Information on Personal Data Processing,
Privacy Protection, and Cookie Use
Dear Visitor,
Thank you for visiting our website and showing interest in our services. In operating these websites and providing our services, we process personal data that you provide to us. The protection of this data is of utmost importance to us.
This document contains information regarding the processing of your personal data and your rights according to the Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") and Act No. 110/2019 Coll., on personal data processing ("Act").
Furthermore, this document provides information about cookies used on our websites in accordance with Act No. 127/2005 Coll., on electronic communications, as amended.
When this document mentions AML regulations, it primarily refers to Act No. 253/2008 Coll., on certain measures against the legalization of proceeds from criminal activity and the financing of terrorism, as amended, and related national and European generally binding legal regulations concerning AML and the implementation of international sanctions.
1. Controller of Personal Data and Data Protection Officer
CT Solutions s.r.o., with its registered office at Vojtěšská 211/6, Nové Město, 110 00 Prague 1, ID No. 17285429, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 369401 ("we"or"cts"), acts as the controller of personal data in the sense of the GDPR and the Act, determining the purposes and means of processing your personal data as data subjects."cts"
The processing of personal data under this document applies to any data processing by CTS, especially through the websites https://kvapay.com/, https://bitcomat.com/, https://kvakomat.com/, and through the device of the automat - Kvakomat (Bitcoin ATM).
In connection with the processing of personal data, our company has appointed a Data Protection Officer in accordance with the GDPR.
| Name and surname: | Ľuboš Horčík |
|---|---|
| Email: | gdpr@kvapay.com |
The Data Protection Officer oversees the personal data protection system within CTS. His duty is to advise us and our processors, who participate in the processing of personal data, on their obligations in the field of personal data protection. He also serves as a contact point for the supervisory authority.
2. Scope, Purposes, and Legal Basis for Processing Personal Data
CTS processes your personal data in the following situations:
- For the purposes of establishing your client account on kvapay.com as a payment gateway for digital assets (pre-contractual relationships), we process your name, surname, date of birth or personal identification number, if assigned, permanent residence address or another address within the range of street, descriptive number, municipality, postal code, and country, nationality. We process these data to be able to conclude a contract for setting up an account on the mentioned websites. The legal basis for processing personal data in the sense of GDPR is the performance of a contract.
- For the purposes of establishing your digital wallet, we process your name, surname, date of birth or personal identification number, if assigned, address of permanent residence or another address within the range of street, descriptive number, municipality, postal code, and country, nationality. These data are processed to conclude a contract for the creation of your virtual wallet. The legal basis for processing personal data is the performance of a contract.
- For the purposes of fulfilling obligations arising from AML regulations, especially for your identification when concluding a contract with us, for your identification in case of individual transactions, we process your name, surname, date of birth or personal identification number, if assigned, address of permanent residence or another address within the range of street, descriptive number, municipality, postal code, and country, nationality, type, and number of identity document (ID card, passport), image of your face. The legal basis for processing personal data is the fulfillment of obligations according to AML regulations.
- For the purposes of creating statistics and developing new products, we process data about your use of our websites and our services. This mainly includes data about services that you view on our websites, links you click, how you move around our website, as well as data about the device from which you view our website, such as IP address, derived location, device identification, its technical parameters, and information from cookies and similar technologies. The legal basis for processing personal data in this case is our legitimate interest.
- For the purposes of fulfilling the contract with you and providing our services, we process information about your transactions, their implementation, information about payments within transactions, etc. Without this processing, we could not provide you with our services. The legal basis for processing personal data in this case is the performance of a contract with you.
- For the purposes of handling your requests and for communication with you, we process information about your requests, your email address, name, surname, and possibly phone number. The legal basis for processing personal data in this case is our legitimate interest.
- For the purposes of fulfilling our legal obligations in the field of accounting, taxes, document management, and registers, we process data about fulfilling contracts with you, your name, surname, address, and possibly other data required by legal regulations. The legal basis for processing personal data in this case is the fulfillment of obligations established by legal regulations.
