The security and protection of your Personal Data (as defined under Section 1 of this Policy) is one of the top priorities of SwissBorg Solutions OU, a company duly incorporated under the laws of Estonia, bearing registration number 14769371, with registered address at Roosikrantsi tn 2-1091 Kesklinna linnaosa, Tallinn Harju maakond 10119 and of SwissBorg Invest SA, a company duly incorporated under the laws of Switzerland, with registered office at Rue du Grand-Chêne 8, 1003 Lausanne, Switzerland and with registration number CHE-499.067.328 (both referred to as “SwissBorg”, “Company”, “We”, “Us”, “us” or “we”). SwissBorg Solutions OU operates the SwissBorg Wealth Application (the “App”) that is available on the iOS App Store or Google Play Store.
SwissBorg Solutions OU has a license for a provider of a Virtual Currencies wallet service (license number FRK001069) and for providing services of exchanging Virtual Currency against a fiat currency (license number FVR001182).
If You are a not a Swiss User the data controller is SwissBorg Solutions OU and if You are a Swiss User the data controller is SwissBorg Invest SA.
The Company shall collect Personal Data from natural persons who download and browse through the App without registering in order to make use of the Services in it (the “Visitor(s)”) and from natural persons who register on the App and are located in Switzerland.
This is why We use privacy by default standards and undertake to store and Process (as defined in Article 1 hereunder) your Personal Data in a secured manner and to Process your Personal Data with all appropriate care and attention in accordance with the Federal Act on Data Protection (RS 235.1) (the “FADP”), the Ordinance on the Federal Data Protection Act (RS 235.11) (the “OFADP”) and, where applicable, the General Data Protection Regulation (the “GDPR”).
The Company provides this Policy to describe its procedures regarding the Processing and Disclosure of Personal Data collected by the Company while using the App. This Policy shall apply to any use of the App, whatever the method or medium used. It details the conditions at which the Company may collect, keep, use and save information that relates to the User and Visitor, as well as the choices that You have made in relation to the collection, utilization and Disclosure of your Personal Data.
While using and/or registering on the App the Company may Collect and Process a certain number of Personal Data. This Policy shall apply to any use of the App, whatever the method or medium used. It details the conditions at which, We may Collect, keep, use and save information that relates to You, as well as the choices that You have in relation to the Collection, utilization and disclosure of your Personal Data.
By using the App, You acknowledge that You have read and understood this Policy and agree to be bound by it and to comply with all applicable laws and regulations.
The Company may modify this Policy from time to time and will post the most current version on the App. You will be notified by email and You will be asked to Consent to these modifications before they become applicable. Before accessing and/or continuing to use the App, You shall first Consent to the terms of this Policy and any amended versions to this Policy. Where We require your Consent to Process your Personal Data, You will be asked to give your Consent to the Collection, use, and disclosure of your Personal Data.
- PRINCIPLE FOR PROCESSING PERSONAL DATA
While Processing Personal Data, the Company will respect the following general principles:
- Fairness and lawfulness;
When Processing Personal Data, the individual rights of the Data Subjects must be protected. Personal Data must be Collected and Processed lawfully, in a fair manner, in good faith and must be proportionate to the objective.
- Restriction to a specific purpose;
Personal Data handled by the Company shall be adequate and relevant to the purpose for which they are Collected and Processed. This requires, in particular, ensuring that the types of Personal Data Collected are not excessive to the purpose for which they are Collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.
The Data Subject must be informed of how his/her Personal Data is being handled. When the Personal Data is collected, the Data Subject must be informed of:
- the existence of the present Policy;
- the identity of the Data Controller;
- the purpose of Personal Data Processing;
- how, where and by whom the Personal data is being Processed;
- third-parties to whom the Personal data might be transmitted.
- Consent of the Data Subject
Personal Data must be Collected directly from the Data Subject concerned and the Consent of the Data Subject may be required before Processing Personal Data. The Consent must be obtained in writing or electronically for the purposes of documentation. The Consent is valid only if given voluntarily. If, for any reason, the Consent of the Data Subject is not given before Processing Personal Data, the Company should be informed in writing as soon as possible after the beginning of the Processing.
