Login
Create an account
Rules
10. Privacy Policy
Last updated: 4 November 2025
Intro
IOOI Sp. z O.O (“PocketBank” or “we”) welcomes you. This Privacy Notice (“Privacy Notice”) applies to our Website https://pocketbank.net/ (the “Service”). The Privacy Notice describes which of your personal data PocketBank collects, how stores, processes, and uses it, and what happens when you use the Service.
About us
We are the controller of your personal data processed through the Service. This means that we determine the purposes and means of personal data processing. Pay attention that you can fall into several categories depending on your actions.
| Name | IOOI Sp. z O.O |
|---|---|
| Registration number | 525273421 |
| Address | Gęsia 8/205, 31-535 Kraków, Polska |
| support@pocketbank.net – for general and privacy inquiries |
About you
When you visit the Service, you become our user (“User”). We divide the Users into categories so you can easily find details about the processing of your personal data.
| Type of User | Description |
|---|---|
| Visitor | User who visits the Website |
| User | User who registers with the Service |
| Other Requester | User who fills out the “Contact us” form on another topic; User who contacts us via Telegram or email |
Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or the legal representative of such a User, please contact us.
Personal data
Sources of data
We receive your data when you visit the Service and interact with it, depending on your actions on the Service. Additionally, we may receive your data when you contact us via Telegram or email.
You can change your personal data by exercising your right to rectification or by the Service functionality. Please note that the same lawful basis and storage terms apply to the changed data.
We may also (although we do not necessarily do so) receive data from third parties. It depends on your settings and the features you use.
Lawful bases for processing
To process your personal data, we rely on the following lawful bases:
- performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Service) with you;
- legitimate interest — for the processing necessary at the development of our services, taking into consideration your interests, rights, and expectations;
- legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorised public body;
- consent — for additional specific purposes.
Visitors’ data
When you use the Website as the Visitor, we collect some data automatically. We need technical data to operate, support, and improve the Website’s functionality.
| Data | Description | Reasons for processing | Lawful basis |
|---|---|---|---|
| Necessary technical data | Information about your operating system, device type, browser name and version | The smooth operation of the Website | Performance of the contract |
| Necessary cookies | Information that is necessary for the operation of the Website | Improving your experience of using the Website | Performance of the contract |
| Marketing cookies | Marketing information used to match relevant advertising to you | Marketing | Consent |
| Preference cookies | Information necessary for operating some services on the Website | The operation of some services on the Website | Consent |
| Statistics cookies | Information that helps us to understand how you interact with the Website by collecting and reporting information | Improvement of the Website and analysis of the statistic for other purposes | Consent |
Data storage
| Data | Storage period |
|---|---|
| Necessary technical data | Stored during the use of the Website and for 5 years from the last visit. |
| Cookies | Stored during the expiry period provided in our Cookie Policy. |
Registration data
When you register an account and start to use our service, we collect or assign the data to enable you access and correct work of the Service.
| Data | Reasons for processing | Lawful basis |
|---|---|---|
| Name, surname | Register and fill the account | Performance of the contract |
| Register and fill the account | Performance of the contract | |
| Phone number | Register and fill the account | Performance of the contract |
| User ID | Register and fill the account | Performance of the contract |
Data storage
Data that is processed based on performance of the contract: Stored for 5 years from the last interaction.
General technical data
This section includes information collected for maintaining and optimising the technical aspects of the service, such as device information, browser details, and session logs. This data helps ensure the smooth functioning and security of the service.
| Data | Reasons for processing | Lawful basis |
|---|---|---|
| IP | IP address from which the request originated. | Legitimate interest |
| User Id | Unique identifier for the user. | Performance of a contract |
| Browser Info | Information about the user's browser. | Performance of a contract |
| Event ID | Unique identifier for the audit event. | Performance of a contract |
| Creation Time | Timestamp indicating when the audit event occurred. | Performance of a contract |
| Action type | Indicates if the audit event is an administrative action. | Legitimate interest |
| Settings | Indicates if the user associated with the audit event is muted. | Performance of a contract |
| Event type | Type of audit event (e.g., login, logout, data access). | Performance of a contract |
| User Agent | User agent information associated with the audit event (e.g., browser, device). | Legitimate interest |
Data storage
Data based on performance of the contract: Stored for 5 years from the last interaction.
