Privacy Policy

Last updated: May 20, 2026

1. Who we are

Banqua Sp. z o.o. ("Banqua", "we", "us", "our") is the data controller for personal data processed through banqua.io and related services. We are a company registered in Poland at Ul. Prezydenta Gabriela Narutowicza 40, 90-135, Łódź, Poland, registered under KRS number 0000979410.

For privacy questions or to exercise your rights, contact us at legal@banqua.io. If we have appointed a Data Protection Officer, their contact details are Not applicable.

2. What this policy covers

This policy explains what personal data we collect when you visit our website, open an account, or use our trading services, how we use it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR) and Polish data protection law.

3. The data we collect

Depending on how you interact with us, we may collect:

• Identity and contact data — name, date of birth, nationality, residential address, email, phone number, government-issued ID, proof of address, and a selfie or liveness check for identity verification.
• Financial data — source of funds, employment status, trading experience, and bank or wallet details for funding and withdrawals.
• Trading data — orders, positions, transactions, balances, and account activity.
• Technical data — IP address, device identifiers, browser type, operating system, and language settings.
• Usage data — pages visited, features used, and timestamps.
• Communications — emails, chat messages, and support tickets, including recordings of any calls (where permitted by law and disclosed in advance).

4. Why we use your data and the legal basis

• To open and operate your account — performance of our contract with you (GDPR Art. 6(1)(b)).
• To meet anti-money-laundering, sanctions, tax, and other regulatory obligations — compliance with legal obligations (GDPR Art. 6(1)(c)).
• To detect and prevent fraud, abuse, and security incidents — our legitimate interests in protecting Banqua, our clients, and partner brokers (GDPR Art. 6(1)(f)).
• To send service-related communications — performance of contract or legitimate interest.
• To send marketing communications — your consent, which you can withdraw at any time (GDPR Art. 6(1)(a)).
• To improve our products — our legitimate interest in understanding how the service is used.

5. Who we share data with

We share personal data only when we need to, and only with parties that have appropriate safeguards in place:

• Partner brokers — the regulated third-party brokerages that execute and clear your trades.
• Service providers — KYC and identity-verification vendors, cloud hosting, analytics, customer support tooling, fraud-detection providers.
• Regulators, tax authorities, and law enforcement — where we are required by law to disclose information.
• Professional advisers — auditors, lawyers, and accountants under duty of confidentiality.

A current list of our key sub-processors is available on request at legal@banqua.io.

6. International transfers

Some of our service providers are located outside the European Economic Area. Where this is the case, we rely on safeguards approved under GDPR — typically the European Commission's Standard Contractual Clauses — to protect your data. You can request a copy of these safeguards by contacting us.

7. How long we keep data

We retain personal data only as long as needed for the purposes set out above. In practice, AML and trading records are kept for at least 5 years (per the Polish AML Act) from the end of the client relationship. Marketing data is kept until you withdraw consent. Technical logs are kept for a shorter period appropriate to their purpose.

8. Your rights

Under GDPR you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Request erasure of your data, subject to our legal retention obligations.
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with the Polish Data Protection Authority (UODO) at uodo.gov.pl.

To exercise any of these rights, contact us at legal@banqua.io. We will respond within one month.

9. Cookies and tracking

We use cookies and similar technologies to operate the site, remember your preferences, measure usage, and (with your consent) deliver marketing. You can manage your preferences in our cookie banner or through your browser settings. For full details, see our cookie banner settings.

10. Security

We use industry-standard technical and organisational measures to protect your personal data — including encryption in transit and at rest, access controls, and regular security reviews. No system is perfectly secure, and we cannot guarantee that data transmitted to us will be free from unauthorised access.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the site or by email before they take effect.

12. Contact

Banqua Sp. z o.o., Ul. Prezydenta Gabriela Narutowicza 40, 90-135, Łódź, Poland. Privacy contact: legal@banqua.io.