Privacy policy





Ladies and Gentlemen,


Constantly striving to ensure the best protection of personal data, we would like to assure you that we protect your personal data at the highest level and in this document you will find all information about what personal data we process and for what purpose.


1. Data administrator


The administrator of your Personal Data is TTHM limited libility company with its registered office in Kraków, hereinafter also referred to as the “Company”.


2. How to contact the Company


If you have any questions or comments regarding data processing, please contact:

at the e-mail address:

by correspondence: ul. Zwierzyniecka 29/113A 31-105 Krakow


A request to correct or delete personal data should be submitted to the following address:


3. What data do we collect and for what purpose?


The scope and purpose of data collection by us depends on the scope of your cooperation with us.

Customers purchasing virtual currencies within the Administrator’s enterprise to which the provisions of the Act of March 1, 2018 on counteracting money laundering and terrorism financing (“AML Act”) apply:

Clients of the Administrator who are natural persons

Scope of processed data:


a) name and surname,


b) citizenship,


c) social security number or date of birth – if no social security numberhas been assigned, and country of birth,


d)number of the document confirming the identity of the person,


e) address,


f) name (company), NIP and address of the main place of business activity – in the case of a natural person conducting business activity;


Persons authorized to act on behalf of the Client who is a legal person or an organizational unit without legal personality

Scope of processed data:


a) name and surname,


b) citizenship,


c) social security number or date of birth – if no social security numberhas been assigned, and country of birth,


d)number of the document confirming the identity of the person,


Real beneficiaries within the meaning of the provisions of the AML Act Scope of processed data:


a) name and surname


b) citizenship, and in the case of having such data, also:


c) social security number or date of birth – if no social security numberhas been assigned, and country of birth,


d)number of the document confirming the identity of the person,


e) address


We process the data of clients, persons authorized to act on behalf of clients and beneficial owners in order to:


performance of statutory obligations, resulting in particular from the need to make settlements and archive documents and from the need to apply security measures by the administrator as an obligated institution, resulting from the AML Act – the basis for processing is the legal obligation incumbent on the administrator (Article 6(1)(c) GDPR) resulting from the AML Act

potential pursuit of claims or defense against them, as well as identification of persons authorized to represent clients – the legal basis for processing is the legitimate interest in protecting our rights (Article 6(1)(f) of the GDPR)

In cases where the AML Act requires it, providing data is a condition for concluding a contract. Without providing them, the administrator will not be entitled to provide the currency exchange service.


4. Personal data of other customers (if provided)


In the case of Customers to whom the provisions of the AML Act do not apply, if personal data is provided by the Customer, we process it in order to:


performance of the contract (including consideration of possible complaints) – the legal basis for processing is the necessity of processing to perform the contract;

in order to fulfill the statutory obligations incumbent on the administrator, resulting in particular from tax and accounting regulations, consisting of, among others, on the need to issue an invoice or other accounting document and its archiving – the legal basis for processing is a legal obligation;

in order to identify persons authorized to represent the Company’s Clients – the legal basis for processing is the legitimate interest consisting in the proper performance of the subject of the contract;

in order to possibly determine, investigate or defend against claims – the legal basis for processing is the legitimate interest consisting in the protection of our rights;



5. Personal data of people who are potential customers


We process data of potential customers, including, for example, name and surname and contact details in order to:


propose our or our partners’ services, which is our legitimate interest (Article 6(1)(f) of the GDPR);

in order to possibly determine, investigate or defend against claims – the legal basis for processing is the legitimate interest consisting in the protection of our rights.

In addition, if you use the website (“Website”), the purposes and grounds for data processing depend on the scope of using its functionality.


Contact form

If you contact us via the contact form, you are asked to provide identification data, i.e. name and e-mail address. The user may be asked to provide additional data only when it is necessary to handle the matter to which the contact relates. In this case, the legal basis is our legitimate interest in the need to resolve a reported case related to the Website.


Data of users of social media profiles

Our profile on Facebook, Instagram and Tiktok is public. The user who visits our profiles provides us with his personal data (e.g. account name, comments, likes, online identifiers and the IP address of the device he uses).


