icon Privacy Policy

Privacy Policy

Helix Markets Privacy Policy

PRIVACY POLICY

effective as of January 3rd, 2024

Introduction

This Privacy Policy describes how Helix Markets, a limited liability company registered in Warsaw, Poland(“Helix”, “we”, “our” or “us”) collects and uses your personal data and cookies in connection with your use of the Website and the Service.

This Privacy Policy consists of two parts:

  • Privacy Notice – which describes how we collect and use your personal data;
  • Cookie Notice – which describes how cookies and similar technologies are used.

We value your privacy, and we are fully committed in protecting your personal data in accordance with the Applicable Data Protection Law.

We provide the Website and the Services subject to the Terms. Please read the Terms before accessing or using the Services or the Website.

Your privacy and blockchain

Blockchain network is an application of a distributed ledger technology (DLT). A distributed ledger is an information repository that keeps records of certain actions (e.g. transactions) and that is shared across, and synchronized between, a set of DLT network nodes using a consensus mechanism. Blockchains are governed by their protocols, i.e. set of rules describing how a network operates (e.g. how a consensus is reached as regards validating a transaction). Such blockchains are intended to immutably record transactions across a wide network of computers and computer systems. Public blockchains are networks that are publicly accessible. Many blockchain networks are decentralized which means that we do not control or operate them.

When you use the Services, some of your data may be recorded on public blockchain networks, depending on the Service and the blockchain protocol. This means that your personal data could be determined directly, when combined with other data, or when anonymous data is de-anonymized. As a result, third parties may potentially access your personal data. For example, many public blockchain networks are open to forensic analysis or other blockchain analytics operations which can lead to the unintentional disclosure of your personal data such as financial data or information about your transactions.

This is due to the way blockchain technology works, where transparency and immutability of the data stored on the chain is one of the fundamental principles of the technology. Because blockchain networks are decentralized, we (or our Affiliates) are not able to delete or change your personal data from such blockchain networks.Please consult relevant information about the potential risks associated with using blockchain technology set out in the Terms.

Definitions

All terms not defined in this Privacy Policy shall have the meaning as defined in the Terms. The following terms used in this Privacy Policy shall have the meaning set forth below:

  • Affiliate(s) – in relation to any person, (i) any entity controlled, directly or indirectly, by the person; (ii) any entity that controls, directly or indirectly, the person; or (iii) any entity directly or indirectly under common control with the person. For this purpose, “control” of any entity or person means the power to direct the management and policies of such person, directly or indirectly, whether through the ownership of voting securities, by contract or otherwise.
  • AML – anti-money laundering.
  • AMLAct – Act of 1 March 2018 on Anti-Money Laundering and Countering the Financing of Terrorism (consolidated text: Journal of Laws 2023, item 1124, as amended).
  • AML Law - any applicable laws, statutes, regulations, orders, regulatory requirements, bylaws, and other similar legal instruments in force from time to time relating to anti-money laundering and counter terrorism financing, including but not limited to the AML Act.
  • Applicable Data Protection Law – any applicable laws, statutes, regulations, orders, regulatory requirements, bylaws, and other similar legal instruments in force from time to time relating to data protection, data security, privacy and/or the collection, use, disclosure and/or processing of personal data, including but not limited to the GDPR.
  • CFT – counter financing of terrorism.
  • controller, processor, processing and other terms relating to personal data not defined here have the meaning as defined in Article 4 of the GDPR.
  • EEA – European Economic Area.
  • GDPR – General Data Protection Regulation 2016/679 of 27 April 2016.
  • Helix (“we”, “our” etc.) – Helix Markets, a limited liability company registered in Warsaw, Poland with registered address: Plac marszałka Józefa Piłsudskiego 1 (00-078 Warsaw), entered into the register of entrepreneurs under KRS no. 0001069432, tax identification number (NIP) 5252980414, statistical identification number (REGON) 526957268, with share capital of PLN 5,000.
  • personal data – information about identified or identifiable natural person as defined in Article 4(1) of the GDPR.
  • Privacy Policy – this Privacy Policy.
  • Services – the Services as defined in the Terms.
  • Systems – the ICT Systems as defined in the Terms.
  • Terms – Terms and Conditions available at Terms.
  • Transactional Service – the Transactional Service as defined in the Terms.
  • User (“you”, “your” etc.) – the User as defined in the Terms.
  • Verification Procedure – the Verification Procedure as defined in the Terms.
  • Website – the Website as defined in the Terms.
  • Web3 Solutions – crypto assets, such as cryptocurrency, tokens (including NFTs) or other solutions based on distributed ledger technology (DLT), for example solutions that use blockchain networks, including cryptocurrency wallets.

