top of page

II. Data Protection Officer (DPO)

The Controller has appointed a data protection officer with whom Users may contact regarding the protection of their personal data by e-mail to: compliance@astra-v.com

V. Storage period of User data

Privacy Policy

I. Information about the controller of personal data of users of the ASTRA VENTURES online cryptocurrency service operated under the domain www.astra-v.com

The controller of the personal data of users (hereinafter referred to as "Users", and individually as "User") of the ASTRA VENTURES online cryptocurrency service operated in the domain www.astrav.com (hereinafter referred to as "Service" or “Website”), i.e. the entity deciding on the purposes and means of processing their personal data is ASTRA VENTURES Sp. z o.o. with its registered office in Warsaw, ul. Bartycka 22B/21A, 00 - 716 Warsaw, KRS no: 0001027371, e-mail address: compliance@astra-v.com, telephone number: +5491128677391 (hereinafter referred to as the "Controller").

A User is understood to be any natural person using the Service.

The User's personal data processed for the purpose of setting up and maintaining the Account shall be stored by the Controller for the period of maintaining the Account, i.e. until it is deleted by the User.

The User's personal data processed in order to provide the services mentioned in point III item 2 of this Privacy Policy shall be stored for a period of 5 years, counting from the date of termination of the business relationship with the Controller or from the date of execution of an occasional transaction in accordance with Article 49 of the AMLA.

Personal data from cookies stored on the User's terminal device will be stored for a period corresponding to the life cycle of cookies stored on the User's terminal device or until they are deleted from the device by the User.

User personal data processed for the purpose of sending marketing content by the Controller, including the newsletter, will be stored by the Controller until the User withdraws his/her consent to receive it.

If the storage of the User's personal data proves necessary to assert or defend a claim to which the Controller is entitled or against the Controller, the User's personal data may be stored until the court proceeding pertaining to the claim is finally ended and the decision made in the proceeding is enforced.

II. Data Protection Officer (DPO)

The Controller has appointed a data protection officer with whom Users may contact regarding the

protection of their personal data by e-mail to: compliance@astra-v.com

III. Purposes and legal basis of personal data processing

The personal data controller processes the Users' personal data for the following purposes:

1. in order for the User to set up and for the Controller to maintain a Customer Account (hereinafter

referred to as "Account") in the Service. The basis for the processing of User data in this case is

Article 6 (1) (b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council

of 27 April 2016 on the protection of natural persons in relation to the processing of personal data

and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to

as "GDPR"), i.e. the necessity of the processing for the conclusion and performance of the

agreement for maintaining the Account;

2. in order for the Controller to provide the following services to the User via the Service:

(a) Virtual Currency Exchange, which enables the Service Users to:

• sell Virtual Currencies on behalf of the Controller in exchange for other Virtual

Currencies;

• sell to the Virtual Currency Controller in exchange for cash (FIAT);

• purchase from the Virtual Currency Controller in exchange for other Virtual Currencies;

• buying from the Virtual Currency Controller in exchange for cash (FIAT);

(b) Virtual Currency Stock Exchange, which enables Service Users to:

• sell to the Controller Virtual Currencies in exchange for other Virtual Currencies;

• sell to the Virtual Currency Controller in exchange for cash (FIAT);

• purchase from the Virtual Currency Controller in exchange for other Virtual Currencies;

• purchase from the Virtual Currency Controller in exchange for cash (FIAT);

c) Cryptocurrency Wallet, which is used to store Virtual Currencies by Users.

The basis for the processing of the User's data in such a case is Article 6(1)(b) of the GDPR, i.e.

the necessity of the processing to provide the aforementioned services to the User;

3. for the purpose of the Controller's customer identification in performance of its obligation under

Article 34(1)(2) of the Polish Anti-Money Laundry Act of 1 March 2018. (hereinafter referred to as

"AMLA"). The basis for the processing of the User's data in this case is Article 6(1)(c) of the

GDPR, i.e. the necessity of the processing for the fulfilment of a legal obligation incumbent on the

Controller;

4. for the purpose of keeping statistics on the use of individual functionalities available on the

Service, facilitating the use of the Service and ensuring IT security of the Service. Personal data

concerning the User's activity in the Service and the amount of time spent on each subpage in

the Service, User's search history, location, IP address, device ID, data concerning the Internet

browser and User's operating system are then processed. The basis of the processing of the

User's data in such a case is Article 6(1)(f) GDPR, i.e. the Controller's legitimate legal interest in

processing the User's personal data;

5. for the purposes of marketing the Controller's services. The User's personal data provided while

creating and updating the Account, data concerning the User's activity in the Service, which are

recorded and stored by means of cookies, are then processed. The basis for the processing of

the User's personal data in this case is Article 6(1)(a) and (f) of the GDPR, i.e. the User's consent

to receive marketing content from the Controller and the Controller's legitimate legal interest in

conducting direct marketing of its services;

6. in order to determine, assert and enforce possible claims of the Controller and to defend against

possible claims of the User in court and out-of-court proceedings. The User's personal data

provided when creating the Account as well as other data necessary to prove the existence of the

claim or resulting from generally applicable legal regulations may be processed in this case. The

basis for the processing of the User's personal data in such a case is Article 6(1)(f) GDPR, i.e.

the Controller 's legitimate legal interest in processing the User's data.

