Your privacy is important to us. This Privacy Policy outlines how we collect, use, and protect your personal information when you interact with Damisa (Damisa Technologies Europe sp. z o.o. z, KRS: 0001088305 and/or  Damisa Technologies Pty Ltd, ACN: 682 846 966). 

We adhere to the EU General Data Protection Regulation (GDPR) and to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). So in this document the term "Data Protection Legislation" and “GDPR” means all applicable legislation relating to privacy or data protection in force from time to time, including the EU General Data Protection Regulation and Australian Privacy Law.

This Privacy Policy is relevant for website visitors and newsletter subscribers.

In this Privacy Policy we explain what data we collect, how we process it, and what rights you have as a data subject when using Damisa services (directly or indirectly). 

Who is the data controller?

The data controller is the entity that decides how your data is processed (e.g. how and for what purpose). 

In this case, it is:

Damisa Technologies Europe sp. z o.o. (Zelazna 51/53, 00-841 Warsaw) with its registered office in Warsaw, email address: privacy@damisa.xyz

or 

Damisa Technologies Pty Ltd with its registered office in Surry Hills, Australia, email address: privacy@damisa.xyz 

In connection with the GDPR regulations to ensure complete data processing compliance, we have also appointed a data protection officer (“DPO”), i.e. a person responsible for supervising the security of data processing and fulfilling the obligations imposed on the controller. 

You can contact the data protection officer (Bartosz Kapuscinski) via the postal or e-mail address given above.

What personal data will be collected?

While providing you with access to our website or newsletter service, we collect data which may include:

• E-mail addresses

• Internet Protocol (IP) addresses and unique device identifiers (UDIDs) and other data about the device you are using (web browser, operating system etc.)

• Information about visited webpages (we use Google Analytics to learn about our website visitors, for more information about how Google is processing your data go to https://policies.google.com/technologies/partner-sites)

Where do we get personal data from?

• Directly from you

In what purpose do we process the data?

For suppliers/customers and people affiliated to our suppliers/customers we process the data we collect for: 

• Providing and improving our products and services

• Personalizing your experience on our website

• To send you information about our services and products. If you do not wish to receive direct marketing information, you can contact the Privacy Officer at privacy@damisa.xyz or you can click the unsubscribe link within any marketing emails you receive from us and we will take steps to ensure that you do not receive any direct marketing information in future

How long will we process your personal data for?

We will only keep your personal data for as long as it is required for the purposes for which it was collected, or as required to comply with applicable law or to defend or enforce our legal rights. In most cases, this will be for one year but if you subscribed to our newsletter it will be as long as you will be subscribed.

Is it obligatory to provide us with your data?

No, of course not. But failure to provide data may result in the impossibility of providing the service.

What rights do you have for personal data?

You may request details of personal data we hold about you. You have the following rights:

• to access your personal data and know the origin of the data, the purpose of processing, as well as information about the data controller, processing entities (subcontractors and the entities to which they can be disclosed)

• opt out from analytics tracking

• withdraw your consent at any time, if personal data is processed on the basis of consent, but the withdrawal of consent does not affect the correctness of processing before its cancellation

• updating or correcting your personal data

• deletion of your personal data if there is no basis for further processing

• limitations of the processing of your personal data in a situation when the law allows it (e.g. in the course of handling complaints)

• obtain your personal data in an electronic format for your own needs or another controller

• file a complaint with the appropriate data protection authority: 

  • If you reside in the EEA: (more info here https://uodo.gov.pl/pl/83/155) 

  • If you reside in Australia: you may complain to the Privacy Commissioner, details of which can be found at www.oaic.gov.au

The above rights may be exercised by emailing our Privacy Officer at privacy@damisa.xyz including lodging a complaint with us. If you believe we have not adequately dealt with your complaint, you can contact the relevant data protection authority listed above. 

Are we using profiling or automatic decision-making tools?

In the case of data concerning suppliers/customers and people affiliated to our suppliers/customers, or employees and contractors, we do not use profiling or automatic decision-making tools.

Who will have access to personal data?

• Our employees, collaborators and subcontractors, in particular, will be the persons responsible for handling the recruitment process and the processes related to the performance of contracts on our side, but also the providers of the technology we use for communication and data storage. Some of these entities are from our group, and some are commercial service providers. In addition, in some cases, it may be our legal or tax advisors, whom we will involve if necessary, e.g. in the event of a dispute regarding the contract - under the authorization or relevant contract, such access does not require the consent of the data subject

• Google via Google Analytics 

• Entities authorized under the law (eg tax office or authorities responsible for combatting money laundering or terrorist financing) - such access does not require the consent of the data subject

• Other crypto asset related services providers while exchanging data about crypto transfers under Travel Rule regulation - such access does not require the consent of the data subject 

Data transfers

Our service is provided on a global platform. To offer our services, we may need to process and/or transfer your information among several countries including in particular the EEA and entities from our Group which are based in the UK and Australia. 

We will ensure that such transfer is in accordance with our obligations under Data Protection Legislation. For example, a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or Australia, or

• with whom we have put in place appropriate measures to ensure that data is adequately protected. These measures will usually include use of approved standard contractual clauses.

Security of your personal data

Damisa is committed to ensuring the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. 

Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.

The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Cookies

What are cookies?

Cookies are simple text files that are stored on your computer or mobile device by a website’s server. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier, website’s domain name, and some digits and numbers.

What types of cookies do we use?

Necessary cookies

Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our website and using its features. For example, these cookies let us recognize that you have created an account and have logged into that account.

Functionality cookies

Functionality cookies let us operate the site in accordance with the choices you make. For example, we will recognize your username and remember how you customized the site during future visits.

Analytical cookies

These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use the website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the website.

How to delete cookies?

If you want to restrict or block the cookies that are set by our website, you can do so through your browser setting.

Changes to this Privacy Policy

We reserve the right to update or change this Privacy Policy at any time. Any changes will be posted on this page, and the effective date will be updated accordingly. We encourage you to review this Privacy Policy periodically for any updates.