Privacy Notice
Last updated: 29 April, 2024
Intro
IOOI Sp. z O.O (“Inqud” or “we”) welcomes you. This Privacy Notice (“Privacy Notice”) applies to our Website inqud.com and web-based platform app.inqud.com, including crypto widgets (collectively, the “Service”).
The Privacy Notice describes which of your personal data Inqud collects, how stores, processes, and uses it, and what happens when you use the Service.
Content
Data received from third parties
Data sharing with third parties
Data transfer outside the European Economic Area
European Economic Area residents
About us
We are the controller of your personal data processed through the Service. This means that we determine the purposes and means of personal data processing. Pay attention that you can fall into several categories depending on your actions.
| Name | IOOI Sp. z O.O |
|---|---|
| Registration number | 525273421 |
| Address | Gęsia 8/205, 31-535 Kraków, Polska |
| [email protected] – for general and privacy inquiries |
About you
When you visit the Service, you become our user (“User”). We divide the Users into categories so you can easily find details about the processing of your personal data.
| Type of User | Description |
|---|---|
| Visitor | User who visits the Website |
| User | User who registers with the Service |
| Merchant | User who registers and uses Business account |
| Other Requester | User who fills out the “Contact us” form on another topic |
| Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or the legal representative of such a User, please contact us. | |
Personal data
Sources of data
We receive your data when you visit the Service and interact with it, depending on your actions on the Service.
You can change your personal data by exercising your right to rectification or by the Service functionality. Please note that the same lawful basis and storage terms apply to the changed data.
We may also (although we do not necessarily do so) receive data from third parties. It depends on your settings and the features you use.
Lawful bases for processing
To process your personal data, we rely on the following lawful bases:
- performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Service) with you;
- legitimate interest — for the processing necessary at the development of our services, taking into consideration your interests, rights, and expectations;
- legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorised public body;
- consent — for additional specific purposes.
Visitors’ data
When you use the Website as the Visitor, we collect some data automatically. We need technical data to operate, support, and improve the Website’s functionality.
| Data | Description | Reasons for processing | Lawful basis |
|---|---|---|---|
| Necessary technical data | Information about your operating system, device type, browser name and version | The smooth operation of the Website | Performance of the contract |
| Necessary cookies | Information that is necessary for the operation of the Website | Improving your experience of using the Website | Performance of the contract |
| Marketing cookies | Marketing information used to match relevant advertising to you | Marketing | Consent |
| Preference cookies | Information necessary for operating some services on the Website | The operation of some services on the Website | Consent |
| Statistics cookies | Information that helps us to understand how you interact with the Website by collecting and reporting information | Improvement of the Website and analysis of the statistic for other purposes | Consent |
| Data storage | |||
| Necessary technical data | Stored during the use of the Website and for 2 years from the last visit. | ||
| Cookies | Stored during the expiry period provided in our Cookie Policy. |
||
Registration data
When you register an account and start to use our service, we collect or assign the data to enable you access and correct work of the Service.
| Data |
Reasons for processing | Lawful basis | |||
|---|---|---|---|---|---|
|
Name, surname |
Register and fill the account |
Performance of the contract |
|||
| Email |
|||||
|
Phone number |
|||||
|
User ID |
|||||
|
Company name |
|||||
| Data storage | |||||
|
Data that is processed based on performance of the contract |
Stored for 3 years from the last interaction. | ||||
General technical data
This section includes information collected for maintaining and optimising the technical aspects of the service, such as device information, browser details, and session logs. This data helps ensure the smooth functioning and security of the service.
| Data |
Reasons for processing |
Lawful basis |
|---|---|---|
|
IP |
IP address from which the request originated. |
Legitimate interest |
|
User Id |
Unique identifier for the user. |
Performance of a contract |
|
Browser Info |
Information about the user's browser. |
Performance of a contract |
|
Event ID |
Unique identifier for the audit event. |
Performance of a contract |
|
Creation Time |
Timestamp indicating when the audit event occurred. |
Performance of a contract |
|
Action type |
Indicates if the audit event is an administrative action. |
Legitimate interest |
|
Settings |
Indicates if the user associated with the audit event is muted. |
Performance of a contract |
|
Event type |
Type of audit event (e.g., login, logout, data access). |
Performance of a contract |
|
User Agent |
User agent information associated with the audit event (e.g., browser, device). |
Legitimate interest |
|
Data storage |
||
|
Data based on performance of the contract |
Stored for 3 years from the last interaction. |
|
|
Data based on legitimate interest. |
Stored for 3 years from the last interaction, if you do not object. |
|
Account data
Account data consists of information related to user accounts, including registration details, authentication records, and account preferences. This data is essential for user access and customization of the service.
