Information regarding the Data Processing and Privacy Policy and the use of cookies on the website

Policy: above Policy for processing personal data in the companies of Exorigo-Upos Capital Group.

Joint controllers: Joint controllers of your personal data, i.e. entities that jointly determine the purposes and means of processing are: Exorigo-Upos S.A., FINTURE Sp. z o.o. and FINTURE AI Sp. z o.o., hereinafter jointly referred to as Joint controllers. Companies' contact details are common: Skierniewicka 10A street, 01-230 Warsaw. Joint controllers will be hereinafter referred to as Exorigo-Upos or Joint controllers.

RODO: Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection).

The data subject: every natural person whose personal data is processed by the Joint controllers in connection with the activity carried out by them.


As part of the co-administration agreement, the Joint controllers agreed on the scope of their responsibility regarding the fulfilment of obligations under the GDPR, in particular:

  • for fulfilling the disclosure obligations arising from the GDPR in relation to providing information referred to in art. 13 and 14 is the responsibility of Exorigo-Upos S.A .;
  • Exorigo-Upos S.A. is responsible for fulfilling the obligations arising from the GDPR in relation to the exercise of your rights. Regardless of this arrangement, you may also exercise your rights against other Joint Administrators, i.e. FINTURE Sp. z o.o. and FINTURE.AI Sp. z o.o. who will forward your request to Exorigo-Upos S.A. in order to fulfil your request.

Exorigo-Upos collects and processes personal data in accordance with applicable law, in particular with the RODO, in order to carry out its business activities.

Exorigo-Upos sapplies to the principle of ensuring transparency of personal data processing. Data subjects are informed about the processing of data at the latest at the time of their collecting, furthermore they are informed of the purpose and legal basis of their processing – eg. when concluding a contract for the sale of goods or services.

Exorigo-Upos makes sure that the principle of personal data minimization is respected in the Company. Data is collected to the extent necessary for the indicated purpose of processing, and processed only for a minimum retention period. In order to speed up and improve the service of its clients, Exorigo-Upos obtains personal data from them that are not necessary, for example, to perform the contract concluded with them - as a phone number or e-mail, only with their approval, and before collecting such data, informs customers of their voluntary application.

Exorigo-Upos ensures an adequate level of security and confidentiality of personal data processed by him. In the event of an incident related to the security of personal data, Exorigo-Upos informs about such an event persons whose personal data concerns, in a manner consistent with the law.


The Joint controllers have appointed a joint Data Protection Officer, whom you can contact electronically to the following address:, or in writing to the address of the joint controllers (with the note Data Protection Officer).


Procedures introduced by Exorigo-Upos ensure an appropriate level of confidentiality and integrity of personal data processed by him. Only persons who are properly trained and have appropriate authorizations can accesspersonal data. Exorigo-Upos applies organizational and technical solutions to ensure that all operations on personal data are registered and made only by authorized persons.

Exorigo-Upos takes the necessary steps when selecting the processors and other subcontractors to ensure the level of personal data protection for these entities it was enough.

Exorigo-Upos conducts a risk analysis on an ongoing basis and monitors the adequacy of data security measures applied to the identified threats. If necessary, Exorigo-Upos implements additional measures to increase data security.


Customers' personal data is collected in the case of
Subscribing to the newsletter (Newsletter), to perform the contract, the object of which is a service provided electronically, in accordance with art. 6 par. 1 lit. b RODO. In case of use the Newsletter service, the customer provides their name and e-mail address.

Use the contact form based of art. 6 par. 1 point f) RODO - processing is necessary for the purposes of the legitimate interests pursued by the Joint controllers consisting in undertaking necessary actions at the request of the data subject and answering an inquiry. In case of using contact form on Exorigo-Upos website, the Customer provides: e-mail address, telephone number and first and last name.

Direct marketing, based on art. 6 par. 1 point f) RODO - processing is necessary for the purposes of the legitimate interests pursued by the Joint controllers consisting in acquiring new customers and encouraging us to buy our products and services. Marketing activities towards new customers are conducted, after prior consent to communication, with at least one contact channel, like e-mail or telephone.

Collecting data in other cases. In connection with the conducted activity, Exorigo-Upos collects personal data also in other cases – eg. during business meetings, at industry events or by exchanging business cards - for purposes related to establishing and maintaining business contacts. Personal data is given in such cases on a voluntary basis. The legal basis for processing is necessary for the purposes of the legitimate interests pursued by the Joint controllers (art. 6 par. 1 point f RODO), consisting in creating a network of contacts regarding the activity. Personal data collected in such cases is processed only for the purpose for which it was collected.

Exorigo-Upos ensures that the amount of data processed in correspondence is consistent with the principle of data minimization and that only authorized persons have access to it.

During using the website, additional information may be downloaded, in particular: the IP address assigned to the terminal device (eg. telephone, tablet, computer) of the Customer or external IP address of the Internet provider, domain name, browser type, access time, type of operating system.

In order to market your own products and improve services from customers, navigational data may also be collected, including information about links which clients decide to click, or other activities on our site. The legal basis for processing is necessary for the purposes of the legitimate interests pursued by the Joint controllers (art. 6 par. 1 point f RODO), consisting in facilitating the use of services provided electronically and improving the functionality of these services.

The transfer of personal data to the Exorigo-Upos is voluntary related to implementation of the contact, the subject of which is the service provided electronically. With understanding, that when Client does not submit data specify in form, makes it impossible to execute the Client's order.


The period of data processing by Exorigo-Upos depends on the purpose of processing.

In the event that the basis for processing is necessary for the conclusion and performance of the contract, personal data will be processed until its completion.

