This notice tells you how we look after your personal data when you visit our website at https://stix.co/ (Website), access our STIX platform (Platform), and use any services we provide to you via the Website and the Platform (Services). It sets out what information we collect about you, what we use it for, whom we share it with, explains your rights and what to do if you have any concerns about your personal data. We may sometimes need to update this notice, to reflect any changes to the way the Website, the Platform, or the Services are provided, or to comply with new legal requirements. We will notify you of any important changes before they take effect.
Last updated: December 8, 2023
We are STIX Global sp. zo.o., a limited liability company incorporated and registered in Poland entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under the KRS number 0001036546, NIP number 5214020126 and its registered office at Bartycka 22B/21A, 00-716 Warsaw, Poland (we/us/our).
For all visitors to the Website and users of the Platform or the Services, we are the controller of your information (which means we decide what data we collect and how it is used). The Data Protection Authority which supervises our processing operations is the Polish Data Protection Authority - Prezes Urzędu Ochrony Danych Osobowych (UODO).
If you have any questions about this privacy notice or the way that we use your information, please contact us at:
Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we may collect from you below. These include
Identity Data – first name and last name;
Contact Data – email address;
Profile Data – username, password, and preferences;
Social Media Data – your Facebook, Instagram, Twitter and other social media usernames;
Communication Data – any correspondence between you and us;
Financial Data – crypto wallet addresses, transaction records, or other payment methods;
Technical Data - internet protocol address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating systems, and platforms on your devices;
Usage Data - information about your visit on the Website, the Platform, or the Services, including the clickstreams, information you viewed, page response times, download errors, or length of visits;
Marketing Data – your marketing preferences data; and
Feedback – information you provide about the Website, the Platform, or the Services.
We may anonymise the personal data we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.
We do not collect any Special Categories of Personal Data about you (this includes details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, your health data, genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We use different methods to collect personal data from and about you including through:
Direct interactions – you may give us your Identity Data, Contact Data and Financial Data by corresponding with us by phone, email, through the Website, the Platform, or the Services.
Third parties or publicly available sources – we may receive personal data about you from various third parties and public sources such as analytics providers, advertising networks, and search information providers.
We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:
fulfil our contract with you;
pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy);
comply with a legal obligation that we have; and
do something for which you have given your consent.
The table below sets out the lawful basis we rely on when we process your personal data. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
|Main types of data
|Lawful basis for processing
|Providing the Website to you
|Identity, Contact, Technical
|Providing the Platform to you
|Identity, Contact, Profile, Social Media, Financial, Technical, Communication
|Providing the Services to you under the contract
|Identity, Contact, Profile, Social Media, Financial, Technical, Communication
|Asking you to provide feedback
|Identity, Contact, Profile, Communication, Feedback
|Consent (the feedback is always optional)
|Providing insight on the Website, the Platform, and the Services
|Identity, Contact, Profile, Technical, Usage, Marketing, Communication
|Legitimate interest (necessary to improve the Website, the Platform, and the Services)
|Administering and protecting the Website, the Platform, and the Services
|Identity, Contact, Technical, Usage
|Legitimate interests (necessary to provide, monitor, protect and improve the Website, the Platform, and the Services)
|Handling requests for technical support and other queries
|Identity, Contact, Profile, Communication
|Legitimate interests (necessary to ensure functioning of the Website, the Platform, and the Services)
|Defending against legal claims
|Identity, Contact, Profile, Social Media, Financial
|Legitimate interests (necessary to protect and defend ourselves against legal claims)
|Notifying you about changes to our privacy notice and exercise your rights under data protection laws
|All your personal data
|Legal obligation (necessary to comply with our obligations under data protection laws)
|Complying with legal obligations (in particular AML, tax and sanction regulations)
|Identity, Contact, Profile, Financial, Communication, Technical
|Legal obligation (necessary to comply with the laws to which we are subject, in particular Anti-Money Laundering (AML), tax and sanction regulations)
Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to suspect your access to or use of to the Website, the Platform, or the Services, but we will notify you if this is the case at the time.
