Privacy Policy

PLEASE READ THE PRIVACY POLICY CAREFULLY BEFORE CREATING YOUR ACCOUNT. IF YOU DO NOT AGREE WITH ALL OR ANY THESE TERMS, PLEASE LEAVE THE WEBSITE IMMEDIATELY AND DO NOT CONTINUE USING IT.

This Privacy Policy describes how your personal data is collected and processed by Neuronext Spółka z ograniczoną odpowiedzialnością and Associated companies when you, a natural person, user (the "User" or "You") access our website www.neuronext.pl ("Website").

The terms "Company", "we", "us", "our" or "Neuronext" shall refer to Neuronext Spółka z ograniczoną odpowiedzialnością. Neuronext Spółka z ograniczoną odpowiedzialnością is registered in Poland under company number 526699145. Registered address: St. Jana Dantyszka 18, Warsaw, 02-054, Poland.

We ask that you read this Privacy policy which was last updated on the date set out below ("Privacy Policy") carefully as it contains important information on who we are, how and why we collect, store, use, transfer and share personal information, your rights in relation to your personal information, and how to contact us and supervisory authorities in the event you have a complaint. This Privacy Policy should be read alongside, and in addition to any separate product or service agreement entered into between us from time to time.

Whenever we refer to the 'law' under this Privacy Policy we are referring to those laws all as amended from time to time. When we refer to 'information' or 'data' under this Privacy Policy we refer to your personal information.

We collect your personal information when you visit, use or interact with us online, and through our ads displayed through online services operated by us or non-affiliated third parties. We may use or share personal information collected to deliver products and services to you and for advertising purposes.

This policy shall be regulated by applicable laws and regulations of Poland.

General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) regulations shall be implemented for EU users. The Act of 10 May 2018 on Personal Data Protection, as amended (Data Protection Act) and the Act of 21 February 2019 (2019 GDPR Implementation Act) are also applicable.

The Company undertakes maximum efforts in order to protect your privacy. The Company uses the collected information about you to fulfil its contractual obligations and improve the customer service.

All the terms that have definitions in Terms and Conditions shall have the same meaning in this Privacy Policy. "Personal data" shall mean any information relating to an identified or identifiable living individual.

We ask for your consent when required, otherwise by using our Website and, you consent to the collection, use and sharing of your personal information subject to and consistent with applicable laws and other notices you may have received based on your relationship with us.

We are responsible as 'controller' of that personal information for the purposes of those laws. If you have any queries about this Privacy Policy or how we (may) collect, store or use your information, please contact us by email at info@neuronext.pl.

1. COLLECTION OF YOUR PERSONAL DATA

1.1. We may collect and process the following data about you:

Below is a list of types of personal information that we may collect and use when you apply for, or use any of our products or services.

Type of Description personal
information

Contact Your name, addresses, e-mail addresses, phone numbers and other ways in which to contact you

Transactional Details about the transactions you carry out and the payments to and from your accounts with us

Contractual Details about the products or services we provide to you

Locational Data we get about where you are. This may come from your mobile phone or the place where you connect a computer to the internet. It may also include locations where you used your card.

Behavioural Details about how you use products and services via our Platform from us and other organisations

Technical Details on the devices and technology you use

Communications What we learn about you from communications between us.

Public and Details about you that are in public records, such as the third-party Electoral Register, and information about you that is records publicly available on the internet. We also collect information about you which we receive from other companies, such as (without limitation) credit reference or fraud protection agencies (see below for more information).

Usage data Other data about how you use our products and services

Documentary data Details about you that are stored in documents in different formats, or copies of them. This could include things like (without limitation) your passport, driver's licence, photographs or birth certificate.

Consents Any permissions, consents or preferences that you give us

1.2. We may collect personal information about you (or your business) from other Associated companies and any of these sources:

1.2.1. Data you provide to us

This includes data given by you or your business, as well as data provided by people linked with you or your business' product or service, or people working on your behalf.

When you apply for our products and services
When you talk to us on the phone
When you use our website
In emails, web chats and letters
In surveys
If you take part in our competitions or promotions

1.2.2. Data we collect when you use our products or services

Payment and transaction data
Profile and usage data (including, without limitation, your security details, app or your website browser settings, marketing choices and data from the devices you use to connect to our Platform so we can provide you with our products or services).
We also use cookies and other internet tracking software to collect data while you are using our Website (as described in more detail below).

