This is the Policy on the privacy and protection of personal data (hereinafter referred to as “Policy”), adopted by RONDO SERVICES SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (hereinafter referred to as “ RONDO SERVICES SP Z O O”).
RONDO SERVICES SP Z O O respects your privacy and is committed to protecting the personal data you have provided to us. We undertake to collect and use personal data in accordance with the General Data Protection Regulation (GDPR).
This Policy will inform you of how we handle your personal data and will detail your rights in relation to your personal data and how the law (including the GDPR) protects you.
This Policy covers personal data of our customers, business partners, other persons contacting us, contracting our services and visiting us and their representatives and employees, potential employees or interns and applies to data collected via our showcase website (https://www.konto.com), our crypto exchange platform/app (app.konto.com), as well as at our events, personal data collected in order to meet AML/ KYC legal requirements in the area of financial transactions that are incumbent on us, and personal data collected via email, ad networks or other offline means.
1. Important information and details about RONDO SERVICES SP Z O O
The purpose of this Policy is to inform you about how RONDO SERVICES SP Z O O collects and uses personal data as a result of using our website, our crypto exchange platform/ application, as a result of our compliance with the AML/ KYC legal requirements in the field of financial transactions incumbent upon us, as a result of registering for any Events or courses organized by RONDO SERVICES SP Z O O, as a result of subscribing to any RONDO SERVICES SP Z O O publications or newsletters or as a result of collaborating in any way, actual or potential, with RONDO SERVICES SP Z O O, including by contracting the services we make available to you.
This website, as well as our crypto exchange platform/ application, is not intended for minors and we do not knowingly collect personal data from minors.
RONDO SERVICES SP Z O O is the operator for your personal data (collectively referred to as "Company", "us", "to us" or "our" in this personal data protection policy).
It is important that the personal data we hold is accurate and current. Please let us know if your personal data changes during your relationship with us.
2. Purpose of processing
We process your personal data only for the fulfillment of legal and contractual obligations and for the legitimate interest of our business.
3. Legal basis of the processing
Personal data are processed on the basis of the data subject's consent, legitimate interest or legal requirements as provided for:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR;
- Law No. 190/2018 on measures implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation);
- Law No. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector;
- Law No. 129/2019 on preventing and combating money laundering and terrorist financing, and amending and supplementing certain regulatory acts.
4. The data we collect
Personal data or personal information means any information about a person from which that person can be identified. Does not include data in which the identity was removed (anonymous data).
In order to provide our services, we collect or receive your personal information in different ways. We often choose what information to provide, but sometimes we need certain information from you to use so that we can provide you with these services.
We may collect, use, store and process different types of personal data about you that we have grouped together (all or any):
- Identity data includes first name, surname, user name or similar identifier, nationality, country of residence, national identity card/passport number and series, as well as data on the validity of these documents, personal number code, speciality, professional grade, place of work, date of birth and gender.
- Contact details include billing address, delivery address, e-mail address and telephone numbers.
- Financial data includes bank account and payment card details, as well as proof of domicile/residence in a particular place (i.e. utility bill not older than 2 months or bank statement), i.e. amounts being transacted, amount of income, wallet address.
- Transaction data includes details of payments to and from you and other details of the products and services you have contracted from us.
- Biometric data includes information generated to create an impression or template of a person's face or voice, including from a photograph.
- Technical data includes [IP protocol] address, your login details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices on which you use the Site.
- Profile data includes your username and password, purchases or orders made by you, interests, preferences, feedback and survey responses, including user data for registration on our website and/or crypto exchange platform/app.
- User data includes information about how you use the Website, the crypto exchange platform/application, our products and services.
- Marketing and communication data includes your preferences in receiving communications from us and our third parties and your communication preferences.
- Media data includes audio recordings, video recordings and photos/pictures.
If you do not provide us with personal data
If we need to collect personal data by law or for the performance of a contract we have with you or the organizations you are affiliated with and you are unable to provide such data when requested, we may not be able to perform the contract we have (for example, to provide you with goods or services). In this case, it may be necessary to cancel a product or service that you have with us, but we will notify you, if applicable, at that time.
5. How is personal data collected?
We use different methods to collect personal data including by:
• Direct interactions. We collect your data when you voluntarily provide us with contact details by filling in any digital/physical forms provided by us or RONDO SERVICES SP Z O O, by filling in data on our website, by creating an account on our platform/app or by corresponding with us (including by post, telephone, email or other method of communication). This includes personal data you provide when, for example, but not limited to:
- applications for our products or services;
- create an account on our website or on our platform/app;
- you subscribe to our services or publications;
- request RONDO SERVICES SP Z O O offers or promotional materials;
- participate in an Event or course organized by RONDO SERVICES SP Z O O;
- participate in a contest, competition, survey organized by RONDO SERVICES SP Z O O;
- download our applications;
- candidates for a position within RONDO SERVICES SP Z O O;
- provide feedback on our services and products;
- provide or offer to provide services for us.
