June 7th, 2019
TOKENESTATE SA is a Swiss Limited Company (“Société anonyme”) registered Rue de la Place-d’Armes 3, 2000 Neuchâtel, Switzerland, under number CHE-258.642.458 (“Company”, “we”, “us”, “our” or “Controller”).
The Company understands that the Collection of Personal Data involves a great deal of trust on your part. We take this trust very seriously and make it our highest priority to ensure the security and confidentiality of the Personal Data you provide us with.
This is why we implemented privacy by design and privacy by default standards and undertake to store your Personal Data in a secured way as well as to Process your Personal Data with all appropriate care and attention in accordance with the Federal Data Protection Act (“FADP”RS 235.1), the Ordinance on the Federal Data Protection Act (RS 235.11) and, where applicable, the General Data Protection Regulation (“GDPR”). Data which is deemed to be personal consists of all the information relating to a person who is either identified or identifiable (“Personal Data”).
As part of our commitment to protect your Personal Data in a transparent manner, we want to inform you why and how the Company Collects, uses and stores your Personal Data, the lawful basis on which your Personal Data is Processed and what your rights and our obligations are in relation to such Processing.
Capitalized terms not defined in this Privacy (hereinafter: the “Policy”) Policy have the meanings set forth in the Terms.
Please read this Policy carefully to understand our policies and practices regarding your Personal Data and how we will treat and Process them.
By using the Services and/or visiting or registering on the Site(s), the API, the Webapp (altogether: the “Platform”), you accept the Collection and Processing described below.
In this Policy, the following terms shall have the following definitions:
“Collect” means a systematic approach to gathering and measuring Personal Data from the User to achieve a given result.
“Consent” means any freely given, specific, informed and unambiguous by which you, by a statement or by a clear affirmative action, consent to the Processing of Personal data.
“Data controller” means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data and who is in charge of this Processing.
“Data subject” means natural or legal persons whose data is processed, whether it is a User or a Visitor.
“Disclosure” means making Personal Data accessible, for example by permitting access, transmission or publication.
“Force Majeure” means act of God (such as, but not limited to, fires, explosions, earthquakes, drought, tidal waves and floods), any other natural disaster of overwhelming proportions, act of war (whether declared or not), hostilities, invasion, act of foreign enemies, terrorism or civil disorder, rebellion, revolution, insurrection, or military or usurped power, or civil war, contamination by radio-activity from any nuclear fuel, or from any nuclear waste from the combustion of nuclear fuel, radio-active toxic explosive, or other hazardous properties of any explosive nuclear assembly or nuclear component of such assembly, pressure waves from devices travelling at supersonic speeds or damage caused by any aircraft or similar device; riot, commotion, strikes, go slows, lock outs or disorder;acts or threats of terrorism; discontinuation of electricity or water supply; other unforeseeable circumstances beyond the control of the Parties against which it would have been unreasonable for the affected party to take precautions and which the affected party cannot avoid even by using its best efforts.
“Platform” means the internet website available at the following address www.tokenestate.io and/or the API or the Webapp made available by the Company to the Users.
“Processing” means any operation or set of operation which is performed on Personal data or set of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Recipient” means third, public authority, agency or other body – that is, someone or something other than the Data subject or the Company – to which the Personal Data is disclosed.
“Service(s)” means the services provided by the Company to a User and/or the services available on the Platform.
“User(s)” means user(s) of the Platform provided by the Company.
“User account” means an account created by a User on the Platform, including Personal data.
“Visitor” means a person or entity using the Platform without having registered as a User.
Acceptance of our Policy
While visiting or using the Platform or the Services, the Companymay Collect and Process a certain number of Personal Data relating to you.
The Policy shall apply to any Visitor or User of the Platform or use of the Services, whatever the method or medium used. It details the conditions at which, we may Collect, keep, use and save information that relates to you, as well as the choices that you have in relation to the Collection, utilization and disclosure of your Personal Data.
By visiting or using the Platform or the Services, you acknowledge that you have read and understood this Policy and agree to be bound by it and to comply with all applicable laws and regulations. You also acknowledge that you have read and understood the Terms that apply to the Platform and agree to be bound by them.
The Company may modify this Policy from time to time and will post the most current version on the Platform. You will be notified by email and you will be asked to consent to these modifications before they become applicable.
