1. Personal data
   Personal data are your basic data, such as your given name and surname. In order to provide salary financing services, we also need your date of birth (which allows your
   unique identification), and in the case of financial services (e.g., loans), we also require your PESEL number (or country of birth), nationality, number and series of your identity document, and your residential address. We are obliged to collect those data by anti-money laundering regulations. In other cases, it might be necessary to collect other data as well, such as your NIP number (tax ID).
2. Contact details
   Contact details are information that allows us to contact you directly. These are, above all, your phone number and email address. Sometimes, these data may include your mailing address (e.g., if the correspondence is sent using traditional methods), your residential address or your business address.
3. Data concerning the history of your cooperation with Symmetrical We store information about the agreements that bind us, the related settlement of accounts, incurred expenses and about any possible complaints.
4. Economic and payment data
   Usually, this is the number of the payment account you use for the purposes of settling accounts with Symmetrical, but it can also be other information, e.g., in the case of salary financing services or financial services, we may collect information on your income, expenses, property or, e.g., the number of your dependents. We may also collect similar information for people with whom you share a household.
5. Employment data
   This is information about your employment and cooperation with ordering parties (regardless of its legal basis). This information concerns your seniority, type, and terms and conditions of your contract, your position, and method in which your salary is calculated.
6. Location data
   If you use our salary financing services, and more specifically the service that enables you to register your working time, we will obtain information about your location through your device. These data are necessary to confirm your presence at work.
7. Correspondence history and conversation recordings
   We strive to archive our correspondence and thus we will store all emails and letters exchanged with you. We may also record our phone conversations (which you will always be informed of before we start recording). In such a case, we will store the recording as well.
8. Device data
   The use of our website or mobile application enables us to obtain information on the device that you use. We collect that information to optimize our services and monitor issues related to IT security.
9. Data from third-party databases
   In specific situations, we use third-party databases which enable us to supplement your data that we already have. We obtain your relevant consent which allows us to, e.g., inquire at the economic information bureau about any possible bills or loan payments that you may be overdue with.
10. Other data required under legal regulations
    Legal regulations impose numerous obligations on us with regard to certain situations, e.g., in the case of employment contracts, we must collect data provided for in the Labor Code. Therefore, in the case of many agreements, we will collect data not only for our own purposes, but also in relation to legal requirements and requirements imposed on us by authorities that supervise our activity.

1. Salary financing services
   In order to conclude and perform the agreement concerning salary financing services, we can process your data without your consent. The fact that you are requesting to conclude or are concluding an agreement is sufficient to do so. It should be emphasized that in this case, the data is used for the purposes of negotiating, preparing and concluding the agreement, and to ensure its efficient performance, e.g., by ensuring the possibility of unique identification. That purpose of processing concerns both Symmetrical Labs and Financials.
2. Financial products (limit, loan)
   Our mobile application enables you to use financial services, and for this purpose we will process your data that enable us to conclude such an agreement. The scope of such data is usually broader than in the case of just salary financing services, but as in that case, the processing is based on the necessity to conclude and perform the agreement. This purpose applies to Symmetrical Financials, the entity that provides you with financial services.
3. Verification of creditworthiness and credit standing
   If you are applying for access to financial products and during the period of the agreement concluded with us with regard to such a product, considering valid legal regulations (the Consumer Credit Act requires us to verify the lender’s credit standing), the necessary conclusion and performance of the agreement, our legitimate interest as the controller of your data, we will verify and monitor your credit standing and creditworthiness, i.e., we will check whether you are able to pay loan installments and whether you actually pay off your debts. This purpose applies to Symmetrical Labs (as the collection and monitoring of such information is a functionality of our mobile application available to financial partners) and Symmetrical Financials.
4. Quality testing
   As we want to improve our services, we strive to monitor their quality on an ongoing basis. Therefore, your data may be processed for the purposes of testing the quality of services. Having your convenience in mind, we will ask for your consent and the preferred contact channel with regard to this matter.
5. Marketing purposes
   Sometimes we want to provide you with information on our services, present new releases or encourage you to use our mobile application. In such a case, the data are processed for a marketing purpose on the basis of our legitimate interest as a data controller, but you have the right to object to such processing. Additionally, wherever it is possible, we try to ask for your consent and the preferred channel of contact to ensure that you find the cooperation with Symmetrical highly convenient.
6. Correspondence exchange, newsletter
   We collect your data that is necessary for sending our correspondence, usually in response to your interest in our services or inquiries concerning our services via our website, application (in particular via the contact form in the app), electronic mail and personally.
7. Performance of agreements
   In order to conclude and perform other agreements than those concluded with our clients, such as employment contracts, service or goods delivery contracts, lease agreements, we process the data of parties to such agreements and their representatives.
8. Assertion of claims and defense against claims
   As the data controller, we have the right to process your data for the purposes of asserting our claims or defending against your claims. It is our legitimate purpose and it does not require your consent.
9. Fulfillment of obligations under legal regulations
   We also collect personal data to fulfill our obligations resulting from legal regulations, which are primarily related to the Accounting Act (the requirement to store accounting records and agreements) and the Act on Counteracting Money Laundering and Financing of Terrorism (the requirement to store agreements and documents related to the identification of clients using financial services).

