The security and protection of your Personal Data (as defined under Section 1 of this Policy) is one of the top priorities of SwissBorg Solutions OÜ, a company duly incorporated under the laws of Estonia, bearing company registration number 14769371 (“SwissBorg”, “Company”, “We”, “Us”, “us” or “we”) which operates the SwissBorg Wealth Application (the “App”) that is available on the iOS App Store or Google Play Store.
The Company shall collect Personal Data from natural persons who download and browse through the App without registering in order to make use of the Services in it (the “Visitor(s)”) and from natural persons who registered on the App (the “Users”).
The Company uses privacy by default and privacy by design standards and undertakes to store your Personal Data in a secured manner and to process your Personal Data with all appropriate care and attention in accordance with the European Regulation 2016/679 “General Data Protection Regulation” (the “GDPR”).
AML refers to Anti-Money Laundering.
Bank Account means an account opened by a regulated bank, financial institution or custodian which belongs to the User.
CHSB Token means the SwissBorg utility token.
Collect means a systematic approach to gathering and measuring Personal Data from the User to achieve a given result. The term “Collection” shall be the nominative reference to the term Collect.
Consent means any freely given, specific, informed and unambiguous indication of which the Data Subject, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him.
Data Controller means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data and who is in charge of this Processing. For the purpose of this Policy, the Data Controller is the Company.
Data Portability means the right of the Data Subject to receive its Personal Data in a structured, commonly used and machine-readable format and the right to transmit that data to another Data Controller without hindrance from the Company.
Data Subject means the natural whose data is processed, i.e. in the context of this Policy the Visitor and/or the User.
Disclosure means making Personal Data accessible, for example by permitting access, transmission or publication.
External Wallet means a Virtual Currency wallet to which a User may elect to send Virtual Currencies or from which a User transfers or receives Virtual Currencies.
Force Majeure Event means by an event or act whether or not foreseen, that: (i) is beyond the reasonable control of, and is not due to the fault or negligence of the Company, and (ii) could not have been avoided by such Company’s exercise of due diligence, including, but not limited to, a labor controversy, strike, lockout, boycott, transportation stoppage, action of a court or public authority, fire, flood, earthquake, storm, war, civil strife, terrorist action, epidemic, inability to obtain raw materials, supplies or equipment through its usual and regular sources, or any act beyond Company’s control.
Fiat Assets means a centralised issued currency which is not backed by a physical commodity and for the purpose of the App and shall include Euro (EUR), US Dollar (USD), Great Britain Pound (GBP), Swiss Francs (CHF) and Canadian Dollars (CAD).
Fiat Custodian refers to a cross-border cloud payment service provider.
KYC refers to Know-Your-Customer.
Order means an order placed by the User to sell/buy Assets through the Execution Interface on the SwissBorg Wealth App.
Financial Data means data relating to your means of payment, including but not limited to payment which occurs by credit card, bank references, name of the owner of the account, card number, expiration date and other such data.
Order(s) means the instruction transmitted by a User through the Execution Interface to carry out a Transaction pursuant to these Terms and to the User Agreement.
Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The types of Personal Data collected by the Company are outlined in Section 4 of this Policy.
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss or alteration of – or to the unauthorized Disclosure of, or access to – Personal Data transmitted, stored or otherwise processed.
Process(-ing) means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Recipient means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not.
Sensitive data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or activities, genetic data or biometric data processed for the purpose of uniquely identifying natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, data on the intimate sphere, social security measures, and data on d. administrative or criminal proceedings and sanctions.
Transaction(s) means the Execution of an Order on or through the App, using the Execution Interface. The possible Transactions are defined in Article 5.4.1 of the Terms.
User(s) means any natural person who completes Tier 1 of the on-boarding procedure. The User is referred to as “You ” or “you” in this Policy.
VASP refers to any natural or legal person who is not covered elsewhere under the Financial Action Task Force Recommendations and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: i. Exchange between Virtual Currencies and Fiat Assets; ii. Exchange between one or more forms of Virtual Currencies; iii. Transfer of Virtual Currencies; and Safekeeping and/or administration of Virtual Currencies or instruments enabling control over Virtual Currencies; iv. Participation in and provision of financial services related to an issuer’s offer and/or sale of Virtual Currencies.
