Privacy Policy of the Fxprop.com Online Service
TABLE OF CONTENTS:
1. GENERAL PROVISIONS
2. BASIS FOR DATA PROCESSING
3. PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING IN THE ONLINE SERVICE
4. RECIPIENTS OF DATA IN THE ONLINE SERVICE
5. PROFILING IN THE ONLINE SERVICE
6. RIGHTS OF THE DATA SUBJECT
7. COOKIES IN THE ONLINE SERVICE AND ANALYTICS
8. FINAL PROVISIONS
1) GENERAL PROVISIONS
1. This online service’s privacy policy is informational, meaning that it is not a source of obligations for the Users of the Online Service. The privacy policy primarily contains principles regarding the processing of personal data by the Administrator in the Online Service, including the basis, purposes, and period of personal data processing, as well as the rights of the data subjects, and information on the use of cookies and analytical tools in the Online Service.
2. The personal data collected through the Online Service is processed by the Administrator by applicable laws, particularly by the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons about the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation”. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.
3. Use of the Online Service is voluntary. Similarly, the provision of personal data by the User of the Online Service is voluntary, subject to two exceptions: (1) use of Fxprop.com Services – failure to provide personal data in cases and to the extent indicated on the Online Service page, in the Regulations, and in this privacy policy necessary to use a specific Fxprop.com Service results in the inability to use this service. In such a case, providing personal data is a contractual requirement, and if the person whose data is concerned wants to use the Services provided by the Administrator, they are obliged to provide the required data. Each time the range of data required to use the Fxprop.com Services is indicated in advance on the Online Service page and in the Online Service Regulations; (2) legal obligations of the Administrator – providing personal data is a legal requirement arising from generally applicable legal provisions imposing an obligation on the Administrator to process personal data (e.g., data processing for accounting purposes) and failure to provide them will prevent the Administrator from fulfilling these obligations.
4. The Administrator takes special care to protect the interests of persons whose personal data he processes, and in particular is responsible for and ensures that the data collected by him are: (1) processed by the law; (2) collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes; (3) factually correct and adequate about the purposes for which they are processed; (4) stored in a form allowing for the identification of the persons they concern, no longer than is necessary to achieve the purpose of processing, and (5) processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures (e.g., SSL certificate, data encryption).
5. Taking into account the nature, scope, context, and purposes of processing as well as the risk of violating the rights or freedoms of natural persons of varying probability and severity of the threat, the Administrator implements appropriate technical and organizational measures to ensure that processing is by the GDPR Regulation and to be able to demonstrate this. These measures are subject to review and update as necessary. The Administrator applies technical measures to prevent unauthorized persons from acquiring and modifying personal data transmitted electronically.
6. All words, expressions, and acronyms appearing in this privacy policy and starting with a capital letter (e.g., Service Provider, Online Service, Services) should be understood by their definition contained in the Regulations of the Online Service available on the pages of the Online Service.
2) BASIS FOR DATA PROCESSING
1. The Administrator is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the person whose data is concerned has consented to the processing of their data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the person whose data is concerned is a party, or to take actions at the request of the person whose data is concerned, before entering into a contract; (3) processing is necessary to fulfill a legal obligation incumbent upon the Administrator; or (4) processing is necessary for the purposes arising from legally justified interests pursued by the Administrator or by a third party, except in situations where the predominant character over these interests have the interests or fundamental rights and freedoms of the person whose data is concerned, requiring the protection of personal data.
2. Processing of personal data by the Administrator always requires the presence of at least one of the bases indicated in section 2.1 of the privacy policy. Specific bases for processing personal data of Users of the Online Service by the Administrator are indicated in the next section of the privacy policy – about the specific purpose of processing personal data by the Administrator.
3) PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING IN THE ONLINE SERVICE
1. Each time, the purpose, basis, duration, and recipients of personal data processed by the Administrator result from the actions taken by a given User in the Online Service.
