Privacy Policy

Last updated: 15 October 2025

Meadow Link Sp. z o.o. (hereinafter “Meadow Link,” “we,” “us,” or “our”) is a company incorporated under the laws of Poland and operating as a Virtual Asset Service Provider (VASP). We are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, process, and use personal information about users of our services and visitors to our website.

We define “Personal Information” (or “Personal Data”) as any information that can identify you, such as your name, address, email address, transaction history, etc. Our data processing practices comply with the EU General Data Protection Regulation (Regulation 2016/679, GDPR) and other applicable data protection laws. By using our services or website, you acknowledge that you have read and understood this Privacy Policy.

Data Controller and Contact Information

Meadow Link Sp. z o.o. is the data controller responsible for your Personal Data. We are registered in Poland under KRS No. 0001139618. Our registered business address is ul. Nowogrodzka 56/A, 00-695 Warsaw, Poland.

If you have any questions about this Privacy Policy or your Personal Data, you can contact us by email at support@m-link.io. We also designate a Data Protection Officer (contact details provided below) for oversight of our data protection compliance.

Categories of Personal Information We Collect

We may collect and process various categories of Personal Information. These include:

Identity Data: Full name and date of birth.
Contact Data: Contact information such as phone number, email address, and residential address.
Electronic Identification Data: Online identifiers like your IP address, device and browser information, operating system details, and device fingerprint data.
Identification Documents: Details from identity documents (e.g. passport, national ID, driver’s license, residence permit), including document numbers, expiration dates, and scans or photographs of these documents.
Photographs and Images: Your photograph or facial image (for example, if you provide an ID selfie or if we require a profile picture for verification).
Financial and Transaction Data: Banking and payment details (such as your bank account or card information) and information about transactions you execute on our platform. This also includes information about the sources of funds you use in our services, as required by anti-money laundering regulations.
Employment Information: Details about your employment or occupation, where relevant (for instance, if required as part of Know-Your-Customer checks).
Other Information Provided by You: Any other personal information you choose to provide to us when requested or when you contact us for support (for example, in response to specific questions or compliance checks).

How We Collect Personal Information and Why We Use It

Directly from You: In most cases, we collect Personal Data directly from you. You provide us with your information when you use or register for our services, and we process it for purposes including:

Providing Services: To create and administer your account, and to enable you to use our platform and services in accordance with our Terms of Use.
Communications: If you contact us with an inquiry, request, or support issue, we will use your information to respond and assist you.
Service Improvement: To analyse the usage of our website and services, helping us understand user behaviour and improve the performance and user experience of our platform.
Legal and Regulatory Compliance: To comply with various legal obligations applicable to Meadow Link as a regulated business and VASP. This includes obligations under tax laws, anti-money laundering (AML) and countering financing of terrorism (CFT) regulations, fraud prevention laws, and accounting requirements.
Fraud and Abuse Prevention: To monitor, detect, and prevent fraud, suspicious activities, or any misuse of our services. This helps us protect our users and the integrity of our platform.
Marketing and Updates: With your consent, where required, to provide you with information about our products, services, or promotions that we believe may interest you. You will always have the option to unsubscribe from such communications.
Market Research: To conduct surveys or gather feedback from users about our performance or new product ideas, in order to better understand customer needs and improve our offerings.

From Third Parties or Public Sources: We may also obtain some Personal Data from other sources: for example, from publicly accessible databases, credit bureaus, identity verification partners, sanction lists, or business partners who assist in compliance checks. We only collect such information in accordance with applicable laws and to fulfil our legal/regulatory obligations or to safeguard our business against illicit activities.

Cookies and Similar Technologies

Like most websites, we use cookies and similar tracking technologies to improve your experience and our services. A cookie is a small text file that a website stores on your device to uniquely identify your browser or to store information/settings in your browser.

Cookies help us in several ways, for example: they enable core site functionality, allow us to remember your preferences, and provide analytical data about how users interact with our site. Information collected through cookies is used to evaluate the effectiveness of our website, analyze trends in usage, administer the platform, and enhance user experience. Cookies also help us tailor our advertising (if applicable) by understanding your interests on our site.