If the basis for the processing of the User's personal data is his consent to the processing of his data,

i.e. Article 6(1)(a) GDPR, the User has the possibility to withdraw his consent at any time, which,

however, does not affect the legality of the processing of his data which was carried out on the basis of consent before its withdrawal.

IV. Recipients of personal data

Personal data may be disclosed by the Controller o the General Inspector for Financial Information as

required by the APSI. Personal data may also be entrusted by the Controller to other third parties

providing ongoing services to the Controller, e.g. in the field of legal or accounting services, as well as

in situations in which such an obligation clearly results from a demand of an authorized public authority

or from the applicable provisions of generally applicable law. Personal data may also be transferred to

the extent necessary to companies of the ASTRA VENTURES. Personal data may be transferred to

countries outside the European Economic Area, but only to such countries for which the European

Commission has issued a decision declaring an adequate level of personal data protection within the

meaning of Article 45 GDPR.

The Controller shall each time ensure that the entities to which the Users' personal data will be entrusted

are entities which guarantee a high level of protection of such data, and that appropriate contracts for

entrusting the processing of the Users' personal data are signed with the entities with which this is

required.

V. Storage period of User data

The User's personal data processed for the purpose of setting up and maintaining the Account shall be

stored by the Controller for the period of maintaining the Account, i.e. until it is deleted by the User.

The User's personal data processed in order to provide the services mentioned in point III item 2 of this

Privacy Policy shall be stored for a period of 5 years, counting from the date of termination of the

business relationship with the Controller or from the date of execution of an occasional transaction in

accordance with Article 49 of the AMLA.

Personal data from cookies stored on the User's terminal device will be stored for a period corresponding

to the life cycle of cookies stored on the User's terminal device or until they are deleted from the device

by the User.

User personal data processed for the purpose of sending marketing content by the Controller, including

the newsletter, will be stored by the Controller until the User withdraws his/her consent to receive it.

If the storage of the User's personal data proves necessary to assert or defend a claim to which the

Controller is entitled or against the Controller, the User's personal data may be stored until the court

proceeding pertaining to the claim is finally ended and the decision made in the proceeding is enforced.

VI. Users' rights related to the processing of their personal data

A. Right to withdraw consent

The User has the right to withdraw consent at any time if the processing of their personal data is based

on that consent. Consent for data processing may be withdrawn by sending the Controller a declaration

indicating such a wish, e.g. in the form of an e-mail message. The withdrawal of the consent shall be

effective from the moment the Controller receives the aforementioned statement. Withdrawal of consent

does not affect the lawfulness of the processing of the User's personal data carried out by the Controller

before its withdrawal.

Legal basis: Article 7(3) of the GDPR

B. Right to demand access to data

The User has the right to obtain confirmation from the Controller as to whether his/her personal data are

being processed and, if this is the case, has the right to:

(a) obtain access to his/her personal data;

(b) obtain information on: the purposes of the processing, the categories of personal data processed,

the recipients or categories of recipients of that data, the intended period of storage of the User's data

or the criteria for determining that period, the User's rights under the GDPR and the right to lodge a

complaint with the supervisory authority, the source of that data, automated decision-making, including

profiling, and the safeguards applied in connection with the transfer of that data outside the European

Economic Area;

(c) obtain a copy of your personal data.

Legal basis: Article 15 GDPR

C. Right to rectification

The User has the right to rectify and complete the personal data they have provided. The User may do

so by submitting a request to rectify such data (if incorrect) or to complete it (if incomplete).

Legal basis: Article 16 GDPR

D. Right to erasure ("right to be forgotten")

You have the right to request the erasure of all or some of the data concerning you.

The User may request the erasure of their personal data if:

(a) the User's personal data are no longer necessary for the purposes for which they were collected or

for which they were processed;

b) the User's personal data are processed unlawfully;

c) to object to the processing, if its basis is the legitimate legal interest of the Controller;

d) the personal data must be erased in order to comply with a legal obligation under Union law or the

law of a Member State to which the Controller is subject;

(e) the personal data were collected in connection with the offering of information society services.

Despite the request for erasure of personal data in connection with the filing of an objection, the

Controller may continue to process the User's personal data to the extent necessary for the

establishment, assertion or defence of claims, and to the extent necessary to comply with a legal

obligation requiring processing under Union law or the law of a Member State to which the Controller is

subject.

Legal basis: Article 17 GDPR

E. Right to restrict processing

You have the right to request the Controller to restrict the processing of your personal data, i.e. not to

undertake any processing activities in relation to them beyond the mere storage thereof, in the following

cases:

(a) where he/she questions the correctness of his/her personal data - for a period allowing him/her to

verify the correctness of the data;

b) when the processing of the data is unlawful, but the User opposes its erasure by requesting instead

the restriction of the processing;

c) when the User's personal data are no longer necessary for the purposes for which they were collected

or used, but they are necessary for the establishment, assertion or defence of claims;

d) where the User has objected to the use of his/her data, in which case the restriction shall take place

for the time necessary to consider whether the protection of the interests, rights and freedoms of the

User outweighs the interests pursued by the Controller in processing his/her personal data.

