Privacy policy

OBLIGATION TO PROTECT PERSONAL DATA UNDER THE GDPR IN BLOCKENOMY

Due to the provisions of the GDPR and AML – Blockenomy processes personal data of Customers.  Accordingly, Blockenomy is the Processor of personal data collected by Blockenomy within the meaning of this document.


§ 1 [OBLIGATION TO PROTECT PERSONAL DATA UNDER THE GDPR FOR ENTITIES WHOSE INFRASTRUCTURE BLOCKENOMY USES]

Blockenomy uses the infrastructure of a protected datacenter mail server Nazwa.pl, Poland and intermediary servers of Google LLC, USA. Due to the separate provisions of the GDPR regarding the provision of IT services in the European Union –  technology companies Nazwa.pl, Poland and Google LLC, usa process data in a secure manner in compliance with the principles of the GDPR, which means that the Customer’s data sent by e-mail by Blockenomy in correspondence with the Customer are protected in accordance with the GDPR.


§ 2 [GDPR PLUS MINIMUM MEDIUM AML RISK SITUATIONS]

  1. The administrator of the customer’s personal data is Blockenomy , i.e.:

DigiLand Co.., Warsaw, Poland,

Mariusz Sperczynski

Address: 37 Mickiewicza Str. Office no. 58

City:Warsaw

Post code: 01-625

Country:Poland / EU

Tax Identification Number 957-000-84-40

  1. Purposes and legal bases for the processing of personal data.
    1. Blockenomy processes personal data (personal data of Customers) for purposes related to the provision by Blockenomy of the services indicated in this document. The above also includes the processing of personal data related to communication between Blockenomy and Customers, to the extent that it is related to the purposes referred to in the first sentence, in particular to send customers information about the submitted order and its execution. The above also includes the processing of personal data related to the service process, directed by the Customer by e-mail or telephone, as well as via the contact form of any applications. Blockenomy processes this personal data on the basis of article 6(1)(f) of the GDPR law, i.e. due to the fact that the processing of this data is necessary for the purposes resulting from the legitimate interests pursued by the Administrator, i.e. the proper performance of services provided by Blockenomy and its agents, including communication with the Customer in connection with the provision of services. In the scope related to handling the complaint handling process, Blockenomy processes this personal data also on the basis of Article 6(1)(c) of the GDPR Regulation, because the processing of this data is necessary to fulfill the legal obligation incumbent on the Administrator, i.e. the obligation to consider complaints and keep documentation related to this process.
    2. Blockenomy processes Customers’ personal data related to the provision of services also in order to possibly pursue claims related to non-performance or improper performance of obligations related to the contract for the performance of services, e.g. for the performance and/or non-performance or improper performance of the service.  Blockenomy processes this personal data on the basis of art. 6 par. 1 lit. f) of the GDPR Regulation, i.e. due to the fact that the processing of this data is necessary for the purposes resulting from the legitimate interests pursued by the Administrator related to the pursuit of claims.
    3. Blockenomy processes customers’ personal data related to the provision of services by its agents to the extent necessary to prevent fraud related to the exchange or payment services performed or the operation of a payment system and to investigate and detect such fraud by the competent authorities.  Blockenomy processes this personal data on the basis of Article 6(1)(c), (d) and (f) of the GDPR Regulation, i.e. due to the fact that these processing is necessary to fulfill the legal obligation incumbent on the Administrator and is necessary to protect the interests of users of exchange and payment services, as well as is necessary for the purposes of the legitimate interests pursued by payment service providers.
    4. Blockenomy processes Clients’ personal data related to the provision of exchange or payment services for purposes related to the performance of obligations arising from the provisions on counteracting money laundering and terrorist financing, in particular to identify and assess the risks associated with money laundering and terrorist financing, apply security measures including, among others, identification of the Customer and verification of his identity.  Blockenomy processes this personal data on the basis of Article 6(1)(c) of the GDPR Regulation in connection with the provisions on counteracting money laundering and terrorist financing, i.e. due to the fact that the processing is necessary to fulfill the legal obligation incumbent on the Administrator as an obliged institution within the meaning of the provisions on counteracting money laundering and terrorist financing.
    5. In addition, Blockenomy processes Clients’ personal data for other, legally permissible, purposes directly or indirectly related to the purposes referred to in paragraphs 1-4, in particular for archival and statistical purposes, for purposes related to audits, management control, or for purposes related to consulting.  Blockenomy processes this personal data on the basis of article 6(1)(f) of the GDPR Regulation, i.e. in order to achieve the legally justified purposes of the Administrator.
  2. Categories of personal data that are processed.
    Blockenomy processes primarily personal data of Customers related to the provision of exchange or payment services, including in particular: name(s) and surname (surnames), correspondence address, e-mail address, payment account number, including bank accounts, other identifier of the payment instrument used, telephone number. In certain cases related to counteracting money laundering and terrorist financing – Blockenomy also processes additional personal data related to the identification of the Client’s person and verification of their identity, which includes, in particular, address, citizenship, PESEL number (or dates of birth – if no PESEL number has been assigned), series and number of the document confirming the Customer’s identity, address of residence. For communication purposes
    , Blockenomy primarily processes names, telephone numbers, email addresses.
