Log in
Open a free account

1. Definitions

  1. Administrator, Data Controller – Winners Investments ocp, as, Trade Center I, Mlynské Nivy 73, 821 05 Bratislava, identification number 55111459.
  2. Personal Data – means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  3. Privacy Policy – ​​this privacy policy document.
  4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  5. Website – the website and websites located at: mooninvest.pl
  6. User – a natural person using the Website.

2. Processing of Personal Data

  1. Using the Website and the services offered therein requires the Controller to process Users’ Personal Data. Personal Data is processed to a specific extent and for specific purposes, in accordance with applicable GDPR regulations. The provision of Personal Data by the User is entirely voluntary; however, the provision of some Personal Data is necessary for the Controller to provide services.

3. Purposes and scope of processing Personal Data

  1. Purpose – Use of the Website . When you use the Website, data about you is automatically collected. This data includes, among others: IP address, domain name, browser type, operating system type, the source and medium of website visitor acquisition and their behavior on the website, geographic data, and demographic data. This data may be collected by cookies, Google Analytics, Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), Facebook Analytics provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), and Hotjar provided by Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta). Legal basis: Article 6(1)(b) of the GDPR, Article 6(1)(f) of the GDPR.
  2. Purpose – Proper performance of the contract . If a contract is concluded with the Controller, Personal Data are processed by the Controller for the purpose of its proper performance. Legal basis: Article 6 paragraph 1 letter b of the GDPR, Article 6 paragraph 1 letter c of the GDPR, Article 6 paragraph 1 letter f of the GDPR.
  3. Purpose – Fulfillment of obligations arising from legal provisions . Personal Data are processed to the extent necessary to perform the obligations incumbent on the Controller, arising from applicable law. Such obligations may include, but are not limited to, obligations arising from tax law and accounting law. Legal basis: Article 6 paragraph 1 letter b of the GDPR, Article 6 paragraph 1 letter c of the GDPR, Article 6 paragraph 1 letter f of the GDPR.
  4. Pursuing or defending against claims . The Controller processes Personal Data when legally justified circumstances arise, consisting in the need for the Controller or a third party to pursue claims against the data subject whose Personal Data is processed or to defend against such claims. Legal basis: Article 6(1)(b) of the GDPR, Article 6(1)(c) of the GDPR, Article 6(1)(f) of the GDPR.
  5. Purpose – Newsletter . As part of the Newsletter, the Administrator sends current information regarding offers and promotions to individuals who have provided their email address for this purpose. Sending the information referred to above is dependent on the User’s prior consent in this regard. Consent may be withdrawn at any time by submitting a declaration of withdrawal of consent to the processing of data for the purpose of receiving the Newsletter. Legal basis: Article 6 paragraph 1 letter b of the GDPR, Article 6 paragraph 1 letter f of the GDPR.
  6. Purpose – Marketing . The Administrator sends Users registered on the Website marketing brochures, allowing them to become familiar with ongoing promotional campaigns and current offers. The User may withdraw consent to the use of the email address provided during registration at any time. Legal basis: Article 6 paragraph 1 letter b of the GDPR, Article 6 paragraph 1 letter f of the GDPR.
  7. Purpose – Providing information to Users’ friends . The Administrator may process personal data when Users use the “recommend a friend” option to read information about the Administrator’s offers and promotions. A User who uses the “recommend a friend” option provides the email address of the person to be the recipient of the message and declares that they are providing the email address of that person with their knowledge and consent. In such a case, the person to whom the email was forwarded will receive a message from the Administrator at that email address. The Administrator’s legitimate interest in using the “recommend a friend” option is to provide the recipient with messages, information about offers and promotions that another User believes might be of interest to them. Data shared in this way is not used in any other way by the Administrator or transferred to third parties. After the recipient receives the message, they must confirm that they consent to the use of their email address; otherwise, this data will be immediately deleted by the Administrator. Consent to the use of the provided email address may be withdrawn at any time. Legal basis: Art. 6 sec. 1 lit. b GDPR in relation to the User providing personal data, and art. 6 sec. 1 letter f GDPR in relation to the recipient of the message.