1. Information obtained directly from you You provide us with your data directly, e.g., by filling in forms, agreement documents, or exchanging correspondence with us. We may also ask you to confirm your data that we obtained from another source. The data you provide us with are necessary for the achievement of the purposes for which they are collected. Their provision is voluntary, but if you do not provide such data, we will be unable to achieve the intended purpose or its achievement will be hindered.
2. Employer / ordering party
   We receive data from your employer or ordering party, in particular in the course of providing salary financing services, but also in other cases (e.g., when your employer is our contracting party and provides us with goods or services). In the case of salary financing services, the data is provided with your consent. The consent is voluntary, but it is necessary to use our services.
3. Symmetrical Group
   Our companies exchange your data for administrative purposes (we handle our correspondence, manage our finances, financial reporting, personal data protection and compliance risk jointly) and to provide services, in particular the salary financing services for which Symmetrical Labs is the provider of technology and data, while Symmetrical Financials is the provider of capital and financial services (as a credit intermediary or lender).
4. Internal databases
   With regard to the salary financing services, we supplement your data with information obtained, with your consent, from specialized databases, e.g., from economic information bureaus. These are usually data regarding your economic situation and creditworthiness as well as information which allows us to effectively manage the security of our products (e.g., information from databases on IT security incidents or devices/addresses used in fraudulent activities).

1. Symmetrical Group entities

   Data is exchanged within the Symmetrical group in relation to the joint use of many services, sharing the IT infrastructure, offices, etc. In the course of our operations, which in particular concern the handling of correspondence, financial reporting, or joint management of personal data security and compliance risk, data that is necessary for the performance of such operations might be exchanged between particular companies within the group.

2. Financial and insurance service providers

   If, using the mobile application, you express your wish to use the services of a financial institution (please note that one of those institutions might be Symmetrical Financials) or an insurance company, your data that is required for the conclusion of the agreement will be transferred to such entities. The recipient of your data should advise you about the personal data processing policy that they follow (if they have not done so beforehand).

3. Employers / ordering parties
   In the course of using the salary financing services, we exchange your data with the employer or ordering party within a scope necessary for the correct functioning of such services. Therefore, your employer might receive information on the amount of your liabilities that should be deducted from your salary or a request to confirm the data that you provided us with directly.
4. Subcontractors (especially technical subcontractors)
   On the basis of data processing agreements, we transfer the data to our providers of various services, the most important of which are Amazon Web Services (this service enables the functioning of our system used for the provision of salary financing services) and Google GSuite / Google Firebase (we use these services to send push notifications, emails with notifications or documents that are required in the course of service provision). Our subcontractors process data within Europe and observe the highest security standards with regard to the data entrusted to them.
5. Third-party databases
   In certain strictly defined situations, we may retransfer to economic information bureaus the information on (for example) how you repay your debt due to Symmetrical. Such situations are regulated by law and you will be notified if such a retransfer is to take place.
6. Public offices and state institutions
   Legal regulations oblige us to transfer data to various state institutions. Such a transfer may be conducted without your consent or knowledge. This remains beyond our control, but we will
   always use our best efforts to verify the correctness of such transfers and to only transfer the required data in a secure manner that ensures the confidentiality of your data.

1. You have the right to access your data, that is you can inquire about which of your data we process. Moreover, you can inquire about the source of such data, our subcontractors that have access to such data and other controllers that had access thereto. You can ask for a copy of your data (including an electronic copy), which will be sent to you or to a controller indicated by you.
2. You have the right to withdraw your consent for data processing (if you have granted such consent), but it will not affect the correctness of data processing before such withdrawal. You may not withdraw your consent for data processing if the data are processed on a basis other than your consent (e.g., under legal requirements).
3. You are also entitled to object to the processing of your data for marketing purposes if in your case such processing is based on our legitimate interest, i.e., without asking for your consent.
4. You have the right to update your data or report that they need to be corrected.
5. You have the right to request that your data be removed, but only if we are not obligated to the further processing thereof (in connection to an agreement or legal regulations).
6. You have the right to request that the processing of your data be restricted if there is any doubt as to the correctness of such processing (e.g., when you submit a complaint questioning the conclusion of the agreement).
7. You have the right to lodge a complaint with the Personal Data Protection Office (www.uodo.gov.pl).

1. Salary financing services
   Due to the nature of the provided services, in consideration of the requirements provided for by the Accountancy Act and the applicable statutory claim limitation period, we decided that data will be stored for 6 years as of the termination of the salary financing services agreement. If you submit any claims or complaints, that storage period may be extended. If for any reason no agreement was concluded, we will store the data for 6 years as of their obtainment.
2. Business partners/associates and their representatives Due to the nature of the provided services, in consideration of the requirements provided for by the Accountancy Act and the applicable statutory claim limitation period, we decided that data will be stored for 6 years as of the later of the following events: completion or termination of the agreement between us, as of the last transaction, or as of the submission of any claim / complaint.
3. Correspondence
   We do our best to remove the data of people with whom we exchange correspondence that is unrelated to the concluded agreements on an ongoing basis, at least once a year.
4. Job candidates
   We do our best to remove the data of people with whom we have not started cooperation on an ongoing basis, at least once a year.
5. Employees
   We store employee data within the terms prescribed by the applicable labor law regulations.

We would also like to clarify that the obligation to remove data means that we remove data which allows the unique identification of you as a natural person. However, anonymized data
(i.e., data which does not contain such data as your given name, surname, PESEL number, phone number, etc.) may be further stored for statistical and research purposes, and for the purposes of enhancing our services.