Every day we make sure that the use of our stock exchange is comfortable and safe for you. For this reason, we provide you with important information about how the data collected during your registration and use of the stock exchange is used.
II. Who is the administrator and the inspector of your personal data
III. How and why we collect your data
IV. On what basis we process your data
V. What are the consequences of not providing us with your personal data
VI. Which of your data and how we share with other entities
VII. How long we keep your data
VIII. Your rights
XI. How we protect your data
- We assure you that we take special care to protect your personal data, and in particular we ensure that the data we collect is processed in accordance with the law, only for specified, legally permitted purposes and is not subjected to further processing contrary to these purposes. In addition, we care that the data collected by us is substantively correct and adequate in relation to the purposes for which it is processed and stored in a form that allows identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing.
- WHO IS THE ADMINISTRATOR AND THE INSPECTOR OF YOUR PERSONAL DATA
- The Administrator of your personal data is Needyex [further also referred to as the Administrator]
- You can contact the Administrator via mail sending a letter to the address provided above, via e-mail at [email protected] or sending a message in the tab “Contact” available on the Website.
- In order to take care of your data even effectively we also appointed a Data Protection Office to who you can turn with any questions or requests in all matters concerning your personal data. You can contact him/her at: [email protected]
III. HOW AND WHY WE COLLECT YOUR DATA
- When you use our exchange, we collect and process data that you provide to us directly when setting up and verifying your account on our Website (this is the data you enter on the forms provided by us and those contained in the documents sent to us) and those you generate using services offered by our Website (e.g. making purchase / sale transactions, placing sales offers, etc.).
- We need to collect such a wide range of information not only to be able to provide our services “technically”, but also to fulfil the binding legal provisions regarding the obligation to identify the client, to monitor, combat and assess the risks of fraud, money laundering, financing of terrorism. Therefore, if you do not provide the data requested during the registration and verification, or if the data proves to be false, or if you object to its processing, we will not be able to continue to provide you with our services.
- Due to the above-described obligations, in order to verify the accuracy of the data provided by you and to assess the risk of fraud, we also monitor your transaction history by analysing the course, volume, currency and type of transactions.
- If you express a wish to use additional services offered by us, we will process your data which we collected in order to provide them, in compliance with their description contained in the Regulations or provided to you separately. These services may include among others: newsletter, contests, sending information messages, etc.
- During your visit to our Website, certain data about your activity on the Website will be collected automatically. In this way, we collect and store information such as: your IP address, request URL, domain name, device ID, browser type, browser language, number of clicks, amount of time spent on individual pages, date and time of using the Website, type and version of the operating system, screen resolution, data collected in the server logs, and other similar information – to develop statistical data for the optimization of services rendered, including displaying content that complies with your preferences.
- When you contact us in order to perform various activities or obtain information (e.g. to submit a complaint) using the Website, telephone or e-mail, we will again require you to provide us with your personal data to confirm your identity and the possibility of return contact. This applies to the same personal information you previously provided. However, it may happen that due to the nature of your request, we will have to collect other data from you. Provision of the above data is not mandatory, but it is necessary to perform activities or obtain information that interests you. We will process the above-mentioned data in order to perform the actions requested by you or to provide you with the information that you requested – depending on which situation takes place.
- The services we offer are not intended for children under 16 years of age. For these reasons, we would like to inform you that if we find out that we have been provided with personal details of persons under 16 years of age, we will remove them without undue delay.
- ON WHAT BASIS WE PROCESS YOUR DATA
- your consent – in the scope resulting from this consent;
- an agreement concluded between us (regarding keeping an account on our Website, performing a purchase / sale transaction, settlements, sending a Newsletter, mailing) – in the scope necessary for its implementation;
- a legal obligation, i.e. an obligation arising from legal provisions – in the scope necessary to comply with the binding provisions;
- our legally legitimate interest (unless your interests or your fundamental rights and freedoms prevail over our interests).
- To the extent that the processing is made on the basis of your consent, the data you provide is used only for the purposes covered by your consent. On this basis, we will primarily carry out information and marketing campaigns. Remember that at any time you can change your mind and withdraw your consent – just send us an e-mail.
- We will also process your data to execute the agreement we entered into with you (primarily as a result of registration and acceptance of the Terms and Conditions for an account on our Website) to be able to properly provide you with the services you want.
- We will also have to process your data due to the need to comply with our legal obligations. These will be situations in which, for example, we must store data resulting from transactions made for tax and accounting reasons; as well as situations where we are obliged to verify and analyse your data (including your actions taken on the Website) in accordance with applicable anti-money laundering and terrorist financing regulations.
- Your personal data may also be processed if it is necessary upon request of an authorized law enforcement or regulatory authorities whose jurisdiction affects our operations.
