8 December 2025
Version 1.2
This Privacy Policy outlines how we collect, use, and protect your personal information when you interact with Damisa (Damisa Technologies Europe sp. z o.o. KRS: 0001088305 and/or Damisa Technologies Pty Ltd ACN: 682 846 966). We also explain what data we collect, how we process it, and what rights you have as a data subject when using Damisa services (directly or indirectly).
We adhere to the EU General Data Protection Regulation (GDPR) and to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). So in this document the term "Data Protection Legislation" and “GDPR” means all applicable legislation relating to privacy or data protection in force from time to time, including the EU General Data Protection Regulation and Australian Privacy Law.
This Privacy Policy applies to all services provided by the Damisa companies to our customers globally and to anyone who uses this website.
Who is the data controller?
The data controller is the entity that decides how your data is processed (e.g. how and for what purpose). In this case, it is:
Damisa Technologies Europe sp. z o.o. (Zelazna 51/53, 00-841 Warsaw) with its registered office in Warsaw, email address: privacy@damisa.xyz or
Damisa Technologies Pty Ltd with its registered office in Surry Hills, Australia, email address: privacy@damisa.xyz
In connection with the GDPR regulations to ensure complete data processing compliance, we have also appointed a data protection officer (“DPO”), i.e. a person responsible for supervising the security of data processing and fulfilling the obligations imposed on the controller. You can contact the data protection officer (Bartosz Kapuscinski) via the postal or e-mail address given above.
What personal data will be collected?
Personal Data (also referred to as Personal Information) is any information or opinion about you that is reasonably capable of identifying you, regardless of whether the information or opinion is true or not and how it is recorded.
The personal data we may collect, either from you or from third parties, and hold includes:
name, residential or postal address, email address, date of birth, telephone numbers
information contained on identification documents where we require to verify your identity such as passport, driver’s licence and other government-issued identification numbers
occupation, employment history and education history
tax identification numbers (excluding Australian Tax File Numbers)
bank account details
other financial information you provide to us or authorise us to access from third parties
Internet Protocol (IP) addresses and unique device identifiers and other data about the device you are using (web-browser, operating system etc.) when you use our website and/or platform and via electronic signing platforms (for example, DocuSign)
details of your interactions with us, and any other information you give to us as a result of our dealings with you.
We will not collect, use, or disclose sensitive information about you unless we need the information for one of our functions or activities and we have your consent (or we are legally required to do so).
Sensitive information is personal data/information about a person’s racial or ethnic origin, political opinion, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, genetic information, or health information.
Where do we get personal data from?
We may collect personal information directly from you when you:
apply for a product or service
submit electronic or hard copy forms with us
participate in a phone or video conference call with us
email or otherwise correspond with us, and
visit our website.
We may collect information about you from others such as:
our service providers
regulator databases
public sources such as public domain websites.
Purposes for which we collect personal data/information
We collect personal information for the purpose of providing our products and services and undertaking our obligations and for any of the following purposes:
to comply with our legal and regulatory obligations when we provide our services to you, such as to identify you as required under anti money laundering laws
to carry out or facilitate client instructions or responding to client queries or requests
to manage accounts and perform other administrative and operational tasks (including risk management, systems development and testing, staff training and market or customer satisfaction research)
to consider any concerns or complaints you raise against us and/or to manage any legal action between you and us
to prevent or investigate any actual or suspected fraud, unlawful activity or misconduct.
personalizing your experience on our website and
to send you information about our services and products.
Direct Marketing
We may use your personal details to provide you with newsletters and information about products, services or other events that may be of interest to you.
If you do not wish to receive direct marketing information, you can contact the Privacy Officer at privacy@damisa.xyz or you can click the unsubscribe link within any marketing emails you receive from us and we will take steps to ensure that you do not receive any direct marketing information in future.
Is it obligatory to provide us with your data?
No, of course not. But failure to provide data may result in the impossibility of providing the service.
What rights do you have for personal data?
You have the right to request access to, or correction of, your personal information.
If you are located in the European Union or United Kingdom, you also have the right to:
Withdraw consent at any time (where processing is based on consent)
Request erasure of your personal data (“right to be forgotten”)
Restrict or object to processing
Request data portability, and
Lodge a complaint with your local supervisory authority.
All requests are reviewed and actioned by our privacy officer or data protection officer in accordance with our privacy compliance plan and applicable privacy laws.