There are also situations where we collect media data at Events possibly organized by RONDO SERVICES SP Z O O. For example, (i) if you accept an invitation to be a speaker at a presentation/workshop etc. at a RONDO SERVICES SP Z O O Event, we will collect media data, i.e.: photos and video if the Event is recorded, (ii) if at a video recorded Event you choose to ask questions of the panel, then your intervention will be recorded (iii) if at an Event, there is a photo panel and you will verbally ask RONDO SERVICES SP Z O O staff or RONDO SERVICES SP Z O O collaborators to take photos. All media data collected will be collected at RONDO SERVICES SP Z O O Events and only if you voluntarily take action.
• Third parties or public sources. We may receive personal data about you from various third parties or from public sources (public registries). These sources also include:
- Professional organisations and associations with which you are affiliated and which contract our services or products;
- Public authorities or institutions of any kind;
- Companies involved in staff recruitment;
- Companies/contractors providing KYC services to us, when you go through the KYC verification process;
- Credit institutions (e.g. when you make a payment to us by payment order) or payment processor.
6. How we use personal data?
We will only use your personal data when the law allows us to. Most often, we will use your personal data in the following situations:
• If we have to execute a contract concluded with you (or which we are about to conclude);
• If we need to execute a contract with an organization, association or company to which you are affiliated; (eg participate in a possible event organized by RONDO SERVICES SP Z O O)
• If necessary for our legitimate interests (or those of a third party) and your fundamental interests and rights do not exceed those interests;
• If we have to comply with a legal or regulatory obligation;
• If you provide us with the express prior consent or on the basis of fair proof of your consent, provided by a third party who communicates this data to us;
• If we disseminate video or photo content from any RONDO SERVICES SP Z O O Events, on the media channels of RONDO SERVICES SP Z O O or of the partners for which RONDO SERVICES SP Z O O organizes any Events, for professional, media communication or educational and / or scientific purposes.
The purpose for which we use your personal data
We have presented below, in a table format, a description of all the ways in which we intend to use your personal data and what are the legal bases on which the processing is based. We have also identified our legitimate interests, where appropriate.
Please note that we may process your personal data based on several legal grounds, depending on the specific purpose for which we use the data. Contact us if you need details on the specific legal basis on which we rely to process personal data, if several reasons have been set out in the table below.
We strive to provide you with options for the use of personal data, especially in terms of marketing and advertising.
We may use your identity, contact, technical, usage and profile data to form an image of what we think you would like or need or that may be of interest to you. This is how we decide what products, services and offers may be relevant to you.
You will receive marketing communications from us if you have requested information from us or participated in any Events or courses organized by us or if you have given your consent to receive such communications (by ticking the relevant box when creating your account on our website/application) or if you have provided us with your data when you entered a contest or registered for a promotion and / or you have placed an order for services and / or products and, in each case, if you have not withdrawn your consent.
You can request that we stop sending you marketing messages at any time by e-mail to firstname.lastname@example.org Or, if applicable, by unsubscribing via the UNSUBSCRIBE link in the newsletter.
If you opt out of receiving these marketing messages, we may continue to process your personal data, based on another legal basis, where we have at least two legal bases on which we process personal data.
Changing the Purpose
We will use your personal data only for the purposes for which we collected it, unless we reasonably believe that we must use it for another reason and that this reason is compatible with the original purpose. If you would like to receive an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us.
If we have to use your personal data for undeclared purposes, we will notify you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in accordance with the above rules, if required or permitted by law.
7. Disclosure of Personal Data
We may share your personal data with the parties listed below for the purposes set out in the table in point 4 above.
- Internal third parties, as defined in the Glossary.
- External third parties, as defined in the Glossary.
- Third parties to whom we may choose to transfer or merge parts of our business or assets. Alternatively, we may seek to acquire or merge with other businesses. If there is a change in our business, then the new owners may use your personal data in the same way as described in this Policy.
We ask all our collaborators and partners to respect the security of your personal data and to treat them in accordance with the applicable legislation in force. We do not allow employees to use your personal data for their own purposes. They may use your personal data only if we give them permission to process it and only for the purposes mentioned by us.
8. Data security
We have implemented appropriate security measures to prevent accidental loss of your personal data, unauthorized use or access, modification or disclosure of your personal data. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who are in dire need of such data. They will only process your personal data in accordance with our instructions and will be subject to confidentiality obligations in this regard.
9. Data retention
As long as we keep personal data
We will retain your personal data for as long as is necessary to fulfill the purposes for which we have collected it, including for the purpose of fulfilling any legal, accounting or reporting requirements.
