Choose your languageand country
English
Polish
Save to shopping list
Create a new shopping list

Privacy policy

1. Data controller and definitions

  1. The administrator of the personal data of the Customers / Users of the Online Store, also referred to as the Seller, is: Best Sub Europe Sp. z o.o. Sp. K., telephone: + 48 665 655 653, NIP: PL 853 152 61 53 , REGON: 386439662.
  2. The Data Administrator can be contacted:
    1. at the mailing address: Myśliborska 8, 74-240 Lipiany;
    2. at the e-mail address: info@craftexpress24.eu.
  3. User - a natural person entering the website(s) of the Online Store or using the services or functionalities described in this Privacy and Cookies Policy.
  4. Customer - a natural person with full legal capacity, a natural person who is a Consumer, a legal person or an organizational unit without legal personality, to which the law grants legal capacity, which concludes a Distance Sales Agreement with the Seller.
  5. Online Shop - a website run by the Seller, available at the following electronic addresses (pages): https://craftexpress24.eu via where the Customer/User can obtain information about the Goods and their availability and buy the Goods or commission the service.
  6. Newsletter - information, including commercial information within the meaning of the Act of July 18, 2002. on the provision of electronic services (Journal of Laws of 2020, item 344) from the Seller sent to the Customer/User by electronic means; its receipt is voluntary and requires the consent of the Client/User.
  7. Account - a set of data stored in the Online Store and in the Seller's ICT system regarding a given Customer/User and their orders and concluded contracts, with the use of which the Customer/User may place orders and conclude contracts.
  8. RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing the Directive 95/46/EC (General Data Protection Regulation).

2. Purposes, legal grounds and time of data processing

  1. In order to implement the Distance Sales Agreement, the Seller processes:
    1. information on the User's device in order to ensure the correct operation of the services: computer IP address, information contained in cookies or other similar technologies, session data, web browser data, device data, data on activity on the Website, including on individual subpages;
    2. information about geolocation, if the User has consented to the service provider's access to geolocation. Geolocation information is used to provide more customized product and service offerings;
    3. Users' personal data: name, surname, registered office address, correspondence address, e-mail address, telephone number, tax identification number, bank account number or other personal data, the provision of which is necessary to complete the purchase, and which must be provided in the purchasing process Admin.
  2. This information does not contain data on the Users' identity, but in combination with other information, it may constitute personal data and therefore the Administrator covers it with full protection under the GDPR.
  3. These data are processed in accordance with art. 6 sec. 1 lit. b of the GDPR, in order to perform the service, i.e. the contract for the provision of electronic services in accordance with the Regulations and in accordance with art. 6 sec. 1 lit. a GDPR, in connection with consent to the use of certain cookies or other similar technologies, expressed through the appropriate settings of the web browser in accordance with the Telecommunications Law or in connection with consent to geolocation. The data is processed until the end of the Customer's/User's use of the Online Store.
  4. The administrator undertakes to take all measures required under art. 32 of the GDPR, i.e., taking into account the state of technical knowledge, the cost of implementation and the nature, scope and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with varying probability and severity, the Administrator implements appropriate technical and organizational measures to ensure a level of security corresponding to this risk.

3. Administrator's marketing activities

  1. On the website of the Online Store, the Data Administrator may post marketing information about its products or services. Displaying this content is made by the Data Administrator in accordance with art. 6 section 1 lit. f of the GDPR, i.e. in accordance with the legitimate interest of the Data Administrator consisting in the publication of content related to the services provided and promotional content of actions in which the Data Administrator is involved. At the same time, this action does not violate the rights and freedoms of Customers/Users, Customers/Users expect to receive similar content, and even expect it or it is their direct purpose of visiting the Online Store website/pages.

4. Recipients of user data

  1. The data administrator discloses personal data of users only to processors under concluded contracts for entrusting the processing of personal data in order to provide services to the data administrator, e.g. hosting and servicing the Website, IT services, marketing and PR services.

