1. INFORMATION ABOUT THE CONTOLLER OF PERSONAL DATA OF USER OF THE SB SYSTEMS ONLIN VIRTUAL CURRENCY SERVICE UNDER THE DOMAIN SWAP-BRIDGE.COM
The controller of the personal data of users (hereinafter referred to as "Users", and individually as "User") of the SB SYSTEMS' service operated in the domain swap-brdige.com (hereinafter referred to as "Service" or “Website”), i.e. the entity deciding on the purposes and means of processing their personal data is SB SYSTEMS Sp. z o.o. with its registered office in Warsaw, ul. Bartycka 22B/21A, 00 - 716 Warsaw, KRS no.: 0001097133, email address:
[email protected], telephone number: +49 176 58346541 (hereinafter referred to as the "Controller").
A User is understood to be any natural person using the Service.
3. PURPOSES AND LEGAL BASIS OF PERSONAL DATA PROCESSING
The personal data controller processes the Users' personal data for the following purposes:1. in order for the Controller to provide the following service to the User via the Service: Virtual Currency Exchange, which enables the Service Users to purchase from the Virtual Currency Controller in exchange for cash (FIAT). The basis for the processing of the User's data in such a case is Article 6(1)(b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "GDPR"), i.e. the necessity of the processing to provide the aforementioned service to the User;
2. for the purpose of the Controller's customer identification in performance of its obligation under Article 34(1)(2) of the Polish Anti-Money Laundry Act of 1 March 2018. (hereinafter referred to as "AMLA"). The basis for the processing of the User's data in this case is Article 6(1)(c) of the GDPR, i.e. the necessity of the processing for the fulfilment of a legal obligation incumbent on the Controller;
3. for the purpose of keeping statistics on the use of individual functionalities available on the Service, facilitating the use of the Service and ensuring IT security of the Service. Personal data concerning the User's activity in the Service and the amount of time spent on each subpage in the Service, User's search history, location, IP address, device ID, data concerning the Internet browser and User's operating system are then processed. The basis of the processing of the User's data in such a case is Article 6(1)(f) GDPR, i.e. the Controller's legitimate legal interest in processing the User's personal data;
4. for the purposes of marketing the Controller 's services. The User's personal data provided while using the Service, data concerning the User's activity in the Service, which are recorded and stored by means of cookies, are then processed. The basis for the processing of the User's personal data in this case is Article 6(1)(a) and (f) of the GDPR, i.e. the User's consent to receive marketing content from the Controller and the Controller's legitimate legal interest in conducting direct marketing of its services;
5. in order to determine, assert and enforce possible claims of the Controller and to defend against possible claims of the User in court and out-of-court proceedings. The User's personal data provided when using the Service as well as other data necessary to prove the existence of the claim or resulting from generally applicable legal regulations may be processed in this case. The basis for the processing of the User's personal data in such a case is Article 6(1)(f) GDPR, i.e. the Controller 's legitimate legal interest in processing the User's data.
If the basis for the processing of the User's personal data is his consent to the processing of his data, i.e. Article 6(1)(a) GDPR, the User has the possibility to withdraw his consent at any time, which, however, does not affect the legality of the processing of his data which was carried out on the basis of consent before its withdrawal.
4. RECIPIENTS OF PERSONAL DATA
Personal data may be disclosed by the Controller to the General Inspector for Financial Information as required by the APSI. Personal data may also be entrusted by the Controller to other third parties providing ongoing services to the Controller, e.g. in the field of legal or accounting services, as well as in situations in which such an obligation clearly results from a demand of an authorized public authority or from the applicable provisions of generally applicable law. Personal data may also be transferred to the extent necessary to companies of the SB SYSTEMS Group. Personal data may be transferred to countries outside the European Economic Area, but only to such countries for which the European Commission has issued a decision declaring an adequate level of personal data protection within the meaning of Article 45 GDPR.
The Controller shall each time ensure that the entities to which the Users' personal data will be entrusted are entities which guarantee a high level of protection of such data, and that appropriate contracts for entrusting the processing of the Users' personal data are signed with the entities with which this is required.
