SwissBorg Token Exchange Ltd, a company with a registered office in Malta, holder of company number C 88877 (hereinafter referred to as “we”, “our”, “us” or the “Company”) is the “Controller”, “Controller of Data” or “Data Controller” under the terms of the Maltese Data Protection Act 2018 and the EU Regulation 2016/679. SwissBorg Token Exchange Ltd’s product is the Community App, hereinafter referred to as “the Application” or “App” or “Community Application” or “Community App”.
The security and protection of your Personal Data is one of our top priorities, and we are committed to protecting and respecting your privacy and managing your Personal Data transparently and in a fair and lawful manner.
This policy, together with our terms and conditions of use and any other documents referred to herein sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. Please read the following to understand our practices in processing your data, as well as your rights regarding your Personal Data and how we will treat it.
Should you have any queries, concerns, requests or complaints in relation to the manner in which we process your Personal Data, you may contact us by email on firstname.lastname@example.org. You also have the right to lodge a complaint before the Information Commissioner’s Office with regard to matters concerning your Personal Data.
The Company shall collect Personal Data from natural persons who are users of the SwissBorg’s Community App as members of the community (hereinafter referred to as the “User” or “Users”).
- ‘Consent’ shall mean any freely given, specific and informed indication of his or her wishes by which a Data subject signals agreement to the Processing of Personal Data relating to him or her.
- ‘Data controller’ shall mean the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data and who is in charge of this Processing.
- ‘Data subject’ shall mean natural persons whose data is processed, whether it is a User or a Person who downloaded the application and registered his Personal Data on the application.
- ‘Disclosure’ shall mean making Personal Data accessible, for example by permitting access, transmission or publication.
- ‘Personal Data’ shall mean all information relating to an identified or identifiable person. For the purposes of the application, the following Personal Data will be required: your first name; your last name; a valid e-mail address; your phone number; a login name and a password to access the account.
- ‘Personal Data breach’ shall mean a breach of security leading to the accidental or unlawful destruction, loss or alteration of – or to the unauthorized Disclosure of, or access to – Personal Data transmitted, stored or otherwise processed.
- ‘Processing’ shall mean any operation or set of operations – by automated and other means – that is performed upon Personal Data or sets of Personal Data, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmitting, disseminating or otherwise making available, aligning or combining, or erasing.
- ‘Recipient’ means third, public authority, agency or other body – that is, someone or something other than the Data subject or the Controller – to which the Personal Data is disclosed.
2.1. SwissBorg Token Exchange Ltd. provides this Policy to describe its procedures regarding the Processing of Personal Data collected while using the Community App. This Policy shall apply to any use of the App, whatever the method or medium used. It gives details on the conditions at which SwissBorg Token Exchange Ltd. may collect, keep, use and save information that relates to you, as well as the choices that you have made in relation to the Collection, Utilisation and Disclosure of your Personal Data.
3.1. By using the App, you acknowledge that the Community App may collect and process a certain Personal Data that relates to you and that you have read and understood this Policy and agree to be bound by it and to comply with all Applicable Laws and regulations. If you do not agree with the terms of this Policy, please do not submit any of your Personal Data and refrain from using the App.
4. Principles for processing Personal Data
We will always keep your Personal Data private and safe and we will never sell your Personal Data. While Processing Personal Data, SwissBorg Group and its Affiliates will respect the following general principle:
4.1. Fairness and lawfulness: when Processing your Personal Data, your individual rights will be protected. Your Personal Data will be collected and processed lawfully, in a fair manner, in good faith and proportionally to the objective.
4.2. Restriction to a specific purpose: Personal Data handled by us will be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the Personal Data collected is not excessive for the purpose for it is collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.
4.3. Transparency: The Data subject must be informed of how his/her Personal Data is being handled. When the Personal Data is collected, the Data subject must be informed of:
- the existence of the present Policy;
- the identity of the Data controller;
- the purpose of Personal Data Processing;
- third-parties to whom the data might be transmitted.
