Privacy Policy

PILOT INNOVATION SP. Z O.O.

This Privacy Policy is addressed to users of the website www.paypilot.org (hereinafter: the “Website” or the “Platform”).

It describes the rules for collecting and using user data, obtained directly from users or through cookies and similar technologies. This Privacy Policy (hereinafter: the “Policy”) sets out the principles regarding the collection, use, and disclosure of user data that we process in connection with the Website.

The Privacy Policy constitutes an integral part of the Terms of Service.

Data Controller

The controller of the data collected in connection with the use of the Website is Pilot Innovation sp. z o.o., KRS: 0001137957, with its registered office at al. Stanów Zjednoczonych 32/8, 04-036 Warsaw (hereinafter: the “Company” or “Paypilot”). The Website is operated and owned by Paypilot. Persons under 18 years of age are not permitted to use the Platform.

Scope of Data Collection

We provide services enabling the exchange of cryptocurrencies into fiat currencies. Our Website serves as a universal platform for exchanging cryptocurrencies into fiat currencies as well as other cryptocurrencies. Additional information about our services can be found in our Terms of Service.

The Website allows you to contact the Data Controller and provide your identification details, contact information, as well as the content of your message.

Paypilot also collects data related to your activity, such as time spent on the Website, search queries, number of subpages viewed, date, and source of the visit. We use personal data exclusively for the purposes defined in this Policy and for providing services described in our Terms of Service.

We share personal data with third parties only when it is necessary to provide our services and only with the Client’s consent.

Contact Details

You may contact the Company’s Data Protection Officer (DPO) by email at support@paypilot.org or in writing at the registered office: al. Stanów Zjednoczonych 32/8, 04-036 Warsaw.

Type and Source of Data

We respect your privacy. This Privacy Policy contains essential information regarding the use and disclosure of Client information collected on the Platform. The Company provides this Privacy Policy to help Clients make informed decisions about using or continuing to use the Platform.

If you have contacted the Data Controller, your data was provided to us directly by you. If your data was submitted in connection with a matter handled by another person whoreferred the matter to the Controller, then the source of your data is that person. In such cases, the Controller receives identifying, address, and case-related data, such as a description of the matter.

The scope of personal data obtained as a result of using the Website or the Company’s services (including completing the relevant form on the Website and creating an Account), depending on the type of services chosen by the User, may include:

Data obtained directly from the data subject:

  • identifying information of a natural person, such as: full name, image, nationality, date of birth, PESEL number, identity card number;
  • country and address of residence or permanent stay, as well as information on tax residency and whether a politically exposed position is held;
  • address and contact information, such as email address and telephone number;
  • bank account number.

Where the Client is a legal entity, the Company collects data relating to:

the person authorized to represent the legal entity or organizational unit and persons acting as beneficial owners, in particular: their full name, nationality, residential address, tax residency information, whether a politically exposed position is held, date of birth, personal identification number, email address, and telephone number.

Use of Cookies and Similar Technologies

The Website enables the collection of information about Clients through cookies and similar technologies, which are usually installed on the Client’s device (computer, smartphone, etc.). The Company uses this information to:

  • remember the Client’s preferences (e.g., font choice, contrast, acceptance of the policy),
  • maintain Client sessions (e.g., after logging in),
  • remember passwords (with consent),
  • collect information about the Client’s device and visit for security purposes,
  • analyze visits and adjust content accordingly.

Information collected through cookies and similar technologies is not combined with other Client data from the Website, nor is it used by the Controller to identify Clients.

Clients may configure their browser to block specific types of cookies and other technologies, for example by allowing only those strictly necessary for the Website to display properly. By default, most browsers accept all cookies, but Clients may change these settings at any time and may also delete already installed cookies. Each browser provides such options in its settings or preferences.

Clients may also use the Website in so-called “incognito mode, ” which prevents data about their visit from being collected.

Using the Website without changing browser settings—i.e., with default acceptance of cookies and similar technologies—constitutes consent to their use for the purposes specified above.

