Privacy Policy

[General provisions]

1.The privacy policy defines the rules for processing and protecting the personal data of individuals using the website available at the internet address https://myfundingaccount.com/ , hereinafter referred to as the Data.
The privacy policy is an attachment to the Terms and Conditions and its integral part, and all terms used herein have the meaning defined in the Terms and Conditions.

2.Data means information about an identified or identifiable natural person, whose data is concerned, i.e. one that can be directly or indirectly identified, in particular, based on such features as name and surname, identification number, location data, internet identifier, or one or more features determining the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.

3.The Data Administrator is My Funding Account P.S.A.
with its registered office in Katowice at ul. Al. Wojciecha Korfantego 138A, 40-156, entered into the National Court Register by the District Court Katowice-Wschód, VIII Commercial Department of the National Court Register under the KRS number: 0001023771, with the tax identification number NIP: 6343021306 , with a share capital of: 2 060 948,00 PLN, email: contact@myfundingaccount.com

4. The Data Administrator has appointed a Data Protection Officer, who can be contacted in writing at the registered office of the Data Administrator or by email: contact@myfundingaccount.com.

5. The Data Administrator declares that the Data is processed by the regulations contained in the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR and the Act of 10 May 2018 on the protection of personal data, as well as with the amending or replacing provisions, executive regulations, and all other generally binding legal regulations.

6. Processing of the Data as defined in the Privacy Policy means an operation or set of operations performed on the Data or sets of Data in an automated or non-automated way, such as collection, recording, organization, ordering, storage, adaptation or modification, retrieval, consultation.

[Data Source]

7. The data source includes information obtained directly from individuals whose data is concerned, in particular in the context of Registration, Login, Order Placement, Contract Conclusion, or Paid Contracts, as well as information obtained from:
– government bodies, public registers, and other publicly available sources – first and last names, gender, date of birth, identification numbers (including but not limited to ID number, NIP, REGON, and other numbers in relevant registers of foreign entities), e-mail addresses, telephone and fax numbers, addresses of business, residence, and correspondence (street, house number, city with postal code), website address,
– payment service providers – first and last names, gender, e-mail addresses, data related to financial transactions (e.g., account numbers, credit or debit card numbers, other unique identifiers),
– Internet service providers – data on location, internet identifiers (IP addresses), types of internet browsers, devices and systems used by the person whose data is concerned, pages that the person visits and actions are taken on them, contents of cookies.

[Purposes and basis of Data processing]

8. Using the website by a person whose data is processed is equivalent to that person’s awareness that their data may be processed for the following purposes and on the following bases:
– responding to requests of individuals whose data is processed, recording data in cookie files, collecting data from websites and mobile applications – based on the consent of the person whose data is processed,
– taking action at the request of the person whose data is processed, by concluding an Agreement or a Paid Agreement, and for its performance, in particular:
     – providing electronic services through the website, including enabling Registration, Logging in, placing Orders, concluding Agreements or Paid Agreements, providing information through the website,
     – efficient operation and functioning of the website and ensuring safe use of it,
     – creating, maintaining and managing an Account, including providing support for the Account and resolving technical issues,
     – fulfilling orders,
     – settling transactions, including issuing invoices,
     – changing, terminating or withdrawing from an Agreement or Paid Agreement,
     – communicating with individuals whose data is processed, including considering requests, complaints and other correspondence sent by individuals whose data is processed to the Data Controller,
     – fulfilling legal obligations of the Data Controller, in particular fulfilling accounting, tax, financial, and archival obligations,
– resulting from legally justified interests pursued by the Data Controller or third parties, as indicated in paragraphs 10-12 below, including for the purposes of:
     – establishing, investigating or defending the Data Controller’s claims (evidentiary),
     – protection against claims of individuals whose data is processed (evidentiary),
     – direct marketing of the Data Controller’s own services, including profiling to tailor them to the needs,
     – indirect marketing of third-party services cooperating with the Data Controller, e.g. in the form of discount coupons, including profiling to tailor them to the needs,
     – satisfaction surveys of individuals whose data is processed, determining the quality of service and the level of satisfaction of individuals whose data is processed,
     – analytical, statistical and managerial, including internal reporting and management analysis, statistical and research aimed at the development and improvement of services provided by the Data Controller,
     – conducting internal audits and inspections,
     – implementing business control mechanisms,
     – managing acquisition, merger, division, transformation operations.