Changes

The current version of the Privacy Policy has been adopted and is effective as of January 3rd 2024.

We may change the Privacy Policy from time to time. For example, we may do this when it is necessary due to changes in the Terms, changes in legal requirements or changes in the way we use your personal information. We may also amend the Privacy Policy to make it clearer, more accessible, and/or easier for you to understand.

You should check the Privacy Policy before using the Website and/or the Services. If we change the Privacy Policy, we will notify you by making announcements on the Website or by way of email or other appropriate means. We will also give you access to previous versions of the Privacy Policy. We publish the date of new versions at the beginning of this Privacy Policy.

1. PRIVACY NOTICE

1.1. Controller and contact details

We, Helix, are the controller of your personal data to the extent this Privacy Policy applies.

We take your privacy concerns seriously. If you have any questions about this Privacy Policy or if you believe that we have not complied with this Privacy Policy with respect to your personal data, or if you have any other inquiries or complaints with respect to your personal data, you may contact Helix by submitting a notice ticket to Helix Customer Support by visiting the “Help Desk” page of the “Support” section on the Helix Site. You can also contact us by email at: privacy@helixic.io or in writing to our registered address: Plac marszałka Józefa Piłsudskiego 1 (00-078 Warsaw), Warsaw, Poland.

1.2. Children

The Website and Services are restricted to persons who are at least 18 years of age. We do not knowingly collect personal data from people who are less than 18 years of age in connection with the Website or the Services. If you – the User – are below 18 years old, you may not use the Website or the Services or interact with them.

1.3. Sources of personal data

We collect your personal data from the following sources:

1.3.1. You

We collect your personal data from you in connection with your use of the Website or the Services. For example, we collect data when you provide us with your e-mail address when you create your Account.

1.3.2. Automatic data collection

We collect your personal data from your devices or software in connection with your use of the Website or the Services. For example, we may collect information about your device, its operating system or other software, hardware details, web browser settings and so on when you are browsing the Website. We collect this information also when you visit our Website without registration.

1.3.3. Third parties

We collect your personal data from third parties in connection with your use of the Website or the Services. For example, when you interact with our profile on social media platforms such as Twitter (X) or via online communicators such as WhatsApp. We may also receive your personal data from our business partners, such as banks used to transfer money to Helix.We also collect information from advertising networks, analytics providers or search information providers in connection with tools such as Google Analytics or Hotjar solutions. Please consult our Cookie Notice for more information.

1.3.4. Public sources

We collect your personal data from public sources in connection with our legal obligations under the AML Act and in accordance with our internal AML/CFT procedures. For example, we may collect information from public registers, sanction lists or lists of persons entrusted with prominent public functions (so-called “politically exposed persons”). We may also collect your personal data from sources such as public online databases, public registries, government or public authorities when permitted under the Applicable Data Protection Law.

1.3.5. Blockchain networks

We collect data from blockchain networks in connection with providing the Services. Such information may include personal and/or anonymous data (please consult Section 1.4.9 for more details).

1.4. Categories of personal data

We use your personal data only when it is lawful under the Applicable Data Protection Law and only to the extent it is necessary to achieve our purposes (please consult Section 1.5). We collect and use the following types of your personal data in connection with your use of the Website and the Services.

