BUROKA POLICY

BUROKA EUROPA SPOLKA Z OGRANICZONA ODPOWIEDZIALNOSCIA is a company incorporated in Poland.

Your privacy is very important to us. We are committed to protecting the privacy, confidentiality and security of the personal data we hold by complying with the requirements set out in applicable laws and regulations. We are equally committed to ensuring that all our employees, service providers and agents comply with these obligations. This policy explains how we manage personal data within our organisation, including how we process the personal data of users who use our services or interact with our website.

Before we provide you with our products and services or collect your personal data, we always refer to this Privacy Policy. Therefore, by using the BUROKA Services, providing personal data and/or using any of our products or services, you agree that:

You understand and agree to our personal data processing practices as described in this Privacy Policy, as updated from time to time; and
If you have provided us with personal data relating to any other person; you:

Are entitled to provide that information
Have provided a copy of this Privacy Policy, as updated from time to time, to that person; and
Each such person has agreed to those terms.

How we collect personal data?

We collect personal data about you in the following ways:

You provide us with your personal data yourself (for example, by using the BUROKA Services, on the websites on which we operate; by submitting an enquiry, application or (job) application to us; by responding to our surveys; by using our products and services).
Your personal data is provided to us by third parties who have the right to disclose that information to us.
we collect your data from public sources (e.g. by examining public blockchains; from public records; from your public social media profile).
We collect your personal data by automated means (for example, by tracking your use of our websites and mobile applications).
In some cases, we may be required by law to collect certain types of personal data about you.

When we collect personal data from you, we will generally do so ourselves. However, in some cases we may collect personal data from a third party, such as through their representatives, contractors who provide services to us or third parties who refer you to us because they believe you may be interested in our products or services.

Type of personal data we collect and purposes and legal basis for processing personal data

We process your personal data on the following legal bases and for the following purposes:

Performance of the contract between us: We process your personal data primarily to provide you with our products and services on the basis of the agreement we have concluded with you. This also includes providing customer service and otherwise contacting you regarding the website or our products and services and taking action prior to entering into an agreement with you. For this, we process personal data, including the following:

Personally identifiable information (e.g., full name [first, any middle, first, middle, last and last name], date of birth, gender, identification documentation, passport numbers, unsigned IDs, unsigned IDs, utility bills, nationality, signature, photographs, employer, job title and tax ID number);
Contact details (e.g. e-mail address, telephone number, home and work address);
Financial information (e.g. credit and debit card numbers, PAN, IBAN, bank account numbers and details, sort codes and other payment details, payslips);
Communication data (e.g. records of our communications with you, including any messages you send to us);
Blockchain-related information where applicable (e.g. blockchain identifiers such as blockchain addresses and public keys);
Transaction information (e.g., transactions you make on our platform, including the recipient's name, transaction amount and timestamp);
Online identifiers (e.g., geolocation, IP address, browser fingerprint, browser name and version, and operating system);
Other information that may be present in the documentation we ask you to provide in order to prove your identity.

Without this information, we may not be able to provide you with our products or services (or all of the features and functionality offered by our products or services) or to respond to any enquiries or requests you submit to us.

Legal obligations: We may also process your personal data to comply with our obligations under the law, our AML and CTF obligations (for example, to identify you appropriately, to monitor your use of our website, products and services, and to transmit data to supervisory authorities).
Legitimate interest: We process data received from your use of the BUROKA Services to improve the user experience when using the website and the products and services. Improving our website, products and services includes conducting market research and analysis, education and training programmes for our staff and planning and forecasting business activities and other internal business processes. The legal basis for this is our legitimate business interest in improving the BUROKA Services and the user experience and our business as a result. Given the nature of the data and that we use it in aggregate form, your interests or fundamental rights and freedoms do not override our legitimate interests.
Protecting our rights: We may process your personal data to safeguard our rights (e.g. to establish, exercise and defend legal claims, debt collection). Our legitimate interest in protecting our legal rights and ensuring compliance with the agreement concluded between us. In such a case, your interests or fundamental rights and freedoms do not prevail over our legitimate interests.
Consents: We may also process your personal data on the basis of your consent (e.g. for direct marketing purposes, including sending you our newsletter). You may withdraw your consent at any time by clicking on the "unsubscribe" link at the bottom of each email. Please note that withdrawing consent does not affect the lawfulness of consent-based processing prior to its withdrawal.

Direct marketing and profiling for marketing purposes.

If you have given us your consent to provide you with materials about our products or services and those of our partners, we may from time to time use your personal data for direct marketing purposes. We send you materials and offers that we believe would be of interest to you. You may opt out of receiving marketing communications from us at any time by clicking on the "unsubscribe" link at the bottom of each email or by contacting us at [email protected].

To find out which offers would interest you, we build your profile based on the following information:

Identifying information (e.g., name, date of birth).
Contact information (e.g., mailing address, email address).
Product and service portfolio information and demographic data.

