- Who is responsible for your personal data?
The Data controller of your personal data is a company operating under the name Dom Maklerski TMS Brokers S.A. with its registered office in Warsaw, address: ul. Złota 59, 00-120 Warsaw, entered into the register of entrepreneurs under number 0000204776.
- How to contact the Data controller?
A Data Protection Officer has been appointed at TMS Brokers. In matters regarding the processing of personal data by the Data controller, you can contact via the following e-mail address: firstname.lastname@example.org.
- Data security
In connection with the conducted business activity, the Data controller collects and processes personal data in accordance with the relevant provisions, including in particular the GDPR and the principles of data processing contained therein.
TMS Brokers ensures transparency of data processing, informs about data processing and ensures that data is collected only to the extent necessary for the purpose indicated and is processed only for the period in which it is necessary.
In order to ensure data integrity and confidentiality, the Data controller has implemented procedures enabling access to personal data only to authorized persons and only to the extent that it is necessary for their tasks.
TMS Brokers takes all necessary actions so that its subcontractors and other cooperating entities guarantee the use of appropriate security measures whenever they process personal data at the request of the Data controller.
Keep the passwords of your accounts in a safe place, and do not disclose your account details to any third party. If you become aware of any unauthorized use of your password or any other breach of security, please contact Data controller immediately.
Communication between the mobile application and the Data controller's systems is carried out using modern encryption mechanisms.
Depending on the application selected, they may have different levels of access to the functionality of the terminal devices, which you will be informed about when installing the application.
- Purposes and basis for data processing
Data controller may collect your personal data, including information that you provide when you register in the mobile application.
"Personal data" means any data that can be used to uniquely identify you, such as name, email address, phone number or credit card information.
Data controller use personal data provided to TMS Brokers electronically via Data controller mobile applications to, inter alia, register users, administer and improve applications and associated services, to analyse the application use statistics and policy, as well as for other purposes approved by you. Data controller also use your personal data to communicate with you in other ways. For example, if you contact TMS Brokers via the application, Data controller may use your personal information to respond.
The legal basis for the processing of your personal data is:
- to the extent that data processing is necessary for the implementation of the Framework Agreement and taking action before its conclusion and providing an information and educational service - art. 6 para. 1 letter b of the GDPR;
- to the extent that the data processing is necessary for the Data controller to perform legal obligations incumbent on him as an entity performing brokerage activities, in particular consisting in informing the financial supervisory authorities and financial information authorities about the services and transactions performed, verification and identification Client's identity and ongoing monitoring of its business relations and development of analyzes - art. 6 para. 1 letter c of GDPR in conjunction with the provisions of the Act of March 1, 2018 on counteracting money laundering and financing of terrorism, in particular with art. 34, 35, art. 36 and art. 37 of this Act;
- to the extent that data processing is necessary to achieve the objectives arising from the legitimate interests of the Data controller, such as improve applications and associated services, to analyze use statistics - art. 6 par. 1 letter f of GDPR.
- Non-Personal data
TMS Brokers may collect non-personal data about your use of Data controller mobile application, visits to TMS Brokers website. Community services, including pages you have viewed, links you have clicked, as well as other actions related to your use of TMS Brokers applications or services. Data controller may also collect certain technical information about your mobile device, such as your IP address, the type and model of your device, the user-defined device name, the type and version of the operating system, information about your time zone, as well as device language and localization information.
- Aggregate data
TMS Brokers may combine personal data collect from you with personal data provided by other users, in a non-identifiable format, thus creating aggregate data. Data controller plan to analyse aggregate data mainly to identify group trends. TMS Brokers do not link aggregate user data with personal data and aggregate data can therefore not be used to contact or identify you. Data controller will use user names instead of actual names when creating and analysing aggregate data.
- Analytical tools and third parties
Moreover, please note, that TMS Brokers applications are available for download from websites which are not under TMS Brokers control, and which are subject to privacy policies of third parties. Please read such privacy policies to learn how your personal data is processed by such third parties.
Mobile applications may have the following external analytics services connected:
- Google Firebase (provided by Google, Inc.) – to collect mobile applications statistics, installation data and information how you use this applications.
