privacy policy

Privacy of users of Agora SA websites (including www.kroje.xyz) is of great importance to us. Therefore, we have published the document explaining the rules and means of collecting, processing and using information about www.kroje.xyz website users.

DEFINITIONS

Data Controller: Agora S.A. with its registered seat in Warsaw (00-732), Czerska 8/10 street, entered in the register of entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS No 59944, share capital: PLN 47,665,426 fully paid-up, Tax ID No (NIP): 526-030-56-44.

Personal Data: any information about a natural person who is identified or identifiable through one or more factors specific to physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person, including device IP number, location data, online ID and information collected by means of cookies or a similar technology.

Policy: this Privacy Policy.

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 7 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Website: website published by the Controller to which this Notice applies, i.e. www.kroje.xyz

User: any natural person visiting the Website or using one or more services or features available on the Website.

PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE WEBSITE

In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide individual services available on the Website and also collects information about the User activity on the Website. The detailed rules and purposes of processing of personal data collected during the User’s use of the Website are described below.

PURPOSES AND LEGAL GROUNDS FOR DATA PROCESSING ON THE WEBSITE

Use of the Personal data of all persons using the Website (including IP address or other identifiers or information collected be means of cookies or other similar technologies) is processed by the Controller:

  • for the purpose of electronic provision of services involving sharing the content collected on the Website with the Users – then the legal grounds for processing shall be the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR),
  • for analytical and statistical purposes – then the legal grounds for processing shall be the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), consisting in analysing the User activity and preferences, in order to improve the employed features and provided services;
  • to establish, exercise or defend against claims (if any) – the legal grounds for the processing shall be the Controller’s legitimate interest (Article 6(1)(f) if the GDPR), consisting in the protection of its rights;

The User activity on the Website, including his/her personal data, is recorded in systems logs (a special computer program used to store chronological records containing information about events and activities in the IT system, used by the Controller to provide services). Information contained in the logs is processed mainly for the purpose of service provision. The Controller also processes the data for technical and administrative purposes, to administer the IT system and ensure its security, as well as for analytical and statistical purposes – the legal grounds for processing in this respect shall be the Controller’s legitimate interest (Article 6(1)(f) if the GDPR).

Contact forms

The Controller provides the possibility of contacting it by means of electronic contact forms. Using a form requires the provision of personal data necessary for contacting the User and responding to his/her request. The User may also provide additional data in order to facilitate the contact or handling of the request. Provision of data marked as obligatory is required for the acceptance and handling of a request; failure to provide the data renders the request handling impossible. Provision of other data is voluntary.

Personal Data is processed:

  • to identify the sender and handle his/her request sent via the available contact form – the legal grounds for processing shall be the necessity of processing for the performance of a service contract (Article 6(1)(b) of the GDPR);
  • for analytical and statistical purposes – the legal grounds for processing shall be the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), consisting in maintaining statistics of requests sent by the Users via the Website, in order to improve its features.

Newsletter

Persons who have provided their e-mail address for the newsletter purposes will receive the newsletter service from the Controller. Provision of data is required for the provision of the newsletter service; failure to provide the data renders the sending of a newsletter impossible.

Personal Data is processed:

  • for the purpose of sending a newsletter – the legal grounds for processing shall be the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);
  • in the case of marketing content addressed to the User within a newsletter – the legal grounds for processing (including profiling) shall be the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), in connection with consent to the receipt of the newsletter;
  • for analytical and statistical purposes – the legal grounds for processing shall be the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), consisting in analysing the User activity on the Website, in order to improve the employed features;
  • to establish, exercise or defend against claims (if any) – the legal grounds for the processing shall be the Controller’s legitimate interest (Article 6(1)(f) if the GDPR).

SOCIAL NETWORKING SITES

The Controller processes personal data of the Users visiting the Controller’s social media profiles (Facebook, YouTube, Instagram, Twitter, LinkedIn). The data is processed only in connection with running the profile, including to inform the Users about the Controller’s activity and promotion of various events, services and products. The legal grounds for the Controller’s processing of personal data for this purpose shall be the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), consisting in promotion of own brand.

COOKIES AND SIMILAR TECHNOLOGIES

Cookies files (“cookies”) are IT data, especially text files, installed on a device of the User who browses the Website. Cookies usually contain the name of the website domain from which they come from, the time of their storage on an end device and a unique number. Information relating to cookies contained in this Notice also apply to other similar technologies used by the Website.

Cookies are used:

  • to adjust the content of websites to users’ preferences and to fully optimise the use of web pages; in particular, cookie files allow the recognition of a website user’s device and proper display of a web page tailored to his/her individual needs,
  • to create statistics which help us understand how website users use web pages, which allows improvement of their structure and content,
  • to maintain a website user session (after logging in), thanks to which the user does not have to re-enter a login or password on each sub-page of the website,
  • provide users with advertising content more tailored to their interests.

“Service” cookies

The Controller uses the so called service cookies mainly in order to provide the User with services by electronic means and to improve the quality of the services. Therefore, the Controller and other entities providing analytical and statistical services on its behalf use cookies, by storing information or by accessing information which is already stored in a telecommunications end device of the User (computer, telephone, tablet, etc.). Cookies used for this purpose include:

  • User input cookies (session identifier) for the duration of a session;
  • authentication cookies used for services which require authentication for the duration of a session;
  • User centric security cookies, e.g. used for detection of authentication frauds;
  • multimedia player session cookies (e.g. flash player cookies), for the duration of a session;
  • User interface customization cookies, for the duration of a session or for a slightly longer period,
  • cookies used for web page traffic monitoring, i.e. for data analytics, including cookies:
    • used by Gemius S.A. – i.e. an entity which is entrusted with the personal data processing by the Controller – for the purpose of measurement of the Website viewing rates and analysis of the Users’ manner of use of the Website, including creation of statistics and reports on the Website functioning,
    • Google Analytics (these are files used by Google – i.e. an entity which is entrusted with the personal data processing by the Controller – for the purpose of analysis of the User’s manner of use of the Website, including creation of statistics and reports on the Website functioning).

