Effective: October 31, 2024
This Privacy Notice (hereinafter – “Privacy Notice”) is applicable to the services provided by FYNOX sp. z o.o. (hereinafter – “Service Provider”) a company registered in Poland, under the registration number (KRS) 0001053235, (NIP) 7011161466 and with registered office at ul. Hoza 86/210, 00-682, Warsaw, and explains how the Service Provider manages the personal data of the customer or prospective customers of the Service Provider (hereinafter – “Customer”), how the Service Provider collects and uses the collected information, what are the Customer"s rights and choices in relation to the personal information the Service provider holds about the Customer.
The Service Provider respects Customer"s privacy, protecst and proceses Customer"s personal data in accordance with the rules of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – “GDPR”) and other applicable regulations.
Depending on the way the Customer interacts with the Service Provider, the Service Provider collects Customer"s personal data when the Customer fills in forms and applications; communicates with the Service Provider; uses any of provided services and/or products; contacts the Service Provider for any reason.
The Service Provider collects following data:
Information the Service Provider collects directly from the Customer:
Information the Service Provider collects from the use of services and the website:
Information the Service Provider collects from other sources:
The Service Provider collects and processs Customer"s personal data only for legitimate purposes in accordance with the rules of data protection and processing established by GDPR and other applicable rules as well as with data processing principles. The legal basis may vary from one of the following:
The Customer is not obligated to share personal data. But in such case, the Customer acknowledges that some (or any) of the Services may not be available to the Customer.
In order for the Service Provider to perform and comply with its contractual and statutory obligations, Customer"s personal data may be provided to various service providers and third parties only in cases the Service Provider has a legal basis to do so. The Service Provider uses contractual means to ensure that personal data shared with third parties is provided with comparable levels of protection and management as provided under this Privacy Notice. It is possible such third parties are outside of Poland and subject to their own respective jurisdictions.
The Service Provider may disclose or share Customer"s personal data with third parties in situations: (i) where the Service Provider has Customer"s consent; (ii) where the third parties are Service Provider"s suppliers or partners who assist in providing, maintaining, and improving Service Provider"s services (including financial institutions, processors, payment card associations, and other entities that are part of the payment process); (iii) the Service Provider is required or permitted to do so by law or applicable regulators and self-regulatory organizations; (iv) merger, sale of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of business is involved.
Customer"s personal data may be transferred to countries outside EU/EEA. Such transfers may be necessary to provide the Customer services based on contractual obligations, to comply with a legal obligation or where the Customer has given the Service Provider a prior consent. These countries may have different data protection regulations. In such cases the Service Provider takes all appropriate technical and organisational measures to ensure that the Service Provider always complys with the GDPR when transferring Customer"s personal data outside EU/EEA. The Service Provider always ensures that such third countries have been approved by the European Commission as having adequate data protection levels or in any other case they are required to provide appropriate safeguards that meet the European Data Protection Standards. The Service Provider uses approved EU Standard Contractual Clauses for transfers of Customer"s personal data to third countries outside EU/EEA.
Any personal data the Service Provider processes will be treated with the utmost care and security. The systems and facilities in which personal data is processed are protected by secure network architectures (technical and organizational measures) that safeguard and secure the information the Service Provider processes. The Service Provider has detailed security and data protection policies in place. The Service Provider reviews and updates its security policies and measures to protect the information in the most effective manner possible.
Service Provider"s employees are required to comply with confidentiality, privacy, and security obligations. Service Provider"s employees are also trained on the importance of privacy and maintaining the confidentiality of personal data.
Where the Customer has access to the services and the website via authentication means, the Customer is responsible for keeping its access credentials secure and confidential.
The Service Provider will use reasonable efforts to maintain Customer"s personal data as accurate, complete, and up-to-date form as is necessary for the purposes for which it is to be used, in compliance with applicable laws and regulations.
The Service Provider retains personal data of the Customer depending on the type of information and the purposes the Service Provider uses it for. The Service Provider will retain personal data for as long as the Service Provider has a business relationship with the Customer. Once the business relationship between the Service Provider and the Customer ends, the Service Provider will keep Customer"s personal data a period as may be required by applicable laws and regulations.
The Customer can exercise mentioned rights in relation to Customer"s personal data in accordance with the relevant data protection legislation. If the Customer has any questions in relation to the use of Customer"s personal data, the Customer can contact the Service Provider.
Right of Access: the Customer can request a copy of personal data retained by the Service Provider and a confirmation whether the Service Provider processes Customer"s personal data.
Right of Rectification: the. Customer can request a correction of any incorrect, inaccurate, or incomplete data the Service Provider holds about the Customer.
Right to erasure: the Customer can request to delete its personal data where there is no good reason for the Service Provider to continue holding it; the Customer gave consent to use of personal data and now the Customer withdraws that consent; the Customer objected to the processing of personal data; the Service provider has used personal data unlawfully; or the law requires the service Provider to delete personal data.
Right to restrict processing: the Customer has the right to request the restriction of processing of personal data in accordance with the GDPR. If the Customer objects to the Service Provider using personal data which is needed in order to provide services to the Customer, the Service Provider may stop providing the Customer related services.
Right to data portability: the Customer has the right to instruct the Service Provider to transmit personal data to the Customer or another data controller, in cases where the Customer has provided personal data to the Service Provider under a contract or by giving consent.
Withdraw of consent: if the Customer gives the Service Provider consent to process personal data, the Customer can withdraw it at any time. The Service Provider will inform the Customer in case a withdrawal affects the provision of services.
Profiling and automated decisions: if the Service Provider makes an automated decision about the Customer that significantly affects the Customer, the Customer can ask the Service Provider to carry out a manual review of such decision.
Marketing information: if the Customer doesn"t want to receive marketing or promotional emails from the Service Provider, the Customer may opt-out /unsubscribe via the link included in such emails or by contacting the Service Provider directly.
To exercise any of the Customer"s rights set out in this Privacy Notice, the Customer can contact the Service Provider by sending an email. Any request for access Customer"s personal data must be in writing. The Service Provider will respond to Customer"s request within a reasonable period and in any event within 1 (one) month (or 3 (three) months for complex or numerous requests).
The Service Provider may require proof of Customer"s identity before the Service Provider can give effect to these rights. The Customer should also be aware that some of the rights available to the Customer are not absolute, i.e., limitations may be applied:
When the Customer visits this website or uses provided services, the Service Provider may place or read cookies on Customer"s devices, subject always to obtaining Customer"s consent, where required and in accordance with applicable laws. The Service Provider uses cookies to provide the Customer with better user-experience, record information about Customer"s device, browser and in some cases preferences. More information about the use of cookies and similar technologies is available in the Cookie Notice.
This website may contain links to other websites. The Service Provider trys to link only to websites that share Service Provider"s high standards and respect for personal data rivacy, the Service Provider is not responsible for the content, security, or privacy practices of other websites. A link to a third party does not constitute an endorsement of this website. When the Customer links to another website, the Customer is subject to the terms and conditions of that website, including, but not limited to, its privacy practices. The Customer shall always check these policies before submitting any data to these websites.
This Privacy Notice may be revised or updated from time to time. In such case the Service Provider will post the most recent Privacy Notice on the website. The Service Provider encourages the Customer to review this Privacy Notice periodically by visiting the website, so the Customer always stays informed about how Customer"s personal data are processed and protected.