Data based on legitimate interest: Stored for 5 years from the last interaction, if you do not object.
Account data
Account data consists of information related to user accounts, including registration details, authentication records, and account preferences. This data is essential for user access and customization of the service.
| Data | Description | Lawful basis |
|---|---|---|
| AML status | Indicates if AML (Anti-Money Laundering) is enabled for the user’s transactions. | Legal obligation |
| Company Name | Name of the company associated with the user. | Performance of a contract |
| Creation time | Timestamp indicating when the user account was created. | Performance of a contract |
| Email address of the user. | Performance of a contract | |
| Name and surname | Name of the user. | Legitimate interest |
| Group Id | Identifier for the group associated with the user. | Performance of a contract |
| Locale | Locale settings for the user. | Legitimate interest |
| Timestamp | Timestamp indicating when the user account was last modified. | Legal obligation |
| OIDC Provider | OpenID Connect (OIDC) provider type associated with the user. | Performance of a contract |
| Password hash | Password associated with the user. | Performance of a contract |
| Phone | Phone number associated with the user. | Performance of a contract |
| Referral data | Referral code associated with the user. Identifier for the user who referred this user. | Legitimate interest |
| Registration IP | IP address from which the user registered. | Legitimate interest |
| UserType | Type of user account. | Performance of a contract |
| Verification Level | Level of verification for the user. | Legal obligation |
Data storage
Data based on legal obligation: Stored for 5 years from the collection.
Data based on performance of the contract: Stored for 5 years from the last interaction.
Usage data
Usage data encompasses information about how users interact with the service, including pages visited, actions performed, and duration of sessions. This data aids in understanding user behaviour and improving the service based on usage patterns.
| Data | Description | Lawful basis |
|---|---|---|
| Password_log | Password-related actions: password forgotten, changed, incorrect login attempt, and attempts counter reset. | Performance of the contract |
| Email_log | Contact information updates: email and phone number changes. | Performance of the contract |
| Account status | Account security actions: temporary freezing, blocking, excessive login attempts, and unblocking. | Performance of the contract |
| Verification status | Account verification and completion: confirmation of signup, phone verification, and completion of KYC process. | Performance of the contract |
| History of changes | Account profile updates: changes in user type or role, and updates to associated names. | Performance of the contract |
Data storage
Data based on performance of a contract: Stored for 5 years from the end of service usage.
Сrypto exchange process
Data related to cryptocurrency exchange processes, including transaction history, exchange rates, and wallet information. This data is necessary for executing and monitoring cryptocurrency transactions securely.
| Data | Description | Lawful basis |
|---|---|---|
| UniqueID | Unique identifier for the transaction. | Performance of the contract |
| Amount | Amount of the transaction. | Performance of the contract |
| Creation time | Timestamp indicating when the transaction was created. | Performance of the contract |
| Currency | Currency type of the transaction. | Performance of the contract |
| Timestamp data | Timestamp indicating when the transaction expires. Timestamp indicating the last update time of the transaction. | Performance of the contract |
| Transaction Name | Name associated with the transaction. | Performance of the contract |
| Status | Status of the checkout. | Performance of the contract |
| Transaction type | Type of the transaction. | Performance of the contract |
| User Id | Identifier for the user associated with the transaction. | Performance of the contract |
Data storage
Data based on performance of a contract: Stored for 5 years from the end of service usage.
Notification and marketing data
Information gathered for managing communication with users, including email preferences, notification settings, and marketing analytics. This data helps in delivering relevant updates and promotions to users.
| Data | Description | Lawful basis |
|---|---|---|
| Location | To inform you about useful information, promos and other activities | Consent |
| To send you emails related to the usage of the Service | Legitimate interest | |
| History of interaction | Analyse and improve service | Legitimate interest |
| Data received from 3rd parties | Analyse and improve service | Legitimate interest, Consent |
Data storage
Data based on legitimate interest: Stored for 5 years from the last interaction, if you do not object.
Data based on consent: Stored for 5 years from collection, if you do not withdraw consent.