We may use your personal data to market the following products and/or services to you:

Creating, purchasing, and/or market digital assets.
Software and hardware portfolios to store digital assets.
Other products or services related to digital assets.

Persons to whom we disclose personal data

We only share your personal data when we have a valid reason to do so and when we are legally entitled to do so.

Data processors: We use carefully selected service providers (data processors) to process your personal data. We only use service providers that offer sufficient guarantees to implement appropriate technical and organisational security measures to protect your personal data. We have entered into appropriate data processing agreements with the service providers and will remain responsible for their actions with respect to the processing of your personal data. The data processors we use include the following: email service providers, website analytics service providers, liquidity providers and data hosting service providers. If you require more detailed information about the data processors we use (for example, their names and locations), please contact us using the contact details below.

Third parties: In some circumstances, we share your personal data with third parties who act as independent data controllers. We only share your personal data with third parties if required to do so by applicable law (for example, where we are obliged to share personal data with authorities) or with your consent. We may also need to share your personal data with third parties in connection with our need to protect our legal rights (for example, lawyers and debt collection agencies). The legal basis for this is our legitimate interest in protecting our legal rights and ensuring compliance with the agreement. In such a case, your interests or fundamental rights and freedoms do not override our legitimate interests. We may disclose your personal data to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, asset sale or similar transaction, as well as in the event of insolvency, bankruptcy or receivership in which the information is transferred to one or more third parties as one of our business assets. The legal basis for this is our legitimate interest in exercising our right to do business. In such a case, we ensure that your rights and conditions as a data subject are not diminished, in which case your interests or fundamental rights and freedoms do not prevail over our legitimate interests.

Compliance with legal obligations: We may share your personal data with other third parties in order to comply with our legal obligations (e.g. auditors, authorities).

Authorized representatives: We share your data with your representatives, advisors and others whom you have authorised to interact with us on your behalf. Please note that we regard such authorisation as your consent and therefore your request for such activity must be in writing.

Prohibition on sale of data: We will never sell your personal data to any third party.

Security

We take appropriate technical and organisational security measures to protect your personal data, taking into account:

the state of the art;
the costs of implementation;
the nature, scope, context and purposes of the processing; and
risks presented to you.

Retention of personal data

We keep your personal data for as long as necessary for the purposes for which it was collected, as long as necessary to safeguard our rights or as long as required by applicable law. We may retain your personal data for several years after the end of our relationship if necessary to safeguard our rights or as required by applicable law. If your personal data is processed for several different purposes, the longest retention period will apply.

In general, we store your personal data as follows:

Legal transactions: Retained for as long as the agreement between us is valid and for a period of 10 years from the time a claim expires, unless otherwise provided by law, by occasionally asking you to update your personal data;
Billing information: Kept for 7 years from the end of the financial year in which the information was provided to us;
Other data: Retained for 5 years.

Access, rectification and other rights

To the extent required by applicable data protection rules, you have all the rights of a data subject in relation to your personal data. These rights include the following:

request access to your personal data;
obtain a copy of your personal data;
rectify inaccurate or incomplete personal data;
erase personal data;
restrict the processing of personal data;
portability of personal data;
object to the processing of personal data that is based on legitimate interest and to personal data that is processed for direct marketing purposes.

Please note that your rights as a data subject are not absolute and are subject to the considerations permitted by applicable law.

To exercise your rights, please contact us using the contact details below. Please note that you can exercise some rights (for example, to review and update your personal data) by logging in to your account. To protect the integrity and security of the information we hold, we may ask you to follow a defined access procedure, which may include steps to verify your identity. In certain cases, where permitted by applicable law, we may charge you an administrative fee for providing you with access to the information you have requested, but we will inform you of this before proceeding. There may be cases where we are unable to provide you with the information you request, such as where it would interfere with the privacy of others or would result in a breach of confidentiality. In these cases we will inform you why we cannot comply with your request.

Complaints

We try to meet the highest standards to protect your privacy. However, if you are concerned about how we handle your personal data and believe that we have breached any applicable privacy laws or other relevant obligations, please contact our privacy compliance team using the contact details below. We will make a record of your complaint and forward it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can and will keep you informed of the progress of our investigation.

In addition to the above, you also have the right to lodge a complaint with the Polish data protection authority (Polish Data Protection Inspectorate) or with the court.

Changes to this policy

We may make changes to this policy from time to time to take into account changes in our standard practices and procedures or where necessary to comply with new applicable laws, regulations, case law and guidelines issued by competent authorities. If changes are important to you, we will notify you by email and by means of a pop-up window on the website. The latest version of this policy will always be available on our website.

Governing law

If you are a data subject in the European Union or the processing of your personal data is carried out in the context of an agreement you have concluded with Buroka OÜ Poland, the processing of your personal data will be governed by the laws of the Republic of Poland.

Contact details

If you would like further information from us on privacy issues or wish to exercise your rights as a data subject, please contact our privacy compliance team at [email protected].

This Buroka Privacy Policy is valid as of 01.12.2023.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.