Privacy policy

§ 1. GENERAL PROVISIONS AND DEFINITIONS 

  1. Your data Controller is Big Red Horse sp. z o.o. with registered office in Warsaw (01-141), ul. Wolska 88, for which the District Court for the Capital City of Warsaw in Warsaw, 13th Business Division of the National Court Register, keeps a registration file no.: 0000966917, NIP [tax ID]: 5273002590, REGON [tax ID]: 52137685100000, share capital PLN 676,150.00.
  2. The Controller may be contacted via e-mail at hello@shardapp.coor its postal address as indicated above.
  3. Definitions: 
  1. Cookies – small text files saved and stored on the devices on which the User accesses the Services. 
  2. Personal Data – information on an identified or identifiable individual. An identifiable individual is a person who can be directly or indirectly identified, particularly on the basis of an identifier such as their name and surname, identification number, location data, Internet ID or one or several specific parameters defining the individual’s physical, physiological, genetic, psychological, economic, cultural or social identity; 
  3. Profiling – means any form of automated personal data processing, which involves the use of personal data to evaluate certain personal parameters of an individual, including but not limited to an analysis or forecast of aspects concerning the individual’s performance, his or her economic situation, health, personal preferences, interests, credibility, behaviour, location or movement; 
  4. Processing – means an operation or a set or operations performed on personal data or sets of personal data in an automated or non-automated way such as collecting, recording, arranging, ordering, storing, adapting or modifying, downloading, viewing, using, disclosure by sending, dissemination or any other type of sharing, customisation or combining, restriction, deletion or destruction; 
  5. Services – digital services as defined in Article 2.5a of the Consumer Rights Act of 30 May 2014 (Journal Laws of 2020, item 287, as amended),  including but not limited to services performed online by the Service Provider, detailed in these Terms and Conditions, involving in particular trading in crypto assets and copy trading.  
  6. Device – an electronic device which enables processing, receiving and sending data, such as the laptop, computer, smartphone, tablet, mobile phone. 
  7. User – means an entity to which online services may be provided or with which an Online Service Agreement may be concluded. 
  8. Terms and Conditions – means a document which sets forth the terms and conditions of the use of Services, available at  www.shardapp.co
  9. Providers – third parties which provide or may provide content or services, including without limitation payment vendors;

§ 2. LEGAL BASIS AND PURPOSE OF PROCESSING THE USER’S PERSONAL DATA 

  1. Personal data collected by the Controller are processed in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”) as well as the Personal Data Protection Act of 10 May 2018 (Journal  of Laws of 2019, item 1781) and the Act on the Provision of Online Services of 18 July 2002 (Journal of Laws of 2020, item 344). 
  2. The Controller processes personal data provided or made available by the User in connection with offering Services, for the following purposes: 
    1. to conclude and perform the online service agreement and ensure the necessary functionality of the service (scope of data: IP addresses virtual currency wallet address, e-mail address, telephone number and other necessary data concerning the Device used by the User) – i.e. on the basis of Article 6.1b of the GDPR, i.e. due to the fact that the processing is necessary to perform the agreement to which the data subject is a party, 
    2. to inform the Users about matters related to the performance of the Service (scope of data: e-mail address, telephone number, data concerning the Device used by the User) – on the basis of Article 6.1b and 6.1f of the GDPR, i.e. due to the fact that the processing is necessary to perform the agreement to which the data subject is a party and that it serves the purposes arising from legitimate interests pursued by the Controller or by a third party, 
    3. to pursue claims and protect rights (scope of data: any data obtained from the User required to prove the existence of a claim or to protect rights) – on the basis of Article 6.1f of the GDPR, i.e. due to the fact that the processing is necessary for purposes arising from legitimate interests pursued by the Controller or by a third party, 
    4. to fulfil the legal obligations of the Controller in connection with its business activity, including but not limited to as an institution obliged under the Act on Counteracting Money Laundering and Financing Terrorism (scope of data: any data obtained from the User) – on the basis of Article 6.1c of the GDPR, due to the fact that the processing is necessary for compliance with the Controller’s legal obligations, 
    5. to conduct own marketing and promotional operations (scope of data: all data obtained from the User) – under Article 6.1f of the GDPR, 
    6. to conduct marketing and promotional operations on the basis of a separate consent (Article 6.1a of the GDPR), where such consent may be withdrawn at any time without affecting the lawfulness of the processing performed on the basis of the consent prior to its withdrawal,
    7. to send commercial and marketing messages online under Article 10.2 of the Act on the Provision of Online Services of 18 July 2002 (Journal of Laws of 2017, item 1219, as amended), including without limitation to send notifications (scope of data: all data obtained from the User) – on the basis of a separate consent (Article 6.1a of the GDPR), where such consent may be withdrawn at any time without affecting the lawfulness of the processing performed on the basis of the consent prior to its withdrawal.

