SwissBorg App Privacy Notice
Last modification: 12 October 2023
The Company, as this term is defined in the SwissBorg Application Terms of Use (hereinafter referred to as the “Terms”), operates the SwissBorg Application (the “App”) that is available on the iOS App Store or Google Play Store.
SwissBorg Solutions OÜ is licensed as a provider of a Virtual Currency Service (license number FVT000326 in Estonia and registration number E2022-034 in France).
Тhe Data Controller is the Company, as this term is defined in the Terms (referred to as “We”, “Us”, “us” or “we”).
The Company shall collect Personal Data from natural persons who download and browse through the App without registering in order to make use of the Services in it (the “Visitor(s)”).
The Company shall collect Personal Data from natural persons who register, use the App and benefit from the Services (the “User(s)”).
This Privacy Notice aims to protect the privacy and the fundamental rights of the Users when their Personal Data is processed by the Company, such as the fundamental rights of the Visitors while they are browsing the App. This Privacy Notice is applicable to all Visitors and Users. This Privacy Notice should be read in conjunction with the Terms applicable to the App.
This is why We use “privacy by default” standards and undertake to store and Process (as defined in Annex A hereunder) your Personal Data in a secured manner and to Process your Personal Data with all appropriate care and attention in accordance with the Estonian Data Protection Act and, if and when applicable, the General Data Protection Regulation (the “GDPR”).
1. DEFINITIONS
The definitions available in Annex A to this Privacy Notice are applicable to the capitalized terms of this Privacy Notice.
2. SCOPE
The Company provide this Privacy Notice to describe its procedures regarding the Collection, Processing and Disclosure of Personal Data collected by the Company. This Privacy Notice shall apply to any use of the App, whatever the method or medium used. It details the conditions at which the Company may collect, keep, use and save information that relates to the User and Visitor, as well as the choices that You have made in relation to the Collection, utilization and Disclosure of your Personal Data.
3. ACCEPTANCE
While you are using and/or registering on the App, the Company may Collect and Process a certain number of Personal Data.
By using the App, You acknowledge that You have read and understood this Privacy Notice and agree to be bound by it and to comply with all applicable laws and regulations.
The Company may modify this Privacy Notice from time to time and will post the most current version on the App. You will be notified by email and, in the event of material change restricting or affecting in any way your rights, You will be asked to Consent to these modifications before they become applicable. Before accessing and/or continuing to use the App, You shall first Consent to the terms of this Privacy Notice and any amended versions to this Privacy Notice. Where We require your Consent to Process your Personal Data, You will be asked to give your Consent to the Collection, use, and Disclosure of your Personal Data.
4. PRINCIPLE FOR PROCESSING YOUR PERSONAL DATA
While Processing Personal Data, the Company will respect the following general principles:
1. Fairness and lawfulness
When Processing Personal Data, your rights will be protected. Your Personal Data will be Collected and Processed lawfully, in a fair manner, in good faith and will be proportionate to the objective.
2. Restriction to a specific purpose
Personal Data handled by the Company will be adequate and relevant to the purpose for which it is Collected and Processed. The Company commit not to Collect Personal Data which is not required for the specific purpose for which they are Collected.
3. Transparency
We commit to always inform you how your Personal Data is being handled. When the Personal Data is Collected, you will be informed of:
- The existence of this Privacy Notice;
- The identity of the Data Controller;
- The purpose of Personal Data Processing;
- How, where and by whom the Personal Data is being Processed;
- Third-parties to whom the Personal Data might be transmitted.
4. Consent of the Data Subject
Personal Data will be Collected directly from you and with your Consent.
The Company will Process your Personal Data without Consent only if it is necessary to enforce the agreement with you (concluded as a result of the acceptance of the SwissBorg App Terms of Use) or if it has a legitimate interest (hereinafter referred to as “Legitimate Interest”) or if national legislation requests, requires or allows this.
Further information regarding the Consent and the Legitimate Interest is provided in Section 6.
Your Consent for the Collection and Processing of your Personal Data by the Company in accordance with this Privacy Notice is given once the User ticks the box “I agree with the Terms of Use and with the Privacy Notice”.