- For the purposes of protecting our interests and legitimate claims, we process your name, surname, address, and also data about fulfilling contracts with you as well as data about services that we provided to you. The legal basis for processing personal data is our legitimate interest.
- For the purposes of promoting our services and our company through newsletters, we process your name, surname, email address, based on your consent, or if you set up an account with us or order a service and do not refuse to receive commercial communications, also in accordance with legal regulations without your consent. The legal basis for processing personal data is either your consent or our legitimate interest.
In case of processing your personal data based on fulfilling contractual (or pre-contractual) obligations arising from a contract with you, due to the fulfilling legal obligations, especially obligations set by AML regulations, such processing is a condition for the provision of our services. If you do not provide us with personal data in the required scope, we cannot provide you with our services.
If the processing of your personal data on our part is based on a legitimate interest, the processing is carried out in connection with the adequacy balance tests developed by our company. If you do not provide us with the data, we could not pursue this interest. When processing your personal data, we respect your rights, adhere to the data minimization principle with regard to the purpose of processing, and follow the conducted balance tests. If you still believe that this processing violates your rights, you can object according to Art. 7 below. In such a case, we will limit the processing of your personal data until we prove the existence of legitimate reasons for such processing that outweigh your interest in not being subject to processing. If we do not prove this fact, we will no longer process your data for these purposes. If you file an objection against processing for the purpose of direct marketing, we will limit the processing without further ado.
Unless otherwise stated, the personal data we process is only obtained directly from you.
3. Who Do We Share Your Personal Data With?
In most cases, we process your data for the purposes we set as their controller. In such cases, we carry out the processing ourselves through our employees. Occasionally, it is necessary to use external service providers to properly provide our services, who process your personal data for us based on the purposes we set, especially:
- Service providers necessary for your identification and fulfilling obligations according to AML regulations;
- Providers of analytical and statistical tools;
- Providers of cloud services and other technology and support suppliers;
- Providers of marketing tools.
In some cases, we share your personal data with other persons in the position of controller. This happens when the provision of our service to you requires the service of a third party, when such a third party is the controller of personal data and itself determines the purposes of processing. This particularly includes
- Providers of payment systems for the purpose of ensuring payment, especially in connection with card payment; and
- Providers of legal services, auditors, and tax advisors.
In the case of processing your personal data through social networks, we are also joint controllers with the operators of individual social networks (especially Facebook, Instagram). In such a case, it is our duty to inform you about such processing, and we must demonstrate the legal basis for processing personal data. More information about processing personal data through Facebook and Instagram services can be found at:
| Facebook: | https://www.facebook.com/policy.php |
|---|---|
| Instagram: | https://help.instagram.com/155833707900388 |
If generally binding legal regulations require it, we are also obliged to provide your personal data to the relevant public administration and self-government bodies, especially administrative authorities and their bodies, bodies active in criminal proceedings, financial administration bodies, and tax administrators. In such a case, however, we only provide your data in the necessary scope determined by law.
4. Transfer to Third Countries
Most of the processing of personal data by our company and its partners takes place within the EU, the European Economic Area, the United Kingdom of Great Britain and Northern Ireland, or Switzerland. In some cases, however, we may also transfer your data to third countries that do not ensure an adequate level of protection of personal data within the framework of transferring to processors.
All such transfers, however, are carried out only based on a written contract that includes standard contractual clauses issued by the European Commission. We also continuously monitor the level of security and data protection at such a contractual partner.
5. Duration of Personal Data Retention
Within the framework of personal data processing, CTS retains your personal data for the period necessary to achieve the processing purpose, or for the period for which the retention of personal data is required by generally binding legal regulations. If you give us consent to process personal data, we process your personal data until you revoke the consent. This period may vary depending on individual purposes, but we always strive to minimize personal data processing and process only such a scope of data that is necessary to fulfill the purpose. After the purpose expires, we delete your data or anonymize it.
