PRIVACY POLICY

Privacy Policy

Within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ("GDPR") the controller of the personal data is ACE Europe sp. z o.o. with its registered seat in Warsaw.

Detailed information on the processing of your personal data can be found herein.

We encourage you to read it carefully.

Who is the controller of personal data?

The controller of your personal data is ACE Europe Sp. z o.o. with its registered seat in Warsaw, Puławska Street no. 2, 02-566 Warsaw, entered into the register of entrepreneurs maintained by the District Court for the capital city of Warsawin Warsaw, XII Commercial Division of the National Court Register under KRSnumber: 0000703382, NIP: 5252729648, REGON: 368774127, share capital in the amount of PLN 100.000 PLN ("the Controller" or “We”).

The Controller has appointed a Data Protection Officer (Ms. IzabelaPiechowka) who can be contacted electronically by sending a message to thee-mail address gdpr@ace-europe.eu

You cancontact us regarding the protection of your personal data and the exercise ofyour rights, in connection with the protection of such data, via the e-mailaddress: gdpr@ace-europe.eu, telephone number +48 22 10460 91 and in writing to the address of ACE Europe Sp. z o.o. with headquarters in Warsaw, Puławska 2, 02-566 Warsaw.

On what basis and for what purpose personal data are processed?

We may process personal data for the following purposes:

  1. in order to conclude, implement or terminate the contract for the provision of payment services by the Controller, as a domestic payment institution, i.e. pursuant to art. 6 sec. 1 lit. b) GDPR;

  2. based on express and voluntary consent, also for the purpose of marketing our own products and services, consisting in the transmission, display or transmission of commercial information by means of electronic communication, including telecommunications terminal equipment and automatic calling systems, i.e. based on art. 6 sec. 1 lit. a) GDPR;

  3. in order to defend against any claims that may arise in connection with the provision of services based on the legitimate interest of the Controller, i.e. pursuant to art. 6 sec. 1 lit. f GDPR;

  4. in order for the Controller to fulfil the obligations resulting from the provisions of law, including performing the Controller's obligations in the field of counteracting money laundering and terrorist financing, or handling complaints regarding non-performed or improperly performed payment services, i.e. pursuant to art. 6 sec. 1 lit. c) GDPR;

  5. for analytical and statistical purposes, based on the legitimate interest of the Controller, i.e. pursuant to art. 6 sec. 1 lit. f GDPR.

What kind of data can we process?

As the Controller, we can process the data of: merchants, customers, recipients, suppliers orbusiness partners and the following categories of data:

Categories of personal data:

personal identification data
name and surname, PESEL number, ID number, citizenship
personal contact details
home address, telephone number, e-mail address
the financial data
billing account, credit or debit card number
personal data concerning the conducted business activity
company name, tax identification number, business address
technical personal data
identifiers in the form of an individual customer number, IP number, payment account number

At the same time, we would like to point out that we do not process specific categories of your personal data referred to in art. 9 paragraph 1 GDPR.

Who is the recipient of the personal data we process?

As the Controller, we can transfer the processed personal data to the following categories of entities:

  1. entities that are authorized to receive personal data on the basis of legal provisions, with the exception of public authorities that may receive personal data as part of a specific procedure in accordance with European Union law or the law of a European Union Member State;

  2. entities entrusted with the processing of your personal data on ourbehalf include accounting offices, companies providing ICT services, companiesproviding telecommunications services, companies providing marketing services.

Are personal data transferred to third countries or international organisations?

Acting as the Controller, we do not transfer personal data outside the territory of the Republic of Poland, the European Union and the EuropeanEconomic Area. Should personal data be transferred outside the EuropeanEconomic Area or to another country with restrictions on the international transfer of personal data, we use standard contractual clauses as defined by the European Commission or other data transfer mechanisms compliant with local laws, such as consent, to ensure adequate or the same level of protection for your personal data as the level of protection applied in the country of origin of the data.

How long do we keep personal data?

Acting as the Controller, we store personal data obtained in order to conclude, perform and terminate the contract - for the period until the end of the limitation period for potential claims of the parties to the contract resulting from such a contract.