By giving your Consent, you understand and expressly agree that the Company may Collect and Process your Personal Data in accordance with the terms of this Privacy Notice and that your Personal Data may be transferred to the Company’s country of domicile or in other countries in the European Union for Processing purposes”.
We may seek your Consent to Collect biometric data to verify your identity. We will not Collect or use this special category of data without seeking your Consent first.
5. Accuracy
Personal Data kept on file will be correct and up to date. Inaccurate or incomplete Personal Data will be deleted.
5. COLLECTED DATA
This Privacy Notice applies to all Personal Data received as a result of your download, visit or use of the App when You fulfill the on-boarding procedure for becoming a User or when you participate in yield programs. It is important to understand that the Company may Collect Personal Data at different stages throughout your interaction or use of the App and some Personal Data can be Collected just by logging into the screens of the App (referred to as the “Collected Data”). The Company will notably Collect the following Personal Data:
5.1 KYC & AML data
The KYC/AML data, which is specified in the Terms under Section 10.2.2, will be used and retained in order for the Company to be able to fulfill their legal obligations as financial intermediary with any regulatory authority and self-regulatory association or authority before on-boarding You on the App. Some of the Services are subject to laws and regulations requiring the Company to collect and use some Personal Data, including but not limited to, your personal identification information, formal identification information, financial information, transaction information, employment information, online identifiers, and/or usage data in certain ways.
The Company Collects your Personal Data in order to comply notably with Estonian Money Laundering and Terrorist Financing Prevention Ac, the Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers (also referred to as the “FATF Guidance for VASPs”) and any other laws and regulations applicable to the Company’s activities, as well as their subsequent amendments.
5.2 User Suitability data
Your User Suitability data, which is specified in the Terms under Section 10.2.3, will also be used and retained in order for Us to be able to fulfill our legal obligations, to ensure that We can provide You with more relevant information, to better understand your preferences, to be able to verify if You are eligible to use our Services and if You have sufficient knowledge to use our Services. Your answer to the suitability questions and if You have already invested in Virtual Currencies are used to enable us to verify if You are eligible to make use of the Services offered through the App.
5.3 Financial Data
The Company may Collect or may Process the Personal Data, in the event that You will carry out any deposits or withdrawals to/from the following sources, including but not limited to:
- Fiat Assets account origin;
- The global balance in your User Account at any given time;
- The Virtual Currency balance in your User Account at any given time;
- How, where and by whom the Personal Data is being Processed;
- Third-parties to whom the Personal Data might be transmitted
(“Financial Data”)
Your Financial Data will be used by the Virtual Currencies Custodian or Fiat Custodians to enable You to deposit or withdraw Fiat Assets, Virtual Currencies or BORG Tokens on the App as described in Section 7 of this Privacy Notice.
5.4 Transaction Data
The Company may Collect the following Personal Data depending on when You execute a Transaction and/or use the Company’s support services, including but not limited to:
- Transaction details;
- User Account Audit Logs;
- User Account Communication Logs;
- User Account Level;
- Displayed Currency;
- Your External Wallet address;
- Your International Banking Account Number (IBAN) details;
- The digital assets, the balance available and any details available in your External Wallet address.
(“Transaction Data”)
Your Transaction Data will also be used and retained in order for us to be able to fulfill our legal obligations as well as for the purpose of ensuring that any Transactions carried out through the use of the App can be reconciled and settled. The Transaction Data will also be used in order to reconcile your transactions within our accounting records with the Financial Data in order to have a clear and accurate understanding of your Orders and User Account balance.
5.5 App Interaction Data
The Company may Collect the following Personal Data, including but not limited to:
- Device Provisioned;
- Device Provisioned (when created at);
- Device Provisioned (last use);
- Paper Key (created at);
- Paper Key (last use).
The Company will never be in possession of your Paper Key.
5.6 Affiliate Program
If You wish to become an Affiliate You shall fill in the form available on the Website at https://swissborg.com/affiliate-program-application. If You choose to do so, We will Collect the following Personal Data:
- Your personal email address;
- Full name;
- Company name;
- Size for active network;
- Phone number;
- Language; and
- Country of residence.
By filling out this form, You confirm that the information you have provided is accurate and up to date.