5. Transfer of personal data to third countries

  1. Personal data will not be processed in third countries.

6. Rights of data subjects

  1. Each data subject has the right to:
    1. access (Article 15 of the GDPR) - obtaining confirmation from the Data Administrator whether her personal data is being processed. If data about a person are processed, he or she is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or about the criteria for their determination, about the right to demand rectification, deletion or limitation of the processing of personal data of the data subject, and to object to such processing;
    2. to receive a copy of the data (Article 15(3) of the GDPR) - to obtain a copy of the data subject to processing, the first copy being free of charge, and for subsequent copies the Data Administrator may charge a reasonable fee resulting from administrative costs;
    3. to be corrected (Article 16 of the GDPR) - requests to correct incorrect personal data concerning her or to supplement incomplete data;
    4. to delete data (Article 17 of the GDPR) - request to delete her personal data if the Data Administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing;
    5. to limit processing (Article 18 of the GDPR) - requests to limit the processing of personal data when:
      1. the data subject questions the correctness of the personal data - for a period allowing the Data Administrator to check the correctness of the data,
      2. the processing is unlawful and the data subject opposes their removal, requesting the restriction of their use,
      3. The data controller no longer needs these data, but they are needed by the data subject to establish, pursue or defend claims,
      4. the data subject has objected to the processing - until it is determined whether the legitimate grounds on the part of the administrator override the grounds for the data subject's objection;
    6. to transfer data (Article 20 of the GDPR) - to receive in a structured, commonly used machine-readable format personal data concerning her, which she provided to the Data Administrator, and to request that this data be sent to another Administrator, if the data is processed on the basis of consent the data subject or the contract concluded with him, and if the data is processed in an automated manner;
    7. to object (Article 21 of the GDPR) - to object to the processing of her personal data for the legitimate purposes of the administrator, for reasons related to her particular situation, including profiling. Then the Data Administrator assesses the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of the data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject will be more important than the interests of the administrator, the Data Administrator will be obliged to stop processing data for these purposes;
    8. to withdraw consent at any time and without giving any reason, but the processing of personal data carried out before withdrawal of consent will still be lawful. Withdrawal of consent will result in the Administrator ceasing to process personal data for the purpose for which the consent was given.
  2. In order to exercise the above-mentioned rights, the data subject should contact the Data Administrator using the contact details provided and inform him which right and to what extent he wants to exercise.

7. President of the Office for Personal Data Protection

  1. The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw, ul. Stawki 2, which can be contacted as follows:
  2. by post: ul. Stawki 2, 00-193 Warsaw;
  3. via the electronic inbox available at: https://www.uodo.gov.pl/pl/p /contact;
  4. Helpline: 606-950-0000.

8. Data Protection Officer

  1. In any case, the data subject may also contact the Administrator's data protection officer directly by e-mail or in writing to the address of the Data Administrator provided in section 1 point 2 of this Privacy and Cookies Policy.

9. Changes to the Privacy Policy

  1. Privacy and cookies policy may be supplemented or updated in accordance with the current needs of the Administrator in order to provide current and reliable information to Clients/Users.

10. Cookies

  1. The online store performs the functions of obtaining information about customers, users and their behavior in the following way:
    1. through information voluntarily entered in forms for purposes resulting from the function of a specific form;
    2. by saving cookie files in end devices (so-called "cookies");
    3. by collecting web server logs by the online store's hosting operator (necessary for the proper operation of the website).
  2. Cookies are IT data, in particular text files, which are stored in the Customer's / User's end device and are intended for using the Online Store website. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number.
  3. The online store uses cookies only after the Customer/Store User has given prior consent in this regard. Consent to the use of all cookies by the Online Store is made by clicking the button: "Close" when the message about the use of cookies by the Online Store is displayed or by closing this message.
  4. If the Customer/User of the Online Store does not agree to the use of cookies by the Online Store, he may use the option: "I do not agree", also available in the message on the use of cookies by the Online Store or make changes to the browser settings website that he is currently using (however, this may cause the Online Store website to malfunction).
  5. In order to manage cookie settings, select a web browser/system from the list and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
  6. The legal basis for the processing of personal data from cookies are the legitimate interests of the Data Administrator, consisting in providing high quality services, ensuring the security of services.
  7. The Online Store uses two basic types of cookies: "session" (session cookies) and "permanent" (persistent cookies). Session cookies are temporary files that are stored on the User's end device until logging out, leaving the Online Store or turning off the software (web browser). "Permanent" cookies are stored on the Customer's/User's end device for the time specified in the cookie file parameters or until they are deleted by the Customer/User.

