PRIVACY POLICY

Effective: 08 May 2024

This Privacy Policy governs your use of products, services, content, features, technologies or functions offered by IN1 POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ and all related sites, applications, and services (collectively “IN1 Services”) (including, without limitation, when you provide any information in relation to your use of IN1 Services or IN1 App).

You accept and consent to this Privacy Policy when you sign up for, access, or use the IN1 Services. By accepting and consenting to this Privacy Policy, you expressly consent to our use and disclosure of your personal information and direct us to do so in the manner described in this Privacy Policy.

1. OVERVIEW

In order to operate the IN1 Services, to enforce our Terms of Service and to reduce the risk of fraud, IN1 POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ ("IN1", “our”, “us” or "we"), the data controller, must ask you to provide us with information about yourself and information about any other financial instruments that may be connected to your IN1 wallet or IN1 app. By consenting to, and agreeing to the terms of, this Privacy Policy, you expressly consent and agree to us processing your data in the manner set out herein. This Privacy Policy describes the information we collect and how we use that information. IN1 takes the processing of your information very seriously and will use your information only in accordance with the terms of this Privacy Policy. For the purposes of this Privacy Policy, the term “information” means any confidential and/or personally identifiable information or other information related to users of IN1 Services.

We will not sell or rent your information to third parties for their marketing purposes without your explicit consent. However, in order for us to offer IN1 Services to our users; enhance the quality of IN1 Services from time to time; and protect the interests of our users, we will in limited circumstances share some of your information with third parties under strict restrictions, as described in more detail in Sections 3, 5, and 6 of this Privacy Policy. It is important for you to review this Privacy Policy as it applies to all IN1 Services.

This Privacy Policy is intended to govern the use of IN1 Services by our users (including, without limitation those who use the IN1 Services in the course of their trade or business) unless otherwise agreed through contract.

Changes to this Privacy Policy: All future changes to this Privacy Policy are incorporated by reference into the Terms and Conditions (our framework contract) with you and will take effect as specified in the Policy Updates, when they may occur. “Policy Update” means a prior notice of changes to any of your agreements with IN1 which IN1 may make available to you in writing. If you disagree with the terms of this Privacy Policy, please do not register for or use the IN1 Services.

Notification of Changes: This Privacy Policy may be revised over time as new features are added to the IN1 Services or as we incorporate suggestions from our customers. We may change this Privacy Policy at any time by posting a revised version of it on our website. Unless we have legal grounds to do otherwise, we will provide you with at least 60 days' prior notice of the effective date of the revised privacy policy. We may post the notice on our website and/or send the notice by e-mail. As of the effective date of the revised privacy policy, you will be considered as having consented to all changes to the Privacy Policy. If you disagree with the terms of this Privacy Policy, you may close your account at any time.

Third Party Websites: Some pages on the IN1 website or within IN1 App include links to third-party websites. These sites are governed by their own privacy statements, and IN1 is not responsible for their operations, including but not limited to their information practices. Users submitting information to or through these third-party websites should review the privacy statements of these sites before providing them with personally identifiable information.

2. INFORMATION WE COLLECT

Required Information: To open an IN1 Account or use the IN1 Services, you must provide your name, address, phone number, the details of your identification document, and email address and the details about your business, where applicable. In order to top-up your balance with an IN1-supported account or make transactions through the IN1 Services, you must provide (where applicable) your bank (or another payment instrument) account information. We may also ask you to choose different security questions to answer (such as your city of birth or your pet's name).

We will also require other commercial and/or identification information if you send or receive certain high-value transactions or high overall payment volumes through the IN1 Services or as is otherwise required in order for us to comply with our anti-money laundering obligations under the applicable laws.

Other information we collect from you

● In order to initiate transactions with us or technically powered by us, send and receive funds, you need to provide us the details of each transaction, names and details of the counterparties involved, the amount and the currencies, counterparty address (e.g. your bank’s address in some cases), payment method, and any other relevant transactional information. You may also create a list of trusted beneficiaries so that it may be easier for you transact with your friends and trusted contacts: if this is the case, we will collect their personal data from you.

● You may provide personal information to us when you communicate with us by phone, e-mail or support messenger, complete a questionnaire, open a support ticket, enter a contest, participate in community features, answer questionnaires, provide and rate customer reviews or otherwise communicate with us about our services.

● Some of this information, for example, indicating your racial origin or biometrical details, is considered especially sensitive, from the point of view of data protection, and we will use this information in strict accordance with the law. You hereby explicitly provide us with the consent to the processing of those personal data.

