pl
en ua ru
Polityka prywatności

Polityka prywatności

We, at Elixir Group SA, a Polish company with its registered office and postal address at ul. Burakowska 16B lok. U1, 01-066 Warsaw, Poland, KRS (National Court Register) No. 0001109236 (the "Company"), respect your privacy and are committed to protecting the personal data that you provide to us when you use the software platform developed and owned by the Company - the Rebell Pay mobile application ("Rebell Pay app").

In order to fulfill the obligations arising from Regulation (EU) 2016/679 of the European Parliament and of the European Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR"), we provide all necessary information about the scope and legal basis for the processing of your personal data, as well as our contact details to help you understand how we will process your data, and to provide you with that we apply sufficient and effective measures to protect this data.

Personal data administrator

The administrator of your personal data is Elixir Group SA with its registered office in Warsaw, address: Warsaw (01-066), ul. Burakowska 16B lok. U1, entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000168006, REGON 473178243, NIP 9471899016 (hereinafter: "Administrator" or "we").

In case of questions and doubts regarding the Privacy Policy and cookies, you can contact the Administrator as follows:

  1. by traditional mail sent to the following address: ul. Burakowska 16B lok. U1, 01-066 Warsaw;
  2. electronically at the following e-mail address: support@rebellpay.com

The "Service" is the website www.rebellpay.com.

Purposes

Your data will be processed by us when:

  1. you consent to it (Article 6(1)(a) of the GDPR), which includes the provision of marketing services;
  2. processing is necessary in order to take steps at your request before concluding the contract and to perform the contract (Article 6(1)(b) of the GDPR), which includes the provision of Rebell Pay app services;
  3. processing is necessary in order to fulfill the legal obligations incumbent on the Administrator (Article 6(1)(c) of the GDPR);
  4. processing is necessary to pursue our legitimate interests (Article 6(1)(f) of the GDPR), which include:
    1. determination, investigation and defense against possible claims of Service users;
    2. responding to messages and questions from users of the Website and Rebell Pay app;
    3. statistical analysis of activity on the Website, improving the operation of the Website and Rebell Pay app and the Administrator's marketing activities;
    4. improving the quality of our products and services, to improve the Rebell Pay app and ensure that the service is provided in the most efficient way for you and your device
    5. data processing as part of the Administrator's profile on Facebook and Instagram social networks (data is co-administered by the Administrator and Facebook/Instagram, respectively);
    6. considering the complaint, as well as informing about the result of the complaint;
    7. to protect and prevent fraud and other security threats;
    8. to verify your identity;

We will not collect any personal information from you that we do not need in order to provide and oversee this service. We may associate any category of information with any other category of information, and we will treat the combined information as personal information in accordance with this policy for as long as it is combined.

Voluntary provision of data

Providing personal data is voluntary, however refusal to provide some personal data may make it impossible to use the Rebell Pay app and its functionalities. In the event of providing insufficient data to perform a given activity, the data will be immediately deleted.

Collection and use of personal data

We collect your personal data through the Rebell Pay app after you download it and enter your details. We only collect necessary personal information, which does not contain any special types of information. This data includes:

  1. name and surname;
  2. date of birth;
  3. e-mail address;
  4. photo of the User's face;
  5. type of the User's identity document or resident permit;
  6. photo of the identity document (front and back, if applicable);
  7. actual address of residence;
  8. telephone number;
  9. details of the Sender's and Recipient's Payment Cards: number, expiry date, CVV/CVC number;
  10. data on the initiated transaction;
  11. geolocation;
  12. contacts from the phone book;
  13. gender;
  14. country (including the country issuing the user's identity document and the country issuing the payment card).

We commit ourselves to:

  1. to process your personal data lawfully, fairly and transparently;
  2. not to process your data in a manner inconsistent with the specified, explicit and legally justified purposes for which your data was collected;
  3. ensure that only personal data is collected that is adequate, relevant and limited to what is necessary for the purposes of collection;
  4. take steps to ensure that your personal data that is inaccurate is immediately removed or rectified;
  5. processing your personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.

Marketing

We would like to use your name and email address to inform you about our future offers and similar products. This information is not shared with third parties and you can unsubscribe at any time. In any marketing communication, we will provide you with a clear, free and easy-to-follow opportunity to unsubscribe from such marketing communications.

