MFA Traders

"Personal data" is all information about a natural person identified or identifiable by one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity. Sometimes (depending on how the data is collated) we also understand as personal data the IP of the device, location data, internet identifier, and information collected via cookies and other similar technology.

The Controller of the personal data on the Website is My Funding Account P.S.A, Al. Wojciecha Korfantego 138A, 40-156 Katowice, Poland KRS: 0001023771 NIP: 6343021306 REGON: 524681980

PROVIDER'S CONTACT DETAILS: The email address to contact the Provider is support@mfatraders.com.

Personal data will be processed for purposes and to the extent related to the provision of the services provided by and through the Provider.

The Controller shall use its best endeavours to ensure that the personal data provided to it are protected against unauthorised access by third parties or unauthorised use, while at the same time ensuring the smooth functioning of the Website.

The Provider processes the following personal data:

Use of the Services:
• name, surname, date of birth, NIP, REGON, PESEL, bank account number, telephone number, e-mail address, address of residence / registered office,
• data necessary for customer verification: biometrics, image, transaction history, connections to high-risk countries as defined by AML regulations Contact with the Controller - e-mail address and other data provided voluntarily in the body of the message

The provision of personal data is voluntary, but in the case of some data it is obligatory in order to register on the Website and to use the Services. We process data on the following grounds: Art. 6(1)(b) GDPR - for the performance of the contract;

Art. 6 1(c) of the DPA in connection with tax legislation and the Accounting Act - for the purpose of tax settlements, keeping accounting records, fulfilling AML obligations; Art. 1(f) - for the purpose of establishing, pursuing and defending against claims, monitoring security on the Service; Art. 6 1(a) - for the purpose of performing the Brokerage Service, providing the MFA Trader service and sharing the Customer's data with trading partners.

As part of the Service, the Provider also requires the legal entity to indicate the person who will act on behalf of the Entrepreneur, in which case we process data such as: name and surname, place of work, job position, e-mail address. The basis for data processing is Art. 6 sec. 1(b) GDPR, i.e. the performance of the Agreement. If your data has been provided to the Controller against your will, please contact the Controller immediately.

If the User refuses to provide the necessary data, the Controller may refuse to provide the Services.

The personal data Controller is at the same time an obliged institution within the meaning of the Anti-Money Laundering and Countering the Financing of Terrorism (AML) Act and processes personal data to the extent indicated therein. It is compulsory for the Customer to undergo AML verification (and provide the required data). Depending on the situation, the scope of data required may increase (if any risk factors are revealed).

The data stored within the Customer Section will be processed until the Account is deleted (either by the Customer, or by the Controller 6 years after the last login).

We process the data for tax purposes for the period required by law requiring the Controller to keep tax books (until the expiry of the statute of limitations for tax liabilities, unless otherwise provided by tax laws) or accounting records (usually 6 years calculated from the date of purchase).

Data processed in connection with the legitimate interest of the Controller shall be processed for the duration of the legitimate interest pursued by the Controller, but no longer than the period of the statute of limitations for claims against the data subject, unless legal proceedings are instituted within this period. The period of limitation on claims is determined by law, in particular the Polish Civil Code. We process data processed on the basis of consent until it is withdrawn, unless, despite the withdrawal of consent, the Provider has another legal basis for processing the data. The user may request the deletion of their data if they are no longer necessary for the performance of the concluded and executed contracts and their further storage is not justified by the Controller's entitlement under the applicable legislation. A request for deletion of data also means a request for deletion of the Customer Section. Deletion of the Customer Section does not imply a permanent and complete deletion of the Customer's data - due to legal requirements, the Controller retains some of the Customer's personal data in their resources. With regard to data to which AML regulations apply, the Controller is required to keep the data for 5 years from the first day of the year following the year in which transactions or business relationships with the Customer ceased. This period may be extended for a further 5 years at the request of a competent authority. [

Recipients of the data may be entities entitled to receive the data on the basis of applicable legislation, including the competent judicial authorities. The possible recipients of the data are: telecommunications companies, banks, postal operators, companies providing technical services to the controller, the hosting provider.

The Controller uses third parties for the operation of this website. Appropriate data entrustment or data sharing agreements have been entered into with these entities, each with its own privacy policy.