We collect this information in order to be able to provide You with our Services.
If You want to make a change in the Personal Data You have provided to us, whether this implies updating or deleting it, please feel free to contact us via email and we will be more than happy to assist You.
5.7 Hero Program
The Company may Collect the following Personal Data, including but not limited to:
- Data generated as a result of the User’s active use of the App;
- The User’s contribution to the SwissBorg community.
6. USE OF COLLECTED DATA
The following paragraphs describe the various purposes for which We Collect and Process your Personal Data, and the different types of Personal Data that are Collected for each purpose. Please note that not all of the uses below will be relevant to every User.
6.1 Consent for use of Personal Data
You Consent to the following uses of your Personal Data:
For the purposes of Services: The Company will use Collected Data to provide You with a better service, including but not limited to:
- Communication with You to provide You with information about new Services available;
- Answer to questions and comments that You might have regarding the use of the App;
- Prevent potentially prohibited or illegal activities;
- Conduct research and compile statistics on usage patterns;
- Process your Orders;
- Manage the Accounts;
- Enforce the Terms;
- Comply with any obligations which the Company is obliged to comply with by virtue of any regulations, guidelines or laws which apply to the Services rendered through the App;
- Provide personalized support to You.
We cannot provide You with Services without being able to Collect and Process your Personal Data. We Process your Personal Data when You contact Us to resolve any questions, disputes, Transaction fees, or to solve any problems which may arise within the Services or through the use of the App. We may also Process your Personal Data in response to another User’s request, as relevant. We Process your Personal Data to provide a personalized experience and implement the preferences You request. For example, You may choose to provide Us with access to certain Personal Data stored by third parties.
- Customer Service: You Consent that We use any of the Collected Data for customer service purposes, including responding to your enquiries and/or notifying you information or update about the App, the Terms or this Privacy Notice and/or sending you confirmations about your Orders or withdrawals. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. technical issue, question/complaint, general question, etc.).
- Internal Research: You Consent that We use your Collected Data, in accordance with applicable laws, for other general business purposes, such as conducting internal marketing and demographic studies and measuring the effectiveness of advertising campaigns. You Consent that We also use your Personal Data for security purposes.
- Marketing: Based on your communication preferences, You Consent that We may use your email in order to send You marketing communications, including our newsletter, in order to inform You about our events or our partner events; to deliver targeted marketing and to provide You with promotional offers based on your communication preferences. We use Personal Data about your usage of our Services and your contact information to provide marketing communications, including but not limited to promotions, special offers and other information, personalize promotional offers, in particular based upon their activity and their transaction history in order to use push notifications. You can opt-out of our marketing communications at any time. We send administrative or account-related information to You to keep You updated about our news (provided You have subscribed to our newsletter) or inform You of relevant security issues or updates to the App, changes of the Terms or to this Privacy Notice or provide other transaction-related information. Without such communications, You may not be aware of important developments relating to your Account that may affect how You can use our Services.
- Maintenance: you Consent that we use your Personal Data to inform you about scheduled or unscheduled maintenance of the App or of our Services.
You may withdraw your Consent at any time for any use of your Personal Data by the Company by contacting the Company or SwissBorg in writing using the details in Section 23 of this Privacy Notice. Please note that the withdrawal of your Consent will not affect the lawfulness of the Processing of your Personal Data based on your Consent before its withdrawal. However, in the event You withdraw your Consent, You will be effectively unable to continue using the App and benefiting from the Services offered on the App. It should be noted that the withdrawal of your Consent to Process Personal Data shall limit your possibility to benefit from the Services available on the App. The consequences of your withdrawal of Consent will be the termination of your Account as We will not be able to provide our Services in accordance with the Terms. This termination shall not be applicable to your withdrawal of Consent to the Processing of Personal Data for marketing purposes only.
6.2 Legitimate Interest
On the basis of our Legitimate Interests, your Personal Data will be Processed by the Company or SwissBorg in order to actively monitor, investigate, prevent and mitigate any potentially prohibited or illegal activities, enforcing our agreements with service providers, and/or violations of our Terms. In addition, We may need to collect fees based on your use of our Services. For this purpose, We Collect Personal Data about your Account usage and closely monitor your interactions with our Services.
