SwissBorg Privacy Notice
Last modification: 12 October 2022
The security and protection of your Personal data is one of the top priorities of SBorg SA., a company duly incorporated under the laws of Switzerland, with registration number CHE-198.086.882 and with official address at Rue du Grand-Chêne 8, 1003 Lausanne, Switzerland (the “Company, “Us” or “We”) which operates websites hosted at the URL www.swissborg.com and/or https://academy.swissborg.com (the “Website(s)”).
The Company shall collect Personal data from both natural or legal persons who browse the Website(s) (the “Visitors”) and from natural persons who are Users of the SwissBorg’s platform as members of the community (the “Users”) and who are allowed to participate to SwissBorg’s Referendum (the “Referendum”).
This Privacy Notice (the “Notice”) aims to protect the privacy and the fundamental rights of the Users when their Personal data are processed by the Company, such as the fundamental rights of the Visitors while they are browsing the Website(s).
Capitalized terms defined in the Terms of Use available at the following address https://swissborg.com/legal/terms-of-use
The Company use privacy by default and privacy by design standards and undertake to store your Personal data in a secured manner and to process your Personal data with all appropriate care and attention in accordance with the Federal Data Protection Act (RS 235.1), the Ordinance on the Federal Data Protection Act (RS 235.11).
1. DEFINITIONS
‘Consent’ shall mean any freely given, specific and informed indication of his or her wishes by which a Data subject signals agreement to the Processing of Personal data relating to him or her.
‘Data controller’ shall mean the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal data and who is in charge of this Processing.
‘Data subject’ shall mean natural or legal persons whose data is processed, whether it is a User or a Visitor.
‘Disclosure’ shall mean making Personal data accessible, for example by permitting access, transmission or publication.
‘Personal data’ shall mean all information relating to an identified or identifiable person.
‘Personal data breach’ shall mean a breach of security leading to the accidental or unlawful destruction, loss or alteration of – or to the unauthorized Disclosure of, or access to – Personal data transmitted, stored or otherwise processed.
‘Processing’ shall mean any operation or set of operations – by automated and other means – that is performed upon Personal data or sets of Personal data, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmitting, disseminating or otherwise making available, aligning or combining, or erasing.
‘Recipient’ means third, public authority, agency or other body – that is, someone or something other than the Data subject or the Company – to which the Personal data is disclosed.
2. SCOPE
The Company provides this Notice to describe its procedures regarding the Processing and Disclosure of Personal data collected by the Company while using the Website(s).
This Notice shall apply to any use of the Website(s), whatever the method or medium used. It details the conditions at which, the Company may collect, keep, use and save information that relates to you, as well as the choices that you have made in relation to the collection, utilisation and Disclosure of your Personal data.
3. ACCEPTANCE
By browsing the Website(s), Visitors acknowledge that the Company may collect and process a certain number of Personal data that relate to them and that they have read and understood this Notice and agree to be bound by it and to comply with all applicable laws and regulations.
Users acknowledge that the Company may collect and process a certain number of Personal data that relate to them and that they have read and understood this Notice and agree to be bound by it and to comply with all applicable laws and regulations.
In particular, the Consent for the Processing of Personal data is given once the Visitor and/or the Users ticks the box in the pop-up window which says “I have read the Privacy Notice and agree to be bound by it”.
The Consent is also given when the Users freely submit to the Company the Personal Data required to become a User. This latter understands and agrees that the Company is free to use these Personal Data within the limit provided by law and this Notice.
If you do not agree with the terms of this Notice, please do not become a User and refrain from using the Website(s).
4. PRINCIPLE FOR PROCESSING PERSONAL DATA
While Processing Personal data, the Company will respect the following general principle:
a) Fairness and lawfulness
When Processing Personal data, the individual rights of the Data subjects must be protected. Personal Data must be collected and processed lawfully, in a fair manner, in good faith and must be proportionate to the objective.
b) Restriction to a specific purpose
Personal data handled by the Company should be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the types of Personal data collected are not excessive for the purpose for which they are collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.
c) Transparency
The Data subject must be informed of how his/her Personal data is being handled. When the Personal data is collected, the Data subject must be informed of:
- the existence of the present Notice;
- the identity of the Data controller;
- the purpose of Personal data Processing;
- third-parties to whom the data might be transmitted.
d) Consent of the Data subject
Personal data must be collected directly from the individual concerned and the Consent of the Data subject may be required before Processing Personal data. The Consent must be obtained in writing or electronically for the purposes of documentation. The Consent is valid only if given voluntarily. If, for any reason, the Consent of the Data subject is not given before Processing Personal data, this one should be secured in writing as soon as possible after the beginning of the Processing.