Functional cookies (required)

craftexpress24.eu

monit_token: 365 days, cookie
Identifies the shop's customer.

shop_monit_token: 30 minutes, cookie
Identifies the shop's customer.

client: 1 days, cookie
Identifies the logged-in customer / basket of the non-logged-in customer.

affiliate: 90 days, cookie
It stores information about the partner ID from which the shop was entered.

ordersDocuments: cookie
Stores information about the print status of a document.

__idsui: 1095 days, cookie
File required for the so-called lightweight login function on the website.

__idsual: 1095 days, cookie
File required for the so-called lightweight login function on the website.

__IAI_SRC: 90 days, cookie
It only stores the source from which the page was accessed.

login: cookie
Stores information about whether the user has logged in to the site.

CPA: 28 days, cookie
Includes information on the variables for the CPA / CPS programmes in which the site participates.

__IAIRSABTVARIANT__: 30 days, cookie
Variant identifier for the A/B test and IdoSell RS engine configuration.

basket_id: 365 days, cookie
The site user's shopping cart identifier, assigned for the duration of the ongoing session.

page_counter: 1 days, cookie
Counter of pages visited.

LANGID: 180 days, cookie
Stores information about the language selected by the site user.

REGID: 180 days, cookie
Stores information about the site user's region.

CURRID: 180 days, cookie
Stores information about the currency of the site selected by the user.

__IAIABT__: 30 days, cookie
It stores the A/B test identifier, for the purpose of testing and improving shop functionality.

__IAIABTSHOP__: 30 days, cookie
It stores the identifier of the shop participating in the A/B test.

__IAIABTVARIANT__: 30 days, cookie
Stores the identifier of the variant drawn as part of the ongoing A/B test.

toplayerwidgetcounter[]: cookie
Stores the number of times a pop up message has been displayed.

samedayZipcode: 90 days, cookie
Stores information about the site user's postcode, which is required to offer courier delivery on the SameDay service.

applePayAvailability: 30 days, cookie
Stores information about whether an ApplePay payment method is available for the user.

paypalMerchant: 1 days, cookie
PayPal account ID.

toplayerNextShowTime_: cookie
Stores information about the time at which the next pop up message is to be displayed. 

rabateCode_clicked: 1 days, cookie
Stores information about the closure of the active discount bar.

freeeshipping_clicked: 1 days, cookie
Stores information about the closing of the free delivery bar.

redirection: cookie
Stores information on the closure of the pop-up message indicating the suggested language for the shop.

filterHidden: 365 days, cookie
When the option to collapse the filter for goods is clicked, it saves which filter is to be collapsed when the goods list is refreshed.

toplayerwidgetcounterclosedX_: cookie
It stores information about closing the pop-up message.

cpa_currency: 60 minutes, cookie
Includes currency information for CPA / CPS programmes in which the site participates.

basket_products_count: cookie
Stores information on the number of products in the basket.

wishes_products_count: cookie
Stores information on the number of products in the favorites list.

remembered_mfa: 365 days, cookie
Stores remembered user information for multi-factor authentication (MFA)

IAI S.A.

iai_accounts_toplayer: 30 days, cookie
Ensures the correct display of the pop up message informing about the IdoAccounts login service (https://www.idosell.com/en/idoaccounts-is-a-system-that-facilitates-the-process-of-logging-in-to-many-stores-with-one-account-and-placing-orders-in-online-stores/).

IdoSell

platform_id: cookie
Stores information about whether the page is displayed in the mobile app.

paypalAvailability_: 1 days, cookie
Stores information on whether a PayPal payment method is available for the user.

ck_cook: 3 days, cookie
Stores information about whether the user of the website has consented to cookies.

