Privacy Policy - General

Privacy Policy - General

In this Privacy Policy we explain how and on what basis we collect, store and otherwise process personal data of data subjects: (i) visiting our website or (ii) contacting us via tools available on our website.

1. TERMS OF THE INFORMATION CLAUSE

1.1. For the purpose of this Privacy Policy terms: “controller”, “processor”, “data subject”, “personal data” and “processing” shall have the same meaning as set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”).

1.2. The terms “TransactionLink”, “we” or “us” as used hereinafer mean TransactionLink spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered seat in Warsaw, address: Rynek Nowego Miasta 9/9, 00-220 Warsaw, Poland, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register under KRS number: 0000823971, tax identification number NIP: 5252812929, statistical number REGON: 385349514, share capital in the amount of PLN 127 150.00.

2. OUR CONTACT DETAILS

2.1. You can contact us by: 

a) e-mail: [email protected]

b) contact tools available on our website: https://transactionlink.io/; or

c) in writing to the following correspondence address: Czarnieckiego 72 Street, 01-541 Warsaw, Poland.

3. DATA PROTECTION OFFICER

3.1. We have appointed Data Protection Officer – Mateusz Pniewski to assist you with privacy-related matters. With any data protection queries or when you wish to exercise your rights, you may contact our Data Protection Officer at [email protected] or in writing to the address shown above.

4. PROCESSING OF THE PERSONAL DATA

4.1. We attests that we act as a controller of the personal data (the “Personal Data”) with respect to your Personal Data acquired by us in connection with your activities while: (i) visiting our website and/or contacting us through any tools available on our website.

4.2. We process Personal Data of the following data subjects:

a) visitors of our Website (the “Visitors”); and

b) other persons or entities as specified in this Privacy Policy.

5. PURPOSES AND LEGAL BASIS FOR THE PERSONAL DATA PROCESSING

5.1. Personal Data obtained in connection with visiting our website and/or or contacting us through any tools available on our website are processed respectively to the extent that is necessary for your activities on our website and to process your reaching out to us by means available on our website (based on Article 6(1)(b) and Article 6(1)(f) of the GDPR). 

5.2. We may also process your Personal Data when it is necessary for compliance with a legal obligation to which the controller is subject (based on Article 6(1)(c) of the GDPR) and to establish, pursue and defend against potential claims (based on Article 6(1)(f) of the GDPR). 

5.3. In addition, in order to pursue necessary purposes arising from our legitimate interests as the controller of your Personal Data, we may use the technical data of the device you are using to analyze the use and improve of our services provided throughout our website and also to prevent and investigate illegal activities (based on Article 6(1)(f) of the GDPR).

5.4. If you agree to receive marketing and promotional communication from us, we will also process your Personal Data for marketing purposes (based on Article 6(1)(f) in case of direct marketing  or Article 6(1)(a) GDPR).

6. PERSONAL DATA WE PROCESS ABOUT VISITORS TO OUR WEBSITE

6.1. We may collect data when you visit our Websites by using Cookies (see Cookies Policy) or other similar technologies (e.g. IP address, equipment information, location information, beacons) and process the Personal Data gathered by them. This Personal Data, among other information, may be as follows:

a) identification data, such as IP address, time, and location;

b) information on the usage of the Website and/or Service and other web log data, such as the pages you visit on the Website, the date and time of your visit, the files that you download and the URLs from the websites you visited before and after visiting the Website;

c) technical data, including but not limited to information about your IP address and domain name, your software and hardware attributes (including device IDs) and your general geographic location (e.g. city, country);

d) first name, last name, e-mail addresses, phone number, when you subscribe to our newsletters or download our content, when you subscribe to our marketing communication.

7. PERSONAL DATA WE PROCESS RELATED TO CONTACTING US

7.1. If you decide to contact us via contact details available on our Website, we only process the following Personal Data about you:

a) name;

b) e-mail address;

c) other data that you provide during the contact.

8. PERSONAL DATA RECIPIENTS

8.1. We may transfer / share your Personal Data:

a) upon your prior consent for data sharing and only to entities to which you have directly agreed in such consent;

b) at any time, when we are legally required to do so, we may disclose your Personal Data or other information about your use of our Services in order to comply with the law, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, prevent and detect fraud, or respond to requests from public authorities;

c) with entities supporting TransactionLink with its business operations, such as companies providing data hosting services, law firms, marketing companies, providers of advisory.

8.2. Your Personal Data may also be transferred to entities seated in the United Kingdom, United States, i.e. outside the European Economic Area. To ensure adequate safeguards, the transfer of Personal Data takes place on the basis of an appropriate agreement, the so-called standard contractual clauses adopted by the European Commission. 