If the processing is based on consent, personal data is processed until it is withdrawn.

The rule of law
In the case when the legal basis is the law, the period of personal data is processing also with results from specific provisions.

Legitimate interest of Exorigo-Upos
In the case of data processing on the basis of the legally justified interest of Exorigo-Upos, personal data are processed for a period enabling this implementation or for reporting effective objections to the processing of data.

Protection against claims
The processing period may be extended if the processing is necessary to establish, investigate or defend against any claims, and after that period, only in the case and to the extent that it will be required by law.

If the retention period has expired, personal data shall be deleted or anonymized without delay.


Personal data may be transferred to entities that process personal data at the request of Exorigo-Upos, like IT service providers - where such entities process data on the basis of a contract with the administrator and only in accordance with the administrator's instructions. Service providers are based mainly in Poland and other countries of the European Economic Area (EEA). If your data were transferred outside the EEA, Exorigo-Upos will apply appropriate legal safeguards, like standard contractual clauses for the protection of personal data, approved by the European Commission.

In the case of a request, Exorigo-Upos provides personal data to authorized state authorities, in particular organizational units of the Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.


Our website uses files with small size, called cookies. They are saved by the Administrator on the final device of the visitor of the website, if the web browser allows it. A cookie file usually contains the name of the domain it originates from, its "expiration time" and an individual, randomly selected number identifying this file. Information collected by means of such files enables the development of general statistics of visits to our website.

Exorigo-Upos use two types of cookies:

Serial cookies: after the end of a given browser session or the final device is turned off, the stored information is removed from the device's memory. The mechanism of session cookies does not allow to retrieve any personal data or any confidential information from final devices.

Persistent cookies: they are stored in the memory of the Customer's final device and remain there until they are deleted or expired. The mechanism of persistent cookies does not allow for the collection of any personal data or any confidential information from the terminal equipment of customers.

The Administrator use cookies files to analyze data that helps to understand how customers are helping to understand how they work. Exorigo-Upos does not use cookies to profile people visiting websites referred to above.

The mechanism of cookies is safe for end devices from which clients of the website customers. In this particular way, it is not possible for viruses or other unwanted software or malware to enter the end devices of the clients. In their browsers, they have the ability to access cookies for end devices. Use this site with your websites, features that by their nature require cookies.

6. Below, we present how you can change the settings of popular web browsers in the use of cookies:

Joint controllers can collect IP addresses of Clients. An IP address is a number assigned to the final device of the person visiting the website by the internet service provider. The IP number allows access to the internet. In most cases, it is assigned to the terminal device dynamically, i.e. it changes every time you connect to the Internet and is commonly regarded as non-private identifying information. The IP address is used by Exorigo-Upos in diagnosing technical problems with the server, creating statistical analyzes (like determining in which regions we note the most visits), as information useful in administering and improving the website, as well as for security purposes and possible identification of server-biased, undesirable automatic programs for viewing the contents of our website.


Rights of data subjects
The data subjects have the following rights:

  1. The right to inform about the processing of data - on this basis, the person submitting such a request to Exorigo-Upos S.A. provides information about the processing of his personal data, in particular, about the purposes and legal grounds of processing, the scope of data held, entities to which they are disclosed and the planned date of their removal;
  2. The right to obtain a copy of data - on this basis, Exorigo-Upos S.A. provides a copy of the data processed concerning the person making the request;
  3. Right to rectify - Each of the Joint controllers is obliged to remove any incompatibilities or errors of personal data being processed and to supplement them if incomplete;
  4. The right to delete data - on this basis you can request deletion of data, the processing of which is no longer necessary to carry out any of the purposes for which they were collected;
  5. The right to limit processing - in the event of such a request, Exorigo-Upos ceases to conduct operations on personal data, except for operations agreed to by the data subject and their storage, in accordance with accepted retention rules or until the reasons for processing restrictions cease to exist. data (eg a decision of the supervisory authority will be issued, allowing further processing of data);
  6. The right to data transfer - on this basis, to the extent to which personal data are processed in connection with the concluded agreement or consent, Exorigo-Upos S.A. will provide personal data provided by the person concerned in a format that allows their reading by a computer. It is also possible to request that data to be sent to another entity - provided, however, that there are technical possibilities in this respect both on the part of Exorigo-Upos S.A. and that other entity;
  7. Right to object to the processing of data for marketing purposes - the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection;
  8. Right to object to other purposes of data processing - the data subject may at any time object to the processing of personal data on the basis of the Joint controllers legitimate interest (eg for analytical or statistical purposes or for reasons related to the protection of property). Opposition in this respect should contain justification;
  9. Right of withdrawal of consent - if personal data are processed on the basis of expressed consent, the data subject has the right to withdraw it at any time, but this does not affect the legality of the processing carried out prior to the withdrawal of the consent;
  10. The right to complaint - if it is found that the processing of personal data violates the provisions of the RODO or other provisions on the protection of personal data, the data subject may file a complaint to the President of the Office for Personal Data Protection.

Reporting requests related to the implementation of rights

An application for the exercise of the rights of data subjects may be submitted:

  • 1. in writing, by traditional mail, to the address of Exorigo-Upos S.A. ul. Skierniewicka 10a, 01-230 Warszawa with the note "Data Protection Officer" or
  • 2. via e-mail to the following address: A response to the notification should be given within one month of its receipt. If it is necessary to extend this deadline, Exorigo-Upos S.A. informs the applicant about the reasons for such extension.

In the event of a change in the current privacy policy, appropriate modifications to the above provision will be made.