1.4.1. Account data

The account data includes data collected and used in connection with your Account, as well as other basic data, including your contact details. For example, this includes your full name and surname, contact details (such as email address, telephone or mobile phone number), residential or correspondence address, professional data (such as job title, company name, nature of business) and your marketing or communication preferences. This also includes records of your consents, preferences and settings together with other permissions for marketing and personal data sharing. Account data also includes information about your tier in the context of the fees.

1.4.2. AML/CFT data

The AML/CFT data includes your personal data processed by us in connection with the Verification Procedure and the results of subsequent processing of such data. For example, this may include information whether you have passed the Verification Procedure, information whether you are on the sanction lists, our decisions as regards you in the context of the Verification Procedure and so on. This also includes personal data obtained by our KYC service providers or by us from relevant publicly accessible sources, such as public registers, sanction lists or lists of persons entrusted with prominent public functions (so-called “politically exposed persons”). Depending on a particular processing operation we may also use the following categories of data:

  • general data – such as full name, gender, personal identification code or number, date of birth, legal capacity, nationality, and citizenship;
  • ID document data – such as document type, issuing country, number, expiry date, security features;
  • contact data – such as e-mail address, address (e.g. street, city, country, postcode);
  • biometric data – such as data obtained by extracting your facial features from uploaded or recorded facial images on government-issued identity documents submitted by you;
  • facial image data – such as photos or videos of your face.

If you want more information on your AML/CFT data processed by us, contact us (please consult Section 1.1).

1.4.3. Customer support data

The customer support data includes data collected and used in connection with customer support provided by us to you. For example, this may include your communication with us as regards your rights as a consumer, including by telephone or other means of communication, your participation in our surveys or questionnaires or your other requests, questions, and queries.

1.4.4. Financial data

The financial data includes data collected and used in connection with your transactions regarding the Services. For example, this may include financial data such as your bank account number, information related to your orders or transactions, type of crypto assets to be transferred to your cryptocurrency wallet, income, financial transactions, bank statements, assets, invoices, and so on. The financial data may be processed in connection with AML/CFT data (please consult Section 1.4.2) for AML/CFT compliance purposes (please consult Section 1.5.1).

1.4.5. Services usage data

The Services usage data includes data collected and used in connection with your use of the Services other than technical data (Section 1.4.7). For example, this includes Helix Account balances, trading activity and transaction details on the Website.

1.4.6. Social media and online communicators data

The social media data and online communicators data includes data collected and used in connection with your interactions or visits with our profiles or accounts on such platforms. For example, this includes your nickname when you send us a direct message on Twitter (X), Discord, DSCVR or Telegram and the contents of such message.

Please note that such platforms are independent data controllers. Your use of such platforms is subject to the privacy policies and terms and conditions of their providers. We encourage you to consult such documents before using such services. We are not responsible for the privacy policies and practices of such third parties. For example, you can consult the privacy policy of Twitter (X), Discord, DSCVR or Telegram.

1.4.7. Technical data

The technical data includes data collected and used in connection with the ICT Systems. For example, this includes your IP address or other online identifiers, information about your operating system or other software used by your device, hardware details, statistics derived from this data and so on. It also includes information automatically collected and stored in our server logs, such as the full Uniform Resource Locators (URL) clickstream to, through and from the Helix Site (including date and time, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. Most of this information is anonymous data. However, in some cases it may be used to identify you, for example in combination with other data. In such cases we treat it as personal data.

1.4.8. Tracking data

The tracking data includes data collected and used in connection with use of cookies and similar technologies, such as pixels, beacons, tags, device IDs, Local Shared Objects or tracking pixels. For example, this includes personal data used when we use cookies to enable you access to personalized ads on the Website. Please consult the Cookie Noticeto learn more about cookies and similar technologies.