The following are the applicable Legitimate Interests;
- Cyber Security: Personal Data is used in order to ensure that there is no cyber-security threat or breach, to ensure User Account security, and in order to have an initial verification of User that downloads the App. It can also be used in order to communicate with You throughout your interaction with the App. We use your geographical location information in order to ensure that the Services will not be used in a country/area where it is expressly prohibited for the App to be used;
- Compliance with FATF Guidance: You Consent that your Collected Data shall be sent to financial institutions, and in the case of Virtual Currency Transactions, to other VASPs, or any company on the basis of the FATF Guidance for VASPs in order to ensure that preventive measures are in place in order to hold, obtain and transmit the information regarding from where the Virtual Currencies and Fiat Assets originate and who the beneficiary will be;
- Compliance with laws and regulations: By using the App and/or benefitting from the Services, you understand and agree that the Company have the legitimate interest to Process your Personal Data in order to ensure a legal utilization of the App and/or Services in the full respect of the laws and applicable regulations.
In the event that the Company or its assets are acquired by, or merged with, another company including through bankruptcy, We may share/assign your Personal Data with any of our legal successors or assignees and We may also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency, national authority or self-regulatory association or agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement in force.
7. FINANCIAL DATA
The Fiat Custodian and the Virtual Currency Custodian shall have access to the Financial Data which you shall provide to Us. Your Financial Data shall also be transmitted to the Fiat Custodian and/or the Virtual Currencies Custodian (altogether referred to as the “Custodians”) when transferring Fiat Assets and/or transferring Virtual Currencies. When making withdrawals from your User Account, the Company will use your Financial Data to make sure that the Fiat Assets or Virtual Currencies which You withdraw are sent to your External Wallet address or Bank Account. The Financial Data shall be shared and transferred with the Custodians in a secure manner. Regarding such Financial Data shared with Custodians, the general conditions and the privacy policy of the Custodians will be applicable. The Company or SwissBorg shall not be held responsible for any losses of any of the Financial Data or any other Personal Data transferred to the Custodians.
7.1 Financial Data for Fiat Assets
You agree that the Company Processes payments via the Fiat Custodian and that there are instances where You or We will be transferring your Personal Data and Financial Data to the Fiat Custodian who will be Processing them for the sole purpose of making the Transaction. You expressly agree to send your Financial Data to the Fiat Custodian, as well as to send all information which the latter may require from You.
The Company are entitled to make available Financial Data and Personal Data to Payment Provider processing the Transaction in order to ensure that the Services are provided and the Orders executed on or through the App in an efficient manner and in compliance with any laws applicable.
The Company or SwissBorg shall in no way or manner be held liable for any delay in the banking authorization relating to your failure to send the Financial Data or Personal Data which may be requested from the Fiat Custodian or of any damage or loss which may arise in relation with the Transaction made via the App.
7.2 Transaction Data for Virtual Currencies
Any transfer of Virtual Currencies from an External Wallet address to Virtual Currencies Custodian will be recorded on indelible distributed ledger. You understand and acknowledge that records of the transfers on the distributed ledger and the information related to the transfer is transmitted to various nodes. Furthermore, it cannot be amended since distributed ledger technology and smart contracts operate in a manner which does not allow for any deletion or erasure to occur and that through encryption and cryptography, the information on the transaction shall also be made public on the blockchain.
8. DATA TRANSFERS
The Company may transfer your Personal Data to third parties for the purposes of providing the Services on the App, including the KYC. In particular if We are requested to do so to comply with a court order or law enforcement authorities request, or if We find it necessary, as determined in our sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest or as otherwise required or permitted by law.
In any case where cross-border transfer is carried out outside of the European Economic Area (the “EEA”), the Company will ensure, on the basis of data processing agreements or data transfer agreements based on Standard Contractual Clauses issued by the European Commission, that an adequate protection of your Personal Data is guaranteed. You will be required to Consent with cross-border transfers in the event that they occur.
You may request access to a copy of these safeguards by contacting the Company or SwissBorg.
Unless otherwise stated, the third parties who receive Personal Data from the Company or SwissBorg are prohibited from using this Personal Data beyond what is necessary to provide the product or service to you, directly or by participating in the Company’s or SwissBorg’s activities.
