PRIVACY POLICY FOR CRYPTO VOUCHER SERVICES

  1. IDENTIFICATION OF CONTROLLER, DATA SUBJECTS AND INITIAL INFORMATION
    1. Fintegence, s.r.o., with its registered office at Bottova 2A, Bratislava, 811 09, Identification No.: 47 956 925, registered in the Commercial Register of the District Court Žilina, section: Sro, insert No.: 72001/L. (the “Controller”) hereby informs you in accordance with its obligations stipulated in Articles 13 and 14 of the GDPR about the method your personal data is processed. The words “We”, “Our” and any modifications to these words are used to identify the Controller in the text of the Document.
    2. The Data Subjects in particular include the Consumers who enter into a Crypto Voucher Purchase Agreement (the “Agreement”) with the Controller. The Data Subjects also include other natural persons who have granted the Controller their consent to the processing of personal data for relevant purposes or visitors of the Website https://cryptovoucher.io (for more information, see the provisions on cookies). The words “You”, “Your” and any modifications to these words may be used to identify the Data Subject in the text of the Document.
    3. We have created this Privacy and Personal Data Protection Policy (the “Document”) for the Data Subjects to the sufficient transparency and to explain the basic principles that we adhere to when protecting privacy and your personal data.
    4. We are particularly concerned about the security and lawfulness of the processing of your personal data, and therefore we have created specific binding processing rules in this Document based on the basic principles of personal data processing provided for in Article 5(1) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”).
    5. This Document is the internal privacy protection policy that we have put in place in accordance with Article 24 of the GDPR to demonstrate the achieved compliance with the GDPR.
    6. This Document deals with the processing of personal data and adherence to the basic principles of lawful processing of personal data based in particular on performing the necessary processing of personal data lawfully, fairly for all interested parties and transparently vis-à-vis the Data Subjects. We continually place great emphasis on the security of personal data processing, while minimizing data and processing operations to the minimum necessary to properly enter into our mutual Agreement and fulfil the obligations under it and use the Website.
    7. At the same time, this Document provides you with mandatory information pursuant to Article 13 of the GDPR and gives you information about the content of this Document before the personal data is collected when you provide us with personal data for the first time or directly when you grant your consent to the processing of personal data for specified purposes.
  2. POLICIES of the Controller, GUARANTEES
    1. The subject of personal data processing for the purpose of creating a personal Account on the Website is the e-mail address and the access password to the Account. The legal basis for the processing of personal data is the performance of the Agreement pursuant to Article 6(1)(b) of the GDPR. The period during which the personal data is processed is unlimited – until the termination of the Agreement or the cancellation of the Account. This personal data is necessary for the performance of the Agreement.
    2. If you have decided to purchase a Crypto Voucher, the following personal data will be processed: name, surname, address, telephone number. The legal basis for the processing of personal data is the performance of the Agreement pursuant to Article 6(1)(b) of the GDPR and the compliance with legal obligations pursuant to Article 6(1)(c) of the GDPR resulting from the laws regulating taxes and accounting. The period during which the personal data is processed is set for the term of the Agreement in the case of processing pursuant to Article 6(1)(b) of the GDPR and the period during which the personal data is processed in the case of compliance with legal obligations pursuant to Article 6(1)(c) of the GDPR is set by law for the period of 10 years following the year in which the accounting event occurred (invoice has been issued). This personal data is necessary for the performance of the Agreement.
    3. In connection with the payment of funds for the Crypto Voucher, we must also request personal data necessary for the verification of your identity under the laws on money laundering and terrorist financing (Anti Money Laundering Law). In this context, we require the processing of your personal data specified on your identity card to the full extent of the personal data included in this document. This includes in particular the following personal data: name, surname, address, date of birth, date of issue and date of expiry of your identity card, identity card number, photo, source of funds, designation of voucher and other personal data relevant for the compliance with our statutory obligations. The legal basis for the processing of personal data is the compliance with legal obligations arising from the relevant laws pursuant to Article 6(1)(c) of the GDPR. This personal data is necessary for the performance of the Agreement.
    4. The Website, in particular, is the means of processing personal data when using the Account and purchasing the Crypto Voucher. When processing personal data to verify your identity in order to prevent money laundering and terrorist financing, the automated personal identity verification system operated by our processor may also be a means of processing.
    5. We also process the “how did you learn about us?” information. We process this personal data based on the legitimate interest of the Joint Controller pursuant to Article 6 (1) (f), which is the interest in creating statistical information on information flows related to the awareness of our services. We then process this personal data solely in an aggregated form, without relating them to the particular Data Subject who provided this personal data to us. We then process these statistical data pursuant to Article 89 of the GDPR for an indefinite period of time.