You can obtain information on the protection measures applied by submitting a request to the contact details given above.

9. PERSONAL DATA RETENTION PERIOD

9.1. Your Personal Data will be processed:

a) for a duration of you using our services;

b) for a duration of a limitation period in order to establish, pursue and defend against claims, however at any time the personal data retention period will not be longer than 6 years counting down from the end of the calendar year, in which you ended up using our website or end of issue processing you contact us about; 

c) if we process your Personal Data based on your consent - until you withdraw this consent. The withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal;

d) if it is necessary for us to comply with our obligations under the law, such as tax law, accounting law or laws regulating our obligations as a payment institution providing solely the account information service (e.g. obligations to report statistical data, handle complaints), we may process your data also for the period necessary for the fulfilment of the obligations included in the relevant laws, in particular in line with the (Polish) Act on Payment Services as of August 19, 2011 – for relevant periods required therein.

9.2. However, we will normally store your Personal Data for no longer than it is necessary, taking into account the purposes for which the Personal Data is collected, i.e. to fulfil our contractual obligations towards you, to pursue our legitimate interests, to fulfil legal obligations or as required for the statutory retention period.

10. YOUR RIGHTS CONCERNING PERSONAL DATA

10.1. As a data subject, with regards to your Personal Data, you have a number of rights under the GDPR, which you can exercise by contacting us by means indicated in Section 2 and 3 above. 

Right of access and to obtain the copy of Personal Data

10.2. On this basis, you have the right to obtain confirmation as to whether or not we process your Personal Data and if so, to obtain some general information about the processing. We will also provide you with a copy of your Personal Data.

Right to rectification

10.3. By receiving this kind of request, we are obliged to remove incompatibilities or errors of your Personal Data and supplement them if they are incomplete.

Right to be forgotten

10.4. On this basis, you can request the deletion of your Personal Data, processing of which is no longer necessary to achieve any of the purposes for which your Personal Data were collected or otherwise processed. It may also cover the following situations:

a) processing was based on your consent that you have withdrawn and there is no other legal ground for the processing;

b) you have objected to processing based on the Article 6(1)(f) of the GDPR and there are no overriding legitimate grounds for the processing; 

c) Personal Data have been unlawfully processed;

d) Personal Data have to be erased for compliance with a legal obligation that applies to us.

Please also note that the GDPR sets some exemptions when making use of your right to be forgotten is not possible.

Right to restriction of processing

10.5. You have the right to obtain restriction of processing where one of the following applies:

a) you contest the accuracy of the Personal Data (for a period enabling us to verify the accuracy of the Personal data);

b) the processing is unlawful and you oppose the erasure of the Personal Data and requests the restriction of their use instead;

c) we no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;

d) you have objected to the processing based on the Article 6(1)(f) of the GDPR (for the verification whether our legitimate grounds override yours).

If such a request is made, we cease to carry out operations on your Personal Data – with the exception of operations to which you have consented, processing carried out for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Right to Personal Data portability

10.6. When the processing is based on your consent or the necessity for the performance of a contract – you can request to receive your Personal Data from us in a structured, commonly used and machine-readable format. The right to data portability includes Personal Data provided by you and processed by automated means. You have the right to transfer this data to another data controller.

Right to object to data processing

10.7. At any time, you may object - for reasons related to your particular situation - to the processing of your Personal Data, which is based on the legitimate interest as specified in Article 6(1)(f) of the GDPR (e.g. for analytical or statistical purposes). We shall no longer process the Personal Data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Right to withdraw the consent

10.8. If your Personal Data are processed on the basis of given consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal.

Right to lodge a complaint to the Data Protection Authority

10.9. If it is considered that the processing of your Personal Data violates the provisions of the GDPR or other provisions regarding the protection of Personal Data, you may lodge a complaint to the body supervising the processing of personal data, competent in particular for your habitual residence, place of your work or place of the alleged violation. 

In Poland, the supervisory authority is the President of the Personal Data Protection Office, with its office at Stawki 2 Street, 00-193 Warsaw, Poland.

11. FREEDOM OR OBLIGATION TO PROVIDE THE PERSONAL DATA

11.1. When we obtain your Personal Data from you, providing us with data is voluntary, however, may be necessary to conclude or perform the agreement between us. We may not be able to conclude the agreement with you or fulfil contractual obligations. In some cases, it may be also necessary for us to fulfil legal obligations, including rules on anti-money laundering and anti-terrorist financing (AML). 

12. PROFILING AND AUTOMATED DECISION MAKING

12.1. Your Personal Data will not be used for profiling or for automated decision making in relation to you.