5. STORAGE PERDIOD OF USER DATA
The User's personal data processed in order to provide the services mentioned in point III item 2 of this Privacy Policy shall be stored for a period of 5 years, counting from the date of termination of the business relationship with the Controller or from the date of execution of an occasional transaction in accordance with Article 49 of the AMLA.
Personal data from cookies stored on the User's terminal device will be stored for a period corresponding to the life cycle of cookies stored on the User's terminal device or until they are deleted from the device by the User.
User personal data processed for the purpose of sending marketing content by the Controller, including the newsletter, will be stored by the Controller until the User withdraws his/her consent to receive it.
If the storage of the User's personal data proves necessary to assert or defend a claim to which the Controller is entitled or against the Controller, the User's personal data may be stored until the court proceeding pertaining to the claim is finally ended and the decision made in the proceeding is enforced.
6. USERS' RIGHTS RELATED TO THE PROCESSING OF THEIR PERSONAL DATA
RIGHT TO WITHDRAW CONSENT
The User has the right to withdraw consent at any time if the processing of their personal data is based on that consent. Consent for data processing may be withdrawn by sending the Controller a declaration indicating such a wish, e.g. in the form of an email message. The withdrawal of the consent shall be effective from the moment the Controller receives the aforementioned statement. Withdrawal of consent does not affect the lawfulness of the processing of the User's personal data carried out by the Controller before its withdrawal.
RIGHT TO DEMAND ACCESS TO DATA
The User has the right to obtain confirmation from the Controller as to whether his/her personal data are being processed and, if this is the case, has the right to:
a. obtain access to his/her personal data;
b. obtain information on: the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients of that data, the intended period of storage of the User's data or the criteria for determining that period, the User's rights under the GDPR and the right to lodge a complaint with the supervisory authority, the source of that data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of that data outside the European Economic Area;
c. obtain a copy of your personal data.
RIGHT TO RETIFICATION
The User has the right to rectify and complete the personal data they have provided. The User may do so by submitting a request to rectify such data if incorrect or to complete it if incomplete.
RIGHT TO ERASURE ("RIGHT TO BE FORGOTTEN")
The User has the right to request the erasure of all or some of the data concerning you.
The User may request the erasure of their personal data if:
a. the User's personal data are no longer necessary for the purposes for which they were collected or for which they were processed;
b. the User's personal data are processed unlawfully;
c. to object to the processing, if its basis is the legitimate legal interest of the Controller;
d. the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the Controller is subject;
e. the personal data were collected in connection with the offering of information society services.
Despite the request for erasure of personal data in connection with the filing of an objection, the Controller may continue to process the User's personal data to the extent necessary for the establishment, assertion or defence of claims, and to the extent necessary to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the Controller is subject.
RIGHT TO RESTRICT PROCESSING
The User has the right to request the Controller to restrict the processing of your personal data, i.e. not to undertake any processing activities in relation to them beyond the mere storage thereof, in the following cases:
a. where he/she questions the correctness of his/her personal data - for a period allowing him/her to verify the correctness of the data;
b. when the processing of the data is unlawful, but the User opposes its erasure by requesting instead the restriction of the processing;
c) when the User's personal data are no longer necessary for the purposes for which they were collected or used, but they are necessary for the establishment, assertion or defence of claims;
d. where the User has objected to the use of his/her data, in which case the restriction shall take place for the time necessary to consider whether the protection of the interests, rights and freedoms of the User outweighs the interests pursued by the Controller in processing his/her personal data.
RIGHT TO DATA PORTABILITY TO ANOTHER CONTROLLER
Where the User's personal data are processed by the Controller on the basis of the consent given by the User or for the purpose of entering into a contract with the User (Article 6(1)(a) and (b) of the GDPR), the User has the right to receive in a structured, commonly used readable format the personal data that the User has provided to the Controller, and has the right to transfer this personal data to another controller without hindrance from the Controller, provided that this is technically possible.