[Data Scope]

9. Processed data may include names, surnames, gender, dates of birth, company names, identification numbers (including ID NUMBERS, NIP, REGON, and other numbers in relevant registers of foreign entities), email addresses, phone numbers, fax numbers, addresses of business premises, residences and correspondence (street, house number, city along with postal code), data regarding financial transactions (including account numbers, credit or payment card numbers, other unique identifiers), location data, internet identifiers (IP addresses), types of internet browsers, devices and systems used by the person whose data is processed, websites visited by that person and actions taken on them, contents of cookies and other personal data voluntarily provided by the person whose data is processed through the website, including interactive forms, surveys or during contact with the Data Controller.

[Voluntary provision of data]

10. Except for cases where it is absolutely and universally required by law, the provision of data by the person to whom the data relates is voluntary. However, refusing to provide the data is equivalent to the inability to register, log in, place orders, enter into agreements or paid contracts, share information through the website, or communicate with the individuals to whom the data relates.

[Data recipients]

11. The Data Controller reserves the right to disclose data to relevant authorities, including courts, governmental and self-governmental administration bodies, preparatory proceedings authorities, enforcement authorities, other legal protection authorities, economic information bureaus, debt purchasers, entities participating in business entity takeovers, mergers, divisions, transformations, based on the appropriate legal basis, by the universally binding law.

12. The Data Controller reserves the right to entrust data processing to third parties providing services to the Data Controller, in particular hosting services, website management, including in the process of servicing persons whose data is being processed, transport (including postal operators, persons conducting postal or courier activity who are not postal operators), intermediation in payment processing (including banks and payment institutions), IT, equipment repairs, marketing, collection of opinions on products, advisory, accounting, tax, financial, debt collection, legal, archiving, destruction, storage of documentation, as well as damage liquidation (including service providers within the scope of damage liquidation).

13. The Data Controller reserves the right to entrust data processing to third parties providing necessary services for using the website, including registration, login, placing orders, entering into agreements or paid agreements, sharing information via the website, or communication with persons whose data is being processed, including to consider complaints.

14. Data may be processed in Poland, a member state of the European Union (EU), in the European Economic Area (EEA) signatory state. Data may also be processed outside the EEA, including by international organizations, by being transmitted by the Data Controller, but only if it is necessary for the purposes specified in paragraph 8 above, and the transmission and processing of data outside the EEA are subject to appropriate protection measures recognized by the decision of the European Commission by the principles set out in the GDPR. The Data Controller informs about the intention to transfer data outside the EEA at the stage of their collection.

[Data retention periods]

15. Data will be stored by the Data Controller for as long as there is a legal basis for their processing unless applicable laws require longer retention periods. Data will therefore be stored by the Data Controller for the following periods:
– Until the consent of the person to whom the data relates is revoked – in the case where their processing is based on a given consent,
– Until the objection is raised – in the case where processing is necessary for the legitimate interests pursued by the Controller, subject to the reservation referred to in paragraph 19 above,
– Until the expiration of the obligations resulting from the Agreement or Paid agreement and claims for their performance – in the case where their processing is necessary for the performance of the Agreement or Paid agreement or to take action at the request of the person to whom the data relates, before the conclusion of the Agreement or Paid agreement,
– Until the expiration of the Data Controller’s obligations arising from universally binding laws,
– Until the expiration, including the statute of limitations, of the rights, claims, or obligations of the Data Controller and the person to whom the data relates – in the case where their processing is necessary for the legitimate interests pursued by the data controller.

16. At the end of the retention period, the data will be deleted or anonymized.

[Data profiling]

17. Data will also be processed in an automated manner, including profiling, using information about the actions taken by the person to whom the data pertains within the Internet Service, including information about agreements or paid agreements and socio-demographic data, in order to adapt marketing information to the individual preferences of the person to whom the data pertains.