IdoAccounts

accounts_terms: 365 days, cookie
Stores information on whether the user has accepted consent to use the IdoAccounts service.

express_checkout_login: 365 days, cookie
CookieNameExpressCheckoutLogin

Google

NID: 180 days, cookie
These cookies (NID, ENID) are used to remember your preferences and other information, such as your preferred language, how many results you prefer to have shown on a search results page (for example, 10 or 20), and whether you want to have Google’s SafeSearch filter turned on. This cookie is also required to offer the Google Pay payment service.

Google reCAPTCHA

_GRECAPTCHA: 1095 days, cookie
This cookie is set by Google reCAPTCHA, which protects our site against spam enquiries on contact forms.

PayPal

ts: cookie
This cookie is generally provided by PayPal and supports payment services on the website.

ts_c: 1095 days, cookie
This cookie is generally provided by PayPal and is used to prevent fraud.

x-pp-s: cookie
This cookie is generally provided by PayPal and supports payment services on the website.

enforce_policy: 365 days, cookie
This cookie is generally provided by PayPal and supports payment services on the website.

tsrce: 3 days, cookie
This cookie is generally provided by PayPal and supports payment services on the website.

l7_az: 60 minutes, cookie
This cookie is necessary for the PayPal login-function on the website.

LANG: 1 days, cookie
This cookie is generally provided by PayPal and supports payment services on the website.

nsid: cookie
Used in the context of transactions on the Website. The cookie is required for secure transactions.


Analytics cookies

IAI S.A.

__IAI_AC2: 45 days, cookie
Activity Tracking identifier to collect the history of pre-order sources as well as the source through which the order was placed according to the last click attribution model.

Google Analytics

_ga_: 730 days, cookie
Used by Google Analytics to collect data on the number of times a user has visited the website, as well as dates for the first and most recent visit.

_ga: 730 days, cookie
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

_gid: 1 days, cookie
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

_gat: 1 days, cookie
Used to throttle request rate. Analytics anonymizes the IP address.

_dc_gtm_UA-#: 730 days, cookie
Used by Google Tag Manager to control the loading of a Google Analytics script tag. Analytics anonymizes the IP address.

FPLC: 1200 minutes, cookie
Non-HttpOnly cookie version named FPLC with a value hashed from the FPID value.

_gat[_]: 1 minutes, cookie
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.

_gat_gtag: 1 minutes, cookie
Used to analyze visitor browsing habits, flow, source and other information.

__utma: 730 days, cookie
Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.

__utmb: 30 minutes, cookie
Used to determine new sessions / visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.

__utmc: cookie
Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.

__utmt: 10 minutes, cookie
Used to throttle request rate.

__utmz: 180 days, cookie
Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.

__utmv: 730 days, cookie
Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.

AMP_TOKEN: 365 days, cookie
Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.

FPID: 730 days, cookie
This cookie is named FPID (First Party Identifier) by default. The value stored in FPID will be used for setting the Client ID in the request to Google’s servers.

_gaexp: 90 days, cookie
Used to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

_opt_awcid: 1 days, cookie
Used for campaigns mapped to Google Ads Customer IDs.

_opt_awmid: 1 days, cookie
Used for campaigns mapped to Google Ads Campaign IDs.

_opt_awgid: 1 days, cookie
Used for campaigns mapped to Google Ads Ad Group IDs

_opt_awkid: 1 days, cookie
Used for campaigns mapped to Google Ads Criterion IDs

_opt_utmc: 1 days, cookie
Stores the last utm_campaign query parameter.

_opt_expid: 0.2 minutes, cookie
This cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that's being redirected.

Google Analytics pixel: 999 days, tracking pixel
Pixel measures visits, clicks, and other digital behaviour. This allows to adapt your marketing strategy.

__utmli: 60 days, cookie
The cookie is part of the Enhanced Link Attribution feature that (tries to) distinguish clicks on links to the same destination in the in-page analyses. Contains the id (if any) of the clicked link (or its parent) to be read on the next page, so in-page analyses can tell where on the page the clicked link was located.

Google Maps

SID: 3650 days, cookie
Contain digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. The combination of these cookies (SID, HSID) allows Google to block many types of attack, such as attempts to steal the content of forms submitted in Google services.


