Privacy Notice v 1.0
Effective on: 11 August 2023
Welcome to the Paymonade’s Privacy Notice!
At Paymonade, we value your privacy, and we want to keep you informed about how we collect and handle your personal data when you visit our website (https://www.paymonade.tech), register a User Account, or use the Services.
This Privacy Notice explains how Paymonade collects and processes your personal information. By registering a User Account, or using the Services, you consent to collecting, storing, processing, and transferring your personal information as described here. This Privacy Notice provides those details and may be complemented by the terms in other specific agreements we might have with you.
As part of our commitment to your privacy, we regularly update this Privacy Notice to reflect any changes in how we handle your personal data or to stay in line with any changes in applicable laws.
If you have any queries or concerns regarding this privacy notice or our practices, please contact dpo@paymonade.tech.
About Paymonade
Paymonade sp. z o.o, is a private limited liability company incorporated under the laws of Poland with its registered at Rondo ONZ 1, 00-124 Warsaw. Our National Court Register (Krajowy Rejestr Sądowy or KRS) number is 0001030787, and our Tax Identification Number (Numer Identyfikacji Podatkowej or NIP) is 5252952346. We are registered as Virtual Asset Service Provider. You can check our permissions in the VASP Register (Rejestr działalności w zakresie walut wirtualnych) by finding our name or registration number (Numer w rejestrze) that is 5252952326.
Data that we collect and process and legal basis for processing
We will collect and process the following data about you:
1. Your personal details and financial details :
What we collect: We need certain information like your name, address, email address, phone number, date of birth, a picture of you, a video recording of yourself, your citizenship, and sometimes your local identification numbers like PESEL or any tax identification number. We also need your financial details, occupation, and any data we may need to understand the source of your wealth. We might also collect information about you from other sources like credit history from credit bureaus.
Why we collect and process it: We collect and process these pieces of personal information to provide the Service, communicate about it, and identify you in our system when you register with us.
Legal basis for processing: The performance of a contract when we provide you with our Services or communicate with you about them and our legal obligations under applicable laws and regulations, including Anti-Money Laundering laws and regulations.
2. Your device and online information
What we collect: When you use our website, or use the Services, we note down things like your IP address, which is like your device’s online fingerprint, your login details, location, and some technical stuff about your device and browser. We also note how you interact with our website – which pages you visit, how long you stay, if you encounter any issues and more.
Why we collect and process it: These data points are used to provide, troubleshoot, and improve the Services. They help us to ensure the proper functioning of our business operations, analyse performance, fix errors, improve the usability and effectiveness of the Services and protect your User Account from unauthorised access.
Legal basis for processing: The performance of a contract when we provide you with the Services or communicate with you about them.
3. Your Services usage data
What we collect: Whenever you use the Services related to the exchange of Digital Assets or any payment transactions, we record details such as the date, time, the amount, currencies, and virtual assets used, payer/beneficiary and wallet details, including type and number of Digital Assets you have; and the payment method and decentralised ledger technology used.
Why we collect and process it: We process this information to prevent and detect fraud and abuse to protect the security of our users, Services and others. We may also use scoring methods to assess and manage credit risks.
Legal basis for processing: We need to comply with legal obligations concerning identifying customers, preventing fraud and/or abuse and avoiding non-compliance.
4. Your behaviour and preferences
What we collect: We observe how you use our website and Services, what features you like, and how you respond to our marketing efforts.
Why we collect and process it: This information is used to improve our Services, for you to have a better user experience, and to recommend features that might interest you, identify your preferences, and personalise your experience with the Services.
Legal basis for processing: Your consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to process your personal information for a specified purpose, you may withdraw your consent at any time, and we will stop processing your data for that purpose.
Please, note that where we rely on a legitimate interest to collect and process your personal data, we have concluded that your rights do not override those interests. If you think we’re using your data in an unfair way, you can reach out to us at dpo@paymonade.tech.
Respecting Your Personal Data
We promise not to use your personal information for any purposes, not in line with why we told you we were collecting it unless the law requires or authorises us to do so. The only other time we might need to do this is if it’s absolutely necessary for your well-being, like in a medical emergency, for instance. Your data is safe with us, and we are committed to using it responsibly.