Personal Data can be Processed without Consent if it is necessary to enforce a legitimate interest of the Company (hereinafter referred to as “Legitimate Interest”). Legitimate Interests are generally of a legal (e.g. filing, enforcing or defending against legal claims, any duties which may arise from any licensing obligations) or financial (e.g. valuation of companies) nature. The Processing of Personal Data is also permitted if national legislation requests, requires or allows this.
Further information regarding the Consent and the Legitimate Interest is provided in Section 6.2.
Your Consent for the collection and Processing of your Personal Data by the Company in accordance with this Policy is given once the Users tick the two boxes in the pop-up window which states:
- “I understand and expressly Consent that the Company collects and Processes my Personal Data as Data Controller and that my Personal Data may be transferred to the Company’s country of domicile for Processing purposes or in the European Union”.
Personal Data kept on file must be correct and if necessary, it must be kept up to date. Inaccurate or incomplete Personal Data should not be kept on file and deleted.
- COLLECTED DATA
This Policy applies to all information which is received during your use of the App, when You fulfill the on-boarding procedure for becoming a User and/or when you simply visit the App. It is important to understand that We may Collect this Personal Data at different stages throughout your interaction or use of the App and some Personal Data can be Collected just by logging into the screens of the App (referred to as the “Collected Data”). In particular, the Company will collect the following Personal Data:
- KYC & AML data
The KYC/AML data, which is specified in the Terms under Section 7.2.2, will be used and retained in order for the Company to be able to fulfill our legal obligations as with any regulatory authority and self-regulatory association or authority before on-boarding You on the App. Some of our Services are subject to laws and regulations requiring Us to Collect and use your personal identification information, formal identification information, financial information, transaction information, employment information, online identifiers, and/or usage data in certain ways.
The Company Collects your Personal Data in order to comply notably to the Swiss Federal Act on Combatting Money Laundering and Terrorist Financing (RS 955.0); FINMA Anti-Money Laundering Ordinance (AMLO-FINMA; SR 955.033.0); “Video and online identification - Due diligence requirements for client onboarding via digital channels” FINMA Circular 2016/7 which entered into force on March 8th, 2016; the Federal Act on Financial Services (RS 950.01); the Federal Act on Financial Institutions (RS 954.1) and the Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers (also referred to as the “FATF Guidance for VASPs”) and their subsequent amendments.
- User Suitability data
Your User Suitability data, which is specified in the Terms under Section 7.2.3., will also be used and retained in order for Us to be able to fulfill our legal obligations, to ensure that We can provide You with more relevant information, to better understand your preferences, to be able to verify if You are eligible to use our Services and if You have sufficient knowledge to use our Services. Your answer to the suitability questions and if You have already are invested in Virtual Currencies are used to enable us to verify if You are eligible to make use of the Services offered through the App.
- Financial Data
The Company may Collect or may Process the Personal Data, in the event that You will carry out any deposits or withdrawals to/from the following sources, including but not limited to:
- Fiat Assets account origin;
- the global balance in your User account at any given time;
- the Virtual Currency balance in your User account at any given time;
- how, where and by whom the Personal Data is being Processed;
- third-parties to whom the Personal Data might be transmitted.
Your Financial data will be used by the Virtual Currencies Custodian or Fiat Custodians to enable You to deposit or withdraw Fiat Assets, Virtual Currencies or CHSB Tokens on the App as described in Section 7 of this Policy.
- Transaction Data
The Company may Collect the following Personal data depending on when You execute a Transaction and/or the use the Company’s support services, including but not limited to:
- Transaction details;
- User Account Audit Logs;
- User Account Communication Logs;
- User Account Level;
- Displayed Currency;
- your External Wallet address;
- your International Banking Account Number (IBAN) details;
- the digital assets, the balance available and any details available in your External Wallet address.
