Privacy Policy

1. Data Controller

The data controller of your personal data is Cruxed, operated by Weronika Stachulska (XYZ Studio), based in Puławy.
NIP: 8993011590
REGON: 540408935
Contact: support@cruxed.shop
The data controller has not appointed a Data Protection Officer (DPO), but inquiries regarding data protection can be made through the provided email address.
You have the right to lodge a complaint with the supervisory authority for personal data protection if you believe your data is being processed unlawfully. The supervisory authority for personal data protection in Poland is the President of the Personal Data Protection Office (PUODO), based in Warsaw.

2. Definitions

For the purpose of this Privacy Policy:

  • Personal Data refers to any information related to an identified or identifiable individual.
  • Data Controller refers to Cruxed, the entity responsible for determining the purposes and means of processing personal data.
  • Third-Party Service Providers refer to external entities that process personal data on behalf of Cruxed (e.g., payment providers, logistics companies).
  • User/Customer refers to any individual visiting the website or using Cruxed’s services or products.

 

3. Types of data we collect

We collect the following types of personal data:

  • Contact Information: name, surname, email address, shipping address.
  • Transactional Data: order details, purchase history.
  • Payment Information: processed by external service providers (e.g., PayPal, Stripe). Payment data is not directly stored by Cruxed, but only by payment providers.
  • Technical Data: IP address, cookies, browser type, operating system.
  • Marketing Data: newsletter preferences and marketing consents.

 

4. Purpose and Legal Basis for Processing Data

Your data is processed for the following purposes:

Purpose

Legal basis

Order processing

Sales contract (Art. 6(1)(b) GDPR)

Customer service

Legitimate interest (Art. 6(1)(f) GDPR)

User account registration

Contract execution (Art. 6(1)(b) GDPR)

Marketing (newsletter)

User consent (Art. 6(1)(a) GDPR)

Legal obligations (e.g., taxes)

Legal obligation (Art. 6(1)(c) GDPR)

Legal protection (e.g., claims)

Legitimate interest (Art. 6(1)(f) GDPR)


Users may obtain detailed information about legal grounds by contacting the administrator.

 

5. Sharing Personal Data

Your data may be shared with the following entities:

  • Payment Providers (e.g., PayPal)
  • Shipping Companies (e.g., DPD, InPost)
  • Technology Providers (e.g. Google Analytics)

Your data may be transferred to countries outside the European Economic Area (EEA), particularly the USA, if we use services like Google Analytics, PayPal, Stripe. In such cases, we apply Standard Contractual Clauses (SCCs) approved by the European Commission and additional safeguards, such as data encryption and minimization of processing scope.

If you use the contact form available on the Contact page, your data may be protected by Google reCAPTCHA, meaning Google may collect information about your device, IP, and interactions on the site.

 

6. Data retention period

 

Data type

Retention period

Transactional data

5 years from the end of the tax year in which the purchase was made

Marketing data

Until consent is withdrawn, but no longer than 3 years from the last contact

Technical logs

26 months (e.g., Google Analytics)

User account data

We store user account data until the account is deleted, but no longer than 5 years from the last activity (login), unless there are other legal grounds for further processing.

Retention periods may be shortened at the user’s request if there is no legal obligation to retain the data (e.g., transactional data is retained for 5 years for tax purposes). After the retention period, data is permanently deleted.

 

7. User rights

 

You have the right to:

  • Access your data,
  • Correct your data,
  • Delete your data (“right to be forgotten”),
  • Restrict processing,
  • Transfer your data,
  • Object to processing,
  • Withdraw consent for marketing.

You can withdraw your consent for processing your data for marketing purposes at any time by clicking the “Unsubscribe” link in the email or by contacting us at support@cruxed.shop. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.

 

8. Cookie policy


Our website uses cookies for analytical and marketing purposes. You can manage cookie settings in your browser or through our cookie banner. Detailed information is available in our Cookie Policy.