By accessing to and/or using the Platform and/or the Services, you signify acceptance to the terms of this Policy. Where we require your consent to Process your Personal Data, we will ask for your consent to the Collection, use, and disclosure of your Personal Data.
If you do not agree with or you are not comfortable with any aspect of this Policy, you should immediately discontinue visiting, accessing or using our Platform and/or Services.
Purpose of the Collection
The Company uses Personal Data mainly for the purpose of improving the user experience and the Platform and targeting the Services to your needs.
We and our Service providers may use your information for our legitimate business interests. Our legitimate business interests are explained below, alongside examples of how your Personal Data may be used for these purposes.
The main reason why we Collect Personal Data about you is:
To proceed to the KYC and comply with our AML obligations;
to improve the Platform features and the Platform Content;
to administer your Account;
to identify your needs and target the Services;
to fulfill your specific requests through the Platform;
to enable you to enjoy and easily navigate the Platform and benefit from the Services;
to accomplish our business purposes, especially to comply with a legal obligation, because we have a legitimate interest and/or with your Consent;
for specific purposes stated below.
The Personal Data will be freely provided by you to the Company or Collected automatically while using the Platform, in accordance with this Policy. In addition to the information contained in this Policy, the Platform may provide Users with additional and contextual information concerning particular services or the Collection and Processing of Personal Data upon request.
Personal Data transmitted to the Company by you are controlled by TOKENESTATE SA, Rue de la Place-d'Armes 3, 2000 Neuchâtel, Switzerland.
Type of Personal Data Collected
Your Consent to this Policy followed by your submission of Personal Data represent your agreement to the Collection, Processing and storage of Personal Data by the Company as described in this Policy.
When accessing to and/or using the Platform and/or the Services, cookies are placed on your computer, mobile or tablet. A cookie is a piece of data stored on your hard drive by the Company’s server. It contains the following data:
The name of the server that has placed it there
An identifier, in the form of a unique number
An expiration date (some cookies only)
Cookies are managed by the web browser on your computer (like Internet Explorer, Firefox, Safari or Google Chrome).
Different types of cookies which have different purposes are used:
Essential cookies: These cookies are essential to allow you to browse our Platform and use their functionalities. Without them, services such as shopping baskets and electronic invoicing would not be able to work.
Performance cookies: These cookies Collect information on the use of our Platform, such as which pages are consulted most often. These cookies enable us to optimise our Platform and simplify browsing. These cookies do not Collect any information which could be used to identify you. All the information Collected is aggregated, and, therefore, anonymous.
Functionality cookies: These cookies enable our Platform to remember the choices you have made when browsing. For example, we can store your geographical location in a cookie so that the Platform corresponding to your area is shown. We can also remember your preferences, such as the text size, font and other customisable aspects of the Platform. The cookies may also be able to keep track of the products or videos consulted to avoid repetition. The information Collected by these cookies cannot be used to identify you and cannot monitor your browsing activity on sites which do not belong to the Company.
Depending on the Services, we Collect:
personal details such as your name, identification number, date of birth, KYC/AML documents (national identity card or passport, utility bill, payslips, etc.), phone number, physical and electronic address, and family details / status such as the name of your spouse, partner, or children;
username, password, settings and preferences;
financial information, including payment and transaction records and information relating to your assets (including fixed properties), financial statements, liabilities, taxes, revenues, earnings and investments (including your investment objectives);
tax domicile and other tax-related documents and information;
where applicable, professional information about you, such as your job title and work experience;
your knowledge of and experience in investment matters;
details of our interactions with you and the products and services you use;
any records of emails/written exchanges/phone calls between you and us;
where applicable, details of your nomination of a mandate;
identifiers we assign to you, such as your client or account number, including for accounting purposes;
when you access our Platform, data transmitted by your browser and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your Operating System, web browser, browser language and requesting domain, and IP address.
We may obtain information about you from third party sources as required or permitted by applicable law, such as public databases, credit bureaus, ID verification partners, KCY/AML partners, resellers and channel partners, joint marketing partners, and social media platforms. In the case we obtain any additional information from third parties, you will be notified by email.
Purposes for which your Personal Data will be used
We will not use your Personal Data for purposes other than those purposes we have disclosed to you, without your Consent.
To maintain legal and regulatory compliance
Some of our core Services are subject to laws and regulations requiring us to Collect and use your personal identification information, formal identification information, financial information, transaction information, employment information, online identifiers, and/or usage data in certain ways.
