Privacy & cookies

Cartamundi Cards Poland Privacy policy

1 GENERAL
1. This privacy policy (“Privacy Policy”) regulates the processing of your personal data as a part of
your use of our Website (the “Website”) and the accompanying services (jointly referred to
hereinafter as “Services”). This processing is performed by Cartamundi Cards Poland sp. z o.o. as data
controller, with registered office at Półłanki 18, 30-740 Krakow, Poland ("we”, “our"), listed
with the KRS under number  0000460332 in accordance with the
applicable legislation relating to the protection of personal data.
2. By using our Website and/or our Services, you acknowledge that you have carefully read this
Privacy Policy and that you unreservedly agree with it. We reserve the right to regularly change the
Privacy Policy as we deem fit. Such change will be communicated through the Website.
3. By clicking the privacy opt-in check box on the forms on the Website, you declare that you have
indeed read this Privacy Policy and agree with it. You declare that you understand with what
objectives your personal data is processed. You also agree with the fact that your continued use is
understood as continued permission. You can withdraw your permission at any time by addressing a
request using the Contactform.
4. Remember that we can use so-called “cookies” or similar technology as part of the Website and/or
the Services. Cookies are small text files that are stored on the hard drive of a device and that contain
certain information, which sometimes includes personal data. For more information regarding our
use of cookies, please read our cookie policy .
5. This Privacy Policy was last updated on 19.08.2022.

2 WHAT AND WHY WE PROCESS DATA
1. We process personal data relating to you when your use the Website and/or Services. Such
personal data includes:

2. In principle, we obtain the above-mentioned personal data directly from you. We do not send any
personal data that you provide through the Website to any social media providers, unless you agree
to this. In addition to the above-mentioned objectives, we can also process your personal data:
a) to provide you in a personalised and efficient manner with the information on products and
services that you request, either through the Website, by email, by telephone or through
social media channels;
b) to process your personal data so that we can provide the Services;
c) for direct marketing purposes, i.e. to be able to provide you with targeted communication,
promotional and other offers and any other advertisements that we or our selected partners
may have available. We will ask your prior permission for this;
d) to perform statistical analyses to improve our Website and/or Services or to develop new
products or services;
e) to provide to a financial institution or payment service provider, to enable your financial
institution and the payment service provider to fulfil his, her or its statutory obligations;
f) to transmit to the police or the judicial authorities as proof of possible crimes or if there are
founded suspicions of an unlawful deed or crime that you committed by means of your
registration in or the use of the Website or the Services;
g) within the context of a possible merger with, acquisition of/by or demerger by a third party,
even if such third party is outside the EEA.
9. If and when your registration on the Website or use of the Website or Services can be regarded (a)
as a breach of the terms and conditions of the intellectual property rights or any other right of a third
party, (b) a threat to the security or integrity of the Services, (c) a danger to our or our
subcontractors’ Website, Services or systems as a result of viruses, Trojan Horses, spyware, malware
or any other form of malicious code, or (d) in any manner whatsoever illegal, unlawful, discriminatory
or insulting, we may process your data in our own interests, in our partners’ or in third parties’
interests.

3 WITH WHOM DO WE SHARE DATA?
1. We do not send your personal data to third persons in a way that you can be identified without
your express permission to do so if this is not necessary to provide the Services.
2. We can rely on external processors to offer the Website and/or Services to you. We ensure that
third-party processors may only process your personal data on our behalf and pursuant to our
written instructions. We guarantee that all external processors are selected with the necessary care,
so that we can rest assured of the security and integrity of your personal data.
3. We can transmit anonymised and/or aggregated data to other organisations that can use these
data to improve products and services, and to organise bespoke marketing, presentation and the sale
of products and services.
4 WHERE WE PROCESS DATA
1. We and our external processors will only process your identifiable personal data in the EEA.
2. We can transfer our anonymised and/or aggregated data to organisations outside the EEA. If such
transfer is made, we shall ensure that there are appropriate guarantees to warrant the security and
integrity of your personal data, and that all personal data rights that you might enjoy under
applicable mandatory law are guaranteed.
3. If your personal data and/or anonymised and/or aggregated data is transferred, the following
statutory protection system will be implemented:

5 HOW WE PROCESS DATA
1. We will do our utmost to process only the personal data necessary to achieve the objectives stated
in this Privacy Policy. We will process your personal data lawfully, honestly and transparently. We will
do our utmost to keep the personal data accurate and up to date.
2. Your personal data will only be processed as long as necessary to achieve the objectives stated in
this Privacy Policy or until the moment at which you withdraw your processing permission.
Remember that withdrawing the permission can imply that you will no longer be able to use all or
part of the Website and/or Services. If you have registered on our Website, we will remove your
personal data if you remove your profile, unless a statutory or regulatory obligation or a judicial or
administrative order prevents us from doing so.
3. We will take appropriate technical and organisational measures to keep your personal data secure
from unauthorised access or theft and from unintentional loss, manipulation or destruction. Our
personnel or the personnel of our external controllers will only be able to gain access on a need-toknow

basis and this is subject to strict obligations of confidentiality. However, you should understand that

the care for security and protection consists only of an obligation of means according to best efforts, which can never be guaranteed.
6 YOUR RIGHTS
1. You have the right to request access to all the personal data that we process about you. However,
requests for access that are clearly submitted with a view to causing us inconvenience or damage will
not be dealt with.
2. You have the right to request that any personal data about you that is incorrect or inaccurate be
corrected free of charge. If you have registered on our Website, you can personally correct much of
such data through your profile. If such a request is submitted, you must also enclose proof showing
that the personal data for which you request correction is incorrect.
3. You have the right to withdraw previously granted permission for the processing of your personal
data. You can withdraw your permission at all times by submitting the contactform, or by removing
your profile (if applicable).
4. You have the right to request that personal data relating to you be removed if this is no longer
needed in the light of the objectives that are outlined in this Privacy Policy or if you withdraw your
processing permission. However, you must consider that a removal request to us will be assessed in
the light of statutory or regulatory obligations or administrative or judicial orders, which may prevent
us from removing the respective personal data.
5. Instead of requesting removal, you can also request that we restrict the processing or your
personal data if (a) you dispute the correctness of such data, (b) the processing is unlawful or (c) the
data is no longer necessary for the objectives stated but you need it to defend yourself in judicial
proceedings.
6. You have the right to object to the processing of personal data if you can show that there are
serious and justified reasons regarding special circumstances warranting such an objection. However,
if the envisaged processing is noted as direct marketing, you have the right to object to such
processing free of charge and without giving any reason for this.
7. If your personal data is processed on the basis of permission or on the basis of a contract where
the data is processed automatically, you have the right to receive the personal data provided to us in
a structured manner and in a generally used format that can be read by a machine and, if technically
possible, you have the right to directly transmit such data to another service provider. We will be the
only persons to assess the technical viability of this.
8. If you wish to submit a request to exercise one or more of the above-mentioned rights, you can
send an email using the contactform. Such request must clearly state what right you wish to exercise
and why. It must also be dated, signed and accompanied by a digitally scanned copy of your valid
identity card showing your identity. We will notify you immediately when such request has been
received. If it appears that the request is founded, we will grant the request as quickly as is
reasonably possible and no later than thirty (30) days after the request has been received.
9. If you have a complaint regarding our processing of your personal data, you can always contact us
by using the contactform. If you are still dissatisfied with our answer, then you are at liberty to file a
complaint with the competent data protection authority, the Privacy Commission.