Last updated: May 20 2026  ·  Fides Polonia Capital Management

Privacy Policy

GDPR Compliant UODO Poland KNF ASI Framework NIS2 Aware

1. Data Controller

Fides Polonia Capital Management ("we", "us", "our") is the data controller for personal data collected through this website. We are registered in Poland and operating under Polish law and EU regulation. KNF ASI registration pending.

Contact for data protection matters: info@fidespolonia.com  ·  +48 453 326 049  ·  Kraków, Poland

2. What Data We Collect and Why

We collect only the minimum personal data necessary for legitimate business purposes:

• Investor enquiry data — name, email, phone number, investor status — collected when you submit the investor enquiry form on our website. Legal basis: legitimate interest and pre-contractual steps (GDPR Article 6(1)(b) and (f)).
• Website analytics — anonymised data on page visits, referral source, browser type — collected via Google Analytics. Legal basis: legitimate interest in understanding website performance (GDPR Article 6(1)(f)). No personally identifiable information is collected.
• Communications — email and phone records of correspondence with us. Legal basis: legitimate interest and contractual necessity.

We do not collect sensitive personal data (Article 9 GDPR), financial account information, or data from minors.

3. How We Use Your Data

• To respond to investor enquiries and assess suitability for our investment programme
• To comply with KNF, AML, and anti-fraud regulatory obligations
• To send research publications and fund updates to investors who have requested them
• To improve website performance and user experience (analytics only)

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

4. Data Sharing and Third Parties

We may share data with the following categories of recipients where necessary:

• Professional advisers — lawyers, accountants, auditors — under contractual confidentiality obligations
• Regulatory authorities — KNF (Poland), UODO, EU supervisory bodies — where legally required
• Technology providers — website hosting (Netlify, USA — covered by EU-US Data Privacy Framework), analytics (Google Analytics, anonymised)
• US regulators — where Polish investors engage in US-regulated activities, relevant disclosures may be shared with the SEC or FINRA under applicable law

Any transfer of personal data outside the EEA is conducted under appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

5. Data Retention

Investor enquiry data is retained for 5 years from the date of last contact, in accordance with Polish AML regulations (Ustawa o przeciwdziałaniu praniu pieniędzy, 2018). Analytics data is retained for 26 months. Communications records are retained for 5 years.

6. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and Polish data protection law (UODO), you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion, subject to legal retention obligations
• Restriction — request that we limit processing in certain circumstances
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any right, contact info@fidespolonia.com. We will respond within 30 days. You also have the right to lodge a complaint with the President of the Polish Personal Data Protection Office (UODO) at uodo.gov.pl.

7. Cookies

This website uses essential cookies required for basic functionality and analytical cookies via Google Analytics (anonymised, no personally identifiable information). No marketing or advertising cookies are used. You may disable cookies in your browser settings; some website functionality may be affected.

We do not use third-party advertising networks, retargeting pixels, or social media tracking cookies.

8. Website Security

This website is served over HTTPS with HSTS (HTTP Strict Transport Security) enforced. Security headers including Content Security Policy, X-Frame-Options, and X-Content-Type-Options are implemented in compliance with DORA ICT security guidance and NIS2 baseline requirements. Our hosting provider (Netlify) maintains ISO 27001 certification.

9. US Persons

This website is not directed at US persons as defined under the US Securities Act of 1933. No securities are offered or sold to US persons through this website. If you are a US person and contact us, your data will be handled in accordance with applicable US privacy law including, where relevant, the California Consumer Privacy Act (CCPA).

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by updating the "Last updated" date above. Continued use of the website after changes constitutes acceptance.