Your Transaction data will also be used and retained in order for us to be able to fulfill our legal obligations as well as for the purpose of ensuring that any Transactions carried out through the use of the App can be reconciled and settled. The Transaction data will also be used in order to reconcile your transactions within our accounting records with the Financial Data in order to have a clear and accurate understanding of your Orders and User Account balance.
- App Interaction Data
The Company may Collect the following Personal Data, including but not limited to:
- Device Provisioned;
- Device Provisioned (when created at);
- Device Provisioned (last use);
- Paper Key (created at);
- Paper key (last use).
The Company will never be in possession of your Paper key.
The Company transfers your Personal Data to SwissBorg Solutions OU who processes the Personal Data on its behalf a company duly incorporated under the laws of Estonia, bearing registration number 14769371, with registered address at Roosikrantsi tn 2-1091 Kesklinna linnaosa, Tallinn Harju maakond 10119.
- Affiliate Program
If You wish to become an Affiliate You shall fill in the form available on the Website at https://swissborg.com/affiliate-program-application. If You choose to do so, We will collect the following informations on You:
- Your personal email address;
- Full name;
- Company name;
- Size for active network;
- Phone number;
- Language; and
- Country of residence.
By filling out this form You confirm that the information you have provided is accurate and up to date.
We collect this information in order to be able to provide You with our services.
If You want to make a change in the information You have provided to us, whether this implies updating or deleting it, please feel free to contact us via email and we will be more than happy to assist You.
- USE OF COLLECTED DATA
The following paragraphs describe the various purposes for which We Collect and Process your Personal Data, and the different types of Personal Data that are Collected for each purpose. Please note that not all of the uses below will be relevant to every User.
- Consent for Use of Personal Data
You Consent to the following uses of your Personal Data:
- For the purposes of Services: The Company will use Collected Data to provide You with a better service, included but not limited to:
- communication with You to provide You with information about new Services available;
- answer to questions and comments that You might have regarding the use of the App;
- prevent potentially prohibited or illegal activities;
- conduct research and compile statistics on usage patterns;
- process Orders;
- manage the Accounts;
- enforce the Terms;
- comply with any obligations which the Company is obliged to comply with by virtue of any regulations, guidelines or laws which apply to the Services rendered through the App;
- provide personalized support to You.
We cannot provide You with Services without being able to use and Process your Personal Data. We Process your Personal Data when You contact Us to resolve any questions, disputes, Transaction fees, or to solve any problems which may arise within the Services or through the use of the App. We may Process your information in response to another User’s request, as relevant. We Process your Personal Data to provide a personalized experience and implement the preferences You request. For example, You may choose to provide Us with access to certain Personal Data stored by third parties.
- Customer Service: You Consent that We use any of the Collected Data for customer service purposes, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. technical issue, question/complaint, general question, etc.).
- Internal Research: You Consent that We use your Collected Data, in accordance with applicable laws, for other general business purposes, such as conducting internal marketing and demographic studies and measuring the effectiveness of advertising campaigns. You Consent that We also use your Personal Data for security purposes.
- Marketing: Based on your communication preferences, You Consent that We may use your email in order to send You marketing communications, including our newsletter, in order to inform You about our events or our partner events; to deliver targeted marketing and to provide You with promotional offers based on your communication preferences. We use Personal Data about your usage of our Services and your contact information to provide marketing communications, including but not limited to promotions, special offers and other information, personalize the promotional offers, in particular based upon their activity and their transaction history in order to use push notifications. You can opt-out of our marketing communications at any time. We send administrative or account-related information to You to keep You updated about our news (provided You have subscribed to our newsletter) or inform You of relevant security issues or updates to the App, changes of the Terms or to this Policy or provide other transaction-related information. Without such communications, You may not be aware of important developments relating to your Account that may affect how You can use our Services.