We share (or may share) your personal data with:
Our personnel: our employees who have contracts containing confidentiality and data protection obligations;
Our supply chain: other organisations that help us provide the Website, the Platform, or the Services. We ensure these organisations only have access to the information required to provide the support we use them for and have a contract with them that contains confidentiality and data protection obligations;
Public authorities: such as UODO;
Strategic Partners: such as platform providers;
Our professional advisers: such as our accountants or legal advisors; and
Any actual or potential buyer of our business.
If we were asked to provide personal data in response to a court order or legal request, we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.
Some of our external third parties are based in a third country (i.e., outside the European Economic Area (EEA))m so their processing of your personal data will involve a transfer of data outside the EEA. We will only transfer information outside of the EEA where we have a valid legal mechanism in place (to make sure your personal data is guaranteed a level of protection, regardless of where in the world it is located). In particular, we may transfer your personal data based on:
adequacy decisions of the European Commission, determining an adequate level of protection of personal data;
adopted by the European Commission (together with the required additional security measures, these provide the same protection to personal data as they enjoy in the European Union; you can find the SCC here).
If you want further information on the specific mechanism used by us when transferring your personal data outside the EEA, please contact us at email@example.com.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have also implemented up-front age verification systems, put in place specific protections, and incorporated child friendly design into the relevant elements of the Website, the Platform, and the Services. These measures help us assess and mitigate data protection risks to children when their personal data is being processed. We take appropriate actions to enforce any age restrictions we have set, including collecting parental consent when needed.
If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law). Where we act as the processor (which means we only collect and process information on the instructions of a controller) for the affected personal data, we notify the controller and support them with investigating and responding to the incident.
If you notice any unusual activity on the Website, the Platform, or through accessing the Services, please contact us at firstname.lastname@example.org.
Where we act as the controller, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
To decide how long to keep personal data (also known as its retention period), we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means, and any applicable legal requirements.
We may keep Identity Data, Contact Data and certain Communications Data for up to six years after the end of our contractual relationship with you (period of limitation for contractual claims). If you visit the Website or use the Platform or the Services, we keep personal data collected through our analytics tools for only for as long as necessary to fulfil the purposes we collected it for. If you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you (i.e., until you object to processing or withdraw your consent).
The retention period may be extended if the processing is necessary for us to establish and exercise possible claims or defend against claims, and thereafter only if and only to the extent required by law. After the expiry of the processing period, we will irreversibly delete or anonymise personal data.
You have specific legal rights in relation to your personal data. It is usually free to you exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once).
We can decide not to take any action in relation to a request where we have been unable to confirm your identity or if we feel the request is unfounded or excessive. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens, we will always inform you in writing.
We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.
Your legal rights in respect of your personal data include:
Right of access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it;
Right to rectification: You can ask us to correct your personal data if it is inaccurate or incomplete and we are obliged to rectify any inconsistencies or errors in the personal data processed and to complete them if they are incomplete;
Right to erasure: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (e.g., by withdrawing your consent). If we think we are still authorised to process your personal data you have asked us to delete, we will let you know and explain our decision;
Right to restrict processing: You can ask us to restrict how we use your personal data. If you make such a request, we are generally obliged to cease performing operations on your personal data, with some exceptions – if any of these apply we will let you know and explain our decision.
Right to objection: You can object at any time, for the reasons relating to you particular situation, to the processing of your personal data which is carried out based on our legitimate interest. . If we think there is a good reason for us to keep using the information, we will let you know and explain our decision;
Right to data portability: you have the right to receive your personal data you provided to us in a structured, commonly used, machine-readable format. You can send this data to another controller or request that we send your data to another controller. However, we will only do this if such a transfer is technically feasible. You have the right to data portability only in respect of the data that we process on the basis of your consent or contract; and
Right to withdraw consent - to the extent we process your personal data based on your consent, you have the right to withdraw your consent to data processing at any time. Withdrawal of consent does not affect the lawfulness of processing performed on the basis of your consent before its withdrawal.
If you wish to make any of the right requests listed above, you can reach us at email@example.com.
The right to lodge a complaint. Apart from the above rights you have also the right to lodge a complaint to the UODO or another relevant supervisory authority, if you are unhappy with the way we collect and use your personal data.