuant to Article 6(1)(f) GDPR:

Server Data

When you visit our website, various server statistics are recorded automatically. Each access to our website and each retrieval of a file stored on the site is logged. Logging serves internal system and statistical purposes. The following information is recorded: the name of the retrieved file, date and time of retrieval, amount of data transferred, notification of successful retrieval, the web browser, and the requesting domain. In addition, the IP addresses of the requesting computers are recorded in anonymized form.

These data are used for statistical analysis of visits to our website and cannot be assigned to specific individuals. They are not combined with other data sources. We may use these data to optimize our offering for users, e.g., by preventing access from malicious sites or optimizing access via certain browsers, as well as by recording the IP address to enable delivery of the site to the visitor. We use a secure server with Transport Layer Security (TLS) technology with 128/256-bit encryption for data transfer. This means your data are transmitted to us securely and cannot be read by unauthorized persons.

Hosting

We use the hosting service cyber_Folks. The service enables us to operate the domain under which we can publish our website. Information about which data are collected and stored and for what purpose can be found in the section above (“Server Data”). Our legitimate interest lies in enabling the operation of the website on the Internet.

Email Inquiries

If you send us an inquiry by email, we collect and store your email address and the data contained in the email to respond to the inquiry. Our legitimate interest lies in communicating with you and responding to your requests.

If a contractual relationship arises from a request for a quote, or if the request relates to an existing contractual relationship, the legal basis is Article 6(1)(b) GDPR, as storage of the data is necessary to fulfill a pre-contractual or contractual obligation. The data will be deleted when the purpose for which they were stored no longer applies, i.e., after responding to the email inquiry or after final clarification of the matter related to the inquiry.

Use of First-Party Cookies for Functionality

Our website uses so-called cookies in some areas. A cookie is a text file that our site places on the device you use via your web browser. They serve to make our website more user-friendly, effective, and secure. We use “session cookies.” These are deleted automatically after you end your visit. You can disable the acceptance of cookies in your web browser; however, this may impair functionality.

Contact Form

When you use our contact form, we collect and store your name and email address to respond to your inquiry. If a contractual relationship results from the inquiry by concluding a contract, or if the inquiry concerns an existing contractual relationship, the legal basis is Article 6(1)(b) GDPR, as storage of the data is necessary to fulfill a pre-contractual or contractual obligation. The data will be deleted when the purpose for which they were stored no longer applies, i.e., after responding to the contact form inquiry or after final clarification of the matter related to the inquiry.

Cookie Consent Tool

We use a cookie consent tool to obtain the user’s consent. The tool stores in a cookie whether the user consented to the storage of other cookies or refused such consent. Depending on the user’s preferences, third-party cookies may or may not be stored. If the user has consented, the tool automatically records the following data:

The user’s IP number in anonymized form (the last three digits are set to “0”).
Date and time of consent.
The user’s browser.
The URL from which the consent was submitted.
An anonymous, random, and encrypted key.
The user’s consent status, which serves as proof of consent.

The key and consent status are also stored in a cookie in the end user’s browser so that the website can automatically read and track the end user’s consent for all subsequent page requests and future sessions for up to 12 months. Our legitimate interest lies in the fact that this is the only way we can obtain the necessary consent and provide the required proof in the event of a review.

Data We Collect on the Basis of Explicit Consent pursuant to Article 6(1)(a) GDPR:

Google Analytics 4

This website uses the Google Analytics 4 web analytics service, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Please note that data are transferred from Google Ireland to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies” to analyze user behavior on the website and measure reach.

By consenting to the use of Google Analytics, you consent to the processing of your data. Google Analytics automatically anonymizes IP addresses and records GEO location only. It is therefore not possible to attribute the analytics data collected to a specific person.

Google assures that data from end devices in the EU are stored and processed on EU servers. However, at least indirect transfer of these data to the USA cannot be ruled out. Due to automatic IP anonymization, your IP address will be shortened by Google in member states of the European Union or in other contracting states of the Agreement on the European Economic Area. On behalf of the operator of this website, Google will use this information to analyze your use of the website, to compile reports on website activity, and to provide the website operator with other services related to website activity and internet usage.

The data transfer is based on the EU–US adequacy decision (EU–US Data Privacy Framework). By adhering to this framework, Google demonstrates that it has taken appropriate technical and organizational measures to protect users’ personal data. In addition, we have concluded EU standard contractual clauses with Google. You can withdraw your consent at any time by deleting all (consent) cookies set in your browser.

You can prevent the storage of cookies by selecting the appropriate settings in your browser software or in the cookie consent tool. However, please note that in this case you may not be able to use all functions of this website to their full extent. More information on data protection can be found in Google Analytics at https://support.google.com/analytics/answer/6004245?hl=de. As a rule, data stored by Google are deleted within 14 months.

Data We Collect for Contract Performance pursuant to Article 6(1)(b) GDPR:

Contract Processing

For the purpose of processing contracts and invoicing, we collect and store the personal data you provide, such as your name, address, and email address. If you have already provided these data to us as part of registration, we will use them for the purposes specified herein for contract processing. These data will be forwarded to tax advisors and banks as part of the billing process. In addition, billing data will be transmitted to the tax office under tax law requirements pursuant to Article 6(1)(c) GDPR. These data will be deleted after the expiration of applicable statutory retention obligations. If we are not subject to any statutory retention obligations, the data will be deleted when the purpose no longer applies.

Rights of Data Subjects to Which You Are Entitled:

a. Right to Object, Article 21 GDPR

If we process your data for the protection of legitimate interests (Article 6(1)(f) GDPR), you may object to such processing on grounds relating to your particular situation. In such a case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. If you object to processing for direct marketing purposes, the data will no longer be processed for this purpose.

b. Right of Access, Article 15 GDPR

You have the right to obtain from us confirmation as to whether or not we process your personal data and, where that is the case, access to those personal data and related information (Article 15(1)(a)–(h) GDPR).

c. Right to Rectification, Article 16 GDPR

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

d. Right to Erasure, Article 17 GDPR

You have the right to obtain the erasure of personal data concerning you without undue delay, and we are obliged to erase such data without undue delay where one of the grounds set out in Article 17 GDPR applies.

e. Right to Restriction of Processing, Article 18 GDPR

You have the right to obtain restriction of processing if one of the conditions set out in Article 18 GDPR applies.

f. Right to Data Portability, Article 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller where the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a), or on a contract pursuant to Article 6(1)(b), and the processing is carried out by automated means.

g. Right to Lodge a Complaint with a Supervisory Authority, Article 77 GDPR

If you believe that the processing of your personal data infringes data protection regulations, you may lodge a complaint with the competent supervisory authority.

President of the Personal Data Protection Office (UODO)

ul. Stawki 2,

PL 00-193 Warsaw

Phone: +48 22 53 10 300

Email: kancelaria@uodo.gov.pl

Website: https://www.uodo.gov.pl/