The privacy of our Users and security of their data are top priority for us. For this reason, we make every effort to apply effective protection measures that guarantee the confidentiality, integrity and availability of the information processed. In addition, another element that is of importance to us is the transparency of our processes - you have the right, as a data subject, to know the purpose and way we process your personal information.
This document presents the types of personal data processing activities that can be carried out within the scope of our services and identifies the procedure. However, if you do not find all the answers to your questions, you can always contact our Data Protection Officers (DPOs) appropriate to the company which services you use: [email protected] for Cinkciarz.pl Sp. z o.o., [email protected] for Conotoxia Sp. z o.o. and [email protected] for Currency Lending Sp. z o.o.
Who is the controller of your personal data?
The controller of the services available at Conotoxia.com depends on which service is being used. The services and their controllers are listed below:
- Currency exchange - Cinkciarz.pl Sp. z o.o. with its registered seat in Zielona Gora at ul. Sienkiewicza 9
- Money transfers and multi-currency cards - Conotoxia Sp. z o.o. with its registered office in Zielona Gora at ul. Sienkiewicza 9
- Online store Cinkciarz.pl - Cinkciarz.pl Marketing Sp. z o.o. Sp. k. with its registered office in Zielona Gora at u. Sienkiewicza 9
- Forex trading - Conotoxia, Ltd. with its registered office in Chrysorroiatissi 11, 3032 Limassol, Cyprus
- Currency loans – Currency Lending Sp. z o.o. with its registered office in Zielona Gora at ul. Sienkiewicza 9
- Other services available at Conotoxia.com - another company offering services on the Conotoxia.com online platform
The Companies mentioned above cooperate with each other as entities offering complementary services. The cooperation within the group enables the use of the full potential of the individual Companies' resources and thereby offers Users a wide range of financial services. Therefore, as part of certain processing activities, the Companies share personal data (only with your consent) and entrust themselves with the processing of personal data or co-collecting the data.
Cinkciarz.pl as a Web Portal executive may also function as a Processor Entity, which on behalf of other Data Controllers, maintains the ICT infrastructure used for the implementation of individual Services.
How do we process your personal data?
Personal data are any information that can identify a person, such as his or her name, phone number, email address. In the case of legal persons, the data also include information about the members of the management board representing the entity, details on the proxies, and data on employees who are the contact persons.
We are obligated to protect the personal data processed. We carefully select and apply the appropriate security measures adequate to the identified risks. Detailed information is available here.
Our group is obliged to use the personal data in accordance with the applicable data protection legislation - in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Act of 10 May 2018 on the protection of personal data and special provisions. At the same time, we guarantee that the data will be processed in accordance with the purpose for which they were transferred to us, and if their processing is based on voluntary consent, it is possible to withdraw it at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal.
- What information is collected and how is it processed?
- How long are the personal data stored?
- What is the legal basis for the processing of personal data?
- Are the personal data shared with others?
- What are your rights with respect to the personal data you provide?
What information is collected and how is it processed?
Providing personal data for the purposes of using our services is voluntary, with the exception of cases where the obligation to provide such data is subject to the applicable law. However, the submission of data is necessary in order to execute some of our services.
Your personal data are collected directly from you - this is the information you provide in order to use our services. In order to open an Account, you must provide (a) your User Name (email), (b) your password and (c) your country of residence. We need this information to allow you to use your Account. Your Account Password is encrypted and you are required to protect your Account login details from unauthorized access by third parties.
We may use certain personal data to profile you in order to quickly and effectively detect a specific crime and the person who committed it. As a result of such profiling, potentially non-compliant money laundering or terrorist financing conduct is identified. If suspicion of money laundering or terrorist financing is detected, the transaction is reported to the appropriate government authorities or execution of said transaction may be refused. As a result of such a statement, the execution of a contract with the User may also be rejected in the future.
The processing of your personal data is carried out in order to identify you as well as to identify beneficial owners within the meaning of the counteracting money laundering and terrorist financing laws, to monitor our business relationship on an ongoing basis and to investigate the source of wealth. In addition, on the basis of the information obtained from you, we determine the purpose and nature of your business relationship and perform any other activities required by anti-money laundering and anti-terrorist financing laws, in particular, we determine that the first payment to our bank account has been made through your bank account via a financial services provider, where the payer’s details are consistent with the information provided by you.