Virtual Currency(-ies) means a value represented in the digital form, which may be digitally transferred, preserved or traded and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp. 35–127) or a payment transaction for the purposes of points (k) and (l) of Article 3 of the same Directive.
Virtual Currency(-ies) Custodian refers to a Third Party Service Provider(s).
Wallet means digital wallets available to Users on their User Account, including the Virtual Currencies Wallet.
The Company provides this Policy to describe its procedures regarding the Processing and Disclosure of Personal Data collected by the Company while using the App. This Policy shall apply to any use of the App, whatever the method or medium used. It details the conditions at which the Company may collect, keep, use and save information that relates to the User and Visitor, as well as the choices that You have made in relation to the collection, utilization and Disclosure of your Personal Data.
While using and/or registering on the App the Company may Collect and Process a certain number of Personal Data. This Policy shall apply to any use of the App, whatever the method or medium used. It details the conditions at which, We may Collect, keep, use and save information that relates to You, as well as the choices that You have in relation to the Collection, utilization and disclosure of your Personal Data.
By using the App, You acknowledge that You have read and understood this Policy and agree to be bound by it and to comply with all applicable laws and regulations.
The Company may modify this Policy from time to time and will post the most current version on the App. You will be notified by email and You will be asked to Consent to these modifications before they become applicable. Before accessing and/or continuing to use the App, You shall first Consent to the terms of this Policy and any amended versions to this Policy. Where We require your Consent to Process your Personal Data, You will be asked to give your Consent to the Collection, use, and disclosure of your Personal Data.
- PRINCIPLE FOR PROCESSING PERSONAL DATA
While Processing Personal Data, the Company will respect the following general principles:
- Fairness and lawfulness;
When Processing Personal Data, the individual rights of the Data Subjects must be protected. Personal Data must be Collected and Processed lawfully, in a fair manner, in good faith and must be proportionate to the objective.
- Restriction to a specific purpose;
Personal Data handled by the Company shall be adequate and relevant to the purpose for which they are Collected and Processed. This requires, in particular, ensuring that the types of Personal Data Collected are not excessive to the purpose for which they are Collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.
The Data Subject must be informed of how his/her Personal Data is being handled. When the Personal Data is collected, the Data Subject must be informed of:
- the existence of the present Policy;
- the identity of the Data Controller;
- the purpose of Personal Data Processing;
- how, where and by whom the Personal data is being Processed;
- third-parties to whom the Personal data might be transmitted.
- Consent of the Data Subject
Personal Data must be Collected directly from the Data Subject concerned and the Consent of the Data Subject may be required before Processing Personal Data. The Consent must be obtained in writing or electronically for the purposes of documentation. The Consent is valid only if given voluntarily. If, for any reason, the Consent of the Data Subject is not given before Processing Personal Data, the Company should be informed in writing as soon as possible after the beginning of the Processing.
Personal Data can be Processed without Consent if it is necessary to enforce a legitimate interest of the Company (hereinafter referred to as “Legitimate Interest”). Legitimate Interests are generally of a legal (e.g. filing, enforcing or defending against legal claims, any duties which may arise from any licensing obligations) or financial (e.g. valuation of companies) nature. The Processing of Personal Data is also permitted if national legislation requests, requires or allows this.
Further information regarding the Consent and the Legitimate Interest is provided in section 6.2.
Personal Data kept on file must be correct and if necessary, it must be kept up to date. Inaccurate or incomplete Personal Data should not be kept on file and deleted.
