CROSS WRAP OY — Privacy Policy
UPDATED ON 5 December 2025
Cross Wrap Oy is committed to protecting our customers’ and other partners’ privacy. In this Privacy Policy we explain how we at Cross Wrap use your personal data we may collect and process about you as our existing or potential customer, our supplier and when there exists some other relevant relationship between you and Cross Wrap.
Please note that our website sometimes contains links to other sites that are not governed by this Privacy Policy. As Cross Wrap cannot control or be responsible for the policies and practices on how user data is stored or used on third-party sites, we recommend reviewing the privacy policy of each third-party site linked from our website to determine their use of your personal data.
1. Identity of the controller and contact details
Controller
Cross Wrap Oy (0944404-6)
Teollisuustie 6, 71800 Siilinjärvi, Finland
info@crosswrap.com
www.crosswrap.com
Should you have any questions about this Privacy Policy or how we process your data, please contact us at info@crosswrap.com.
2. Types of personal data we process, the purposes for processing and the legal basis
You are our business customer or our partner (supplier or company that we do other commercial and non-commercial co-operation with, such as provider of maintenance services, our agent and other representative, journalist in media company), or a representative of those:
| Personal data | Purpose of processing | Legal basis |
| Basic information about the company and its contact persons, such as the company name, business number and address, the names, titles and contact details of the contact persons (such as email, phone number) | Delivering and developing our products and services | Our legitimate interest to conduct business and develop it |
| Customer surveys | ||
| Fulfilling our contractual and other promises and obligations | Performance of a contract | |
| Billing | ||
| Marketing our services to businesses, profiling Providing our newsletter based on your subscription | Our legitimate interest to market our products and services | |
| Targeted and customized marketing | Consent | |
| Accounting | Legal obligation | |
| Direct marketing bans and consents | Respecting the customer's wish regarding direct marketing | Our legal obligation to comply with the prohibition on direct marketing |
| Customer and contract information such as information about past and current contracts and orders, details and contents of correspondence and other communications with us, invoicing and payment details (including possible payment failures) | Executing our contractual and other promises and obligations | Performance of a contract |
| Billing | ||
| Customer relationship management | Our legitimate interest in managing and developing the customer relationship | |
| Accounting | Legal obligation | |
| Information collected automatically about the communication connection and terminal device based on your use of our website, such as the IP address and type of the device from which you access the service, how you interact with our content (pages visited or content clicked, searches performed etc.), the time, frequency and duration of your visits to the service, your browser type and operating system, and your interactions with our chatbot, as described in section 8. “Cookies” below. | Targeting advertising on our online services Direct marketing emails | Consent |
You are our potential customer or visit our website:
| Information about potential customers, such as name, details of the company you represent, title and role in the company, contact details (such as email, phone number and address), country, topics of interest, details and contents of correspondence with us | Marketing our products and services, profiling Providing our newsletter based on your subscription | Our legitimate interest to market our products and services |
| Targeted and customized marketing | Consent | |
| Direct marketing bans and consents | Respecting the potential customer’s wish regarding direct marketing | Our legal obligation to comply with the prohibition on direct marketing |
| Information collected automatically about the communication connection and terminal device based on your use of our website, such as the IP address and type of the device from which you access the service, how you interact with our content (pages visited or content clicked, searches performed etc.), the time, frequency and duration of your visits to the service, your browser type and operating system, and your interactions with our chatbot, as described in section 8. “Cookies” below. | Targeting advertising on our online services Direct marketing emails | Consent |
3. Where we obtain your data
We obtain the data we process principally from you when you are in contact with us through our website by submitting contact forms or in other ways such as by email or calling us. We also obtain your data when our business customer enters into an agreement with us or submits requests for proposal, or in other business connections.
We may also collect and update your information through our own representatives or partners or from publicly available sources (such as company websites, databases of authorities etc.), campaigns, publications, fairs, from business cards and otherwise. We may also receive your data through third party services, such as professional social media sites, where Cross Wrap has presence and where you have opted to follow us.
4. Disclosures of your personal data and processing outside EU/EEA
Cross Wrap does not sell your information to third parties. We may, however, disclose your information in circumstances described below.