“Marketing” cookies

The Controller may also use cookies for marketing purposes, including sending behavioural advertisements to the Users. To this end, the Controller may store information and access information which is already stored in a telecommunications end device of the User (computer, telephone, tablet, etc.). The use of cookies and personal information collected by means of cookies for marketing purposes, especially as far as promotion of third-party services and products is concerned, requires the User’s consent. The consent may be withdrawn at any time.

More information about cookies

In many cases software used for browsing web pages (web browser) accepts the storage cookies on the User’s end device by default. The Website Users may at any time change the cookie settings. In particular, the settings can be changed so that the automatic use of cookies is blocked or the User is notified of each individual case of placing a cookie file on the Website User’s device. Detailed information on the possibilities and manners of using cookies is available in the software (web browser) settings. Failure to change the cookie settings means that cookies will be placed on the User’s end device and thus the Controller will store and access information about the User’s end device.

PERSONAL DATA PROCESSING PERIOD

The period of data processing by the Controller depends on the type of service provided and the purpose of processing. In general, data is processed for a period of service provision or order execution, until the User has withdrawn his/her consent or effectively objected to the processing of data in cases where the Controller’s legitimate interest serves as the legal grounds for data processing. The data processing period may be extended if the processing is necessary to establish, exercise or defend against claims (if any) and, after the period, only if (and as far as) required by laws. After expiry of the data processing period, data is irretrievably erased or anonymised.

USER RIGHTS

The User has the right to: access the content of data and to request its rectification, erasure or restriction of processing, right to data portability, right to object to the processing, as well as the right to lodge a compliant with a supervisory authority competent for personal data protection. To the extent that the User data is processed on the basis of consent, the consent may be withdrawn at any time, by contacting the Controller (by e-mail, at iod@agora.pl or in writing to: Agora S.A. ul. Czerska 8/10 00-032 Warszawa).

RIGHT TO OBJECT

The User may at any time object to the processing of his/her data for direct marketing purposes, including profiling, if the processing is conducted in connection with a legitimate interest of the controller. The User may at any time object to the processing of his/her data for reasons related to his/her specific situation, in cases where the Controller’s legitimate interest serves as the legal grounds for data processing (e.g. in connection with pursuing analytical and statistical purposes, including profiling). More information about the rights arising from the GDPR can be found in the Personal data processing policy, which is attached hereto and is also available here.

DATA RECIPIENTS

In connection with the performance of services, personal data will be disclosed to external entities, including, in particular, providers responsible for operation of the IT systems used to provide services, to the entities such as: banks, payment operators, research companies, providers of accounting services, couriers (in connection with order execution), marketing agencies (in connection with marketing services) and the Controller’s affiliates, including companies in its capital group.

If the User has given consent, his/her data may be also made available to other entities for their own purposes, including marketing purposes.

The Controller reserves the right to disclose information concerning the User to the competent authorities or to third parties who request to be provided with such information, on the basis of appropriate legal grounds and in line with applicable laws.

TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

The level of Personal Data protection outside the European Economic Area (EEA) varies from the level provided by European laws. For this reason, the Controller transfers personal data outside the EEA only when this is necessary, with appropriate protection level provided, primarily through:

  • co-operation with personal data processors in the countries for which a relevant decision of the European Commission was issued;
  • application of standard contractual clauses issued by the European Commission;
  • application of binding corporate rules approved by the competent supervisory authority;
  • • in the case of transferring data to the USA – co-operation with entities participating in the Privacy Shield scheme approved by decision of the European Commission.

Controller always communicates its intention to transfer personal data outside the EEA at the collection stage.

SECURITY OF PERSONAL DATA

The Controller analyses risk on an ongoing basis in order to ensure that personal data is processed by it in a secure manner which, most of all, guarantees that data can be accessed only by authorised persons and only within such scope as is necessary because of their tasks.

The Controller ensures that all operations on personal data are recorded and carried out by authorised employees and collaborators exclusively. The Controller takes all necessary actions to cause its subcontractors and other collaborators to guarantee the application of appropriate security measures every time they process personal data at the Controller’s request.

CONTACT DETAILS

The Controller can be contacted via e-mail at iod@agora.pl or in writing to: Agora S.A. ul. Czerska 8/10, 00-032 Warszawa.

The Controller has appointed a Data Protection Inspector who can be contacted via e-mail at iod@agora.pl in any matter pertaining to the processing of personal data.

AMENDMENTS TO THE PRIVACY NOTICE

This Notice is reviewed on regular basis and updated as needed. The current version of the Notice was adapted on has been in force since July 19, 2019.

 

COOKIES

Close

Dear User!
We want you to be comfortable while using our website. This is why, we try to match the available content to your interests and preferences. This is possible due to the storage of cookies in your browser and the processing by Agora S.A. (the administrator) of your personal data for analytical and statistical purposes. By continuing to use our website, without changing the privacy settings, you agree to the storage of cookies in your browser. Please remember that you can always change the settings of cookies in your browser as well as obtain additional information about the processing of your personal data and your rights from our Privacy Policy