We process your personal data for the following duration:
- Data necessary for fulfilling the contract between you and our company are processed for the duration of the contract and further for the general limitation period increased by one year;
- Data necessary for fulfilling our obligations from AML regulations are processed for a period of 10 years from the moment of identification;
- Data necessary for resolving your requests and communication with us are processed for the time necessary to resolve the request and further for the general limitation period increased by one year; if we must also retain this data according to AML regulations, we keep it for the period mentioned above;
- Data necessary for fulfilling our obligations in the field of accounting, taxes, document management, and registers are processed for a maximum of 10 years;
- Data necessary for the protection of our interests and legitimate claims are processed for the duration of the general limitation period increased by one year and further for the duration of proceedings regarding disputed claims.
6. Automated Decision-Making and Profiling
Our company currently uses automated decision-making and profiling for the purposes of fulfilling obligations according to AML regulations, specifically for evaluating the snapshot of your face and comparing it with your identity document and your previous snapshots in our database.
In case of rejection, you have the right to request a review of the decision by a person.
7. Your Rights
As a data subject, you have a number of rights connected with the processing of your personal data by CTS in accordance with Art. 12 and subsequent GDPR in conjunction with the relevant provisions of the Act.
The primary right is your right to information about the processing of personal data. This right is realized by CTS through this document, in which you learn everything essential.
Your other rights according to GDPR are:
- The right to access personal data, i.e., the right to obtain confirmation whether personal data concerning you are being processed by CTS;
- The right to rectification, in case personal data concerning you are inaccurate;
- The right to erasure of personal data, in case there is no longer a purpose or legal basis for processing the personal data concerning you, if such processing is unlawful, if imposed by the supervisory authority, or if you have objected to processing and there are no overriding legitimate grounds for processing personal data
- The right to restrict processing if personal data,, according to your opinion, are inaccurate until we correct them, if there is no legal basis for processing, however, there was no deletion, personal data are not needed for processing, however, you need them for the determination, exercise, or defense of legal claims, or you have objected to processing and we are verifying whether there are prevailing legitimate grounds to continue processing personal data;
- The right to data portability, in case data processing is based on your consent or on a contract concluded with you and is carried out by automated means. In such a case, we will provide you with your data in a structured, commonly used, and machine-readable format for the purpose of transferring it to another controller;
- The right to object, in case data processing is based on a legitimate interest, in which case we limit processing until the assessment of the existence of prevailing legitimate grounds for processing your personal data, respectively, in case of processing for the purpose of direct marketing, we immediately cease processing your personal data for this purpose;
- The right to human review, of decisions within automated individual decision-making in case such automated individual decision-making takes place;
- The right to lodge a complaint with the supervisory authority,, which is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 727/27, Holešovice, 170 00 Prague 7.
The above rights are exercised based on a request sent by email to info@kvapay.com or in writing to the address of our company. In case of your request, we reserve the right to verify your identity first. We will process your request promptly, no later than one month from the receipt of your request, resp. verification of your identity. If, considering the complexity of the response or the number of requests, we find that it is necessary to extend the deadline, we may extend it by another two months. We will inform you about the extension within the first deadline along with the reasons for the delay.
8. Cookie Use Policies
Definition of Cookies
Cookies are small text files that are downloaded to your electronic device (e.g., smartphone, tablet, or computer) when you visit a website. The purpose of using cookies is to improve the overall experience of our websites and enable certain features (depending on the type of cookie).
Cookies that are necessary for the proper functioning of our websites may be set and used without your consent (so-called necessary cookies). All other cookies must be approved by you before they are set.
The processing of cookies itself cannot be assigned to a specific person. However, data obtained from them can be assigned to a specific person. More about the processing of such data above in Art. 2.
