Privacy Policy
Please read this privacy policy before using https://simplio.io website (hereinafter the "Website") and/or mobile application Simplio (hereinafter the "Application") to understand our views and practices regarding your personal data and how it is treated.
SIMPLIO TECH s. r. o., a company registered in the Business Register of the District Court Bratislava I under Insert No.: 155287/B, Identification Nr: 54 060 028, having its registered seat at Bancíkovej 1/A, Bratislava –Ružinov 821 03, Slovak Republic (hereinafter the "us", 'we", "our") is committed to protecting and respecting the privacy of our users who use our services. In order to ensure transparency, this policy, together with our Terms of Use and Cookie Policy, defines the basis by which any personal data we collect from you, or that you provide to Us, will be processed by us.
By clicking the „accept button“ you accept and consent to the practices described in this policy. If you do not agree with any aspect of this policy, you should immediately discontinue access or use of our services.
Our services contain links to and from the websites of our partner networks, advertisers and affiliates, as well as game providers. If you follow a link to any of these websites, please note they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
What is personal data processing?
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We are a private limited company providing services to the general public. For the purpose of the Regulation (EU) 2016/679 General Data Protection Regulation (GDPR) or any equivalent regulation (collectively Data Protection Law), we are the data controller determining the means and purposes of processing personal data in relation to our services.
We undertake to use, collect and process personal data in such a way that the user and other persons close to the user do not suffer harm to their rights, in particular, to protect against unauthorized interference with the private and personal life of the user and their relatives.
Sources and categories of personal data processed
We will limit the storage of your personal data to the extent that storage is necessary to serve the purpose(s) for which the personal data was processed, to resolve disputes, enforce our agreements, and as required or permitted by law. We may collect and process the following data about you:
CONCLUSION OF THE AGREEMENT
We process your personal data for the purposes of proper performance of the agreement, being the registration and creation of a user account and the subsequent use of individual functionalities of the website, application, products and services offered by us. We process your personal data for these purposes on the legal basis of performance of the Agreement pursuant to Article 6 (1)(b) of the GDPR and fulfillment of a legal obligation pursuant to Article 6 (1)(c) of the GDPR to the following extent:
e-mail address, phone number, name, surname, personal number or date of birth, if no personal number has been assigned, permanent address or other residence, nationality, type and number of identity document; picture of the identity document, information on the purpose and intended nature of the transaction, whether the data subject is a politically exposed person, information on the origin of financial funds, place of birth, age, sex, citizenship, utility bills, photographs or signature;
Other Identifiers such as identity document type and number, country and authority that issued the ID, date of expiry of ID, or other identification cards;
Transaction Information such as transaction details including the name of the counterparty, the amount, timestamp, cryptocurrency addresses, payment account number, annual turnover, deposit and withdrawal frequency or amount; and
Residual information such as information about the purpose of account use, investment experience or details about legal procedures.
The range of the above listed personal data might differ depending on the level of registration, when for part of our services is only a registration providing an e-mail address required, while to have full access to all services including crypto purchase services, we need to perform a proper verification according to the applicable anti-money laundering laws.
The provision of personal data shall constitute compliance with the requirement to conclude an agreement and, after a successful registration, also the fulfilment of a contractual requirement; as well as fulfilment of the legal obligations. You are not obliged to provide us with these personal data. However, the possible consequences of not providing the personal data shall constitute the impossibility to register and the impossibility to conclude the agreement. The retention period of personal data under this clause shall constitute the period from the conclusion of the agreement, during the performance of mutual obligations, until the expiration of the period for exercising any rights and legal claims arising from the agreement and applicable laws.
POST-CONTRACTUAL OBLIGATIONS
We process your personal data even after the completion of the fulfilment of obligations arising from the agreement (especially the provision of the service). In fact, both parties to the agreement have the right to exercise claims for liability for defects and damages as well as to make complaints and they also have a statutory or contractual right to withdraw from the agreement. For the purposes of making a complaint, withdrawing from the agreement, exercising claims for the liability for defects and damages (the “Post-contractual Obligations”), we process your personal data on the legal basis of statutory obligation pursuant to Article 6(1)(c) of the GDPR to the extent specified in above defined clause as well as data on the service subject to the complaint and data provided when making the complaints.