Data sharing

We may disclose your personal data on the basis of a personal data sharing agreement in the event of multiple disclosures or in response to a request from the recipient of the data in the event of a single disclosure. Your personal data may be made available to a licensed payment service provider that provides transaction authentication and settlement services, as well as to an external provider that provides matching services. In addition, your personal information, including transaction data, may be transferred to third parties such as banks, fraud prevention agencies for the purpose of fraud detection, monitoring and fraud prevention. We may transfer your data outside the European Economic Area, including to countries that have different data protection standards than those applicable in the European Economic Area. Any such transfer of your personal data will take place in accordance with applicable law. For transfers outside the European Economic Area, Standard Contractual Clauses will be used (you have the right to request a copy of these clauses) as safeguards for countries where the European Commission has not issued a relevant decision.

Data retention period

We will retain your personal information (i) for as long as you use the Rebell Pay app, and thereafter for the period required by law; (ii) if you have contacted us in any form, we will process your personal data until we answer your questions; (iii) in the event of a complaint, we will process the data for the duration of the complaint process; (iv) if the processing is based on the expressed consent or justified interest of the administrator, respectively until the consent is withdrawn or the objection to data processing is effectively raised. When we no longer need your information, we will take all reasonable steps to remove it from our systems and records or to appropriately anonymise it so that you cannot be identified from it. We will store your personal data for 10 years from the end of the provision of the Service and your use of the Rebell Pay app, and longer for the duration of pending proceedings - for the purpose of possible determination, investigation or defense against claims or for other legal, accounting and tax purposes.

Your rights

In accordance with the GDPR, in connection with the processing of your personal data by us, you have the following rights:

  1. the right to withdraw consent (Article 7 of the GDPR);
  2. the right to access your personal data (Article 15 of the GDPR);
  3. the right to request rectification of your personal data (Article 16 of the GDPR);
  4. the right to request the deletion of your personal data (Article 17 of the GDPR), in certain circumstances it may not be possible for us to fulfill your request, i.e. when processing is necessary to fulfill a legal obligation or perform a contract.
  5. the right to request the restriction of personal data processing (Article 18 of the GDPR);
  6. the right to transfer personal data, i.e. the right to receive your personal data from us in a structured, commonly used and machine-readable IT format; you can send this data to another data administrator or request that we send your data to another administrator, however, we will do it only if such action is technically possible (Article 20 of the GDPR);
  7. the right to object to the processing of your data on the basis of our legitimate interest, which is not overriding your interest or your rights and freedoms, and the right to object to the processing of your data for direct marketing purposes (Article 21 of the GDPR).

To exercise the above-mentioned rights, please contact us via the Rebell Pay app Customer Service, the Website, e-mail: support@rebellpay.com or by traditional mail to the following address: Elixir Group SA, ul. Burakowska 16B lok. U1, 01-066 Warsaw.

We may not be able to exercise some of your rights, such as the "right to be forgotten", if safeguards are required, in particular to prevent the destruction of data or evidence based on and in accordance with the requirements of applicable laws and regulations. If you have a complaint about how we have handled your personal information, you can contact us and we will investigate.

You also have the right to lodge a complaint with the supervisory body dealing with the protection of personal data, i.e. the President of the Office for Personal Data Protection (Article 77 of the GDPR).

Office of the President of the Personal Data Protection Office (PUODO)
Address: Stawki 2, 00-193 Warsaw
Phone: 22 531 03 00

A list of all such bodies is available at https://ec.europa.eu/newsroom/article29/items/612080

Automated data processing

Your personal data is not processed in an automated manner, including profiling, except mentioned in “Marketing Automation” section.

Links to other websites

The server may contain links to other websites whose privacy policies may differ from ours. We are not responsible for the collection, processing or disclosure of personal information collected through other websites.

In addition, we are not responsible for the information or content posted on such sites. Links to other sites are provided for convenience only. Your use and browsing of such sites is subject to their terms of use as set out in their policies. Please refer to the privacy policies posted on such other sites that you may visit through our site.

Cookies Policy

The website uses cookies, which are IT data stored on the User's end device. These files do not interfere with the functioning of your device in any way. Cookies are used to:

  1. facilitate the User's use of the Website while browsing it;
  2. subsequent association of the user (however, without processing his personal data) in the event of reconnecting the Website to the device on which they were saved;
  3. ensuring security and preventing fraud and abuse;
  4. creating statistics that help to understand how the user uses websites, which allows improving their structure and content;
  5. adapting the content of the Website to specific user preferences and optimizing the use of websites, tailored to the individual needs of the user;
  6. user authentication;
  7. making content available on the Website in the highest possible quality.