9. DATA DISCLOSURE
We shall be entitled to disclose your Personal Data to the following:
9.1 Staff
Our staff uses and Processes Personal Data in order to ensure a consistently high service standard in line with our internal regulations. The KYC/AML Data as defined in Section 5.1 shall be disclosed with the Company’s compliance officer and any employee or subordinate who shall carry out the instructions of the compliance officer.
9.2 Service providers
As indicated previously within this Privacy Notice, You Consent that We may also share Personal Data with our suppliers and other business partners who provide services to Us, such as IT and hosting providers, marketing providers, communication services and printing providers, debt collection, tracing, debt recovery, fraud prevention, and credit reference agencies, KYC/AML, and others. When We do so We take steps to ensure they meet our data security standards and sign confidentiality agreements, so that your Personal Data remains secure.
9.3 Others
If our business is sold to another organization or if it is re-organized, Personal Data will be shared so that you can continue to be provided with the Services. We will usually also share/assign Personal Data with prospective purchasers when we consider selling or transferring part or all of our business. We will in such an event take steps to ensure such potential purchasers keep the Personal Data secure.
You understand and agree that we may need to disclose Personal Data to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others.
9.4 Public or regulatory authorities
If required from time to time, We disclose Personal Data to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.
9.5 Processors
We will duly notify you if your Personal Data is disclosed to any other entities who shall provide Processing services. All our Processors are GDPR compliant and agreements have been set up between them and Us in order to define exactly which Personal Data are shared and which legal requirements should be applied.
10. HOSTING OF PERSONAL DATA
Personal Data will be hosted by Amazon Web Services, Ireland. You Consent that the Company or SwissBorg may store your Personal Data in any country of the EEA based on data transfer agreements with the Data Controller.
The storage as well as the Processing of your Personal Data may require that your Personal Data are ultimately transmitted to, and/or stored at a destination outside of your country of residence. Where permitted by law, by accepting the terms of this Privacy Notice, You accept that this transmission and disclosure may occur.
The Company require recipients of Personal Data to comply with appropriate measures designed to protect Personal Data contained within a binding legal agreement. A copy of these measures can be obtained by contacting the Company in writing using the details in Section 23 of this Privacy Notice. If and to the extent required by applicable law, We implement the necessary legal, operational and technical measure and/or enter into an agreement with You before such international transfers.
11. PUSH NOTIFICATIONS
With your Consent, we may send push notifications on your mobile iOS and Android device even if the App is not open. Our App only uses push notifications if You have given your explicit Consent. You can disable push notifications in settings at any time. If You use an Android device, push notifications are permitted automatically unless You disable this in your settings.
12. RETENTION OF YOUR PERSONAL DATA
In accordance with applicable laws, the Company will use your Personal Data for as long as necessary to satisfy the purposes for which your Personal Data was Collected or to comply with applicable legal requirements.
13. SECURITY OF YOUR PERSONAL DATA
The Company applies the strictest industry standards and will always apply adequate technical and organizational measures, in accordance with applicable laws to ensure that your Personal Data is kept secure.
In the event of a Personal Data breach, the Company shall without undue delay, and where feasible, not later than seventy-two (72) hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Company shall communicate this breach to you, if it is feasible, without undue delay.
14. ACCESS TO YOUR DATA AND INFORMATION RIGHTS
You have the right to request access to information about the Personal Data relating to you which are Processed by the Company. Where provided by law, You, your successors, representatives and/or proxies may (i) request deletion, correction or revision of your Personal Data; (ii) oppose the Personal Data Processing; (iii) limit the use and disclosure of your Personal Data; and (iv) withdraw Consent to any of our data Processing activities, if the Company is relying on your Consent and does not have another legal basis to continue Processing your Personal Data, by contacting the Company in writing using the details in Section 23 of this Privacy Notice.
These rights can be exercised by contacting us through our contact form or writing to us at: support@swissborg.com, attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve (12) months or if the request generates an extremely high workload). In such a case, the Company may charge you a reasonable request fee according to applicable laws. The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
15. PORTABILITY OF YOUR DATA
If We Process your Personal Data based on a contract with You or based on your Consent, or the Processing is carried out by automated means, You may request to receive your Personal Data in a structured, commonly used and machine-readable format, and to have us transmit your Personal Data directly to another data controller, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others.