The Company Collects and Processed your Personal Data in order to comply notably to:
the Swiss Federal Act on Combating Money Laundering and Terrorist Financing (Anti-Money Laundering Act, AMLA) and its Ordinances (“Loi fédérale concernant la lutte contre le blanchiment d’argent et le financement du terrorisme (LBA) et ses Ordonnances”);
the Swiss Financial Market Supervisory Authority (FINMA) Ordinance on Combating Money Laundering and Terrorist Financing (“Ordonnance de l’Autorité fédérale de surveillance des marchés financiers sur la lutte contre le blanchiment d’argent et le financement du terrorisme dans le secteur financier (OBA-FINMA)”)
To enforce our Terms in our User agreement and other agreements
We Process Personal Data, such as your identification and financial data, in order to actively monitor, investigate, prevent and mitigate any potentially prohibited or illegal activities, enforcing our agreements with third parties, and/or violations of our agreements.
In addition, we may need to Collect fees based on your use of our Services. We Collect information about your account usage and closely monitor your interactions with our Services. We may use any of your Personal Data Collected on our Services for these purposes. The consequences of not Processing your Personal Data for such purposes is the termination of your Account as we cannot perform our Services in accordance with our Terms.
To provide the Services
We cannot provide you with Services without being able to use and Process your Personal Data.
To provide Service communications
We send administrative or account-related information to you to keep you updated about our news (provided you have subscribed to our newsletter) or inform you of relevant security issues or updates to the Platform or the Services, changes of the Terms or to this Policy or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your Account that may affect how you can use our Services.
To provide customer service
We Process your Personal Data when you contact us to resolve any questions, disputes, Collect fees, or to troubleshoot problems. We may Process your information in response to another customer’s request, as relevant.
To ensure quality control
We Process your Personal Data for quality control and staff training to make sure we continue to provide you with accurate information. Our basis for such Processing is based on the necessity of performing our contractual obligations with you.
To ensure network and information security
We Process your Personal Data in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services.
For research and development purposes
We Process your Personal Data to better understand the way you use and interact with the Services. In addition, we use such information to customize, measure, and improve the Services and the content and layout of our Platform and applications, and to develop new services. Our basis for such Processing is based on legitimate interest.
To enhance your experience
We Process your Personal Data to provide a personalized experience and implement the preferences you request. For example, you may choose to provide us with access to certain Personal Data stored by third parties.
To facilitate corporate acquisitions, mergers, or transactions
We may Process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your Personal Data Processed for such purposes.
To engage in marketing activities
Based on your communication preferences, you Consent that we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing and to provide you with promotional offers based on your communication preferences. We use Personal Data about your usage of our Services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.
Personal Data Disclosure & Sharing
Our staff use and Process usually Personal Data in order to ensure a consistently high service standard, to provide Services to you.
When providing products and services to you, we will share Personal Data with persons acting on our behalf or otherwise involved in the transaction (depending on the type of product or service you receive from us).
In some instances, you Consent that we may also share Personal Data with our suppliers and other business partners who provide services to us, such as IT and hosting providers, marketing providers, communication services and printing providers, debt Collection, tracing, debt recovery, fraud prevention, and credit reference agencies, KYC/AML, and others. When we do so we take steps to ensure they meet our data security standards and sign confidentiality agreements, so that your Personal Data remains secure.
Public or regulatory authorities
If required from time to time, we disclose Personal Data to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.
If our business is sold to another organization or if it is re-organized, Personal Data will be shared so that you can continue to be provided with the Services.
We will usually also share Personal Data with prospective purchasers when we consider selling or transferring part or all of our business. We will in such event take steps to ensure such potential purchasers keep the data secure.
You understand and agree that we may need to disclose Personal Data to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others.
Location & Transfer of Personal Data
Your Personal Data will be stored and hosted in Germany.
You hereby expressly Consent to such transfer outside Switzerland but within a country of the European Union where GDPR is applicable.
Except where the relevant country has been determined by the Swiss Federal Data Protection and Information Commissioner and the European Commission to provide an adequate level of protection, the Company requires its recipients to comply with appropriate measures designed to protect Personal Data contained within a binding legal agreement. A copy of these agreements can be obtained by contacting by writing the Company using the details in section 15 of this Policy. If and to the extent required by applicable law, we implement the necessary legal, operational and technical measure and/or enter into an agreement with you before such international transfers.
