Privacy Policy

Protecting privacy and securing data entrusted to us by users forms the operational foundation of our platform. This Privacy Policy aims to provide a detailed, transparent, and clear explanation of procedures related to the collection, processing, storage, and protection of personal data within the services provided by Le Bandit. The data administrator is the entity managing the platform, based in Poland, who bears full responsibility for ensuring that processing activities comply with applicable legal standards. Please carefully read the provisions below to fully understand your rights and our obligations.

To deliver high-quality services, ensure transaction security, and comply with regulatory requirements, we collect various categories of personal data. Their scope is always limited to the minimum necessary to achieve the specified purpose.

Identifying Information and Contact Details

During account registration, we collect basic personal information, including first and last name, date of birth (essential for strict verification of the 18+ age requirement), residential address, current email address, and contact phone number. In certain cases, particularly during profile verification, we may require submission of an identity document copy to prevent fraud and identity theft.

Technical Data and Device-Specific Information

When users interact with our platform, we automatically record technical parameters of the device used, including IP address, browser type and version, timezone and location settings, browser plugins, operating system, unique mobile device identifiers, and server log data. These are crucial for interface optimization and infrastructure protection against cyberattacks.

Activity and Usage Pattern Data

We collect extensive information regarding how users interact with our services. We monitor time spent on the site, navigation paths, preferred features, login frequency, and interactions with specific website elements. Analyzing this data enables us to continuously improve the operational environment and align it with the real needs of our community.

Financial Data and Transaction History

Due to the nature of the online services we provide, we process information regarding deposits, withdrawals, and other financial flows. This includes transaction history, preferred payment methods, partial credit card numbers (in accordance with PCI-DSS standards—never the full numbers), and bank account numbers used for settlements. We do not store full authentication credentials for users’ bank accounts.

In accordance with applicable information protection standards, each data processing operation is based on a lawful basis. The primary basis is the necessity to perform the service agreement concluded between the user and us upon registration. Additionally, we process data to comply with our legal obligations, such as financial reporting, anti-money laundering policies, and age verification. Certain activities rely on our legitimate legal interest, including cybersecurity, business analytics, and fraud prevention. In cases specifically defined by law (e.g., direct marketing), processing is based on the user’s freely given, explicit, and revocable consent at any time.

The collected information is used by us exclusively for predefined, legally permissible purposes. We use it to: establish, administer, and maintain the user’s account; process and authorize financial transactions; provide technical support and resolve issues reported to customer service; communicate material changes to terms or services; monitor and prevent fraudulent activities, system manipulation, and potential criminal acts; and, with the user’s explicit consent, to send promotional offers, personalized recommendations, and informational material about new platform features.

We do not sell users’ personal data. However, to deliver the full range of services, we collaborate with carefully selected and vetted third-party service providers. These entities act solely on our instructions, and strict data processing agreements bind us to them. They include certified payment gateway providers, hosting and cloud infrastructure companies, analytics system vendors, and customer communication platforms (email and chat systems). We also reserve the right to disclose data to relevant law enforcement or regulatory authorities when mandated by a court decision or prevailing legal provisions.

Our primary server infrastructure resides within the European Economic Area (EEA). When collaboration with specialized technology partners requires transferring data outside this area, we implement appropriate and legally binding safeguard mechanisms. These primarily include standard contractual clauses approved by relevant regulatory authorities and thorough verification of foreign recipients’ security policies to ensure the level of protection remains consistent with the high standards required in Poland.

We retain personal data only for the period objectively necessary to achieve the purposes outlined in this document. Retention periods are determined by the duration of the relationship with the user (maintaining an active account) and applicable legal requirements (e.g., tax and accounting regulations, which typically mandate retaining transaction records for 5 years). Once the required retention periods expire, all personal data is securely deleted from our systems or rendered irreversibly anonymized, thereby becoming purely statistical data.

Protecting the integrity, availability, and confidentiality of data is our absolute priority. We have implemented advanced technical and organizational procedures. We use strong encryption algorithms (SSL/TLS) to secure data transmission between the user’s device and our servers. We employ firewalls, regular security audits, penetration testing, and strict access controls within our organization (access based on the principle of necessity). Despite applying industry-leading standards, users should be aware that no internet transmission method is 100% risk-free; therefore, we advise vigilance regarding personal password security.

In connection with data processing, users are entitled to a range of rights ensuring control over their personal data. You have the full right to request access to your personal data and obtain a copy of the processed information. You have the right to rectify any inaccuracies, incompleteness, or outdated entries. Under justified circumstances, you have the right to erasure (the so-called “right to be forgotten”), the right to restrict processing, and the right to object to data use for marketing or profiling purposes. We also ensure the portability of your data to another provider in a structured, commonly used format.

Given technological developments, changes in our service portfolio, and modifications to privacy laws, we reserve the right to amend the above provisions. Any material changes to the privacy policy will be published well in advance on the appropriate section of our website. Additionally, for changes having a fundamental impact on user rights, we will notify registered users directly via electronic communication.

To exercise your rights, report privacy incidents, manage your consents, or ask questions regarding this policy’s interpretation, please contact our Data Protection Support Unit directly. We guarantee that every request is reviewed promptly and with due care.

Email address: [email protected]

Phone number: +48 22 123 45 67

Postal address: Złota 44 St., 00-120 Warsaw, Poland