Privacy Policy & GDPR

1. Introduction & Scope

Simha Fintech sp. z o.o. ("we", "us", or "our") respects your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Polish laws. This policy explains how we collect, process, manage, and safeguard your data when you visit our website or utilize our B2B exchange and custody infrastructure.

2. Data Controller Information

The Data Controller for any personal information processed under this policy is:
Simha Fintech sp. z o.o.
KRS: 0001017042
Registered Address: Kraków, Poland
For all privacy-related inquiries, contact our Data Protection Officer (DPO) at: privacy@simhafintech.com.

3. Data Collection Minimalization

We adhere strictly to data minimization principles. We collect only what is legally necessary to onboard B2B enterprise entities and what is required to fulfill our strict AML/KYC regulatory obligations. We do not sell user data to third-party marketing firms under any circumstances. Data collected during the corporate due diligence process is encrypted and stored exclusively on secure servers located within the European Economic Area (EEA).

4. Your Rights Under GDPR

As a Data Subject, you possess the right to:

• Request access to your personal data.
• Request correction or erasure of your data (the "Right to be Forgotten"), subject to our overriding legal or regulatory retention obligations regarding financial transactions.
• Object to processing or request restriction of processing.
• Data portability.

5. Data Retention

Personal and corporate data collected for AML/KYC purposes is legally required to be retained for a minimum of 5 years following the cessation of the business relationship, as mandated by the Fifth Anti-Money Laundering Directive (5AMLD). Server logs and anonymized telemetry data are purged automatically after 90 days.