- Legitimate Interest
The following are the applicable Legitimate Interests;
- Cyber Security: The Visitor’s Data is used in order to know who downloaded the App, to ensure that there is no cyber-security threat, to ensure your User Account security, and in order to have an initial verification of the User that downloads the App. It can also be used in order to communicate with You throughout your interaction with the App. We use your geographical location information in order to ensure that the Services will not be used in a country/area where it is expressly prohibited for the App to be used;
- Compliance with FATF Guidance for VASP: You Consent that your Collected Data shall be sent to financial institutions, and in the case of Virtual Currency Transactions, to other VASPs, or any company on the basis of the FATF Guidance for VASPs in order to ensure that preventive measures are in place in order to hold, obtain and transmit the information regarding from where the Virtual Currencies and Fiat Assets originate and who the beneficiary will be;
- Compliance with laws and regulations: By using the App, you understand that the Company has the legitimate interest to Process the following Personal Data in order to ensure a legal utilization of the App in the full respect of the laws and suitable regulations.
In the event that the Company or its assets are acquired by, or merged with, another company including through bankruptcy, We may share your Personal Data with any of our legal successors, we may share/assign your Personal Data with any of our legal successors, We may also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency, national authority or self-regulatory association or agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement in force.
You may revoke your Consent at any time for any use of your Personal Data by the Company. Please note that the withdrawal of your Consent will not affect the lawfulness of the Processing of your Personal Data based on your Consent before its withdrawal. The consequences of not Processing your Personal Data for such purposes is the termination of your Account as We cannot perform our Services in accordance with our Terms.
- Financial Data
- Financial Data for Fiat Assets
You agree that the Company processes payments via the Fiat Custodian and that there are instances where You or We will be transmitting your Personal Data and Financial Data to the Fiat Custodian who will be Processing the Financial Data for the sole purpose of making the transaction. You expressly agree to send your Financial Data to the Fiat Custodian, as well as send all information which the latter may require from You.
The Company makes available Financial Data and Personal Data to the Payment Provider in order to ensure that the Order execution Services which are provided on the App are provided in an efficient manner and in compliance with any laws which may apply to the Services carried out by the Company through the App. Kindly be aware that if You withdraw your consent, You will be effectively unable to benefit from the Services offered on the App.
The Company shall in no way or manner be held liable for any delay in the banking authorization relating to your failure to send the Financial Data or Personal Data which may be requested from the Fiat Custodian or of any damage or loss which may arise in relation with the transaction made via the App. The following paragraphs describe the various purposes for which the Company uses your Personal Data. Please note that not all of the uses below will be relevant to every individual.
- Transaction Data for Virtual Currencies
Any transfer of Virtual Currencies from an External Wallet address to Virtual Currencies Custodian will be recorded on indelible distributed ledger. You understand and acknowledge that records of the transfers on the distributed ledger and the information related to the transfer is transmitted to various nodes. Furthermore, it cannot be amended since distributed ledger technology and smart contracts operate in a manner which does not allow for any deletion or erasure to occur and that through encryption and cryptography, the information on the transaction shall also be made public on the blockchain.
- DATA DISCLOSURE
The Company shall disclose your Personal Data in order for it to be Processed by SwissBorg Solutions OÜ for the purposes of providing the Services on the App, including the KYC Process. in particular if We are requested to do so to comply with a court order or law enforcement authorities request, or if We find it necessary, as determined in the Company’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest or as otherwise required or permitted by law.
In any case where cross-border transfer is done, the Company ensures that an adequate protection is guaranteed for Personal Data to be transferred outside of Switzerland and the European Economic Area (the “EEA”) using Data Transfer Agreements, Data Processing Agreements based on Standard Contractual Clauses which are issued by the European Commission. You shall be informed of this cross-border transfer in the event that it occurs.
In some specific cases when this level of protection is not guaranteed, the Company will obtain your prior Consent or establish with the Recipient of Personal Data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting the Company.