This right can be exercised by contacting us through our contact form or writing to us at support@swissborg.com attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve (12) months or if the request generates an extremely high workload). In such a case, the Company may charge you a reasonable request fee according to applicable laws.
The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
The User hereby understands, acknowledges and accepts that the content of this Section 15 does not apply to the Transaction Data enlisted hereunder;
- The digital assets located in your External Wallet address;
- Any details available regarding your External Wallet address;
- The balance available in your External Wallet address.
16. PRIVACY BY DESIGN AND BY DEFAULT
The Company will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures which are designed to implement data-protection principles, such as pseudonymization of your Personal Data or data minimization, in order to meet the requirements of the GDPR (if and when applicable) to appropriately protect your rights and Personal Data.
The Company will implement appropriate technical and organizational measures, in order to ensure that, by default, only Personal Data which is necessary for each specific purpose of the Processing is processed.
This obligation applies to (i) the amount of your Personal Data We Collect, (ii) the extent of their Processing, (iii) the period of storage and (iv) their accessibility. These measures will ensure that by default your Personal Data are not made accessible without your intervention to an indefinite number of third parties.
17. YOUR RIGHTS
17.1 General. You have a right to ask the Company to rectify inaccurate Personal Data We Collect and Process and the right to request restriction of your Personal Data pending such a request being considered. Where We Process your Personal Data on the basis of your Consent, you have the right to withdraw that Consent at any time, by contacting the Company in writing using the details in Section 23 of this Privacy Notice. Please also note that the withdrawal of Consent shall not affect the lawfulness of Processing based on Consent before its withdrawal.
You have a right to ask us to stop Processing your Personal Data, or to request deletion of your Personal Data – these rights are not absolute (as sometimes there may be overriding interests that require the Processing to continue, for example), but We will consider your request and respond to You with the outcome.
When Personal Data is Processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing.
You may object to direct marketing by clicking the “unsubscribe” link in any of our emails to you, or by contacting us by writing at the addresses set out in Section 23. Where We Process your Personal Data on the basis of your Consent, or where such Processing is necessary for entering into or performing our obligations under a contract with you, You may have the right under applicable data protection laws to request your Personal Data be sent to You or to another controller.
You have the right to ask the Company for a copy of some or all of the Personal Data We Collect and Process about You. In certain circumstances the Company may Process your Personal Data through automated decision-making, including profiling if this should occur.
Where this takes place, You will be informed of such automated decision-making that uses your Personal Data, be given information on the logic involved, and be informed of the possible consequences of such Processing. In certain circumstances, You can request not to be subject to automated decision-making, including profiling. You can exercise the rights by contacting us by writing using the details in Section 23 of this Privacy Notice.
17.2 Rectification of your Personal Data. You have a right to request rectification or update any of your Personal Data held by the Company that is inaccurate. Your right to rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than You would be breached.
17.3 Right to erasure. You have the right to request erasure of your Personal Data that: (i) is no longer necessary in relation to the purposes for which it was Collected or otherwise Processed; (ii) was Collected in relation to Processing that You previously Consented, but later withdraw such Consent; or (iii) was Collected in relation to Processing activities to which You object, and there are no overriding legitimate grounds for our Processing. If We have made your Personal Data public and are obliged to erase the Personal Data, We will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are Processing your Personal Data that You have requested the erasure of any links to, or copy or replication of your Personal Data. The above is subject to limitations by relevant data protection laws.
17.4 Right to object to the Processing. Where the Processing of your Personal Data is based on your Consent or on the execution of the contract, You may restrict or object, at any time, to the Processing of your Personal Data as permitted by applicable law. We can continue to Process your Personal Data if it is necessary for the defense of legitimate interests or for any other exceptions permitted by applicable law.
