Privacy Policy
Last Updated: March 21, 2025
Introduction
We recognise the importance of your privacy and are committed to protecting your personal data.
This Privacy Policy explains how we collect, use, disclose, and protect all personal data we collect and proccess in connection to our websites and applications (collectively referred to as the “Services”); including but not limited to:
- Your use of our website and applications.
- Your use of our products and services.
- Your use of our online tools and resources.
- Your interactions with our customer support team.
- Your participation in our events, webinars, and surveys.
- Your communications with us via email, chat, or other channels.
- Your registration for our newsletters and marketing communications.
- Your participation in our community forums and social media channels.
- Your use of our APIs and integrations with third-party services.
- Your use of our online identity verification services.
By using our Services, you agree to the collection and use of information in accordance with this policy.
1. Data Controller
FundingBox Accelerator Sp. z o.o. is the data controller for your personal data, operating under GDPR and Polish law.
FundingBox Accelerator Sp. z o.o. is the data controller for your personal data (referred to as either “FundingBox”, “OnePass”, “OnePass Platform”, “we”, “us” or “our” in this Privacy Policy). This means we are responsible for deciding how we hold and use personal information about you.
We are committed to protecting your privacy and ensuring that your personal data is processed in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Polish law.
If you have any questions about our practices or this Privacy & Cookies Policy, please contact us at privacy@getonepass.eu.
FundingBox Accelerator Sp. z o.o.
Al. Jerozolimskie 136,
Warsaw (02-305),
Poland
2. Types of Personal Data We Collect
We collect identity, contact, professional, behavioral, and technical data to provide and improve our services.
We collect the following types of personal data:
| Type of Data | What We Collect |
|---|---|
| Identity Data | First name, last name, username, title, date of birth, gender, picture, password, and copies of ID cards or other forms of identification. |
| Contact Data | Home address, work address, billing address, email address, and telephone numbers. |
| Professional Background Data | Educational and professional history, interests, and accomplishments. |
| Online Presence Data | Links to your public account pages on social media websites, personal websites, and other online materials related to you. |
| Content Data | Any content you post to the Services, including profiles, questions, preference settings, answers, messages, comments, and metadata (e.g., timestamps). |
| Marketing and Communications Data | Your preferences in receiving marketing from us and third parties, as well as your communication preferences. Content of emails or messages sent through the Services. |
| Behavioral Data | Inferred or assumed information about your behavior and interests, based on your online activity (e.g., grouped into “segments”). |
| Technical Data | Internet protocol (IP) address, geolocation data, login data, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, and other technology on the devices you use to access the Site or Services. |
3. Purposes of Data Collection
Your data helps us provide services, process payments, conduct research, communicate with you, enhance security, and comply with legal obligations.
We collect and process your personal data for the following purposes:
| Purpose | Reason |
|---|---|
| Providing, Updating, and Maintaining Our Services | To deliver the Services you request, including registering you as a user, managing your account and profile, and authenticating you when you log in. For our Bridge Service, this includes surfacing additional features related to company document management on the Site. |
| Processing Payments | To process payments for purchases, subscriptions, or sales made on our Site. |
| Research and Development | To improve and add to the Services and better understand our users and the markets in which we operate. |
| Communicating with Users | To send communications via email and within the Services, including responding to your comments, questions, and requests, providing customer support, and sending technical notices, product updates, security alerts, and administrative messages. To notify you of investment opportunities and provide information regarding potential investments through the Site. |
| Providing Customer Support | To resolve technical issues, respond to requests for assistance, analyze crash information, and repair and improve the Services. |
| Enhancing Security | To keep our website, Services, and associated systems operational and secure, including verifying accounts and activity, monitoring suspicious or fraudulent activity, and identifying violations of our terms and policies. |
| Marketing and Promotions | To send promotional communications that may be of specific interest to you, including displaying products, investment offerings, events, and promotions on our Site or other companies’ websites. |
| Legal Compliance | To comply with applicable laws, regulations, legal processes, and to protect our legal rights, interests, and the interests of others. |
4. Legal Basis for Processing
We process your data based on contractual necessity, legitimate interests, consent, and legal obligations under GDPR.
The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in the table below.
| Processing purpose | Legal basis (*) |
|---|---|
| Providing, updating, and maintaining our Services | Contractual necessity |
| Processing payments | Contractual necessity |
| Research and development | Legitimate interests |
| Communicating with users | Legitimate interests |
| Providing customer support | Legitimate interests |
| Enhancing security | Legitimate interests |
| Marketing and promotions | Consent or legitimate interests |
| Legal compliance | Legal obligations |
(*) The legal bases for processing personal data under the General Data Protection Regulation (GDPR) include:
- Consent: When you provide explicit consent for specific processing activities.
- Contractual Necessity: To fulfill our obligations under the Terms of Service.
- Legitimate Interests: To improve our Services and protect our business interests.
- Legal Obligations: To comply with applicable laws and regulations.
5. Sensitive Personal Information
We don’t intentionally collect sensitive personal information and ask that you don’t provide it.
We do not intentionally collect sensitive personal information and we ask that you do not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics or criminal background) on or through the Services.
If you do provide us with sensitive personal information, you consent to our processing of that information in accordance with this Privacy Policy. If you do not consent to our processing of sensitive personal information, you must not submit such sensitive personal information to us or through our Services.
6. Data Sharing and Disclosure
We may share your data with affiliates, service providers, trusted verifiers, and other parties as needed to provide our services.