• Sum and Substance Ltd., incorporated and registered in England, reg. no. 09688671 , registered office address - 30 St. Mary Axe, London, England, EC3A 8BF - this is the platform through which we verify Customers. The platform collects biometric data, image data, document information, transaction history and other data necessary for AML verification. During the verification process, it is possible that data will be profiled and that decisions on the outcome of the verification will be made by automated means. https://sumsub.com/privacy-notice-service/

• Match-Trade Technologies LLC, a company limited by shares and incorporated in United States, Delaware and whose registered office is located at 2372 Morse Ave, Irvine, CA 92614, United States - a provider of account creation capabilities on the trading platform and Client Panel. https://match-trade.com/privacy-policy/

Please read the privacy policies of these entities.

Customers will be informed of the details at the latest when they start using the Trading Platform.

The Controller may provide or make personal data available to third parties when: the Customer consents to it, it is justified by law; it is necessary in order to provide the service ordered by the Customer - i.e. in connection with the need to fulfil the agreement.

The Controller also uses a number of tools related to marketing and statistical activities, to improve and enhance the functioning of the Website. Not all tools collect personal data, but some of them track a user's movement on the site, record the IP number or the location used by the user.

Below is a list of the tools we use:

a) Zapier, Inc. 548 Market St. #62411, San Francisco, CA 94104-5401 - provider of the tool used to automate the Service. Among other things, Zapier collects IP address, ISP, referring/exit page URLs, device identifiers, and crash data. Data is transferred to and processed in the United States. More information at: https://zapier.com/privacy

b) GetResponse, S.A with its registered office in Gdansk, al. Grunwaldzka 413, 80-309 Gdańsk, KRS 0000942075, NIP 9581468984. - communication tool (autoresponder). GetResponse may collect data such as contact details and content entered into the tool. Data may be transferred outside the EEA. More at: https://www.getresponse.com/legal/privacy

c) ActiveCampaign, LLC.1 North Dearborn Street, 5th floor Chicago, IL 60602 - ActiveCampaign's communication tool (autoresponder) may collect data on the type of browser used, access time, pages viewed, IP address, general location, and the site the user visited before using the tool. Data may be transferred outside the EEA More at: https://www.activecampaign.com/legal/privacy-policy

d) LINK Mobility Poland sp. z o. o. ul. Toszecka 101, 44-100 Gliwice NIP: 969-156-67-36 – an SMS tool. It processes data related to the content of the communication such as e-mails, voice messages, SMS/MMS, etc., and contact data. The entity does not exclude sending data to third countries. More at: https://www.smsapi.pl/polityka-prywatnosci Page3

e) Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland - we use a number of tools provided by Google:

• Google Analytics - we use data on the effectiveness of marketing campaigns, this tool allows us to determine web usage preferences

• Google Ads - a tool used for advertising campaigns, we analyse behaviour on our website, such as products viewed and time spent on the site in order to provide more personalised offers

• Google Tag Manager – it enables the monitoring of various events on the website, such as clicks, scrolls, forms submitted, allowing for a more accurate analysis of user behaviour. The tool itself does not collect or process personal data. It is a tool for managing tags and tracking code on a website.

• Google Workspace - a suite of online tools and services created by Google that is designed to facilitate teamwork and business management in the cloud. It helps, for example, with uploading documents and organising online meetings. This tool processes the data entered into this service, e.g. to organise an online meeting.

• Google Search Console - a tool that allows webmasters to monitor, analyse, and optimise their website's visibility in Google search results.

Data may be transferred and stored outside the EEA, mainly in the United States. More information on the privacy policy for the above-mentioned tools: https://policies.google.com/privacy?hl=pl

f) Meta Platforms Ireland Limited ATTN: Privacy Operations Merrion Road Dublin 4 D04 X2K5, Ireland

g) Meta Pixel - a tool that allows us to track user behaviour when using the Meta Service, it is an analytical tool that helps us understand how users use the Service. Pixel tracks your activity after you leave the Website , which allows us to adapt our content and offers. Data may be transferred and stored outside the EEA, mainly in the United States. More information at: https://www.facebook.com/privacy/policy/