    6. We do not publish or transfer personal data without your consent to any third country that would not provide for the appropriate level of protection of personal data. We guarantee you the processing of personal data exclusively within the territory of the Member States of the European Union.
    7. Personal data may be published only based on your individually expressed consent or your conscious conduct (e.g., posting content on our official profile created on social networks). In this context, we inform you that by posting posts, photos or performing any activity resulting in you being identified on our official profile on the social network, your personal data is processed in the information systems of that social network and on our profile. By acting in accordance with the previous sentence, you provide a “tacit” consent to the processing of your personal data for our marketing activities.
    8. We regularly review and revise not only the security measures taken to ensure a high security of personal data processing, but also other procedures and rules designed to protect privacy and personal data, and we can work together with an expert appointed as Data Protection Officer (DPO).
    9. During the data transfer through a publicly accessible computer network between your end device and our server, we use appropriate means of encrypted protection of information (the SSL certificate). Similarly, we store all data and personal data on the specified data storages that are protected by appropriate means of encrypted protection of information.
    10. We guarantee that we will not make any consents to the processing of personal data conditional on the entering into or performance of an agreement. You can express your consent to the processing of personal data freely without compromising your access to our services. You may withdraw your consent to the processing of personal data at any time by contacting the Controller by sending a written request to the e-mail address [email protected]; withdrawal of your consent does not affect the lawfulness of processing of your personal data prior to its withdrawal.
    11. All entities other than us that legally participate in the process of processing of personal data are transparently identified in this Document together with their status under the GDPR. We will not perform any processing operation on your personal data in respect of a third party and/or a recipient if the third party and/or the recipient is not transparently identified in this Document and at the same time we lack the legal basis to do so under Article 6 of the GDPR.
    12. All recipients of personal data access this personal data exclusively based on an authorisation granted by us; they are legally bound by specific obligations and legal warranties enhancing the personal data protection of the Data Subjects.
    13. We do not disclose your personal data to any parties for commercial purposes without you granting your individual and free consent in advance. When using the Google Analytics service, personal data of the visitors of the Website may under certain circumstances be processed by Google Inc. acting as a third party and independent controller; this processing of personal data is outside our control and influence. We also consider it necessary to inform you that part of the processing of personal data related to the use of the features integrated into the Website may be performed separately and completely independent of us by third parties acting as independent controllers different from our personal data information systems; in those cases, these are mainly operators of “payment gateways” for making cashless payments via the Internet. You provide these third parties with your personal data directly without us entering or influencing this process in any way. This part of the processing of personal data is governed by internal policies and precautions adopted by these third parties and we have no influence on that processing of personal data, including the possibility to exercise the rights of the Data Subject about which we inform you in this Document.
    14. We carefully screened our business partners (the so-called processors) who we allowed to process your personal data in light of their practical ability to ensure the safety and lawfulness of the processing of your personal data.
    15. When processing personal data and communicating with the Data Subjects, we use, in addition to regular telephone and e-mail communication, also the Website and the official profile created on the Facebook and Instagram social networks.
    16. At the same time, please do not disclose any unnecessary data and information about you of a private nature not directly related to the Agreement in our mutual communication.
  3. IDENTIFICATION OF PROCESSORS, RECIPIENTS AND THIRD PARTIES INVOLVED IN THE PROCESSING OF PERSONAL DATA
    1. When processing your personal data, we use the following sufficiently verified and professionally qualified business partners capable of guaranteeing the security of the processing of personal data who, pursuant to Article 28 of the GDPR, act as processors:  

      the Website provider,

      the provider of user behaviour analysis on the Website,

      the accounting services company.
  4. MARKETING
    1. It is our interest to stay in touch with you and to be able to inform you about news and offers of our services and information from the world of Cryptocurrencies. To this end, we offer you the possibility of expressing your consent to the processing of your personal data for marketing purposes.
    2. If you grant us your consent, we will process the following personal data for as long as the consent is valid, until you withdraw it: name, surname and e-mail address. We will use this personal data to send you relevant information based on which you can make use of our offer and services.
    3. Failure to grant any consent does not have any effect on the entering into of our mutual Agreement as specified in the provisions of this Document.
    4. You may withdraw your consent to the processing of personal data at any time by sending a written request to the e-mail address [email protected]; withdrawal of your consent does not affect the lawfulness of processing of your personal data prior to its withdrawal. The cancellation of subscription to marketing information, which is a part of each marketing e-mail sent in the form of a separate button or web link, is also considered to constitute withdrawal of consent.