Legal basis: Article 18 GDPR

F. Right to data portability to another controller

Where the User's personal data are processed by the Controller on the basis of the consent given by

the User or for the purpose of entering into a contract with the User (Article 6(1)(a) and (b) of the GDPR),

the User has the right to receive in a structured, commonly used readable format the personal data that

the User has provided to the Controller, and has the right to transfer this personal data to another

controller without hindrance from the Controller, provided that this is technically possible.

Legal basis: article 20 GDPR

G. Right to object to processing

The User has the right to object at any time to the processing of his/her personal data where the

processing is based on the legitimate legal interest of the Controller (Article 6(1)(f) GDPR). If the User's

objection proves to be justified, and the Controller has no other legitimate legal basis for processing the

User's personal data, as well as a basis for determining, asserting or defending his/her claims, the

Controller shall delete the User's personal data to the use of which the User has raised an objection.

Legal basis: Article 21 GDPR

If, in the exercise of the above-mentioned rights described in items A-G), the User submits a request to

the Controller, the request shall be met or refused immediately, but no later than within one month of its

receipt. However, if, due to the complexity of the request or the number of requests, the User is unable

to comply with the User's request within one month, it will be complied with within a further two months

after informing the User of the need to extend this period.

H. Right to lodge a complaint with a supervisory authority

If the User considers that the right to data protection or other rights granted to the User under the GDPR

have been violated, the User has the right to lodge a complaint with the supervisory authority - the

President of the Office for Personal Data Protection.

Legal basis: Article 77 GDPR

VII. Voluntariness of providing personal data

Providing personal data by the User is always voluntary, but it is necessary in order to contact the

Controller through the contact form and in order to conclude and perform the contract between the User

and the Controller and to serve the User as the Controller 's customer. If the User does not provide the

data, it will not be possible to contact the Controller to conclude and perform the contract between the

User and the Controller or to serve the User as the Controller 's customer.

VIII. Possibility of profiling the Users' personal data by the Controller

The Users' personal data concerning their preferences, behaviour and choice of marketing content may

be used as the basis for making automated decisions in order to determine the sales opportunities of

the Service. Therefore, pursuant to Article 21(2) of the GDPR, all Users have the right to object to the

processing of their data by the Controller for this purpose.

IX. Data collected automatically upon entering the website of the Service (cookie files)

The Controller informs that while using the Website, short text information called "cookies" are stored in

the User's end device. Cookie files contain such IT data as: the IP address concerning the User, name

of the website they come from, time of their storage on the User's end device, recording of parameters

and statistics and a unique number. Cookies" are directed to the Service server through a web browser

installed in the User's end device. Cookies are used on the Website in order to:

a) maintaining technical correctness and continuity of the session between the Service server and

the User's final device;

b) optimisation of use of the Website by User and adjustment of their display on User's end device;

c) ensuring safety of use of the Service;

d) gathering statistics on visits to websites of the Service, supporting improvement of their structure

and content;

e) display on the User's terminal equipment of advertising content optimally adapted to his/her

preferences. Within the Service there are two types of "cookies" used: "session" and

"permanent". "Session" "cookies" are files subject to automatic removal from the final device of

the User of the Service after his/her logging out from the Service or after leaving by him/her the

websites of the Service or after switching off the web browser. "Permanent" files "cookies" are

stored in the terminal equipment of User for the time specified in the parameters of files

"cookies" or until their removal by User. "Permanent" "cookies" are installed in the User's

terminal equipment only with his/her consent. The Controller informs that:

• Internet browsers by default accept the installation of "cookies" in the final device of the

User. Each User of the Website may at any time change the settings concerning

"cookies" in the Internet browser used by him in such a way that the browser

automatically blocks the use of "cookies" or informs the User of their placement in his

terminal equipment each time. Detailed information on the possibility and methods of

using cookies is available in the settings of the Internet browser used by the Service

User.

• Restricting the use of cookies by a User may adversely affect the correctness and

continuity of the provision of Services on the Website. Cookies installed in Service

User's end device may be used by advertisers or business partners cooperating with

the Controller. Cookies may be considered personal data only in connection with other

data identifying identity, provided to the Controller by the User while using the Service.

Only the Controller has access to cookies processed by the Website's server.

If the User does not agree to save and receive information in cookies, he/she can change the rules

regarding cookies by means of the settings of his/her Internet browser.

X. Changes to the Privacy Policy

If it is necessary to update the information contained in this Privacy Policy or if it is necessary to ensure

its compliance with the applicable laws or technological conditions of the functioning of the Website, this

Privacy Policy may be amended. Users will be informed of any changes to the Privacy Policy through a

notice displayed on the Website.

XI. Contact with the Controller

Contact with the Controller is possible via e-mail at the address: compliance@astra-v.com or by phone

at: +5491128677391

bottom of page