Privacy Policy
Last updated: October 24, 2024
INTRODUCTION
SVV Poland Sp. z o.o. (“BTC Bank”, “we”, “our”, or “us”) respects your privacy and is committed to
protecting your personal data. This Privacy Policy explains how we collect, use, and protect your personal
data when you use our website [btcbank.pl, «Website»] and related services.
This information has been prepared taking into account the GDPR, i.e. the general regulation on
data protection.
SVV Poland Sp. z o.o. with registration number 0000972216, registered in Poland at the address: Zurawia
str. 47/49, office 118, Warsaw, Poland, 00-680.
DATA CONTROLLER
SVV Poland Sp. z o.o. will be the “data controller” or “controller” in relation to any personal data provided
to us directly via email, phone, chatbot, and post or via the Services, including the Website, or any other
available communication channel offered by SVV Poland Sp. z o.o. to you. This means that we are
responsible for deciding how we will hold and use personal data about you.
By using or navigating the Website and the Services, you acknowledge that you have read, understand,
and agree to be bound by this Privacy Policy. You should not provide us with any of your data or use the
Website or Services if you do not agree with the terms of this Privacy Policy. This Privacy Notice is
incorporated into our Terms of Use.
We encourage you to review and check the Services, including the Website regularly for any updates to
this Privacy Policy. We will publish the updated version on the Website and by continuing to deal with us,
you accept this Privacy Policy as it applies from time to time.
Persons under the age of 16 cannot provide any personal information through our Website, Services,
social media account. If you are a person below the age of 16, before submitting personal information,
you must obtain the consent of your parents or other legal guardians.
DATA PROTECTION PRINCIPLES
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the
“GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified
in particular by reference to an identifier’.
Personal data is any information about you that enables us to identify you or the beneficiary of your
transaction with us, either directly or indirectly. Personal data covers information such as your name and
contact details, but also information such as identification numbers, electronic location data, and other
online identifiers.
We are committed to complying with applicable data protection laws and will ensure that personal data
is:
• Used lawfully, fairly and in a transparent way;
• Collected only for valid purposes that we have clearly explained to you and not used in any way
that is incompatible with those purposes;
• Relevant to the purposes we have told you about and limited only to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for the purposes we have told you about;
• Kept securely.
WHAT PERSONAL DATA WE COLLECT ABOUT YOU
We only collect the most relevant, proportionate for each purpose and strictly necessary personal data
from you in the course of our business when you access, visit or use our Services. We collect data that is:
• necessary to provide our services to you, such as when you sign-up and open an account with us,
when we carry out the necessary KYC checks, and when you use our Services;
• information about your use of the Services;
The personal information that we collect, and process may include:
• Data that have to do with your identity and your personal and contact information, such as your
first name, last name, phone number
• Data connected to your account with us, such as your username and password
• Payment information – such as details of any transactions carried out using any of the Services,
bank account number, e-wallet information, details about payments and transfers made using
the Services.
• Transaction Data: Details of crypto exchanges, purchase history, and amounts.
• Technical Data: IP address, browser type, and access times.
HOW WE COLLECT YOUR PERSONAL DATA
We collect your data in various ways. These include the following:
• We may collect data that you provide directly.
Typically, this will happen when you register or sign-up with us, where you create an account with us,
when you fill in any application form, when you subscribe to our newsletter, when you participate in
surveys, when you send us an email, when you sign a contract with us
• We may collect data about you automatically.
When you use our Services, including when you interact with our website without logging in your account,
we will automatically collect technical-related data about you, your equipment, browsing actions and
patterns.
Every time you use or access the Services, and our website, data is collected. This data is stored in log files
on the server and can include, the temporary storage of data and log files. The IP address is temporarily
stored in the system as it is necessary to provide website access to your computer or other device. The IP
address is retained while that website is being accessed. These log files are stored to ensure website
functionality, optimize the content of our website, and ensure the security of our IT system.
Typically, automatic collection of data will happen when you browse and use our Services and Website,
social media pages, (usually with the use of cookies and other similar tracking technologies).
• We may acquire information about you from third parties.
We do this where we are permitted by law. This may be the information provided by our partners,
marketing agencies, your public profile information such as in social media platforms, like LinkedIn,
Facebook, Twitter, Instagram). We may associate the information we receive about you from yourself,
public and commercial sources with other information we receive from you or about you.
These are the typical ways in which we collect data about you. We may collect data about you in other
cases that are not covered by this Privacy Policy or using other methods not covered by this Policy. If this
happens, we will inform you additionally.
HOW WE USE YOUR PERSONAL DATA AND BASIS FOR SUCH USE
We will use your personal data when the law allows us to. Most commonly, we will use your personal data
in the following circumstances:
• When we have your consent,
• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and
fundamental rights do not override those interests.
• When processing cryptocurrency transactions.
• When providing you with access to your account and services.
• Where we need to comply with legal obligations (AML and KYC procedures).
• When sending you updates and promotions (with your consent).
We do not generally rely on consent to process your personal data. We rely on other grounds for
processing. We only rely on consent where this is required by law or where we consider that processing
data is necessary, and we cannot rely on other grounds.
PURPOSES AND BASES FOR PROCESSING
In general, we may use your personal data to carry out, provide, fix, and improve our Services, develop
new Services, and market our Services.
We reserve the right to offer you supplemental documents to this privacy policy that will describe the
ways in which we process your personal data.