The counteracting of money laundering and terrorist financing laws allow us to supplement your personal data - we need to be sure of your identity whenever we provide our services to you. In addition, we ask you to provide us with personal data concerning other parties. This applies, for example, when you are a co-owner of a bank account or when you define the bank account of a person to whom we make a transfer. We are committed to protecting the processing of third party data submitted to us in the course of providing the services to you as much as we are committed to protecting your data. Remember that the application of your personal data rights must not negatively affect the rights and freedom of others, including those who you have provided us with. We process your personal data when you contact us, e.g. through the User Service section. This includes information necessary for communicating with you, including answering any questions or concerns you may have. For this purpose, we use the data you have provided in your Account. The scope of data processing shall be limited solely to the information required to provide support.
Your personal data are used to:
- fulfil our obligations under agreements between us and you
- provide specific services and their functionality
- provide information regarding the status of the executed services
- implement financial and other security measures resulting, among others, from the Act on Counteracting Money Laundering and Financing Terrorism
- provide support during the term on which the services are provided by the Customer Care Department, as well as solve technical problems and other issues through the contact form
- contact you, including providing information about changes in our Terms and Conditions and Policies
- electronically send information about Exchange Rates
- sell and support of Multi-currency Cards
- consider complaints regarding the services
- ensure the security of the offered services, including the execution of the Terms and Conditions and counteracting fraud and abuse
- conduct court proceedings and other legal actions, in case of possible claims
- settle accounts for the services
In order to use the lending service Cinkciarz.pl Sp. z o.o. provides your data to Currency Lending Sp. z o.o., which will be the controller of your personal data. Provision of personal data for the Services is voluntary, except for cases where the obligation results from binding legal regulations. Nevertheless, providing data is necessary for the performance of the Services.
Your data are used for the following purposes:
- to undertake, at your request, actions aimed at executing the contract, including any preparatory actions preceding the conclusion of the contract;
- creditworthiness assessment and credit risk analysis based on information collected from data sets of credit and business information offices in connection with the Act of 12 May 2011 on Consumer Credit and the Act of 29 August 1997 on Banking Law;
- automatic processing based on automated decision-making, including automatic creditworthiness assessment;
- credit risk management and credit risk analysis, on termination of the contract, in accordance with Article 6(1)(a) of GDPR;
- fulfil legal obligations in accordance with the legal provisions governing the conduct of business by lending institutions, and in order to comply with requirements imposed by decisions or laws issued by the authorised bodies, institutions or courts, as well as by instructions or recommendations issued by public agencies or institutions in accordance with Article 6(1)(c) of the GDPR;
- providing the Service, including information about the status of the Service, communication with you, as well as information about changes to our Terms and Conditions and Policies, settlement of the Service;
- performing legal obligations under the tax, accounting or anti-money laundering and anti-terrorist financing laws;
- providing support during the provision of the Service by the Customer Care Department, as well as solving technical problems and other issues through the contact form;
- conducting direct marketing based on your voluntary consent, pursuant to Article 172 of the Act of 16 July 2004 on Telecommunications Law and the Act of 18 July 2002 on the provision of services by electronic means;
- consideration of complaints regarding the Services performed;
- ensuring the security of the Services, including the enforcement of the Terms and Conditions and the prevention of any fraud or misuse;
- conducting judicial and other proceedings in case of potential claims;
- conducting management and statistical analyses, market trends research and reporting for internal needs of the organization.
We are obliged to assess your creditworthiness on the receipt of your loan application. This assessment is made based on information provided by you, your personal data and information collected from third parties within the scope of the creditworthiness review policy adopted by the Company. We ensure that you act in good faith and evaluate your creditworthiness in an automated manner to determine eligibility to lend you money, amount and terms. The outcome of the processing may be an automatic refusal to contract, and you are entitled to express your opinion on the decision and question it.
As an institution obliged to apply the provisions of the Act on Counteracting Money Laundering and Terrorist Financing, we must submit reports to the relevant supervisory authorities, including the General Inspector of Financial Information. As a loan institution, we are required to assess your creditworthiness and may therefore share your data with credit and business offices, as well as with operators of information exchange systems or participants in systems for exchanging information about customers or potential customers of loan institutions, in order to obtain information and business data, verify your creditworthiness and analyze credit risk. We also provide your personal data to the payment institution Conotoxia Sp. z. o.o., which withdraws money on our behalf to your payment account and, in case of your voluntary consent, enables you to repay the loan to our payment account. Your data are also available to the banks executing the ordered transactions.