- Third party service providers: We may transfer personal data about you to our trusted third party services providers (such as our subcontractors who provide manufacturing and maintenance services, agents and other representatives, accountants as well as IT service providers) to process it on our behalf, based on our instructions and in compliance with this Privacy Policy, any other appropriate confidentiality and security measures as well as applicable data protection laws.
- Authorities: We may disclose your information to authorities when we have a legal obligation or other legitimate interest to do so under applicable law.
- Consent: Based on your consent we may disclose your information within the limits of the specific consent you have given. Information on revoking your consent is provided below.
- Business transactions: We may disclose your personal data in connection with a business transaction, if and to the extent necessary.
- Our legitimate interests: We may disclose your personal data if it is necessary in order to protect or defend our legitimate rights and interests, or those of our users, employees, directors or shareholders, and/or to ensure the safety and security of our services.
The principal place of processing of your personal data is in the EU and subject to the provisions of the EU General Data Protection Regulation and other national and EU privacy laws. In certain occasions we may use service providers located outside the EU/EEA in the provision and technical implementation of our services, in which case your personal data may be transferred outside the EU/EEA. In case we transfer your personal data outside the EU/EEA we have ensured that your personal data is afforded adequate level of protection by way of European Commission’s standard contractual clauses or by using other safeguards available under the EU data protection laws.
5. Data security principles
We employ sufficient technical and organizational measures to protect your personal data against accidental and/or unlawful access, alteration, destruction or other processing (including unauthorized disclosure and transfer). These measures include proactive and reactive risk management, use of firewalls, encryption techniques and secure IT areas as well as access control and security systems, security planning, controlled granting and monitoring of access/user rights, ensuring skills through training for personnel involved in processing personal data and through assessments as well as careful selection of suppliers. Only those of our employees who are entitled to process customer data as part of their job are entitled to use the systems containing personal data. Each user has his/her own user name and password to the system. We are continuously updating our in-house practices and guidelines in an appropriate manner.
6. Data retention
| Data group | Retention period |
| Contact information etc. | Duration of the relationship and thereafter 10 years (if it relates to contract) |
| Information relating to contracts, business relationship etc | Duration of the relationship and for maximum 10 years thereafter |
| Information about newsletters | 2 years from the date of subscription of the newsletter or earlier if you request to be removed from the mailing list |
| Direct marketing (prohibitions and consents) | Until you request to be removed from the mailing list and/or your email address is inactive |
| Chat transcripts | 12 months from the chat conversation |
| Customer service and other contacts | 2 years from the contact request |
| Cookies used on the website | See Cookie Settings for additional information |
| Profiling information | 12 months |
Information we process will only be retained as long as is necessary to fulfil the abovementioned purposes or as long as we have a statutory obligation to keep your information, after which it will be deleted from our files.
We regularly assess the necessity of data retention in the light of applicable law. In addition, we will take reasonable steps to ensure that no personal data relating to data subjects are incompatible, outdated or inaccurate for the purposes of processing. We will correct or destroy such data without undue delay.
7. Your rights as the data subject
As the data subject, under data protection laws you can influence on how we process your personal data in the following ways:
| Right | In which situations |
| Request access to the personal data concerning him/herself | Always |
| Request the correction of incorrect or outdated information | Always |
| Request the deletion of data | Where the customer has withdrawn consent or where one of the other conditions set out in Article 17 of the GDPR is met |
| Withdraw consent | Where processing is based on consent |
| Object to the processing of data | Where the processing is based on legitimate interests and involves a particular personal situation or where the data are processed for direct marketing purposes. |
| Request restriction of processing (e.g. until requests for data are resolved and settled) | If the accuracy of the data is contested or one of the other conditions set out in Article 18 of the GDPR is met |
| Transfer the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format to a system held by another party | If the processing is based on consent or a contract, the processing is carried out automatically and the transfer is technically feasible and if the data concerns information provided by the customer him/herself |
| File a complaint about the processing of your personal data with the Supervisory Authority in the Member State of your habitual residence, place of work or place of the alleged infringement. In Finland, the Supervisory Authority is the Data Protection Ombudsman. | Always |
8. Cookies
Like many other websites, also Cross Wrap uses cookies and similar technologies on its website www.crosswrap.com. We use these technologies to improve our services and business, remember your preferences, understand how you are using our service and help personalize our marketing, other communications and advertising.