h) Bitly Europe GmbH, Am Lenkwerk 13, 33609 Bielefeld, Germany - link shortening tool that recognises website traffic. It may collect data such as IP number, time and date of use, browser type, operating system, and language. It does not exclude the transfer of data outside the EEA. More information at: https://bitly.com/pages/privacy

i) Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. - a tool to track how users navigate the site, where they click, what elements attract their attention; provides the ability to segment users according to different criteria, allowing analysis of behaviour within specific user groups. Possible transfer of data outside the EEA. More information at: https://privacy.microsoft.com/pl-pl/privacystatement

j) Calendly.com - online calendar integration tool, possible sending of data to third countries. More information at: https://app.calenday.com/privacy

k) Discord Inc. 444 De Haro Street Suite 200 San Francisco, CA 94107 USA - communication tool. It collects data entered through the use of this tool. More information

Recipients of the data may be entities entitled to receive the data on the basis of applicable legislation, including the competent judicial authorities. The possible recipients of the data are: telecommunications companies, banks, postal operators, companies providing technical services to the controller, the hosting provider.

The Controller uses third parties for the operation of this website. Appropriate data entrustment or data sharing agreements have been entered into with these entities, each with its own privacy policy.

• Sum and Substance Ltd., incorporated and registered in England, reg. no. 09688671 , registered office address - 30 St. Mary Axe, London, England, EC3A 8BF - this is the platform through which we verify Customers. The platform collects biometric data, image data, document information, transaction history and other data necessary for AML verification. During the verification process, it is possible that data will be profiled and that decisions on the outcome of the verification will be made by automated means. https://sumsub.com/privacy-notice-service/

• Match-Trade Technologies LLC, a company limited by shares and incorporated in United States, Delaware and whose registered office is located at 2372 Morse Ave, Irvine, CA 92614, United States - a provider of account creation capabilities on the trading platform and Client Panel. https://match-trade.com/privacy-policy/

Please read the privacy policies of these entities.

Customers will be informed of the details at the latest when they start using the Trading Platform.

The Controller may provide or make personal data available to third parties when: the Customer consents to it, it is justified by law; it is necessary in order to provide the service ordered by the Customer - i.e. in connection with the need to fulfil the agreement.

The Controller also uses a number of tools related to marketing and statistical activities, to improve and enhance the functioning of the Website. Not all tools collect personal data, but some of them track a user's movement on the site, record the IP number or the location used by the user.

Below is a list of the tools we use:

a) Zapier, Inc. 548 Market St. #62411, San Francisco, CA 94104-5401 - provider of the tool used to automate the Service. Among other things, Zapier collects IP address, ISP, referring/exit page URLs, device identifiers, and crash data. Data is transferred to and processed in the United States. More information at: https://zapier.com/privacy

b) GetResponse, S.A with its registered office in Gdansk, al. Grunwaldzka 413, 80-309 Gdańsk, KRS 0000942075, NIP 9581468984. - communication tool (autoresponder). GetResponse may collect data such as contact details and content entered into the tool. Data may be transferred outside the EEA. More at: https://www.getresponse.com/legal/privacy

c) ActiveCampaign, LLC.1 North Dearborn Street, 5th floor Chicago, IL 60602 - ActiveCampaign's communication tool (autoresponder) may collect data on the type of browser used, access time, pages viewed, IP address, general location, and the site the user visited before using the tool. Data may be transferred outside the EEA More at: https://www.activecampaign.com/legal/privacy-policy

d) LINK Mobility Poland sp. z o. o. ul. Toszecka 101, 44-100 Gliwice NIP: 969-156-67-36 – an SMS tool. It processes data related to the content of the communication such as e-mails, voice messages, SMS/MMS, etc., and contact data. The entity does not exclude sending data to third countries. More at: https://www.smsapi.pl/polityka-prywatnosci Page3

e) Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland - we use a number of tools provided by Google:

• Google Analytics - we use data on the effectiveness of marketing campaigns, this tool allows us to determine web usage preferences

• Google Ads - a tool used for advertising campaigns, we analyse behaviour on our website, such as products viewed and time spent on the site in order to provide more personalised offers

• Google Tag Manager – it enables the monitoring of various events on the website, such as clicks, scrolls, forms submitted, allowing for a more accurate analysis of user behaviour. The tool itself does not collect or process personal data. It is a tool for managing tags and tracking code on a website.