Examples of information we automatically collect about you may include:

● the Internet protocol (IP) address used, information about your device and its location, as well as the details about your internet provider or mobile phone operator;

● your login, e-mail address, password and the outcome of the strong authentication methods you use;

● your interaction with our services, for example, the content you viewed, uploaded or downloaded, your transactional history;

● your (URL) clickstream to, through and from our IN1 Services (including date and time); cookie number, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs);

● phone numbers used to call our customer service number.

● We may use device identifiers, cookies, and other technologies on devices, applications and our web pages to collect browsing, usage or other technical information for fraud prevention purposes.

● We may receive information about you from third-parties, for example:

○ from AML, compliance vendors and fraud management service providers,

○ from credit bureaus or credit check agencies,

○ from banking and financial partners,

○ from other customers, for example, in cases of complaints or dispute resolution processes.

Photographs: If you use certain functionalities provided by us, we may ask you to upload a picture of you in order to provide these specific services. Your face must be recognizable.

Transaction Information: When you use the IN1 Services to send funds we ask you to provide information related to that transaction. This information includes the amount and type of the transaction, other purchase/transactional details and the details pertaining to the identity of the third party. Also, when you send money, you may be asked to provide personal details to complete the transaction. Those details may also be passed on to us from your other financial service provider. We also collect in certain cases the Internet address (IP address) and other identifying information about the computer or device you use to access your IN1 account or use the IN1 Services, in order to help detect possible instances of unauthorized transactions.

Information About You From Third Parties: In order to protect all our customers against potential fraud, we verify the information you provide with Payment Partners and/or Credit Reference and Fraud Agencies as well as information available through internet and publicly accessible social network data. In the course of such verification, we may receive personally identifiable information about you from such services. In particular, if you use a debit or a credit card to pay into your IN1 wallet, we may conduct verification checks that the card used for the transaction has not been reported as lost or stolen.

If you send or receive high overall payment volumes or display inconsistent transactional patterns through the IN1 Services, or if you have a limited transactional history with us, in some circumstances we will conduct a background check on you by obtaining information about you from a credit reference or fraud agency. If you owe us money, we may conduct a credit check on you by obtaining additional information about you from a credit reference or fraud agency, to the extent permitted by law. IN1, at its sole discretion, reserves the right to periodically retrieve and review a business and/or consumer credit report supplied by such a credit reference or fraud agency for any account, and reserves the right to close an account based on information obtained during this credit review process.

Information About You From Other Sources: We may also collect information about you from other sources, including from other IN1 entities, other companies (subject to their privacy policies and applicable law), and from other accounts we have reason to believe you control (whether in part or in whole).

Additional Verification: If we cannot verify the information that you provide, or if you request a withdrawal to an account, payment instrument or digital wallet not previously used by you, we may ask you to upload or send us additional confirmations or to answer additional questions online to help verify your information.

Website Traffic Information: Because of the way Internet communication standards work, when you arrive at or leave the IN1 website, we automatically receive the web address of the site that you came from or are going to. We also collect information on which pages of our website you visit, IP addresses, the type of browser you use and the times you access our website.

Cookies, Web Beacons, Local Storage and Similar Technologies: When you access our website or use IN1 Services, we (including companies we work with) may place small data files on your computer or other device. These data files may be cookies, pixel tags, "Flash cookies," or other local storage provided by your browser or associated applications (collectively "Cookies"). We use Cookies to recognize you as a customer, customise IN1 Services, content and advertising, measure promotional effectiveness, help ensure that your account security is not compromised, mitigate risk and prevent fraud, and to promote trust and safety across our sites and IN1 Services.

Every time you visit a site, cookies can keep track of how many times you’ve visited, how long you’ve spent there, and what you’ve done. That lets us show you things which are relevant to you, based on information you’ve entered. It also allows us to protect your account and identify potential cases of unauthorised access or other malicious behaviour.

The length of time stored depends on the cookie, but this is generally between a few minutes and up to two years.

You can disable cookies in your browser or app settings at any time, but it could also mean that certain services or features may not be available to you.

Communications: When you communicate with us for customer service or other purposes (e.g., by emails, phone calls, tweets, etc.), we retain such information and our responses to you in the records of your account.

Questionnaires, Surveys, Sweepstakes and Profile Data: From time to time, we offer optional questionnaires, surveys and sweepstakes to our users for such purposes as collecting demographic information or assessing users' interests and needs. If we collect personally identifiable information from our users in these questionnaires, surveys, and sweepstakes, the users will be given notice of how the information will be used prior to their participation in the survey, questionnaire or sweepstake.