A “cookie” is a small data file containing a string of characters that is sent to your device when you visit a website. When you visit the website again, the cookie allows that site to recognize your browser. A cookie does not harm your device, and we do not get any information that is directly related to you (such as your name or email address) merely through cookies.
Different types of cookies
The duration of how long a cookie will stay on your device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your device until they expire or until you delete them. First-party cookies are placed on your device by us and collect information that we use. Third-party cookies are placed on your device by a third-party (i.e., not us), such as a partner or a supplier of ours. You can generally block or delete these cookies.
Purposes for our use of cookies
There are different purposes for using cookies. We use cookies primarily to personalize the contents of our services, analyze the use of our services and maintain your identity or session on the service. We may also partner with third parties to manage and tailor our advertising on other websites.
In addition, Cross Wrap uses social plug-ins on our service enabling you to receive our content from those platforms and share our content also on your social media platforms. When you interact with these social media plug-ins, some data is sent directly to the provider of that social media service, and we may also receive certain anonymous/pseudonymous data about your use of such content and other data associated with your use of that social media service from those social media partners.
In the Cookies Settings you will find information about different cookies we use, cookie categories, the purpose of the cookie and the duration of the cookie.
We may update this cookie information from time to time. Most up-to-date cookie information is always available on our website through the Cookie Settings.
We use cookies for the following purposes:
| Purpose | Description |
| Necessary Cookies | These cookies are essential for our website to function properly and to ensure that our website is protected from unusual activity. These cookies are usually only set in response to actions and requests made by you, such as enabling page navigation or filling in forms. |
| Statistics Cookies | These cookies are often used to improve the performance of our website by allowing us to analyze how visitors interact with our website, analyze the number of users and traffic sources. This type of cookie is not strictly necessary for our website to function but is aimed at telling us, for example, which pages you find the most interesting. Information collected about you through statistics cookies enables us to give you a personalized experience of our website and thus provide you with the best user experience possible. |
| Marketing Cookies | These cookies are typically used to market our services, usually through third-party sites, by collecting information about your browsing habits and how you navigate within our website. This in turn enables us to make our content and advertising as relevant to you as possible. |
| Preferences Cookies | These cookies are typically used to remember your preset features and preferences. Such preferences include preferred currency, language, and types of products/services. These cookies will help us to understand your interests and to facilitate your use of our website. |
How to manage the use of cookies
We store your cookie consent for 12 months year for the current domain unless you withdraw your consent.
You can manage and disable the cookies (except essential cookies) on our site by clicking on the “Change your consent” button below:
Alternatively, most web browsers allow you to control and block cookies through their settings. Please note that if you limit the ability of our website to set cookies or block them entirely, the entire contents of our website may not be available and some of the features might not function properly. Below You can learn about how to control cookie settings on most common web browsers:
Cross Wrap uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses cookies to help the website analyse how users use the site. The information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States. IP anonymization is activated on this website and your IP address will however be truncated by Google beforehand within the area of member states of the European Union or the European Economic Area. Only in exceptional cases, the full IP address is sent to a Google server in the USA and truncated there. Google uses this information on behalf of Cross Wrap for the purpose of evaluating how you use our website, compiling reports on website activities and providing further services related to website and internet usage to Cross Wrap. The IP address transferred by your browser within the scope of Google Analytics will not be associated with any other data held by Google.
To prevent your data from being used by Google Analytics you can install the browser plug-in from Google which is available here.
If you would like more information about cookies, please visit www.allaboutcookies.org. More information about interest-based advertising, including how to opt-out of these cookies, can be found at www.youronlinechoices.com.
Changes to this policy
Cross Wrap continuously develops its business and services, which is why we may occasionally need to make changes also to this Privacy Policy. We will endeavor to inform you about any changes we make either personally or through our services.
| DATE | A BRIEF DESCRIPTION OF THE CHANGE |
| 5 Dec 2025 | Clarified the structure of the notice; clarified the personal data to be collected, the purpose of the processing and the legal basis; updated the retention periods for the personal data to be collected. |