17.5 Right to request restriction of Processing. You have the right to request restriction of Processing where one of the following applies:
- You contest the accuracy of your Personal Data that We Processed. In such instances, We will restrict Processing during the period necessary for Us to verify the accuracy of your Personal Data;
- The Processing is unlawful and You oppose the erasure of your Personal Data and request the restriction of its use instead;
- We no longer need your Personal Data for the purposes of the Processing, but it is required by You to establish, exercise or defence of legal claims;
- You have objected to Processing, pending the verification whether the Legitimate Interests of the Company override your rights.
Restricted Personal Data shall only be Processed with your Consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform You if the restriction is lifted.
17.6 Notification of erasure, rectification and restriction. We will communicate any rectification or erasure of your Personal Data or restriction of Processing to each recipient to whom your Personal Data has been disclosed/transferred, unless this proves impossible or involves disproportionate effort. We will inform You about those recipients if You request this information.
17.7 Automated individual decision-making, including profiling. We will not make a decision based solely on automated Processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
17.8 Right to file a complaint. If You believe that We have infringed your rights, We encourage You to contact us by writing using the details in Section 23 of this Privacy Notice so that We can try to resolve the issue or dispute informally.
If you have any questions, concerns, comments or complaints regarding how We collect, use and store information about You, please send us an e-mail to legal@swissborg.com.
18. CONTACTING THE COMPANY AND COMPLAINTS
The Company will strive to answer any questions or concerns You might have about your Personal Data. You can get in touch with the Company at the postal address or email addresses mentioned in Section 23 hereafter.
You have the right to make a complaint if You feel your Personal Data has been mishandled or if the Company has failed to meet your expectations with respect to your Personal Data. You are encouraged to contact the Company about any complaints or concerns but You are entitled to complain directly to the relevant supervisory authority. We will strive to answer within five (5) working days.
Please be aware that communicating by e-mail/phone does not ensure confidentiality, integrity and authenticity. We will not answer any request which will be considered unsafe or not ensuring your identity authenticity.
19. CHANGES TO THE PRIVACY NOTICE
The Company may modify this Privacy Notice from time to time, and will post the most current version on the App. If We make any material changes affecting in any way or restricting your rights, We will notify You by email or by notification within the App, prior to the change becoming effective. If a modification reduces your rights, a pop-up window will inform You immediately when You will browse our App and You will have to give your Consent with the changes.
20. DATA CONTROLLER
The Data Controller is the Company, as this term is defined in the Terms.
21. LINKS
The App may contain links which direct You to third party websites or applications. The Company reject any liability relating to the privacy policy in force on said third party websites, the Collection and use of your Personal Data by the latter and relating to the contents of said websites or applications (whether the links are hypertext links or deep-links).
Furthermore, You acknowledge that using our App could imply downloading or using third party applications. Under no circumstances the Company shall be liable for the utilization of these others applications, especially regarding the Data protection rules.
22. JURISDICTION AND GOVERNING LAW
This Privacy Notice and any questions relating thereto shall be governed by the laws of the country in which the Company is incorporated, as this term is defined in the Terms, to the exclusion of any rules of conflict resulting from private international law. Any dispute relating to this Privacy Notice must exclusively be brought before the courts of Estonia or the Seychelles, whichever applies depending on the User's country of residence.
23. CONTACT
To ask questions or make comments on this Privacy Notice or to make a complaint about our compliance with applicable privacy laws, please contact us through:
- Our Data Protection Officer email address : dpo@swissborg.com;
- Our email address: support@swissborg.com; or
- Our addresses: SwissBorg Solutions OÜ - Pärnu mnt. 12, 10148 Tallinn, Estonia; Dharma Ltd - House of Francis, Ile Du Port, Mahe, Seychelles
We will acknowledge and investigate any complaint pursuant to this Privacy Notice.
Annex A - Definitions
Capitalized terms defined in the Terms of Use (the “Terms”) available on the App shall also apply to this Notice and be incorporated by reference.
AML refers to Anti-Money Laundering;
App Content means all features, texts, designs, layouts, wireframes, software, information, documents (including Terms of Use and Privacy Notice) or content displayed on and/or technical information associated with the App;
Bank Account means an account opened by a regulated bank, financial institution or custodian which belongs to the User;
BORG Token means the SwissBorg multi-utility token;
Collect means a systematic approach to gathering and measuring Personal Data from the User to achieve a given result. The term “Collection” shall be the nominative reference to the term Collect;
Consent means any freely given, specific, informed and unambiguous indication of You, by a statement or by a clear affirmative action, according to which You signify agreement to the Processing of your Personal Data.