  3. Information about the categories of data recipients. The recipient of the data is understood as a natural or legal person, public authority, entity or other entity to which Blockenomy discloses the personal data of customers, regardless of whether it is a third party. However, public authorities which may receive personal data in the context of a specific procedure in accordance with Union or Member State law are not considered to be recipients. In connection with the above, Blockenomy informs about the following categories of recipients: Blockenomy agents, i.e. entities acting in the name and on behalf  of Blockenomy (NOTE – in the version currently in force in these Regulations, i.e. as at October 12, 2022.  – Blockenomy does not have agents obliged to comply with the rules of the GDPR on the basis of these Regulations to the extent indicated in the previous part of this document). as payment institutions; other payment service providers, including the payment service provider, which makes available to the customer the payment instrument used by the customer; the data is made available to these recipients to the extent that the data must be provided to them in connection with the provision of exchange or payment services (point II.1), and to the extent that the data must be provided to them for the purposes referred to in points II.3 and II.4, as well as in other cases where these entities are entitled to obtain from Blockenomy  information, including information containing personal data; in particular, this includes banks and branches of foreign banks, credit institutions, electronic money institutions, payment institutions, credit, payment, virtual card operators; entities providing legal services related to the activities of Blockenomy; recipients of payments, for purposes related to the payment performed; entities providing IT services related to Blockenomy’s activities, including hosting services; entities providing audit and other services related to controlling Blockenomy’s activities; accountants and statutory auditors examining documents related to Blockenomy’s activities  ; entities related to Blockenomy; other than the entities indicated above, which on the basis of legal provisions are entitled to obtain from Blockenomy information related to Blockenomy’s activities, which information may include personal data of Customers, including in particular supervisory authorities towards Blockenomy . recipients may also be other entities if the Customer’s personal data are made available to them on the basis of the Customer’s consent indicating such another recipient.
  4. Information about the intention to transfer personal data to a third country or international organization.
    Blockenomy does not intend to transfer Customers’ personal data to a third country (i.e. a country outside the European Economic Area) or to an international organization.
  5. The period for which personal data will be stored or the criteria for determining this period.
    1. Customers’ personal data processed for the purposes referred to in point II.1 will be processed for the period of providing the payment service and for a period of 13 months from the date of debiting the payment account in connection with the exchange or payment service performed or for a period of 13 months from the date on which the exchange or payment transaction was to be performed, and after the expiry of this period – for the period resulting from the provisions of law,  including the Payment Services Act and tax regulations. In particular, Blockenomy explains that AML regulations additionally require a correspondingly longer data retention period.
    2. Customers’ personal data processed for the purpose referred to in point II.2 will be processed for the period referred to in the paragraph above, but not longer than for the period in which it is possible to pursue claims in court, i.e. until the expiry of the limitation period for claims. However, if the period referred to in this paragraph expires earlier than the period referred to in the first subparagraph, Blockenomy will cease to process personal data for the purpose and to the extent referred to in this paragraph, but may still process Customers’ personal data for the purposes and to the extent referred to in the first subparagraph.
    3. Customers’ personal data processed for the purpose referred to in point II.3 will be processed for the period necessary to achieve these purposes, in particular taking into account the limitation periods for the criminal record of such crimes.
    4. Customers’ personal data processed for the purpose referred to in point II.4 will be processed for the period resulting from the provisions of the law on counteracting money laundering and terrorist financing, in particular information obtained as a result of applying security measures is stored for a period of 5 years, counting from the first day of the year following the year in which the transaction with the Customer was carried out,  and information on transactions carried out by obliged institutions and documents relating to transactions shall be kept for a period of 5 years from the first day of the year following the year in which the last record relating to the transaction was made.
    5. Personal data of customers processed for the purpose referred to in point II.5 will be processed for the period appropriate to the original purpose for which they were collected. However, if other data were collected as part of this purpose than as a result of the implementation of the purposes referred to in points II.1-II.4, these data will be processed for the period of providing the payment service and 10 years from its completion, but not longer than until the date of objection to such processing, if it is justified.
  6. Information on the obligatory or optionality of providing personal data. Providing the data referred to in point II.1 is a contractual, as well as statutory requirement and in the scope of the so-called AML financial security procedures, the Customer is obliged to provide them. In the case of financial security procedure, if not provided, Blockenomy will not be able to accept the order or payment and provide services. Providing the data referred to in point II.2 is a contractual requirement in cases to ensure financial security and the Customer is obliged to provide them. Therefore, if they are not provided, Blockenomy will not accept an exchange or payment order and will not provide the service. Providing the data referred to in points II.3 and II.4 is a statutory requirement in cases of ensuring financial security and the Customer is then obliged to provide them. Therefore, if they are not provided, Blockenomy will not accept an exchange or payment order and will not provide the service.
  7. Information about the rights of Customers.
    1. The Customer has the right to request from the Administrator access to their personal data, including to obtain a copy of the personal data subject to processing. The first copy is free of charge. For any subsequent copies requested by the Customer, the Administrator may charge a reasonable fee resulting from administrative costs.
    2. The Customer has the right to request the Administrator to rectify their personal data that are incorrect, in particular because they were collected with errors or because they have changed after collection. The above right also includes the completion of missing data.
    3. The Customer has the right to request the Administrator to delete their personal data, with the proviso that this right may be exercised in the cases specified in the Regulation, i.e. when one of the following circumstances occurs:
      1. personal data are no longer necessary for the purposes for which they were collected or otherwise processed, in particular if the period in which the Administrator planned or was obliged to process your data has already expired;
      2. the consent on which the data processing is based has been withdrawn, unless the Administrator has another legal basis for the processing;
      3. an objection to the processing has been lodged and there are no overriding legitimate grounds for the processing;
      4. if the personal data have been processed unlawfully;
      5. where the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the Controller is subject.