If you are interested in working for our Companies, you can submit your application directly at https://praca.cinkciarz.pl by email or in paper form. Detailed information on the processing of personal data in the recruitment process is available at https://praca.cinkciarz.pl/gdpr
If you have consented to receiving marketing information, we process your personal data in order to present offers concerning the Services provided within the platform. Offers will be sent to you until your consent is withdrawn, which you can do yourself by changing your Account settings or by contacting our Customer Care Department. We collect your data directly from you and in the framework of our partner relations with entities providing business information. These are entities to which you provide data on the basis of your own decision, we do not have control over the processing of personal data by the entities mentioned above.
If you want to be informed about our specific product or service that is being implemented, your data will be processed based on a voluntary consent given by providing your email address. We will delete your data immediately after sending you the requested information. If you change your mind, you have the right to withdraw your consent at any time by contacting our Customer Care Department.
We are committed to improving marketing activities, including tailoring content to your interests in the form of personalising offers or advertising services but only on the basis of data that does not have the status of personal information. Please also be aware that we do not make automated decisions as part of our marketing processes that may affect your legal situation or could otherwise have a material impact on you. We process aggregated data that is not personal data to determine the volume or frequency of transactions, which allows us to continuously improve our offer.
Your personal data are also collected when you contact us via the available channels, including the contact form and the form used for reporting situations that you believe to be fraudulent, i.e. a financial crime. The data collected includes, among others, your name and email address. We process your data for purposes directly related to the operation, correct execution of our services and due to the applicable legal requirements that oblige us to prevent various violations of the law. By sending us a message, you consent to the processing of your personal data contained in the message. You can withdraw your consent at any time by contacting our Customer Care department. We store information about you for the time necessary to fulfil your request.
The processing of your personal data also takes place when you subscribe to our Newsletter. The legal basis of the processing of personal data, in this case, is your consent, expressed by subscribing to the Newsletter and providing us with your email address. Submission of personal data and consent is voluntary. At any time you can unsubscribe from the Newsletter and withdraw your consent to the processing of personal data through the deactivation link received in the content of the Newsletter. Removal from the list of subscribers will be carried out immediately.
Competitions and promotions
Occasionally, as part of our marketing activities, we hold competitions, raffles and promotions. If you want to take part in them, we will ask you to provide us with the data necessary to carry out a given action, current communication, as well as possible notification of a prize and financial settlement (in the case of a prize transfer). The basis for processing your personal data is voluntary consent and tax regulations in case of awarding the prize. We will process your data for the period necessary to execute the purpose of processing, subject to any obligations indicated in tax regulations.
If the action is carried out in cooperation with business partners to whom your personal data will be transferred, you will be informed about this fact in the applicable Terms and Conditions.
Cookies and activity tracking
Cinkciarz.pl eStore offers a wide range of digital products such as ebooks, top-up codes, subscriptions and other digital content; our company gadgets and other products. Therefore, we may process your personal data necessary to execute the order, its delivery, settle a possible complaint as well as to operate the account in the system for the period resulting from the applicable legal regulations, such as the statute of limitations for claims under the Civil Code, or, if a VAT invoice is issued, for the period resulting from the regulations on tax documentation.
To carry out the order, and in particular to deliver the ordered products, your data may be made available to the entities carrying out the delivery (only to the extent necessary to carry out the delivery).
Details of the store's activity can be found in its Terms and Conditions.
As part of the service, you can analyse your currency exchange transactions. A report determining potential profits, if you use our service, will be sent to the email address indicated by you. The processing of personal data will be based on your voluntary consent. Additionally, if you are interested in receiving a dedicated offer, you may also agree to the provision of commercial information. You can withdraw your consent at any time by contacting our Customer Care Department. In both cases, we will keep your personal data until the processing purpose is completed.
This service enables you to use multi-currency cards. All information on the processing of personal data in this area can be found in the Terms and Conditions of issuing and using payment cards.
Establishing business relations
In case of establishing business relations with legal persons, we process personal data of the members of the management board representing the legal person, data of legal persons' proxies, as well as data of employees who are contact persons of the legal person. These data are processed solely for the purpose:
- conclusion and fulfilment of an agreement between the Company, being a Party to the agreement, and a legal person - the legal basis is the legitimate interest of the Company,
- the Controller's fulfilment of legal obligations imposed on the Company in connection with its business - the legal basis for data processing is the prerequisite to fulfil the legal obligation imposed on the Controller under anti-money laundering and anti-terrorist financing regulations, tax laws and accounting regulations,
- pursuing possible claims related to the agreement concluded between the Company and a legal person - the legal basis for data processing is the necessity of the processing in order to pursue the Company's legitimate interest, which is the possibility to raise claims,
- the pursuit of other legitimate interests of the Company, namely, the prevention of fraud and economic crime.
