Privacy Policy

The information is provided pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 94/46/EC (hereinafter referred to as "GDPR").

‍
Personal data Controller and contact information

‍
N.W.A limited liability company with its registered office in Warsaw, Plac Powstańców Warszawy 2, 00-030 Warsaw, Poland, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0001137667, with NIP/VAT number: PL9571181011, REGON: 54016360000000, entered in the register of virtual currency activities as a Virtual Asset Service Provider under number RDWW-1801 (hereinafter: "Controller" or "Data Controller").

‍
In all matters concerning the processing of personal data and the exercise of rights related to data processing, the Controller may be contacted by e-mail: dpo@mobilum.com or in writing to the Controller's registered address.

‍
Purposes and legal basis of personal data processing

‍
Your personal data will be processed by the Controller for the following purposes:
a. for the proper performance of the contract by the Controller, including in particular to enable the use of the functionalities of the website and the mobile application through which NWA provides crypto-asset services (hereinafter referred to as the “Application”), as well as to carry out crypto-asset transactions available in the Application; to create, maintain and manage your account or accounts, to provide support related to your account and transactions, and to resolve technical issues; (the legal basis for processing is Article 6(1)(b) of the GDPR);
‍
b. To prevent crime and fraud, including identification and verification obligations under the Anti-Money Laundering and Countering the Financing of Terrorism Act; (the legal basis for processing is Article 6(1)(c) of the DPA);
‍
c. to ensure accountability with respect to the processing of personal data in the Application and on the Website (the legal basis for processing is Article 6(1)(c) of the GDPR);
‍
d. for the purpose of processing complaints, protection against claims by the Data Controller (the legal basis for processing is Article 6(1)(f) GDPR);
‍
e. for marketing purposes on the basis of data consent granted (the legal basis for processing is Article 6(1)(a) GDPR); in the absence of consent, the Controller does not process data for this purpose;

‍
Your data may also be processed for the following secondary purposes (the legal basis for processing is Article 6(1)(f) GDPR):
‍
a. archiving data,
‍
b. ensuring the smooth functioning of the services within the Application and the Website,
‍
c. creating internal reports and analyses,
‍
d. conducting internal audits,
‍
e. creating statistics.
‍
Source of personal data

‍
Your data was obtained directly from you in the process of setting up your account and during your use of the Application or Website. Your data may also be obtained from other sources, in accordance with applicable laws and based on agreements with partners.

‍
Type of data

‍
The Controller processes your personally identifiable data, including: PESEL, first and last names, identity document data (including a copy thereof), country of birth, and address and contact data including: email address and telephone number.

In addition, the Controller processes data contained in documentation received from you, as well as financial data such as the balance in the account associated with the Application and transactional data such as details of payments made.
‍
In case of your consent to use video verification methods provided by our Partners, the Controller will process the result of such verification (compliance or non-compliance). It will be stored for as long as necessary to carry out identity verification and for the period required by anti-money laundering regulations.
‍
In order to ensure the security of the functioning of the Application and the Website, as well as the security of you as a user, the Controller acquires some personal data by automatic means when using the services in the form of cookies. The aforementioned data includes, among others, data for user verification, technical data, location, parameters of the hardware and software you use, device identification numbers.
‍
The Controller does not obtain your sensitive data within the meaning of Article 9 of the GDPR.

‍
Recipients of data

‍
Your personal data may be transferred to entities cooperating with the Controller to the extent of enabling the provision of services, and the implementation of the selected service, including in particular providers of payment services and accompanying services. We will also transfer your personal data to entities for which we receive your permission to do so. The Controller may transfer personal data to entities which process such data on its behalf, e.g. IT service providers, law firms, entities providing accounting services, etc. Data may also be transferred to relevant authorities and bodies to the extent and in situations specified in the law, e.g. to the President of the Office for Personal Data Protection, prosecutor's office, police.
‍
Transfer of data to a third country or international organization

‍
Your personal data may be transferred outside the European Economic Area as part of the Controller's use of entities providing IT solutions and systems, which entities may store personal data on servers located outside this area (including in the United States) or as part of the Controller's provision of business-related services - to the extent necessary for their performance.

‍
The basis for such transfer may be a decision of the European Commission stating an adequate level of protection or the application of appropriate legal safeguards, which are, in particular, standard contractual clauses for the protection of personal data approved by the European Commission. Personal data may be transferred to a third country on the basis of one of the grounds listed in Article 49(1) of the GDPR.

‍
Period of storage of personal data

‍
We store your personal data for the duration of the provision of services to you, and after the provision of services or termination of the contract for the period necessary to safeguard the legal interests of the Data Controller or when required by law. The Data Controller shall keep your personal data for no longer than necessary, taking into account the purposes of data collection:

‍
a. to enable you to use services within the Application or the Website - for the period required by law or to secure possible claims;
‍
b. for the purposes of processing complaints and claims made - until the statute of limitations for potential claims for violation of data processing;
‍
c. in the case of data processing on the basis of consent (e.g. marketing) until such consent is withdrawn.
‍
d. for the purposes of compiling summaries, analyses and statistics - not longer than the period after which the statute of limitations for claims under the contract expires;
‍
e. for archival purposes - after the expiration of a given legal relationship (e.g., a contract), personal data may be processed for 5 years, unless a shorter period is provided by law. If there is a dispute, lawsuit or other proceedings (especially criminal) in progress, the archiving period will be calculated from the date of the final termination of the dispute, and in the case of multiple proceedings the final termination of the last one, regardless of the manner of its termination, unless the law provides for a longer data retention period or a longer statute of limitations for the claims/law to which the proceedings relate.

‍
Your rights in connection with data processing

‍

You have the right of access to the data and the right to request rectification of the data if it is incorrect, its deletion or restriction of its processing.
‍
To the extent that the basis for the processing of personal data is the premise of the legitimate interest of the Controller, you have the right to object to the processing of personal data.
‍
To the extent that the basis for the processing of your personal data is consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.
‍
You also have the right to data portability, i.e. to receive your personal data from the controller, in a structured, commonly used machine-readable format.
‍
The right to lodge a complaint with a supervisory authority

‍
You also have the right to lodge a complaint to the supervisory authority in charge of personal data protection, which is the President of the Office for Personal Data Protection.

‍

Information about the voluntariness or obligation to provide personal data

‍
Provision of personal data is voluntary; however, the consequence of failure to provide such data will be the inability to provide services through the Application or the Website.

‍
Automatic decision-making

‍
Your data will be processed by automated means, including profiling. In order to conduct statistical and marketing activities, we profile your data so as to best tailor marketing communications to your needs, including tailoring specific product and service offerings. We assess your preferences based on data collected automatically (recorded and stored) through cookies and resulting from your activity on the Website and Application.

‍