Unless otherwise stated, the third parties who receive data from the Company are prohibited to use this Personal Data beyond what is necessary to provide the product or service to you, directly or by participating in the Company’s activities. We shall disclose your Personal Data or any of the Collected Data to the following:
- SwissBorg’s Staff
Our staff use and Process usually Personal Data in order to ensure a consistently high service standard and in line with our internal regulations. The KYC/AML Data as defined in Section 5a shall be disclosed with the Company’s compliance officer and any employee or subordinate who shall carry out the instructions of the compliance officer.
- Service providers
As indicated previously within this Policy, You Consent that We may also share Personal Data with our suppliers and other business partners who provide services to Us, such as IT and hosting providers, marketing providers, communication services and printing providers, debt collection, tracing, debt recovery, fraud prevention, and credit reference agencies, KYC/AML, and others. When We do so We take steps to ensure they meet our data security standards and sign confidentiality agreements, so that your Personal Data remains secure.
If our business is sold to another organization or if it is re-organized, Personal Data will be shared so that you can continue to be provided with the Services. We will usually also share/assign Personal Data with prospective purchasers when we consider selling or transferring part or all of our business. We will in such event take steps to ensure such potential purchasers keep the data secure.
You understand and agree that we may need to disclose Personal Data to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others.
- Public or regulatory authorities
If required from time to time, We disclose Personal Data to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.
- Location of Personal Data
For Swiss Users, Your Personal Data will be hosted by Exoscale, with address at Boulevard de Grancy 19A, 1006 Lausanne, Switzerland. You agree that the Company may store your Personal Data in any country of the EEA and in Switzerland based on a data transfer agreement with the Data Controller.
The storage as well as the Processing of your Personal Data may require that your Personal Data are ultimately transmitted to, and/or stored at a destination outside of your country of residence. Where permitted by law, by accepting the terms of this Policy, You accept that this transmission and disclosure may occur transmission, storing and/or Processing.
The Company requires recipients of Personal Data to comply with appropriate measures designed to protect Personal Data contained within a binding legal agreement. A copy of these measures can be obtained by contacting the Company in writing using the details in Section 18 of this Policy. If and to the extent required by applicable law, We implement the necessary legal, operational and technical measure and/or enter into an agreement with You before such international transfers.
We will duly notify you if your Personal Data is disclosed to any other entities who shall provide Processing Services. All our Processors are GDPR compliant and agreements have been set up between them and Us in order to define exactly which Personal Data are shared and which legal requirements should be applied.
- PUSH NOTIFICATIONS
We may send push notifications on your mobile iOS and Android device even if the App is not open. Our App only uses push notifications if You have given your explicit Consent. You can disable push notifications in settings at any time. If You use an Android device, push notifications are permitted automatically unless You disable this in your settings.
- RETENTION OF YOUR PERSONAL DATA
In accordance with applicable laws, the Company will use your Personal Data for as long as necessary to satisfy the purposes for which your Personal Data was Collected or to comply with applicable legal requirements.
- SECURITY OF YOUR PERSONAL DATA
The Company applies high industry standards and will always apply adequate technical and organizational measures, in accordance with applicable laws to ensure that your data is kept secure.
In the event of a Personal Data breach, the Company shall without undue delay, and where feasible, not later than seventy two (72) hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Company shall communicate this breach to you, if it is feasible, without undue delay.
- ACCESS TO YOUR DATA AND INFORMATION RIGHTS
You have the right to request access to or information about the Personal Data relating to you which are processed by the Company. Where provided by law, You, your successors, representatives and/or proxies may (i) request deletion, correction or revision of your Personal Data; (ii) oppose the data Processing; (iii) limit the use and Disclosure of your Personal Data; and (iv) revoke Consent to any of our data Processing activities, if the Company is relying on your Consent and does not have another legal basis to continue Processing your data.
These rights can be exercised by contacting us through our contact form or writing to us at: firstname.lastname@example.org, attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Company may charge you a reasonable request fee according to applicable laws. The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
- PORTABILITY OF YOUR DATA
You also have the right to receive your Personal Data, which you have provided to the Company with, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company.