1.4.9. Web3 data

The Web3 data includes anonymous data and, in some cases, your personal data that we receive in connection with using Web3 Solutions when rendering the Services, as well as data about our activity and the activity of third parties connected with it. For example, this includes publicly accessible on-chain information (which can be personal data) and limited off-chain information of technical nature, such as a type of a device, browser version and so on (anonymous data, as a rule). This also includes wallet address which is a personal data when the wallet can be assigned to a natural person (e.g. to you). In general, if Web3 data allows for your identification we treat it as personal data in compliance with the Applicable Data Protection Law.

1.5. Purposes and legal grounds of processing

We collect and process your personal data in connection with your use of the Website and the Services. As a rule, we process your personal data to the extent necessary to provide the Services, ensure smooth operation of the Website, as well as for other legitimate purposes. You can find the description of such purposes and legal grounds for processing in greater detail below.

1.5.1. AML/CFT compliance

We may use your personal data for the purpose of complying with our legal obligations set out in the AML Law (including the AML Act), including in connection with the Verification Procedure. The legal grounds for processing your personal data depend on a particular processing operation:

  1. necessity of processing to ensure compliance with appropriate legal obligation under the AML Act [Article 6(1)(c) GDPR] – as regards compliance with the AML/CFT duties set out in the AML Act;
  2. necessity of processing for the performance of a task carried out in the public interest [Article 6(1)(e) GDPR] – as regards compliance with the AML/CFT standards not set out in the applicable law;
  3. necessity of processing for performance of a contract with you [Article 6(1)(b) GDPR] – as regards the automated decision-making systems employed by us in connection with processing your AML/CFT data;

1.5.2. Analytics

We use your personal data for analytical and statistical purposes. The legal ground for such processing is our legitimate interest [Article 6(1)(f) GDPR], which consists of conducting analyses of your activity, as well as of your preferences to improve functionalities and services provided by us. Where required by law, we will only conduct analytical activities with your consent. Where we use cookies for analytical purposes, Section 1.5.6 below applies.

1.5.3. Business operations

We use your personal data for the technical and administration purposes in connection with the maintenance and development of our business. For example, this includes internal assessments, audits, products and services development or improvement and so on. The legal ground for processing your personal data is our legitimate interest [Article 6(1)(f) GDPR], which consists of maintaining and developing our business operations and improving our products and services.

1.5.4. Compliance

We use your personal data to ensure compliance with the applicable law. For example, this includes processing of your personal data to comply with consumer protection law. We also process your personal data to comply with the GDPR, for example when you submit your request as regards your privacy rights and for accountability purposes. The legal ground for processing is the necessity of processing for compliance with appropriate legal obligation under applicable law to which we are subject [Article 6(1)(c) GDPR].

1.5.5. Contract performance

We use your personal data to perform contracts we have executed with you. For example, this includes contract subject to the Termsunder which we provide the Services. The legal ground for such processing is thenecessity of processing for either taking steps at your request prior to entering into a contract and/or performance of a contract with you [Article 6(1)(b) GDPR]. Please consult theTermsfor more detailed description of the Services.

1.5.6. Cookies

We use your personal data in connection with the use of cookies or similar technologies for purposes described in this Section 1.5. For example, we may use cookies for analytical and statistical purposes (Section 1.5.2). The legal grounds for processing your personal data are (depending on the type of cookies) your consent [Article 6(1)(a) GDPR] or necessity of processing for performance of a contract with you [Article 6(1)(b) GDPR]. Please consult the Cookie Notice to learn more about cookies and similar technologies.

1.5.7. Legal rights

We may use your personal data, if necessary, to establish and assert claims or to defend against claims. The legal ground for such processing is our legitimate interest [Article 6(1)(f) GDPR], which consists of the protection of our legal rights.