Your personal data is processed under the following legal bases:
Performance of a contract (e.g., cryptocurrency exchange services).
Compliance with legal obligations (AML and KYC laws).
CHANGE OF PURPOSE
We will use your personal data for the purposes for which we collect it or where we reasonably consider
that we need to use it for another reason only if this reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the
legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance
with the above rules, where this is required or permitted by law.
HOW LONG WE KEEP YOUR PERSONAL DATA
Personal data is used for different purposes, and is subject to different standards and regulations. In
general, personal data is retained for as long as necessary to provide you with services you request, to
comply with applicable legal obligations, particularly related to Anti-Money Laundering (AML) and
Countering the Financing of Terrorism (CFT), accounting or reporting requirements, and to ensure that
you have a reasonable opportunity to access the personal data.
To determine the appropriate retention period for personal data, we consider the applicable legal
requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from
unauthorised use or disclosure of your personal data, the purposes for which we process your personal
data and whether we can achieve those purposes through other means. For example,
• we will retain your personal data if we are required to comply with legal and regulatory
obligations, compliance procedures and legal limitation periods. We will retain your personal data
for a period after closure of your account with us or the last transaction we carried out for
you. (Legal requirements)
• Personal data provided to us for marketing purposes may be retained until you opt out or until
we become aware the data is inaccurate.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
We may disclose your information to our employees and agents.
We may also disclose your information to third parties, such as:
• Service Providers who provide services to us as we request them, such as IT and system
administration services, cloud storage service providers, fraud detection, customer support,
remote ID verification providers, strong customer authentication, e-signature providers,
• Companies that assist in payment transactions such as financial institutions, like banks, payment
service providers like electronic money and payment institutions, international payment service
organizations like SWIFT and TARGET 2.
• Relevant business partners, like banking partners and intermediaries, international payments
services provider, as well as card manufacturing/personalisation and delivery companies, fraud
and risk mitigation service provider.
• Professional advisers including lawyers, auditors, and insurers who provide relevant services,
• Governmental agencies or entities, regulatory authorities, or other persons in line with applicable
rules, orders, subpoenas, official requests, or similar processes as either required or permitted by
applicable law.
• Advertising networks that help organise competitions and promotions, to support and display ads
on our Website, apps and other social media tools.
• Third party service providers to assist us with client insight analytics, such as Google Analytics.
Please note the following:
• This list is non-exhaustive and there may be other examples where we need to share with other
parties in order to provide our services as effectively as we can.
• We require all third parties to respect the security of your personal data and to treat it in
accordance with the law. We do not allow our third-party service providers to use your personal
data for their own purposes and only permit them to process your personal data for specified
purposes and in accordance with our instructions.
HOW WE PROTECT YOUR PERSONAL DATA
We use a variety of technical and organisational measures to help protect your personal data from
unauthorised access, use, disclosure, alteration or destruction consistent with the applicable data
protection laws and the EU General Data Protection Regulation. We have also implemented appropriate
information security policies, rules and technical measures to secure your personal information collected
by us. Your personal information is saved in an encrypted form.
All of our partners, employees, consultants, workers and data processors (i.e. those who process your
personal information on our behalf,), who have access to, and are associated with the processing of
personal information, are obliged to respect the confidentiality of such personal information, keep it
secure and protect it.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
You have the following rights in relation to the personal data we hold about you. Please note that some
of these rights will only apply in certain circumstances and some of them may be limited where we have
an overriding interest or legal obligation to continue to process the data or where data may be exempt
from disclosure due to reasons of confidentiality obligations.
• Access: you are entitled to ask us if we are processing your data and, if we are, you can request
access to your personal data. This enables you to receive a copy of the personal data we hold
about you and certain other information about it;
• Correction: you are entitled to request that any incomplete or inaccurate personal data we hold
about you is corrected;
• Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances.
There are also certain exceptions where we may refuse a request for erasure, for example, where
the personal data is required for compliance with law or in connection with claims;
• Restriction: you are entitled to ask us to suspend the processing of certain of your personal data
about you, for example if you want us to establish its accuracy or the reason for processing it;
• Transfer: you may us to help you request the transfer certain of your personal data to another
party;
• Objection: where we are processing your personal data based on legitimate interests (or those of
a third party) and you may challenge this. However, we may be entitled to continue processing
your information. You also have the right to object where we are processing your personal
information for direct marketing purposes;
• Automated decisions: you may contest any automated decision made about you where this has
a legal or similar significant effect and ask for it to be reconsidered.
• Consent: where we are processing personal data with consent, you can withdraw your consent.
If you want to exercise any of these rights, please contact us at [email protected]
Please note that you also have a right to lodge a complaint with the Office of the Commissioner for
Personal Data Protection in Poland, which is the competent authority.
CHANGES TO THIS POLICY
We may make changes to this Privacy Policy from time to time. To ensure that you are always aware of
how we use your personal data we will update this Privacy Policy from time to time to reflect any changes
to our use of your personal data. We may also make changes as required to comply with changes in
applicable law or regulatory requirements. We will notify you by email of any significant changes.
However, we encourage you to review this Privacy Policy periodically to be informed of how we use your
personal data.
JURISDICTION
We adhere to Polish and European Union regulations concerning data protection. Any legal disputes will
be governed by the laws of Poland.
CONTACT
You may contact our Data Protection Officer by email at: [email protected]