Privacy Policy
This Privacy Policy outlines the practices regarding the collection and processing of personal data by the Conmodum Group of companies (“Conmodum”, “we”, “us”, “our”). This group includes entities operating in the United Kingdom, Poland, Germany, and other regions.
This Privacy Policy applies to the services provided by Conmodum as described in our Terms & Conditions. It informs you about the purpose and extent of the collection and processing of your data when you use the ConmodumNET platform www.conmodum.com and/or the services available on the website.
Responsible entities
The data controller responsible for the collection and processing of your personal data in accordance with the EU General Data Protection Regulation (“GDPR”) are group entities:
CONMODUM SPZOO
Mlynska 16/Floor 8, 61-730 Poznan, Poland
Register number: KRS0001096724
Legal basis for processing of your personal data
Contract
Opening a payment account via the partners mentioned above requires the provision and processing of your data. For instance, your address is needed for card delivery, your phone number is needed for verification of payments, and your email for effective communication with you. These and other data required for opening and maintaining your payment account are processed by us and any other third parties who help us to provide you with services. The legal basis for this processing is that it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract (Art. 6(1)(b) GDPR).
Please note that for many of our services and features, without the necessary personal data we will not be able to fulfill our contractual obligations, and, therefore, we will likely have to refuse to enter into contract relations with you, or would terminate them.
Legitimate interests
Sometimes we need to collect and process your data by legitimate interests (Article 6(1)(f) GDPR). Examples of such processing include:
Consent
If you gave us consent to process your data for one or more specific purposes:
These data are processed according to Article 6(1)(a) GDPR. You can withdraw your consent at any time, for example by removing the photo or clearing your browser cache. However, keep in mind that the processing which took place before consent withdrawal remains in effect.
Legal obligation
When we or our partners are required to comply with any applicable laws, your data is processed according to Article 6(1)(c) GDPR. Some examples of processing here include verification of your identity and age, prevention of money laundering and fraud, as well as statutory tax reporting obligations.
When we process your data
Account opening
For you to agree to open a Conmodum account, we collect the following data: email, phone number, country of citizenship, country of residency, full name, address, browser and device information, and geolocation. To open an account, you give access to Conmodum to collect above mentioned data. Data will be used only for Conmodum internal analytics and Customer identification. The account can’t be used primarily for pornographic content, Chatroulette-style experiences, objectification of real people (e.g. “hot-or-not” voting), making physical threats, or bullying and other illegal activity. If customers use this content, their account can be deleted or suspended.When you see any content of them, you can report the customer us at info@conmodum.com.
Payment account opening
For you to agree to open a payment account, we collect the following personal data including but not limited to email, phone number, country of citizenship, country of residency, place of birth, full name, date of birth, whether you’re a US tax resident, employment status, address, Tax ID, IP, browser and device information, geolocation, details of your company. Data will be used for Conmodum internal analytics, Customer identification, and for Authorities if it will be requested.
Identity verification
We are legally obligated to verify your identity to open a payment account and perform certain actions after opening. Depending on the country and the type of verification that you select, this is done via one or more of the following: video identification procedure through a third-party service provider, and ID document verification. For this you need to provide a valid copy of your government-issued ID, and bank details of your payment account at another financial institution.
Card issue and delivery
Once you’ve opened your payment account, you may wish to order a virtual or physical card. To make and deliver a physical card to you, we process and transfer to our card delivery service providers your name, address, phone number, email, device ID, and the information about the bank account the card is tied to. If it is a virtual card, we process all of the data mentioned above, except your address.
Use of payment account
When you start using your payment account and Conmodum cards, in addition to some of the personal data provided for opening your account, we process the following:
Google Pay and Apple Pay
Adding your card to Google Pay or Apple Pay involves processing your card information and Google or Apple Wallet ID by us and our partners. Your card information is transferred to our partner’s service provider Visa/Mastercard, where it is tokenized (encrypted) and then, together with your address, phone number, and the last four digits of the card number, we pass it on to Google or Apple. They will use that encrypted card data to perform transactions whenever you pay using your mobile phone.
Multibanking & payment initiation
When you use multi-banking and/or payment initiation services you issue permission to display information about your business accounts in the Conmodum dashboard and initiate payment from various accounts via open banking. In this case, the data we process includes but is not limited to full name, transaction details (e.g. amount, date and time, sender/recipient name, description), your account balance, and customer ID.
Capital deposit & company registration
When you use company registration and capital deposit services, we together with our partners supporting these services process your name, date of birth, place of birth, address, email, phone number, employment status, and other details necessary to establish a company in your country.
When you contact us
When you contact us via support chat or by any other means, we may process such categories of personal data as your email, phone number, customer ID, language, and country, as well as any information about the standing of your account or details of your transactions, depending on the issue you are experiencing. We may also collect other information if you choose to share it with us. Please do not share any additional personal data or documents, either concerning yourself or other individuals, unless specifically requested by us.
When you visit our website
When you visit our website, we may automatically collect some personal data from your device. This information may include your IP address, date and time of the request, browser language, and version, operating system version or producer, information about your device, as well as some data about how you interact with our website (e.g. which website you came from, pages visited, links clicked). We do this to keep our website secure and to understand who visits it and which pages they find interesting, so we can improve the site and provide relevant content. Some of this data is collected using cookies.
Analytics
For analytics purposes, we process the personal data you provide us with, as well as the data created as a result of your use of our application. For example, we analyze how you interact with the website and make it more intuitive and easier for you to use, or to understand whether our products and services are customized to your needs so we can make changes and develop new products and services. In that case, these data are stripped of direct identifiers to provide an additional layer of protection.
