Privacy policy

 

 

Privacy Policy

I.     Definitions

1.      Data Controller: a controller of personal data, i.e. Impily Sp. z o.o.;

2.      Impily: Impily Sp. z o.o. seated in Katowice , Porcelanowa 23 Street, 40-246 Katowice, Poland, registered in KRS 0000859332;

3.      Personal Data: personal data of Users, within the meaning of Art. 4.1 of the GDPR, which are given in connection with the Service;

4.      Personal data processing: all operations made on personal data within the meaning of Art. 4.2 of the GDPR;

5.      GDPR: Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (O.J. EU 2016, L119), which will come into force in European Union as of 25 May 2018;

6.      Website: an Internet site made available via the domain impily.com and subdomains;

7.      Services: services provided by Impily Sp. z o.o. electronically which enable to distribute vouchers and buy cryptocurrencies by the use of such vouchers;

8.      User: a natural or legal person who accepted the Website Rules and entered into the Service provision agreement with Impily Sp. z o.o.

All terms written with capital letter and not defined above have the meaning set out in the Website Rules.

 

II.     General information

1.      The Website acquires information about Users and User behaviour in the following way:

o     through data given in forms;

o     by saving cookies in user devices;

o     collecting www server logs and other information generated in connection with or as a result of the operation and use of the Services.

III.      Principles for collecting Personal Data of Users

1.      To use the Services, the Users must give their Personal Data. If not all of Personal Data requested by Impily Sp. z o.o. are given, the Services provided by Impily Sp. z o.o. cannot be used.

2.      The Website collects information given by the User.

3.      The Website may also record information about connection parameters (time, IP address, etc.).

4.      The data obtained from the Users are not shared with third parties unless:

o     the User agrees to data sharing;

o      this is justified by law;

o      this is necessary to provide the Services, in particular in terms of technical aspects of websites handling payments or other entities which Impily cooperate with to provide the Services.

IV.    Scope of Personal Data and Personal Data processing

1.      In connection with the Services, the Data controller may request Personal Data from the User, including in particular:

a.      for natural persons: the data of the User’s ID document, as well as his/her first name, surname, citizenship, place of residence, date of birth and PESEL; for Users being foreigners without PESEL, the equivalent of a national identification number must be given (or a statement on the absence of PESEL must be filed);

b.      for institutional Users: a scan of a transcript from the entity’s commercial register, a scan of the tax number assignment, and the data of an ID document of a person authorised to represent the User, as well as this person’s first name, surname, citizenship, place of residence, date of birth and PESEL. If the User’s representative is a foreigner without PESEL, the equivalent of a national identification number must be given (or a statement on the absence of PESEL must be filed).

2.      For verification purposes, the User must also present his/her identification document to Impily Sp. z o.o. The identification document must meet the following conditions: the data in the document must be legible, all edges of the document must be visible and none of the data can be covered. The document must not show any signs of digital processing (e.g. painting or covering of any element). The documents are verified online.

3.      The Personal Data are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (O.J. EU 2016, L119) and the Personal Data Protection Act of 10 May 2018. 

4.      The data are processed on the basis of the User’s consent or legal regulations on personal data processing, including in particular the act on counteracting money laundering and terrorism financing.

5.      The User gives the data voluntarily, but the data are necessary to provide the Services.

6.      The Personal Data will not be transmitted to other entities without the User’s knowledge, except for entities authorised by law and entities providing online document verification services solely during and for the purpose of such a service.

7.      Each User has the right to view, change or delete the User’s personal data, unless this is against law.

8.      The Data Controller may refuse to exercise the rights referred to in Art. 7 above if this is provided by law, the data are subject to ongoing proceedings or are necessary to clarify circumstances of the violation of the Rules by the User.

V.     The User’s rights

1.      The User has the right to access and correct his/her Personal Data.

2.      The User has the right to request that the User’s personal data are supplemented, updated or rectified, as well as to permanently or temporarily suspend such data processing or request that the data are deleted if it is incomplete, out-of-date, untrue or illegally collected or if the data are no longer necessary for the purpose they have been collected for.

3.      In the case of any change in the Personal Data, the User must take actions to update such data.

4.      The Data Controller may refuse to delete the Personal Data if reasonable and in particular if the User:

1.      failed to pay all amounts due to the Data Controller; or

2.      violated the Website Rules or rules of any Service; or

3.      violated applicable legal regulations and the Personal Data are necessary to clarify such circumstances and determine the scope of the User’s liability. In the case of any refusal to delete the Personal Data, the Data Controller will inform the User of reasons for and legal basis of such refusal.

5.      In the case of doubts concerning the method of Personal Data processing, the User may ask the Data Controller for explanation and has the right to lodge an inquiry, reservation or complaint with the supervisory authority.

6.      The Personal Data are processed, in particular, on the basis of applicable rules and legal regulations, as well as the User’s consent, if any.

7.      The Personal Data will not be subject to automated decision-making and profiling.

8.      The Personal Data will be processed for the term of the Service provision agreement.

9.      Contact with the Data Controller: rodo@impily.com


VII. Server logs

1.      Information about certain User behaviours are logged in the server layer. The data are used to administer the system and provide the most effective hosting services, as well as for evidence purposes in connection with crimes or civil claims.

2.      Resources browsed by the User are identified with URL addresses. In addition, the following data may be recorded:

o    an inquiry receipt time,

o    a response sending time,

o    a user station name identified with an HTTP protocol,

o    information about errors during HTTP transactions,
o    URL addresses of a page previously visited by the User (referrer link) if the

User moved to the Website via the link;
o    information about the User’s browser,
o    Information about the User’s IP address.

1.   Some of the above data are not associated with specific Users of the Website. The Data Controller neither combines such data with the User’s Personal Data nor uses them to identify the User, because they are used solely for server administration purposes.

X. Contact

The User may contact the Data Controller at any time by e-mail at: helpdesk@impily.com