1.5.8. Marketing

We use your personal data for the communication and marketing purposes. For example, to inform you about our activity and promote various events, services, and products. We also process your personal data to communicate with you, to promote our brand and for direct marketing purposes, for example to collect your feedback on our products or services or to send marketing content to your email. The legal ground of the processing is our legitimate interest [Article 6(1)(f) GDPR], which consists of improving our services, communication with the Users, promotion, and marketing. Where required by law, we will be conducting direct marketing activities only with your consent.

1.5.9. Security

We use your personal data to ensure the security of the Website and our ICT Systems and to manage them. For example, we record some of your personal data in system logs (special computer programs used for storing a chronological record containing information about events and actions related to the ICT Systems used for rendering Services by us). The legal ground of the processing is our legitimate interest [Article 6(1)(f) GDPR], which consists of our need to ensure security and safety of our ICT Systems used in connection with the Website and the Services.

1.6. Data storage

We store your personal data only as long as necessary for the purposes we collected it. This means that the duration of storage depends on the purpose of processing. For example, we store your personal data for the period when we provide the Services to you in accordance with the agreement we have entered with you subject to the Terms. We store personal data that we process based on legitimate interest(s), our or those of a third party, until you lodge an effective objection to such processing. Similarly, when we process your personal data based on your consent, we store it until you withdraw your consent. After the end of the period of data storage, we permanently delete or anonymize your personal data.

The duration of storage or use of your data may be extended in certain situations. For example, we may store your personal data after you terminate the agreement with us when required by law. We may also continue to store and use the same dataset if we use it for a different purpose and on a different legal ground, if admissible by law. For example, if you terminate the agreement with us, we may continue to use personal data provided by you in connection with your use of the Services when necessary to establish and assert possible claims or to defend against claims (if we have a legitimate interest to do so).

Please note that use of the blockchain networks in connection with the Services, depending on the blockchain protocol, may result in recording some of your personal data (e.g. Web3 data) on the blockchain. This means that your personal data could be determined directly, when combined with other data, or when anonymous data is de-anonymized. As a result, third parties may potentially access your personal data. For example, many public blockchain networks are open to forensic analysis or other blockchain analytics operation which can lead to the unintentional disclosure of your personal data such as financial data or information about your transactions. This is due to the way blockchain technology works, where transparency and immutability of the data stored on the chain is one of the fundamental principles of the technology. Please consult relevant information about the potential risks associated with using blockchain technology set out in the Terms.

1.7. Data recipients

As a rule, we do not share your personal data unless it is necessary. For example, we may share your personal data in connection with the provision of the Services under the Terms. We may disclose your personal data to the following categories of recipients:

  • our business partners (including service providers and contractors), such as KYC service providers, marketing and advertising services providers, analytical tools providers, payment services providers, data storage providers;
  • banks, insurance companies and/or other financial institutions;
  • Helix group entities, including Affiliates, subsidiaries and, in the event of a merger, acquisition or reorganisation, the third party involved;
  • public authorities or other third parties when required by law and subject to statutory conditions and restrictions;
  • professional advisors, such as lawyers, accountants, consultants and tax advisors;
  • other third parties if admissible under Applicable Data Protection Law (e.g. with your consent).

We require our partners to keep your data secure and confidential under the terms that ensure level of protection essentially equivalent to that described in this Privacy Policy. Some of our partners may be located outside of the EEA, for example in the United Kingdom. Please consult Section 1.8 for more details on transfers of your personal data outside of the EEA.

Please note that some of them act on our behalf as our processors and some act as independent controllers of your personal data. If they are controllers of your data, relevant privacy policies and terms and conditions of such controllers may apply. We encourage you to consult such documents before using such services. We are not responsible for the privacy policies and practices of the third parties.

Please note that in connection with provision of the Services your personal data may be shared with third parties when using Web3 Solutions. We do not have control over the blockchain networks. Such third parties (recipients of your data) are, as a rule, independent data controllers.

1.8. Data transfers

The level of protection for the personal data outside the European Economic Area (EEA) differs from that provided by the EU law. For this reason, we transfer your personal data outside the EEA only when necessary and with an adequate level of protection.