4.4. Consent of the Data subject
Personal Data must be collected directly from the individual concerned and the Consent of the Data subject may be required before Processing Personal Data. The Consent must be obtained in writing or electronically for the purposes of documentation. The Consent is valid only if given voluntarily. If, for any reason, the Consent of the Data subject is not given before Processing Personal Data, this one should be secured in writing as soon as possible after the beginning of the Processing.
Personal Data can be processed without Consent if it is necessary to enforce a legitimate interest of the Company. Legitimate interests are generally of a legal (e.g. filing, enforcing or defending against legal claims) or financial (e.g. valuation of companies) nature. The Processing of Personal Data is also permitted if national legislation requests, requires or allows this.
4.5. Accuracy: Personal Data kept on file must be correct and if necessary, kept up to date.
5. Collection of Data
5.2. Changes: You are responsible to provide us with Personal Data that is correct and inform us of any changes occurring in your data in writing, in order for us to be able to take all reasonable measures to keep our records in your regard accurate and up to date. You have the choice, at any time, not to provide your Personal Data to the Community App; however, do note that failure to provide such Personal Data for us to process may result in being denied the possibility to use the Community App and being unable to continue to provide our products or services to you or pursue any contractual relationship which may be in place between us.
5.3. Personal Data you give us: You may give us Personal Data about you by filling in any forms on the Community App, participating in the Competition, subscribing to a newsletter or by corresponding with us by phone, e-mail or otherwise. This includes Personal Data you provide when you register on the application, use our services or when you report a problem with the App. The Personal Data which you may provide us may include (depending on the nature of your interaction with us) your name, your surname, mobile number, e-mail address, identification.
5.4. Personal Data and information we collect about you: with regard to each of your logins to our App, we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your smartphone to the Internet, your login information, time zone setting, browser plug-in types and versions, operating system and platform. An IP address is a number that is automatically assigned to your smartphone when you signed up to an Internet Service Provider. When you log in to our App, your IP address is automatically logged in to our server. We use your IP address to help diagnose problems with our server and administer our App.
- Data or information regarding any activity which would be carried out by the User on the App, as well as any data or information which results from the participation in the activities within the App and whilst browsing through the App
- If you contact us or we contact you using the telephone, we may monitor or record the phone call for quality assurance, training and security purposes.
5.5. Personal Data we receive from other sources
In case we receive Personal Data from other sources, we will have informed you when we collected data, that it may be shared internally and combined with data collected on this application. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Apart from Personal Data, we may collect other types of information which is not related to an individual and which is anonymous. For example, the number of logins within the App, as well as the order to download the application from any application store where the Community App may be downloaded. By collecting this type of information, we aim at improving our customer services.
This policy applies to all information which is received during your visit to or use of the Website, when you subscribe to our newsletter, when you become a User and/or when you participate to a Referendum.
6. Use of Data
6.1. The following paragraphs describe the various purposes for which we use your Personal Data. Please note that not all of the uses below will be relevant to every individual.
6.2. Generally, the main reason why we collect Personal Data is to enable you to use the application and to take part in the competition, to transfer your tokens to your account once the competition is over, to keep a details list of the Users who participate in the Competition, to keep you updated about the result of the competition and/or advances of the SwissBorg Wealth Management Application (v.1). If you contact us via email to the contacts set out in the terms and conditions of the Community App or on the Community App itself, we will keep a record of that correspondence.
6.3. We collect and process your Personal Data, including data provided by yourself, data we collect about you and data provided by third parties in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act (2018) in the following ways upon the following grounds:
- For the fulfilment of contractual obligations entered into between you and us and to provide you with the information, products and services that you request from us;
- For the fulfilment of legal obligations and legal compliance;
- To notify you about changes to our service;
- To ensure that content from our application is presented in the most effective manner for you and for your mobile phone;
- To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- To provide you, or permit specific third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail, SMS or through the application’s messaging channels) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you, subject to your consent. We will also contact you by electronic means to inform you when the SwissBorg Wealth Management App (v.1) will be launched and is made available for the public. If you are a new customer, and where we permitted selected third parties to use your data, we (or they) will contact you by electronic means only subject to your consent.
