- Controller – the Controller of personal data pursuant GDPR, which is Kanga Exchange;
- Joint Controller – the joint controller of personal data pursuant to GDPR, which is Mosaico;
- Kanga Exchange – Good Investments LTD, registered in accordance with the International Business Companies Act of the the Republic of Seychelles, Company Number: 192185; EU correspondence address: 220C Blythe Road, W14 OHH London, United Kingdom;
- Mosaico – Sapiency sp. z o.o. headquartered at ul. Lekarska 1, 31-203 Kraków, Poland, and registered under KRS number 789717;
- Personal Data – Users’ personal data within the meaning of GDPR transferred in connection with using the Service;
- Processing of personal data – all operations performed on personal data within the meaning of GDPR;
- GDPR – Regulation of the European Parliament and of the Council (UE) 2016/679 of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/CE (J. o L. UE 2016 it. L119);
- Website – website made available through the agency of Kanga.Exchange and subdomains;
- Services – Services rendered by Kanga Exchange electronically that guarantee the possibility to associate the Users via the Service for the purpose of performing the purchase or sale of crypto currency available in the Website;
- User – natural or legal persons, who accepted the Kanga Exchange’s Terms of Service and concluded the agreement for performance of the Service with Kanga Exchange.
All terms written with a capital letter and not defined above ought to be understood in conformity with the definitions included in Kanga Exchange’s Terms of Service.
II. Joint Agreements
Under the joint administration agreement concluded between the Controller and the Joint Controller, the scopes of responsibility regarding the fulfillment of obligations under the GDPR have been established as follows:
- The Controller and the Joint Controller will jointly process the data provided by Users to the extent necessary for the intended purpose.
- The Controller and the Joint Controller will jointly process the data provided by Users for marketing purposes, with the User’s prior consent, given separately to the Controller and the Joint Controller.
III. General Information
- The Website performs the functions of obtaining information on the Users and their behavior as follows:
- by entering information into forms;
- by storing files (called “cookies”) on terminal devices;
- by collecting web server logs and other information occurring in connection with or as a result of functioning of and using of the Service;
- by recording and collecting personal data in the form of recording the User’s image obtained via a video communicator (e.g. skype).
IV. Principles of Collection of Users’ Personal Data
- Using Services is connected with the necessity to provide Personal Data by the Users. Failure to provide all Personal Data required by Kanga Exchange can lead to impossibility to provide Services by Kanga Exchange.
- The Website collects information provided by the User.
- The Website can moreover record information on the parameters of connection (determination of time, IP address etc.).
- Data obtained from the Users is not made available to third parties unless:
- the User expresses their consent;
- it is justified by the provisions of law;
- it is necessary for the purpose of providing Services, in particular in the technical scope of Services dealing with payments and also of other entities that Kanga Exchange cooperates with by performance of the Service.
V. Scope of Data Protection and processing thereof
- In connection with the performance of the given Service, the Controller can request that the User provides Personal Data. In particular in case of:
- a. a natural person: the features of the document stating the User’s identity as well as their name, surname, citizenship, address of residence, country of birth, information on tax residence and occupied exposed political position, telephone number, date of birth and ID Number. In case of foreign Users who have no National ID number, one should provide the equivalent of such number (the national identification number) (or file a statement on non-possession of National ID number number);
- b. in case of an institutional User: to send a scan of extract from the Commercial Register, data concerning business activity, a scan of a confirmation of assigning it a tax identification number – unless the given number is shown in the transcript from the Trade Register, as well as, providing the features of the document stating the identity of the person authorized to represent the User, his/her name, surname, citizenship, address of residence, information on tax residence and occupied exposed political position, telephone number, date of birth and National ID number (personal identity number). The User is also obliged to provide the above information regarding all actual beneficiaries of the User up to the indication of natural persons.
- For the purpose of verification of data the User must present to the Kanga Exchange employee an identity document or send a scan or photo thereof in the .jpg or .png format by means of the form on the Website. The scan/photo of the identity document must meet the following terms: data on the document must be clearly visible, all edges of the document must be visible, no data can be covered. The file cannot contain any signs of digital remake (e.g. painting over of an element using a graphic program). Placement of a water line is admissible. In case of doubts Kanga Exchange can ask the User to send the photo of their identity document made so that both the User’s face and their identity document can be seen simultaneously (the so-called selfie) or connect with the User via a video communicator (e.g. skype).
- Confirmation of the User’s or User’s representative’s address can take place on the basis of a photo in the .jpg or .png format, a bill (for electricity, water, gas etc.), an agreement with a public trust institution or an official letter with the User’s address data with the name and surname as well as the date of preparation (not older than 6 months).
- Personal data is processed pursuant to the provisions of the Regulation of the European Parliament and of the Council (UE) 2016/679 of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/CE (J. o.L. UE 2016, it. L119) and provisions of the hapter 373 of the Act on money laundering of September 23, 1994 (CAP 373).
- The basis for the processing of data are the User’s consent or provisions of law that authorize to process personal data.
- The provision of data by the User is voluntary, however indispensable for rendering the Services.