Account Information: For the purposes of this Privacy Policy, account information (“Account Information”) includes without limitation: name, address, email address, phone number, username, photograph, account numbers, account types, details of funding instruments associated with the account, details of payment transactions, customer statements and reports, account preferences, details of identity collected as part of our "know your customer" checks on you, and customer correspondence.

3. HOW WE USE THE INFORMATION WE COLLECT

Internal Uses: Our primary purpose in collecting your information is to provide you with a safe, smooth, efficient, and customised experience. You agree that we may use your personal information to:

● Process or facilitate processing of transactions and provide the IN1 Services;

● Verify your identity, including during account creation and password reset processes;

● Resolve disputes, collect fees, and troubleshoot problems;

● Manage risk, or to detect, prevent, and/or remediate fraud or other potentially illegal or prohibited activities;

● Detect, prevent or remediate violations of policies or applicable user agreements;

● Provide you with customer support services;

● Improve the IN1 Services by customising your user experience;

● Measure the performance of the IN1 Services and improve their content and layout;

● Manage and protect our information technology infrastructure;

● Provide targeted marketing and advertising, provide service updates, and deliver promotional offers based on the communication preferences you have defined for your IN1 account (please refer to the section "Our Contact with IN1 Customers" below) and your activities when using the IN1 Services; and

● Perform creditworthiness and solvency checks, compare information for accuracy, and verify it with third parties.

● Respond to your requests, for example to contact you about a question you submitted to our customer service team;

● Provide, troubleshoot, and improve our services, analyze performance, fix errors, and improve usability and effectiveness of our services;

● Questionnaires, Sweepstakes, Surveys and Profile Data: If you choose to answer our optional questionnaires or surveys, we may use such information to improve IN1 Services, send you marketing or advertising information, manage the sweepstakes, or as otherwise explained in detail in the survey itself.

Our Contact with IN1 Customers: We communicate with our users on a regular basis via email and chats to provide requested services. We may also communicate with our users by phone to:

● Resolve customer complaints or claims made by users;

● Respond to requests for customer service;

● Inform users if we believe their accounts or any of their transactions have been used for an illegitimate purpose;

● Confirm information concerning a user's identity, business or account activity;

● Carry out collection activities;

● Conduct customer surveys; and

● Investigate suspicious transactions.

We use your email or physical address to confirm your opening of a IN1 Account, to send you notice of transactions that you send or receive through, to send you information about important changes to our products and services, and to send notices and other disclosures required by law. Generally, users cannot opt out of these communications, but they will be primarily informational in nature rather than promotional.

We also use your email address to send you other types of communications that you can control, including "news”, “customer surveys” and “notice of special third-party promotions”. You can choose whether to receive some, all or none of these communications when you complete the registration process, or at any time thereafter, by logging in to your account and then selecting settings, and updating your preferences.

In connection with independent audits of our financial statements and operations, the auditors may seek to contact a sample of our customers to confirm that our records are accurate. However, these auditors cannot use personally identifiable information for any secondary purposes.

4. MARKETING

We may combine your information with information we collect from other companies and use it to improve and personalise the IN1 Services. If you don't wish to receive marketing communications from us or participate in our ad-customization programs, simply update your preferences on your devices used to access IN1 Services.

5. HOW WE SHARE INFORMATION WITH OTHER IN1 USERS

If you are a registered IN1 user and you are sending funds to or receiving funds from an IN1-powered account, as a part of the transaction, the name, possible profile picture, and pertinent transactional details of both sides of the transaction will be shared as a part of transaction notification. However, your card number, bank account and other financial information will not be revealed to anyone through the IN1 Services or third parties that use the IN1 Services, except with your express permission or if we are required to do so pursuant to credit card rules, a court order or other legal process. If you would like to disable the functionality of being discovered by other IN1 customers, you can do so by adjusting your profile settings.

We work with third parties to enable them to accept or facilitate payments from or to you using the IN1 Services. In doing so, a third party may share information about you with us such as your email address or phone number, when a payment is sent to you or when you are attempting to pay that third party. We use this information to confirm that you are a IN1 customer and that IN1 can be enabled to make a payment, or where a payment is sent to you to send you a notification that you have received a payment. Also, if you request that we validate your status as a IN1 customer with a third party, we will do so. Please note that third parties you receive funds or buy from with may have their own privacy policies, and IN1 is not responsible for their operations, including but not limited to their information practices.