Managing Cookie Preferences

You have the right to decide whether to accept or reject cookies. You can manage your cookie preferences at any time by adjusting the settings on our website’s cookie consent tool (if available) or by changing your web browser settings to delete or refuse cookies.

In addition, most web browsers provide settings that let you control or disable cookies. You can usually find these settings in the “Options” or “Preferences” menu of your browser. For detailed information, visit external resources such as AboutCookies.org or AllAboutCookies.org, which provide guidance on how to see what cookies have been set and how to manage or delete them.

For convenience, here are useful links on managing cookies for some popular browsers:

Google Chrome – Cookie settings are typically in the Privacy section of Chrome’s settings.
Microsoft Edge – Adjust cookie settings via the Privacy & security settings.
Mozilla Firefox – Manage cookies in the Options/Preferences under Privacy & Security.
Microsoft Internet Explorer – You can find cookie options in the Internet Options under Privacy.
Opera – Cookie preferences are available in the Settings under Privacy & security.

If you want to opt-out of Google Analytics tracking on all websites, you can install the official opt-out browser add-on provided by Google: Google Analytics Opt-Out.

Please note that if you disable or refuse cookies, some features of our site might become inaccessible or not function properly.

Who We Share Personal Information With

We treat your Personal Data with care and confidentiality. However, in certain circumstances, we may share your Personal Information with third parties, but only under strict conditions and in line with this Privacy Policy. Such third parties may include:

Affiliates and Service Providers: Companies that are affiliated with Meadow Link, as well as agents, representatives, and service providers who perform functions on our behalf. This could include providers of technical infrastructure, customer support services, or other operational assistance.
Financial Institutions and Payment Processors: Banks, payment service providers, and similar financial institutions involved in processing your transactions (for example, when you purchase or sell virtual assets through our platform).
Communication Platforms: Trusted third-party platforms that help us communicate with you, such as email service providers, live chat providers, or marketing email platforms (used in accordance with your marketing preferences).
Identity Verification and Compliance Partners: Third-party contractors that provide identity verification services, biometric verification, or screening against sanctions and watchlists. These partners help us comply with our KYC/AML obligations by checking your provided information against government-issued databases or international sanction lists.
Legal or Regulatory Authorities: Law enforcement agencies, government bodies, courts, or regulators, but only to the extent we are required to do so by law. For example, we may disclose information pursuant to a legal subpoena, to report certain transactions under anti-money laundering laws, or to cooperate with investigations.

Safeguards with Third Parties: Whenever we share your data with third parties, we ensure through contractual agreements that they are obligated to protect your Personal Information to standards at least as strict as those set out in this Privacy Policy and required by applicable law. These third parties are only given the minimum amount of data necessary for them to fulfill their obligations to us or to comply with legal requirements, and they are not permitted to use the data for any other purposes.

International Data Transfers

Meadow Link is based in Poland, but the third parties we work with (such as cloud service providers or other contractors) may be located in other countries, including outside the European Economic Area (EEA). Whenever we transfer your Personal Data across national borders, we take steps to ensure it remains protected to the standards required by the GDPR and other applicable laws.

We will only transfer your Personal Information to a country outside the EEA if one of the following conditions is met:

Adequacy Decision: The destination country is recognized by the European Commission as providing an adequate level of data protection. This means the country’s data protection laws are considered strong enough to safeguard your rights in a similar way to EU law.
Appropriate Safeguards: We have put in place appropriate safeguards to protect your data. Typically, this means using standard contractual clauses (SCCs) or equivalent data transfer agreements approved by the European Commission, combined with additional security measures as necessary. These measures contractually ensure that your Personal Data receives the same protection as within the EU.
Specific Legal Derogations: In rare cases, we may rely on specific exceptions provided by law (known as derogations) for international transfers. Examples include situations where the transfer is necessary for the establishment, exercise or defense of legal claims, or if the transfer is required for important reasons of public interest. We will only use these exceptions if appropriate, and we will inform you when such a transfer occurs.