RIGHT TO OBJECT TO PROCESSING
The User has the right to object at any time to the processing of his/her personal data where the processing is based on the legitimate legal interest of the Controller (Article 6(1)(f) GDPR). If the User's objection proves to be justified, and the Controller has no other legitimate legal basis for processing the User's personal data, as well as a basis for determining, asserting or defending his/her claims, the Controller shall delete the User's personal data to the use of which the User has raised an objection.
If, in the exercise of the above-mentioned rights described in items A-G), the User submits a request to the Controller, the request shall be met or refused immediately, but no later than within one month of its receipt. However, if, due to the complexity of the request or the number of requests, the User is unable to comply with the User's request within one month, it will be complied with within a further two months after informing the User of the need to extend this period.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
If the User considers that the right to data protection or other rights granted to the User under the GDPR have been violated, the User has the right to lodge a complaint with the supervisory authority - the President of the Office for Personal Data Protection.
7. VOLUNTARINESS OF PROVIDING PERSONAL DATA
Providing personal data by the User is always voluntary, but it is necessary in order to contact the Controller through the contact form and in order to conclude and perform the contract between the User and the Controller and to serve the User as the Controller 's customer. If the User does not provide the data, it will not be possible to contact the Controller to conclude and perform the contract between the User and the Controller or to serve the User as the Controller 's customer.
8. POSSIBILITY OF PROFILING THE USERS' PERSONAL DATA BY THE CONTROLLER
The Users' personal data concerning their preferences, behaviour and choice of marketing content may be used as the basis for making automated decisions in order to determine the sales opportunities of the Service. Therefore, pursuant to Article 21(2) of the GDPR, all Users have the right to object to the processing of their data by the Controller for this purpose.
9. DATA COLLECTED AUTOMATICALLY UPEN ENTERING THE WEBSITE OF THE SERVICE (COOKIE FILES)
The Controller informs that while using the Website, short text information called "cookies" are stored in the User's end device. Cookie files contain such IT data as: the IP address concerning the User, name of the website they come from, time of their storage on the User's end device, recording of parameters and statistics and a unique number. Cookies are directed to the Service server through a web browser installed in the User's end device. Cookies are used on the Website in order to:
a. maintaining technical correctness and continuity of the session between the Service server and the User's final device;
b. optimisation of use of the Website by User and adjustment of their display on User's end device;
c. ensuring safety of use of the Service;
d. gathering statistics on visits to websites of the Service, supporting improvement of their structure and content;
e. display on the User's terminal equipment of advertising content optimally adapted to his/her preferences. Within the Service there are two types of "cookies" used: "session" and "permanent". "Session" "cookies" are files subject to automatic removal from the final device of the User of the Service after his/her logging out from the Service or after leaving by him/her the websites of the Service or after switching off the web browser. "Permanent" files "cookies" are stored in the terminal equipment of User for the time specified in the parameters of files "cookies" or until their removal by User. "Permanent" "cookies" are installed in the User's terminal equipment only with his/her consent. The Controller informs that:
• Internet browsers by default accept the installation of "cookies" in the final device of the User. Each User of the Website may at any time change the settings concerning "cookies" in the Internet browser used by him in such a way that the browser automatically blocks the use of "cookies" or informs the User of their placement in his terminal equipment each time. Detailed information on the possibility and methods of using cookies is available in the settings of the Internet browser used by the Service User.
• Restricting the use of cookies by a User may adversely affect the correctness and continuity of the provision of Services on the Website. Cookies installed in Service User's end device may be used by advertisers or business partners cooperating with the Controller. Cookies may be considered personal data only in connection with other data identifying identity, provided to the Controller by the User while using the Service.
Only the Controller has access to cookies processed by the Website's server.
If the User does not agree to save and receive information in cookies, he/she can change the rules regarding cookies by means of the settings of his/her Internet browser.
10. CHANGES TO THE PRIVACY POLICY
If it is necessary to update the information contained in this Privacy Policy or if it is necessary to ensure its compliance with the applicable laws or technological conditions of the functioning of the Website, this Privacy Policy may be amended. Users will be informed of any changes to the Privacy Policy through a notice displayed on the Website.