Personal data can be processed without Consent if it is necessary to enforce a legitimate interest of the Company. Legitimate interests are generally of a legal (e.g. filing, enforcing or defending against legal claims) or financial (e.g. valuation of companies) nature. The Processing of Personal data is also permitted if national legislation requests, requires or allows this.
e) Accuracy
Personal data kept on file must be correct and if necessary, kept up to date. Inaccurate or incomplete Personal data should not be kept on file and deleted.
5. COLLECTED DATA
This Notice applies to all information which is received during your visit to or use of the Website(s), when you subscribe to our newsletter and/or when you become a User.
In particular, the Company will collect the following Personal data:
a) Visitors data
When you browse the Website(s), even if you do not subscribe to our newsletter, do not become a User and do not contact us, the Company automatically:
- collects your cookies;
- uses Google Analytics;
- uses Facebook pixel;
- uses Hotspot;
- uses Intercom;
- uses Hotjar;
- uses Twitter connect.
b) Users data
When you become a User whether you participate in a Referendum or not, the Company shall collect:
- your Ethereum address; - your email address;
c) Referendum data
When you, as a User, participate to a Referendum, the Company shall collect:
- your IP address; - your browser User-Agent.
d) Newsletter’s subscriber data
When you, as a Visitor or a User, subscribe to our newsletter, We collect your IP address your name, surname, your country of residence and your email address for the sole purpose to send you our newsletter.
Please note that you are entitled to unsubscribe from our newsletter whenever you want and at your sole discretion by contacting us in accordance with Section 19 of this Notice.
6. USE OF DATA
The following paragraphs describe the various purposes for which the Company uses your Personal data. Please note that not all of the uses below will be relevant to every individual.
Generally, the main reason why We collect Personal data is to enable you to enjoy and easily navigate the Website(s), to transfer your tokens to your Ethereum address, to keep a detailed list of the Users who participates to the Referendum, to keep you updated about the result of the Referendum and/or advances of the SwissBorg Project. If you contact us via email to the contacts set out on the Website(s), We will keep a record of that correspondence.
a) Users data:
Users understand and agree that their transactional information will be made public on the Ethereum blockchain and, therefore, disclosed to anyone.
The Company will employ Users’ Personal data to provide them with a better service, and in particular to:
- communicate with them;
- provide them with information about new products available, blog posts, promotions, special offers and other information;
- personalize the promotional offers, in particular based upon their activity and their transaction history;
- answer to their questions and comments;
- send them SwissBorg’s newsletter, unless the Users unsubscribe;
- prevent potentially prohibited or illegal activities;
- conduct research and compile statistics on usage patterns;
- process transactions;
- manage the accounts;
- enforce the Terms of Use;
- comply with our legal requirements;
- as otherwise described to the Users at the point of collection.
b) Collect of the cookies
A Cookie is a piece of information that is placed automatically on your computer’s hard drive when you access certain websites. The Cookie uniquely identifies your browser to the server. Cookies allow the Company to store information on the server (for example language preferences, technical information, click or path information, etc.) to help make the Web experience better for you and to conduct Website(s) analysis and Website(s) performance review. Most Web browsers are set up to accept cookies, although you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Note, however, that some portions of the Website(s) may not work properly if you refuse cookies.
c) Use of Google Analytics:
The Website(s) uses Google Analytics, an Internet site analysis service supplied by Google Inc. (“Google”). Google Analytics uses cookies which are text files placed on your computer to help to analyse the use made of the Website(s) by their users. The data generated by the cookies concerning your use of the Website(s) (including your IP address) will be forwarded to, and stored by Google on servers located outside of Switzerland. Google will use this information to evaluate your use of the Website(s), compile reports on site activity for its publisher and provide other services relating to the activity of the Website(s) and the use of the internet. Google may release these data to third parties if there is a legal obligation to do so or when the third parties process these data for the account of Google including, in particular, the publisher of the Website(s). Google will not cross-reference your IP address with any other data held by Google.
You may deactivate the use of cookies by selecting appropriate parameters on your navigator. However, deactivation of this kind might prevent the use of certain functions of the Website(s). By using the Website(s), you specifically Consent to the Processing of your Personal data by Google under the conditions and for the purposes described above.
7. THIRD PARTY DISCLOSURE
The Company discloses your personal data with MailChimp for the newsletter and with Intercom and Salesforce for the contact form mentioned under section 19 of this Notice.
The Company may share your Personal data to any other relevant third parties, in particular if We are requested to do so to comply with a court order or law enforcement authorities request, or if We find it necessary, as determined in the Company’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest or as otherwise required or permitted by law.
In any case where cross-border transfer is done, the Company ensures that an adequate protection is guaranteed for Personal data to be transferred outside of Switzerland and the European Economic Area (hereinafter: the “EEA”). In some specific cases when this level of protection is not guaranteed, the Company will obtain your prior Consent or establish with the Recipient of Personal data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting the Company.
Unless otherwise stated, the third parties who receive data from the Company are prohibited to use this Personal data beyond what is necessary to provide the product or service to you, directly or by participating in the Company’s activities.
