EN
DE EN HE ZH
EN
DE EN HE ZH

Privacy Policy

Last Updated: 24.10.2024

INTRODUCTION

SVV Poland Sp. z o.o. (“BTC Bank”, “we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website [btcbnk.io, «Website»] and related services.

This information has been prepared taking into account the GDPR, i.e. the general regulation on data protection.

SVV Poland Sp. z o.o. with registration number 0000972216, registered in Poland at the address: Zurawia str. 47/49, office 118, Warsaw, Poland, 00-680.

DATA CONTROLLER

SVV Poland Sp. z o.o. will be the “data controller” or “controller” in relation to any personal data provided to us directly via email, phone, chatbot, and post or via the Services, including the Website, or any other available communication channel offered by SVV Poland Sp. z o.o. to you. This means that we are responsible for deciding how we will hold and use personal data about you.

By using or navigating the Website and the Services, you acknowledge that you have read, understand, and agree to be bound by this Privacy Policy. You should not provide us with any of your data or use the Website or Services if you do not agree with the terms of this Privacy Policy. This Privacy Notice is incorporated into our Terms of Use.

We encourage you to review and check the Services, including the Website regularly for any updates to this Privacy Policy. We will publish the updated version on the Website and by continuing to deal with us, you accept this Privacy Policy as it applies from time to time.

Persons under the age of 16 cannot provide any personal information through our Website, Services, social media account. If you are a person below the age of 16, before submitting personal information, you must obtain the consent of your parents or other legal guardians.

DATA PROTECTION PRINCIPLES

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is any information about you that enables us to identify you or the beneficiary of your transaction with us, either directly or indirectly. Personal data covers information such as your name and contact details, but also information such as identification numbers, electronic location data, and other online identifiers.

We are committed to complying with applicable data protection laws and will ensure that personal data is:

• Used lawfully, fairly and in a transparent way;

• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;

• Relevant to the purposes we have told you about and limited only to those purposes;

• Accurate and kept up to date;

• Kept only as long as necessary for the purposes we have told you about;

• Kept securely.

WHAT PERSONAL DATA WE COLLECT ABOUT YOU

We only collect the most relevant, proportionate for each purpose and strictly necessary personal data from you in the course of our business when you access, visit or use our Services. We collect data that is:

• necessary to provide our services to you, such as when you sign-up and open an account with us, when we carry out the necessary KYC checks, and when you use our Services;

• information about your use of the Services;

• The personal information that we collect, and process may include:

• Data that have to do with your identity and your personal and contact information, such as your first name, last name, phone number

• Data connected to your account with us, such as your username and password

• Payment information – such as details of any transactions carried out using any of the Services, bank account number, e-wallet information, details about payments and transfers made using the Services.

• Transaction Data: Details of crypto exchanges, purchase history, and amounts.

• Technical Data: IP address, browser type, and access times.

HOW WE COLLECT YOUR PERSONAL DATA

We collect your data in various ways. These include the following:

• We may collect data that you provide directly.

Typically, this will happen when you register or sign-up with us, where you create an account with us, when you fill in any application form, when you subscribe to our newsletter, when you participate in surveys, when you send us an email, when you sign a contract with us

• We may collect data about you automatically.

When you use our Services, including when you interact with our website without logging in your account, we will automatically collect technical-related data about you, your equipment, browsing actions and patterns.

Every time you use or access the Services, and our website, data is collected. This data is stored in log files on the server and can include, the temporary storage of data and log files. The IP address is temporarily stored in the system as it is necessary to provide website access to your computer or other device. The IP address is retained while that website is being accessed. These log files are stored to ensure website functionality, optimize the content of our website, and ensure the security of our IT system.

Typically, automatic collection of data will happen when you browse and use our Services and Website, social media pages, (usually with the use of cookies and other similar tracking technologies).

• We may acquire information about you from third parties.

We do this where we are permitted by law. This may be the information provided by our partners, marketing agencies, your public profile information such as in social media platforms, like LinkedIn, Facebook, Twitter, Instagram). We may associate the information we receive about you from yourself, public and commercial sources with other information we receive from you or about you.

These are the typical ways in which we collect data about you. We may collect data about you in other cases that are not covered by this Privacy Policy or using other methods not covered by this Policy. If this happens, we will inform you additionally.

HOW WE USE YOUR PERSONAL DATA AND BASIS FOR SUCH USE

We will use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• When we have your consent,

• Where we need to perform the contract we are about to enter into or have entered into with you.