§ 3. DATA COLLECTED BY THE CONTROLLER

  1. The Controller collects or may collect the following personal data from direct communication on part of the User or actions initiated by the User:
    1. identification and contact data (address, e-mail, telephone number). 
    2. virtual currency wallet address,
    3. data concerning the device used by the User (e.g. IP address, device type, device make, device model, device name, device language),
    4. data pertaining to the User’s use of VPN software or a Device running a modified operating system (e.g. Emulator or Root),
    5. other data provided voluntarily by the User during communication with the Controller, including also the User’s Device, correspondence data and other data not listed above. 
  2. As part of the Services provided, the Controller collects the following personal data:
    1. e-mail address,
    2. mobile phone number,  
    3. virtual currency wallet address,
    4. IP address,
    5. any other required data concerning the Device used by the User.
  3. The Controller reserves the right to process the User’s personal data on the basis of the Controller’s own privacy policies as part of the User’s use of the Services offered. 

§ 4. COOKIE FILES AND COLLECTED DATA PROFILING

  1. The Controller collects cookie files related to the User’s activities in connection of his or her use of the Services.
  2. The Controller profiles the data being processed in accordance with Article 6.1c of the GDPR in connection with obligations arising from the Act on Counteracting Money Laundering and Financing Terrorism of 1 March 2018. 
  3. As the User uses the Services, small files are saved on his or her device, including but not limited to text files, the purpose of which is to store the User’s decisions, maintain the User’s session, store data input, collect information about the User’s device and his or her visit, in order to ensure security, as well as to analyse the User’s visits and customise content. 
  4. Cookie files do not contain any data identifying the User, which means that it is not possible to determine the User’s identity based on cookie files. The files are not harmful to the User or the device and do not interfere with its software or settings.
  5. A cookie file is allocated to the User when the User starts using the Service. The file is intended to store the assigned PIN which enables the User to log into the Service.  
  6. The Controller cautions that if the cookie files are required for running the tools used as part of the Service, restricting the use of the cookie files may render it impossible to use the Services.
  7. The User’s Device settings should allow cookies to be stored and enable expressing consent by clicking the consent button in a pop-up window displayed during the first action initiated when the User starts using the Service. 
  8. Various providers, including payment vendors, may collect cookies if separately agreed to by the User.  

§ 5. PERSONAL DATA PROCESSING DURATION

  1. Personal data will be processed: 
    1. so long as they are required to perform the agreement on online services defined in the Terms and Conditions and after such performance is completed, due to the possibility of both parties exercising the rights under the agreement, as well as for any debt recovery – until the lapse of the time limit for any claims; 
    2. until the express consent is withdrawn or an objection is raised with regard to the processing of the data – if the User’s personal data are processed under a separate consent; the express consent may be withdrawn at any time without affecting the lawfulness of the processing on the basis of such consent prior to its withdrawal; 
  2. The Controller stores the Users’ personal data also if it is necessary to comply with the Controller’s legal obligations, including but not limited to obligations defined in the Act on Counteracting Money Laundering and Financing Terrorism of 1 March 2018, obligations pertaining to dispute resolution, enforcement of User’s obligations, ensuring security, preventing fraud, abuse or misuse. 