If personal data is processed by us on the basis of consent (formarketing purposes, for automated decision making, including profiling) - until you withdraw your consent to such processing.

In the case of data processed on the basis of thelegitimate interest of the Controller, the data will be processed until theobjection is effectively raised or the interest ceases to exist.

What are the rights of a person in relation to the processing of personal data?

Below you will find a list of rights that you are entitled to in relation to the processing of your personal data.

To exerciseyour rights listed below, please send a request to the following e-mailaddress: gdpr@ace-europe.eu

I am entitled to
What this right means to me:
access to my personal data
You can request a range of information from us regarding how we process your personal data, including:

  • why we process your personal data;

  • what categories of personal data we process;

  • to whom we transfer your personal data;

  • how long we store your personal data or what are the criteria for determining this period;

  • what sources we obtained your personal data from (if it was not you);

  • whether data processing involves automatic decision making (so-called profiling).

We draw your attention that the above-mentioned information is reflected in this document.

You can also request a copy of your personal data that we process.However, this may or may not incur fees equal to the cost of handling yourrequest.

If it is necessary to collect fees, we willinform you immediately before processing the request.

rectify my personal data
If you believe that your personal data is incorrect, you can ask us for a correction. If you want to correct the data, please provide a document confirming the changes.

We also ask you to inform us about changes to your data that we are processing so far, in order to ensure that it is up to date and reliable.
delete my personal data and to be forgotten
For example, if we process your personal data unlawfully for longer than necessary or for no reason, you can ask us to delete this information.
restrict the processing of my personal data
You can ask us to limit the processing of your personal data only to their storage or performance of activities agreed with you, if you believe we have incorrect data about you or we process it unjustifiably.
object to the processing of my personal data
You can object to us against the processing of your data for the purpose of direct marketing.

In addition, you can object to the processing of your personal data on the basis of a legitimate interest for purposes other than direct marketing, and also when the processing is necessary for us to perform a task carried out in the public interest or to exercise public authority entrusted to us.

In this case, please indicate your specific situation, which in your opinion justifies the cessation of the processing covered by the objection.

As a result of the objection, we will cease to process your data for these purposes, except when we prove that the grounds for processing your personal data by us override your rights or that your data is necessary for us to establish, assert or defend claims.
transfer my personal data
You are entitled to obtain from us the personal data that you have provided to us in a structured, commonly used and machine-readable format (e.g.on a computer).

As part of this right, you can also commission us to send this data directly to another entity.
withdraw consent to the processing of my personal data
If you have given us your consent to process your personal data, you can withdraw your consent to the processing of your personal data at any time. However, remember that the withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of your consent before its withdrawal.
file a complaint with the supervisory authority
As a natural person whose personal data is processed, you are entitled to submit a complaint regarding the processing of personal data to the President of the Personal Data Protection Office or another competent supervisory authority that performs tasks in the field of personal data protection.

Please note that the above description of what the individual rights mean is for information purposes only and does not constitute legal assistance or advice.

Is there an obligation to provide personal data?

The processing of your personal data is necessary to conclude a contract with us for the provision of payment services, as well as its implementation or termination. In the absence or refusal to provide your personal data, we may refuse to conclude or perform a payment service contract with you.

Providing personal data for marketing purposes is voluntary.

Is there any automated processing of personal data, including profiling, in connection with the processing of personal data?

In the process of processing personal data, we do not make decisions in an automated manner based on the data we have.

In addition, we do not profile them in the processing of your personal data.

If you do not agree with the above assessment in this respect, regarding the automated processing of personal data, including profiling, please contact us at the above-mentioned contact address of the Controller or Data ProtectionOfficer. If so, please provide information that you believe justifies that our assessment is not accurate. It is possible that we will ask you for this information after you contact us.

Cookies on this site

ACE EUROPE

02-566 Warszawa
ul. Puławska 2
Budynek B/ III Floor.

CONTACT

+48 22 104 60 91
contact@ace-europe.eu
www.ace-europe.eu

We hold the license of Payment Institution no. IP49/2020 and we are regulated by Financial Supervision Body (UKNF)