Advertising cookies

craftexpress24.eu

RSSID: 180 days, cookie
IdoSell RS user ID, used for the purpose of displaying tailored product recommendations on the website.

__IAIRSUSER__: 60 minutes, cookie
IdoSell RS user ID, used for the purpose of displaying tailored product recommendations on the website.

Google Analytics

__gads: 395 days, cookie
To provide ad delivery or retargeting.


  1. Cookies are used for the following purposes:
    1. creating statistics that help to understand how customers/Users of the Online Store use websites, which allows improving their structure and content;
    2. maintaining the Customer/User's session (after logging in), thanks to which the Customer/User does not have to re-enter the login and password on each subpage of the Online Store;
    3. defining the Customer's/User's profile in order to display product recommendations and matching materials in advertising networks, in particular the Google network.
  2. Software for browsing websites (web browser) usually allows cookies to be stored on the Client's/User's end device by default. Customers/Users can change the settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies.
  3. Restrictions on the use of cookies may affect some of the functionalities available on the websites of the Online Store.
  4. Cookies placed on the Client's/User's end device may also be used by advertisers and partners of the Online Store cooperating with the Online Store.
  5. Cookies may be used by the Google network to display advertisements tailored to the way the Customer/User uses the Online Store. For this purpose, they can store information about the user's navigation path or the time spent on a given page: https://policies.google.com/technologies /partner-sites.
  6. We recommend that the Client/User read the privacy policy of these companies to learn the rules of using cookies used in statistics: Google Analytics privacy policy.
  7. In terms of information about the preferences of the Customer/User collected by the Google advertising network, the Customer/User may view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/.
  8. On the website of the Online Store there are plug-ins that can transfer Customer/User data to Administrators, such as: .
  9. In order to properly implement the Distance Sales Agreement, the Data Administrator may share the data of Customers/Users with courier entities. Currently available delivery methods in the Online Store are available at: https://craftexpress24.eu/en/delivery.html.
  10. In order to properly implement the Distance Sales Agreement, the Administrator may provide Customers/Users' data to online payment systems. Currently available payment methods in the form of prepayments in the Online Store are available at: https://craftexpress24.eu/en/payments.html.

11. Newsletter

  1. The customer may agree to receive commercial information by electronic means by selecting the appropriate option in the registration form or later in the appropriate tab. If such consent is given, the Customer / User will receive information (Newsletter) of the Online Store to the e-mail address provided by him, as well as other commercial information sent by the Seller.
  2. The customer may at any time unsubscribe from receiving the Newsletter himself, by unchecking the appropriate box on his Account page or by going to the form https://craftexpress24.eu/en/newsletter.html, clicking the appropriate link contained in the content of each Newsletter or via the Customer Service Office.

12. Account

  1. The Customer/User may not place content in the Online Store or provide the Seller with content, including opinions and other data of an unlawful nature.
  2. The Customer/User gains access to the Account after registration.
  3. As part of the registration, the Customer / User provides the account type or gender, first name, last name, company name, NIP, data for issuing the sales document, shipping data, email address and chooses a password. The Customer/User ensures that the data provided by him/her in the registration form is true. Registration requires reading the Regulations carefully and marking on the registration form that the Customer/User has read the Regulations and fully accepts all its provisions.
  4. At the moment of granting the Customer/User access to the Account, an agreement for the provision of services by electronic means regarding the Account is concluded between the Seller and the Customer for an indefinite period. The consumer may withdraw from this contract on the terms set out in the Regulations.
  5. Account registration on one of the websites of the Online Store means at the same time registration enabling access to other websites where the Online Store is available.
  6. The Customer/User may terminate the contract for the provision of electronic services at any time with immediate effect by informing the Seller by e-mail or in writing to the Data Administrator's address provided in section 1 point 2 of this Privacy and Cookies Policy.
  7. The Seller has the right to terminate the contract for the provision of services regarding the Account in the event of discontinuation of the provision or transfer of the Online Store service to a third party, violation by the Customer / User of the law or provisions of the Regulations, as well as in the event of the Customer / User's inactivity for a period of 6 months. The contract is terminated with a seven-day notice period. The Seller may stipulate that re-registration of the Account will require the Seller's consent.