- COLLECTED DATA
This Policy applies to all information which is received during your visit to and/or use of the App, when You fulfill the on-boarding procedure for becoming a User and/or when You simply visit the App. It is important to understand that We may request You to provide this Personal Data at different stages throughout your interaction or use of the App and some Personal Data can be collected just by logging into the screens of the App. In particular, the Company will collect the following Personal Data:
- KYC & AML data
The KYC/AML data, which is specified in the Terms under Section 7.2.2, will be used and retained in order for the Company to be able to fulfill our legal obligations as with any regulatory authority and self-regulatory association or authority before on-boarding You on the App. Some of our Services are subject to laws and regulations requiring Us to Collect and use your personal identification information, formal identification information, financial information, transaction information, employment information, online identifiers, and/or usage data in certain ways. The Company Collects and Processes your Personal Data in order to comply notably to the Money Laundering and Terrorist Financing Prevention Act under the laws of Estonia and with the Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers (also referred to as the “FATF Guidance for VASPs”).
- User Suitability data
Your User Suitability data, which is specified in the Terms under Section 7.2.3., will also be used and retained in order for Us to be able to fulfill our legal obligations, to ensure that We can provide You with more relevant information, to better understand your preferences, to be able to verify if You are eligible to use our Services and if You have sufficient knowledge to use our Services. Your answer to the suitability questions and if You have already are invested in Virtual Currencies are used to enable us to verify if You are eligible to make use of the Services offered through the App.
- Financial Data
The Company may Collect or may Process the Personal Data, in the event that You will carry out any deposits or withdrawals to/from the following sources, including but not limited to:
- Fiat Assets account origin;
- the global balance in your User account at any given time;
- the Virtual Currency balance in your User account at any given time;
- how, where and by whom the Personal Data is being Processed;
- third-parties to whom the Personal Data might be transmitted.
Your Financial data will be used by the Virtual Currencies Custodian or Fiat Custodians to enable You to deposit or withdraw Fiat Assets, Virtual Currencies or CHSB Tokens on the App as described in section 9 of this Policy.
- Transaction Data
The Company may Collect the following Personal data depending on when You execute a Transaction and/or the use the Company’s support services, including but not limited to:
- Transaction details;
- User Account Audit Logs;
- User Account Communication Logs;
- User Account Level;
- Displayed Currency;
- your External Wallet address;
- your International Banking Account Number (IBAN) details;
- the digital assets, the balance available and any details available in your External Wallet address.
Your Transaction data will also be used and retained in order for us to be able to fulfill our legal obligations as well as for the purpose of ensuring that any Transactions carried out through the use of the App can be reconciled and settled. The Transaction data will also be used in order to reconcile your transactions within our accounting records with the Financial Data in order to have a clear and accurate understanding of your Orders and User Account balance.
- App Interaction Data
The Company may Collect the following Personal Data, including but not limited to:
- Device Provisioned;
- Device Provisioned (when created at);
- Device Provisioned (last use);
- Paper Key (created at);
- Paper key (last use).
The Company will never be in possession of your Paper key.
- USE OF COLLECTED DATA
The following paragraphs describe the various purposes for which We Collect and Process your Personal Data, and the different types of Personal Data that are collected for each purpose. Please note that not all of the uses below will be relevant to every User.
- Consent for Use of Personal Data
You Consent to the following uses of your Personal Data:
- Cyber Security: The Visitor’s Data is used in order to know who downloaded the App, to ensure that there is no cyber-security threat, to ensure your Account security, and in order to have an initial verification of the User that downloads the App. It can also be used in order to communicate with You throughout your interaction with the App. We use your geographical location information in order to ensure that the Services will not be used in a country/area where it is expressly prohibited for the App to be used.
- For the purposes of Services: The Company will use Personal Data to provide You with a better service, included but not limited to: communication with You, provide You with information about new Services available, answer to questions and comments, prevent potentially prohibited or illegal activities, conduct research and compile statistics on usage patterns, process Orders, manage the Accounts, enforce the Terms, comply with any obligations which the Company is obliged to comply with by virtue of any regulations, guidelines or laws which apply to the Services rendered through the App, provide personalized support to You. We cannot provide You with Services without being able to use and Process your Personal Data. We Process your Personal Data when You contact Us to resolve any questions, disputes, Transaction fees, or to solve any problems which may arise within the Services or through the use of the App. We may Process your information in response to another User’s request, as relevant. We Process your Personal Data to provide a personalized experience and implement the preferences You request. For example, You may choose to provide Us with access to certain Personal Data stored by third parties.