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

• When processing cryptocurrency transactions.

• When providing you with access to your account and services.

• Where we need to comply with legal obligations (AML and KYC procedures).

• When sending you updates and promotions (with your consent).

We do not generally rely on consent to process your personal data. We rely on other grounds for processing. We only rely on consent where this is required by law or where we consider that processing data is necessary, and we cannot rely on other grounds.

PURPOSES AND BASES FOR PROCESSING

In general, we may use your personal data to carry out, provide, fix, and improve our Services, develop new Services, and market our Services.

We reserve the right to offer you supplemental documents to this privacy policy that will describe the ways in which we process your personal data.

Your personal data is processed under the following legal bases:

Performance of a contract (e.g., cryptocurrency exchange services).

Compliance with legal obligations (AML and KYC laws).

CHANGE OF PURPOSE

We will use your personal data for the purposes for which we collect it or where we reasonably consider that we need to use it for another reason only if this reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

HOW LONG WE KEEP YOUR PERSONAL DATA

Personal data is used for different purposes, and is subject to different standards and regulations. In general, personal data is retained for as long as necessary to provide you with services you request, to comply with applicable legal obligations, particularly related to Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT), accounting or reporting requirements, and to ensure that you have a reasonable opportunity to access the personal data.

To determine the appropriate retention period for personal data, we consider the applicable legal requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means. For example,

• we will retain your personal data if we are required to comply with legal and regulatory obligations, compliance procedures and legal limitation periods. We will retain your personal data for a period after closure of your account with us or the last transaction we carried out for you. (Legal requirements)

• Personal data provided to us for marketing purposes may be retained until you opt out or until we become aware the data is inaccurate.

WHO WE SHARE YOUR PERSONAL INFORMATION WITH

We may disclose your information to our employees and agents.

We may also disclose your information to third parties, such as:

• Service Providers who provide services to us as we request them, such as IT and system administration services, cloud storage service providers, fraud detection, customer support, remote ID verification providers, strong customer authentication, e-signature providers,

• Companies that assist in payment transactions such as financial institutions, like banks, payment service providers like electronic money and payment institutions, international payment service organizations like SWIFT and TARGET 2.

• Relevant business partners, like banking partners and intermediaries, international payments services provider, as well as card manufacturing/personalisation and delivery companies, fraud and risk mitigation service provider.

• Professional advisers including lawyers, auditors, and insurers who provide relevant services,

• Governmental agencies or entities, regulatory authorities, or other persons in line with applicable rules, orders, subpoenas, official requests, or similar processes as either required or permitted by applicable law.

• Advertising networks that help organise competitions and promotions, to support and display ads on our Website, apps and other social media tools.

• Third party service providers to assist us with client insight analytics, such as Google Analytics. Please note the following:

• This list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide our services as effectively as we can.

• We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

HOW WE PROTECT YOUR PERSONAL DATA

We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use, disclosure, alteration or destruction consistent with the applicable data protection laws and the EU General Data Protection Regulation. We have also implemented appropriate information security policies, rules and technical measures to secure your personal information collected by us. Your personal information is saved in an encrypted form.

All of our partners, employees, consultants, workers and data processors (i.e. those who process your personal information on our behalf,), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information, keep it secure and protect it.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

You have the following rights in relation to the personal data we hold about you. Please note that some of these rights will only apply in certain circumstances and some of them may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of confidentiality obligations.

• Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it;

• Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected;

• Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;

• Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it;

• Transfer: you may us to help you request the transfer certain of your personal data to another party;

• Objection: where we are processing your personal data based on legitimate interests (or those of a third party) and you may challenge this. However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;

• Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.

• Consent: where we are processing personal data with consent, you can withdraw your consent.

If you want to exercise any of these rights, please contact us at [email protected]

Please note that you also have a right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Poland, which is the competent authority.

CHANGES TO THIS POLICY

We may make changes to this Privacy Policy from time to time. To ensure that you are always aware of how we use your personal data we will update this Privacy Policy from time to time to reflect any changes to our use of your personal data. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We will notify you by email of any significant changes. However, we encourage you to review this Privacy Policy periodically to be informed of how we use your personal data.

JURISDICTION

We adhere to Polish and European Union regulations concerning data protection. Any legal disputes will be governed by the laws of Poland.

CONTACT

You may contact our Data Protection Officer by email at: [email protected]