Privacy Policy

ELLIPX limited liability company with its registered office at ul. Młyńska 16, 8 floor, 61-730 Poznań., entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register under the number 0000985891 introduces the following Privacy Policy in order to clearly define the rules for collecting and processing Users' personal data, which were provided by them personally and voluntarily through the tools available on the operating at ELLIPX.PL

Who is the Controller of your data and how to obtain information about the processing of your data?

The Controller of your personal data is ELLIPX L.L.C. with its registered office at ul. Młyńska 16, 8 floor, 61-730 Poznań. (hereinafter referred to as the "Controller"). The Controller has not appointed the Data Protection Officer, but you can contact the Controller regarding the processing of your personal data via e-mail: [email protected]. Address for contacting: ul. Młyńska 16, 8 floor, 61-730 Poznań.

How do we collect your data?

You provide us with your personal data yourself through voluntary contact, e.g. using e-mail adress on our website, creating an account on the website in order to use the services we provide, and then using the e-wallet services provided by us.

What personal data do we collect?

In order to receive an account on our website, we will process your: e-mail address, phone number.

In the scope of using the Services we provide, we will process your: name and surname, e-mail address, phone number, address of residence, PESEL number, citizenship, number and series of an identity document (e.g. passport or ID card), bank account number, payment card mask, card expiration date, details, image or video record of Your face with biometric data.

In terms of transactions performed - when a user completes a transaction using the ELLIPX service, we may collect some information about it, including: date, time and amount of the transaction, store location and description of the seller, the names and addresses of the seller and buyer (or sender and recipient).

When you contact us to obtain the information you request, we will collect your name and email address.

In addition, in connection with your use of our website, data on activity on our website is collected, information about the number (including IP) and type of the terminal device of the User or other natural person from which the User or other natural person connects to the website. This information is collected through cookies. Detailed information about this process can be found in our cookies policy.

How and on what basis do we use your data?

The collected personal data will be processed for the following purposes, scope and on the following legal basis:

  1. for contact purposes, including in order to submit information about the services we provide, to the extent specified depending on the form of contact, the legal basis for the processing of your data is in this case is our legitimate interest (Article 6(1)(f) of the GDPR). Data collected during correspondence between you and us will be used only to answer your inquiry;
  2. in the case of using the offered services and using the Customer panel, personal data will be processed for purposes related to the performance of the contract which is the legal basis for the processing of personal data (Article 6(1)(b) of the GDPR),
  3. performance of legal obligations incumbent on the Controller, such as:
    • identification obligation resulting from the Act on Counteracting Money Laundering and Terrorist Financing,
    • obligations related to the provision of payment services, including fraud prevention and the consideration of complaints under the Act on Payment Services and the Act on Complaints Consideration by Financial Market Entities and the Financial Ombudsman,
    • accounting and archiving obligations, including those resulting from the Accounting Act
    based on (Article 6(1)(c) of the GDPR) in connection with the Act of September 29, 1994 on Accounting, the Act of March 1, 2018 on Counteracting Money Laundering Money and Terrorist Financing;
  4. implementation of the Controller's legitimate interests, which are:
    • creating reports, summaries and analyses,
    • fraud monitoring,
    • establishing, investigating or defending against any claims,
    • conducting possible debt collection activities, including the assignment of claims arising from the Agreements concluded with us;
    based on our legitimate interest (Article 6(1)(f) of the GDPR),
  5. for identity verification and providing the services purpose your personal data in terms of biometric data (image) is processed based on your explicit consent within the meaning of Article 9(2)(a) of GDPR.

In the event of consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing which was made on the basis of consent before its withdrawal.

What entities may your personal data be made available to?

Your personal data may be disclosed to entities supporting the Controller's activities, i.e. economic information institutions, service technicians and suppliers of IT systems, including IT devices on which these data are processed, law and tax offices, internal revenue service, postal operators and courier companies, server suppliers, including companies operating these servers debt collection companies.

As part of the service we provide, we transfer your data to the payment recipient/sender in the context of a specific transaction.

In addition, your data may also be made available to other entities when:

  • the obligation to provide them results from the provisions of law,
  • it is our legitimate interest or that of a third party,
  • you give us your consent to do so.

Each time we will ensure that the scope of information disclosed to these entities is adequate and necessary to achieve the assumed goals.

We transfer your personal data to third countries - the USA and Japan.

The Controller informs that the European Commission has issued a decision against the USA declaring the existence of an adequate level of data protection, which only covers companies participating in the Data Privacy Framework programme. Some of our USA Partners have not made a certification in the Data Privacy Framework programme. In that cases, the transfer of personal data is carried out using the standard contractual clauses defined by the European Commission.

This could mean that the exercise of rights in connection with data processing, the possibility of contacting the supervisory authority and the rules for the processing of personal data may be subject to restrictions or exclusions there. Therefore, the Controller takes appropriate technical and organizational security measures to ensure an adequate level of security when transferring personal data.

You have a right to obtain a copy of your personal data transferred to a third country as well as a copy of used safeguards.

The European Commission has adopted a decision confirming an adequate level of protection for personal data in Japan which means that your personal data are protected there at the equivalent level of protection to that guaranteed under EU law.

If the Controller transfers your personal data to another third country, you will be informed.

Information on automated data processing/profiling

The data is not profiled. Some automated decisions are made regarding:

  1. onboarding you as EllipX Client when positively passing the KYC procedure and
  2. executing transactions ordered within EllipX Website infrastructure. Transaction rules are described in General Terms and Conditions

which are necessary for entering into, or performance of, a contract between You and EllipX.