- Compliance with FATF Guidance for VASP: You consent that your Collected data shall be sent to financial institutions, and in the case of Virtual Currency Transactions, to other VASPs, or any company on the basis of the FATF Guidance for VASPs in order to ensure that preventive measures are in place in order to hold, obtain and transmit the information regarding from where the Virtual Currencies and Fiat Assets originate and who the beneficiary will be.
- Customer Service: You Consent that We use any of the Collected data for customer service purposes, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. technical issue, question/complaint, general question, etc.).
- Internal Research: You Consent that We use your Personal Data, in accordance with applicable laws, for other general business purposes, such as conducting internal marketing and demographic studies and measuring the effectiveness of advertising campaigns. You Consent that We also use your Personal Data for security purposes.
- Marketing: Based on your communication preferences, You Consent that We may send You marketing communications, including our newsletter, in order to inform You about our events or our partner events; to deliver targeted marketing and to provide You with promotional offers based on your communication preferences. We use Personal Data about your usage of our Services and your contact information to provide marketing communications, including but not limited to promotions, special offers and other information, personalize the promotional offers, in particular based upon their activity and their transaction history. You can opt-out of our marketing communications at any time. We send administrative or account-related information to You to keep You updated about our news (provided You have subscribed to our newsletter) or inform You of relevant security issues or updates to the App, changes of the Terms or to this Policy or provide other transaction-related information. Without such communications, You may not be aware of important developments relating to your Account that may affect how You can use our Services.
- Legitimate Interest
In the event that the Company or its assets are acquired by, or merged with, another company including through bankruptcy, We may share your Personal Data with any of our legal successors, we may share/assign your Personal Data with any of our legal successors, We may also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency, national authority or self-regulatory association or agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement in force.
You may revoke your Consent at any time for any use of your Personal Data by the Company. Please note that the withdrawal of your Consent will not affect the lawfulness of the Processing of your Personal Data based on your Consent before its withdrawal. The consequences of not Processing your Personal Data for such purposes is the termination of your Account as We cannot perform our Services in accordance with our Terms.
- Financial Data
- Financial Data for Fiat Assets
You agree that the Company shall process payments via the Fiat Custodian and that there are instances where You or We will be transmitting your Personal Data and Financial Data to the Fiat Custodian who will be Processing the Financial Data for the sole purpose of making the transaction. You expressly agree to send your Financial Data to the Fiat Custodian, as well as send all information which the latter may require from You .
You agree and Consent that the Company may share and transfer Financial Data and Personal Data to the Payment Provider in order to ensure that the Order execution Services which are provided on the App are provided in an efficient manner and in compliance with any laws which may apply to the Services carried out by the Company through the App. Kindly be aware that if You withdraw your consent, You will be effectively unable to benefit from the Services offered on the App.
The Company shall in no way or manner be held liable for any delay in the banking authorization relating to your failure to send the Financial Data or Personal Data which may be requested from the Fiat Custodian or of any damage or loss which may arise in relation with the transaction made via the App. The following paragraphs describe the various purposes for which the Company uses your Personal Data. Please note that not all of the uses below will be relevant to every individual.
- Transaction Data for Virtual Currencies
Any transfer of Virtual Currencies from an External Wallet address to Virtual Currencies Custodian will be recorded on indelible distributed ledger. You understand and acknowledge that records of the transfers on the distributed ledger and the information related to the transfer is transmitted to various nodes. Furthermore, it cannot be amended since distributed ledger technology and smart contracts operate in a manner which does not allow for any deletion or erasure to occur and that through encryption and cryptography, the information on the transaction shall also be made public on the blockchain.
- DATA DISCLOSURE
The Company may share your Personal Data to any other relevant third parties, in particular if We are requested to do so to comply with a court order or law enforcement authorities request, or if We find it necessary, as determined in the Company’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest or as otherwise required or permitted by law.