[Rights and obligations of individuals whose data is concerned]

18. Individuals whose data is concerned have the right to request from the Data Controller:
– access to personal data and the transmission of a copy of the complete data set, as well as information on data processing,
– correction of data by indicating incorrect or outdated data,
– erasure of data, although the Data Controller has the right to refuse this erasure in cases specified by the law,
– data portability by preparing and providing to another data controller or to the person whose data is concerned the indicated data in a structured, commonly used machine-readable format,
– restriction of data processing.

19. The individual whose data is concerned also has the right to object, at any time, to the processing of data based on the Data Controller’s legitimate interests, including profiling based on such interests, due to reasons related to their particular situation, which is binding for the Data Controller, unless the Data Controller can demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the individual whose data is concerned or grounds for establishing, pursuing, or defending claims.

20. If the data is processed for direct marketing purposes by the Data Controller, the individual whose data is concerned has the right to object, at any time, to the processing of such data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.

21. If the data is processed by the Data Controller based on the individual’s consent, the consent can be withdrawn at any time, but this does not affect the lawfulness of the processing based on the consent before its withdrawal (effect for the future).

22. The individual whose data is concerned uses the rights mentioned in paragraphs 18-21 above, in particular by sending a relevant request by e-mail to contact@myfundingaccount.com, providing their name and surname.

23. If the individual whose data is concerned also includes any data of other individuals in the website, they may do so only if they do not violate the generally applicable laws and personal rights of those individuals.

24. The individual whose data is concerned is entitled to use the data and content provided by other individuals on the website during and in connection with using the website and with their consent, in accordance with the generally applicable laws, unless they obtain the consent of those individuals to process their data and content beyond the scope and purpose provided for in the Privacy Policy and beyond the use of the website.

25. The individual whose data is concerned also has the right to lodge a complaint with the supervisory authority, in particular in the member state of their habitual residence, their place of work, or the place of the alleged infringement, if they consider that the processing of data infringes the provisions of the GDPR. The supervisory authority in Poland is the President of the Personal Data Protection Office.”

[Data Security]

26. The Data Administrator applies technical and organizational measures to protect the Data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. When collecting and processing Data, the information is transferred in encrypted form to prevent misuse by third parties. The security measures used by the Data Administrator are constantly changing and adapted to the development of technology.

27. To ensure a high level of Data security for individuals whose data is concerned, the Data Administrator applies measures to provide:
– the ability to continuously ensure the confidentiality, integrity, availability, and resilience of processing systems and services,
– the ability to quickly restore the availability of Data and access to them in the event of a physical or technical incident,
– regular testing, measuring, and evaluating the effectiveness of technical and organizational measures to ensure processing security.

[Use of cookies]

28. Cookies are small text files that are locally saved in the web browser cache on the computer of the person whose personal data is concerned and from which the website was visited.

29. Cookies allow for the identification of the web browser to optimize the content offered by the website and simplify the use of this website. This data is not used for personal identification of the person who visited the website.

30.The use of cookies is based on the Cookies Policy, which is an annex to the Privacy Policy.

[Final provisions]

31. In matters not regulated by the Privacy Policy, the provisions of the law on data processing, including GDPR, apply.

32. The Data Administrator reserves the right to change or supplement the Privacy Policy at any time due to important reasons, in particular:
– issuing a court ruling or a decision by a state organ resulting in the need to change the Privacy Policy,
– changes in generally applicable laws,
– significant changes in the market situation regarding the activity conducted by the Data Administrator,
– improvement by the Data Administrator of the security, functionality, or level of Data protection,
– expansion or improvement of the functionality of the website or resignation from providing some functionalities within the website,
– changes in the scope of the activity conducted by the Data Administrator (its expansion or limitation),
– accordingly to these reasons or the effects of changes. Changes cannot deprive persons whose data is concerned of acquired rights, and they apply to the future, i.e., from the date of their introduction. A person who does not agree to the change in the Privacy Policy may discontinue using the website at any time.

Fine Trade Fund P.S.A.

Scroll to Top