8. STORAGE OF YOUR PERSONAL DATA
Your Personal data will be stored in Europe. You agree that the Company may store your Personal data in any country of the EEA, including Switzerland.
The storage as well as the Processing of your Personal data may require that your Personal data are ultimately transferred/transmitted to, and/or stored at a destination outside of your country of residence, notably Switzerland. Where permitted by law, by accepting the terms of this Notice, you agree to such transferring, transmission, storing and/or Processing. You also agree that such activities may take place to or in countries offering a lower level of protection than your country of residence.
9. RETENTION OF YOUR PERSONAL DATA
In accordance with applicable laws, the Company will use your Personal data for as long as necessary to satisfy the purposes for which your Personal data was collected or to comply with applicable legal requirements.
10. SECURITY OF YOUR PERSONAL DATA
The Company applies high industry standards and will always apply adequate technical and organisational measures, in accordance with applicable laws to ensure that your data is kept secure.
In the event of a Personal data breach, the Company shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Company shall communicate this breach to you, if it is feasible, without undue delay.
11. ACCESS TO YOUR DATA AND INFORMATION RIGHTS
You have the right to request access to or information about the Personal data relating to you which are processed by the Company.
Where provided by law, you, your successors, representatives and/or proxies may (i) request deletion, correction or revision of your Personal data; (ii) oppose the data Processing; (iii) limit the use and Disclosure of your Personal data; and (iv) revoke Consent to any of our data Processing activities, if the Company is relying on your Consent and does not have another legal basis to continue Processing your data.
These rights can be exercised by contacting us through our contact form or writing to us at: dpo@swissborg.com attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, the Company may charge you a reasonable request fee according to applicable laws.
The Company may refuse, restrict or defer the provision of Personal data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
12. PORTABILITY OF YOUR DATA
You also have the right to receive your Personal data, which you have provided to the Company with, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company.
This right can be exercised by contacting us through our contact form or writing to us at: dpo@swissborg.com, attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, the Company may charge you a reasonable request fee according to applicable laws.
The Company may refuse, restrict or defer the provision of Personal data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
13. PRIVACY BY DESIGN AND BY DEFAULT
The Company will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the Processing in order to meet the requirements of the GDPR and protect your rights.
The Company will implement appropriate technical and organizational measures for ensuring that, by default, only Personal data which are necessary for each specific purpose of the Processing are processed. This obligation applies to the amount of your Personal data We collect, the extent of their Processing, the period of storage and their accessibility. These measures will ensure that by default your Personal data are not made accessible without your intervention to an indefinite number of third parties.
14. CONTACTING THE COMPANY AND COMPLAINTS
The Company hopes to be able to answer any questions or concerns you have about your Personal data. You can get in touch with the Company at the postal address or email address given in section 17 hereafter.
The Company appoints SwissBorg Solutions OÜ as its EU representative for the purposes of article 27 of the EU General Data Protection Regulation 2016/679, whose address is at Rotermanni 6, 10111, Tallinn, Estonia, and whose email address is legal@swissborg.com.
You have the right to make a complaint if you feel your Personal data has been mishandled or if the Company has failed to meet your expectations. You are encouraged to contact the Company about any complaints or concerns but you are entitled to complain directly to the relevant supervisory authority.
15. CHANGES TO THE PRIVACY NOTICE
The Company may modify this Notice from time to time, and will post the most current version on the Website(s). If a modification reduces your rights, a pop-up window will inform you immediately when you will browse our Website(s) and you will have to accept the changes.
16. DATA CONTROLLER
The data controller of the file is: SBorg SA., Rue du Grand-Chêne 8, 1003 Lausanne, Switzerland (CHE-198.086.882).
17. LINKS
The Website(s) may contain links which direct you to third party sites. The Company rejects any liability relating to the privacy policy in force on said third party sites, the collection and use of your Personal data by the latter and relating to the contents of said sites (whether the links are hypertext links or deep-links).
Furthermore, the Data subject acknowledge and agree that using our Website(s) could imply to download other applications such as, for example, Metamask. Under no circumstances the Company shall be liable for the utilization of these others applications, especially regarding to the Data protection rules.
18. JURISDICTION AND GOVERNING LAW
This Notice and any questions relating thereto shall be governed by the laws of Switzerland, to the exclusion of any rules of conflict resulting from private international law.
Any dispute relating to this Notice must exclusively be brought before the courts of Lausanne, subject to an appeal to the Swiss Federal Court.
19. CONTACT
To ask questions or make comments on this Notice or to make a complaint about our compliance with applicable privacy laws, please contact us through:
a. our email address: dpo@swissborg.com; or
b. our address: SBorg SA., Rue du Grand-Chêne 8, 1003 Lausanne, Switzerland.
We will acknowledge and investigate any complaint pursuant to this Notice.