The provision of personal data pursuant to this clause shall constitute fulfilment of the statutory requirement, which creates an obligation for you to provide us with the data. The possible consequences of failing to provide these data shall constitute the impossibility to fulfil our obligations under the Post-contractual Obligations arising from both the contractual provisions and laws. The retention period of personal data shall be the period from the date of exercising the claim for performance arising from the Post-contractual Obligation until the end of the provision of our performance and possible subsequent settlement of mutual performances (for example, until the legal proceedings are finally completed).
In addition to processing your personal data on the legal basis of statutory obligation, we also process your personal data for the purpose of exercising our claims only. These are, for example, cases where, due to non-compliance with the contractual conditions, we have a receivable owed to us by the Customer, or where damage has been inflicted on us. In such a case, we process your personal data on the legal basis of legitimate interest pursuant to Article 6(1)(f) of the GDPR to the following extent: data contained in the agreement pursuant, data processed within the process of making a complaint, data kept by third parties (e.g. data kept in books).
The purpose of the processing of your personal data pursuant to this clause of this document is our legitimate interest, being the protection of our property and protection against unjust enrichment, and you shall tolerate this processing even without your consent. The retention period of personal data shall constitute the statutory limitation period of individual rights and the limitation period for the exercise of individual claims arising from the contractual relationship as well as from breaches of laws in force during the validity of the agreement.
With regard to each of your visits to the Website or the use of the Application we may automatically collect the following information:
Technical information such as the Internet protocol (IP) address used to connect your computer to the Internet, mobile network information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
Usage Information such as details about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Data we receive from other sources.
We may receive information about you as required or permitted by applicable law, if you use any of the services we provide.
In particular we obtain information about you from compliance & identity verification agencies and public databases for purposes of KYC and client due diligence in order to comply with our obligations under anti-money laundering and counter-terrorist financing laws and other regulations.
From time to time, we may process additional data about you to ensure our services are not used fraudulently or for other unlawful activities. In such cases, processing is necessary for us to continue to perform our contract with you and others.
Purpose for processing personal data
The lawful reason for processing personal data is
performance of the contract between you and the data controller pursuant to Article 6(1)(b) GDPR,
fulfilling the legal obligations of the data controller under the anti-money laundering and counter-terrorist financing laws (in particular the obligation to identify the client and monitor the client` activities) and under the regulations on tax and accounting records;
the legitimate interest of the data controller in providing direct marketing pursuant to Article 6(1)(f) GDPR,
your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR.
The Company declares that it considers all personal data of the user to be confidential.
We will use the data you give to us only to:
To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.
To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
To notify you about changes to our service.
To ensure that content from our site is presented in the most suitable manner for you and for your devices.
We will use the data we collect about you only to:
To administer the Website and the Application and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
To improve the Website and the Application to ensure that content is presented in the most effective manner for you and for your devices.
To allow you to participate in interactive features of our services, when you choose to do so;
As part of our efforts to keep our services secure.
To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
To make suggestions and recommendations to you about goods or services that may be of interest.
We may combine the data we receive with data you give to us and data we collect about you. We may use this information and the combined information only for the purposes set out previously.
There is no automatic individual decision-making by the data controller within the meaning of Article 22 GDPR. You have given your explicit consent to such processing.
Minors
To use the service, you must be over the age of eighteen (18). We do not knowingly collect personal data from children under the age of eighteen (18) and do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the service.
We require the individual to close their account and do not allow individuals to access any of our services if the individual submitting personal information is younger than the age of eighteen (18).
We will also take steps to delete such data as soon as possible.
Cookies
The Website uses cookies to distinguish you from other users of our Website. For details please refer to our Cookie Policy.
