Privacy policy
General information
Who is the data controller
The controller of personal data is Currency One SA, ul. Szyperska 14, operator of the internetowykantor.pl website.
Data Protection Officer is Hubert Stern.
Contact details
If you have any doubts or requests concerning the will to use our rights, please contact our Data Protection Officer at: iod@currency-one.com.
Data Protection
Protection of Client’s details
We exercise due care to protect data subjects’ interests. We ensure that the data we collect is:
- processed in accordance with law,
- collected for specified, legitimate purposes and no further processing will be undertaken that is not consistent with these purposes,
- correct and adequate in relation to purposes for which the data is processed and stored in format that allows identification of data subjects no longer than it is necessary to achieve the processing objectives.
We do not sell data
We do not sell personal data, we do not make it available to other categories of subjects apart from those specified above (“data recipients” in the table). Your data will not be sent outside the European Economic Area with the exception of use the communicator at the website. The data is not transferred to international organizations for any business purposes.
The objective and scope of data collection and the legal basis for these activities
Data acquisition
We process personal data which we have received directly from you (e.g. in the registration form) and also from public registers (e.g. National Court Register, CEiDG business register).
Purpose of data collection
We process your data for the following purposes:
- Service provision: all activities related to foreign currency exchange transactions, e.g.agreement conclusion, posting payments, complaint process.
- Obligations resulting from legal regulations, including the Act Act on counteracting money laundering and if processing of personal data is necessary to perform task performed in public interest.
- Marketing: actions involving: mailing, sending promotional and informational materials, offering products, sending informational text messages, use of a system monitoring the activity while using the website. This data helps us define user preferences, thus improving user experience. Moreover, we use this information to ensue more efficient organization of promotions and competitions.
- Automated data processing: making decisions aimed at adapting the offer to your needs (e.g. for awarding discounts), only on the basis of automated processing of your personal data, activity at the website and transaction history.
Scope of data collection
All of the objectives listed above are fulfilled under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
We process your data within the following scope:
Why do we process data and in what scope? | |
To provide services | Whose data do we process? Website user’s |
What data is processed?/b> full name, address provided in the registration form, e-mail address, telephone number, PESEL number, expiry date, series and number of the identity card, account numbers, date of birth, citizenship, name ofactivity | |
Legal basis GDPR, Art. 6, Sec. 1 letter b | |
Who are data recipients? banks, financial institutions supporting service provision, suppliers of communication tools (e.g. chat, text messages) | |
How long do we process data? Until the agreement is terminated or until the Data Controller’s legitimate interests which are the basis for the processing have been fulfilled. | |
To fulfil obligations resulting from legal regulations or public interest | Whose data do we process? Website user’s |
What data do we process? Data required by the Act on counteracting money laundering, in particular data specified in Art. 9 of the Act on counteracting money laundering and terrorism financing of 16 November 2000 (consolidated text, Journal of Laws of 2017, item 1049 as amended) | |
Legal basis GDPR, Art. 6, Sec. 1 letter c, e | |
Who are data recipients? Entities entitled to obtain data under applicable legal regulations, e.g. courts or public administration. | |
How long do we process data? Until the Data Controller has fulfilled their obligations specified in individual legal regulations. | |
For marketing purposes | Whose data do we process? Website user’s or potential user’s |
What data do we process? full name, telephone number, e-mail address, PESEL number, date of birth, citizenship, postal code, transaction history, activity at the website | |
Legal basis GDPR, Art. 6, Sec. 1 letter a, f | |
Who are data recipients? Subcontractors of services (e.g. couriers, media houses, providers of marketing tools) | |
How long do we process data? Until the consent is withdrawn or an objection submitted. | |
For automatic data processing | Whose data do we process? Website user’s |
What data do we process? full name, telephone number, e-mail address, PESEL number, date of birth, citizenship, postal code, transaction history, activity at the website, address, data of bank accounts, logging data including the IP address. | |
Legal basis GDPR, Art. 6, Sec. 1 letter a | |
Who are data recipients? We do not share such data. | |
How long do we process data? Until the consent is withdrawn | |
Automated processing
We inform that your personal data and website behaviour are processed in an automated manner to enable us to perform statistical analyses for the Data Controller’s internal purposes, including product development and also to monitor and prevent financial fraud and to ensure security and reliability of services provided by the Data Controller.
Data sharing
The only cases in which your data can be shared, apart from the ones described above, are cases in which such sharing is necessary to fulfil obligations resulting from legal regulations.
Your rights
Right to access your data
You have the right to access and rectify their personal data. We also inform you that regulations concerning the counteracting of money laundering and regulations related to the regulations of the Financial Supervision Authority oblige us to keep some operations secret and this obligation takes precedence over your right to access your data.
Right to stop or restrict the processing of data
If you have found yourself in a special situation, as a result of which further processing of your data by you threatens your privacy, you can inform us of this fact and demand that we should restrict the processing.
Right to data portability
You are entitled to demand that we should send your data to another entity in a form that can freely processed by the recipient.
Right to withdraw the marketing consent
Please note that you can withdraw your consents at any time by logging into your account and selecting the relevant option. The withdrawal of your consent does not affect the legality of the processing of your data on the basis on your consent which took place before the consent was withdrawn.
Right to be forgotten
You are entitled to have your data deleted in cases provided for by law.
Right to complain to the data protection supervisory body
We inform you that you are also entitled to complain to a supervisory body. At present, it is the Personal Data Protection Supervisor. National regulations which must be implemented in connection with the change of European law (GDPR) will specify in detail who will be the legal successor of the Personal Data Protection Supervisor. The new office will be established on 25 May 2018.