- Personal data shall not be made available to other entities without the User’s knowledge except for the entities authorized under the provisions of law.
- Each User has the right to inspect their personal data, amendment or removal thereof inasmuch it fails to violate the provisions of law and can be performed from the level of the user’s panel.
- The Controller can deny the performance of the rights indicated in p.8 if it results so from the provisions of law, information is subject to the pending dispute or it is indispensable for explanation of circumstances of User’s violation of the Terms of Service.
- The Controller has the right to take any actions to increase the security of the Services provided by the Controller.
VI. User’s Rights
- The User has the right to access the content of Personal Data and amendment thereof.
- The User is authorized to demand supplementation, updating, correction of personal data, temporary or permanent cessation of processing thereof or removal thereof if it is incomplete, outdated, untrue or has been collected contrary to the law or is useless for the performance of the purpose for which it was collected.
- In case of amendment of Personal Data, the User is obliged to perform actions aiming at updating Personal Data on their Account.
- The Controller can deny removal of Personal Data in a justified case, and in particular if the User:
- a. has not paid all amount due to the Controller, or
- b. has violated the Terms of Service, or
- c. has violated the effective provisions of law,
- In case of doubts regarding the method of processing Personal Data, the User can receive explanation from the Controller and has the right to file an inquiry, a reservation or a complaint to the supervisory body.
- Personal Data provided specifically for marketing purposes can be used for automated decision making and profiling.
- The user has the right to lodge a complaint with the President of the Personal Data Protection Office on the terms set out in the GDPR.
- The User has the right to object to the processing of Personal Data and to demand that such processing be restricted.
- The User has the right to request the transfer of Personal Data.
- The basis for processing data are in particular the effective regulations and provisions of law and the consent if it was given by the User.
- Personal Data will be processed for the duration of the Agreement for rendering the Service.
- Contact with the Controller of Data: firstname.lastname@example.org.
- Contact with the Joint Controller of Data: email@example.com.
VII. Information on cookie files
- The Website uses cookie files.
- The cookie files (the so-called “cookies”) constitute information data, in particular text files, which is stored on the User’s terminal device and is intended for the usage of the Website. Cookies usually contain the name of Website they come from, duration of storage thereof on the terminal device and a unique number.
- The entity that places the cookie files on the User’s terminal device and receiving access thereto is Kanga Exchange.
- The cookie files are used for the following purposes:
- creation of statistics that help to understand in what way the Users use Website, which allows improvement of structure and content thereof;
- up-keeping of the User’s session (after logging in) thanks to which the User does not have to write again the login and password on each subpage;
- definition of the user’s profile for the purpose of displaying to him adjusted materials in advertising networks, in particular in the Google network.
- Within the framework of the Website, two basic types of cookies are applied: session cookies and persistent cookies. “Session” cookies are temporary files that are stored on the User’s terminal device until they log out, leave the Website or disable the software (web browser). “Persistent” cookies are stored on the User’s terminal device for a period of time stipulated in the parameters of cookies files or until the User removes them.
- Software for browsing websites (web browser) usually by default allows cookies to be stored on the User’s terminal device. The Users can change settings in this scope. The web browser enables to delete cookies. It is possible to automatically block cookies. Detail information on the subject can be found in the help section or documentation of the web browser.
- Limitation of usage of cookies can affect some of the functionality available on the Website.
- Cookies files are placed on the User’s final device and can be also used by advertisers and partners that cooperate with Kanga Exchange. We recommend reading the privacy protection policy of these companies and to become acquainted with the principles of using cookie files used in the statistics.
- Cookie files can be used by advertising networks, in particular the Google network, to display advertisements matched to the way the User uses the Website. For this purpose they can retain information on the User’s navigation path or the time they stay on the page.
- In terms of information on the User’s preferences stored by the Google Display Network, the User can view and edit information derived from cookie files with the tool: https://www.google.com/ads/preferences/
VIII. Server logs
- Information on some actions of the Users are subject to log into the server layer. This data is only used to administrate the Website and to ensure the most efficient hosting services, also for evidential purposes in connection with committed crimes or due to circumstances connecte with seeking claims in civil proceedings.
- Browsed resources are being identified by URLs. Moreover, the following data may be stored:
- date of request,
- time of reply,
- name of User’s station – identification carried out by HTTP, HTTPS protocols,
- information on errors that occurred during the HTTP, HTTPS transactions,
- URL of the page previously visited by the User (referer link) – when the transition to the Website took place by reference,
- information about the User’s browser,
- IP address information.
- Some of the above data is not associated with particular Users using the Website. The Controller does not associate this data with the User’s Personal Data and does not use it for User’s identification as it is only used for the purpose of server administration.
IX. Cookie Files Management – how to express and retract permission in practice?
- If the User does not agree to receive cookie files, they can change the browser settings. We reserve that disabling cookies required for authentication, safety, maintenance of User’s preferences may hinder and in extreme cases prevent the use of the Website.
- Information on management of cookies settings in the given browser can be found on the Website of editor thereof.
The User can anytime contact the Controller to obtain information under the following address: firstname.lastname@example.org