Types and Purpose of Used Cookies
From a temporal perspective, we distinguish between the following types of used cookies:
- Short-term (so-called session) cookies, which are temporary in nature and activate every time you visit a website and are deleted after you finish browsing; or
- Permanent (so-called persistent) cookies, which remain stored in your web browser until the set expiration date, unless you delete them before their expiration within your browser settings.
We use both short-term and permanent cookies on our website.
From a functional perspective, we distinguish between the following types of used cookies:
- Necessary cookies, i.e., cookies that enable basic functions of the website. These cookies allow you to use our websites and their basic functions. Any restriction of these cookies within your browser settings may significantly complicate or completely prevent browsing on our website. These cookies do not collect any information about you that could be used for marketing purposes, nor do they remember your browsing history. The use of basic cookies is our legitimate interest, so we do not need your consent to use them, but you can always refuse their use in your web browser settings. However, without the use of basic cookies, we cannot guarantee full functionality of our websites.
| Cookie | Type | Expiration | Description |
|---|---|---|---|
| cky-active-check | https | 1 day | The cookie is set by CookieYes to check if the consent banner is active on the website. |
| cookieyesID | https | 1 year | Unique identifier for visitors used by CookieYes with respect to the consent |
| cky-consent | https | 1 year | The cookie is set by CookieYes to remember the user's consent to the use of cookies on the website. |
| cookieyes-necessary | https | 1 year | This cookie is set by CookieYes and is used to remember the consent of the users for the use of cookies in the "Necessary" category. |
| cookieyes-functional | https | 1 year | This cookie is set by CookieYes and is used to remember the consent of the users for the use of cookies in the "Functional" category. |
| cookieyes-analytics | https | 1 year | This cookie is set by CookieYes and is used to remember the consent of the users for the use of cookies in the "Analytics" category. |
| cookieyes-performance | https | 1 year | This cookie is set by CookieYes and is used to remember the consent of the users for the use of cookies in the "Performance" category. |
| cookieyes-advertisement | https | 1 year | This cookie is set by CookieYes and is used to remember the consent of the users for the use of cookies in the "Advertisement" category. |
| cookieyes-other | https | 1 year | This cookie is set by CookieYes and is used to remember the consent of the users for the use of cookies categorized as "Other". |
| cky-action | https | 1 year | This cookie is set by CookieYes and is used to remember the action taken by the user. |
Functional Cookies: These are cookies that store information about you as a visitor to our website, such as language settings, time zone, enhanced content, and interface themes. We require your explicit consent to use these cookies.
Performance and Analytical Cookies: These cookies are used to understand how you, as a visitor, use our website. They help in tracking the number of visitors, compiling statistics about visitor movement on the website (including the number of page views, visits, and the time spent on each page), and monitoring clicks and conversions. This data helps us improve the quality of our services by collecting information about what you view most often. These cookies cannot be used to directly identify any specific visitor. We require your active consent to use these cookies.
| Cookie | Type | Expiration | Description |
|---|---|---|---|
| _ga | https | 2 years | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
| _gid | https | 1 day | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form. |
| _gat_gtag_UA_118766704_1 | https | 1 minute | This cookie is set by Google and is used to distinguish users. |
We also utilize third-party cookies, which are managed by a third party and allowed on our website by our company.
One such third-party service we use is:
Managing Your Cookie Settings
Upon your first visit to our website, a small popup window will appear informing you about our use of cookies. In this window, you can also choose which cookies you wish to enable. By selecting and clicking on 'Accept all,' you agree to the use of all types of cookies described above. By clicking on 'Preferences,' you can set individual types of cookies you allow us to use. Clicking on 'Reject all' will decline the use of cookies, except for the necessary ones. You can manage the use of cookies through this popup window or via your web browser settings:
9. Final provision
We reserve the right to change or update this document at any time in any extent to ensure it contains current information. If there are significant changes to the information in this document, we will notify you either through a general announcement on our main web pages or via email.