ENG

Privacy Policy TOP SHOP POLAND

Effective date: 01/11/2025

This Privacy Policy explains how TOP SHOP POLAND Sp z o. o., registered in Poland, processes and protects personal data of users of the cryptocurrency exchange website https://top-crypto.shop.

Please read this policy carefully to understand what data we collect, how we use it, and what rights you have regarding your data.

  1. Data Controller

    The data controller is TOP SHOP POLAND Sp z o. o., registered at: ul. Konduktorska, 18/7, 00-775, Warsaw, Poland.

    Contact for data processing inquiries: Email: legal@top-crypto.shop

  2. What data we collect

    We may collect and process the following categories of data:

    • Identification data: name, surname, date of birth, email address, phone number.
    • Identity documents: passport, ID card or other documents required for KYC/AML procedures.
    • Account data: login, password, transaction history, user settings.
    • Technical data: IP address, browser and device data, cookies, session data.
    • Financial data: bank details, payment information, transaction details.
    • Communication data: correspondence with support, feedback, inquiries.
  3. Purposes of data processing

    We process your data for the following purposes:

    • Registration and user identification.
    • Conducting KYC (Know Your Customer) and AML (Anti-Money Laundering) procedures.
    • Ensuring security and preventing fraud.
    • Fulfilling contractual obligations.
    • Improving service quality.
    • Informing about services, updates, and changes.
    • Complying with legal obligations under EU and Polish law.
  4. Legal basis for processing

    Data processing is based on:

    • Your consent (Art. 6(1)(a) GDPR), where applicable.
    • Performance of a contract (Art. 6(1)(b) GDPR).
    • Compliance with legal obligations (Art. 6(1)(c) GDPR).
    • Legitimate interests of the controller (Art. 6(1)(f) GDPR), e.g., security and fraud prevention.
  5. Data sharing

    We may share your data with:

    • Payment partners.
    • IT service providers and technical support.
    • Government authorities when required by law.
    • Supervisory authorities for AML and other regulatory purposes.

    All recipients are obligated to protect your data according to applicable laws.

  6. International data transfers

    If data is transferred outside the EU/EEA, we ensure adequate data protection through EU standard contractual clauses or other lawful mechanisms.

  7. Data retention period

    We retain personal data only as long as necessary to fulfill processing purposes or legal requirements.

  8. Your rights

    Under GDPR, you have the right to:

    • Access your data.
    • Rectify inaccurate data.
    • Delete data ("right to be forgotten") if no legal grounds exist for further processing.
    • Restrict processing.
    • Object to processing.
    • Data portability in a machine-readable format.
    • Withdraw consent at any time (if processing is based on consent).
    • Lodge a complaint with a supervisory authority — Personal Data Protection Office (UODO).
  9. Data security

    We implement technical and organizational measures to protect data from unauthorized access, loss, alteration, and disclosure.

  10. Cookies

    Our website uses cookies to improve functionality and analyze traffic. You can manage cookie settings in your browser.

  11. Changes to the Privacy Policy

    We reserve the right to update this policy. We will notify you of significant changes on the website or by other appropriate means.

    If you have any questions, please contact us.