In any case where cross-border transfer is done, the Company ensures that an adequate protection is guaranteed for Personal Data to be transferred outside of Switzerland and the European Economic Area (the “EEA”) using Data Transfer Agreements based on Standard Contractual Clauses which are issued by the European Commission.
In some specific cases when this level of protection is not guaranteed, the Company will obtain your prior Consent or establish with the Recipient of Personal Data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting the Company.
Unless otherwise stated, the third parties who receive data from the Company are prohibited to use this Personal Data beyond what is necessary to provide the product or service to you, directly or by participating in the Company’s activities. We shall disclose your Personal Data or any of the Collected Data to the following:
- SwissBorg’s Staff
Our staff use and Process usually Personal Data in order to ensure a consistently high service standard and in line with our internal regulations. The KYC/AML Data as defined in Section 5c shall be disclosed with the Company’s compliance officer and any employee or subordinate who shall carry out the instructions of the compliance officer.
- Service providers
As indicated previously within this Policy, You Consent that We may also share Personal Data with our suppliers and other business partners who provide services to Us, such as IT and hosting providers, marketing providers, communication services and printing providers, debt collection, tracing, debt recovery, fraud prevention, and credit reference agencies, KYC/AML, and others. When We do so We take steps to ensure they meet our data security standards and sign confidentiality agreements, so that your Personal Data remains secure.
If our business is sold to another organization or if it is re-organized, Personal Data will be shared so that you can continue to be provided with the Services. We will usually also share/assign Personal Data with prospective purchasers when we consider selling or transferring part or all of our business. We will in such event take steps to ensure such potential purchasers keep the data secure.
You understand and agree that we may need to disclose Personal Data to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others.
- Public or regulatory authorities
If required from time to time, We disclose Personal Data to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.
- Location & Transfer of Personal Data
Your Personal Data will be stored by Amazon Web Services (AWS) in Ireland. You agree that the Company may store your Personal Data in any country of the EEA and in Switzerland based on a data transfer agreement with the Data Controller.
The storage as well as the Processing of your Personal Data may require that your Personal Data are ultimately transferred/transmitted to, and/or stored at a destination outside of your country of residence. Where permitted by law, by accepting the terms of this Policy, You Consent to such transferring, transmission, storing and/or Processing.
Except where the relevant country has been determined by the European Commission to provide an adequate level of protection, the Company requires recipients of Personal Data to comply with appropriate measures designed to protect Personal Data contained within a binding legal agreement.
A copy of these measures can be obtained by contacting the Company in writing using the details in section 19 of this Policy. If and to the extent required by applicable law, We implement the necessary legal, operational and technical measure and/or enter into an agreement with You before such international transfers.
As Controller of your Personal Data, We work with Processors in order to provide high quality of the Services. All our Processors are GDPR compliant and agreements have been set up between them and Us in order to define exactly which Personal Data are shared and which legal requirements should be applied. These Processors shall include entities within the Swiss Borg Group which include SBorg SA, which shall process the Personal Data on behalf of the Company.
- PUSH NOTIFICATIONS
We require your consent if You wish to receive our push notifications on your mobile iOS and Android device even if the app is not open. Our app only uses push notifications if You have given your explicit consent to these. You can disable push notifications in settings at any time. If You use an Android device, push notifications are permitted automatically unless You disable this in your settings.
- RETENTION OF YOUR PERSONAL DATA
In accordance with applicable laws, the Company will use your Personal Data for as long as necessary to satisfy the purposes for which your Personal Data was collected or to comply with applicable legal requirements.
- SECURITY OF YOUR PERSONAL DATA
The Company applies high industry standards and will always apply adequate technical and organizational measures, in accordance with applicable laws to ensure that your data is kept secure.
In the event of a Personal Data breach, the Company shall without undue delay, and where feasible, not later than seventy two (72) hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Company shall communicate this breach to you, if it is feasible, without undue delay.
- PERSONAL DATA BREACH REPORTING
Shall you have any questions, concerns, comments or complaints regarding how We collect, use and store information about You, SwissBorg UK has a Data Protection Officer, which will receive and process any Personal Data breach reporting. If you need assistance, please send an e-mail to email@example.com.