Keeping Your Personal Information Safe
Your personal information’s security is our top priority. To keep it safe, we use both organisational and technological security measures to stop any accidental loss, unauthorised access or use, changes, or sharing of your data.
Only our team members who need to know your personal information for their work get to see it. Additionally, they are only allowed to handle your data based on our instructions, and they are bound by a duty to keep it confidential.
For your protection, we may ask you to verify your identity before we release any personal information to you. This is a part of our security procedures designed to keep your data safe.
In case of a suspected data breach, we have got a plan in place. Should anything like that happen, and the law requires it, we will inform you and any necessary regulatory authorities immediately.
Safeguarding Your Extra-Sensitive Information
Some types of personal data require extra protection because they are particularly sensitive. These special categories include data about your race, ethnic origin, political beliefs, religious or philosophical convictions, trade union membership, health, biometric or genetic data, sexual life or orientation, and criminal convictions and offences (even if they are just suspected).
We might need to handle these types of sensitive data in the course of providing our Services, but we only do this in line with data privacy laws and regulations or if you give us explicit permission to do so. It is worth noting that this information could pose a greater risk to your fundamental rights and freedoms, as it could lead to unlawful discrimination. If we do hold this type of data because you’ve included it in the documents you have given us, we rely on the substantial public interest condition as outlined in the data protection regulations.
Our Policy Regarding Children’s Information
Just so you know, we never knowingly ask for personal data from anyone under the age of 18. If we have any reason to believe that you are younger than that, we will not allow you to use our Services.
Sharing Your Personal Data
We take the confidentiality of our users’ personal information very seriously. We only share it as described here and with our subsidiaries or affiliates that either follow this Privacy Notice or adopt practices that offer at least the same level of protection.
We work with various third parties who help us deliver our Services to you. These parties need to have access to your personal data to help us provide our Services and meet our legal obligations. These third-party service providers help us with things like data analysis, marketing assistance, payment processing, content transmission, credit risk management, and identity verification. Rest assured that we only share your information with them after making sure that they have robust security measures in place to keep your data safe.
They have access to the personal information they need to do their jobs, but they can’t use it for anything else, and they must process it in line with this Privacy Notice and applicable data protection laws. The parties we share data with can include:
- Fraud monitoring and identity verification service providers
- Payment service providers
- IT and cybersecurity service providers
- Companies that offer services that complement our own
- Government agencies and regulatory authorities
- Any person or organisation you’ve given us permission to share with
- Other organisations that help us provide services to you
If there’s a corporate restructuring, merger, acquisition, or takeover, we may also need to share your details. We might also share your personal data with our marketing partners. This helps us with targeting, modelling, analytics, and advertising. Remember, you have the right to opt out of these marketing communications directly from the emails you receive.
We do not have a generic list of all the third parties we might share your data with because it depends on how you use our Services. But if you want more information about this, or a list specific to you, you can write to us at dpo@paymonande.tech.
Finally, suppose we need to comply with the law or our regulatory obligations, enforce our Terms of Use, or protect the rights, property, or safety of our Services, our users, or others. In that case, we might release your User Account and other personal information. This could involve exchanging information with other companies and organisations for fraud protection and credit risk reduction and with regulatory agencies and law enforcement to comply with lawful requests.
Cross-Border Transfers of Data
We might need to transfer and store your data outside the European Economic Area (EEA). It might also be processed by our staff or our business partners, or third-party service providers who are based outside the EEA. By giving us your personal data, you’re agreeing to this. We ensure these transfers comply with applicable data protection rules unless the destination country has been officially deemed to provide adequate protection. We will always take all reasonable steps to ensure that your data is treated securely and in line with this Privacy Notice.
Accessing Your Information
You are in control. You can access and change some of your personal details in your User Account.
Data Retention Period
We keep your personal data for as long as needed to allow you to use our Services. We retain it to fulfil the purposes outlined in this Privacy Notice and to comply with our legal requirements.