Cookie files usually contain the name of the website they come from, their storage time on the user's end device and a unique number. As part of the Website, we use the following types of Cookies:

  1. "session" - they are stored in the user's end device until he leaves the website, turns off the web browser;
  2. "permanent" - stored in the user's end device for the time specified in the cookie file parameters or until they are deleted by the user;
  3. "necessary" - enable the use of the Website, i.e. authentication Cookies, Cookies used to ensure security, etc.;
  4. "Google Analytics cookies" - you should read the cookie policy available at:
    https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=pl.

The mechanism of operation of Cookies on the Website

Each User has the option to change the settings for Cookies in the web browser settings (after clicking on the name of the browser, you will be redirected to the appropriate website):

  1. Google Chrome;
  2. Internet Explorer;
  3. Microsoft Edge;
  4. Mozilla Firefox;
  5. Opera;

Disabling cookies in the browser does not deprive the User of access to the resources of our Website, however, disabling cookies necessary for authentication processes, security or maintaining the User's preferences may make it difficult, and in extreme cases even prevent the use of the Website. The web browser allows you to delete cookies.

Google Analytics

On the Website, we use Google Analytics - a web analysis service, based on our legitimate interest within the meaning of art. 6(1)(f) GDPR, in order to get to know the Users of our Website and optimize our offer for these Users (marketing and optimization purposes).

The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google uses this information to evaluate the use of our Website, to compile reports on Website activity and to provide other services related to the use of our Website. The IP address provided by the User's browser as part of Google Analytics is not combined with other Google data.

The user may prevent the collection of data generated by Cookies and related to his use of our Website (including the IP address) to Google and the processing of this data by Google by installing a plug-in provided by Google (after clicking the link, you will be redirected to an external website): https://tools.google.com/dlpage/gaoptout?hl=pl.

More information on the terms of data protection can be found at (after clicking the link, you will be redirected to an external website):
https://marketingplatform.google.com/about/analytics/terms/pl/ or https://policies.google.com/privacy?hl=pl/.

Data transfer to third countries is possible. Standard contractual clauses in accordance with Art. 46 GDPR. More information can be found here:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en

Marketing Automation

In the application we use marketing automation tool – Synerise in order to understand the user behavior and optimize our offer for these Users (marketing and optimization purposes).

The service provider is Synerise S.A. Zabłocie 43B, 30-701 Kraków, Polska.

Social media plug-ins

On the Website you can find plugins for social media. These plug-ins may send cookies (including user's personal data) to social networking sites. For information on the use of cookies by social networking sites, please refer to the privacy policies of those sites, links to which can be found below.

Facebook
https://www.facebook.com/privacy/explanation

Instagram
https://help.instagram.com/519522125107875

Additional information

The Website may include external links enabling Users to directly reach other websites, or while using the Website, Cookies from other entities, in particular from suppliers such as Google, may be additionally placed on your device in order to enable Users to use functionalities of the Website integrated with these websites. Each of the providers defines the rules for the use of cookies in its privacy policy, therefore, for security reasons, we recommend that you read the document regarding their privacy policy before using such websites.

Changes to the Cookies and Privacy Policy

In order to ensure compliance of the information provided with current legal requirements, we reserve the right to change the Cookies and Privacy Policy at any time. This reservation also applies to cases where the information on the protection of personal data must be adapted due to new or changed services and functionalities offered by our Website. The change of this Privacy and Cookies Policy will be made by placing a new text on the Website, which will enter into force automatically the next time you visit our website. Any previous versions of the Privacy and Cookies Policy will be made available upon request.

Quicko Privacy Policy

The integral part of Rebell Pay Privacy Policy in the area of facilitating Account (means an individual payment account maintained for the Customer by Quicko on the basis of the Quicko Agreement on Opening and Maintaining a Payment Account. A unique IBAN number is assigned to the account) and Quicko Card  (Payment card connected to Account issued by Quicko) is also Quicko Privacy Policy with access under the link: https://www.rebellpay.com/wp-content/uploads/2023/10/Quicko-Privacy-policy.pdf

Przejdź do góry