- Based on our legitimate interest, we will process your data for the purpose of publishing ads of our goods and services, as well as for the purposes of claiming our rights and defending ourselves against claims, for evidentiary and archival purposes. On the same basis, we will also process your personal data collected automatically in the Website in order to ensure the security of the session, ensure quality of the session and provide all the functions of the Website. On this basis, we will also process your personal data for analytical purposes, which will involve the examination and analysis of traffic on our Website.
- WHAT ARE THE CONSEQUENCES OF NOT PROVIDING US WITH YOUR DATA
- In the case of registration and verification of an account, we process only the data without which the agreement concluded with you cannot be executed for “technical” reasons or for legal reasons. Not providing us with the required data will result in the fact that we will not be able to set up or keep your account, let alone carry out transactions within it.
- Giving us your consent to the processing of your personal data is voluntary. If you do not give us your consent (or withdraw it), then we will not take any actions that a given consent applies to.
- WHICH OF YOUR DATA AND HOW WE SHARE WITH OTHER ENTITIES
- Each time the transfer of your personal data is made to the extent specified by one of the grounds indicated in section IV above. It means that your data can be transferred to other entities, including among others to:
- send messages for which you have given your consent – this way we entrust your data to entities that send mailings and SMS messages;
- keep your account in accordance with the Regulations – on this basis, for example, your order to deposit or withdraw funds requires entrusting your data to the bank where your funds are;
- fulfil our legal obligations – on this basis, we provide elements of your accounting data to entities that perform authentication procedures for the documents you provided to us for identification, entities assessing the risks of financial fraud;
- carry out our legitimate interest – on this basis, we transfer some of your data, e.g. to Google, to collect statistical data on users’ traffic on our Website.
- We always transfer only data that is necessary to perform a given task or task and only for the time needed to complete them, nothing more than that.
- In compliance with the above, we share your personal data with:
- our authorized employees and associates to whom your personal details are disclosed so that they can perform their duties;
- entities to which we entrust the provision of services related to the processing of personal data to which we are entitled – for example, entities providing analytical services and opinion polls on the Internet, entities performing mailing campaigns, advertising agencies;
- entities that process your data for us – for example, our subcontractors, accountants, banks, tax advisors, law firms, courier companies, entities in the Compliance sector;
- public authorities, at their request, such as financial and tax supervision authorities, law enforcement bodies.
- Sharing your personal data we make sure that the entities we cooperate with ensure the implementation of technical and organizational measures to ensure proper security and protection of the transferred data and to process it in accordance with applicable regulations, including the provisions of the GDPR.
- Some of the entities providing services to us have servers located outside premises but in each case they are located in the countries within the European Union and in accordance with EU regulations they ensure proper protection of your data.
VII. HOW LONG WE STORE YOUR DATA
- The period of storage of your personal data is related to the purposes and the basis of its processing. This means that we store and process your data only as long as it is necessary for the purpose for which it was obtained.
- If the basis for processing your data is:
- your consent – this period lasts until you withdraw your consent or until the expiry of your consent (e.g. when the consent concerned a service that we no longer provide);
- the need to execute an agreement – this period lasts as long as the agreement applies;
- legal obligation – until the period required by law lasts;
- pursuit of a legitimate interest – until the interest persists.
- data provided for account registration on the Website will be stored for as long as your account will be kept – that is, until you do not cancel it or request it to be closed;
- data provided for the Newsletter or other mailing to be sent will be kept until your consent for their delivery is valid;
- if you gave consent to our other information activities about our offer – your data necessary for performing such activities will be kept until you withdraw your consent.
- Notwithstanding the foregoing, the storage of your data, to the extent that the regulations allow it, ends when you request it (as discussed in more details in Section VIII below).
- Due to the fact that our services are subject to, among others regulations of the European Parliament and Council Directive (EU) 2015/849 of 20 May 2015 on the prevention of the use of the financial system for money laundering or terrorist financing, we are obliged to keep it for at least five years from the end of our economic relations with you (i.e. from the final closing and settlement of the account), among others:
- copies of documents and information obtained in connection with the verification of your identity;
- copies of documents and information being the basis for assessing the risk of fraud in relation to your transactions;
- evidence confirming transaction and transaction records necessary to identify transactions.
- The periods of storage of your data required by law may change as the applicable provisions of the law are amended.
- After the indicated time periods expire, your personal data will be deleted or anonymized in a way that prevents the data from being attributed to you.