4. Rights of persons whose Personal Data are processed

  1. In accordance with the applicable provisions of the GDPR, the person whose data is processed has the right to:
    • withdrawal of consent to the processing of Personal Data,
    • request access to your Personal Data,
    • request the rectification of your Personal Data,
    • request the deletion of your Personal Data,
    • request to limit the processing of Personal Data,
    • object to the processing of Personal Data,
    • request the transfer of Personal Data.
  2. The right to withdraw consent to the processing of Personal Data. The user has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject is informed of this before consent is given.
  3. The right to access your Personal Data – Article 15 of the GDPR. You have the right to obtain information from the Controller as to whether your Personal Data is being processed. If the Controller processes your personal data, you have the right to:
    • access to personal data,
    • obtain information on the purposes of processing, the categories of Personal Data processed, the recipients or categories of recipients of such data, the planned period of storage of Personal Data or the criteria for determining this period, the rights under the GDPR and the right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union,
    • obtain a copy of your personal data.
  4. The right to rectify Personal Data – Article 16 of the GDPR. The User has the right to request that the Controller immediately rectify the Personal Data being processed. In addition to rectification, the User also has the right to request that the Personal Data be supplemented.
  5. The right to delete personal data – Article 17 of the GDPR. The data subject has the right to request that the Controller immediately delete their Personal Data, and the Controller is obliged to delete personal data without undue delay if one of the following circumstances occurs:
    • personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    • the data subject has withdrawn consent to which the processing is based pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, and there is no other legal ground for the processing;
    • the data subject objects to the processing under Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing under Article 21(2) of the GDPR;
    • personal data were processed unlawfully;
    • personal data must be erased in order to comply with a legal obligation under Union law or the law of the Member State to which the controller is subject;
    • the personal data were collected in connection with the provision of information society services referred to in Article 8(1) of the GDPR.
  6. The right to restrict processing – Article 18 of the GDPR. The data subject has the right to request that the Controller restrict processing in the following cases:
    • The data subject questions the accuracy of the Personal Data – for a period enabling the controller to check the accuracy of such data,
    • the processing is unlawful and the User whose data is being processed opposes the deletion of the Personal Data, requesting instead that their use be restricted,
    • The Controller no longer needs the Personal Data for processing purposes, but they are required by the data subject to establish, pursue or defend legal claims,
    • The data subject has objected to the processing under Article 21(1) of the GDPR – pending determination of whether the legitimate grounds on the part of the Controller override the grounds for objection of the data subject.
  7. The right to request data portability – Article 20 of the GDPR. The data subject has the right to receive the Personal Data concerning them that they have provided to the Controller in a structured, commonly used, and machine-readable format, and has the right to transmit this Personal Data to another controller without hindrance from the Controller to whom the Personal Data has been provided, if:
    • the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR,
    • processing is carried out in an automated manner.
    When exercising the right to data portability under paragraph 1, the User to whom the data relates has the right to request that the Personal Data be sent by the Controller directly to another controller, if technically possible.
  8. The right to object to the processing of Personal Data – Article 21 of the GDPR. The User has the right to object at any time to the processing of Personal Data, including profiling, in connection with:
    • processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by the Personal Data Controller or a third party,
    • processing for direct marketing purposes.

5. Complaint regarding infringement of GDPR provisions

  1. In the event of an infringement of the provisions of the GDPR regarding the processing of Personal Data, the User whose Personal Data are being processed unlawfully is entitled to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement.
  2. In Poland, the supervisory authority within the meaning of the GDPR provisions is the President of the Personal Data Protection Office (PUODO).

6. Cookies

  1. The Administrator uses cookies primarily to:
    • maintaining the User’s session on the Website
    • examining User activity in order to ensure a more intuitive website interface, adapt the appearance and tools of the Website to the User’s needs, better systematize the content contained on the Website, and improve understanding of the functioning of the Website.
    • proper functioning of the Website,
    • ensuring the highest standards of User safety,
    • conducting analyses, research and creating statistics.
  2. Your use of the Website involves the automatic collection of user data – cookies. This data includes, among others: IP address, domain name, browser type, and operating system type. This data may be collected by cookies, Google Analytics, Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), Facebook Analytics provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), and Hotjar provided by Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta). Cookies used for this purpose include primarily:
    • storing visitor preferences – they are used to remember the choices made by users and to recognize them each time the session is started,
    • ensuring the website’s operability – they are used to recognize users of the Website and enable correct navigation on it,
    • Collecting analytical data (user behavior) – anonymous data used to gather information about how users use the Website, as well as to monitor error messages sent to users on the Website. This data includes how users use the Website, which parts of the Website they visit most often, and whether they receive error messages from web pages.
  3. The user may opt out of cookies or delete stored cookies at any time using their web browser settings.

7. Period of processing of Personal Data

  1. Personal Data will be stored for the period necessary to achieve the above-mentioned processing purposes, in particular:
    • for the period necessary to carry out activities related to creating an account on the Moon platform and concluding a contract, in the case of creating an account on the Moon platform or concluding a contract – until its completion, and then in the legitimate interest of the Controller in order to establish and pursue possible claims or to effectively defend against them, or until the obligation to store data resulting from legal provisions expires, in particular the obligation to store accounting (accounting) documents relating to the contract, the obligation to store resulting from the provisions on counteracting money laundering and terrorism financing, provisions on fulfilling international tax obligations and the implementation of FATCA legislation, and the automatic exchange of tax information with other countries.
    • until the consent to processing is withdrawn or until an objection to the processing or the Personal Data being processed is effectively raised.

8. Recipients of Personal Data

  1. The processed personal data may be disclosed to external entities, third parties, including in particular suppliers responsible for the operation of IT systems.
  2. The Administrator reserves the right to transfer selected Personal Data or other collected information about the User to state authorities or third parties who submit a legally justified request to provide such Personal Data or information.

9. Changes to the Privacy Policy

  1. The Administrator reserves the right to change these provisions, security measures, and Personal Data protection if necessary due to technical developments and changes in the law, as well as changes in the content, format, and design of the Website. In such cases, the Privacy Policy will also be adjusted accordingly. Please review the currently applicable version.

10. Contact details

  1. In all matters related to the processing of Personal Data or cookies, contact with the Controller is possible via e-mail: iod@mooninvest.pl or at the correspondence address of the Data Protection Officer Mooninvest Winners Investments ocp, as, Trade Center I, Mlynské Nivy 73, 821 05 Bratislava.
Winners Investments ocp, as
Mlynské Nivy 73, 821 05 Bratislava
Identification number: 55111459

Customer service
biuro@mooninvest.pl
Invest
Retirement Passive income Children's education How it works What are ETFs?
Moon App
Documentation
Privacy Policy Important documents
Latest Post
Copyright © 2026 Winners Investments ocp, as All rights reserved.