Privacy policy

Privacy Statement - how we protect your data


General statement


This Privacy Statement describes our collection, use, disclosure, retention and protection of your personal information. It applies to any indaHash site where this Privacy Statement appears in the footer, and to any indaHash application, service, or tool (collectively "Services") where this Privacy Statement is referenced, regardless of how you access or use them, including through mobile devices.

By using our Services, applications and/or registering for an account with us, you are accepting the terms of this Privacy Statement and you are consenting to or you acknowledges our collection, use, disclosure, retention and protection of your personal information as described in this Privacy Statement. If you do not provide the information we require, we may not be able to provide all of our Services to you.  


What does this privacy statement cover?

This privacy statement is to inform you regarding the use of your personal information which is collected during your visit to one of our websites or registration to indaHash app.

This privacy statement applies to the our websites and mobile applications.


Who is the data controller?

Co-controllers of your personal data (i.e. entities that jointly determine purposes and ways of processing data) are: IDH Media Limited in Dublin and IDH Media S.A. in Warsaw (hereunder referred to as “we”).

We have appointed data protection officer, who is a person that can provide you with detailed information about your personal data processing.

Contact us: dpo@indahash.com or indaHash, Piękna 19, 00-549 Warsaw (Poland).  


Personal information 

"Personal information" is information that can be associated with a specific person and could be used to identify that specific person whether from that data or from that data and other information that we have or are likely to have access to.

Any personal information which you volunteer to us will be treated with the highest standards of security and confidentiality.


Collection and use of personal information 

We collect, process and retain personal information from you and any devices (including mobile devices) you may use when you: use our Services, register for an account with us, provide us information on a web form, update or add information to your account, or dispute resolution, or when you otherwise correspond with us regarding our Services.


The personal information we collect includes the following:

Personal information you give us when you use our Services or register for an account with us

        • Identifying information such as email, instagram.com account name  when you register for an account with us,

        • Other content that you generate, or that is connected to your account,

        • Financial information (such as bank account numbers, your name, addresses, telephone numbers) in connection with a transaction,

        • You may also provide us other information through a web form, by updating or adding information to your account, dispute resolution, or when you otherwise correspond with us regarding our Services.


Personal information we collect automatically when you use our Services or register for an account with us 

        • We also collect information about your interaction with our Services, your communications with us. This is information we receive from the devices (including mobile devices) you use when you use our Services, register for an account with us, provide us information on a web form, update or add information to your account, participate in community discussions, chats, or dispute resolution, or when you otherwise correspond with us regarding our Services. This information comprises the following: name, surname, address, bank account, e-mail, social media account(s) data, nick

        •  Computer and connection information such as statistics on your page views, traffic to and from the sites, referral URL, ad data, your IP address, your browsing history and your web log information


Personal information we collect using cookies, web beacons, and similar technologies 

We use cookies,  unique identifiers and similar technologies to collect information about the pages you view, all necessary information about cookies other technologies, purposes is available at Cookie Policy.


Why are we processing your data?

Above all, we are processing your personal data because it is necessary to execute the binding agreement between us. We are processing your data in order to enable you using services offered in scope of the indaHash app and in order to contact you in relation to the provided services.

Should the legal regulations require us to do so - we will also process your data for tax and accounting purposes.

Additionally, we are processing your data based on our legitimate interest which is the necessity to conduct analyses and statistics aimed at - on one hand - improvement of app functionalities and features and - on the other - ensuring security and efficiency of usage thereof.

We will process your data to inform you about indaHash world news - we will do so based on our legitimate interest, being direct marketing.

We can also process your data in order to conduct proceedings related to your complaints and other claims. Such processing is based on our legitimate interest being an ability to defend ourselves against claims or to enforce our claims.

Our legitimate interest will also be the processing of your data in order to detect fraud and abuse and conduct activities of a preventive character and ensuring safety in the Service.

Should the legal regulations require us to do so - we will also process your data for tax and accounting purposes.


Third Party Processors

Digital Marketing Service Providers:

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, and such activity may result in the compliant processing of personal information.  

Our carefully selected and appointed data processors include:

  • Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877, their Data Protection Officer can be emailed at: dpo@sopro.io.

Data retention period

We retain your personal information as long as it is in the line with applicable laws and necessary and relevant for our operations. In addition, we may retain personal information from closed accounts to comply with national laws, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Agreement and take other actions permitted or required by applicable national laws. After it is no longer necessary for us to retain your personal information, we dispose of it in a secure manner according to our data retention and deletion policies.

If you discover that We  hold inaccurate information about you, you can request the Us  to correct that information. Such a request must be in writing or via e-mail. 


Your rights

In relation to personal data processing, you can execute the following rights: access, rectify, restrict processing and erasure of your data. You can also obtain information on basic content of arrangements between us (co-controllers) related to fulfillment of our obligations resulting from personal data security regulations. 

Additionally, you have a right to object against processing of your personal data, if we are processing them: 

        • for the purpose of direct marketing or

        • based on our legitimate interest and you - as a result of your extraordinary situation - do not agree for that anymore. 

You also have right to data portability. It means that you can obtain from us your data in a structured, commonly used and machine-readable format. You can send such data to another controller or demand that we do that for you. We will only send such data to another controller, provided that it is technically possible.

In order to execute your rights mentioned above, please contact our data processing officer (you can find contact details above).

If we ask you to grant your consent for personal data processing, you will always be entitled to withdraw such consent (and it will be as simple as granting such consent). Withdrawal of your consent shall not affect lawfulness of personal data processing based on the consent before such withdrawal.

You also have right to file a claim to a supervising authority competent in scope of personal data protection.


Disclosure

We transfer your data to other entities, if it is necessary to provide the service or enable you to take part in the campaigns, required by binding provisions of law or justified by operational necessity (e.g. hosting provider). It means that we can transfer your personal data to: 

        • our (co)workers and (co)workers of other companies from our capital group; 

        • our clients,

        • courier company,

        • banks and entities providing payment services, 

        • our other subcontractors, provided that we entrust them execution of activities requiring transfer of your data (such entities will act solely based on the agreement we have concluded with them)

        • relevant authorities, if it is required by binding provisions of law.


Transfer of data outside the European Economic Area (EEA)

We transfer your data only for the purpose of execution of the campaign you want or could take part in. Your data can be transferred to an Advertiser outside the EEA only if you are taking part in a campaign outside this area. Since indaHash operates all over the world, it happens sometimes that providers of daily operation services (necessary for our operational and technological activities), including for instance servers, hosting, project management platform, software, bookkeeping platforms etc., are located outside the EEA and they also receive (or may receive) your data, if that is necessary

All transfers outside the EEA are based on, so called, standard contractual clauses, approved by the European Commission, which ensure appropriate security standards in accordance with binding provisions of law.


Complaints about data processed via the website.

If you are concerned about how personal data are processed via this website, please do not hesitate to bring such concerns to the attention of the Company  at the contact details below: dpo@indahash.com


Collection and use of technical information

We may automatically collect non-personal information about you such as the type of internet browsers you use or the website from which you linked to our website. You cannot be identified from this information and it is only used to assist us in providing an effective service on this web site. 


Security

We protect your information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centres and information access authorization controls. If you believe your account has been abused, please contact us.


Changes to this policy 

From time to time we may make changes to this privacy statement. If we make any substantial changes to this privacy statement and the way in which we use your personal data we will post these changes on this page and will do our best to notify you of any significant changes. Please check our privacy statement on a regular basis.