2. The Administrator may process personal data in the Online Service for the following purposes, on the following bases, and for the following periods:
| Purpose of data processing | Legal basis for data processing | Data retention period |
| Using fxprop.com Services available on the Online Service | Article 6(1)(b) of the GDPR (contract) – processing is necessary for the conclusion and performance of a contract to use fxprop.com Services, to which the person whose data is concerned is a party, or to take actions at the request of the person whose data is concerned, before entering into a contract. | Data is stored for the period necessary to perform, dissolve, or otherwise terminate a contract concluded with the Administrator. |
| Direct marketing | Article 6(1)(f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes arising from the legally justified interests of the Administrator – which consist of caring for the interests and good image of the Administrator, his Online Service, and the provision of fxprop.com Services. | Data is stored for the period of the existence of a legally justified interest pursued by the Administrator, but no longer than the period of limitation of claims of the Administrator against the person whose data is concerned, due to the Administrator’s business activities. The limitation period is defined by Polish law, particularly the Civil Code (the basic limitation period for claims related to business activities is three years). The Administrator may not process data for direct marketing purposes in case of an effective objection in this regard by the person whose data is concerned. |
| Marketing | Article 6(1)(a) of the GDPR (consent) – the person whose data is concerned has consented to the processing of their personal data for marketing purposes by the Administrator (e.g., by subscribing to a newsletter). | Data is stored until the withdrawal of consent by the person whose data is concerned for further processing of their data for this purpose. |
| Keeping accounting records | Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act dated January 30, 2018 (Journal of Laws of 2018, item 395 as amended) – processing is necessary to fulfill a legal obligation incumbent upon the Administrator. | Data is stored for the period required by legal provisions obligating the Administrator to keep accounting records (5 years, counting from the beginning of the year following the financial year to which the data relates). |
| Establishment, pursuit, or defense of claims that may be raised by the Administrator or that may be raised against the Administrator | Article 6(1)(f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes arising from the legitimate interests of the Administrator – consisting in the establishment, pursuit or defense of claims that may be raised by the Administrator or that may be raised against the Administrator | Data are stored for the period of the existence of the legitimate interest pursued by the Administrator, but no longer than the period of limitation of claims that may be raised against the Administrator (the basic limitation period for claims against the Administrator is six years). |
| Using the website of the Online Service and ensuring its proper functioning | Article 6(1)(f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes arising from the legitimate interests of the Administrator – consisting in the operation and maintenance of the Online Service’s website | Data are stored for the period of the existence of the legitimate interest pursued by the Administrator, but no longer than the period of limitation of the Administrator’s claims in relation to the person whose data are concerned, due to the business activities conducted by the Administrator. The limitation period is determined by the provisions of Polish law, in particular the Civil Code (the basic limitation period for claims related to conducting business activities is three years). |
| Conducting statistics and analyzing traffic in the Online Service | Article 6(1)(f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes arising from the legitimate interests of the Administrator – consisting in conducting statistics and analyzing traffic in the Online Service in order to improve the functioning of the Online Service and increase the reach of the provided Fxprop.com Services | Data are stored for the period of the existence of the legitimate interest pursued by the Administrator, but no longer than the period of limitation of the Administrator’s claims in relation to the person whose data are concerned, due to the business activities conducted by the Administrator. The limitation period is determined by the provisions of Polish law, in particular the Civil Code (the basic limitation period for claims related to conducting business activities is three years). |
4) DATA RECIPIENTS IN THE ONLINE SERVICE
1. For the proper functioning of the Internet Service, including the proper provision of Services by the Administrator of Fxprop.com, the Administrator must use services of external entities (such as software or server providers). The Administrator only uses the services of such processing entities who provide sufficient guarantees of implementing appropriate technical and organizational measures, so that processing meets the requirements of the GDPR and protects the rights of the data subjects.
2. Personal data may be transferred by the Administrator to a third country, whereby the Administrator ensures that in such a case it will be done about a country providing an adequate level of protection, and in the absence of an appropriate decision confirming the adequate level of protection of that country, based on standard data protection clauses – by the GDPR, and the data subject can obtain a copy of their data. The Administrator transfers the collected personal data only in the case and to the extent necessary to achieve the given purpose of data processing consistent with this privacy policy.
3. The transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers data only when it is necessary for the realization of a given purpose of processing personal data and only to the extent necessary for its achievement.
4. Personal data of Users of the Internet Service may be transferred to the following recipients or categories of recipients:
a. providers of marketing and advertising services (e.g., providers of solutions in the field of emailing and optimization of marketing campaigns) – The Administrator shares collected personal data of the User with a selected provider acting on his behalf only in the case and to the extent necessary to achieve the given purpose of data processing consistent with this privacy policy, for example, when the User has consented to receiving a newsletter or when taking specific actions is based on the realization of the legally justified interests of the Administrator.
b. providers of services supplying the Administrator with technical, IT, and organizational solutions, enabling the Administrator to conduct business activities, including the Internet Service and services provided through it by Fxprop.com (in particular providers of computer software for running the Internet Service, email and hosting providers, and providers of software for business management and providing technical assistance to the Administrator) – The Administrator shares collected personal data of the User with a selected provider acting on his behalf only in the case and to the extent necessary to achieve the given purpose of data processing consistent with this privacy policy.
c. providers of accounting, legal, and advisory services providing the Administrator with accounting, legal, or advisory support (in particular accounting offices, law firms, or debt collection companies) – The Administrator shares collected personal data of the User with a selected provider acting on his behalf only in the case and to the extent necessary to achieve the given purpose of data processing consistent with this privacy policy.
