1. Introduction
When using our services, you’re trusting us with your private information. We are committed to protect the privacy of our customers and we take our data protection responsibilities with the utmost seriousness, in full compliance with Regulation (EU) 2016/679 ("General Data Protection Regulation" or "GDPR") and any other data protection regulations applicable.
As one of the key principles of the legal framework established by GDPR is transparency, we have prepared this legal document to inform you about how we collect, use, transfer and protect your personal data when you interact with us in relation to our products and services, including through our website or mobile apps.
Depending on the company you are a customer of,
Rondo Services Sp. z o.o., a company incorporated under the laws of Poland, with its registered address in Warsaw, Ul. Hoza 86 / 210 and
Nava Investment UAB, a company incorporated under the laws of Lithuania, with its registered address in Kaunas, Chemijos g. 27C
are the data controller for your personal information collected when you interact with us in relation to our products and services, including through our website or mobile app.
This Privacy Policy applies to all Personal Information processing activities carried out by us, across platforms, websites and our departments.
To the extent that you are a customer or user of our services, this Privacy Policy applies together with any terms of business and other contractual documents, including but not limited to any agreements we may have with you.
To the extent that you are not a relevant stakeholder, customer or user of our services, but you are using our website, this Privacy Policy also applies to you together with our Cookie Policy.
This Privacy Policy should therefore be read together with our Cookie Policy, which provides further details on our use of cookies on the website.
If you do not agree with this Privacy Policy, in general, or any part of it, you should not use the Sites or Services.
2. The personal information we process. The purposes of the processing. The legal basis for the processing of your personal information
a. To the extent that you are a customer or user of our services, we may collect and process identity information and Sensitive Personal Data to comply with our Know Your Customer (“KYC”) and Customer Due Diligence (”CDD”) requirements under applicable laws and regulations, and Anti-Money Laundering laws and regulations such as name, date of birth, home address, phone number, e-mail address, nationality, identity document, a video recording of you and a photographic image, occupation, monthly income, transactional information, including transaction history, trading behaviour, the amount invested and any other relevant data required to comply with the regulations.
Purposes
- To comply with our Know Your Customer (“KYC”) and Customer Due Diligence (”CDD”) obligations under applicable laws and regulations, and Anti-Money Laundering laws and regulations;
- Transaction services. We use your personal information to process your orders, and to communicate with you about orders and services;
- Communicate with you. We use your personal information to communicate with you in relation to our Services.
Legal Basis
- Performance of a contract when we provide you with products or services, or communicate with you about them (para. 6 point (b) of GDPR). This includes when we use your personal information to take and handle orders, and process payments.
- Legal obligation; to comply with our legal obligations under applicable laws and regulations, Anti-Money Laundering laws and regulations (para. 6 point (c) of GDPR)
- Performance of a task carried out in the public interest. The processing of personal data on the basis of the Anti-Money Laundering laws is a matter of public interest (para. 6 point (e) of GDPR).
b. We also collect information you may provide to us by filling in forms on our Site or through our app. This includes information you provide when you register to use the Services such as name, phone number, login e-mail address, password.
With regard to each of your visits to our Site or our app we also collect login information such as the Internet protocol (IP) address used to connect your computer to the Internet, device information, screen resolution, location of your device or computer.
Purposes
- Provide, troubleshoot and improve our Services. We use your personal information to provide functionality, analyse performance, fix errors and improve the usability and effectiveness of our Services.
- Mitigate fraud & account theft. We use your digital footprint to mitigate the risks of fraudulent activity or account theft that may happen on your account.
Legal Basis
- Your consent - when we ask for your consent to process your personal information for a specific purpose that we communicate to you (para. 6 point (a) of GDPR). You will always be prompted to take clear, affirmative action so that we can ensure that you agree with the processing of your Personal Data. This action may, for example, take the form of a checkbox. If you have given us your consent for processing operations, you may always change your mind, and withdraw your consent at any time and easily.
- Performance of a contract when we provide you with products or services, or communicate with you about them (para. 6 point (b) of GDPR). This includes when we use your personal information to take and handle orders, and process payments.
- Our legitimate interests and the interests of our users when, for example, we detect and prevent fraud and abuse in order to protect the security of our users, ourselves, or others (para. 6 point (f) of GDPR).
c. With regard to each of your visits to our Site or our app, we may also collect information about your activity. We may process information about you on your behaviour and your activity for marketing and advertising purposes such as your activity on our website or on our mobile application, how you move around the site, which pages are the most and least popular, etc.
Advertising or analytics providers may provide us with anonymised information about you, including but not limited to, how you found our website.
Purposes
- Improve our services. We process personal information to improve our services and for you to have a better user experience;
- Recommendations and personalisation. We use your personal information to recommend features and services that might be of interest to you, identify your preferences, and personalise your experience with our Services;
Legal Basis
- Your consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you (para. 6 point (a) of GDPR). You will always be prompted to take clear, affirmative action so that we can ensure that you agree with the processing of your Personal Data. This action may, for example, take the form of a checkbox. If you have given us your consent for processing operations, you may always change your mind, and withdraw your consent at any time and easily.