By accepting this Privacy Policy, you expressly agree and consent that each time you initiate transactions using your IN1 account, IN1 may transfer the aforementioned relevant data to the party specified by you (and their financial or payments provider) who may be located outside of your country or residence, in order to process, execute or otherwise deal with and provide information about the payment. You also expressly agree and consent to IN1 providing transactional information and other information necessary for the use of an IN1 (or our partner) mobile application.

6. HOW WE SHARE INFORMATION WITH OTHER THIRD PARTIES

Just like most banks or financial/payment service providers, IN1 works with third-party service providers and other business partners, which provide important functions to us that allow us to be an easier, faster, and safer way to buy, sell, hold and send virtual currencies. We need to disclose user data to them from time to time so that the services can be performed.

IN1 will not sell or rent any of your personal information to third parties for their marketing purposes without your explicit consent, and will only disclose this information in the limited circumstances and for the purposes described in this Privacy Policy. This includes transfers of data outside of Poland and to non-EEA member states.

In order to provide the IN1 Services, certain of the information we collect (as set out in section 2) may be required to be transferred to other IN1 group entities or other entities, including those referred to in section 6 in their capacity as payment providers, payment processors or account holders (or similar capacities).  You acknowledge that according to their local legislation, such entities may be subject to laws, regulations, inquiries, investigations, or orders which may require the disclosure of information to the relevant authorities of the relevant country. Your use of the IN1 Services constitutes your consent to our transfer of such information to provide you the IN1 Services.

Specifically, you consent to and direct IN1 to do any and all of the following with your information:

● Disclose necessary information to: the police and other law enforcement agencies; security forces; competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory authorities, self-regulatory authorities or organisations and other third parties, including IN1 Group companies, that (i) we are legally compelled and permitted to comply with, including but without limitation the US Foreign Account Tax Compliance Act (“FATCA Law”) and the OECD common reporting standard regulations (“CRS Regulations”); (ii) we have reason to believe it is appropriate for us to cooperate with in investigations of fraud or other illegal activity or potential illegal activity, or (iii) to conduct investigations of violations of our User Agreement (including without limitation, your funding source or credit or debit card provider).

● If you are covered by the FATCA or CRS, we are required to give you notice of the information about you that we may transfer to various authorities.

● We and other organisations, including our partner banks that accept a IN1 integration, may also share, access and use (including from other countries) necessary information (including, without limitation the information recorded by fraud prevention agencies) to help us and them assess and to manage risk (including, without limitation, to prevent fraud, money laundering and terrorist financing). Please contact us if you want to receive further details of the relevant fraud prevention agencies.

● Disclose necessary information in response to the requirements of the credit card associations or a civil or criminal legal process.

● Disclose necessary information to the payment processors, auditors, customer services providers, credit reference and fraud agencies, financial products providers, commercial partners, marketing and public relations companies, operational services providers, group companies, agencies, marketplaces and other third parties listed here. The purpose of this disclosure is to allow us to provide IN1 Services to you. We also set out in the list of third parties, under each "Category", non-exclusive examples of the actual third parties (which may include their assigns and successors) to whom we currently disclose your Account Information or to whom we may consider disclosing your Account Information, together with the purpose of doing so, and the actual information we disclose (except as explicitly stated, these third parties are limited by law or by contract from using the information for secondary purposes beyond the purposes for which the information was shared).

● Disclose necessary information to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you).

● Disclose aggregated statistical data with our business partners or for public relations. For example, we may disclose a specific percentage of our users living in Germany or Switzerland. However, this aggregated information is not tied to personal information.

● Share necessary Account Information with unaffiliated third parties for their use for the following purposes:

o Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk. For example, if you use the IN1 Services to buy or sell virtual currencies we may share Account Information with third parties in order to help protect your accounts from fraudulent activity, alert you if we detect such fraudulent activity on your accounts, or evaluate credit risk.

o Customer Service: for customer service purposes, including to help service your accounts or resolve disputes (e.g., billing or transactional).

o Legal Compliance: to help them comply with anti-money laundering and counter-terrorist financing verification requirements.

o Service Providers: to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.

o Mergers or Acquisitions: As with any other business, it is possible that in the future IN1 could merge with, or be acquired by, another company. If such an acquisition occurs, you consent to the successor company having access to the information maintained by IN1, including customer Account Information, and such successor company would continue to be bound by this Privacy Policy unless and until it is amended.

o Third Party Sites: If you open a IN1 account directly on a third party website or via a third party application, any information that you enter on that website or application (and not directly on a IN1 website) will be shared with the owner of the third party website or application. These sites are governed by their own privacy policies and you are encouraged to review their privacy policies before providing them with personal information. IN1 is not responsible for the content or information practices of such third parties.