5) PROFILING IN THE ONLINE SERVICE
1. The GDPR imposes an obligation on the Administrator to inform about automated decision-making, including profiling as referred to in Article 22(1) and (4) of the GDPR, and – at least in those cases – significant information about the principles of their making, as well as the significance and anticipated consequences of such processing for the data subject. With this in mind, the Administrator provides information in this section of the privacy policy regarding possible profiling.
2. The Administrator may use profiling in the Online Service for direct marketing purposes, but decisions made by the Administrator based on it do not relate to the conclusion or refusal to agree with the Administrator or the possibility of using the Fxprop.com Services on the Online Service. The effect of using profiling in the Online Service may be, for example, a reminder about unfinished actions in the Service, granting a discount, sending a proposal for a service, or a prop-trading company that may correspond to the interests or preferences of a given person, or proposing better terms compared to the standard offer of the Online Service. Despite profiling, it is the individual who freely decides whether they want to use, for example, the discount or offer received in this way.
3. Profiling in the Online Service involves the automatic analysis or prediction of a person’s behavior on the Online Service page, e.g., by analyzing their history of actions taken in the Online Service. The condition for such profiling is the possession of the personal data of a given person by the Administrator, to subsequently send them, for example, a discount or offer.
4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
6) RIGHTS OF THE DATA SUBJECT
1. Right of access, rectification, restriction, erasure, or portability – the data subject has the right to request from the Administrator access to their data, their rectification, erasure (“the right to be forgotten”) or restriction of processing and has the right to object to processing, as well as the right to data portability. The detailed conditions for exercising the rights mentioned above are indicated in Articles 15-21 of the GDPR.
2. Right to withdraw consent at any time – a person whose data is processed by the Administrator based on expressed consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR), has the right to withdraw consent at any time without affecting the legality of the processing that was carried out based on consent before its withdrawal.
3. Right, to complain with a supervisory authority – a person whose data is processed by the Administrator has the right to complain with a supervisory authority in the manner and mode specified in the provisions of the GDPR.
4. Right to object – the data subject has the right at any time to object – for reasons related to their particular situation – to the processing of their data based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the Administrator is no longer allowed to process these personal data, unless they demonstrate the existence of valid legally justified grounds for processing, overriding the interests, rights, and freedoms of the data subject, or grounds for establishing, pursuing, or defending claims.
5. Right to object concerning direct marketing – if personal data are processed for direct marketing purposes, the data subject has the right at any time to object to the processing of their data for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
6. To exercise the rights mentioned in this section of the privacy policy, you can contact the Administrator by sending an appropriate written message or email to the Administrator’s address indicated at the beginning of the privacy policy.
7) COOKIES IN THE ONLINE SERVICE AND ANALYTICS
1. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Online Service website (e.g., on the hard drive of a computer, laptop, or the memory card of a smartphone – depending on the device used by the visitor of the Online Service). Detailed information about cookies, as well as the history of their creation can be found, among others, here: https://en.wikipedia.org/wiki/HTTP_cookie.
2. Cookies that may be sent by the Online Service website can be divided into different types, according to the following criteria:
| Based on their provider: 1) First-party (created by the Administrator’s Online Service website) 2) Third-party (belonging to persons/entities other than the Administrator) | Based on their storage period on the device of the person visiting the Online Service website: 1) Session (stored until leaving the Online Service or turning off the web browser) and permanent (stored for a specified time, defined by the parameters of each file, or until manually deleted) 2) Permanent (stored for a specified time, defined by the parameters of each file, or until manually deleted) | Based on the purpose of their use: 1) Necessary (enabling the proper functioning of the Online Service website) 2) Functional/preferential (allowing customization of the Online Service website to the preferences of the person visiting the site) 3) Analytical and performance (collecting information on how the Online Service website is used) 4) Marketing, advertising, and social (collecting information about the person visiting the Online Service website for the purpose of displaying personalized advertisements to that person and conducting other marketing activities, including on websites separate from the Online Service, such as social media platforms) |
3. The Administrator may process data contained in cookies when visitors use the Online Service website for the following specific purposes:
a. Remembering data from forms or surveys filled out on the Online Service website (necessary and/or functional/preferential cookies).
b. Customizing the content of the Online Service website to the individual preferences of the User (e.g., regarding colors, font size, page layout) and optimizing the use of the Online Service website pages (functional/preferential cookies).
c. Conducting anonymous statistics showing how the Online Service website is used (analytical and performance cookies).
d. Remarketing, displaying, and rendering ads, limiting the number of ad displays, and ignoring ads that the User does not want to see, measuring the effectiveness of ads, and personalizing ads, i.e., studying the behavior characteristics of people visiting the Online Service through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords, etc.) in order to create their profile and deliver ads tailored to their anticipated interests, also when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook, i.e., Meta Platforms Ireland Ltd. (marketing, advertising, and social cookies).