Direct marketing
From time to time, we will contact you to tell you about our new products or services which we think may be of interest to you. This type of activity is considered direct marketing, and in this case, we rely on your consent or our legitimate interest to process your data for this purpose. If you wish to withdraw your consent or object to this processing, you can click on the “unsubscribe” link at the bottom of the email you receive from us.
Special categories of data
We do not intentionally ask you to provide information that belongs to a “special” category, like racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or biometric data to uniquely identify an individual, data concerning health or data concerning sex life or sexual orientation.
However, there may be circumstances where your transaction data reveals this more sensitive information. For example:
Taking into account this risk, we ensure that this information is fully protected in compliance with the GDPR.
Sharing your data with third parties
To provide you with certain functions and services, we have to share your data with partners, external third-party service providers, and related regulatory entities. They only process your data based on data processing agreements and by strict instructions, which do not allow them to use your data for any other purposes without notifying you or asking for your consent. Here are some of the categories of the parties we may share your data with:
We, our partners, service providers, and others may also be required to share your data with various financial institutions and/or enforcement agencies or court authorities to comply with applicable laws, prevent fraud, enforce an agreement we have with you, or protect our rights, property or safety, or the rights, property or safety of our employees or agents.
Before agreeing with any new partner, vendor, or service provider that will process your data, Conmodum verifies that the data transfer will be performed by the GDPR.
Based on your clear and explicit consent, we also process your data via Salesforce Sales Cloud services, that is a cloud-based CRM solution that is a key tool for sales, partnership, and account management. It is an important provider of software that we use for internal support. In particular, we use this internal support tool (software) in our business activities to store and track the progress of specific transactions and customer data (such as your first name, last name, email address, phone number, company name, and conversation details). These tools help manage customer interactions, track sales leads, and provide support services efficiently. Our primary objective (purpose) of processing your data with Salesforce and Intercom integration revolves around workflow enhancement and seamless data transmission. We aim to facilitate customer care in efficiently generating customers/leads within Salesforce through integrated and automated processes.
Data transfers to third countries
Conmodum stores and processes your data in the European Union (EU). But we cannot offer all our services by ourselves. A small number of our partners, service providers, or other parties may be processing the data in countries outside the EU or the EEA. In such cases, to ensure that your personal data receives a comparable level of protection, we employ appropriate safeguards, such as adequacy decisions and frameworks or Standard Contractual Clauses approved by the European Commission.
Automated decision-making and profiling
We process your data partially automatically to evaluate certain personal aspects (profiling). For example, we use machine learning and other techniques to prevent fraud and combat money laundering, terrorist financing, and asset-polluting crimes. Our monitoring model combines information from transaction details, customer profile data, and device session data. The approach is based on current fraud trends, best practices from our partners, and other sources. These measures serve to protect your interests and keep your deposits secure.
How long we keep your data
We keep your data for as long as it is necessary to achieve the purpose for which it was collected, usually for the duration of our contractual relationship plus any period thereafter as required by anti-money laundering or other applicable laws, or in case of potential or ongoing court litigation. When the purpose for processing is fulfilled, but we are required to keep the data, it will be restricted and stored in a secure archive. This period could range depending on the purpose, from 2 to 15 years after termination of your business relationship with us. Once that period is over, the data is anonymized/pseudo-anonymized.
Your rights
Data protection laws provide you with substantial rights to help you understand and control how your data is used. As a result, you have the right:
If you would like to exercise any of these rights or find out more about how we process your data, please contact us at info@conmodum.com. Reasonable access to your data will be provided at no cost. When you decide to exercise one of the rights mentioned above, we have 30 days from the time that you submitted your request to fulfill it or provide a reasonable explanation for why we cannot fulfill it, or if we cannot fulfill it in time.
Information security
To help protect the privacy of the data you provide using our website, we maintain physical, technical, and administrative safeguards to secure your information from unauthorized access and use, alteration, and destruction. We update and test our security technology on an ongoing basis; carefully assess security risks, including those associated with personal data, and work to mitigate them. Our approach is based on best practices of IT Security and industry requirements.
We restrict access to your data to those employees who need to know that information to provide services to you. In addition, we train our employees in the importance of confidentiality and maintaining the privacy and security of your data. We commit to taking appropriate disciplinary measures to enforce our employees' data protection responsibilities.
Also, we ensure that our partners and vendors have sufficient IT security measures and standards in place to process your data securely.
Changes and updates to this Privacy Policy
As our products and services develop over time, this Privacy Policy may change as well. While we reserve the right not to send you a notification every time, we will update this Privacy Policy at all times. We may email periodic reminders of our notices and terms and conditions and will notify you of material changes thereto, but we invite you to periodically check our site to see the current Privacy Policy and any updates that may have been made to it.
Rights
Under the Data Protection Legislation, you have certain rights in respect of the personal data we hold about you. These may include rights to request a copy of the personal data that we hold, request that we correct personal data if it is inaccurate, request that we erase or block your data, and to object to our processing of your data. These rights are limited in some situations. For example, if we have a legal requirement or a compelling legitimate ground we may continue to process your data even where you request its deletion.
If you would like to exercise any of these rights, please contact us using the details in the Contact section below.
You also have the right to make a complaint if you feel your data has been mishandled. We would encourage you to contact us in the first instance but you are also entitled to complain directly to your local data protection authority.