  5. PRINCIPLES OF PROTECTION OF PRIVACY WHEN USING THE WEBSITE AND USE OF COOKIES
    1. We also use the website www.cryptovoucher.io (the “Website”) to process some of your personal data. We reserve the right to occasionally send you an email with request for the feedback via Trustpilot platform.
    2. The Website uses cookie files. A cookie file is a small text file that the Website stores in your computer or mobile device during its browsing. Thanks to this file, the Website retains for a while information about your steps and preferences (such as login name, language, font size and other display settings) so that you do not need to repeatedly type them during your next visit of the Website or when browsing its individual subpages.
    3. We use our own cookie files (the “first party cookies”) in order to optimise the functions of the Website and enhance the user convenience of the Website visitor, as well as other cookies (the “third party cookies”) to display the so-called behavioural ads.
    4. The Website is also using “short-term cookies” that are automatically erased after the termination of the use of the internet browser from your computer system or other of your end devices. However, in some cases, processed may also be the “long-term cookies” that remain in the device of the end user and enable us to see that the Website has repeatedly been visited by the relevant device of the end user, which may, depending on the setting performed by the user, be associated with, for example, remembering of the pre-set access password, etc..
    5. We inform you and all visitors of the Website of the fact that all cookie files that the Website may store in the end device of any visitor of the Website may be inspected and erased. By appropriately setting the preferences of the internet browser, it is possible to effectively and completely prohibit the use of the cookie files. Specific information and instructions regarding the setting of preferences of individual internet browsers can be found here: https://www.aboutcookies.org/how-to-control-cookies/; and information necessary to erase the cookie files from the technical device of the user can be found here: https://www.aboutcookies.org/how-to-delete-cookies/. Generally, it can be stated that it is necessary to switch on the function that is usually called “Protection against spying” in the internet browser.
    6. If the web browser used by your end device permits the Website to use cookie files to access and view its content, we may deem this as your valid consent to the use of the cookie files.
    7. On the Website, we also use the internet analytical service from Google Inc.; however, we do not process any personal data or other identifiers (such as IP address) that can be used for indirect identification of the Data Subjects. However, it does not mean that in this manner the processing of personal data by Google Inc., which is the operator of the Google Analytics and Google adWords services, does not take place.
    8. Google Analytics and Google adWords services also use the cookie files that are stored in the device of the end user of the Website (computer, tablet, smartphone) to analyse your behaviour on the Website. Google makes the part of the IP address related to the device of the end user of the Website anonymous immediately after acquiring it, which enhances the privacy protection of the Data Subject. Google Inc. uses the information acquired during your use of the Website to evaluate the use of the Website by the users, to issue reports about the activities on the Website and to provide us with other services associated with the use of the Website and the Internet. This processing of data by the Google Analytics and Google adWords services may also be prevented by appropriately setting the preferences of the internet browser in which you install the browser plug-in available through the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
    9. We may use the Google Analytics and Google adWords services on the Website to also generate online ads through re-marketing, i.e. outputs from our marketing communication may also be displayed by other providers of digital services and internet content, including Google Inc., on various web pages that will be displayed on your device in the future after they leave the Website.
    10. We also use the reports by Google Analytics to conduct more efficient marketing communication, whereby the processing of demographic characteristics and interests related to the Data Subjects (such as age, sex, interests) acquired by Google Inc., which may also be used by us, can take place. However, we will not process your personal data when processing data using the Google Analytics service, because we do not have sufficient identifiers at our disposal to allow your direct or indirect identification.
    11. You may prevent the personalised commercial banners by Google from displaying through this link.
    12. For more information about the use of data by Google Inc. in the context of the use of the Website, visit: https://www.google.com/policies/privacy/partners/.
    13. At the same time we notify you of the fact that if you are signed in to other internet services provided by Google Inc. during your visit and use of the Website, Google Inc. may process your personal data. We have no control over or influence on that processing of personal data nor participate in it in any manner.
    14. In connection with the use of the Website by the Data Subjects, Google Inc. is a third party acting as a separate controller. The Data Subjects can find more information about the current privacy protection rules adopted by Google Inc. here: https://www.google.com/policies/privacy/?hl=en
    15. We also use the Instagram social network operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA to promote our goods and services. However, when processing your personal data through our profiles created on this social network, we only have authorisations as administrators. This company is in the position of an independent personal data controller, and the processing of your personal data is performed in accordance with the conditions established by Instagram. For this reason, your personal data may be provided to third parties and a cross-border transfer to third countries may take place by the Instagram social network, and we have no control over this processing of personal data or are responsible for it. An overview of Instagram add-ons, their features and how your personal data is processed can be found at: https://help.instagram.com/519522125107875.