Third-party providers
We use 3rd-party providers for our marketing activities. Here you can see the list and read how we involve them.
| Name | Description |
|---|---|
| Google tag manager | Google service that allows quickly and easily updating measurement codes and related code fragments collectively known as tags on your website or mobile app. Please see details at Privacy Notice. |
Report and customer support data
Data collected during customer support interactions, including issue reports, support tickets, and user feedback. This data is vital for resolving user queries and improving the overall service experience.
| Data | Reasons for processing | Lawful basis |
|---|---|---|
| User ID | To identify the user | Performance of a contract |
| Request data | Understand and complete your request | Performance of a contract |
Data storage
Data based on performance of a contract: Stored for 5 years from the end of service usage.
Data received from third parties
We may receive some personal data from third parties. The amount of data collected, the purposes, and the lawful basis for processing is determined by the respective privacy documents of these third parties.
| Party name | Type of data | Reasons for processing |
|---|---|---|
| Google analytics | User behaviour, Contact Information | Analytics and monitoring |
| Google Search Console | User behaviour on the site, Demographic Information | Improving user experience |
| Calendly | Interests and preferences, Communication preferences | Personal connection with clients |
| Hotjar | Session Recordings, Surveys and Polls, Chat history | Evaluating the effectiveness of email marketing |
| Zoho Live Chat | Purchase and transaction data | Integration with external services, Brand reputation monitoring |
Data storage
| Legal basis | Term |
|---|---|
| Legitimate interest | 5 years from the last interaction, if you do not object. |
| Сonsent | 5 years from collection, if you do not withdraw consent. |
Data sharing with third parties
We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organisational and technical measures to ensure the security of personal data during data transfer to third-party.
| Third parties | Description |
|---|---|
| Analytics tools | We use analytics tools to understand and promote our business. |
| Messengers | We use messengers to communicate with you in ways that are convenient for you. |
| Contractors, services providers on Service | We cooperate with service providers and contractors to provide you with their services, operate, develop and improve the features and functionality of the Service, fulfil your support requests, complete payment transactions, etс. |
| Providers of the services our team use | We use CRM systems, messengers, and other services in our organisation to provide you with our services. |
| State authorities, courts, law enforcement agencies, etc | We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies: to comply with a government request, court order, or applicable law; to prevent unlawful use of the Service; to protect against claims of third parties; to help prevent or investigate fraud. |
To get a detailed list of the third-party recipients of your personal data, contact us.
To share your data, we rely on the following lawful bases, depending on the case: consent, compliance with the law, and performance of a contract.
Data transfer outside the European Economic Area
The data is stored in Germany by default, but we may need to process your personal data in another country.
If there is no adequate decision by the European Commission regarding the country we transfer data to, we use the adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
If there is an adequate decision by the European Commission regarding the country we transfer data to, we can transfer personal data to that third country without any further safeguard being necessary.
You can read more detailed measures to protect your personal data here.
Data protection
We are regularly certified by ISO 27001 Standard. We apply a variety of security measures appropriate to the possible risks.
Organisational measures
- Staff training
- Internal policies and instructions
- Non-disclosure agreements (NDA)
- Transfer protection
Physical measures
- Video monitoring
- Signalling
- Limited access to premises
- Round the clock security
Technical measures
- Two-factor authentication
- Backups
- Firewalls
- Encryption technologies
Data subjects rights
You, as a data subject (individual), have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them depending on your residency.
European Economic Area residents
You, as a data subject, have the right to interact with its data directly or through a request to us. This section describes these rights and how you can exercise them:
| Right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you could file a complaint to the regulatory body. |
To exercise your rights, contact us. If your request was not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here.
Cookies
We use cookies that are needed for the website’s operation. By using cookies, we receive automatically collected data. You can read more in the Cookie Policy.
If you want to turn off cookies, you can find instructions for managing your browser settings at these links:
- Internet Explorer
- Firefox
- Chrome
- Opera
- Microsoft Edge
- Vivaldi
- Safari
- Brave
Privacy Notice updates
This Privacy Notice is developed according to the General Data Protection Regulation, other applicable privacy laws, and best privacy practices.
Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice.
If there are material changes to the Privacy Notice or the Service that affect your data privacy rights, we will notify you by displaying information via the Service and, if necessary, ask for your consent.
News
See all
- 14 Jun 2026
Europol Shuts Down AudiA6: $389M Laundered Through Crypto Service
- 13 Jun 2026
Ukraine Finalizes Crypto Law in August
- 12 Jun 2026
Citigroup Launches Trading in Tokenized Shares