1) This Privacy Policy, i.e., the personal data processing policy, applies to the processing of personal data of persons:
a) being Users of the website and
b) visiting the website;
c) using the Payment Gateway services on the website.
2) This Privacy Policy determines how, why and on what legal basis the Administrator processes personal data of the data subject, and how it protects the privacy rights of that person.
3) The Administrator processes personal data in accordance with currently applicable laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: "GDPR"), the Act of 10 May 2018 on data protection, and the Act of 12 July 2024 Electronic Communications Law.
1) This Policy uses the following definitions:
a) Administrator – entity that decides on the purpose and means of data processing, in this Policy understood as: company under the name Virtuconnect sp. z o.o. with its seat in Warsaw, address: ul. Świeradowska 47, 02-662 Warsaw, registered in the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Department of the National Court Register under number KRS: 0001127883, NIP: 5214086639, REGON: 529695107, share capital PLN 5,000.
b) Personal data – any information allowing identification of a natural person ("data subject"), including but not limited to their identification, address and contact data.
c) Third country - a country outside the European Union (EU) and European Economic Area (EEA).
d) Data processor – Processor – entity that processes personal data on behalf and on instruction of the Administrator.
e) Website - website available at https://ramppay.net/, through which the User can: browse the website content, contact the Administrator using available contact details or contact forms displayed on the site, and use Services provided by the Administrator.
f) Services – services offered by the Administrator, consisting of exchange between virtual currencies and payment means, described in the terms and conditions at https://ramppay.net/terms.
g) User – natural person who uses services available on the website, interested person or person visiting the Website.
The Administrator can be contacted in the following ways:
a) by mail – Virtuconnect sp. z o.o., ul. Świeradowska 47, 02-662 Warsaw
b) via email – [email protected]
The Data Protection Officer can be contacted in the following ways:
a) by mail – Virtuconnect sp. z o.o., ul. Świeradowska 47, 02-662 Warsaw, with note: "Data Protection Officer"
b) via email – [email protected]
1) Personal data collected directly from data subjects, i.e., through:
a) filling out a form with contact details when submitting an inquiry through the form on the site,
b) filling out a newsletter subscription form,
c) providing Personal data for the provision of Services,
d) providing Personal data as part of the User verification procedure (KYC - Know Your Customer or KYB - Know Your Business) conducted by the Administrator, in accordance with applicable provisions of the Act of 1 March 2018 on counteracting money laundering and terrorist financing,
e) providing Personal data for the purpose of sending due virtual currency funds.
2) Personal data collected from third parties – insofar as this is permitted under applicable laws and regulations, such as:
a) Business User with whom the person whose Personal data concerns is associated,
b) payment providers or other payment services,
c) from public databases, such as relevant Chamber of Commerce, Central Register of Beneficial Owners / Transparency Register (or other equivalent), Google searches and other (reliable and independent) sources. The Administrator may also receive such public information through third-party service providers,
d) public data regarding transaction information from service providers.
3) Personal data collected automatically, for example - each time you interact with the Administrator's Website. Automatically collected data includes:
a) information about how access to the Administrator's Services is obtained and how the Administrator's Services are used, i.e., data such as the User's IP address,
b) when and how long the Website is visited, which subpages are visited within the Website, which links the User clicks and technical information (e.g., browser type and operating system).
1) The scope of processed Personal data has been limited to the necessary minimum and is as follows:
a) Users using the Website and Administrator's Services:
b) Data of persons visiting the Website – in particular IP address, transaction data, deposit and withdrawal address, computer or mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, identifying cookies, optionally form data, performance data, third-party cookies.
c) Data indicated in contact forms or contact via data provided on the Website - email address, phone number, email address, first name, any other data voluntarily provided by the data subject.
2) As part of introducing new features and Services and changes in applicable legal provisions, the Administrator may ask the User to provide additional information. In such case, separate information about the purposes, scope and legal bases for additional processing of Personal data will be provided. If necessary, this Privacy Policy may also be subject to updates.
1) The Administrator processes personal data when permitted by applicable laws, including for the purpose of:
a) providing Services to that person and taking action at the request of the data subject, including providing answers to questions asked through electronic communication means or for handling correspondence sent by traditional mail – this processing is based on Article 6(1)(b) GDPR, i.e., processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
b) fulfilling legal obligations incumbent on the Administrator, e.g., in accordance with the anti-money laundering and terrorist financing act, accounting act, Tax Code – processing is based on Article 6(1)(c) GDPR, i.e., processing is necessary for compliance with legal obligations imposed on the Administrator;
c) pursuing rights and claims by the Administrator or data subject, based on Article 6(1)(f) GDPR, i.e., for the purpose of pursuing legitimate interests of the Administrator or data subject.
2) Providing Personal data by Users indicated within paragraph 1(a) above – is voluntary, but necessary to use Administrator's Services provided through the Website, including for concluding appropriate contracts. Some data is collected based on separate provisions applicable to the Administrator, including in particular provisions of the Act of 1 March 2018 on counteracting money laundering and terrorist financing, to ensure financial security.