    16. On our Website, we also use add-ons of the Facebook social network in the form of Facebook Conversion Pixel and Facebook Remarketing services and others provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. At the same time, we also promote our goods and services through our company profile on the Facebook social network. When you visit our Website that contains such an add-on, a link will be established between your browser and the social network. The social network will then receive information about the visit of the Website from your browser. If you are logged in to the Facebook social network, your visit may be associated with your profile on the social network. Any information and metadata produced by the add-on can then be saved by the social network operator. Using Facebook Conversion Pixel, we and Facebook can tell you that you clicked on our Facebook ad and were redirected to our Website. However, we do not have access to data from other sites you have visited. Information gathered using Facebook Conversion Pixel is used to compile statistics on the use of our Facebook advertising campaigns. However, when doing so, we do not obtain any information that could be used to identify you. With the Facebook Remarketing technology, users who have already visited our sites can be re-targeted with targeted advertising on other Facebook pages or sites that cooperate with Facebook. However, we do not obtain any information about the directness of this advertising towards specific individuals. For more information about the purpose and volume of the information collected and the processing of your personal data by Facebook, as well as the option of your privacy protection settings on Facebook, please see the Facebook Data Use Policy available here. You can prevent online interest-based ads from Facebook and other participating companies from displaying here. In order to prevent this personal data from being collected, you must log out of the social network before visiting our Website.
  6. INSTRUCTIONS ABOUT THE RIGHTS OF THE DATA SUBJECT
    1. We are committed to preserve the integrity and confidentiality of your personal data; therefore, we strive for the strong protection of personal data not only through individual modern technical and organisational precautions, but also through the possibility to exercise the rights of the Data Subject at any time through a written signed application implying the identity and the right that the Controller is requested to exercise by the Data Subject. You may sent the applications to exercise the right to the Controller to our e-mail address: [email protected].
    2. Please note that in cases where the legal basis for the processing of personal data is your consent, you may withdraw your consent at any time. You may withdraw your consent to the processing of personal data at any time by contacting the Controller at any establishment or by sending a written request to the e-mail address [email protected]; the withdrawal of your consent does not affect the lawfulness of processing of your personal data prior to its withdrawal.
    3. In cases where the legal basis is a contractual relationship, it is necessary to provide us with the required personal data; otherwise it is not possible to enter into the contractual relationship and provide you with the goods or service.
    4. At the same time, you have the right of access to personal data (Article 15 of the GDPR), right to rectification (Article 16 of the GDPR), right to erasure (Article 17), right to restriction of processing (Article 18 of the GDPR), right to data portability (Article 20 of the GDPR), right to object to processing (Article 21 of the GDPR), right to request a review of an individual decision based on the automated processing of personal data (Article 22 of the GDPR).
    5. Each application to exercise the rights of the data subject under the GDPR may be made by a signed written application sent to the address of our company’s registered office specified in the Commercial Register or to our e-mail address: [email protected].
    6. Please note that we may request that you credibly demonstrate your identity when dealing with your application to exercise the right of the data subject, especially if you apply to exercise your right in a manner other than by a signed written letter, e-mail with credible qualified electronic signature or in person at the registered office of our company (e.g. in the case of common e-mail requests or phone calls).
    7. Each delivered application to exercise the right of the data subject will be assessed individually and competently; we will always inform you about the result within 30 days of the receipt of the application. The process of dealing with the application to exercise the right of the data subject is free of charge. If we have, in your opinion, not dealt with your application to exercise the right of the data subject in accordance with the GDPR, you may file a complaint with the supervision authority (www.dataprotection.gov.sk) or apply for a judicial remedy directly with the general court having jurisdiction.
    8. If you have any questions regarding the protection of privacy and personal data or information regarding the content and enforcement of your rights or require additional explanations of the content of this Document, you may contact us at any time at the following e-mail address: [email protected].
  7. FINAL PROVISIONS
    1. If you do not agree or do not sufficiently understand the content or meaning of any part of this Document, we will welcome your factual reservations and comments that we will discuss with you with a view to protect and support your rights and prevent the occurrence and increase of any risks for your rights and freedoms that could be caused or influenced by the use of the Website and/or other processing of personal data in this Document.
    2. We regularly revise and update this Document; the current version of the Document published on the Website is always valid.
    3. You may address your complaint related to the processing of personal data to the supervision authority, which is the Office for Personal Data Protection of the Slovak Republic. Contact details of the supervision authority:

      Office for Personal Data Protection of the Slovak Republic
      Hraničná 12
      820 07 Bratislava
      +421 /2/ 3231 3214
      [email protected]

      In Čadca, Slovak Republic
      Dated 25 May 2018