Blockenomy may refuse to comply with a reasoned request for deletion referred to above in the cases provided for by law, in particular where further processing is necessary to comply with a legal obligation requiring processing under Union or Member State law, to establish, exercise or defend legal claims.

    1. The Customer has the right to request the Administrator to limit the processing of their personal data, under the conditions set out in the Regulation, i.e. when:
      1. The Customer disputes the correctness of personal data – for a period allowing the Administrator to check the correctness of these data;
      2. the processing is unlawful and the Customer objects to the deletion of the personal data, requesting instead the restriction of their use;
      3. The controller no longer needs the personal data for the purposes of the processing, but they are needed by the customer to establish, exercise or defend claims;
      4. The Customer has objected to the processing – until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for the Customer’s objection.
    2. The Customer has the right to object to the processing of their personal data by the Administrator in accordance with Article 21(1) of the Regulation, i.e. to object – for reasons related to a special situation – to the processing of their data based on Article 6(1)(e) or (f) of the Regulation, including profiling on the basis of these provisions. In the case of the Administrator, the above right to object applies to personal data processed for the purposes referred to in points II.2, II.3, II.5.. In the event of an objection, the Controller may no longer process this personal data, unless he demonstrates the existence of compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims. In particular, further processing of personal data despite the objection may result from the purposes referred to in points II.2 and II.3.
    3. The Customer has the right to object to the processing of their data by the Administrator in accordance with Article 21(2) of the Regulation, i.e. to object to the processing of their data for the purposes of such direct marketing, including profiling, to the extent that the processing is related to such direct marketing. In the event of exercising this right, the Administrator may no longer process the Customer’s data for the purposes of such direct marketing.
    4. The customer has the right to data portability. Therefore, the Customer has the right to receive in a structured, commonly used and machine-readable format his personal data that he has provided to the Administrator, and has the right to send this personal data to another administrator without hindrance from the Administrator. However, this right is vested in the Customer only in the scope of personal data that are processed on the basis of the Customer’s consent or on the basis of a contract, and in the scope of data the processing of which is carried out in an automated manner (in accordance with point IX. Blockenomy does not process data in an automated manner). In exercising this right, the Customer may also request that his personal data be sent by the Administrator directly to another administrator, if it is technically possible.
    5. The Customer has the right to withdraw the consent referred to in point II.5 at any time. However, the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal. In the event of withdrawal of consent, the Administrator ceases to process the customer’s personal data, which he processes only on the basis of consent. If the customer’s personal data are also processed on a basis other than this consent, the Administrator may continue to process them on this other basis – as long as it occurs.
    6. The customer has the right to lodge a complaint with the supervisory authority, i.e. one of the bodies established by individual EU Member States, whose task is to monitor the application of the Regulation. The supervisory authority competent for the territory of the Republic of Poland is the President of the Office for Personal Data Protection.
  1. Information about automated decision-making, including profiling. The Customer’s data will not be processed in an automated manner, including in the form of profiling.
  2. Processing of data for a purpose other than the purpose for which they were collected. Subject to point II.5 , Blockenomy does not plan to further process Customers’ personal data for a purpose other than the purpose for which the personal data was collected.
  3. Sources of data origin. The Administrator obtains Customer data from Customers.