1.2.3. Data from third parties

Companies and business partners that introduce you to us;
Our service partners;
Our third-party vendors, including (without limitation) those that help us authenticate your identity;
Social networks and other technology providers (for instance, when you click on one of our Facebook or Google adverts);
Fraud prevention agencies;
Public information sources such as (without limitation) Companies House;
Third-party agents, suppliers, sub-contractors and advisers;
Market researchers;
Firms providing data services;
Government, law enforcement agencies, authorities and regulatory bodies to help the Company and Associated companies to comply with its legal obligations;

1.3. When processing personal data, as well as when performing other actions provided for in this policy, we use the following principles:

Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality (security)
Accountability.

2. USE OF YOUR PERSONAL DATA

2.1. We use your data for the following purposes:

2.1.1 To fulfil the obligations and to provide you with the services for which we have received your consent;

2.1.2 To understand your needs and preferences in using our services, to evaluate and understand the effectiveness of advertising materials that we provide;

2.1.3 To develop new and enhance existing service and product offerings, to notify you about changes related to our services;

2.1.4 To verify and check the identity of users who open and operate accounts in order to prevent fraud, deception, and other illegal activities;

2.1.5 To comply with legal requirements for anti-money laundering and counter-terrorist financing;

2.1.6 To ensure the security of our website, our services, and your account;

2.1.7 To support, respond and resolve your complaints and issues related to use of our services and the capabilities of our Website.

2.2. Below is a list of the ways that we may use your personal information and our reasons for doing so:

What we use your personal information for	Our reasons
Serving you
Managing our relationship with you or your business Developing and carrying out marketing activities Studying how our customers use products and services from us and other organisations Communicating with you about our and our business partners' products and services	Fulfilling our contract with you When it is our legal duty When you consent to it When it is in our legitimate interest: Keeping our records up to date Working out which of our products and services may interest you and telling you about them Developing products and services, our pricing for them and types of customers that may want to use them Asking for your consent when we need it to contact you
Improving our business
Testing new products Improving our products and services Managing how we work with other companies that provide services to us and our customers Developing new ways to meet our customers' needs and to grow our business	Fulfilling our contract with you When it is our legal duty When you consent to it When it is in our legitimate interest: Developing products and services, our pricing for them and types of customers that may want to use them Being efficient about how we fulfil our legal and contractual duties
Managing our operations
Delivering our and our business partners' products and services Making and managing customer payments Managing fees, charges and interest due on customer accounts Collecting and recovering money that is owed to us	Fulfilling our contract with you When it is our legal duty When it is in our legitimate interest: Being efficient about how we fulfil our legal and contractual duties Complying with rules and guidance from regulators
Crime prevention and managing risks
Identifying, investigating, reporting and preventing fraud, money laundering and other crime Managing risk for us and our customers Complying with laws and regulations Investigating and responding to complaints and feedback	Fulfilling our contract with you When it is our legal duty When it is in our legitimate interest: Developing and improving how we deal with financial crime, as well as doing our legal duties in this respect Being efficient about how we fulfil our legal and contractual duties Complying with rules and guidance from regulators
Business management
Operating our business in an efficient and proper way, including managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit	When it is our legal duty When it is in our legitimate interest: Being efficient about how we fulfil our legal and contractual duties Complying with rules and guidance from regulators
Carrying out our obligations arising from and exercising our rights set out in our contracts	Fulfilling our contract with you

2.3. We use aggregated personal data to understand how our users use our services, provided that those data cannot identify any individual. We also use third-party web analytics tools that help us understand how users engage with our website.

2.4. We can process and store your personal data only if the appropriate permission was obtained from you when using our services. Appropriate permission can be obtained both by sending the corresponding letter, and by performing actions when using the products, which separately specifies and explains the process of consent to the transfer of your personal data for various purposes specified in this Policy.