1) The Administrator may disclose and share necessary Personal data to third parties based on written data processing agreements. Data processors may include in particular such entities as: companies providing IT services, audit firms, accounting offices, law firms, entities providing employee outsourcing, entities offering customer service software, entities providing internet mail services and data collection, analysis and archiving, entities providing server hosting services. Data processors are subject to contractual obligations regarding implementation of appropriate technical and organizational security measures to protect Users' Personal data and processing such Personal data in accordance with Administrator's instructions.
2) The Administrator may share Personal data with third parties that process it for their own purposes (and do not qualify as Data processors, but as "Other Administrators") in strictly defined circumstances:
3) Furthermore, the Administrator shares Personal data if required and to the extent required for compliance with applicable (European or Polish) laws and regulations, including to support the Polish Financial Supervision Authority (KNF) or (other) relevant supervisory authorities, law enforcement agencies, tax authorities and, if necessary, to help combat fraud and other types of abuse, to the extent provided by law.
4) Profiling is any form of automated processing of personal data consisting of using Personal data to evaluate certain personal factors of a natural person, in particular to analyze or predict the User's economic situation, reliability, behavior, location or movement.
5) Personal data will not be subject to Profiling and automated decision-making.
1) The Administrator processes Personal data for a period no longer than necessary to achieve processing purposes and permitted by law. After achieving the processing purpose, Personal data is subject to deletion or irreversible anonymization, insofar as legal provisions allow. Depending on the legal basis for processing Personal data, there may be different Personal data retention periods.
2) The Personal data processing period depends on the purpose for which Personal data was collected and amounts to:
a) Provision and performance of Services: for the period necessary to document the performed Service, 5 years, counting from the end of the calendar year in which the tax payment deadline expired, based on Article 112 of the Act of 11 March 2004 on goods and services tax, in connection with Article 70 of the Act of 29 August 1997 – Tax Code.
b) Information obtained as part of User verification process: (KYC – Know Your Customer or KYB – Know Your Business) for 5 years, in accordance with requirements of the Act of 1 March 2018 on counteracting money laundering and terrorist financing.
c) Providing answers to questions asked through contact form: or by phone – no longer than 6 months.
d) Pursuing claims: based on Article 118 of the Act of 23 April 1964 – Civil Code. Unless a special provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to conducting business activity – three years.
The Administrator will not transfer Personal data outside the European Economic Area (EEA).
1) The Administrator stores and secures Personal data in accordance with principles set out in applicable legal provisions. The Administrator takes appropriate measures to:
a) ensure protection of Personal data against loss, unauthorized access, use, destruction, modification or disclosure,
b) ensure appropriate technical and organizational safeguards,
c) protect Personal data commensurate with the level of risk and special categories of Personal data.
2) Taking into account the current state of technology, costs, nature, scope, context and purposes of processing operations, as well as rights and freedoms of natural persons, these actions will include in particular pseudonymization and encryption of Personal data, measures ensuring confidentiality, integrity, availability and resilience, measures for restoring Personal data and procedures for regular testing and evaluation of security measures effectiveness.
1) Data subjects have the right to:
a) access to Personal data content, including receiving the first copy of Personal data content free of charge,
b) rectification of Personal data that is incorrect or has been changed,
c) erasure of Personal data, unless other legal provisions apply that require the Administrator to archive Personal data for a specified time,
d) portability of Personal data,
e) withdrawal of consent to Personal data processing – if the basis for such processing was the data subject's consent. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal,
f) objection to Personal data processing – for reasons related to a particular situation regarding processing of Personal data based on Article 6(1)(e) or (f) GDPR, as well as the right to restriction of processing,
g) control of Personal data processing and information about who is the Personal data administrator, as well as obtaining information about the purpose, scope and method of Personal data processing, content of such Personal data, source of Personal data, as well as method of disclosure, including recipients or categories of data recipients.
2) To exercise the right to information, access to Personal data content, their rectification, as well as other rights, you can contact the Administrator in accordance with § 2.
3) The data subject also has the right to lodge a complaint with the Personal Data Protection Office (UODO) if data processing violates GDPR provisions. The complaint may be submitted electronically or traditionally to: Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
4) If, for example, the data subject's place of residence or the place of alleged violation is located in or connected with another Member State than Poland, a complaint can usually also be lodged with the data protection authority in that Member State. The data subject always has the possibility to bring the matter to court.
Administrator's Services are not directed to persons under eighteen (18) years of age. If you are under 18 years old, you cannot use Administrator's Services or provide us with your Personal data. If the Administrator becomes aware that Personal data of a person under 18 years of age is being processed, such personal data will be immediately deleted. If there are suspicions that the Administrator possesses such Personal data, contact with the Administrator is necessary.
In case of changes to the applicable Privacy Policy, particularly when applied technical solutions or changes in legal provisions regarding privacy of data subjects require it, appropriate modifications to this Privacy Policy will be introduced, which will be effective after 14 days from their publication on the Website. If changes in Personal data processing methods will have individual and significant impact on a given person, the Administrator will take appropriate steps to notify them about the changes to enable them to exercise their rights.