This right can be exercised by contacting us through our contact form or writing to us at email@example.com attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Company may charge you a reasonable request fee according to applicable laws.
The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
The User hereby understands, acknowledges and accepts that the content of this Section does not apply to the Transaction data enlisted enlisted hereunder;
- the digital assets located in your External Wallet Address;
- any details available regarding your External Wallet Address;
- the balance available in your External Wallet Address.
- PRIVACY BY DESIGN AND BY DEFAULT
The Company will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the Processing in order to meet the requirements of the GDPR, FADP and OFADP and protect your rights.
The Company will implement appropriate technical and organizational measures, in order to ensure that by default, only Personal Data which are necessary for each specific purpose of the Processing are processed.
This obligation applies to the amount of your Personal Data We collect, the extent of their Processing, the period of storage and their accessibility. These measures will ensure that by default your Personal Data are not made accessible without your intervention to an indefinite number of third parties.
- YOUR RIGHTS
You have a right to ask the Company to rectify inaccurate Personal Data We Collect and Process and the right to request restriction of your Personal Data pending such a request being considered. Where We Process your Personal Data on the basis of your Consent, you have the right to withdraw that Consent at any time. Please also note that the withdrawal of Consent shall not affect the lawfulness of Processing based on Consent before its withdrawal.
You have a right to ask us to stop Processing your Personal Data, or to request deletion of your Personal Data – these rights are not absolute (as sometimes there may be overriding interests that require the Processing to continue, for example), but We will consider your request and respond to You with the outcome.
When Personal Data are Processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing.
You may object to direct marketing by clicking the “unsubscribe” link in any of our emails to you, or by contacting us by writing at the address set out in Section 13. Where We Process your Personal Data on the basis of your Consent, or where such Processing is necessary for entering into or performing our obligations under a contract with you, You may have the right under applicable data protection laws to request your Personal Data be sent to You or to another controller.
You have the right to ask the Company for a copy of some or all of the Personal Data We Collect and Process about You. In certain circumstances the Company may Process your Personal Data through automated decision-making, including profiling if this should occur.
Where this takes place, You will be informed of such automated decision-making that uses your Personal Data, be given information on the logic involved, and be informed of the possible consequences of such Processing. In certain circumstances, You can request not to be subject to automated decision-making, including profiling. You can exercise the rights by contacting us by writing using the details in Section 13 of this Policy.
Right to withdraw Consent. You have the right to withdraw your Consent to the Processing of your Collected Data on the basis of your Consent at any time. Your withdrawal will not affect the lawfulness of the Company’s Processing based on Consent before your withdrawal. It should be noted that the withdrawal of your Consent to Process Personal Data shall limit your possibility to benefit from the Services available on the App. This limitation to the Services shall not be applicable to your withdrawal of Consent to the Processing of Personal Data for marketing purposes.
Right of access to and rectification of your Personal Data. You have a right to request that We provide You a copy of your Personal Data held by us. This information will be provided without undue delay subject to some fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your Personal Data held by the Company that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than You would be violated.
Right to erasure. You have the right to request erasure of your Personal Data that: (i) is no longer necessary in relation to the purposes for which it was Collected or otherwise Processed; (ii) was Collected in relation to Processing that You previously Consented, but later withdraw such Consent; or (iii) was Collected in relation to Processing activities to which You object, and there are no overriding legitimate grounds for our Processing. If We have made your Personal Data public and are obliged to erase the Personal Data, We will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are Processing your Personal Data that You have requested the erasure of any links to, or copy or replication of your Personal Data. The above is subject to limitations by relevant data protection laws.
Right to data portability. If We Process your Personal Data based on a contract with You or based on your Consent, or the Processing is carried out by automated means, You may request to receive your Personal Data in a structured, commonly used and machine-readable format, and to have us transmit your Personal Data directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of your Personal Data.
