Privacy policy

1. General

We at Straal Ltd. value your privacy and are committed to take care of your data, and we take this responsibility very seriously. Please take the time to carefully read our Privacy Policy, which explains why we collect your Personal Data.
This Privacy Policy applies to all persons who use Straal’s services and the website https://straal.com/.

The controller of your data is:

Please be advised that we have appointed a Data Protection Officer. You can contact our Data Protection Officer directly via e-mail: [email protected].

2. Purpose and legal basis for the processing of personal data

1. Are you visiting our website

Like many other websites, we use so-called “cookies”. Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Please find a detailed list of all cookies we use in our Cookie Policy .

In our Cookie Policy we inform you furthermore on the processing of your Personal Data when you visit the website.

2. Do you want to create an account with us?

We collect the personal data required for registration directly from you.

Your personal data is processed in order to provide the service electronically in the form of our internet account.

At registration, we request that you provide us with the following personal data: first name, last name, e-mail, login, password, correspondence address, country and phone. Aside from your personal data, we also request that you provide us with certain corporate information regarding the entity you represent: website address, company details (registered company name, legal form, tax identification number, company registration number, date of incorporation), registered company address, copies of company documentation (certificate of incorporation, memorandum and articles of association etc.), information on what services the company is interested in, settlement details (currency, bank account details etc.).

The legal basis for the processing of your personal data is the necessity to process them in order to perform our services (Article 6 (1) (b) of the GDPR).

Providing personal data is voluntary but necessary to create the internet account. Refusal to provide personal data will result in the inability to create the internet account.

Other data collected by us through the registration form, which may constitute personal data, are collected and processed on behalf of acquirers, who act as data controllers and entrust us with the processing of personal data for the purpose of concluding agreement between you and the acquirers. In such cases, we act as data processors.

3. Are you interested in participating in our webinar, workshop or consultation?

We collect the personal data required in order to register for the above-mentioned events directly from you.

Your personal data are processed in order to enable you to participate in a webinar, workshop or consultation.

The legal basis for the processing of your personal data is the consent you have expressed by willing to participate (Article 6 (1) (a) of the GDPR). Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.

Providing personal data is voluntary but necessary to participate in the webinar, workshop or consultation. Refusal to provide personal data will render such participation impossible.

4. Are you interested in our commercial information?

Your personal data are processed for the purpose of sending commercial information.

The legal basis for the processing of your personal data is your consent by providing your e-mail address and confirming your willingness to receive commercial information (Article 6 (1) (a) of the GDPR). Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.

Providing personal data is voluntary, but providing them is necessary for sending commercial information. Refusal to provide personal data will render such communication impossible.

Remember that if you have agreed to receive commercial information from our business partners, we have provided them with your e-mail address for this purpose.

5. Are you a party to a contract concluded with us?

If you are a party to a contract with us or you intend to conclude such a contract, the data that we process about you are contact details and other data necessary to conclude the contract. These data were obtained directly from you.

Your personal data are processed for the purpose of:

1. concluding and performing the contract,
2. compliance with legal obligations imposed upon us, including particularly accounting activities,
3. implementation of a legitimate interest, consisting in ensuring the communication necessary to conclude and perform the contract and its ongoing service, providing you with answers to questions, maintaining business contacts, as well as for the establishment, exercise or defence of legal claims.

The legal basis for the processing of your personal data are:

4. the necessity to process them in order to conclude and perform the contract (Article 6 (1) (b) of the GDPR),
5. fulfilling our legal obligations (Article 6 (1) (c) of the GDPR),
6. our legitimate interests (Article 6 (1) (f) of the GDPR) described above.

Providing personal data is voluntary, but it is necessary to establish cooperation and service the contract. Refusal to provide personal data will result in the inability to conclude and perform the contract, including answering the question you asked.

6. Do you represent our client or contractor?

If you represent our client, contractor or other entity in contact with us (e.g. your employer, customer or contractor), the data we process about you are contact details related to your function or relationship with the entity on behalf of which you are acting. We have obtained this data directly from you or we have received them from this entity.

Your personal data are processed for the purpose of:

1. compliance with legal obligations imposed upon us, including particularly accounting activities,
2. implementation of a legitimate interest, consisting in ensuring the communication necessary to service and perform the contract concluded with the entity on behalf of which you are acting, providing you with answers to questions, maintaining business contacts, as well as for the establishment, exercise or defence of legal claims.

The legal basis for the processing of your personal data is:

1. fulfilling our obligations imposed upon us (Article 6 (1) (c) of the GDPR),
2. our legitimate interests (Article 6 (1) (f) of the GDPR) described above.

Providing personal data is voluntary, however, it is necessary for the cooperation with the entity you represent. Refusal to provide personal data will result in the inability to maintain contacts necessary for the performance of the contract or answer the question you have asked.

7. Are you contacting us to submit an application?

If you are an applicant, the data we process about you are your contact details, employment history related data, information about your education and professional qualifications. We may also process your data contained in the curriculum vitae (CV). We have obtained this data directly from you. 

Your personal data are processed for the purpose of:

1.  To take steps prior to entering into a contract (conclusion of an employment agreement),
2.  on the basis of your explicit consent if we would like to keep your application on file for future consideration,
3. and to fulfil our legal obligations (registering you as an employee in the social security system).

The legal basis for the processing of your personal data is:

1. the necessity to process them in order to conclude and perform the contract (Article 6 (1) (b) of the GDPR).

Your Personal Data is processed for the purpose of completing the application process. If you do not provide us with your Personal Data, we cannot process your application.