|
Data |
Reasons for processing |
Lawful basis |
|---|---|---|
|
AML status |
Indicates if AML (Anti-Money Laundering) is enabled for the user’s transactions. |
Legal obligation |
|
Company Name |
Name of the company associated with the user. |
Performance of a contract |
|
Creation time |
Timestamp indicating when the user account was created. |
Performance of a contract |
|
|
Email address of the user. |
Performance of a contract |
|
Name and surname |
Name of the user. |
Legitimate interest |
|
Group Id |
Identifier for the group associated with the user. |
Performance of a contract |
|
Locale |
Locale settings for the user. |
Legitimate interest |
|
Timestamp |
Timestamp indicating when the user account was last modified. |
Legal obligation |
|
OIDC Provider |
OpenID Connect (OIDC) provider type associated with the user. |
Performance of a contract |
|
Password hash |
Password associated with the user. |
Performance of a contract |
|
Phone |
Phone number associated with the user. |
Performance of a contract |
|
Referral data |
Referral code associated with the user. Identifier for the user who referred this user. |
Legitimate interest |
|
UserType |
Type of user account. |
Performance of a contract |
|
Verification Level |
Level of verification for the user. |
Legal obligation |
|
Data storage |
||
|
Data based on legal obligation |
Stored for 6 years from the collection. |
|
|
Data based on performance of the contract |
Stored for 3 years from the last interaction. |
|
Usage data
Usage data encompasses information about how users interact with the service, including pages visited, actions performed, and duration of sessions. This data aids in understanding user behaviour and improving the service based on usage patterns.
| Data |
Reasons for processing |
Lawful basis |
|---|---|---|
| Password_log |
Password-related actions: password forgotten, changed, incorrect login attempt, and attempts counter reset. |
Performance of the contract
|
|
Email_log |
Password-related actions: password forgotten, changed, incorrect login attempt, and attempts counter reset. |
|
|
Account status |
Account security actions: temporary freezing, blocking, excessive login attempts, and unblocking. |
|
|
API status |
API token management: creation, deletion, activation, and deactivation. |
|
| 2FA |
Two-factor authentication (2FA) events: activation, deactivation, and incorrect TOTP entry. |
|
|
Verification status |
Account verification and completion: confirmation of signup, phone verification, and completion of KYC process. |
|
|
History of changes
|
Account profile updates: changes in user type or role, and updates to associated names. |
|
| Data storage | ||
|
Data based on performance of a contract |
Stored for 3 years from the end of service usage. |
|
Payment page
This section pertains to data collected during the payment process, such as transaction details, payment method used, and billing information. It is crucial for facilitating secure and efficient payment transactions.