Regardless of where your Personal Information is transferred, we will always take reasonable and appropriate measures to protect it in accordance with this Privacy Policy and applicable law.

Lawful Bases for Processing Personal Data

Under the GDPR, we must have a valid legal basis to process your Personal Data. Depending on the specific context and nature of our relationship with you, Meadow Link relies on one or more of the following lawful bases:

Consent: You have given clear consent for us to process your Personal Data for a specific purpose. For example, we will ask for your consent to send you marketing emails. You have the right to withdraw your consent at any time. If you choose to withdraw consent, it will not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw consent by contacting us at support@m-link.io
Contractual Necessity: Processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract. In other words, we need to process your data in order to provide you with the services you have requested (e.g. to facilitate a transaction or maintain your account).
Legal Obligation: Processing is necessary for us to comply with a legal obligation. This includes obligations such as verifying identity under AML laws, keeping certain records for tax or accounting purposes, or responding to lawful requests by public authorities.
Vital Interests: Processing is necessary to protect someone’s vital interests. This basis is likely to apply only in exceptional circumstances, such as when processing personal data is needed to protect your life or someone else’s life.
Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. This basis is generally more relevant to public authorities and may not apply to our day-to-day operations, but we include it here for completeness.
Legitimate Interests: Processing is necessary for the purposes of our legitimate interests (or those of a third party), except where such interests are overridden by your interests or fundamental rights and freedoms. We will rely on this basis only after careful assessment. For example, a legitimate interest for Meadow Link is to process data for fraud prevention and network security in order to protect our business and customers. When we process your data on this basis, we ensure that we consider and balance any potential impact on you (both positive and negative) and your rights.

We will always make it clear which legal basis applies to a particular processing activity, and we will not process Personal Data in ways that are incompatible with these purposes.

Your Data Protection Rights

Under the GDPR and applicable data protection laws, you have several important rights concerning your Personal Data. Meadow Link is committed to facilitating the exercise of these rights. These rights include:

Right of Access: You have the right to request copies of the Personal Data we hold about you. This allows you to confirm that we are processing your data and to verify the lawfulness of the processing.
Right to Rectification: You have the right to ask us to correct any Personal Data that you believe is inaccurate or incomplete. If any of your information changes or you find inaccuracies in our records, please let us know so we can update it.
Right to Erasure: (Also known as “Right to be Forgotten.”) You have the right to request that we delete your Personal Data in certain circumstances. For example, you can ask for erasure if the data is no longer necessary for the purposes for which it was collected, or if you have withdrawn your consent and no other legal basis for processing applies. Note that we cannot delete data where we have a legal obligation to keep it (e.g., certain transaction records under financial regulations) or other overriding legitimate grounds.
Right to Restrict Processing: You have the right to request that we limit the processing of your Personal Data in certain situations. This means we can store the data but not use it. You might exercise this right if, for instance, you contest the accuracy of the data (until we verify it), or you object to our processing and we are considering your request.
Right to Object to Processing: You have the right to object to our processing of your Personal Data in cases where we rely on legitimate interests or perform a task in the public interest. If you object, we will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your rights and interests, or if the processing is for the establishment, exercise, or defence of legal claims. You also have an unconditional right to object to your Personal Data being used for direct marketing purposes at any time.
Right to Data Portability: You have the right to request that we transfer the data you have provided to us to another organisation or directly to you, in a structured, commonly used, machine-readable format, where technically feasible. This right applies when we are processing your data based on your consent or a contract with you, and the processing is carried out by automated means.

Exercising Your Rights: You can exercise most of your rights by contacting us with your request. Please email us at support@m-link.io if you wish to access, correct, or delete your information, or to exercise any other data right. In some cases, if you have an online account with us, you may be able to log into your account settings and directly access or update certain information. We will respond to your request within one month of receiving it, as required by law. If your request is complex or if you have made a large number of requests, we may inform you that we need additional time (up to an additional two months) to respond.