We secure the adequate level of protection primarily by cooperating with processors of the personal data in countries for which there has been a relevant European Commission decision finding an adequate level of protection for the personal data. Alternatively, we may use the standard contractual clauses issued by the European Commission. If you want to learn more about these safeguards, obtain a copy of them or learn where they have been made available, contact us (please consult Section 1.1 above).

1.9. Requirement to provide personal data

In some cases, provision of your personal data is mandatory by law or necessary to carry out your request or to perform a contract we have with you. If you don’t provide us with your personal data in such situations, we may not be able to carry out your request, perform a contract with you (or enter into it) or comply with the law. In some cases, this may mean that we will terminate the contract or stop our involvement with you. For example, if you do not provide your personal data necessary for the complaint procedure, we may not be able to handle your complaint.

In other cases, provision of your personal data is voluntary. If you don’t provide us with your personal data in such situations, we may not be able to carry out your request or achieve our goal. For example, if you do not share your contact details with us, we may not be able to contact you.

1.10. Your rights

To exercise your right(s), contact us (please consult Section 1.1).

Depending on where you live, you may have different privacy rights. If the EU law applies to you, you have the following rights under the GDPR described below.

Please note that it may be technically impossible, depending on a blockchain protocol, to delete or change any information recorded on-chain in a public blockchain network due to the nature of the blockchain technology. Most blockchain networks are decentralized which means that we do not control or operate them. Because of that, we (or our Affiliates) are not able to delete or change your personal data from such blockchain networks. Please consult relevant information about the potential risks associated with using blockchain technology set out in the Terms.

1.10.1. Right to access information

You can request from us information about the processing of your personal data. You may also, as a rule, request from us a free copy of your personal data that we process. Please note that under certain conditions set out by the Applicable Data Protection Law we may charge a fee for such copy.

1.10.2. Right to correct your data

You can request that we rectify your personal data that we use, for example, when it is inaccurate. You can also complete your data if it is incomplete.

1.10.3. Right to be forgotten

You can request that we erase your personal data under certain conditions prescribed by law. However, this is not an absolute right, and it does not apply in certain conditions, for example, when use of your data is necessary for the establishment, exercise, or defence of legal claims by us.

1.10.4. Right to restrict

You can request that we stop processing your personal data, except for its storage, under certain conditions prescribed by law. However, this is not an absolute right, and it does not apply in certain conditions, for example when use of your data is necessary for the protection of the rights of another natural or legal person.

1.10.5 Right to data portability

You can request that some of your personal data is provided to you, or to another controller, in a commonly used and machine-readable format. This right applies where we use your data based on your consent or a contract and if the processing of your data is carried out by automated means.

1.10.6 Right to withdraw consent

You have the right to withdraw your consent to the processing of your personal data. You can do this at any time. If you withdraw your consent, we will no longer use the personal data in question (the personal data you have consented to the use of). Withdrawal of consent does not affect the lawfulness of processing your data based on consent before withdrawal. The right to withdraw consent applies only to the extent that your personal data is processed based on consent.

1.10.7 Right to object

You have the right to object to the processing of your personal data based on our or a third party’s legitimate interest(s). You can do this at any time. If you raise an objection, we will stop using your personal data where the basis for processing is our legitimate interest. In exceptional circumstances, we may continue to use your data despite your objection. This exception does not apply when you object to the processing of data for direct marketing purposes, i.e., if you object to it, we will stop processing your personal data on this basis.

1.10.8 Right to lodge a complaint

You can lodge a complaint with the supervisory authority dealing with the protection of personal data. You can lodge such complaint with your local data protection authority. You can also lodge such complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), a Polish data protection authority based in Warsaw, Poland (https://uodo.gov.pl).