3. DISCLOSURE OF YOUR PERSONAL DATA

3.1 We may share your information with selected third parties including:

3.1.1 business partners, suppliers and independent contractors for the performance of any contract we enter into with them or you;

3.1.2 advertisers and advertising networks (only aggregated personal data);

3.1.3 analytics and search engine providers that assist us in the improvement and optimization of Website and related services;

3.2 We may also disclose your personal data if:

3.2.1 in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;

3.2.2 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or other terms; or to protect the rights, property, or safety of Company and Associated companies, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

3.3. We may share your personal information with other Associated companies.

3.4. Below is a list of the types of third parties that we may share your personal information with. We will only disclose personal information with such third parties for the reasons explained in this Privacy Policy.

Authorities
This means legal or other official bodies that include (without limitation):

Central and local government, and where applicable, any EU/EEA or any other international government agency
Local, EU/EEA or international law enforcement or fraud prevention agencies (where applicable)
FIU

Services
Third-party companies we work with to provide our services and products to you and to run our business:

Agents, business partners, suppliers, sub-contractors and advisers
Agents who help us to collect what is owed to us (for example, debt collection agencies)
Someone linked with you or your business's product or service
Other financial services and companies (to help prevent, detect and prosecute unlawful acts, money laundering or fraudulent behaviour)
Accountants (if you have one and have provided your consent to us sharing your information with them)
Companies you ask us to share your data with
If you have a product with benefits such as discount offers, we will share your data with the benefit providers.

General business
Third-party companies we use to help grow and improve our business.

Companies we have a joint venture or agreement to cooperate with
Organisations that introduce you to us
Market researchers
Advisers who help us to come up with new ways of doing business
Advertisers and technology providers that you use (such as third-party websites you visit, social networks, and providers of apps and smart devices)

3.5. In addition to the data sharing listed above, we may share or sell some data to other companies outside Company and Associated Companies, but only when it is converted so that no-one's identity can be known or found out and is no longer considered to be personal information under the law (it is anonymized).

3.6. Occasionally, at our reasonable discretion, we may include or offer products or services to you from our business partners (third parties). Business partner websites have separate and independent privacy policies that apply and we (and any other Associated company; or any of our company directors, officers, agents, contractors, sub-contractors or workers) have no responsibility or liability (however so caused) for the content, activities and services relating to those linked websites. (You can contact those third party business partners for more information on how they may use your information).

4. SECURITY AND STORAGE OF YOUR PERSONAL DATA

4.1. We have implemented security measures to ensure the confidentiality of your personal data and to protect your data from loss, misuse, alteration or destruction. Only authorised representatives have access to your personal data, and these representatives are required to treat the information as confidential. The security measures in place will, from time to time, be reviewed in line with legal and technical developments.

4.2. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

4.3. We will not sell, rent or lease your information to third parties. However, we may share your information with trusted third parties to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information. We will not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your explicit consent.

4.4. Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

4.5. We will keep your personal information as long as you are a client of the Company. We may keep your personal information for up to 10 years after you stop being a client. The reasons we may do this are:

To respond to a question or complaint, or to show whether we gave you fair treatment
To study customer data as part of our own research
To comply with legal rules that apply to us about keeping records

We may also keep your data for longer than 10 years if certain laws mean that we cannot delete it for legal, regulatory or technical reasons.

4.6. Under current GDPR law, you have the right to exercise the right to be forgotten. You must, either by means of a form on the Website or by sending an appropriate letter in any form, notify us of your desire to delete all information about you and stop processing your personal data. From the moment we receive the letter, we undertake, in turn, to answer your letter and fulfil your request without undue delay and at the latest within one month.

5. TRANSFER OF YOUR INFORMATION OUT OF THE EEA

5.1. The personal data that we hold will be stored in the European Economic Area (EEA), but may also be transferred to, and stored at, a destination outside the EEA, with and by third parties, to help us provide our products or run our services. If we do transfer your personal information outside the EEA, we will make sure that it is protected to the same extent as in EEA. We'll use one of these legal safeguards:

Transfer it to a non-EEA country with privacy laws that give the same protection as those under the EEA.
Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
Implement Binding Corporate Rules according to article 47 of GDPR.