- Our legitimate interest to improve our services (para. 6 point (f) of GDPR).
3. We may share your Personal Data with third parties
a. We may share your Personal Data with third parties (including our entities or subsidiaries) if we believe that sharing your Personal Data is in accordance with, or required by, any contractual relationship with you or us, applicable law, regulation or legal process. When sharing your Personal Information with our entities, we will use our best endeavours to ensure that such entities are either subject to this Privacy Policy, or follow practices at least as protective as those described in this Privacy Policy.
b. We may also share personal information with the following persons:
- Third party service providers: We employ other companies and individuals to perform functions on our behalf. Examples include analysing data, providing marketing assistance, processing payments, transmitting content, and assessing and managing credit risk. These third-party service providers only have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information in accordance with our contractual agreements and only as permitted by applicable data protection laws.
- Legal Authorities: We may be required by law or by Court to disclose certain information about you or any engagement we may have with you to relevant regulatory, law enforcement and/or other competent authorities. We will disclose information about you to legal authorities to the extent we are obliged to do so according to the law. We may also need to share your information in order to enforce or apply our legal rights or to prevent fraud.
- Business transfers: As we continue to develop our business, we might sell or buy other businesses or services. In such transactions, user information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy (unless, of course, the user consents otherwise).
- Our personal Protection or of others: We release accounts and other personal information when we believe release is appropriate to comply with the law or with our regulatory obligations; enforce or apply our Terms of Use and other agreements; or protect our per rights, property or safety, our users or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
- In order for us to provide you with the best user experience, we may share your personal information with our marketing partners for the purposes of targeting, modelling, and/or analytics as well as marketing and advertising.
4. International transfers of Personal Information
To facilitate our global operations, we may transfer your personal information outside of the European Union.
In cases where we intend to transfer personal data to third countries or international organisations outside of the European Union we put in place suitable technical, organisational and contractual safeguards, to ensure that such transfer is carried out in compliance with applicable data protection rules, except where the country to which the personal information is transferred has already been determined by the European Commission to provide an adequate level of protection.
5. Storage and protection of your personal data
We store your personal information securely throughout the life of your registered account. We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes.
The personal information collected to comply with our legal obligations under financial or anti-money laundering laws may be retained after account closure for as long as required under such laws. For example, a copy of the information which are necessary to comply with the customer due diligence requirements mentioned in Section 2 point (a) of this Privacy Policy may be retained for a period of up to 10 years of five years after the end of the business relationship with our customer or after the date of any occasional transaction; we may be required by the legal authorities further retention after they have carried out a thorough assessment of the necessity and proportionality of such further retention and consider it to be justified as necessary for the prevention, detection or investigation of money laundering or terrorist financing. That further retention period shall not exceed five additional years.
Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe or retract your permission to receive marketing info.
When Personal Data is no longer necessary for the purpose for which it was collected, we will remove any details that identify you or we will securely destroy the records.
6. Your rights regarding your personal data
Subject to applicable law, as outlined below, you have a number of rights in relation to your privacy and the protection of your personal information.
Right to access: you have the right to obtain confirmation that your personal information are processed and to obtain a copy of it as well as certain information related to its processing;
Right to rectify: you can request the rectification of your personal information which is inaccurate, and also add to it. You can also change your personal information in your Account at any time.
Right to delete: you can, in some cases, have your personal information deleted;
Right to object: you can object, for reasons relating to your particular situation, to the processing of your personal information. For instance, you have the right to object where we rely on legitimate interest or where we process your data for direct marketing purposes;
Right to restrict processing: You have the right, in certain cases, to temporarily restrict the processing of your personal information by us, provided there are valid grounds for doing so. We may continue to process your personal information if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law;
Right to portability: in some cases, you can ask to receive your personal information which you have provided to us in a structured, commonly used and machine-readable format, or, when this is possible, that we communicate your personal information on your behalf directly to another data controller;
Right to withdraw your consent: for processing requiring your consent, you have the right to withdraw your consent at any time. Exercising this right does not affect the lawfulness of the processing based on the consent given before the withdrawal of the latter;
Right to lodge a complaint with the relevant data protection authority: We hope that we can satisfy any queries you may have about the way in which we process your personal information. However, if you have unresolved concerns, you also have the right to complain to the Data Protection Commission or the data protection authority in the location in which you live, work or believe a data protection breach has occurred.
7. Changes to the Privacy Policy
Our Privacy Policy is reviewed regularly to ensure that any new obligations and technologies, as well as any changes to our business operations and practices are taken into consideration and that it remains compliant with the changing regulatory environment. Any personal information we hold will be governed by our most recent Privacy Policy.
The Privacy Policy visible on our website will always be up to date and considered the most recent version.
8. Contact information
Our data protection officer can be contacted at dpo@konto.com, and will work to address any questions or issues that you have with respect to the collection and processing of your personal information.
9. Cookies
We use cookies and similar tools to enhance your user experience, provide our services, enhance our marketing efforts and understand how customers use our services so we can make improvements. Our cookie policy is available here.