1.11. Automated decision-making

We may use automated decision-making. This means that certain decisions about you which may produce legal effects concerning you or similarly significantly impact you (i.e. determine if you can use our Services) will be made solely by technological means without human involvement. Apart from such fully automated decisions, we may also use semi-automated decisions (i.e. made by us based on results of an automated data collection and analysis).

1.11.1. How automated decisions are made?

The Verification Procedureinvolves collecting your personal data from you and other sources (consult Section 1.3 of the Privacy Policy for more details on sources of your data). For example, we or our service providers may:

  • make automated checks of your personal data against the information in multiple databases, including sanction lists or lists of persons entrusted with prominent public functions (so-called “politically exposed persons”)to verify your presence in such databases and the authenticity of uploaded documents;
  • use geo-blocking to ensure that the Users from restricted countries under the AML Law cannot access our Website and/or the Services;
  • use fraud detection and prevention systems, including systems detecting suspicious or malicious activity;
  • use so-called wallet screening to ensure that funds in the cryptocurrency wallet of a User are not restricted funds under the AML Law and do not originate and/or are not related to any restricted person under the AML Law or any other suspicious activity under the AML Law.

The results of such verification are then automatically checked against preset thresholds, conditions or other reasoning mechanisms implemented in our Systems by us or our service providers acting on our behalf. If the results of such checks do not meet such thresholds or other requirements, your Verification Procedure result will be negative. For example, if you are listed on an international sanction list, you will not pass the Verification Procedure with positive result.

1.11.2. What are the consequences of automated decisions?

The results of the Verification Procedure determine whether you can access and/or use the following Services: Transactional Service.

If the results are positive, you will be able to access and/or use such Services.

If the results are negative, depending on a particular system employed by us or our service providers, you will be either:

  • automatically blocked from accessing and/or using such Services (for example, when we detect that you are trying to circumvent our requirements on restricted countries or restricted individuals);
  • flagged for manual review by us; depending on the result of the manual review, you may or may not be able to access and/or use such Services. Such manual review does not constitute an automated decision-making as the decision is made by a human.

1.11.3. What are the grounds of processing?

Our use of automated individual decision-making is necessary for entering into, or performance of, a contract between you (the User) as we require our Users to comply with our AML/CFT standards and AML Law requirements. This means that use of such automated decision-making tools is a contractual requirement under the Terms in order for you to access and/or use our Services listed in Section 1.11.2. The grounds of processing for the purpose of the automated individual decision-making is a necessity of processing for performance of a contract with you [Article 6(1)(b) GDPR].

1.11.4. Your rights

To exercise your right(s) contact us (please consult Section 1.1).

You have the following rights connected with automated decision-making:

  • right to contest the automated decision(s);
  • right to express your point of view in connection with such automated decision(s);
  • right to obtain human intervention as regards the automated decision-making process.

These rights are limited to decisions based solely on automated processing. This means you are not entitled to execute these rights in connection with semi-automated decision-making or where decisions are made solely by humans. You may use your other rights under the GDPR listed in Section 1.10 in such case.


2. COOKIE NOTICE

2.1. Introduction

This Cookie Notice describes how Helix Markets, a limited liability company registered in Warsaw, Poland (“Helix Markets” or “we”, “our” etc.) stores or accesses information on your terminal device in connection with your use of the Website or the Services.

2.2. What are cookies?

Cookies are small text files installed on your device that collect information which, generally, facilitates use of the Website and the Services. For example, cookies may remember your language preferences or other settings of your Internet browser. In most cases information used in connection with cookies is personal data. In such cases, the Privacy Noticeapplies to such personal data.

We mainly use our own cookies. The Website also uses third-party cookies, i.e. cookies from a domain other than the domain of the visited website, primarily for analytical activities. We may also use other technologies similar to cookies, for example HTML5 local storage, Local Shared Objects or tracking pixels. Where we refer to cookies in this Cookie Notice, we also mean such technologies.

2.3. What cookies are used?

The cookies are used only when it is admissible by law. The following types of cookies are used in connection with your use of the Website and the Services.