6.4. If you do not want us to use your data in this way, or to pass your details on to specific third parties for marketing purposes, you have the right to withdraw your consent at any time by writing by email on email@example.com. Withdrawal of consent does not affect the legality of data processed prior to such withdrawal:
To safeguard legitimate company interests which requiring processing beyond the fulfilment of contractual obligations such as:
- Processing of Personal Data for the purposes of our daily operations including billing and debt collectings;
- Processing of Personal Data for market research, statistical purposes and service and product development;
- Processing of your data for the protection of the company’s legal position in the event of legal proceedings;
- Processing for the purpose of ensuring network and information security, including preventing unauthorized access to electronic communications networks and stopping damage to computer and electronic communication systems;
- Processing for the purpose of reporting possible criminal acts or threats to public security to competent authorities;
- To administer our application for internal operations, including troubleshooting, data analysis, testing, research statistical and survey purposes;
- To improve our application to ensure that content is presented in the most effective manner for you and for your computer;
- To allow you to participate in interactive features of our services, when you choose to do so;
- As part of our efforts to keep our application safe and secure;
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- To make suggestions and recommendations to you and other users of our applications about goods or services that may interest you or them;
- For accurately carrying out and confirming your instructions, for training purposes and/or in order to improve the quality of our customer services. Such data shall include calls, email communication and online chats.
6.5. You shall have the right to object to any of the above-mentioned legitimate company interests as a basis for the processing of Personal Data by contacting us by email on firstname.lastname@example.org. If you submit any objection, we will no longer process your Personal Data unless we can give evidence of mandatory or legitimate reasons for processing, or processing serves the enforcement, exercise, or defence of our company’s legitimate interests.
7. Third Party Disclosure
7.1. We disclose your Personal Data with AWS Amazon Cloud Computing Services.
7.3. Your Personal Data may also be provided to trusted third party processors for the customer care and client communication services, credit reference, fraud prevention, business scoring, credit scoring, placing of monetary deposits, transfer of payments, debt collection and recovery.
7.5. We may share your Personal Data with any member of our group of companies, which means our subsidiaries and our ultimate holding company and its subsidiaries.
7.6. We may share your Personal Data with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them.
- Analytics and search engine providers that assist us in the improvement and optimization of our App.
- We may disclose your Personal Data to third parties for the purpose of fulfilling legitimate company interests:
- In the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets;
- If SwissBorg Token Exchange Ltd. or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets;
- For the purposes of billing, debt collecting, credit rating and verification and fraud prevention;
- For the protection of the company’s legal position in the event of legal proceeding.
- In the event that the company is dissolved and liquidated, this data will be transferred to any parent or affiliate company of SwissBorg Token Exchange Ltd.
7.8. We will ensure that all companies to which we disclose your Personal Data will only process it in accordance with our instructions and on our behalf, and may only use such data to the extent to which we ourselves are entitled. All such companies and third parties will further be required by us to meet the requirements of data protection legislation and our strict privacy and retention policies to keep your data secure at all times.
7.9. We may, if necessary or authorized by law, provide customer data to law enforcement agencies, regulatory organisations, courts or other public authorities. We attempt to notify our customers about legal demands for their Personal Data unless prohibited by law or court order, or when the request is an emergency. We may dispute such demands when we believe that the requests are disproportionate, vague or lack proper authority, but we do not promise to challenge every demand.
7.10. Your Personal Data shall not be processed for purposes other than those it was collected for; should further processing be required, you will be informed of that purpose and provided with necessary information.
7.11. You shall have the right to object to any of the above-mentioned legitimate company interests as a basis for the processing of Personal Data by contacting our Senior Regulatory Officer by email on email@example.com. If you submit any objection, we will no longer process your Personal Data unless we can give evidence of mandatory or legitimate reasons for processing, or processing serves the enforcement, exercise, or defence of our company’s legitimate interests.
