en
Homepage > Privacy policy

Privacy policy

General information

Who is the data controller

The controller of personal data is Currency One SA, ul. Szyperska 14, 61-754 Poznań, operator of the Walutomat.pl website.

Data Protection Officer is Olga Ograbisz.

Contact details

If you have any doubts or requests concerning the will to use our rights, please contact our Data Protection Officer at: iod@currency-one.com.

Data Protection

Protection of Client’s details

We exercise due care to protect data subjects’ interests. We ensure that the data we collect is:

We do not sell data

We do not sell personal data, we do not make it available to other categories of subjects apart from those specified above (“data recipients” in the table). Your data will not be sent outside the European Economic Area with the exception of use the communicator at the website. The data is not transferred to international organizations for any business purposes.

The objective and scope of data collection and the legal basis for these activities

Data acquisition

We process personal data which we have received directly from you (e.g. in the registration form) and also from public registers (e.g. National Court Register, CEiDG business register).

Purpose of data collection

We process your data for the following purposes:

Scope of data collection

All of the objectives listed above are fulfilled under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

We process your data within the following scope:

Why do we process data and in what scope?

To provide services

Whose data do we process?

Website user’s

What data is processed?

full name, address provided in the registration form, e-mail address, telephone number, PESEL number, expiry date, series and number of the identity card, account numbers, date of birth, citizenship, name ofactivity

Legal basis

GDPR, Art. 6, Sec. 1 letter b

Who are data recipients?

banks, financial institutions supporting service provision, suppliers of communication tools (e.g. chat, text messages)

How long do we process data?

Until the agreement is terminated or until the Data Controller’s legitimate interests which are the basis for the processing have been fulfilled.

To fulfil obligations resulting from legal regulations or public interest

Whose data do we process?

Website user’s

What data do we process?

Data required by the Act on counteracting money laundering, in particular data specified in Art. 9 of the Act on counteracting money laundering and terrorism financing of 16 November 2000 (consolidated text, Journal of Laws of 2017, item 1049 as amended)

Legal basis

GDPR, Art. 6, Sec. 1 letter c, e

Who are data recipients?

Entities entitled to obtain data under applicable legal regulations, e.g. courts or public administration.

How long do we process data?

Until the Data Controller has fulfilled their obligations specified in individual legal regulations.

For marketing purposes

Whose data do we process?

Website user’s or potential user’s

What data do we process?

full name, telephone number, e-mail address, PESEL number, date of birth, citizenship, postal code, transaction history, activity at the website

Legal basis

GDPR, Art. 6, Sec. 1 letter a, f

Who are data recipients?

Subcontractors of services (e.g. couriers, media houses, providers of marketing tools)

How long do we process data?

Until the consent is withdrawn or an objection submitted.

For automatic data processing

Whose data do we process?

Website user’s

What data do we process?

full name, telephone number, e-mail address, PESEL number, date of birth, citizenship, postal code, transaction history, activity at the website, address, data of bank accounts, logging data including the IP address.

Legal basis

GDPR, Art. 6, Sec. 1 letter a

Who are data recipients?

We do not share such data.

How long do we process data?

Until the consent is withdrawn

 

Automated processing

We inform that your personal data and website behaviour are processed in an automated manner to enable us to perform statistical analyses for the Data Controller’s internal purposes, including product development and also to monitor and prevent financial fraud and to ensure security and reliability of services provided by the Data Controller.

Data sharing

The only cases in which your data can be shared, apart from the ones described above, are cases in which such sharing is necessary to fulfil obligations resulting from legal regulations.

 

Your rights

Right to access your data

You have the right to access and rectify their personal data. We also inform you that regulations concerning the counteracting of money laundering and regulations related to the regulations of the Financial Supervision Authority oblige us to keep some operations secret and this obligation takes precedence over your right to access your data.

Right to stop or restrict the processing of data

If you have found yourself in a special situation, as a result of which further processing of your data by you threatens your privacy, you can inform us of this fact and demand that we should restrict the processing.

Right to data portability

You are entitled to demand that we should send your data to another entity in a form that can freely processed by the recipient.

Right to withdraw the marketing consent

Please note that you can withdraw your consents at any time by logging into your account and selecting the relevant option. The withdrawal of your consent does not affect the legality of the processing of your data on the basis on your consent which took place before the consent was withdrawn.

Right to be forgotten

You are entitled to have your data deleted in cases provided for by law.

Right to complain to the data protection supervisory body

We inform you that you are also entitled to complain to a supervisory body. At present, it is the Personal Data Protection Supervisor. National regulations which must be implemented in connection with the change of European law (GDPR) will specify in detail who will be the legal successor of the Personal Data Protection Supervisor. The new office will be established on 25 May 2018.