Homepage > Privacy policy

Privacy policy

General information

Who is the data controller

The controller of personal data is Currency One SA, ul. Szyperska 14, 61-754 Poznań, operator of the Walutomat.pl website.

Data Protection Officer is Olga Ograbisz.

Contact details

In case of any doubt, or if you wish to exercise your rights, do not hesitate to contact our Data Protection Officer at: iod@currency-one.com.

Data Protection

Protection of Client’s details

We take special care to protect interests of data subjects. We ensure that the data we collect is:

All data provided to Currency One S.A. by the User while registering on the Website, as well as at further stages of using the services available therein, is necessary for the provision of such services and the performance of the agreement.

The Controller points out that, in connection with the Act of 7 July 2023 amending certain laws to mitigate certain effects of identity theft, it is obliged to verify the User's PESEL number in the national register - Rejestr zastrzeżeń numerów PESEL Ministerstwa Cyfryzacji - (reservations of PESEL numbers do not affect the possibility of registration and currency exchange on the website).

We do not sell data

We do not sell your personal data; neither do we share your personal data with other categories of entities apart from the ones indicated in the tables below ("who is the recipient of your personal data?"). Your data will not be transferred outside of the European Economic Area, with the exception of the use of the messenger function on the website, which provides a call-back function with a potential commercial offer; in this case, your data will be transferred to countries outside of the European Economic Area, i.e.: to the United States based on a Decision of the European Commission stating the adequate level of personal data protection provided by the "EU-US Data Privacy Framework" – data will only be transferred to entities certified within the framework of the said decision, which obliges them to adequately secure your personal data. Your data is not transferred to international organisations for any business purposes.

Purpose and scope of data collection and legal basis for such activities

Data acquisition

We process personal data received directly from you (e.g. as part of the registration form) as well as from public registers, for instance KRS (National Court Register), CEiDG (Central Registration and Information on Business).

Purpose and legal basis of data collection

All the following purposes are fulfilled pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

We process your data for the following purposes:

Actions arising from the provision of the service or required to take action at the request of the data subject before entering into a contract. GDPR Article 6(1)(b)

Actions taken by the Data Controller Detailed information
Provision of services by the Data Controller

Who is the recipient of the your data?
banks, financial institutions supporting the provision of the service, providers of communication tools (e.g. chat, SMS, phone calls)

How long do we process your data?
Until the termination of the contract or until the fulfilment of the legitimate interests of the Controller, which interests form the basis of this processing.

Handling complaints, claims and notifications

Resolving technical issues

Contact for purposes related to service provision

Measures arising from legal provisions
GDPR Article 6(1)(c) and (e)

The fulfilment of legal obligations imposed on the Controller and prevention of actions to the detriment of Clients or the Controller, arising, among others, from the Polish Acts: on the provision of electronic services, on payment services and on the prevention of money laundering and terrorist financing.

Who is the recipient of your data?
Entities eligible to obtain your data based on applicable law (e.g. courts or public administration) and the economic information bureau.

How long do we process your data?
Until the Controller has complied with the obligations set out in various legal provisions.

Actions performed on the basis of the legitimate interest of the Controller GDPR Article 6(1)(f)

Actions taken by the Data Controller Detailed information

Ensuring the security of clients (security of transactions, use of the original mobile app)

Who is the recipient of your data?
Subcontractors of services (e.g. couriers, marketing tool providers), communication tool providers (e.g. chat, SMS, phone calls)

How long do we process your data?
Until lodging an objection, should relevant provisions apply, or in accordance with the applicable law.

To conduct direct marketing campaigns (e.g. sending greetings, gifts, souvenirs)

To conduct surveys, customer satisfaction surveys, analysis of service activities

To inform you about changes to the services or the functioning of the website (without requiring changes to the rules and regulations)

To handle requests and notifications to the Controller not directly related to service provision

Defence against and assertion of claims

Debt collection, court proceedings

Actions based on the data subject's consent
GDPR Article 6(1)(a)

Sending commercial information and additional information supporting the use of the website (e.g. currency alerts) by e-mail or telecommunications terminal tools (SMS)

Who is the recipient of your data?
Subcontractors of services (e.g. couriers, media houses, marketing tool providers)

How long do we process the data?
Until the consent is withdrawn.