8. Above points do not apply to you and just want to contact us?

Since we want to keep in touch with you, we have created accounts on social media networks where you can visit us and interact with us (e.g. leave a comment, like a post or share it). In this case we process your personal data. Detailed rules for the processing of your personal data can be found in the Social Media Policy published on our social networks:

• Facebook: https://www.facebook.com/StraalPayments/ 
• Youtube: https://www.youtube.com/channel/UC3JkHlMBnqgUSe2siVqrC6g
• Linkedin: https://www.linkedin.com/company/straal
• Twitter: https://twitter.com/straal_

If you only want to contact us, the data we process about you are your contact details and data resulting from your message. We obtained those data directly from you.

Your personal data is processed in order to pursue a legitimate interest, consisting in ensuring the handling of your message and possibly answering questions arising from it.

The legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the GDPR) described above.

Providing personal data is voluntary, but it is necessary for us to deal with your message. Refusal to provide personal data will result in the inability to handle the message sent by you and thus its removal.

3. Recipients of personal data

Your personal data may be transferred to various recipients, in particular:

• entities providing services to us to the extent necessary to achieve the purposes described in this Policy, e.g. accounting services, companies providing IT and technical support, legal and tax consultancy, banking, financial and insurance services, postal and telecommunications operators, destruction and archiving services documents, marketing services, security and security, printing houses, translators, compliance verification (audits), whereby these entities will have access to data only for the purpose of performing their duties and to the extent necessary for completing their tasks,
• other data controllers, when it is necessary to achieve the purposes described above and to the extent necessary for this, including other companies with the Group,
• law enforcement and state authorities, when it results from applicable law, including tax offices in connection with the implementation of tasks related to tax liabilities.

Personal data may be transferred to entities based outside the European Economic Area (EEA), i.e. to Great Britain, where the transfer is necessary to achieve the purposes of personal data processing indicated in the Policy. The transfer of personal data outside the EEA takes place with an adequate level of data protection, required by the provisions of the GDPR, primarily by establishing cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued stating an adequate level of protection.

We offer various payment options such as Google Pay and Apple Pay. For this purpose, your payment data may be transferred to payment service providers with whom we cooperate. For more information on the processing of personal data by payment service providers, please refer to the providers’ privacy policies.

4. Your rights under the General Data Protection Regulation

You have the right to:

Right of Access – right to obtain confirmation of which of your Personal Data is processed and information about it, for instance, which are the purposes of the Processing, what are the conservation periods, among others.

Right to Erasure or „right to be forgotten” – right to erase your Personal Data, provided that there are no valid grounds for its retention, for example in cases where we have to keep the Personal Data to comply with legal obligation or because a court case is in progress.

Right to Data Portability – right to receive the Personal Data you have provided us in a digital format of current use and automatic reading or to request the direct transmission of your Personal Data to another entity that becomes the new responsible for your Personal Data, however only if technically possible.

Right of Rectification – right to request modification of your Personal Data that is inaccurate or request incomplete Personal Data, such as the address, VAT, email, telephone contacts, or others.

Right to object and ADM – When the Processing of Personal Data, including the Processing for the definition of profiles, is exclusively automatic (without human intervention) and may have effects in your legal sphere or significantly affect it, you shall have the right not to remain subject to any decision based on such automatic Processing, except as otherwise provided by law and shall have the right that we take appropriate measures to safeguard its rights and freedoms and legitimate interests, including the right to have human intervention in decision making by us, the right to express its point of view or contest the decision taken on the basis of automated individual information Processing.

Right to Withdraw Consent or Right of Opposition – right to object or withdraw consent at any time to Processing, for example in the case of Processing for marketing purposes, provided that no Legitimate Interests exist prevailing over your interests, rights and freedoms, such as defending a right in a judicial process.

Right of Limitation – right to request the limitation of the Processing of your Personal Data, in the form of: (i) suspension of Processing or (ii) limitation of the scope of Processing to certain categories of Personal Data or purposes of Processing.

Right to complain – right to complain to the supervisory authority, in addition to us.

The period for handling a request is 30 days unless it is a particularly complex request.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

5. Periods of personal data storage

Personal data will be stored, depending on the purpose and legal basis of the processing indicated in Section 2 and in accordance with Straal Instructions for Data Retention and Data Storage. 

• until the consent is withdrawn,
• until a positively considered objection,
• for the duration of the contract, as well as until the expiry of the periods resulting from the relevant legal provisions, i.e. until the expiry of the limitation period for tax obligations related to the contracts, which may be extended, if appropriate, by the period of limitation of civil law claims,
• for the time specified by the provisions of law in the field of accounting and finance,
• for the duration of handling the message sent to us,
• for the duration of the recruitment process,

All personal data will be deleted after the purpose of their processing ceases to exist.

6. Data security

We protect your personal data against unauthorized disclosure, interception of data by unauthorized persons, destruction, loss, damage or alteration, and processing of personal data in a manner inconsistent with the provisions of the GDPR.

In order to secure data, we use technical and organizational measures that meet the requirements of the GDPR, in particular the measures listed in art. 24 and art. 32 GDPR, ensuring the confidentiality, integrity and availability of services for processing the personal data provided.

Our affiliates, trusted partners and external service providers are committed to processing data in accordance with our security and privacy protection requirements.

7. Changes to data protection provisions

We reserve the right to modify this Privacy Policy, so it is always in compliance with the current legal requirements or to implement changes to services in the Privacy Policy, e.g., when introducing new services. In this case, your future visits to our website will be subject to the updated Privacy Policy.

If you have additional questions regarding the processing of your Personal Data, please feel free to contact us directly at [email protected].

Date of the last update of the Policy: 7/12/2023.