The data controller has implemented suitable measures to safeguard Your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision.

What rights do you have in connection with the processing of personal data?

In connection with the processing of personal data by the Controller, you have the right to:

  1. access to processed data and receiving a copy thereof,
  2. the right to rectify data,
  3. the right to delete data (in particular when they are redundant or untrue). This case may not be applicable, when Your data is processed in accordance to Article 6(1)(c).
  4. the right to limit data processing. This case may not be applicable, when Your data is processed in accordance to Article 6(1)(c).
  5. the right to object to the processing of data due to your particular situation (if the basis for processing is the legitimate interest of the Controller),This case may not be applicable, when Your data is processed in accordance to Article 6(1)(c),
  6. the right to transfer data,
  7. the right to withdraw consent - if personal data is processed on the basis of your consent, you can withdraw it at any time, however, withdrawal of consent will not affect previously performed processing activities.

In order to exercise the rights indicated above, please contact the Controller : [email protected]

If you find that your personal data is processed contrary to the legal requirements, you have the right to lodge a complaint with the supervisory body, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

If You are from the European Union here is a link where You can find contact details of Your personal data protection authority: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

How long will your personal data be processed?

Your data will be processed:

  1. on the basis of a legitimate interest, until the fulfillment of legitimate interests constituting the basis for this processing or until you object to such processing.
  2. if you use the services, your personal data will be stored for the period necessary to conclude and perform the Agreement, after which the data will be stored for the period appropriate for the limitation of claims and criminal acts, and any periods resulting from other specific provisions, e.g.:
    • information obtained after the transaction as a result of applying financial security measures in accordance with the Act on Counteracting Money Laundering and Financing of Terrorism, we will store for a period of 5 years after a related transaction or after termination of relations between You and us. This term can be extended by the decision of appropriate institutions.
  3. for accounting and tax purposes, as a rule, it will be held for a period of not less than 5 years, with detailed periods specified in the law, e.g. tax regulations,
  4. in the case of data processing based on consent, the processing will take place no longer than until you withdraw your consent.

How do we secure your personal data?

In the interests of the security of the data entrusted to us, we have developed internal procedures and recommendations to prevent disclosure of data to unauthorized persons. We control their performance and constantly check their compliance with the relevant legal acts – GDPR, the Personal Data Protection Act, as well as all kinds of executive acts and Community legislation.

Changes to our Privacy policy

We reserve the right to change the above Privacy policy by posting a new Privacy policy on this page.

Cookies

The Controller informs you that the Website uses ‘cookies’ (cookie files), installed in your terminal device. These are small text files which can be read by the Controller’s system, as well as by systems belonging to other entities whose services are used by the Controller (e.g. Facebook, Google).

The Controller uses cookies for the following purposes:

  1. ensuring proper functioning of the Website - thanks to cookies, it is possible for the Website to function smoothly, to use the functions available on it and to move comfortably between individual sub-pages;
  2. ensuring security - cookies are used to authenticate users and prevent unauthorised use of a client's account. They are therefore used to protect the user's personal data from unauthorised access;
  3. enhancing your browsing experience on the Website - cookies make it possible to detect errors on certain subpages and to continuously improve them;
  4. creation of statistics - cookies are used to analyse how users use the Website (e.g. how many users visit it, how long they stay on it, which content is of most interest). This makes it possible to continuously improve the Website and tailor its operation to users' preferences.
  5. to carry out marketing activities - thanks to cookies, the Controller can direct advertisements to users tailored to their preferences.

The Controller may place both permanent and temporary files on your device. Temporary files are usually deleted when the browser is closed, while closing the browser does not delete permanent files.

Information about the cookies used by the Controller is displayed in the panel at the bottom of the Website. Depending on your decision, you can enable or disable cookies of particular categories (except for essential cookies) and change these settings at any time.

The data collected through cookies do not allow the Controller to identify you.

The Controller uses the following tools using cookies:

  1. necessary cookies of the Website - these cookies enable the proper and safe functioning of the Website (they are used, among other things, to adapt the layout of the website to the screen of your device), therefore it is not possible to disable them (the functioning of these cookies is a condition for the use of the Website). The necessary cookies remain on your terminal device for up to 1 year;
  2. Google Analytics - this tool (using cookies provided by Google LLC) enables the collection of statistical data on how users use the Website, including the number of visits, duration of visits, search engine used, location. The data collected helps to improve the Website and make it more user-friendly. Cookies used by Google Analytics remain on your terminal device for up to 2 years;
  3. Google Ads - this tool (using cookies provided by Google LLC) enables the collection of data about your preferences (including sub-pages visited, content viewed) and makes it possible to target you with advertisements displayed on other websites you visit. Cookies used by Google Ads remain on your terminal device for up to 3 months;
  4. Facebook Pixel - this tool (using cookies provided by Meta Platforms Ireland Limited) makes it possible to determine that you have visited the Website and to target you with advertisements displayed on the social networks Facebook and Instagram and to measure their effectiveness. Cookies used by Facebook Pixel remain on your terminal device for up to 3 months.

Through most commonly used browsers, you can check whether cookies have been installed on your device, as well as delete installed cookies and block future installation of cookies by the Website or other sites. However, disabling or restricting the use of cookies may cause quite serious difficulties in the use of the Website, e.g. in the form of having to log in on every subpage, longer page loading times, limitations in the use of functionality.