§ 6. USER’S RIGHTS

  1. The Controller allows the Users to exercise their rights referred to in paragraph 2 below. In order to exercise your rights, please send a relevant request in an e-mail to: hello@shardapp.co or by post to the following address: Big Red Horse sp. z o.o., Warszawa (01-141), ul. Wolska 88.  
  2. The User has the right: 
    1. to access the content of his or her data – pursuant to Article 15 of the GDPR,  
    2. to rectify/update his or her data – pursuant to Article 16 of the GDPR, 
    3. to remove his or her data – pursuant to Article 17 of the GDPR, 
    4. to restrict the processing of his or her data – pursuant to Article 18 of the GDPR, 
    5. to transfer his or her data – pursuant to Article 20 of the GDPR, 
    6. to object to the processing of his or her data – pursuant to Article 21 of the GDPR, 
    7. to withdraw his or her consent at any time without affecting the lawfulness of the processing performed on the basis of the consent prior to its withdrawal – pursuant to Article 7.3 of the GDPR, 
    8. to lodge a complaint with a supervisory authority, i.e. Data Protection Commissioner – Article 77 of the GDPR.
  3. The Controller will review the User’s request without undue delay, however not later than within a month after such request is submitted. Notwithstanding the above, if, due to the complexity of such request or the number of requests, the Controller is unable to process the User’s request within the limit specified above, it will inform the User of the expected extension of the time limit and specify the date by which the request is to be processed, not longer than 2 months. 
  4. The Controller will inform each recipient to whom the personal data were disclosed of any rectification, removal or the restriction of personal data processing according to the User’s request, unless such notification proves impossible or involves an unreasonable amount of effort. 

§ 7. NECESSITY OF PROVIDING THE DATA

  1. Although the User provides his or her data voluntarily, doing so is necessary if the User wishes to use the Services. 
  2. If personal data is provided in order to conclude an agreement with the Controller, the provision of data constitutes a prerequisite for its conclusion. In this situation, the User may provide his or her personal data voluntarily; however, failure to do so will be make it impossible for him or her to enter into the agreement with the Controller.

§ 8. DISCLOSURE

  1. In order to perform the agreement, the Controller may disclose data collected from the Users to entities such as: employees, collaborators, the Controller’s legal service and IT service providers and other suppliers and providers, including without limitation payment vendors. In addition, the Controller makes the personal data collected available to a third party with which the Controller has concluded a personal data processing agreement. 
  2. In such cases, the amount of data transferred to such third party will be kept to the necessary minimum. Moreover, information provided by the Users may be disclosed to relevant government agencies where required by applicable laws. 
  3. Personal data will not be disclosed to recipients other than those referred to above in any form which allows any identification of the Users, except if the User expressly consents to a specific data disclosure. 

§ 9. TECHNICAL MEASURES

  1. The Controller makes every effort, by applying technical and organisational measures, to ensure the security of the Users’ data and safeguard them against acts of third parties and monitors the security of data throughout the period in which the data are in the Controller’s possession, in a manner ensuring their protection against unauthorised access, damage, alteration, destruction or loss. 
  2. The Controller applies the necessary server and connection security solutions. However, the precautions taken by the Controller may prove inadequate if the Users fail to follow security rules. 

§ 10. TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

  1. The Users’ personal data will not be transferred to countries outside the EEA or to international organisations. The Controller stores personal data on servers located in the EEA countries.
  2. The Controller cautions that its providers, including without limitation payment vendors, may, as third-party Controllers, process and transfer personal data outside the European Economic Area. 

§ 11. ENTITIES PROCESSING DATA ON BEHALF OF THE CONTROLLER

The Users’ personal data may be transferred for processing on the Controller’s behalf to portals managing the Controller’s marketing campaigns. Each processor agrees to ensure secure processing and observe the principles on which your personal data are processed to the extent identical to that ensured by the Controller. 

§ 12. CHANGES TO THIS PRIVACY AND COOKIE POLICY

  1. The Controller has the right to modify this document, of which the User will be notified in a manner enabling him or her to review the changes before they are implemented, e.g. by posting the relevant information on the Internet website at: www.shardapp.co
  2. If the User has any concerns as to the changes introduced, her or she may request that his or her personal data be removed. Continued use of the Services after the notice of the change to this document has been published or sent is considered a consent to collect, use and make the User’s personal data available in accordance with the updated content of the document. 
  3. This document does not restrict any rights of the User under generally applicable laws.