Automated processing

Be advised that your personal data and behaviour on the website are processed by automated means in order for us to carry out statistical analyses for the Controller's internal purposes, including product development, as well as for the purposes of monitoring and preventing financial fraud and ensuring the security and reliability of the services provided by the Controller.

Data sharing

The only cases in which your personal data may be shared, in addition to the ones described above, are those in which such sharing is necessary to fulfil legal obligations.

Your rights

Right to access your data

You have the right to access and correct the content of your personal data. We would also like to inform you that anti-money laundering regulations as well as the ones related to the Financial Supervisory Commission make it incumbent upon us to keep certain operations confidential and this obligation overrides your right to access your data.

Right to discontinue or restrict the processing of your data

If you find yourself in a particular situation that makes our continued processing of your data jeopardise your privacy, you may notify us and request that we cease or restrict such processing.

Right to the portability of your data

You have the right to request us to send your data to another entity, in a form that the recipient can process freely.

Right to withdraw your marketing consent

Do note that you may revoke your consents at any time by logging into your account and selecting the appropriate option. Your withdrawal of consent does not affect the lawfulness of the processing conducted on the basis of your consent prior to the withdrawal.

Right to be forgotten

You have the right to have your data deleted in cases provided for by law.

Right to lodge a complaint with the data protection supervisory authority

We would like to inform you that you also have the right to lodge a complaint with the supervisory authority. This is currently the President of the Personal Data Protection Office.

Cookies policy

General information

The Walutomat.pl Website uses information recorded by means of "Cookies," i.e. computer data stored in the Users devices for the use of the websites. These cookies allow the website to recognise the user's device and display a website tailored to individual preferences accordingly.

Scope of data collection

Cookies contain the name of the domain from which they originate, their "expiry time," an individual random number identifying the cookie and the public IP address of the device you are using.

Use of cookies

The Walutomat.pl Website uses Cookies, including in particular your IP address for:

  1. necessary cookies: these are essential for the proper operation of the website. Their functionalities include but are not limited to: saving your consents, settings you have selected, contents of forms, etc. You may block the technical cookies in your browser settings; however, the system may stop working or may not work properly. (Article 6(1)(f) GDPR);
  2. analytical cookies: they enable us to collect data on your browsing behaviour as you view sites and take actions while visiting them; we may also record sites where you reach us from. The analytical cookies allow us to introduce enhancements to our website and measure the effectiveness of our marketing efforts – files processed on the basis of the user's voluntary consent (Article 6(1)(a) GDPR);
  3. marketing cookies: these allow us to tailor content to a specific audience and to conduct marketing campaigns – files processed on the basis of the User's voluntary consent (Article 6(1)(a) GDPR);

Processing time

The storage time for Cookies strictly depends on the type of file:

  1. essential: these are files stored from one (1) day to one (1) year;
  2. analytical cookies: these are permanent, session files (deleted when the browser session is closed) and stored from one (1) day to two (2) years;
  3. marketing cookies: these are permanent, session files (deleted when the browser session is closed) and stored from one (1) day to one (1) year;

Cookie management

  1. The Cookies we use are not detrimental to your device and do not change the configuration of that device or browser.
  2. Saving Cookies does not pose the risk of remote access by viruses or installation of other unwanted software or malware on your end device.
  3. You have the option to limit or completely disable the access of Cookies to your device at any time. If this option is used, you will be able to use the website, but respective functionalities may be restricted
  4. You may change your cookie settings on our website by clicking on the cookie icon ("Cookie Settings") in the bottom left-hand corner of the Walutomat.pl Website homepage, and then selecting and saving your choice of cookies to be stored on your end device.
  5. Detailed information on how to change the cookie settings and how to delete them yourself in the most popular web browsers is available in the help section of your browser.

Caution

The website uses Google Analytics – detailed information on how Google uses the data collected from our partners websites and applications is available at: www.google.com/policies/privacy/partners/