This data is completely anonymous.
The legal basis for using Google Firebase is art. 6 para. 1 letter of the f GDPR.
- Amplitude (provided by Amplitude, Inc.) – to collect mobile applications statistics, installation data and information how you use this applications.
This data is completely anonymous. More information about Amplitude: https://help.amplitude.com/hc/en-us/articles/206533238-Data-Security-Privacy The legal basis for using Amplitude is art. 6 para. 1 letter of the f GDPR.
- Adjust (provided by Adjust GMbH) – to attribute source of install to advertising campaigns.
This data is completely anonymous.
More information about Adjust:
The legal basis for using Adjust is art. 6 para. 1 letter of the f GDPR.
8. Users’ rights
The Data controller informs that in connection with the processing of personal data you have the following rights:
- the right to information about the processing of personal data - on this basis, the Data controller provides you with a request for information on data processing, including primarily the purposes and legal grounds for processing, the scope of data held, entities to which it is disclosed, and the planned date of deletion data;
- the right to obtain a copy of the data - on this basis, the Data controller provides you with a copy of the data processed in the event of a request;
- the right to rectification - the Data controller is obliged to remove any incompatibilities or errors of personal data being processed and supplement them if they are incomplete;
- the right to delete data - on this basis, you can request the deletion of data the processing of which is no longer necessary to achieve any of the purposes for which it was collected;
- the right to limit processing - in the event of such a request, the Data controller ceases to perform operations on personal data until the reasons for the restriction of data processing cease (e.g. a decision of the supervisory authority allowing further processing of data is issued);
- the right to transfer data - on this basis - to the extent that the data is processed in an automated manner in connection with the concluded agreement or consent - the Data controller issues the data provided by you in a format that allows data to be read by a computer. It is also possible to request that the data be sent to another entity, however, provided that there are technical possibilities in this respect both on the part of the Data controller and the indicated entity;
- the right to object to the processing of data for marketing purposes - you can object to the processing of personal data for marketing purposes, without giving any reason; h) the right to object to other purposes of data processing - you can at any time oppose - for reasons related to your particular situation - the processing of personal data that is based on the legitimate interest of the Data controller (e.g. for analytical or statistical purposes), objection in this respect it should contain a justification;
- the right to withdraw consent - if the data are processed on the basis of consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal;
- the right to complain - if you find that the processing of personal data violates the provisions of the GDPR or other provisions regarding the protection of personal data, you can submit a complaint to the body supervising the processing of personal data competent for your habitual residence, place of work or place of committing alleged violation. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
- Data processing period
The period of data processing by the Data controller depends on the type of service provided and the purpose of processing. The period of data processing may also result from provisions when they constitute the basis for processing. In the case of data processing on the basis of the Data controller's legitimate interest, the data is processed for a period enabling the implementation of this interest or to object effectively to data processing. If the processing is based on consent, the data is processed until its withdrawal. When the basis for processing is necessary to conclude and perform the agreement, the data is processed until its termination. The period of data processing may be extended if the processing is necessary to establish or assert claims or defend against claims, and after that period - only if and to the extent required by law. After the end of the processing period, the data is irreversibly deleted or anonymized.
- Recipients and transfer of data outside the EEA
In connection with conducting operations that require the processing of personal data, personal data may be disclosed to external entities, including in particular suppliers responsible for operating IT systems and analytical tools, entities providing accounting services, postal operators, couriers, marketing agencies, legal advisers.
The Data controller reserves the right to disclose selected information about you to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.
The Data controller transfers personal data outside the EEA only when necessary and with an adequate level of protection, primarily through:
- applying binding corporate rules approved by the competent supervisory authority,
- the use of standard contractual clauses issued by the European Commission,
- obtaining a certificate of compliance with the Privacy Shield by a third party,
- the transfer of data to a third country for which the European Commission has determined on the basis of a decision that the third country in question meets an adequate level of protection.
11. Automated decision-making
The Data controller will not apply automated decisions to you.
- Final provisions
More information on data processing by the Data controller is available at: https://www.tms.pl/rodo
Date of last modification: 26/07/2021