Right to restriction of or Processing. You have the right to restrict or object to us Processing your Personal Data where one of the following applies:
- You contest the accuracy of your Personal Data that We Processed. In such instances, We will restrict Processing during the period necessary for Us to verify the accuracy of your Personal Data;
- The Processing is unlawful and You oppose the erasure of your Personal Data and request the restriction of its use instead;
- We no longer need your Personal Data for the purposes of the Processing, but it is required by You to establish, exercise or defence of legal claims;
- You have objected to Processing, pending the verification whether the legitimate grounds of SwissBorg’s Processing override your rights.
Restricted Personal Data shall only be Processed with your Consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform You if the restriction is lifted.
Notification of erasure, rectification and restriction. We will communicate any rectification or erasure of your Personal Data or restriction of Processing to each recipient to whom your Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform You about those recipients if You request this information.
Right to object to Processing. Where the Processing of your Personal Data is based on Consent, contract or legitimate interests You may restrict or object, at any time, to the Processing of your Personal Data as permitted by applicable law. We can continue to Process your Personal Data if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law.
Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated Processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
Right to lodge a complaint. If You believe that We have infringed your rights, We encourage You to contact us by writing using the details in Section 13 of this Policy so that We can try to resolve the issue or dispute informally.
If you are not a Swiss User and shall you have any questions, concerns, comments or complaints regarding how We collect, use and store information about You, SwissBorg UK has a Data Protection Officer, which will receive and process any Personal Data breach reporting. If you need assistance, please send an e-mail to firstname.lastname@example.org.
If You are a Swiss User, You can also complain about our Processing of your Personal Data to the Office of the Federal Data Protection and Information Commissioner FDPIC, Feldeggweg 1, CH - 3003 Berne.
- CONTACTING THE COMPANY AND COMPLAINTS
The Company hopes to be able to answer any questions or concerns You might have about your Personal Data. You can get in touch with the Company at the postal address or email address given in Section 13 hereafter.
You have the right to make a complaint if You feel your Personal Data has been mishandled or if the Company has failed to meet your expectations. You are encouraged to contact the Company about any complaints or concerns but You are entitled to complain directly to the relevant supervisory authority. We will answer within 3 working days.
If you are a Swiss User any request regarding your Personal Data should be made by writing with a proof of your identity to SwissBorg Invest SA, Rue du Grand-Chêne 8, 1003 Lausanne.
Be aware that communicating by e-mail/phone does not ensure confidentiality, integrity and authenticity. We will not answer any request which will be considered unsafe or not ensuring your identity authenticity.
The Company may modify this Policy from time to time, and will post the most current version on the App. If We make any material changes We will notify You by email, prior to the change becoming effective. If a modification reduces your rights, a pop-up window will inform You immediately when You will browse our App and You will have to accept the changes.
- DATA CONTROLLER
If you are a non-Swiss User the data controller is SwissBorg Solutions OU.
If you are a Swiss User the data controller is SwissBorg Invest SA, a company duly incorporated under the laws of Switzerland, with registered office at Rue du Grand-Chêne 8, 1003 Lausanne, Switzerland and with registration number CHE-499.067.328.
Furthermore, the Data Subject acknowledges and agrees that using our App could imply downloading or using third party applications. Under no circumstances the Company shall be liable for the utilization of these others applications, especially regarding the Data protection rules.
- JURISDICTION AND GOVERNING LAW
For non-Swiss Users, this Policy and any questions relating thereto shall be governed by the laws of Estonia, to the exclusion of any rules of conflict resulting from private international law. Any dispute relating to this Policy must exclusively be brought before the courts of Estonia.
The Swiss Users, this Policy and any questions relating thereto shall be governed by the laws of Switzerland, to the exclusion of any rules of conflict resulting from private international law. Any dispute relating to this Policy must exclusively be brought before the courts of Switzerland.
To ask questions or make comments on this Policy or to make a complaint about our compliance with applicable privacy laws, please contact us through:
- our email address: email@example.com; or
- our addresses: SwissBorg Solutions OU - Roosikrantsi tn 2-1091 Kesklinna linnaosa, Tallinn Harju maakond 10119 and SwissBorg Invest SA - Rue du Grand-Chêne 8, 1003 Lausanne, Switzerland.