- ACCESS TO YOUR DATA AND INFORMATION RIGHTS
You have the right to request access to or information about the Personal Data relating to You which are processed by the Company. Where provided by law, You, your successors, representatives and/or proxies may (i) request deletion, correction or revision of your Personal Data; (ii) oppose the data Processing; (iii) limit the use and Disclosure of your Personal Data; and (iv) revoke Consent to any of our data Processing activities, if the Company is relying on your Consent and does not have another legal basis to continue Processing your data.
These rights can be exercised by contacting us through our contact form or writing to us at: firstname.lastname@example.org, attaching a copy of your ID. If the request is submitted by a person other than You, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if You have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Company may charge You a reasonable request fee according to applicable laws. The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
- PORTABILITY OF YOUR DATA
You also have the right to receive your Personal Data, which You have provided to the Company with, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company.
This right can be exercised by contacting us through our contact form or writing to us at email@example.com attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if You have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Company may charge You a reasonable request fee according to applicable laws.
The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
The User hereby understands, acknowledges and accepts that the content of section 14 does not apply to the Transaction data enlisted enlisted hereunder;
- the digital assets located in your External Wallet Address;
- any details available regarding your External Wallet Address;
- the balance available in your External Wallet Address.
- PRIVACY BY DESIGN AND BY DEFAULT
The Company will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the Processing in order to meet the requirements of the GDPR and protect your rights.
The Company will implement appropriate technical and organizational measures, including binding corporate rules as defined within the GDPR in order to ensure that, by default, only Personal Data which are necessary for each specific purpose of the Processing are processed.
This obligation applies to the amount of your Personal Data We collect, the extent of their Processing, the period of storage and their accessibility. These measures will ensure that by default your Personal Data are not made accessible without your intervention to an indefinite number of third parties.
- YOUR RIGHTS
You have a right to ask the Company to rectify inaccurate Personal Data We Collect and Process and the right to request restriction of your Personal Data pending such a request being considered. Where We Process your Personal Data on the basis of your Consent, You have the right to withdraw that Consent at any time. Please also note that the withdrawal of Consent shall not affect the lawfulness of Processing based on Consent before its withdrawal.
You have a right to ask us to stop Processing your Personal Data, or to request deletion of your Personal Data – these rights are not absolute (as sometimes there may be overriding interests that require the Processing to continue, for example), but We will consider your request and respond to You with the outcome. When Personal Data are Processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing.
You may object to direct marketing by clicking the “unsubscribe” link in any of our emails to you, or by contacting us by writing at the address set out in section 14. Where We Process your Personal Data on the basis of your Consent, or where such Processing is necessary for entering into or performing our obligations under a contract with you, You may have the right under applicable data protection laws to request your Personal Data be transferred to You or to another controller.
You have the right to ask the Company for a copy of some or all of the Personal Data We Collect and Process about You. In certain circumstances the Company may Process your Personal Data through automated decision-making, including profiling if this should occur.
Where this takes place, You will be informed of such automated decision-making that uses your Personal Data, be given information on the logic involved, and be informed of the possible consequences of such Processing. In certain circumstances, You can request not to be subject to automated decision-making, including profiling. You can exercise the rights by contacting us by writing using the details in section 14 of this Policy.
Right to withdraw Consent. You have the right to withdraw your Consent to the Processing of your Personal Data Collected on the basis of your Consent at any time. Your withdrawal will not affect the lawfulness of the Company’s Processing based on Consent before your withdrawal.
Right of access to and rectification of your Personal Data. You have a right to request that We provide You a copy of your Personal Data held by us. This information will be provided without undue delay subject to some fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your Personal Data held by the Company that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than You would be violated.
Right to erasure. You have the right to request erasure of your Personal Data that: (i) is no longer necessary in relation to the purposes for which it was Collected or otherwise Processed; (ii) was Collected in relation to Processing that You previously Consented, but later withdraw such Consent; or (iii) was Collected in relation to Processing activities to which You object, and there are no overriding legitimate grounds for our Processing. If We have made your Personal Data public and are obliged to erase the Personal Data, We will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are Processing your Personal Data that You have requested the erasure of any links to, or copy or replication of your Personal Data. The above is subject to limitations by relevant data protection laws.