4. Checking in the most popular web browsers what cookies (including the duration of the cookies and their provider) are being sent at a given moment by the Online Service website can be done in the following way:
| In Chrome browser: (1) In the address bar, click on the padlock icon on the left side, (2) go to the “Cookies” tab. | In Firefox browser: (1) In the address bar, click on the shield icon on the left side, (2) go to the “Allowed” or “Blocked” tab, (3) click on the “Cross-site Tracking Cookies”, “Social Media Trackers”, or “Tracking Content” field. | In Internet Explorer: (1) Click on the “Tools” menu, (2) go to the “Internet Options” tab, (3) go to the “General” tab, (4) go to the “Settings” tab, (5) click on the “View Files” field. |
| In Opera browser: (1) In the address bar, click on the padlock icon on the left side, (2) go to the “Cookies” tab. | In Safari browser: (1) Click on the “Preferences” menu, (2) go to the “Privacy” tab, (3) click on the “Manage Website Data” field. | egardless of the browser, tools available on websites such as https://www.cookiemetrix.com/ or https://www.cookie-checker.com/ can also be used. |
5. By default, most web browsers available on the market accept the saving of cookies. Everyone can define the conditions for using cookies through the settings of their web browser. This means that one can, for example, partially limit (e.g., temporarily) or completely disable the possibility of saving cookies – however, in the latter case, it may affect some functionalities of the Online Service.
6. Web browser settings regarding cookies are important from the point of view of consent to the use of cookies by our Online Service – according to the regulations, such consent may also be expressed through the settings of the web browser. Detailed information about changing settings regarding cookies and their independent deletion in the most popular web browsers is available in the web browser’s help section and on the following pages (just click on the given link):
In Chrome browser
In Firefox browser
In Internet Explorer
In Opera browser
In Safari browser
In Microsoft Edge browser
7. The Administrator may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on the Online Service. These services help the Administrator to conduct statistics and analyze traffic on the Online Service. The collected data is processed within the above services to generate statistics helpful in administering the Service and analyzing traffic on the Online Service. This data is aggregated. The Administrator, using the above services in the Online Service, collects data such as the sources and medium of acquisition of people visiting the Online Service and their behavior on the website, information about the devices and browsers from which they visit the site, IP and domain, geographical data, and demographic data (age, gender), and interests.
8. It is possible for an individual to easily block the sharing of their activity information with Google Analytics on the Online Service website – for this purpose, for example, a browser add-on provided by Google Ireland Ltd. can be installed, available here: https://tools.google.com/dlpage/gaoptout?hl=en.
9. In connection with the possibility of using advertising and analytical services provided by Google Ireland Ltd. by the Administrator on the Online Service, the Administrator informs that full information about the principles of data processing by Google Ireland Ltd. of people visiting the Online Service (including data stored in Cookies) is available in the privacy policy of Google services: http://policies.google.com/technologies/partner-sites.
10. The Administrator may use the Meta Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the Online Service. This service helps the Administrator measure the effectiveness of ads find out what actions are taken by those visiting the Online Service, and display tailored ads to them. Detailed information about the operation of Meta Pixel can be found at the following web address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
11. Managing the operation of Meta Pixel is possible through ad settings in one’s account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
12. The Administrator may use the Hotjar service provided by Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) on the Online Service. This service helps the Administrator conduct statistics and analyze traffic on the Online Service. The collected data is processed within the above service to generate statistics helpful in administering the Online Service and analyzing traffic on the Online Service. This data is aggregated.
13. It is possible for an individual to easily block the sharing of their activity information with Hotjar on the Online Service website – for this purpose, for example, a browser add-on provided by Hotjar Ltd. can be installed, available here: https://www.hotjar.com/policies/do-not-track/.
8) FINAL PROVISIONS
1. The Online Service may contain links to other websites. The Administrator encourages, after moving to other sites, to familiarize oneself with the privacy policy established there. This privacy policy applies only to the Administrator’s Online Service.