• Google Workspace - a suite of online tools and services created by Google that is designed to facilitate teamwork and business management in the cloud. It helps, for example, with uploading documents and organising online meetings. This tool processes the data entered into this service, e.g. to organise an online meeting.

• Google Search Console - a tool that allows webmasters to monitor, analyse, and optimise their website's visibility in Google search results.

Data may be transferred and stored outside the EEA, mainly in the United States. More information on the privacy policy for the above-mentioned tools: https://policies.google.com/privacy?hl=pl

f) Meta Platforms Ireland Limited ATTN: Privacy Operations Merrion Road Dublin 4 D04 X2K5, Ireland

g) Meta Pixel - a tool that allows us to track user behaviour when using the Meta Service, it is an analytical tool that helps us understand how users use the Service. Pixel tracks your activity after you leave the Website , which allows us to adapt our content and offers. Data may be transferred and stored outside the EEA, mainly in the United States. More information at: https://www.facebook.com/privacy/policy/

h) Bitly Europe GmbH, Am Lenkwerk 13, 33609 Bielefeld, Germany - link shortening tool that recognises website traffic. It may collect data such as IP number, time and date of use, browser type, operating system, and language. It does not exclude the transfer of data outside the EEA. More information at: https://bitly.com/pages/privacy

i) Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. - a tool to track how users navigate the site, where they click, what elements attract their attention; provides the ability to segment users according to different criteria, allowing analysis of behaviour within specific user groups. Possible transfer of data outside the EEA. More information at: https://privacy.microsoft.com/pl-pl/privacystatement

j) Calendly.com - online calendar integration tool, possible sending of data to third countries. More information at: https://app.calenday.com/privacy

k) Discord Inc. 444 De Haro Street Suite 200 San Francisco, CA 94107 USA - communication tool. It collects data entered through the use of this tool. More information

The Controller may use profiling for marketing purposes and to serve Customers more efficiently, to improve the functionality of the Website, and for statistical purposes. Decisions taken on the basis of profiling by the Controller do not relate to the conclusion or refusal of a contract or the possibility of using the services, unless the Customer consents to automated decisions being taken on the basis of profiling. Giving consent for automated decisions based on profiling means that the Customer may receive a special offer, a discount, an additional service, a reminder of unfinished purchases, or a reminder for deposits.

Customers subject to AML vetting may be subject to profiling and, in certain situations, decisions to vet a particular Customer may be made by automated means. However, it is possible to appeal against a decision made in this way and ask for a human verification.

The Customer has the right to:

a) access their personal data, that is obtain from the Controller confirmation as to whether or not personal data concerning them are being processed, and information pertaining to such processing,

2) rectification of data if the data processed by the Controller are incorrect or incomplete,

3) request the Controller to delete the data, whereby the Controller has the right to refuse to delete the data if there are further grounds for processing the data

4) request the Controller to restrict data processing, whereby the Controller has the right to refuse to restrict the processing if there are further grounds for the processing the data

5) data portability, i.e. the right to receive personal data provided to the Controller and send it to another Controller;

6) object to the processing of data on the basis of the legitimate interest of the Controller or to the processing of data for direct marketing purposes;

7) lodge a complaint with the Polish supervisory authority or with the supervisory authority of another Member State of the European Union having jurisdiction over the place of habitual residence or work of the data subject or over the place of the alleged breach of the GDPR. On the territory of the Republic of Poland, the supervisory authority is: President of the Office for the Protection of Personal Data.

8) withdraw consent given in relation to data processing at any time (without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal).

If the Customer wishes to exercise their rights, they should contact the Controller at the e-mail address or telephone number indicated at the top of the Privacy Policy. The Controller shall respond to all requests as soon as possible, and no later than 30 days after receiving the request. In situations where the response to a request requires a longer analysis, the Controller will inform you of the extension and the reasons for the delay.

