I. Data Controller
The controller of your personal data is:
CrossCompliance Legal radca prawny Alicja Christensen
Address:
ul. Bóżnicza 1/14, 61-751 Poznań, Poland
ul. 1 Maja 6/6, 69-100 Słubice, Poland
Correspondence address: ul. 1 Maja 6/6, 69-100 Słubice, Poland
E-mail: office@crosscompliancelegal.pl
Phone no.: +48 451 278 207, +49 1523 73 89 981
II. Purposes of Personal Data Processing, Including the Legal Basis for Processing
1.Responding to Inquiries (Contact Form, Email, Phone)
When you contact us via the contact form on the website, email, or by phone, the personal data you provide (e.g., first and last name, email address, phone number, content of the inquiry) is processed for the purpose of responding to your questions, conducting correspondence, and resolving the matter presented.
Legal basis for processing:
a. Article 6(1)(b) of the GDPR – processing is necessary to take actions at your request prior to entering into a contract or to perform a contract,
b. Article 6(1)(f) of the GDPR – when the contact does not concern a future contract but only general communication; the legitimate interest is to respond to inquiries and conduct ongoing correspondence.
2. Cookies
Cookies are small text files stored by the browser that help websites function properly, among other things.
On this website, we use only essential technical cookies that enable the proper functioning of the site (e.g., handling the contact form, basic website functions, ensuring security).
Legal basis for processing:
Article 6(1)(f) of the GDPR – processing is necessary to ensure the technical and secure operation of the website; the legitimate interest is to operate the website correctly and safely.
These cookies are not used for marketing, analytics, or profiling and do not require consent.
III. Data Recipients
Cooperation with other entities may require the transfer of certain personal data to third parties. Below you will find the categories of entities to which we may transfer data:
1. Hosting provider, including email services – to the extent necessary to ensure the website functions properly, manage the contact form, and enable email communication,
2. Persons cooperating with the Data Controller under agreements for office support, including technical or administrative assistance – to the extent necessary to perform the tasks assigned to them, while maintaining confidentiality,
3. Online communication service providers – solely in connection with conducting online meetings under the terms set by the respective provider,
4. Entities authorized under applicable law – if they request access to data based on relevant regulations.
The Data Controller does not transfer personal data to other entities for marketing purposes. Data is not transferred to third countries or international organizations, except when using online communication service providers.
When using online communication service providers, the transfer of personal data occurs only to entities holding valid certification under the EU–US Data Privacy Framework, which ensures a level of data protection comparable to the standard applicable in the European Union. This specifically applies to services provided by Google and Microsoft.
IV. Data Retention Period
We process data to the extent necessary for the operation of our business and retain it for the period permitted by law.
V. Your Rights
You have the right to:
- request access to your personal data,
- request the correction of your personal data,
- object to the processing of your personal data,
- request the deletion of your personal data,
- request the restriction of the processing of your personal data,
- request the transfer of your personal data,
- obtain information about automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the EU,
- obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data,
- obtain information about the rights granted under the GDPR, the right to lodge a complaint with the supervisory authority (PUODO), the planned data retention period or the criteria used to determine it, and the source of the data,
- obtain a copy of your personal data.
If you wish to exercise any of the above rights, please contact us. We will promptly provide you with all information regarding the actions taken in response to your request.