According to our legal obligations, we must keep copies of documents and information, including those obtained via electronic identification means, for 5 years after our business relationship with you ends. However, this period can be extended to 10 years if requested by our regulator.
Profiling and Automated Decision-Making
To ensure our customers enjoy exceptional service promptly and comply with legal obligations, we occasionally use profiling and automated decision-making. We may depend on automated decisions to:
- Determine if we can open a User Account based on factors such as your age, residency, nationality, financial status, and the results of anti-money laundering and sanctions checks
- Decide if we need to take action, such as freezing a transaction or User Account, due to suspicions of fraud or money laundering against us or our customer
- Assess whether our Services, or those of the providers we work with, are suitable for you so we can personalise our marketing
In all such cases, we offer you the chance to request human intervention. Plus, we take all reasonable measures to ensure your data is secure and apply pseudonymisation wherever possible.
Your Privacy Rights under GDPR
Based on your circumstances, there are several privacy rights that you may exercise regarding the use, storage, and processing of your personal data. Here is a brief outline of these rights:
i. Right to access: You can request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to verify that we are lawfully processing it.
ii. Right to rectification: You can request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may need to verify the accuracy of the new data you provide to us.
iii. Right to erasure (“right to be forgotten”): You can request the erasure of your personal data. This allows you to ask us to delete or remove personal data when there is no valid reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully, or where we are required to erase your personal data in compliance with local law. Please note, however, that we may not always be able to comply with your request for erasure due to specific legal reasons, which will be notified to you, if applicable, at the time of your request.
iv. Right to object to processing: You can object to the processing of your personal data when we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation which makes you want to object to the processing as you feel it impacts on your fundamental rights and freedoms. You also have the right to object when we are processing your personal data for direct marketing purposes. In some cases, we may show that we have compelling legitimate grounds to process your information, which overrides your rights and freedoms.
v. Right to restriction of processing: You can request a restriction on the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
vi. Right to data portability: You can request the transfer of your personal data to you or a third party. We will provide you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
vii. Right to withdraw consent: You can withdraw consent at any time when we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may be unable to provide you with certain Services. We will advise you if this is the case when you withdraw your consent.
Accessing or exercising any of the rights mentioned above comes at no cost. However, if your request is evidently unfounded, repetitive, or excessive, we might charge a reasonable fee. In some cases, we may refuse to comply with such requests.
For security reasons, we may need to request specific information from you to confirm your identity and ensure your right to access your personal data or exercise any other rights. This measure prevents personal data from being disclosed to someone without the right to receive it. We may also ask you for more information regarding your request to expedite our response.
We aim to respond to all legitimate requests within a month. Sometimes, it could take us longer than a month if your request is notably complex or if you’ve made several requests. If this happens, we will let you know and keep you updated.
Cookies
We use small files known as cookies, along with similar tools, to distinguish you from other users and provide a better experience. These tools enhance your user experience and allow us to understand how customers use our Services, which helps us improve.
You can set your cookie preferences, such as accepting or rejecting certain types of cookies, and you can change these preferences periodically after that. Additionally, you can change your preferences by altering your browser settings.
The cookie banner on your browser will guide you on accepting or refusing cookies. Please note that if you disable or refuse cookies, some parts of the functionality that we provide to you may not be available.
For more information about how we use cookies and how you can update your cookie preferences, please visit our Cookies Notice and our cookie preference centre.
Changes to Privacy Notice
If we make significant changes to this Notice, we will post the updated Notice on this web page and change the “Effective on” date. Make sure to frequently check our websites for recent changes. If you disagree with the updated content, please stop using the Services immediately. By continuing to use Services after an updated version of the Privacy Notice is released, you agree to abide by it. Unless stated otherwise, our current Privacy Notice applies to all the information we have about you and your User Account.
Raising Concerns
Prior to using our Services you must accept this Privacy Notice by clicking on a tick box and recognising that you have familiarised with it. If you have any questions or concerns about our data processing practices or this privacy notice, please write to us at dpo@paymonade.tech with a detailed description, and we will try to help you. We aim to respond promptly and address any queries you have.