We will acknowledge and investigate any complaint pursuant to this Policy.
Annex A - Definitions
AML refers to Anti-Money Laundering;
Bank Account means an account opened by a regulated bank, financial institution or custodian which belongs to the User;
CHSB Token means the SwissBorg utility token;
Collect means a systematic approach to gathering and measuring Personal Data from the User to achieve a given result. The term “Collection” shall be the nominative reference to the term Collect;
Consent means any freely given, specific, informed and unambiguous indication of which the Data Subject, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him;
Data Controller means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data and who is in charge of this Processing. For the purpose of this Policy, the Data Controller is the Company;
Data Portability means the right of the Data Subject to receive its Personal Data in a structured, commonly used and machine-readable format and the right to transmit that data to another Data Controller without hindrance from the Company;
Data Subject means the natural whose data is processed, i.e. in the context of this Policy the Visitor and/or the User;
Digital Assets shall mean Virtual Currencies, utility tokens and Stablecoins.
Digital Assets Wallet means the wallet designated to support the holding of Digital Assets, Utility Tokens and/or Stablecoins;
Disclosure means making Personal Data accessible, for example by permitting access, transmission or publication;
External Wallet means a Virtual Currency wallet to which a User may elect to send Virtual Currencies or from which a User transfers or receives Virtual Currencies;
Force Majeure Event means by an event or act whether or not foreseen, that: (i) is beyond the reasonable control of, and is not due to the fault or negligence of the Company, and (ii) could not have been avoided by such Company’s exercise of due diligence, including, but not limited to, a labor controversy, strike, lockout, boycott, transportation stoppage, action of a court or public authority, fire, flood, earthquake, storm, war, civil strife, terrorist action, epidemic, pandemic, inability to obtain raw materials, supplies or equipment through its usual and regular sources, or any act beyond Company’s control;
Fiat Assets means a centralised issued currency which is not backed by a physical commodity and for the purpose of the App.
Fiat Custodian refers to a cross-border cloud payment service provider;
KYC refers to Know-Your-Customer;
Order means an order placed by the User to sell/buy Assets through the Execution Interface on the App;
Financial Data means data relating to your means of payment, including but not limited to payment which occurs by credit card, bank references, name of the owner of the account, card number, expiration date and other such data;
Order(s) means the instruction transmitted by a User through the Execution Interface to carry out a Transaction pursuant to these Terms and to the User Agreement;
Personal Data means data which is deemed to be personal consists of all the information relating to a person who is either identified or identifiable. The types of Personal Data collected by the Company are outlined in Section 4 of this Policy;
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss or alteration of – or to the unauthorized Disclosure of, or access to – Personal Data transmitted, stored or otherwise processed;
Process(-ing) means any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data;
Recipient means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not;
Transaction(s) means the Execution of an Order on or through the App, using the Execution Interface. The possible Transactions are defined in Article 5.4.1 of the Terms;
User(s) means any natural person who completes Tier 1 of the on-boarding procedure. The User is referred to as “You ” or “you” or as “your” or “Your” when indicating the possessive within this Policy;
VASP refers to any natural or legal person who is not covered elsewhere under the Financial Action Task Force Recommendations and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: i. Exchange between Virtual Currencies and Fiat Assets; ii. Exchange between one or more forms of Virtual Currencies; iii. Transfer of Virtual Currencies; and Safekeeping and/or administration of Virtual Currencies or instruments enabling control over Virtual Currencies; iv. Participation in and provision of financial services related to an issuer’s offer and/or sale of Virtual Currencies;
Virtual Currency(-ies) means a value represented in the digital form, which may be digitally transferred, preserved or traded and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp. 35–127) or a payment transaction for the purposes of points (k) and (l) of Article 3 of the same Directive;
Wallet means digital wallets available to Users on their User Account.