Your privacy is our priority. We understand its protection as a part of our social responsibility. Therefore,we would like to provide you with information on how we process your personal data when providing the Services (either via the website, or via the respective mobile application).

Words that are not defined directly in this document and begin with a capital letter have the meaning defined in the General Business Terms and Conditions.

  1. Basic Provisions

    1. Pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing the Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”), the data controller is the Company:

      UPDN ONE s.r.o.

      Company ID No.: 026 54 962

      Registered office Na Strži 1702/65, Nusle, 140 00 Praha 4, Czech Republic,

      The company registered in the Commercial Register of the Municipal Court in Prague under the file no. C 221822 (hereinafter referred to as "Controller").

      Contact data of the Controller:

      Address: Na Strži 1702/65, Nusle, 140 00 Praha 4, Czech Republic E-mail:

    2. Personal data means any information about an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by a reference to a specific identifier, such as name, e-mail address, cryptocurrency wallet data, payment account details, location details, network identifier or one or more special elements of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

    3. The Controller undertakes to use, collect and process personal data so that the User and other persons close to him do not suffer any damage to their rights, in particular the controller will ensure protection against unauthorized interference with the private and personal life of the User and his relatives.

    4. The Controller has not appointed a data protection officer.

  2. Sources and Categories of Personal Data Processed

    1. The Controller shall process the personal data provided to it by you or personal data which the Controller has obtained during provision of the Services.

    2. The Controller processes your identification and contact data and data necessary for the performance of the Contract concluded in compliance with the General Business Terms and Conditions, namely:

      • e-mail address;

      • all names and surnames;

      • citizenship;

      • birth ID No. and, if not assigned, the date of birth;

      • place of birth (including the state if a place of birth is outside the Czech Republic);

      • sex;

      • permanent or other residence address;

      • type and number of the ID card;

      • state or authority that issued the ID card;

      • period of validity of the ID card;

      • payment account number;

      • phone No. and

      • a document confirming the User's address.

    3. Likewise, the controller shall process information on use of the website by the User, including the type of used browser, login times, web pages viewed, IP address and web pages that the user visited before accessing the Website; and

    4. information about the computer or mobile device which the User uses to access the website or mobile application, including the hardware model, operating system and Internet browser and their versions, unique device identifiers and mobile network information.

  3. Legal Basis and Purpose of Personal Data Processing

    1. The legal bases for processing of personal data are the following:

      • performance of the Contract between you and the Controller pursuant to the Section 6, (1) b) of GDPR,

      • performance of legal obligations of the Controller according to the respective AML Act (especially the obligation to identify and control the client) and according to the regulations on tax and accounting records;

      • legitimate interest of the Controller in provision of direct marketing (especially for sending commercial messages and newsletters) pursuant to the Section 6, (1) f) of GDPR,

      • your consent with provision for the purposes of provision of direct marketing (especially for sending commercial messages and newsletters) pursuant to the Section 6, (1) a) of GDPR in connection with the Section 7 (2) of the Act No. 480/2004 Coll. on certain Information Society Services in case that no goods or services have been ordered.

    2. The Company declares that it considers all personal data of the User as confidential and will use them only for the following purposes:

      • operating the website and mobile application and resolving related issues;

      • adaptation, evaluation and improvement of the website, including monitoring and analysis of trends, uses and activities related to the website;

      • delivery of marketing announcements, notices about update of provided services and advertising offers based on User preferences; and

      • for other purposes for which personal data is collected, if such purpose is necessarily envisaged in the

        actual collection of such data or for purposes otherwise announced on the website atthe time of provision of the personal data.

    3. During the processing, no automatic individual decision-making by the Controller within the meaning of the Section 22 of the GDPR occurs.

  4. Data Retention Period

    1. The Controller shall keep the personal data

      • for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller and to assert claims from these contractual relationships (however, for a maximum of 10 years from termination of the contractual relationship);

      • data on individual transactions are kept for a period of 10 years from execution of individual transactions; and

      • until the consent to the processing of personal data for marketing purposes is revoked, however for a maximum of 5 years, if the personal data are processed on the basis of the consent.

    2. After expiration of the retention period, the Controller shall delete the personal data.

  5. Personal Data Recipients (Subcontractors of the Controller)

    1. Recipients of the personal data are only persons involved in:

      • ensuring the operation of the website (01People s.r.o., company ID No.: 461 65 151, k Baťáku2780/25, 909 01 Skalica, Slovak Republic);

      • ensuring of e-mail services (SendGrid service from the company Twilio Inc., 375 Beale Street,Suite 300, San Francisco, CA 94105, USA and MailChimp service form The Rocket Science Group, LLC so sídlom 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA);

      • ensuring of business activities (Crypton Digital SE, Staré Grunty 18, 841 04 Bratislava, company ID No.: 51051435, Slovak Republic);

      • ensuring of verification of the persons in the digital world (Onfido LTD, 3 Finsbury Avenue, London, England, company number: 07479524).

    2. The Controller has no intention to transfer personal data to a third country (i.e. a country outside the EU) or to an international organization, with the exception of the above-mentioned services SendGrid, Mailchimp and Onfido. In this case of the SendGrid and Mailchimp services, the transfer of personal data shall be carried out on the basis of incorporation of standard contractual clauses into the agreements on the processing of personal data concluded with these processors. In the case of Onfido, personal data is transferred pursuant to Commission Implementing Regulation EU 2021/1772 of 28 June 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom ( ). For more information, please visit the websites of the listed services and the website of the respective Office for Personal Data Protection.

  6. Your Rights

    1. Under the conditions set out in the GDPR, you have

      • a right of access to your personal data under the Section 15 of the GDPR,

      • a right to correct personal data pursuant to the Section 16 of the GDPR, or to restrict theirprocessing

        under the Section 18 of the GDPR,

      • a right to delete personal data (including cancellation of your registration) pursuant to the Section 17 of the GDPR,

      • a right to raise objection to the processing pursuant to the Section 21 of the GDPR (if your personal data is processed pursuant to the Section 6 (1) (e) or (f) of the GDPR),

      • a right to the data portability (which were provided to the Controller by you) pursuant to the Section 20 of the GDPR, and

      • a right to revoke the consent to processing sent in writing or electronically to the address or e-mail of the Controller.

    2. If you believe that your right to personal data protection is violated, you also have a right to lodge a complaint with the Office for Personal Data Protection as the competent supervisory authority.

  7. Personal Data Security

    1. The Controller declares that it has taken all appropriate technical and organizational measures to secure the personal data. At the same time, we would like to warn you that no method of data transfer over the Internet is 100% secure and reliable, and therefore the absolute securityof your personal data can never be guaranteed.

    2. The Controller has taken technical measures to secure data storages and personal data storages in paper form, in particular: passwords, secure operating system, data communication encryption and storage encryption, and maintains an updated antivirus program and all other software.

    3. The Controller declares that personal data is accessible only to persons authorized by it and always only to the extent which is necessary.

  8. Final Provisions

    1. By using the website and/or the mobile application, you express that you have been acknowledged with this Privacy policy. When creating a user account, by confirming the registration you also confirm that you are familiar with the conditions of personal data protection and processing and that you accept them in full.

    2. The Controller is entitled to change these conditions. The Controller shall publish a new version of the Privacy Policy on the website, and at the same time inform you about it respectively.

    3. You may exercise your rights described above, as well as ask any questions or file claims by filling in the form published on the website or by using other contact addresses of the Controller stated in the Article I hereof.

    4. This updated Privacy Policy shall become effective as from 23rd August July 2022.