7. CROSS-BORDER TRANSFERS OF YOUR INFORMATION

IN1 is committed to adequately protecting your information regardless of where the data resides and to providing appropriate protection for your information where such data is transferred outside of Poland and the EEA.

8. NO SPAM

IN1 does not tolerate spam. We strictly enforce our Anti-Spam Policy. To report IN1-related spam to IN1, please contact us.

9. INFORMATION SECURITY

IN1 is committed to handling your customer information with high standards of information security. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to personal information only for those employees who require it to fulfil their job responsibilities.

The security of your IN1 account also relies on your protection of your IN1 password. You may not share your IN1 access credentials with anyone. IN1 representatives will never ask you for your password, so any email or other communication requesting your password should be treated as unauthorised and suspicious and forwarded to support-team@in1.io. If you do share your IN1 password with a third party for any reason, including because the third party has promised to provide you additional services such as account aggregation, the third party will have access to your account and your personal information, and you may be responsible for actions taken using your password. If you believe someone else has obtained access to your password, please change it immediately by logging in to your account and changing your Profile settings, and also contact us right away.

10. ACCESSING AND CHANGING YOUR INFORMATION

You can review the personal information you have provided to us and make any desired changes to such information, or to the settings for your IN1 account, at any time by logging in to your IN1 Account through your mobile banking app, selecting My Account, and changing your preferences. You can also close your IN1 account through your mobile banking app. If you close your IN1 account, we will mark your account in our database as "Closed", but will keep your Account Information in our database. This is for instance necessary in order to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account. However, if you close your account, your personally identifiable information will not be used by us for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement authorities, or as required by law.

11. YOUR RIGHTS

You have a right to:

● Access the personal data we hold about you, or to get a copy of it,

● Make us correct inaccurate data about you,

● Ask us to delete your data, though for legal reasons we might not always be able to do it,

● Object to us using your data for marketing communications,

● Withdraw any specific consent or permission you’ve previously given us (for example, in relation to a specific promotion).

12. HOW DO YOU EXERCISE YOUR RIGHTS

If you have any questions or objections as to how we collect and process your personal information, please contact: legal@in1.io.

To exercise any of your rights set out in the previous section, you can contact us through the IN1 App or send us an email to legal@in1.io. For security reasons, we can't deal with your request if we’re not sure of your identity, so we may ask you for proof of ID. If a third-party exercises one of these rights on your behalf, we may need to ask for proof that they’ve been authorised to act on your behalf.

When you exercise one of your rights, or update your privacy settings in the IN1 App, it may take us up to one month to respond or implement your changes. IN1 will usually not charge you a fee when you exercise your rights. However, we’re allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.

● You can add or update your personal information by login into your account profile and following the instructions. When you update information, we usually keep a copy of the previous version for our records.

● If you don't want to receive marketing e-mails or other communications from us, please adjust your account profile settings or contact our support team.

● If you don't want to receive in-app notifications from us, please adjust your notification settings in the app or your device.

● If you want to browse our websites anonymously, you may do so by logging out of your account and disabling cookies on your browser. Your browser or internet device may allow you delete, disable, or block certain cookies and other tracking technologies.

Notices, Alerts and Updates from Us: We will send or display communications to you that are required or necessary in order to provide you our services, such as order confirmations, transactional details, updates on our platform functionalities, requests to provide additional details, notifications with respect to failed or non-executed transactions, security alerts, and similar communications. You may not opt out of receiving these communications.

Contact: Our privacy and legal office is responsible for ensuring that our day-to-day procedures comply with this Privacy Policy. If you want to exercise your right to access your information or have any questions about this privacy statement, IN1's information practices, or your dealings with IN1, you can contact us by contacting the customer form located in the support section of our App or via our website contact form.

If you’re unhappy with how we’ve handled your request you can complain to your local data protection authority.

13. HOW LONG WILL YOU KEEP MY PERSONAL DATA FOR

We will keep your personal data:

● for as long as necessary to achieve the original purpose we collected it for;

● in line with relevant laws.

We are required to keep certain personal data for specified time periods by KYC, anti-money laundering, banking and e-money laws. These time periods vary from country to country. IN1 has detailed policies and procedures in place to ensure we comply with these requirements.

We may keep your personal data for a longer time period because of a potential or ongoing court claim, or for another legal reason.

14. CONTACT INFORMATION

If you want to know more about your rights, this Privacy Policy, as well as how we use your personal data, you can contact us: legal@in1.io.