Right to data portability. If We Process your Personal Data based on a contract with You or based on your Consent, or the Processing is carried out by automated means, You may request to receive your Personal Data in a structured, commonly used and machine-readable format, and to have us transfer your Personal Data directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of your Personal Data.
Right to restriction of or Processing. You have the right to restrict or object to us Processing your Personal Data where one of the following applies:
- You contest the accuracy of your Personal Data that We Processed. In such instances, We will restrict Processing during the period necessary for Us to verify the accuracy of your Personal Data;
- The Processing is unlawful and You oppose the erasure of your Personal Data and request the restriction of its use instead;
- We no longer need your Personal Data for the purposes of the Processing, but it is required by You to establish, exercise or defence of legal claims;
- You have objected to Processing, pending the verification whether the legitimate grounds of SwissBorg’s Processing override your rights.
Restricted Personal Data shall only be Processed with your Consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform You if the restriction is lifted.
Notification of erasure, rectification and restriction. We will communicate any rectification or erasure of your Personal Data or restriction of Processing to each recipient to whom your Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform You about those recipients if You request this information.
Right to object to Processing. Where the Processing of your Personal Data is based on Consent, contract or legitimate interests You may restrict or object, at any time, to the Processing of your Personal Data as permitted by applicable law. We can continue to Process your Personal Data if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law.
Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated Processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
Right to lodge a complaint. If You believe that We have infringed your rights, We encourage You to contact us by writing using the details in section 14 of this Policy so that We can try to resolve the issue or dispute informally.
You can also complain about our Processing of your Personal Data to:
In the European Union: the relevant data protection authority (list in section 19 of this Policy)
- CONTACTING THE COMPANY AND COMPLAINTS
The Company hopes to be able to answer any questions or concerns You might have about your Personal Data. You can get in touch with the Company at the postal address or email address given in section 14 hereafter.
You have the right to make a complaint if You feel your Personal Data has been mishandled or if the Company has failed to meet your expectations. You are encouraged to contact the Company about any complaints or concerns but You are entitled to complain directly to the relevant supervisory authority. We will answer within 3 working days.
Any request regarding your Personal Data should be made by writing with a proof of your identity to:
SwissBorg Solutions OÜ,
Harju maakond, Tallinn, Kesklinna linnaosa,
Roosikrantsi tn 2-1091,
Be aware that communicating by e-mail/phone does not ensure confidentiality, integrity and authenticity. We will not answer any request which will be considered unsafe or not ensuring your identity authenticity.
The Company may modify this Policy from time to time, and will post the most current version on the App. If We make any material changes We will notify You by email, prior to the change becoming effective. If a modification reduces your rights, a pop-up window will inform You immediately when You will browse our App and You will have to accept the changes.
- DATA CONTROLLER
The data controller is SwissBorg Solutions OÜ, a company duly incorporated under the laws of Estonia, bearing company registration number 14769371, with registered address at Harju maakond, Tallinn, Kesklinna linnaosa, Roosikrantsi tn 2-1091, 10119.
Furthermore, the Data Subject acknowledges and agrees that using our App could imply downloading or using Third-Party Applications. Under no circumstances the Company shall be liable for the utilization of these others applications, especially regarding the Data protection rules.
- JURISDICTION AND GOVERNING LAW
This Policy and any questions relating thereto shall be governed by the laws of Estonia, to the exclusion of any rules of conflict resulting from private international law. Any dispute relating to this Policy must exclusively be brought before the courts of Estonia.
To ask questions or make comments on this Policy or to make a complaint about our compliance with applicable privacy laws, please contact us through:
- our email address: firstname.lastname@example.org; or
- our address: SwissBorg Solutions OÜ, Harju maakond, Tallinn, Kesklinna linnaosa, Roosikrantsi tn 2-1091, 10119, Estonia.
We will acknowledge and investigate any complaint pursuant to this Policy.