The Customer has the right to:

a) access their personal data, that is obtain from the Controller confirmation as to whether or not personal data concerning them are being processed, and information pertaining to such processing,

2) rectification of data if the data processed by the Controller are incorrect or incomplete,

3) request the Controller to delete the data, whereby the Controller has the right to refuse to delete the data if there are further grounds for processing the data

4) request the Controller to restrict data processing, whereby the Controller has the right to refuse to restrict the processing if there are further grounds for the processing the data

5) data portability, i.e. the right to receive personal data provided to the Controller and send it to another Controller;

6) object to the processing of data on the basis of the legitimate interest of the Controller or to the processing of data for direct marketing purposes;

7) lodge a complaint with the Polish supervisory authority or with the supervisory authority of another Member State of the European Union having jurisdiction over the place of habitual residence or work of the data subject or over the place of the alleged breach of the GDPR. On the territory of the Republic of Poland, the supervisory authority is: President of the Office for the Protection of Personal Data.

8) withdraw consent given in relation to data processing at any time (without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal).

If the Customer wishes to exercise their rights, they should contact the Controller at the e-mail address or telephone number indicated at the top of the Privacy Policy. The Controller shall respond to all requests as soon as possible, and no later than 30 days after receiving the request. In situations where the response to a request requires a longer analysis, the Controller will inform you of the extension and the reasons for the delay.

The Controller transfers personal data outside the European Economic Area. Recipients located outside the EEA are identified above in the 'Recipients' section. Page5 The European Commission has formally confirmed that the United Kingdom of Great Britain and Northern Ireland provides an adequate level of protection of personal data.

Data is also transferred to the United States.

Most of our recipients have servers in the EU. However, due to the nature of the Website's operation, we cannot rule out the possibility that customer data will be transferred outside the EEA. This may involve the risk of data loss, unauthorized modification, breach of confidentiality, or identity theft.

The entities whose services we use operate globally and declare their compliance with GDPR regulations and the security of personal data.

The portal does not automatically collect any information except that contained in cookies. Cookies are information recorded in the form of text files which are sent by a server and saved on the media of the person visiting the Portal website, e.g. on the hard drive of a computer, laptop or on the memory card of a mobile phone. Cookies usually contain the name of the website from which they originate, the time for which they are stored on end-devices, and their unique number. Cookie files are used for the following:

a) to adapt the content of the web pages of the Portal to the Customer's preferences

b) to create statistics which help us to understand how Portal Customers use the websites, so that we can improve their structure and content;

c) maintaining a session of the Website Customer (after logging in), thanks to which the Customer does not have to re-enter their login and password on each sub-page of the Portal;

The Website uses two basic types of cookies: "session" cookies and "permanent" cookies. "Session" cookies are temporary files which are stored on the User's terminal device until logging out, leaving the website, or turning off the software (the web browser). Permanent cookies are stored on the User's end device within time specified in the parameters of the cookies or until they are deleted by the User. The Service uses the following types of cookies:

a) "essential" cookies enabling the use of services available within the Service, for example: authentication cookies used for services that require authentication through the Service;

b) cookies used for security purposes, e.g. used to detect abuse of authentication on the Website;

c) "performance" cookies, enabling the collection of information on how the Website's pages are used;

d) "functional" cookies, enabling "remembering" the Customer's selected settings and personalising the Customer's interface, e.g. with regard to the chosen language or region of origin of the Customer, font size, website design, etc.;

e) "advertising" cookies, enabling the delivery of advertising content to Customers that is more tailored to their interests.

In many cases, browsers allow cookies to be stored on the Customer's terminal device by default. The Customers may change the settings concerning cookie files at any time. Detailed information on the possibility and methods of handling cookies are available in the settings of the web browser. A Customer visiting the Website for the first time will be asked which cookies they would like to use when visiting the Website and which they do not agree to.

Restrictions on the use of cookies may affect some of the functionality available on the websites.

Cookies placed on the Website Customer's terminal equipment may also be used by advertisers and partners cooperating with the operator.

The Controller reserves the right to change the content of the Privacy Policy at any time. The new content of the document will then be posted under the Privacy Policy tab on the Website, and the previously applicable content will be posted below as a downloadable document, indicating the date until which it was applicable.

Privacy policy

Privacy policy

Privacy policy

General provisions

General provisions

General provisions

Scope, basis and purpose of the data processed

Data storage period

Recipients of the data

Data storage period

Recipients of the data

Profiling

Rights of the data subject

Transfer of data outside the EEA

Cookie policy