These data are processed in order to: (i) enable us to effectively maintain our profile on a given website or application in connection with our promotion of various types of events, services and products, and (ii) communicate with users. The legal basis for the processing of personal data is our legitimate interest, consisting in promoting our brand, improving the quality of our services as well as ongoing communication with fanpage users


NOTE: the above information does not apply to the processing of your personal data by the administrator of Facebook, Instagram and Tiktok.


How long does the Company process personal data?

The period of data processing depends on the legal basis and purpose of processing.


We process the data of customers who have concluded a contract with us (established economic relations or made an occasional transaction), under the conditions specified in the AML Act, we process:


in the case of fulfillment of legal obligations – the period of data storage is 5 years, counting from the date of termination of business relations with the client or from the date of the occasional transaction, unless the authorized body requests the storage of documentation for a longer period (Article 49(1) and (3) of the AML Act) ;

Data of all customers (if data has been provided):


for the period of storage of financial and accounting documents specified in the regulations.

In the case of processing personal data on the basis of our legitimate interest, the data is processed, as a rule, until an objection is raised.


The period of data processing may be extended if the processing is necessary to establish, pursue or defend against possible claims, and after this period, only if and to the extent required by law.


What rights do customers have in relation to their personal data?


We guarantee the implementation of all rights of persons whose data we process, including the right to:


  • access to data, including obtaining a copy;

  • rectification of data;

  • deletion of data;

  • processing restrictions

  • data portability;

  • raise an objection;

  • lodging a complaint to the President of the Personal Data Protection Office;




In particular, data may be made available to the General Inspector of Financial Information and other competent authorities if we are obliged to do so under the AML Act.


The Website uses plugins and other social tools provided by social networking sites, such as Facebook, Instagram and Tik Tok.


In connection with the use of the Website that contains such a plug-in, your browser establishes a direct connection with the servers of social network administrators (service providers). The content of the plug-in is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser displays the Website, even if you do not have a profile with a given service provider or are not currently logged in to it. Such information (including the IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.


If you have logged in to one of the social networking sites, the service provider will be able to directly assign a visit to the Website to your profile on a given social networking site. If you use a given plug-in, e.g. the “Like” button, the relevant information will also be sent directly to the server of the given service provider and stored there. In addition, this information will be published on a given social network and will be shown to people added as your contacts.


The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policy of individual service providers.


Facebook –


Instagram –


Tiktok –


If you do not want social networking sites to assign the data collected during visits to the Website directly to your profile on a given website, it is necessary to log out of this website before visiting the Website. It is also possible to completely prevent the loading of plug-ins on the website by using appropriate extensions for your browser, e.g. blocking scripts.


Cookies policy

The website uses the so-called cookies. These are small text files placed on your devices (e.g. computers) via web browsers. These files allow you to store specific information on the device, and then read it by the website that created these files. Cookies usually contain, in addition to the domain name of the website they come from, the time of their storage on the end device and a unique number.

We use cookies to:


adjusting the content of the websites of the website to the individual preferences of the User and optimizing the use of websites by him (cookies allow in particular to recognize your device and properly display the website so that it is best suited to individual needs);

maintaining the session within the website after logging in;

creating statistics (so that we can better understand how the Users of our website use websites, and consequently we can improve the structure and content of these websites);

provide you with advertising content corresponding to their individual preferences.

The website does not store any information about the hardware configuration of the computer or the programs installed on the computer.


Changing cookie settings

Usually, the web browser allows cookies to be stored on the end device by default. However, at any time, you have the ability and the right to change the settings for cookies. In order to change cookie settings, you should read the detailed information about the possibilities and ways of handling cookies, which are available in the settings of your web browser.


If you do not agree to the placement of cookies on your device, you can block their placement by properly configuring your web browser. Information on how to do this can be found in the help files of your web browser. If cookies from the Website are blocked, the Administrator cannot guarantee its correct operation. If you do not change the cookie settings, these files will be placed on the end device. This means that the Administrator will store information in the end device and access this information.


Changes to the privacy policy

The policy is reviewed on an ongoing basis and updated if necessary.