7.12. Unless otherwise stated, the third parties who receive data from us, are prohibited to use this Personal Data beyond what is necessary to provide the product or service to you, directly or by participating in the Community App activities.
8. Storage of your Personal Data
8.1. The security of your Personal Data is our priority. We take all physical, technical and organizational measures need to safeguard Personal Data. We will use all reasonable efforts to protect your information in a highly secure data centre, adhering to strict computer security standards. We have put in place privacy protection control systems designed to ensure that our customers’ information remains safe, secure and private.
8.4. Unfortunately, the transmission of our information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your risk. Once we have received your data, we will use strict procedures and security features to try prevent unauthorized access.
8.5. In line with applicable law, we shall, where lawfully obliged, notify the competent authorities and/or you in cases of Personal Data breaches and will keep a log of any such breaches.
9. Retention of your Personal Data
9.1. We will process and store your Personal Data for as long as necessary in order to fulfill our contractual, regulatory and statutory obligations. We will assess and respond to requests to delete data and we shall accordingly delete data provided that the data is no longer required in order to fulfill contractual, regulatory or statutory obligations, or the fulfillment of any obligations to preserve records according to law.
9.2. We will normally retain your records for a minimum of five years to comply with legal, regulatory and contractual requirements unless there is the particular reason to hold the records for longer; your Personal Data may be retained for longer periods in the event of prospective or pending debt collecting, legal or law-enforcement proceedings and until such proceedings are formally and definitively concluded.
10. Security of your Personal Data
We apply high industry standards and will always apply adequate technical and organisational measures, in accordance with applicable laws to ensure that your data is kept secure. In the event of a Personal Data breach, we shall without undue delay, and not later than 72 hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Company shall communicate this breach to you, if it is feasible, without undue delay.
11. Access to your Personal Data and Information Rights
11.1. In relation to your Personal Data, you have the right to:
- Access to your Personal Data;
- The rectification of your Personal Data;
- Restrict processing;
- Object to processing;
- Data portability;
- Request erasure of your Personal Data.
11.2. You shall also have the right to ask us not to process your Personal Data for marketing purposes, including receiving our newsletter. Before collecting your data, we will seek your explicit consent if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can withdraw your consent by contacting our Regulatory Officer by email on firstname.lastname@example.org.
11.3. Access to Data: You have the right to request, free of charge, access to and a copy of your Personal Data as processed by us. The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, we may charge you a reasonable request fee according to applicable laws.
11.4. We may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
11.5. Automatic Decision Making: in establishing and carrying out our business relationship, we generally do not make use of automated decision making. If we use this procedure in individual cases, we shall inform you of this separately, provided it is a legal requirement.
12. Portability of your Data
12.1. You also have the right to receive your Personal Data, which you have provided to us with, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance. This right can be exercised by contacting us through our contact form or writing to us on email@example.com, attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
12.2. The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, we may charge you a reasonable request fee according to applicable laws.
12.3. We may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
13. Privacy by Design and by Default
13.1. SwissBorg Token Exchange Ltd. will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the Processing in order to meet the requirements of the GDPR and protect your rights.
13.2. We will implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which is necessary for each specific purpose of the Processing is processed. This obligation applies to the amount of your Personal Data we collect, the extent of its Processing, the period of storage and their accessibility.
14. Contacting the Company and Complaints
14.1. We hope to be able to answer any questions or concerns you have about your Personal Data. You can get in touch with us at the postal address or email address given in section 17 hereafter.
14.2. You also have the right to make a complaint if you feel your Personal Data has been mishandled or if the Company has failed to meet your expectations. You are encouraged to contact the Company about any complaints or concerns but you are entitled to lodge a complaint directly before the Office of Information and Data Protection Commissioner with regard to matters concerning Personal Data.
To ask questions or make comments on this Policy or to make a complaint about our compliance with applicable privacy laws, please contact us through:
- our email address: firstname.lastname@example.org ; or
- our address: 20-22, Wenlock Road, London, England, N1 7GU
We will acknowledge and investigate any complaint pursuant to this Policy.