Identity Verification: To protect your privacy and security, we may need to verify your identity before fulfilling certain requests (for example, by asking you to provide a copy of a government-issued ID or other verification information). This is to ensure that Personal Data is not disclosed to anyone who does not have the right to receive it. If you do not provide sufficient information for us to confirm your identity, we reserve the right to refuse to act on the request until your identity can be confirmed. In such cases, we will inform you of the need for verification and what information is required.

Fees: In general, we will handle your reasonable requests free of charge. However, we may charge a reasonable fee if a request is clearly unfounded, repetitive, or excessive. If we decide a fee is necessary, we will explain why and will process the request once the fee is paid. Likewise, for additional copies of your personal data beyond the first copy you request, we may charge a minimal administrative fee as permitted by law.

Limitations: Please note that these rights are not absolute. In certain circumstances, we may be unable to fulfill your request — for instance, if fulfilling it would interfere with our legal obligations or the rights of other individuals. If we refuse a request for legitimate reasons, we will provide you with an explanation. We will also inform you of your right to complain to a supervisory authority if you believe our decision is not justified.

Automated Decision-Making and Profiling

In order to safeguard our platform and comply with legal requirements, Meadow Link may use automated decision-making processes, including profiling, as part of our services. This means that certain decisions regarding your account or transactions might be made by computer algorithms rather than manual review. We primarily use these techniques to help prevent fraud, money laundering, or other abusive or illegal activity on our platform.

For example, we may automatically analyse your registration information, identification documents, transaction history, and behaviour on the platform to detect patterns that could indicate fraudulent activity or increased risk. These automated systems help us quickly flag suspicious accounts or transactions for further review. This processing is necessary for us to provide a secure service and to meet our regulatory obligations as a VASP (such as AML compliance).

Automated decisions and profiling are never used to make final decisions that would significantly affect you without some form of human oversight. If an automated alert or decision impacts your ability to use our service (for instance, if a transaction is delayed or an account is suspended due to an automated fraud detection system), our team will review the situation. You will also have the right to contact us to express your point of view or contest the decision.

If you believe that any automated decision-making or profiling in relation to your data is unfair or has negatively affected you, please contact us at support@m-link.io. We will provide you with information about the logic involved in the decision-making process (to the extent allowed by law and without revealing our security measures) and we will consider your request for human intervention or review of any decision made solely by automated means.

Security Measures

We take the security of your Personal Data very seriously. Meadow Link has implemented a variety of technical and organisational measures (often referred to as “TOMs”) to protect your information from unauthorised access, loss, misuse, or alteration. These measures are designed to provide a level of security appropriate to the risk of processing your Personal Data. They include, for example, encryption of data in transit and at rest, firewalls and intrusion detection systems, access controls to limit access to data on a need-to-know basis, regular security audits, and staff training on data security.

Our security measures are kept up to date with regard to current best practices and legal requirements. We regularly review and update our procedures to address new threats or vulnerabilities as they become known, and to ensure ongoing confidentiality, integrity, and availability of personal data.

If we engage third-party service providers (for example, cloud computing providers or identity verification services) and need to share personal data with them, we require through contracts that they also implement appropriate security measures to protect your information. They must treat your data with the same care and diligence as we do and in accordance with applicable data protection laws.

Please note that, while we strive to protect your Personal Data, no system can be 100% secure. However, we continually work to improve our safeguards to keep your data safe. You also play a role in security – we encourage you to use strong passwords for your accounts, never share your account credentials with others, and notify us immediately if you suspect any unauthorised access to your account or Personal Data.

Data Storage and Retention

Where We Store Data: Your Personal Information is stored on secure servers located within the European Union. We choose data centres and service providers that meet stringent security and privacy standards. By keeping data within the EU, we ensure that it is protected under European data protection regulations and that appropriate safeguards are in place.

