Privacy Policy (as of July 6th, 2022)

Privacy Statement – how we protect your data

General statement

This Privacy Statement describes our collection, use, disclosure, retention and protection of your personal information. It applies to any indaHash site where this Privacy Statement appears in the footer, and to any indaHash application, service, or tool (collectively “Services”) where this Privacy Statement is referenced, regardless of how you access or use them, including through mobile devices.

By using our Services, applications and/or registering for an account with us, you are accepting the terms of this Privacy Statement and you are consenting to or you acknowledge our collection, use, disclosure, retention and protection of your personal information as described in this Privacy Statement. Providing personal data is voluntary, however should you decline to share it with us, we will not be able to conclude a contract with you.  

What does this privacy statement cover?

This privacy statement is to inform you regarding the use of your personal information which is collected during your visit to one of our websites or registration to indaHash app.

This privacy statement applies to all our Services.

Who is the data controller?

Fulfilling the information obligation under Article 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”) – in connection with the collection of personal data from the Client’s representatives, the Co-controllers of your personal data (i.e. entities that jointly determine purposes and ways of processing data) are: IDH Media Limited with its registered office at 22 Northumberland Road, Ballsbridge, Dublin 4, Ireland and IDH Media S.A. in with its registered office at 19 Piękna Street, 00-549 Warsaw, Poland (hereunder referred to as “we”, “us”, “Co-controllers”).

IDH Media S.A. and IDH Media Limited, co-manage your personal data in order to fulfil the obligations of the group of companies that provide influence marketing services. 

In accordance with the agreement between the Co-controllers, IDH Media S.A. performs information duties towards clients and their representatives and ensures that each person exercises the rights of the data subject.

In accordance with the co-administration agreement as of 20 August 2021, we have agreed together on the scope of our responsibilities regarding the fulfilment of the obligations arising from the GDPR, in particular we have agreed that:

1. Controller 1 undertakes to respond to requests submitted by Data Subjects in connection with the exercise of their rights under Articles 15, 16, 17, 18, 20, 21 and 22 GDPR. Any requests submitted by Data Subjects shall be responded to in accordance with the principles and within the time limits that are mentioned in Article 12 GDPR.

2. In the event that a Data Subject has submitted a request connected with the exercise of their rights under Article 15, 16, 17, 18, 20, 21 and 22 GDPR to Controller 2, Controller 2 will pass such request to Controller 1 within 3 days after such request is


The Co-Controllers shall ensure the security of the processing of personal data by implementing appropriate technical and organisational measures.

You may exercise your rights against each of us.

We have appointed a Data Protection Officer, who can provide you with detailed information regarding your personal data processing.

You may contact the Data Protection Officer:

  • via email:; or 
  • via letter: indaHash, 19 Piękna Street, 00-549 Warsaw, Poland – with annotation “Data Protection Officer”.

Personal information

“Personal information” is information that can be associated with a specific person and could be used to identify that specific person whether from that data or from that data and other information that we have or are likely to have access to.

Any personal information which you voluntarily provide us will be treated with the highest standards of security and confidentiality.

Collection and use of personal information

We collect, process and retain personal information from you and any devices (including mobile devices) you may use while you: use our Services, register for an account with us, provide us information on a web form, update or add information to your account, or dispute resolution, or when you otherwise correspond with us regarding our Services.

The personal information we collect includes the following:

Personal information you provide us when you use our Services or register for an account with us

• Identifying information such as email, account name when you register for an account with us,

• Other content that you generate, or that is connected to your account,

• Financial information (such as bank account numbers, your name, addresses, telephone numbers) in connection with a transaction,

• You may also provide us other information through a web form, by updating or adding information to your account, dispute resolution, or when you otherwise correspond with us regarding our Services.

Personal information we collect automatically when you use our Services or register for an account with us

• We also collect information about your interaction with our Services, your communications with us. We receive this from the devices (including mobile devices) you use when you use our Services, register for an account with us, provide us information on a web form, update or add information to your account, participate in community discussions, chats, or dispute resolution, or when you otherwise correspond with us regarding our Services. It comprises of the following: name, surname, address, bank account, e-mail, social media account(s) data, username

• Computer and connection information such as statistics on your page views, traffic to and from the sites, referral URL, ad data, your IP address, your browsing history and your web log information

Personal information we collect using cookies, web beacons, and similar technologies

We use cookies, unique identifiers and similar technologies to collect information about the pages you view, all necessary information about cookies other technologies, purposes is available at Cookie Policy.