You may request details of personal data we hold about you. You have the following rights:
access to your personal data and know the origin of the data, the purpose of processing, as well as information about the data controller, processing entities (subcontractors and the entities to which they can be disclosed)
updating or correcting your personal data
(If you are located in the EU or United Kingdom):
deletion of your personal data if there is no basis for further processing
opt out from analytics tracking (withdraw your consent at any time, if personal data is processed on the basis of consent, but the withdrawal of consent does not affect the correctness of processing before its cancellation)
limitations of the processing of your personal data in a situation when the law allows it (e.g. in the course of handling complaints)
obtain your personal data in an electronic format for your own needs or another controller.
The above rights may be exercised by emailing our Privacy Officer at privacy@damisa.xyz
Are we using profiling or automatic decision-making tools?
We use automated processes to check that your application to access Damisa services and your use of Damisa services meet our required standard, including verifying your identity, your business information and to help prevent fraud or other illegal activities. These processes may make an automated decision to reject your application or a proposed transaction, to block a suspicious attempt to log into your Damisa account, or to close your account. If this happens, you will be notified and offered the opportunity to request further information about how the decision was reached and request a manual review. If you feel that an automated process may have impacted you, please contact privacy@damisa.xyz
If we, a fraud prevention agency, or other third parties providing fraud prevention services determine that a fraud or money laundering risk is posed, we may refuse to provide the services requested or we may stop providing existing products and services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, or these other third parties, and may result in others refusing to provide services, financing or employment to you.
Who will have access to personal data?
We may share your personal data with trusted third-party service providers and partners such as:
our service providers and partners who support our operations (eg, cloud hosting, data verification, payment processing and compliance support). However, we do not authorise them to use or disclose such information other than to perform certain services on our behalf or to comply with legal requirements
our representatives and advisors, including lawyers and accountants
auditors we appoint to ensure the integrity of our operations
financial institutions, payment networks, and foreign exchange partners
any person acting on your behalf, including your solicitor, accountant, executor, administrator, guardian or attorney
government agencies, regulatory bodies and law enforcement agencies, or as required by law.
Data transfers
Our service is provided on a global platform. To offer our services, we may need to process and/or transfer your information among several countries including in particular the European Economic Area (EEA), the UK, and Australia.
We will ensure that such transfer is in accordance with our obligations under Data Protection Legislation. For example, a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:
we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or Australia, or
with whom we have put in place appropriate measures to ensure that data is adequately protected which will usually include use of approved standard contractual clauses.
Quality of your personal data
We will take reasonable steps to ensure that your personal data is accurate, complete and current.
We will take reasonable steps to destroy or permanently de-identify your personal data, if it is no longer needed for any purpose for which the information may be used or disclosed under the Use and Disclosure section of this policy.
Security of your personal data
Damisa is committed to ensuring the information you provide to us is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.
The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.
What are cookies?
Cookies are simple text files that are stored on your computer or mobile device by a website’s server. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier, website’s domain name, and some digits and numbers.
What types of cookies do we use?
Necessary cookies
Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our website and using its features. For example, these cookies let us recognize that you have created an account and have logged into that account.
Functionality cookies
Functionality cookies let us operate the site in accordance with the choices you make. For example, we will recognize your username and remember how you customized the site during future visits.
Analytical cookies
These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use the website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the website.
How to delete cookies?
If you want to restrict or block the cookies that are set by our website, you can do so through your browser setting.
Making a privacy complaint
If you have a concern about the way we handle your personal information, please contact our Privacy Officer in the first instance at privacy@damisa.xyz
Complaints received by the Privacy Officer will be dealt with fairly and in a timely manner considering all the circumstances of the complaint. In most cases, we expect that complaints will be investigated, and a response provided within 30 days. If the matter is more complex and we need more time to complete our investigation, we will advise you of this.
If you believe we have not adequately dealt with your complaint, you may contact the relevant data protection authority:
if you reside in the EEA: (more info here https://uodo.gov.pl/pl/83/155 )
if you reside in Australia: the Privacy Commissioner, details available at www.oaic.gov.au
Changes to this Privacy Policy
We reserve the right to update or change this Privacy Policy at any time. Any changes will be posted on this page, and the effective date will be updated accordingly. We encourage you to review this Privacy Policy periodically for any updates.