Data Retention Period: We will not keep your Personal Data for longer than is necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law. In general, if you close your account or if it becomes inactive, we will retain your data for a defined retention period. As a rule, we retain data for five (5) years after the closure of your account. This retention timeframe may be required to comply with laws applicable to Meadow Link (for example, anti-money laundering laws in Poland and the EU often mandate that certain transaction and identification records be kept for five years). We may also retain data as necessary for other legitimate business purposes, such as handling any disputes, enforcing our agreements, or maintaining security.

After the applicable retention period has elapsed, and provided we have no further legal obligation or legitimate interest to retain your information, we will either delete it securely or anonymise it (so that it can no longer be associated with you). For example, rather than outright deletion, we might anonymise certain transaction records so they can be used for statistical purposes without identifying you.

Disposal of Data: When deleting Personal Data, we take appropriate measures to ensure that the information cannot be reconstructed or retrieved. Electronic files are purged using secure deletion methods, and any physical documents are shredded or incinerated under controlled conditions.

If for technical reasons (e.g., in backups) we cannot immediately delete some information, we will take steps to securely isolate it and prevent any further processing until deletion is possible.

Our Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our privacy practices and ensure our ongoing compliance with data protection laws, including the GDPR. The DPO’s role is to serve as an expert on data protection within our company, advise us on our obligations, and act as a point of contact for data subjects and supervisory authorities.

You may contact our DPO directly with any questions, concerns, or requests regarding your Personal Data or this Privacy Policy. To reach our DPO, please send an email to support@m-link.io and include the subject line “Attn: Data Protection Officer” (or indicate in the body of the email that your message is for the DPO’s attention). This will ensure that your inquiry is handled by the appropriate person with due priority.

Our DPO will treat your inquiry confidentially and will work with you to address any issues you raise. Please feel free to reach out to the DPO if, for example, you have a concern about how we are handling your data, if you want to report a potential security or privacy incident, or if you need more information about how to exercise your data protection rights.

Questions, Concerns, and Complaints

If you have any questions or concerns about this Privacy Policy or how Meadow Link handles your Personal Data, we encourage you to contact us so we can address them. You can reach us by email at support@m-link.io. We will do our best to respond promptly and resolve any issues to your satisfaction.

Lodging a Complaint with a Regulator: If you are not satisfied with our response or believe we are processing your Personal Data in a way that is not in accordance with the law, you have the right to file a complaint with a data protection supervisory authority. Meadow Link is regulated in Poland, so our lead supervisory authority is the Polish Personal Data Protection Office (Urząd Ochrony Danych Osobowych, often abbreviated as UODO). You can contact the Polish data protection authority using the following details:

Personal Data Protection Office (UODO)
Street Address: ul. Stawki 2, 00-193 Warsaw, Poland
Phone: +48 22 531 03 00
Email: kancelaria@uodo.gov.pl
Website: https://uodo.gov.pl/en

Alternatively, if you reside in another country within the European Economic Area (EEA), you may contact your local data protection authority. A list of national data protection authorities in the EU is available on the European Data Protection Board (EDPB) website.

We value the trust you place in us with your Personal Data, and we will fully cooperate with the relevant authorities to resolve any complaints. Your feedback is important, as it helps us improve our services and privacy practices.

Changes to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or to ensure compliance with legal requirements. If we make material changes to the way we collect or use your Personal Data, or to any other aspect of the Policy, we will notify you in an appropriate manner. This may include: posting a prominent notice on our website, sending you an email notification (if we have your email on file), or providing an in-app notification if applicable.

The “Last updated” date at the top of this Policy indicates when the latest revisions were made. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you do not agree with any updates or changes, you should stop using our services and may request that we remove or deactivate your account and Personal Data (subject to our retention obligations described above).

Your continued use of our website or services after the effective date of the updated Privacy Policy will constitute your acknowledgement of the modified Policy. We will always maintain the latest version of this Policy on our website for you to access at any time.

Meadow Link Sp. z o.o. is dedicated to safeguarding your personal information and maintaining transparency about our data practices. Thank you for reading our Privacy Policy. If you have any further questions, please do not hesitate to contact us.