Cookie(s) means a piece of information that is placed automatically on your electronic device’s hard drive when You access the App(s) and which is listed in the Privacy Notice on the App. The Cookie uniquely identifies your browser to the server. Cookies allow the Company to store information on the server (for example language preferences, technical information, click or path information, etc.) to help make the User or Visitor’s experience better for You and to conduct App analysis and App performance review;
Data Controller means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data and who is in charge of this Processing. For the purpose of this Privacy Notice, the Data Controller is the Company;
Data Portability means your right to receive your Personal Data in a structured, commonly used and machine-readable format and the right to transmit that data to another Data Controller without hindrance from the Company;
Digital Assets shall mean Virtual Currencies, utility tokens and stablecoins.
Digital Assets Wallet means the wallet designated to support the holding of Digital Assets, Utility Tokens and/or Stablecoins;
Disclosure means making Personal Data accessible, for example by permitting access, transmission or publication;
External Wallet means a Virtual Currency wallet to which a User may elect to send Virtual Currencies or from which a User transfers or receives Virtual Currencies;
Force Majeure Event means by an event or act whether or not foreseen, that: (i) is beyond the reasonable control of, and is not due to the fault or negligence of the Company and (ii) could not have been avoided by such Company’s exercise of due diligence, including, but not limited to, a labor controversy, strike, lockout, boycott, transportation stoppage, action of a court or public authority, fire, flood, earthquake, storm, war, civil strife, terrorist action, epidemic, pandemic, inability to obtain raw materials, supplies or equipment through its usual and regular sources, or any act beyond Company’s;
Fiat Assets means a centralised issued currency which is not backed by a physical commodity and for the purpose of the App.
Fiat Custodian refers to a cross-border cloud payment service provider;
KYC refers to Know-Your-Customer;
Financial Data means data relating to your means of payment, including but not limited to payment which occurs by credit card, bank references, name of the owner of the account, card number, expiration date and other such data;
Order(s) means the instruction transmitted by a User through the Execution Interface to carry out a Transaction pursuant to the Terms and to the User Agreement;
Payment Provider(s) means the company processing credit card information on behalf of the Company.
Personal Data means data which is deemed to be personal and which consists of all the information relating to a person who is either identified or identifiable. The types of Personal Data collected by the Company are outlined in Section 5 of this Notice;
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss or alteration of – or to the unauthorized Disclosure of, or access to – Personal Data transmitted, stored or otherwise processed;
Notice means this Privacy Notice in its current and subsequent versions;
Process(-ing) means any operation with Personal Data, irrespective of the means applied and the procedure, and in particular the Collection, storage, use, revision, disclosure, archiving or destruction of data;
Recipient means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not;
Services has the same meaning in accordance with the Terms of Use;
Transaction(s) means the Execution of an Order on or through the App, using the Execution Interface. The possible Transactions are defined in Article 9.1 of the Terms;
User(s) means any natural person who completes Tier 1 of the on-boarding procedure. The User/Swiss User is referred to as “You ” or “you” or as “your” or “Your” when indicating the possessive within this Notice;
User Account means the same definition as the Terms of Use;
VASP refers to any natural or legal person who is not covered elsewhere under the Financial Action Task Force Recommendations and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: i. Exchange between Virtual Currencies and Fiat Assets; ii. Exchange between one or more forms of Virtual Currencies; iii. Transfer of Virtual Currencies; and Safekeeping and/or administration of Virtual Currencies or instruments enabling control over Virtual Currencies; iv. Participation in and provision of financial services related to an issuer’s offer and/or sale of Virtual Currencies;
Virtual Currency(-ies) means a value represented in the digital form, which may be digitally transferred, preserved or traded and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp. 35–127) or a payment transaction for the purposes of points (k) and (l) of Article 3 of the same Directive;
Virtual Currency(-ies) Custodian refers to a third-party service provider(s) indicated in the Terms of Use;
Wallet means digital wallets available to Users on their User Account.