In order to properly determine the retention period for personal data, we consider the value, nature and sensitivity of personal data, the potential risk of harm caused by unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve these goals by other means.
10. Your rights
In certain circumstances, you have rights under applicable data protection law in respect of your personal data. Such rights are:
• The right to access your personal data.
• The right to rectify your personal data.
• The right to request the deletion of your personal data.
• The right of the opposition regarding the processing of your personal data.
• The right to request the restriction of the processing of your personal data.
• The right to request the transfer of your personal data (portability).
• The right to withdraw consent.
• The right not to be the subject of any individual decision or automated individual decision-making process (including, but not limited to, automated profiling).
You will not have to pay any fees to access your personal data (or to exercise any of the rights granted to you in connection with them). However, we may charge a reasonable fee if your request is manifestly unfounded, repeated or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we can ask of you
We may request specific information from you to help you confirm your identity and secure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who is not entitled to receive it.
We try to respond to all legitimate requests within thirty (30) days. Occasionally, it may take more than 30 days, but no longer than two (2) months if your request is particularly complex or if you have made several requests. In this case, within a maximum of thirty (30) days of receipt of your request, we will notify you and keep you informed of the status of the request.
RONDO SERVICES SP Z O O
Event (s) means any event organized by us, including virtual events, in collaboration with our customers or partners, regardless of how it is organized, online (virtual), offline or in any combination of the two variants, respectively: conference, seminar, congress, webinar, workshop, presentation, conference with speaker in the hall and participants who connect online etc.
Legitimate interest means our interest in running and managing our business to enable us to offer you the best services and / or products, as well as the best and safest experience. We make sure that we consider and balance any potential impact on you (both positive and negative), respectively on your rights, before processing your personal data for our legitimate interests.We do not use your personal data for activities in which our interests are overburdened by the impact on you (unless we have your consent or if the applicable law does not provide otherwise). You can obtain additional information about how we evaluate our legitimate interests against any potential impact on you regarding certain activities by contacting us.
Execution of the Contract means the processing of your data if it is necessary for the execution of a contract to which you are a party or to which an association or company to which you are affiliated is a party or to take action at your request before concluding such a contract.
Compliance with a legal or regulatory obligation means the processing of your personal data if it is necessary to comply with a legal or regulatory obligation to which we are subject.
Internal third parties are, as the case may be, other branches / subsidiaries of RONDO SERVICES SP Z O O and / or other entities that act as operators or processors and that have their headquarters in Romania, associates, employees or collaborators of RONDO SERVICES SP Z O O.
External third parties (listing not exhaustive)
• Service providers that provide IT systems administration and management services.
• Professional consultants including lawyers, accountants, bankers, auditors and insurers providing consulting, banking, legal, insurance and accounting services.
• Public regulatory authorities and institutions and other public authorities in Romania or the European Union.
• Collaborators or business partners with whom RONDO SERVICES SP Z O O works in order to carry out its activity.
You have the following rights in connection with your personal data:
The right to access personal data, which provides that you have the right to a copy of personal data held by us and to verify that they are legally processed.
The right to rectification by which you can request the correction of personal data we hold about you. This allows you to request the correction of any incomplete or inaccurate data we hold about you. Please note that it may be necessary to verify the accuracy of the new data you provide to us.
The right to delete data (“the right to be forgotten”). This allows you to ask us to delete or remove your data if there are no longer good reasons to continue processing. Please note, however, that we may not always be able to comply with your request of deletion, for specific legal reasons, which will be notified to you, if applicable, at the time of your specific request.
The right to object to the processing of personal data when we process data based on legitimate interest (ours or a third party) and when in your particular situation you consider that your fundamental rights and freedoms are violated. You may also object to the processing of your data for marketing purposes. In some cases we may demonstrate legitimate and compelling reasons justifying the processing and prevailing over personal interests, rights and freedoms.
The right to restrict processing. This right allows you to request that we suspend the processing of your personal data in the following cases: (a) whether you wish to establish the accuracy and correctness of the data; or; (b) if our processing of the data is illegal, but you object to the deletion; (c) if you need to keep the data, even if we no longer process it, because you need it to establish, exercise or defend rights in court; or (d) you objected to the processing of your data, but we must verify that we have mandatory legal reasons to process it.
The right to data portability. We will provide you or a third party of your choice with your personal data in a structured, commonly used format that can be read automatically. Please note that right applies to automatic data processing for which you have given us your consent or, if we have used the data, to execute a contract with you.
The right to withdraw consent when we base our processing on your consent. However, this right shall not affect the lawfulness of the processing carried out before the withdrawal of the consent in question.
The right not to be subject to any individual decision or automated individual decision-making process, including, but not limited to, the creation of profiles that produce legal effects that concern or affect you in a similar way.