As Controller of your Personal Data, we work with Processors in order to provide high quality of the Services. All our Processors are GDPR compliant and agreements have been setup between them and us in order to define exactly which Personal Data are shared and which legal requirements should be applied.
Retention of Personal Data
We will only retain Personal Data for as long as necessary to fulfil the purpose for which it was Collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your Personal Data depending on its purpose, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.
We do not request to Collect or Process Personal Data from any person under the age of 18. If a User submitting Personal Data is suspected of being younger than 18 years of age, the Company will require the User to close his or her account and will not allow the User to continue using any Service. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.
Security of your Personal Data
The security of your Personal Data is very important to us. The Company Processes your Personal Data in a proper manner and shall take appropriate technical and organizational measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of your Personal Data.
We use internal rules with our staff and partners and use software, hardware, IT providers and datacenters which provide maximum security.
Our Services use strong cryptographic standards such as HTTPS protocol.
We follow the evolving of the technology and the Art in order to continuously offer the best quality, security and protection of our Services. We continuously assess and change our internal procedures accordingly with our staff, partners and providers.
The Personal Data Processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Company, in some cases, the Personal Data may be accessible to certain types of persons in charge, involved with the operation of the Platform (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data Processors by the Company. The updated list of these parties may be requested from the Data Controller at any time.
You shall be solely responsible to keep your password and other information relating to your Account confidential and not allow any third party to access and use your Account. In the event that your Personal Data is unduly accessed, or is reasonably believed to have been unduly accessed, by an unauthorized person and applicable law requires notification, the Company shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Company shall communicate this breach to you without undue delay.
YOU HOWEVER ACKNOWLEDGE THAT THE USE OF THE INTERNET IS NOT SAFE AND THAT THERE ARE CERTAIN INHERENT RISKS TO YOUR PERSONAL DATA. THE COMPANY SHALL MAKE REASONABLE EFFORTS TO PROTECT YOUR PERSONAL DATA BUT IT CANNOT GUARANTEE OR WARRANT THAT PERSONAL DATA YOU PROVIDE TO THE COMPANY IS SAFE AND PROTECTED FROM UNAUTHORIZED THIRD PARTY ACCESS AND THEFT AND, THEREFORE, WAIVES ALL LIABILITY IN THIS RESPECT. IN NO EVENT, SHALL THE COMPANY BE HELD LIABLE FOR CIRCUMVENTION OF ANY PRIVACY SETTINGS, VIRUSES OR SECURITY MEASURES CONTAINED ON THE PLATFORM.
Although the security of your data is protected with our best effort, you agree that the Company should not, in any case, be held responsible for any lost, damages, unauthorized manipulation, access or modification in case of events beyond our control, such as and not limited to:
Any electronic attack (not exhaustive): DDoS, Penetration, Brute-Force, Stolen Key;
Malicious attack (not exhaustive): Fishing by email/writing/call, MITM, Fake News;
Unsafe behaviour (not exhaustive): weak or disclosed user/password, Stolen user/password, Stolen Key;
Illegal Activities (not exhaustive): Fake ID, Stolen ID, physical break-in;
Any hardware or software malfunction;
Communications with unsecure means (not exhaustive): email, phone, SMS, Fax;
You have a right to ask the Company to rectify inaccurate Personal Data we Collect and Process and the right to request restriction of your Personal Data pending such a request being considered. Where we Process your Personal Data on the basis of your consent, you have the right to withdraw that consent at any time. Please also note that the withdrawal of consent shall not affect the lawfulness of Processing based on consent before its withdrawal.
You have a right to ask us to stop Processing your Personal Data, or to request deletion of your Personal Data – these rights are not absolute (as sometimes there may be overriding interests that require the Processing to continue, for example), but we will consider your request and respond to you with the outcome. When Personal Data are Processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing.
You may object to direct marketing by clicking the “unsubscribe” link in any of our emails to you, or by contacting us by writing at the address set out in section 15. Where we Process your Personal Data on the basis of your consent, or where such Processing is necessary for entering into or performing our obligations under a contract with you, you may have the right under applicable data protection laws to request your Personal Data be transferred to you or to another controller.