We may share your personal data with the following parties:
| Recipients | Why we share it |
|---|---|
| Affiliates | To provide the Services and operate our business. Our affiliates may access your personal data to help us develop, maintain and provide the Services and help manage our customer relationships (including cutomer support, customer success, etc.). |
| Service Providers | To assist us in providing the Services, including payment processing, data analytics, and customer support. |
| Professional Advisors | To obtain professional compliance, accounting, legal and similar services. |
| Trusted Verifiers | To verify your credentials and ensure the accuracy of your information. |
| Other Users | To facilitate connections and collaborations between startups and investors. |
| API Users | To allow third-party applications to access your data with your consent. |
| Legal Authorities | When required by law or to protect our rights, such as in response to a court order, subpoena, or audit. |
| Business Transfers | In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner. |
In addition, personal data you choose to add to your profile will be visible to other users of the Services. If you are a user of our Services, we may share your personal data with other users of the Services to facilitate connections and collaborations between startups and investors. This includes your name, profile picture, and any other information you choose to share publicly. If you want your information to remain private, please do not add it to your profile.
We may also share aggregated or anonymized data that does not identify you personally with third parties for research, analysis, and marketing purposes.
7. Data Retention
We retain your data only as long as needed to fulfill our stated purposes or as required by law.
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. This may include retaining your personal data for a period of time after you close your account to comply with our legal obligations, resolve disputes, and enforce our agreements.
When we no longer need your personal data, we will securely delete or anonymize it in accordance with applicable laws and regulations.
8. Your Rights Regarding Your Personal Data
You have comprehensive rights to access, rectify, erase, restrict, and object to the processing of your personal data.
You have the right by this Privacy Policy and applicable data protection laws to:
| Right | Description |
|---|---|
| Access | You have the right to request access to the personal data we hold about you. |
| Rectification | You have the right to request correction of any inaccurate or incomplete personal data we hold about you. |
| Erasure | You have the right to request deletion of your personal data under certain conditions. |
| Restrict Processing | You have the right to request restriction of processing your personal data under certain conditions. |
| Data Portability | You have the right to request transfer of your personal data to another controller under certain conditions. |
| Object | You have the right to object to processing of your personal data based on legitimate interests. You also have the right to object to processing of your personal data for direct marketing purposes. |
| Withdraw Consent | You have the right to withdraw your consent at any time, where we rely on your consent to process your personal data. |
| Complain | You have the right to lodge a complaint with a supervisory authority if you believe that we have not complied with applicable data protection laws. |
| Not Be Subject to Automated Decision-Making | You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. |
| Object to Profiling | You have the right to object to processing of your personal data for profiling purposes. |
How to exercise your rights.
You can exercise your rights by contacting us at privacy@getonepass.eu.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Complaints.
If you would like to make a complaint about this Privacy Policy or how we process your personal data, please contact us at privacy@getonepass.eu.
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. You can find information about your local supervisory authority on the European Data Protection Board (EDPB) website: edpb.europa.eu .
9. Data Storage and International Data Transfers
Your data is stored in the EU, but may be transferred with appropriate safeguards when necessary.
The Services are hosted in the European Union (EU) and your personal data is stored on servers located within the EU. However, we may use third-party service providers that may store your personal data outside the EU. In such cases or if we transfer your personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or Privacy Shield certification.
10. Data Security
We implement technical and organizational measures to protect your data, though no method is 100% secure.
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, loss, misuse, or alteration. We use encryption, access controls, and regular security audits to safeguard your personal data. However, please note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. We also require our service providers to implement appropriate security measures to protect your personal data. We will notify you and any applicable regulator of a breach where we are legally required to do so. We will also notify you if we become aware of any unauthorized access to your personal data. We will not be liable for any unauthorized access to or use of your personal data, except as required by applicable law.
11. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience on our platform. You can manage your cookie preferences through your browser settings.
12. Links to Other Websites
This Privacy Policy applies only to our Services. Our Services may contain links to other websites that are not operated by us. We are not responsible for the content or privacy practices of third-party websites. We recommend reviewing the privacy policies of these websites before providing any personal data.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be effective immediately upon posting on our site. Your continued use of the Services after any changes indicates your acceptance of the updated Privacy Policy.
14. Contact Information
If you have any questions about this Privacy Policy or your personal data, please contact us at:
FundingBox Accelerator Sp. z o.o.
Warsaw (02-305), Poland, Al. Jerozolimskie 136
privacy@getonepass.eu
Glossary of Key Terms
To help you better understand this Privacy Policy, we’ve provided definitions for key terms:
| Term | Definition |
|---|---|
| Affiliates | Companies related by common ownership or control. Our affiliates include companies that are part of the FundingBox group of companies that help provide, maintain, and improve our Services. |
| Personal Data | Any information relating to an identified or identifiable natural person (‘data subject’). This includes names, identification numbers, location data, online identifiers, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. |
| Data Controller | The entity that determines the purposes and means of processing personal data. In this case, FundingBox Accelerator Sp. z o.o. is the data controller. |
| Data Processor | A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. Our service providers act as data processors. |
| Data Processing | Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, or erasure. |
| GDPR | The General Data Protection Regulation (EU) 2016/679, a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. |
| Legitimate Interest | A lawful basis for processing personal data where processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights of the data subject. |
| Consent | Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of their personal data. |
| Cookies | Small text files stored on your device that help websites remember your preferences and improve your browsing experience. |
| IP Address | A unique string of numbers separated by periods that identifies each computer using the Internet Protocol to communicate over a network. |
| API | Application Programming Interface, a set of rules that allows different software applications to communicate with each other. |
| Data Subject Rights | Rights granted to individuals under data protection laws regarding their personal data, including access, rectification, erasure, and portability. |
| Standard Contractual Clauses (SCCs) | Legal mechanisms approved by the European Commission that provide appropriate safeguards for international transfers of personal data. |
| Data Breach | A security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data. |