This Privacy Policy sets out the rules for the processing of personal data in connection with the use of our sandbox environment and the development environment. The document presents the purposes and legal bases of data processing, the scope of the information processed, the period of its storage, the categories of data recipients, as well as the rights of data subjects.
The Policy also explains what personal data is collected, in what situations it may be shared and on what terms we comply with the obligations arising from the GDPR, including ensuring the security of data processing and transparency in the scope of their use.
In the document, we also indicate the purposes for which we may use personal data, the grounds on which we base their processing, and the periods for which the data is stored in accordance with applicable law and the principle of data minimization.
The administrator of personal data, i.e. the entity deciding on the purposes and methods of their processing, is TransactionLink, Rynek Nowe Miasta 9/9, 00-229 Warsaw. TransactionLink has appointed a Data Protection Officer who can be contacted at the email address: privacy@transactionlink.io.
SANDBOX
Purposes and legal bases of processing
Purpose
Creating and maintaining an account in the sandbox and development environment
Processing of personal data necessary to create and operate an account, as well as additional data provided by the user when using the services (Article 6(1)(b) of the GDPR)
Purpose
Analysis and improvement of services – based on consentIf you consent to the recording of activities, personal data may be processed in order to analyze the way the services are used and to improve them (Article 6(1)(a) of the GDPR)
Purpose
Pursuing the legitimate interests of the controllerTo the extent necessary, the technical data of the user's device may be used to analyze the use of the services, improve them, prevent illegal activities and conduct related investigations.
Legal basis: Article 6(1)(f) of the GDPR.
Purpose
Performance of legal obligations and protection against claimsPersonal data may be processed to the extent necessary to fulfil the obligations arising from the provisions of law to which the controller is subject (Article 6(1)(c) of the GDPR). In addition, the processing may be carried out for the establishment, exercise or defence against potential claims (Art. 6 (1) (f) GDPR)
Data retention period
Duration of use of servicesPersonal data is processed for the period in which you use our services.
Limitation period for claimsData may be stored for the time necessary to establish, pursue or defend against claims. However, this period will not exceed 6 years from the end of the calendar year in which you used our services or contacted us in matters related to their provision.
Period of consentIf the basis for data processing is your consent, the data will be processed until it is withdrawn. The withdrawal of consent does not affect the lawfulness of the processing that was carried out before its withdrawal.
Performance of legal obligationsTo the extent necessary to fulfil the obligations arising from the provisions of law, including tax and accounting law and regulations concerning the activities of payment institutions providing account information services, the data may be stored for the periods required by the relevant regulations (e.g. reporting and statistical obligations, complaint handling).
As a rule, we store personal data only for the period necessary to achieve the purposes for which they were collected, i.e. to perform contractual obligations, pursue the legitimate interests of the administrator or comply with legal obligations – taking into account the retention periods resulting from the regulations.
Data range
We process personal data that you provide to us when you use our sandbox or development environment. This includes, in particular, the data necessary to create and maintain an account, such as identification data, contact details and information related to the configuration and use of our services. We may also process additional information provided voluntarily when interacting with our tools, including data on how the functionalities are used and technical requests submitted.
Data Source
We collect personal data directly from you – in particular when you register for an account, use our sandbox or development environment, and when you contact us in matters related to their operation. In certain cases, personal data may also be provided to us by third parties whose services you use as part of your integration with our environment (e.g. providers of development tools, authentication services or technology partners). In such situations, these entities become the source of the data, as long as the transfer complies with the applicable regulations and the configuration you have chosen.
Obligation to provide data
Providing some information is necessary to create and maintain an account in our sandbox and development environment. This applies in particular to the data necessary to identify you and ensure the proper functioning of the services, such as contact details, authentication information and technical data required to set up your account.
Providing additional data may also be a condition for using certain functionalities, integrations or services offered as part of the sandbox environment. Failure to provide them may prevent or limit the ability to fully use selected features
What if you don't provide your details
If you do not provide the information that is necessary to create and maintain an account, or to use certain functionalities of the sandbox and developer environment, we will not be able to enable you to use these services or their full scope.
Data recipients
Your personal data may be transferred or shared in the following situations:
a) Compliance with legal obligations and protection of rights and safetyWe may disclose personal data or other information related to the use of our services if we are required to do so by law or when we believe it is necessary to protect our rights, ensure the safety of users or third parties, prevent and detect abuse, and to respond to legally binding requests from competent public authorities.
b) Entities supporting us in our operationsWe may share personal data with entities providing services to us, in particular hosting and infrastructure service providers, law firms, consulting companies, entities providing technical support and other partners who support us in providing and developing services.
Data transfer
As a rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, taking into account the services provided by the Administrator's subcontractors in the implementation of support for ICT services and IT infrastructure, the Administrator may outsource the performance of certain IT activities or tasks to recognized subcontractors operating outside the EEA, which may result in the transfer of your data outside the EEA. Recipient countries outside the EEA, in accordance with the decision of the European Commission, ensure an adequate level of protection of personal data in accordance with EEA standards. In the case of recipients in the territory of countries not covered by the decision of the European Commission, in order to ensure an adequate level of this protection, the Administrator concludes agreements with the recipients of your personal data, based on standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the GDPR. A copy of the Standard Contractual Clauses may be obtained from the Controller by contacting the contact details provided above. The method of securing your data used by the Administrator is in accordance with the principles provided for in Chapter V of the GDPR. You can request further information about the security measures in place in this regard, obtain a copy of these security measures and information on where they are available.
Automated decisions
Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.
Your rights
and
Right of complaint
If you believe that we are processing your personal data unlawfully, you can file a complaint with the President of the Office for Personal Data Protection. More information on this topic can be found on the office's website.