2.3.1. Necessary cookies

The necessary cookies are a type of cookies that are required by the Website and the Services to function properly. For example, these types of cookies are installed to recall your login sessions and privacy settings. They are set by us. They are mandatory because they are necessary for the provision of the Website and the Services.

2.3.2. Functional cookies (optional)

The functional cookies are a type of cookies that are used to improve the functionality of the Website. For example, such cookies may be installed to remember your language preferences. They may be set by us or by third-party providers engaged by us. They are optional, so we use them only with your consent.

2.3.3. Analytical cookies (optional)

The analytical cookies are a type of cookies that enable collecting information such as number of visits and traffic on the Website for statistical purposes. For example, these types of cookies may be installed to analyse how you navigate the Website to improve the performance of the Website. They may be set by us or by third-party providers engaged by us. They are optional, so we use them only with your consent.

2.4. Description of the cookies

Each cookie has a specific provider responsible for the cookie (e.g. us or a third party), a specific purpose of use, and a maximum functioning period. If the provider of a cookies is a third party, such third party has access to such cookies. The duration of the operation of cookies depends on their type and purpose. In general, there are two types of cookies: session cookies and persistent cookies. Session cookies expire at the end of a given session. Persistent cookies are stored on the device for a longer period. They do not expire after the end of a given session. The maximum period after which our cookies expire is 12 months.

The following cookies are used in connection with your use of the Website or the Services:

2.5. Access of third parties to the cookies

We do not allow third parties to access cookies for which we are responsible unless it is necessary. For example, we may allow such access when it is necessary to perform third-party analytics services. In addition, some of the solutions of our service providers involve storing or accessing information on your end device, including the use of cookies.

Below we describe in greater detail some tools of our partners:

2.5.1. Sign in with Google

Sign in with Google is a solution that allows you to register and sign in to your Account on the Website using your Google account. The solution provider is Google Ireland Limited, address: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. You can find more information about Sign in with Google at: https://support.google.com/accounts/answer/12921417. You can find more information about the processing of your personal data by Google Ireland Limited at: https://policies.google.com/privacy.

2.5.2. Internet Identity

Internet Identity is an authentication service for the Internet Computer that allows you to register and sign in to your Account on the Website using your Internet Identity. The solution provider is DFINITY Foundation, address: DFINITY Stiftung, Stockerstrasse 47, 8002 Zürich, Switzerland. You can find more information about Internet Identity at: https://internetcomputer.org/docs/current/developer-docs/integrations/internet-identity/overview. You can find more information about the processing of your personal data by DFINITY Foundation at: https://dfinity.org/privacy-policy.

2.6. Your cookie choices

There are several ways in which you can manage cookies.

2.6.1. Your consent

Optional cookies, for example advertising cookies, are used only with your consent. You can withdraw your consent at any time. You can do this through your cookie settings (Section 2.6.2) or through your browser settings (Section 2.6.3).

2.6.2. Cookie settings

You can manage your cookie settings using our cookie management platform (click here). You can access the cookie management platform from the Website. To do so, click the "Cookie Settings" link located in the footer, at the bottom of the Website. You can also access the cookie management platform by clicking the corresponding button on the cookie banner that appears at the bottom of the screen during your first visit on the Website.

2.6.3. Web browser

You can also manage cookies through your web browser. For example, you can delete all or some cookies from your device or block them.

Please note that deleting or blocking cookies may cause the Website or the Services to not function properly or to stop functioning altogether.

To manage cookies through your web browser, refer to the instructions provided by your browser provider. For example, some of such instructions for the relevant web browsers can be found on the websites of their operators: Microsoft (Internet Explorer, Edge), Google (Chrome), Apple (Safari), Mozilla (Firefox), Opera (Opera).

2.6.4. Your rights related to personal data

You have rights related to your personal data as set forth in the Privacy Notice(Section 1.10).