6. USE OF COOKIES

6.1. We may use cookies to distinguish you from other users of our products or services. This helps us to provide you with a good experience, and also allows us to improve our products or services. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device when you visit our website. Cookies send information back to the originating website on each subsequent visit, or to another website which recognizes that cookie. Cookies also make it easier for you to log in and use our website.

6.2. We may use the following cookies:

Strictly necessary cookies required for the operation of our products or services (including, for example, cookies that enable you to log into secure accounts and use interactive features);
Analytical/performance cookies that allow us to recognize and count the number of visitors and users and see how they use the products or services (e.g. (without limitation) to help us improve the way our products or services work or are provided, by ensuring that users are finding what they are looking for easily);
Functionality cookies to help us recognize you when you return to our website (this enables us to e.g. (without limitation) personalise our content for you, greet you by name and remember your preferences, such as choice of language or region).
Targeting cookies to record your visit to our website, the pages you have visited and the links you have followed. We may use this information to make our products and services and the information displayed on it, which we reasonably think is more relevant to your interests. We may also share this information with third parties for this purpose.

6.3. You can block or disable cookies by activating the setting on your website browser that allows you to refuse the setting of all or some cookies. All browsers provide tools that allow you to control how you handle cookies: accept, reject or delete them. These settings are normally accessed via the 'settings', 'preferences' or 'options' menu of the browser you are using, but you could also look for a 'help' function or contact the browser provider. However, if you set your browser settings to block or disable all cookies (including essential cookies) you may not be able to access all or parts of our Platform for which we require the use of cookies.

7. MISCELLANEOUS

7.1. The Privacy Policy shall remain in full force and effect while you use the Website.

7.2. The Company reserves the right to modify the Privacy Policy at any time at the Company's sole discretion. They will notify you about amendments by automatic notification on the Website and inside the Application, but will not ask any actions to confirm that you agree. If you do not agree with the new amended version, then you must immediately discontinue your access to the Website and stop using all the Services. If you continue to use the Services, the amended Privacy Policy has legal force for you and your actions will constitute acceptance of the amendments.

7.3. Under the GDPR, you are entitled to the following rights:

Question any information about you that you think is incorrect and have us take reasonable steps to correct it for you.
To be told about how we process your information.
Require the erasure of personal information concerning you in certain situations.
Access personal information and copies (free of charge, where reasonable for us to do so at the time) concerning you collected by us in the course of our relationship with you.
Object at any time to processing of personal information concerning you for e.g. (without limitation) direct marketing.
Object to decisions being taken by automated means which produce legal effects concerning you or which similarly may significantly affect you.
Object in certain other situations to our continued processing of your personal information.
Otherwise, restrict our processing of your personal information in certain circumstances.
The right to move, copy or transfer your personal data (where reasonable and proportionate for us to do so).

For further information on each of those rights, including the circumstances in which they apply, see the guidances from the President of the Office of Personal Data Protection (Office of Personal Data Protection):

Stawki 2
00-193, Warsaw, Poland
www.uodo.gov.pl

If you would like to exercise any of those rights, please contact us by e-mail at: info@neuronext.pl, or by post at: St. Jana Dantyszka 18, Warsaw, 02-054, Poland.

7.4. We hope that our Data Protection Officer (DPO) can resolve any query or concern you raise about our use of your information. You can write to our DPO at info@neuronext.pl or ul. Jana Dantyszka, nr. 18, Warszawa, 02-054, Poland.

7.5. You can withdraw your consent to our processing of your information at any time. Please contact us if you want to do so by email at: info@neuronext.pl, or by post at St. Jana Dantyszka 18, Warsaw, 02-054, Poland. This will only affect the way we use information when our reason for processing your information is that you have provided your consent to that use. If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you. You then have the option to give us your consent again if you want to access our products or services.

7.6. We will employ adequate technical and organisational security measures to protect your personal information. We will use reasonable effort to ensure that your personal data is accurate, complete and up-to-date. Please ensure you notify us without undue delay of any changes to the personal data that you have provided to us by updating your details on the Platform or by contacting us at the details provided in this Privacy Policy.

7.7. We ensure that we comply with current GDPR laws, pay applicable fees and charges to exercise our customer privacy control function, and renew appropriate registrations in accordance with applicable GDPR regulations.

Last update: 17th day of March 2025