| Data |
Reasons for processing |
Lawful basis |
|---|---|---|
|
User Id |
Unique identifier for the user. |
Legal obligation |
|
Creation Time |
Timestamp indicating when the user account was created. |
|
|
Key request |
Key associated with the payment service provider (PSP) used for the transaction request. |
|
|
Transaction Id |
Unique identifier for the transaction. |
|
|
Currency |
Currency used for the transaction. |
|
| Amount |
Amount of currency involved in the transaction. |
Legal obligation |
|
IP |
IP address from which the request originated. |
Performance of the contract |
|
Fingerprint |
Fingerprint data associated with the user (nullable). |
Legal obligation |
|
Card holder name |
Name of the cardholder for the payment card used in the transaction. |
Legal obligation |
|
Card holder name |
Name of the cardholder for the payment card used in the transaction. |
Legal obligation |
|
Card details
|
First 8 digits (partial) and last 4 digits (partial) of the payment card's PAN (Primary Account Number). Expiry date of the payment card |
Legal obligation
|
|
Hash data |
Hashed value associated with the payment card. |
Legal obligation |
|
Verification status |
Data related to anti-fraud measures and integration. |
Legal obligation |
|
Fraud score |
Risk score assigned by the anti-fraud system (Double). |
Legal obligation |
|
Card token |
Hashed values of the payment card's PAN and token. |
Legal obligation |
|
Time of transaction |
Timestamp indicating when the transaction was created (OffsetDateTime). |
|
|
Error Status |
Status of any errors encountered during the transaction (CardPayErrorStatus). |
|
|
Integration ID |
Identifier for the integration. |
|
|
Client Order Id |
Identifier for the client's order associated with the transaction. |
|
|
Data storage |
||
|
Data based on legal obligation |
Stored for 6 years from the collection. |
|
|
Data based on performance of a contract |
Stored for 3 years from the end of service usage. |
|
Сrypto exchange process
Data related to cryptocurrency exchange processes, including transaction history, exchange rates, and wallet information. This data is necessary for executing and monitoring cryptocurrency transactions securely.
|
Data |
Reasons for processing |
Lawful basis |
|---|---|---|
|
ID |
Unique identifier for the transaction. |
Performance of the contract |
|
Amount |
Amount of the transaction. |
|
|
Creation time |
Timestamp indicating when the transaction was created. |
|
|
Currency |
Currency type of the transaction. |
|
|
Timestamp data |
Timestamp indicating when the transaction expires. |
|
|
Timestamp indicating the last update time of the transaction. |
||
|
Transaction Name |
Name associated with the transaction. |
|
|
Control ID |
Reason for any conflicts in the Crypto Acquiring Deposit Request. |
|
|
Status |
Status of the Crypto Acquiring Checkout. |
|
|
Transaction type |
Type of the Crypto Acquiring transaction. |
|
|
User Id |
Identifier for the user associated with the transaction. |
|
|
Data storage |
||
|
Data based on performance of a contract |
Stored for 3 years from the end of service usage. |
|
Notification and marketing data
Information gathered for managing communication with users, including email preferences, notification settings, and marketing analytics. This data helps in delivering relevant updates and promotions to users.
|
Data |
Reasons for processing |
Lawful basis |
|---|---|---|
|
Location |
To inform you about useful information, promos and other activities |
Consent |
|
|
||
|
|
To send you emails related to the usage of the Service |
Legitimate interest |
|
History of interaction |
Analyse and improve service |
Legitimate interest |
|
Data received from 3rd parties |
Analyse and improve service |
Legitimate interest, Consent |
|
Data storage |
||
|
Data based on legitimate interest. |
Stored for 3 years from the last interaction, if you do not object. |
|
|
Data based on consent. |
Stored for 2 years from collection, if you do not withdraw consent. |
|
Third-party providers
We use 3rd-party providers for our marketing activities. Here you can see the list and read how we involve them.
|
Name |
Description |
|---|---|
|
Google tag manager |
Google service that allows quickly and easily updating measurement codes and related code fragments collectively known as tags on your website or mobile app. Please see details at Privacy Notice. |
|
Apollo |
A cloud-based sales automation tool that serves as a tool for lead generation, contact database management, and email outreach. Please see details at Privacy Notice |
Report and customer support data
Data collected during customer support interactions, including issue reports, support tickets, and user feedback. This data is vital for resolving user queries and improving the overall service experience.
|
Data |
Reasons for processing |
Lawful basis |
|---|---|---|
|
User ID |
To identify the user |
Performance of a contract |
|
Request data |
Understand and complete your request |
|
|
Data storage |
||
|
Data based on performance of a contract |
Stored for 3 years from the end of service usage. |
|
Data received from third parties
We may receive some personal data from third parties.