Purpose, Basis, and Legal Grounds for Processing Personal Data

Your data may be processed for the following purposes:

  • Creating and using an account on the Website under the electronic service agreement concluded with the user (Art. 6(1)(b) GDPR);
  • Providing electronic services via the Website, in accordance with the Terms of Service (Art. 6(1)(b) GDPR);
  • Analyzing website traffic, ensuring security within the Website, and adjusting content to user needs, based on the legitimate interest of the Controller (Art. 6(1)(f) GDPR);
  • Responding to inquiries, providing requested offers, and conducting correspondence in order to handle the case, based on your consent and the legitimate interest of the Controller in fulfilling user requests (Art. 6(1)(a) and (f) GDPR);
  • Handling complaints, based on the legitimate interest of the seller (Art. 6(1)(f) GDPR);
  • Promoting services or providing an offer, based on the user’s consent (Art. 6(1)(a) GDPR);
  • Direct marketing within the services provided by the Controller, depending on the contact details you provided (email or phone) and related consents, based on the Controller’s legitimate interest (Art. 6(1)(f) GDPR);
  • Compliance with legal obligations of the Controller under statutory and regulatory provisions, including anti-money laundering (AML) regulations (Art. 6(1)(c) GDPR).
  • Right to Withdraw Consent You may withdraw your consent to the processing of contact data at any time by contacting the Controller. Withdrawal of consent may hinder or prevent the ability to contact you.

Rights under GDPR with Respect to Processed Data

You have the right to:

  • access your personal data and request its rectification if it is incorrect, its deletion, or restriction of processing, as well as the right to data portability and to receive a copy of the data;
  • withdraw your consent to the processing of personal data at any time, where consent is the basis for processing. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal;
  • request the Controller to rectify or correct your data – in particular if you notice that the data is inaccurate or incomplete;
  • object to the processing of your personal data for marketing purposes;
  • request the Controller to delete your data;
  • request the Controller to restrict processing – e.g., if you believe the data is inaccurate, you may request restriction of processing for a period enabling us to
  • verify the accuracy of the data;
  • lodge a complaint regarding the processing of your personal data by the Controller with the President of the Personal Data Protection Office (PUODO).

You also have the right to lodge a complaint with a supervisory authority responsible for personal data protection in your country of habitual residence, place of work, or place of the alleged infringement. In Poland, the competent authority is:

President of the Personal Data Protection Office (PUODO)
Address: ul. Stawki 2, 00-193
WarsawPhone: +48 22 531 03 00

Exercising your GDPR rights (such as deletion of data or objection to processing) may result in limitations or disabling of certain Platform functionalities.

Recipients of Your Personal Data

The Data Controller may disclose your personal data to the following categories of entities:

Public administration authorities, to the extent and in situations specified by law, e.g., the President of the Personal Data Protection Office, as well as other entities performing public tasks;
Law enforcement authorities, to the extent and in situations specified by law, e.g., the prosecutor’s office, police;
Other entities performing tasks under legal provisions or on the basis of your consent.

The Controller may also transfer personal data to entities processing it on its behalf, such as IT service providers, law firms, entities providing accounting, payroll, tax or auditing services, marketing agencies, and other cooperating entities – on the basis of contracts concluded with these entities. This includes cloud storage providers, providers of mailing and telecommunications campaign services, and providers of email and other communication tools.

Personal data may also be shared with other entities cooperating with the Controller, based on your explicit consent.

Data Retention Period

Your personal data will be processed by the Controller for the period necessary to provide the service you have selected or until termination of the agreement/cancellation of the service, or until an objection is submitted by the data subject. After this period, the data may be retained for purposes and for the duration required by applicable law or to secure potential claims.

Data related to website traffic analysis collected through cookies and similar technologies may be stored until the expiration of the cookie. Some cookies never expire; therefore, the retention period of such data will be equal to the time necessary for the Controller to achieve the purposes for which the data was collected, such as ensuring security and analyzing historical website traffic data.

Automated Decision-Making

Some of our services are provided using automated decision-making techniques. The Company may process your data in an automated manner, including profiling, for the purpose of conducting direct marketing activities.

Transfer of Data to Third Countries or International Organizations

Your data will not be transferred to third countries or international organizations.

Notifications

In the event of a personal data security breach, the Company shall promptly, and no later than within 72 hours of becoming aware of the breach, notify the competent supervisory authority, unless the breach is unlikely to result in a risk to the rights or freedoms of natural persons.

If a personal data security breach is likely to result in a high risk to your rights or freedoms, the Company shall inform you of such breach without undue delay.

Changes to the Privacy Policy

To ensure that the Website’s Privacy Policy always meets the requirements set out in applicable law, we reserve the right to amend this Policy at any time.

This also applies where the Privacy Policy needs to be updated to cover new or modified Website products or services. Continued use of the Website by the User after such changes have been introduced shall be deemed as acknowledgment and (where applicable) acceptance of those changes.