* Processing of personal data means an operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.** Personal data  means information about an identified or identifiable natural person (data subject); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.*** The payer is the person who intends to pay, as well as the person who has already paid,  through a payment agent cooperating with Blockenomy – a specific monetary amount for the benefit of the payment recipient. In order to make this payment, the payer uses a payment instrument such as, for example, electronic banking or the payer’s card.**** The Merchant is the recipient of the payment from the Payer, for whom payment services are  provided  by the Blockenomy agent using the Blockenomy service.***** The GDPR Regulation (“Regulation”) is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in  in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC****** Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor or persons who, under the authority of the controller or processor, may process personal data. Processor, on the other hand, means a natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.

§ 3 [AML PROCEDURES

Blockenomy has introduced and applies internal procedures in the field of counteracting money laundering and terrorist financing in accordance with Article 50 of the Act of 01.03.2018 on counteracting money laundering. The person responsible for ensuring the compliance of the activities of Blockenomy and other persons performing activities for Blockenomy with the provisions on counteracting money laundering and terrorist financing pursuant to Article 8 of the above-mentioned Act is the owner of Blockenomy.  Blockenomy has introduced and applies internal procedures for anonymous reporting by employees or other persons performing activities for Blockenomy of actual or potential violations of anti-money laundering and terrorist financing regulations in accordance with Article 53 of the above-mentioned Act.
Blockenomy has introduced and applies instructions for managing the risks associated with money laundering and terrorist financing in accordance with Article 27 of the aforementioned Act.

Blockenomy has introduced and applies mandatory participation of persons performing duties related to counteracting money laundering and terrorist financing in training in accordance with Article 52 of the above-mentioned Act.

§4 [RELATED TRANSACTIONS]

Blockenomy has introduced and applies a procedure for identifying related transactions referred to in Article 35(1)(2)(a) in conjunction with Article 50(2)(4) of the Anti-Money Laundering Act of 01.03.2018.
Blockenomy has introduced and applies financial security measures when carrying out an occasional transaction also when it is carried out as several operations that appear to be related to each other. Blockenomy
considers transactions to  be related transactions when:

  1. in several transactions (within one day) the same bank account address appears for withdrawal both when the Customer is one or several people;
  2. the same Client who makes several transactions below the threshold amount (EUR 1,000), in short intervals (within one day) to different bank accounts or different telephone numbers.

In the case of suspicion of related transactions, pursuant to Article 34(1) and (4)(w) of the Act, financial security measures are implemented consisting in the identification of the customer and verification of his identity (personal data). In such a case, Blockenomy sums up the value of the transaction and if it exceeds EUR 15,000, it provides such information to the person designated pursuant to Article 8 of the Act in order to fulfill the reporting obligation referred to in Article 72(1)(1) of the aforementioned Act.
Blockenomy in the course of customer service may apply additional financial security measures consisting in questioning, monitoring, requesting a statement under Article 46 of the Act (a person in a politically exposed position), etc. and on this basis assess transactions also from the point of view of their connection.