Privacy Policy
1. Introduction
This Privacy Policy outlines how INFINITY PAY sp. z o. o. (referred to as "we," "our," or "us" in this Policy) gathers, utilizes, and disseminates information related to your interaction with our products, services, and website. The Policy is designed to align with the European General Data Protection Regulation (GDPR) requirements, ensuring that your personal data is handled transparently, legally, fairly, and securely.
2. Purpose and Scope of Data Processing
This document details the types of personal data we collect through our website and services, the methods and purposes for collecting it, how we utilize this data, and with whom we may share it. Additionally, the Policy provides an overview of your rights regarding your personal data and explains how you can exercise these rights.
3. Data Protection and Security
Our primary goal is to safeguard the security and integrity of the funds you entrust to us, ensuring the fairness, competitiveness, authenticity, and transparency of the market, as well as your transactions and orders. While we may occasionally update this Privacy Policy, we commit to doing so without compromising our core mission. Should any modifications occur to this Policy (or related policies such as our Terms of Service or Cookie Policy), we will inform you of these changes via email and by updating this page.
4. Importance of Policy Awareness
We strongly encourage you to thoroughly read this Policy to fully understand the processes involving your data and to be aware of your rights. If you have any questions or concerns regarding this Privacy Policy, how your data is collected and used, or any other data-related inquiries, please feel free to reach out to us at exchange@infinity-pay.net.
5. Definitions
This section provides explanations for the key terms used in this Privacy Policy, clarifying what constitutes your personal data and identifying the roles of those who control and process this data.
5.1 Personal Data
"Personal Data" refers to any information that can directly or indirectly identify you as an individual. This includes your name, identification numbers, location data, and any online identifiers that reveal information about your physical, genetic, mental, economic, cultural, or social identity.
5.2 Information Regarding the Deceased
Personal Data applies only to individuals with legal capacity, meaning those who can exercise their rights, provide consent, and enter into agreements. This capacity begins at birth and ends upon death. Consequently, any information related to a deceased person is not classified as Personal Data under this Policy.
Nonetheless, we are committed to ensuring that any personal data collected from you during your lifetime remains secure and protected after your death. We will not disclose or share this information in any way not outlined in this Policy or as permitted by the GDPR.
5.3 Data Controller
As specified by the GDPR, INFINITY PAY sp. z o. o. serves as the Data Controller for your personal data. This means we are responsible for determining what data is collected, how and why it is collected, how it is shared, and what measures are used to process it.
5.4 Data Processing
We collaborate with certain vendors and partners who assist in processing your personal data. For detailed information on how your data is processed, the vendors involved, and the countries where your data may be processed.
6. Data Collection Practices
To deliver our services and provide our products, it is necessary to collect certain information about you.
6.1 Data Provided by You
This category includes any content and information you submit when utilizing our services and products. INFINITY PAY sp. z o. o. will never request information related to your racial or ethnic background, sexual orientation, political opinions, philosophical or religious beliefs, biometric or genetic data, or trade union membership.
6.1.1 Creating an Account
When registering for a personal account, we may request contact details such as your full name, home address, e-mail address and telephone number. In addition, to verify your identity and to ensure compliance with legal obligations to combat money laundering and terrorist financing (“AML/CFT Law”), we may also request official identification information such as your passport, national identity card, driver's license and other relevant identification documents.
6.1.2 Communicating with Us
Should you contact us directly, we may ask for further details, including your name, email address, home address, and phone number. We will always explain why this information is necessary.
6.1.3 Payment Information
Our services allow you to choose your preferred payment method for processing transactions. However, we do not store your financial account details, as these are securely handled by our third-party payment processors.
7. Use of Cookies
We utilize cookies on our website to collect data on how users interact with our services. This data may include information on website features used, visit frequency, and interactions with the website’s functionalities.
Cookies are small text files sent by your web browser from a website you visit, storing user preferences and other relevant information. Cookies help improve your browsing experience by saving time or informing the web server that you have returned to a specific page.
7.1 Log Files
We also maintain log files that store information gathered from your use of our services. These files help us improve website functionality, optimize performance, and enhance the overall quality of our services. Log files may store data such as IP addresses, browser types, operating systems, ISP information, referring/exit pages, landing pages, date and time stamps, and clickstream data. This data may sometimes be considered personal information under GDPR.
7.2 Data from Partners and Third Parties
Our authorized partners may provide us with your personal data, which they have collected and shared with us. We ensure that our partners have the legal right to collect, use, and share your personal data before disclosing it to us.
8. Anonymized Data
Anonymization, as defined by the GDPR, is a process that modifies personal data to the extent that it can no longer be linked to a specific individual, directly or indirectly.
INFINITY PAY sp. z o. o. may use anonymized data to conduct research, understand customer needs, carry out marketing activities, detect and prevent security breaches, and for other business-related purposes.
9. Use of Collected Data
We use the data we collect for various purposes, including:
- Providing, operating, and maintaining our services;
- Processing payments and executing transactions in line with market fairness and transparency;
- Preventing the loss of funds due to fraud or abuse of our services;
- Ensuring compliance with laws related to anti-money laundering and terrorism financing;
- Compliance with the rules established by the Polish organization General Inspector of Financial Information (GIIF);
- Communicating with you through direct or partner channels for customer support, service updates, and marketing;
- Sending emails such as notifications, reminders, and confirmations;
- Improving service quality;
- Conducting research and development to enhance our services;
- Analyzing user behavior and preferences to better understand our customers;
- Promoting the security and integrity of your data and our services.
10. Sharing of Data
We may share the data we collect in various ways with third parties.
10.1 Vendors and Service Providers
We share collected data with vendors and service providers who assist us in running our business. These may include payment platforms, web and mobile analytics services, advertisers, IT partners, and marketing products.
10.2 Payment Platforms
As a merchant, we share your information with payment platforms to process your transactions. INFINITY PAY sp. z o.o. may share your information with these platforms to complete your order, but we do not store or use your payment information for any purpose other than processing the transaction.
11. Data Security Measures
At INFINITY PAY sp. z o. o., we prioritize the security of your personal information. We implement various physical, technical, and administrative safeguards to ensure the confidentiality and integrity of your data.
12. Data Retention
We comply with GDPR requirements and relevant regulatory standards to securely store your personal data for as long as necessary to fulfill the purposes for which it was collected. Data retention periods vary depending on the legal requirements and purposes of the data collection.
13. Legal Basis and Legitimate Interests
Our legal grounds for collecting, using, and sharing your personal data depend on the context. These may include your consent, the need to perform a contract, compliance with legal obligations, or our legitimate interests.
14. Your Rights
As a data subject, you have rights under GDPR, including accessing, updating, correcting, or erasing your data, objecting to or restricting its processing, and data portability.
15. Automated Decision-Making
We may use automated tools to assess risks related to fraud or financial crimes, but we do not rely solely on automated processing for decision-making.
16. International Data Transfers
We take steps to ensure that your data is handled securely, even when transferred to processors outside the EU/EEA.
17. Children’s Privacy
We do not knowingly collect or process data from children under 18 years of age.
18. Policy Updates
We may update this Policy periodically to reflect changes in regulations or our practices. You will be notified of any significant changes via email and through our website.
19. Contact Information
For any questions or concerns about this Policy or your data rights, please contact us at exchange@infinity-pay.net