The controller of your personal data is Currency One SA, Szyperska 14, 61-754 Poznań, the operator of InternetowyKantor.pl. The provision of such data is voluntary; however, failure to do so results in the inability to use the currency exchange service.
The Data Protection Officer is Olga Ograbisz.
In case of any doubt, or if you wish to exercise your rights, do not hesitate to contact our Data Protection Officer at iod@currency-one.com.
We take special care to protect interests of data subjects. We ensure that the data we collect is:
All data provided to Currency One S.A. by the User while registering on the Website, as well as at further stages of using the services available therein, is necessary for the provision of such services and the performance of the agreement.
The Controller points out that, in connection with the Act of 7 July 2023 amending certain laws to mitigate certain effects of identity theft, it is obliged to verify the User’s PESEL number in the national register – Rejestr zastrzeżeń numerów PESEL Ministerstwa Cyfryzacji – (reservations of PESEL numbers do not affect the possibility of registration and currency exchange on the website).
We do not sell your personal data; neither do we share your personal data with other categories of entities apart from the ones indicated in the tables below (“who is the recipient of your personal data?”). Your data will not be transferred outside of the European Economic Area, with the exception of the use of the messenger function on the website, which provides a call-back function with a potential commercial offer; in this case, your data will be transferred to countries outside of the European Economic Area, i.e.: to the United States based on a Decision of the European Commission stating the adequate level of personal data protection provided by the “EU-US Data Privacy Framework” – data will only be transferred to entities certified within the framework of the said decision, which obliges them to adequately secure your personal data. Your data is not transferred to international organisations for any business purposes.
IPersonal data may be transferred outside the European Economic Area (EEA). Data transfer, depending on the type of entity, will be based on the Legal Framework for Data Protection approved by the European Commission or standard contractual clauses (as applicable). The transfer outside the EEA referred to above is primarily related to the Administrator’s use of a tool for customer verification resulting from the provisions of the law on counteracting money laundering and terrorism financing and may be related to the implementation by the Administrator of additional services related to cooperation with external entities, including banks, which enable, among others, currency exchange into local currencies and sending funds.
We process personal data received directly from you (e.g. as part of the registration form) as well as from public registers, for instance KRS (National Court Register), CEiDG (Central Registration and Information on Business).
All the following purposes are fulfilled pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
We process your data for the following purposes:
Actions arising from the provision of the service or required to take action at the request of the data subject before entering into a contract. GDPR Article 6 (1)(b) |
|
Actions taken by the Data Controller | Detailed information |
Provision of services by the Data Controller | Who is the recipient of the your data?
banks, financial institutions supporting the provision of the service, providers of communication tools (e.g. chat, SMS, phone calls) How long do we process your data? Until the termination of the contract or until the fulfilment of the legitimate interests of the Controller, which interests form the basis of this processing. |
Handling complaints, claims and notifications | |
Resolving technical issues | |
Contact for purposes related to service provision |
Measures arising from legal provisions GDPR Article 6 (1)(c) and (e) | |
The fulfilment of legal obligations imposed on the Controller and prevention of actions to the detriment of Clients or the Controller, arising, among others, from the Polish Acts: on the provision of electronic services, on payment services and on the prevention of money laundering and terrorist financing. | Who is the recipient of the your data?
Entities eligible to obtain your data based on applicable law (e.g. courts or public administration) and the economic information bureau. How long do we process your data? Until the Controller has complied with the obligations set out in various legal provisions. |
Actions performed on the basis of the legitimate interest of the Controller GDPR Article 6 (1)(f) | |
Actions taken by the Data Controller | Detailed information |
Ensuring the security of clients (security of transactions, use of the original mobile app) | Who is the recipient of the your data?
Subcontractors of services (e.g. couriers, marketing tool providers), communication tool providers (e.g. chat, SMS, phone calls) How long do we process your data? Until lodging an objection, should relevant provisions apply, or in accordance with the applicable law. |
To conduct direct marketing campaigns (e.g. sending greetings, gifts, souvenirs) | |
To conduct surveys, customer satisfaction surveys, analysis of service activities | |
To inform you about changes to the services or the functioning of the website (without requiring changes to the rules and regulations) | |
To handle requests and notifications to the Controller not directly related to service provision | |
Defence against and assertion of claims | |
Debt collection, court proceedings |
Actions based on the data subject’s consent GDPR Article 6 1 lit. a | |
Sending commercial information and additional information supporting the use of the website (e.g. currency alerts) by e-mail or telecommunications terminal tools (SMS) | Who is the recipient of the your data?
Subcontractors of services (e.g. couriers, media houses, marketing tool providers) How long do we process your data? Until you withdraw your consent or until you receive additional information. If additional information supporting the use of the website is sent (e.g. currency alerts), the possibility of withdrawing consent is available by contacting the Customer Service Office |
Be advised that your personal data and behaviour on the website are processed by automated means in order for us to carry out statistical analyses for the Controller’s internal purposes, including product development, as well as for the purposes of monitoring and preventing financial fraud and ensuring the security and reliability of the services provided by the Controller.
The only cases in which your personal data may be shared, in addition to the ones described above, are those in which such sharing is necessary to fulfil legal obligations.
You have the right to access and correct the content of your personal data. We would also like to inform you that anti-money laundering regulations as well as the ones related to the Financial Supervisory Commission make it incumbent upon us to keep certain operations confidential and this obligation overrides your right to access your data.
If you find yourself in a particular situation that makes our continued processing of your data jeopardise your privacy, you may notify us and request that we cease or restrict such processing.
You have the right to request us to send your data to another entity, in a form that the recipient can process freely.
Do note that you may revoke your consents at any time by logging into your account and selecting the appropriate option. Your withdrawal of consent does not affect the lawfulness of the processing conducted on the basis of your consent prior to the withdrawal. In the case of additional information supporting the use of the website (e.g. currency alerts) or granting consent without having an account – the possibility of withdrawing consent is available by contacting the Customer Service Office.
You have the right to have your data deleted in cases provided for by law.
We would like to inform you that you also have the right to lodge a complaint with the supervisory authority. This is currently the President of the Personal Data Protection Office.
The InternetowyKantor.pl Website uses information recorded by means of “Cookies,” i.e. computer data stored in the Users’ end devices for the use of the websites. These cookies allow the website to recognise the user’s device and display a website tailored to individual preferences accordingly.
Cookies contain the name of the domain from which they originate, their “expiry time,” an individual random number identifying the cookie and the public IP address of the device you are using.
The InternetowyKantor.pl Website uses Cookies, including in particular your IP address for:
The storage time for Cookies strictly depends on the type of file:
The website uses Google Analytics – detailed information on how Google uses the data collected from our partners’ websites and applications is available at: www.google.com/policies/privacy/partners