Why are we processing your data?

Above all, we are processing your personal data as it is necessary to execute the binding agreement between you and usand in order to pursue legitimate interests of the administrator as a party to that contract, including the performance of the contract, warding off or pursuing claims in connection with that contract . Moreover, we are processing your data in order to enable you using services offered in scope of the indaHash app and in order to contact you in relation to the provided services.

Should the legal regulations require us to do so – we will also process your data for tax and accounting purposes.

Additionally, we are processing your data based on our legitimate interest which is the necessity to conduct analyses and statistics aimed at – on one hand – improvement of app functionalities and features and – on the other – ensuring security and efficiency of usage thereof.

We will process your data  for a direct marketing – to inform you about indaHash world news.

We can also process your data in order to conduct proceedings related to your complaints and other claims. Such processing is based on our legitimate interest being an ability to defend ourselves against claims or to enforce our claims.

Our legitimate interest will also be the processing of your data in order to detect fraud and abuse and conduct activities of a preventive character and ensure safety in the Service.

Data retention period

We retain your personal information as long as it is in the line with applicable laws and necessary and relevant for our operations. 

We retain your personal information as long as it is necessary by the applicable law, until the claims under the contract are time-barred, the end of damages proceedings or until you withdraw the consent. 

In addition, we may retain your personal information from closed accounts to comply with national laws, prevent fraud, collect any owed fees, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Agreement and take other actions permitted or required by applicable national laws. After it is no longer necessary for us to retain your personal information, we dispose of it in a secure manner according to our data retention and deletion policies.

If you discover that we hold inaccurate information about you, you can request a correction. Such a request must be made in writing or via email.

Your rights

In relation to personal data processing, you can execute the following rights: 

  • Access the content or receive a copy of your data;
  • Request to correct, delete or restrict data processing;
  • object to the processing of your personal data, if we are processing them:

i) for the purpose of direct marketing or

ii) based on our legitimate interest and you – as a result of your extraordinary situation – do not agree for that anymore.

  • Lodge a complaint with the authority competent for the protection of personal data

You also have right to data portability. It means that you can obtain from us your data in a structured, commonly used and machine-readable format. You can send such data to another controller or demand that we do that for you. We will only send such data to another controller, provided that it is technically possible.

In order to execute your rights mentioned above, please contact our Data Protection Officer (you can find contact details above).

If we ask you to grant your consent for personal data processing, you will always be entitled to withdraw such consent (and it will be as simple as granting such consent). Withdrawal of your consent shall not affect lawfulness of personal data processing based on the consent before such withdrawal.

You can also obtain information on basic content of arrangements between us (co-controllers) related to fulfillment of our obligations resulting from personal data security regulations.


We transfer your data to other entities, if it is necessary to provide the service or enable you to take part in the campaigns, required by binding provisions of law or justified by operational necessity (e.g. hosting provider). It means that we can transfer your personal data to:

• our (co)workers and (co)workers of other companies from our capital group;

• our clients,

• courier company,

• banks and entities providing payment services,

• our other subcontractors, provided that we entrust them execution of activities requiring transfer of your data (such entities will act solely based on the agreement we have concluded with them)

• relevant authorities, if it is required by binding provisions of law.

Transfer of data outside the European Economic Area (EEA)

We transfer your data only for the purpose of execution of the campaign you want or could take part in. Your data can be transferred to an Advertiser outside the EEA only if you are taking part in a campaign outside this area. Since indaHash operates all over the world, it happens sometimes that providers of daily operation services (necessary for our operational and technological activities), including for instance servers, hosting, project management platform, software, bookkeeping platforms etc., are located outside the EEA and they also receive (or may receive) your data, if that is necessary.

All transfers outside the EEA are based on, so called, standard contractual clauses, approved by the European Commission, which ensure appropriate security standards in accordance with binding provisions of law.

Complaints about data processed via the website.

If you are concerned about how personal data are processed via this website, please do not hesitate to bring such concerns to the attention of the Data Protection Officer at the:

Collection and use of technical information

We may automatically collect non-personal information about you such as the type of internet browsers you use or the website from which you linked to our website. You cannot be identified from this information and it is only used to assist us in providing an effective service on this website.


We protect your information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centres and information access authorization controls. If you believe your account has been abused, please contact us.

Changes to this policy

From time to time we may make changes to this privacy statement. Should any substantial changes be made, i.e. the way in which we use your personal data, we will post the changes on this website and will do our best to notify you of them. Please check our privacy statement on a regular basis.