VIII. YOUR RIGHTS
- Due to the processing of your data by us, you have:
- the right to request access to your personal data – both the data you shared with us and which we are processing, as well as the data generated in the course of our cooperation (e.g. history of transactions);
- the right to request immediate correction of your personal data by us, if it is incorrect;
- the right to complete incomplete personal data, including through presentation of an additional statement (considering the purposes of processing);
- the right to immediately delete your data (“the right to be forgotten”); in such a case we will delete your data immediately (however, we will keep the data we must keep in compliance with the law);
- the right to request processing restrictions;
- the right to receive data you provided to us in a structured commonly used format suitable for machine reading and to send it to another administrator;
- the right to object to the processing of your personal data for the needs of direct marketing which causes that we will cease to process your data for the purposes of direct marketing;
- the right to object due to causes related to your particular situation, if your personal data is processed based on a legally justified interest. However, we will keep processing your personal data in the necessary scope if there is a particular justified reason for that for us – we will inform you about this in such a case;
- if the basis for the processing of your personal data is your consent, you will have the right to withdraw such consent at any time. Withdrawal of your consent does not affect compliance with the law of processing of your personal data by us carried our based on the consent before its withdrawal.
- You can submit a statement regarding the exercise of any of your rights in any form, but it will be the best for you to send us an email. We will send you, without undue delay, confirmation of the impact of your statement via e-mail.
- Withdrawing your consent or objecting to the processing of data, if you do not formulate any other objections, will affect all our services and Websites and the entities entrusted with the processing of your data.
- If you feel that the processing of your personal data by us violates the law, you can file a complaint to us first at [email protected] that deals with the protection of personal data.
- Profiling involves automated processing of personal data allowing the assessment of personal factors of a natural person, and in particular analysing or forecasting aspects related to the economic situation, personal preferences or interests, credibility or behaviour of the data subject.
- On our Website we process your personal data, including your activities on the Website, to assess the possibility of offering you our services. Our profiling boils down to two aspects:
- determining your preferences and needs in order to better adapt the Website to your needs;
- verifying the accuracy of the information provided by you and estimating the risk of money laundering or terrorist financing in order to fulfil the obligations imposed on us by the Directive of the European Parliament and of the Council (EU) No. 2015/849 of 20 May 2015.
- Based on our profiling, in accordance with our internal procedures for estimating the risk of money laundering or terrorist financing, we evaluate which transactions you have commissioned we can carry out, and what information we are forced to obtain from you to fulfil our obligations of due diligence in the prevention of fraud in accordance with the Directive referred to above. This process is carried out mostly automatically, however, our employees or external entities from the Compliance sector always supervise it.
- Cookies are small text information in the form of text files, sent by the server and saved on a device of the person visiting the Website (e.g. on the hard drive of the computer, laptop or on the smartphone’s memory card – depending on which device you use). Detailed information about cookies as well as the history of their creation can be found among others here.
- The Administrator may process data contained in Cookies when users use the Website for the following purposes:
- identification of users as logged in to the Website and showing that they are logged in;
- remembering data from completed forms, surveys or login data to the Website;
- adjusting the content of the Website to individual preferences of users (e.g. regarding colours, font size, page layout) and optimization of the use of the Website;
- keeping anonymous statistics presenting how the Website is used.
- As a standard, most web browsers available on the market accept cookies by default. Everyone has the possibility to define the terms of using cookies through their own browser’s settings. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the option of saving cookies – in the latter case, however, it may affect some of the Website’s functionalities (for example, it may not be possible to pass the sales offer path due the failure to remember data during the subsequent stapes of submitting offers).
- Detailed information on changing cookies settings and their removal in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the link):
- The Administrator also processes anonymized operational data related to the use of the Website (so-called logs, domain) to generate statistics helpful in administering the Website. For this purpose, we use services of third parties. Data processed by these entities is aggregate and anonymous, i.e. it does not contain features identifying visitors of the Website.
- HOW WE SECURE YOUR DATA
- We store, use and transfer your data in a manner that ensures its proper protection, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical and organizational measures.
- We have implemented a number of security measures to ensure that your information will not be lost, used or changed. Our data security measures include, among others: PCI scanning, encryption, pseudonymization, data backup, regular testing, measuring and assessing the effectiveness of security measures used, restrictions on access to internal data and strict physical controls of access to buildings and files.
- Access to data processed by us is carried out through an internal network, secured by our certificates and keys, thus excluding third party access “from outside” as well as “our” unauthorized persons.
- In order to secure your data, we have developed and are constantly improving our own original script that encrypts data.
- When we store your data on internal servers, we do it through entities that guarantee security of the infrastructure offered (PCI-DSS certification, ISO / IEC 27001 certification, SOC 1 TYPE II and SOC 2 TYPE II certificates, etc.), who have a good opinion, and their services are used by other entities processing personal data of special importance. For this reason, the servers used by us are located in several places.
- Regardless of the above, please remember that it is impossible to guarantee 100% secure data transmission over the Internet or electronic data storage methods. Therefore, we ask that you also take reasonable precautions to protect your personal data. If you suspect that your personal information has been compromised, in particular the account or password information has been disclosed, contact us immediately.