Privacy Policy (European Union)

All the ways we get to know you better

Yellow Card (referred to as "Yellow Card," "we," "us," or "our") is committed to protecting the privacy and confidentiality of the personal data of our users, including individuals and businesses. This Privacy Policy outlines how we collect, use, store, share, and protect your information when you access or use the Yellow Card Site (www.yellowcard.io), our mobile applications, any Yellow Card API (directly or through third-party applications), or any Yellow Card product or service (collectively, "Yellow Card Services").

I. Information about the controller

The controller of the personal data of users (hereinafter referred to as "Users", and individually as "User") of Yellow Card Services operated in the domain www.yellowcard.io (hereinafter referred to as "Service" or “Website”), i.e. the entity deciding on the purposes and means of processing their personal data is Afritech Services Sp. z o.o. with its registered office in Warsaw, ul. Bartycka 22B/21A, 00 - 716 Warsaw, KRS no: 0001072280, (hereinafter referred to as the "Controller"). 

A User is understood to be any natural person using the Service. For B2B clients, while the primary User is a natural person interacting with the Service, we also process data related to the legal entity they represent.

II. Data Protection Officer (DPO)

The Controller has appointed a Data Protection Officer (DPO). Users may contact our DPO regarding the protection of their personal data by e-mail at: [email protected].

IV. Recipients of personal data

Personal data may be disclosed or entrusted by the Controller to the following categories of recipients:

  • General Inspector for Financial Information (GIFF): As required by the Polish Anti-Money Laundering Act (AMLA).
  • Third-Party Service Providers: Entities providing ongoing services to the Controller, such as legal or accounting services.
  • Authorized Public Authorities: In situations where such an obligation clearly results from a demand of an authorized public authority or from applicable provisions of generally applicable law.
  • Yellow Card Group Companies: Personal data may be transferred to the extent necessary to other companies within the Yellow Card group.
  • Other Lawful Disclosures: We may share your information with third-party fraud prevention and identity verification service providers to prevent fraud and confirm validity against public records. These providers may retain and use your information solely for identity verification and fraud prevention services for Yellow Card and to improve their own services. We also engage service providers for marketing purposes (with your consent) and third-party advertising agencies. In the event of a merger, acquisition, or purchase of assets, the acquiring company will have access to your information and will be required to follow this Privacy Policy.

The Controller ensures that entities to whom Users' personal data are entrusted guarantee a high level of data protection and that appropriate data processing agreements are signed where required.

Transfers Outside the European Economic Area (EEA): Personal data may be transferred to countries outside the European Economic Area, but only to countries for which the European Commission has issued a decision declaring an adequate level of personal data protection within the meaning of Article 45 GDPR.  Where an adequacy decision does not exist, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure data protection.

V. Storage period of User data

The Controller stores Users' personal data for specific periods:

  • Account-related Data: Personal data processed for setting up and maintaining the Account is stored for the period of Account maintenance, i.e., until it is deleted by the User.
  • Service Provision Data: Personal data processed to provide the services mentioned in Section III, item 2 of this Privacy Policy, shall be stored for a period of 5 years, counting from the date of termination of the business relationship with the Controller or from the date of execution of an occasional transaction, in accordance with Article 49 of the Polish AMLA.
  • Cookie Data: Personal data from cookies stored on the User's terminal device will be stored for a period corresponding to the life cycle of the cookies or until they are deleted by the User.
  • Marketing Data: Personal data processed for sending marketing content (including newsletters) will be stored until the User withdraws their consent to receive it.
  • Claims-related Data: If the storage of personal data is necessary to assert or defend a claim to which the Controller is entitled or against the Controller, the data may be stored until the relevant court proceeding is finally ended and the decision is enforced.

Yellow Card will not retain your personal information longer than necessary.

VII. Voluntariness of providing personal data

Providing personal data by the User is always voluntary. However, it is necessary in order to contact the Controller through the contact form and in order to conclude and perform the contract between the User and the Controller, and to serve the User as the Controller 's customer. If you do not provide the necessary data, it will not be possible to contact the Controller to conclude and perform the contract between the User and the Controller or to receive services.

VIII. Possibility of profiling the Users' personal data by the Controller

Users' personal data concerning their preferences, behaviour and choice of marketing content may be used as the basis for making automated decisions in order to determine the sales opportunities of the Service. Therefore, pursuant to Article 21(2) of the GDPR, all Users have the right to object to the processing of their data by the Controller for this purpose.

IX. Data collected automatically upon entering the website of the Service (cookie files)

The Controller informs that while using the Website, short text information called "cookies" are stored in the User's end device. Cookie files contain such IT data as: the User’s IP address, website origin, storage time on the device, parameters, statistics and a unique number. Cookies are sent to the Service server via the User’s web browser. 

Cookies are used on the Website to: 

  • Maintain technical correctness and continuity of the session between the Service server and the User's device.
  • Optimize Website use and adjust its display on the User's device.
  • Ensure the security of Service use.
  • Gather statistics on Website visits, supporting improvement of structure and content.
  • Display advertising content optimally adapted to the User's preferences.

The Service uses two types of "cookies": "session" and "permanent".

  • "Session" cookies are temporary files automatically removed from the User's device after logging out, leaving the website, or closing the browser.
  • "Permanent" cookies are stored on the User's device for a specified time or until removed by the User. "Permanent" cookies are installed only with the User's consent.

Cookie Management:

  • Internet browsers by default accept the installation of "cookies".
  • You can change your browser settings at any time to block "cookies" automatically or to be notified when they are placed on your device.
  • Detailed information on managing cookies is available in your Internet browser settings.
  • Restricting the use of cookies may adversely affect the correctness and continuity of the Services on the Website.
  • Cookies installed on your device may be used by advertisers or business partners cooperating with the Controller.
  • Cookies may be considered personal data only in connection with other identifying data provided by the User while using the Service.
  • Only the Controller has access to cookies processed by the Website's server.
  • If you do not agree to save and receive information in cookies, you can change the rules regarding cookies through your Internet browser settings.

X. Changes to the Privacy Policy

This Privacy Policy may be amended if it is necessary to update the information contained herein, or to ensure its compliance with applicable laws or technological conditions of the Website's functioning. Users will be informed of any changes through a notice displayed on the Website.

XI. Contact with the Controller

Contact with the Controller is possible via e-mail at [email protected] or through our Support Page with any questions or concerns regarding this Privacy. Policy.