Recipients of personal data
We are committed to allow your personal information to be accessed only by those who have a legitimate purpose or perform their tasks and duties. We never sell or otherwise pass on your data to a third party unrelated to the provision of our services.
We may share your personal information with any member of our group, which means our subsidiaries, our holding company and its subsidiaries.
To a limited and necessary extent, we may share your information with selected third parties including:
Business partners (including prospective buyers of our business), suppliers (including compliance & identity verification agencies) and sub-contractors for the performance of any contract we enter into with them or you;
Law enforcement agencies, officials, or other third parties when we are compelled to do so by respective legal procedure;
Analytics and search engine providers that assist us in the improvement and optimization of our services.
Storage of your personal data
The data that we collect from you may be transferred to, and stored at, a destination inside the European Economic Area ("EEA"). All information you provide to us is stored on secure servers. We use computer safeguards such as firewalls and data encryption, and access to personal information is authorized only for those employees who require it to fulfill their job responsibilities.
We declare that it has taken all appropriate technical and organizational measures to secure your personal data. At the same time, we would like to point out that no method of data transmission over the Internet is 100% secure and reliable, and therefore the absolute security of your personal data can never be guaranteed.
We have taken technical measures to secure data storage and storage of personal data, in particular: passwords, secure operating system, encryption of data communication and encryption of storage, and maintains an up-to-date antivirus program and all other software.
We declare that only persons authorized by it and only to the extent necessary have access to the personal data.
Data retention period
The data controller stores personal data
for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the data controller and to assert claims under these contractual relationships (for a maximum period of 10 years from the termination of the contractual relationship);
data on individual transactions are retained for 10 years after the execution of each transaction; and
for a period of time before consent to the processing of personal data for marketing purposes is withdrawn, but no longer than 5 years if the personal data is processed on the basis of consent.
After the expiry of the retention period, the data controller will delete the personal data.
Your rights
Under the conditions set out in the GDPR in law, you have
the right of access to your personal data under Article 15 of the GDPR,
the right to rectification of personal data pursuant to Article 16 of the GDPR or restriction of processing pursuant to Article 18 of the GDPR,
the right to erasure of personal data (including cancellation of your registration) pursuant to Article 17 GDPR,
the right to object to processing pursuant to Article 21 GDPR (if your personal data is processed on the basis of Article 6(1)(e) or (f) GDPR),
the right to data portability (which you yourself have provided to the data controller) under Article 20 of the GDPR, and
the right to withdraw consent to processing in writing or electronically to the address or email of the data controller.
If you believe that your right to personal data protection has been violated, you also have the right to file a complaint with the Office for Personal Data Protection, as the competent supervisory authority.
When we receive an individual rights request via email we may take steps to verify your identity before complying with the request to protect your privacy and security.
Your rights to personal information are not absolute. Access may be denied when it is frivolous, vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by applicable law. Any request may be subject to a fee to meet our costs if applicable law not stated otherwise.
We will communicate any rectification or erasure of your personal information or restriction of processing to each recipient to whom your personal information has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.
Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate (material change), notified to you by email. Please check back frequently to see any updates or changes to our privacy policy. We may provide additional information about the data collection, use and sharing practices of some specific services. These announcements may supplement or clarify our privacy policy practices or may provide you with additional choices about how we process your data.
Contacting us
You may exercise your rights as set out above, as well as any questions or complaints, by emailing our Data Protection Officer at
If you would like to make a complaint because your rights should be infringed, we encourage you to contact us first at the above-mentioned email address to resolve your issue informally. You may refer your complaint to the relevant regulator where you live or work or in the place where the alleged breach of data protection law has taken place.
The relevant data protection authority for the Slovak Republic is Office for Personal Data Protection, with its address at Hraničná 12, 820 07 Bratislava 27, Slovak Republic. For more information, please visit https://dataprotection.gov.sk.
Effective Date: September 23, 2022