The amount of data collected, the purposes, and the lawful basis for processing is determined by the respective privacy documents of these third parties.
|
Party name |
Type of data |
Reasons for processing |
|
|---|---|---|---|
|
Google analytics |
User behaviour |
Contact Information |
Analytics and monitoring |
|
Google Search Console |
User behaviour on the site |
Demographic Information |
Improving user experience |
|
ActiveCampaign CRM |
History of interaction |
Social Profile Information |
Optimization of marketing campaigns |
|
Calendly |
Interests and preferences |
Communication preferences |
Personal connection with clients |
|
Hotjar |
Session Recordings, Surveys and Polls |
Chat history |
Evaluating the effectiveness of email marketing |
|
Zoho Live Chat |
Purchase and transaction data |
Integration with external services |
Brand reputation monitoring |
|
GetResponse |
Traffic data |
Events and interactions |
Audience segmentation and targeting |
|
Data storage |
|||
|
Legal basis |
Legitimate interest |
Сonsent |
|
|
Term |
3 years from the last interaction, if you do not object. |
2 years from collection, if you do not withdraw consent. |
|
Data sharing with third parties
We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organisational and technical measures to ensure the security of personal data during data transfer to third-party.
|
Third parties |
Description |
|---|---|
|
Analytics tools |
We use analytics tools to understand and promote our business. |
|
Messengers |
We use messengers to communicate with you in ways that are convenient for you. |
|
Contractors, services providers on Service |
We cooperate with service providers and contractors to provide you with their services, operate, develop and improve the features and functionality of the Service, fulfil your support requests, complete payment transactions, etс. |
|
Providers of the services our team use |
We use CRM systems, messengers, and other services in our organisation to provide you with our services. |
|
State authorities, courts, law enforcement agencies, etc |
We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies:
|
|
To get a detailed list of the third-party recipients of your personal data, contact us. |
|
To share your data, we rely on the following lawful bases, depending on the case: consent, compliance with the law, and performance of a contract.
Data transfer outside the European Economic Area
The data is stored in Germany by default, but we may need to process your personal data in another country.
If there is no adequate decision by the European Commission regarding the country we transfer data to, we use the adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
If there is an adequate decision by the European Commission regarding the country we transfer data to, we can transfer personal data to that third country without any further safeguard being necessary.
You can read more detailed measures to protect your personal data here.
Data protection
We are regularly certified by ISO 27001 Standard.
We apply a variety of security measures appropriate to the possible risks.
|
Organisational measures |
|
|---|---|
|
Staff training |
Internal policies and instructions |
|
Non-disclosure agreements (NDA) |
Transfer protection |
|
Physical measures |
|
|---|---|
|
Video monitoring |
Signalling |
|
Limited access to premises |
Round the clock security |
|
Technical measures |
|
|---|---|
|
Two-factor authentication |
Backups |
|
Firewalls |
Encryption technologies |
Data subjects rights
You, as a data subject (individual), have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them depending on your residency.
European Economic Area residents
You, as a data subject, have the right to interact with its data directly or through a request to us. This section describes these rights and how you can exercise them:
|
Right |
Description |
|---|---|
|
Right to access |
You can request an explanation of the processing of your personal data. |
|
Right to rectification |
You can change the data if it is inaccurate or incomplete. |
|
Right to erasure |
You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
|
Right to restrict the processing |
You may partially or completely prohibit us from processing your personal data. |
|
Right to data portability |
You can request all the data you provided to us and request to transfer data to another controller. |
|
Right to object |
You may object to the processing of your personal data. |
|
Right to withdraw consent |
You can withdraw your consent at any time. |
|
Right to file a complaint |
If your request was not satisfied, you could file a complaint to the regulatory body. |
|
To exercise your rights, contact us. If your request was not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. |
|
Cookies
We use cookies that are needed for the Website’s operation. By using cookies, we receive automatically collected data. You can read more in the Cookie Policy.
If you want to turn off cookies, you can find instructions for managing your browser settings at these links:
Internet Explorer
Firefox
Chrome
Opera
Microsoft Edge
Vivaldi
Safari
BravePrivacy Notice updates
This Privacy Notice is developed according to the General Data Protection Regulation, other applicable privacy laws, and best privacy practices.
Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice.
If there are material changes to the Privacy Notice or the Service that affect your data privacy rights, we will notify you by displaying information via the Service and, if necessary, ask for your consent.