Personal data are stored for the period necessary to fulfil the aforementioned purposes of the processing, in particular: within the scope of agreement fulfilment for the time of its completion, and then in the legally justified interest of securing possible claims, or until the expiry of the obligation to store data resulting from legal regulations. These provisions may concern, in particular, the obligation to preserve accounting documents relating to the agreement and the necessity to preserve the data pursuant to anti-money laundering and anti-terrorist financing regulations.
The provision of data is a statutory requirement, to the extent specified in the provisions referred to above. Providing personal data is also necessary for the conclusion and performance of the contract.
How long do we store the personal data?
All personal data obtained by us are stored on our servers or on those of our affiliates. We use appropriate technical and organizational security measures to protect your personal data against unauthorized or unlawful processing, accidental loss, damage or destruction. The entities cooperating with us are also obliged to manage the data in accordance with the security and privacy requirements adopted by us.
We assure you that if we do not need your personal data in order to provide the services or for other reasons, such data will be immediately erased or anonymized.
Legal grounds for processing personal data?
We process the personal information to allow you to use our services, which can be defined as a requirement to perform our service agreement. We process the data as it is necessary to comply with our legal obligations. In addition, we rely on legitimate interests, by which we refer to information about the services offered by the online platform as well as taking care of the safety of their provision, and the identification, investigation or protection of claims. In other cases, data processing is done on the grounds of your voluntary consent, which can be withdrawn at any time. This will not undermine the legality of processing based on the consent given before withdrawal. This applies, for example, to the transmission of commercial information or recruitment processes beyond the scope of the provisions of the labour law.
Do we disclose personal data to others?
The Controller who manages the data has access to it. This is the entity providing the Services you use. Please be informed that we are constantly expanding our offer. Therefore, the list of processors to whom we share your personal data is expanding. However, each time you are asked whether you agree. Your personal data will only be transferred when you decide to use the service. We assure you that the data are only disclosed to the extent necessary to provide a particular service. Due to the disclosure of personal data to entities performing appropriate Services, they become independent data Controllers.
The recipient of the data may be entities with whom we cooperate in order to support our activity, in particular entities carrying out transactions ordered, as well as authorities entitled to receive them under the provisions of law. We also use the services of entities that provide us with tools that improve our work, in particular for internal communication and internal data sharing, as well as marketing tools and more efficient electronic communication management.
As an institution obliged to apply anti-money laundering and anti-terrorist financing regulations, we are obligated to submit reports to relevant supervisory authorities, including the Chief Inspector of Financial Information, who, as a government administration entity, controls compliance with the aforementioned regulations. Reports are generated and transmitted automatically by our software. We also cooperate with entities providing analytical services aimed at counteracting fraud and abuse in order to ensure the security of payment execution. Additionally, our company uses the professional services of legal, tax, accounting and auditing specialists. Moreover, data are disclosed to banks, which provide execution of ordered transactions.
We are also obliged to maintain security measures. Therefore, we may also disclose your personal data to the police or other authorities, especially if you are involved in a suspicious transaction or if your activity indicates a high risk of money laundering or other criminal activity.
Please be informed that if you use the online forms available on this website, we will make a request via the reCAPTCHA plugin which will include sending you your IP address and any other data required by Google LLC.
Personal data may be transferred to entities with which we cooperate when providing our services, i.e. recipients located in countries outside the European Economic Area for which the European Commission has found an adequate level of protection, as well as recipients for which the European Commission has not established an adequate level of protection, provided that in such a case the data are transferred pursuant to standard data protection clauses.
Recipients located in countries outside the European Economic Area have implemented and maintain adequate safeguards for the personal data processed.
At any time, you have the right to object to the processing of your data where the data collected are processed by our legitimate interest. You can do this by sending an email to [email protected] or [email protected] or by contacting our Customer Care Department. You also have the right to withdraw your consent (if the processing of your personal data was based on consent). You can do this by changing your settings in the Notification settings tab, by unsubscribing in messages you receive from us or by contacting our Customer Care Department. Other ways of withdrawing consent to the processing of personal data have been indicated in this document when describing particular processing activities. In any case, you may withdraw your consent at any time.
You have the right to access your data, rectify them, obtain a processing restriction and request for them to be forgotten. Moreover, you have the right to data portability and erasure of your data. You can claim these rights by contacting us directly via the User Panel or at [email protected] or [email protected]. In addition, you can lodge a complaint with the Data Protection Authority.