You have the right to ask the Company for a copy of some or all of the Personal Data we Collect and Process about you. In certain circumstances the Company may Process your Personal Data through automated decision-making, including profiling.
Where this takes place, you will be informed of such automated decision-making that uses your Personal Data, be given information on the logic involved, and be informed of the possible consequences of such Processing. In certain circumstances, you can request not to be subject to automated decision-making, including profiling. You can exercise the rights by contacting us by writing using the details in section 15 of this notice.
Right to withdraw consent. You have the right to withdraw your consent to the Processing of your Personal Data Collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of the Company’s Processing based on consent before your withdrawal.
Right of access to and rectification of your Personal Data. You have a right to request that we provide you a copy of your Personal Data held by us. This information will be provided without undue delay subject to some fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your Personal Data held by the Company that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.
Right to erasure. You have the right to request erasure of your Personal Data that: (i) is no longer necessary in relation to the purposes for which it was Collected or otherwise Processed; (ii) was Collected in relation to Processing that you previously consented, but later withdraw such consent; or (iii) was Collected in relation to Processing activities to which you object, and there are no overriding legitimate grounds for our Processing. If we have made your Personal Data public and are obliged to erase the Personal Data, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are Processing your Personal Data that you have requested the erasure of any links to, or copy or replication of your Personal Data. The above is subject to limitations by relevant data protection laws.
Right to data portability. If we Process your Personal Data based on a contract with you or based on your consent, or the Processing is carried out by automated means, you may request to receive your Personal Data in a structured, commonly used and machine-readable format, and to have us transfer your Personal Data directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of your Personal Data.
Right to restriction of or Processing. You have the right to restrict or object to us Processing your Personal Data where one of the following applies:
You contest the accuracy of your Personal Data that we Processed. In such instances, we will restrict Processing during the period necessary for us to verify the accuracy of your Personal Data.
The Processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of its use instead. We no longer need your Personal Data for the purposes of the Processing, but it is required by you to establish, exercise or defence of legal claims. You have objected to Processing, pending the verification whether the legitimate grounds of Coinbase’s Processing override your rights.
Restricted Personal Data shall only be Processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.
Notification of erasure, rectification and restriction. We will communicate any rectification or erasure of your Personal Data or restriction of Processing to each recipient to whom your Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.
Right to object to Processing. Where the Processing of your Personal Data is based on consent, contract or legitimate interests you may restrict or object, at any time, to the Processing of your Personal Data as permitted by applicable law. We can continue to Process your Personal Data if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law.
Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated Processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
Right to lodge a complaint. If you believe that we have infringed your rights, we encourage you to contact us by writing using the details in section 15 of this notice so that we can try to resolve the issue or dispute informally.
You can also complain about our Processing of your Personal Datato:
General information requests may be addressed by e-mail to our Data Protection Officer: email@example.com
We will answer within 3 working days.
Any request regarding your Personal Data should be made by writing with a proof of your identity to:
Data Protection Office
Rue de la Place d’Armes 3
Our representative in the European Union is:
SOCIÉTÉ PAR ACTIONS SIMPLIFIÉE À ASSOCIÉ UNIQUE
Mme Anne-Marie Jolivalt
1365 RTE DE LASNELAZ
74930 PERS JUSSY
Be aware that communicating by e-mail/SMS/phone/FAX do not ensure confidentiality, integrity and authenticity. We will not answer to any request which will be considered unsafe or not ensuring your identity authenticity.
In Switzerland: any notice regarding this Policy and/or the Collection and/or Processing of Personal Data shall be made to the Swiss Federal Data Protection and Information Commissioner:
Office of the Federal Data Protection and Information Commissioner FDPIC
CH – 3003 Berne
In the European Union: any notice regarding this Policy and/or the Collection and/or Processing of Personal Data shall be made to:
Tel. +43 1 52152 2550
Autorité de la protection des données (APD-GBA)
Rue de la Presse 35
Tel. +32 2 274 48 00
Fax +32 2 274 48 35
Member: Mr Willem Debeuckelaere, President
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov blvd.
Tel. + 359 2 915 3580
Fax +359 2 915 3525
Croatian Personal Data Protection Agency
Tel. +385 1 4609 000
Fax +385 1 4609 099
Commissioner for Personal Data Protection
1 Iasonos Street,
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456
Fax +357 22 304 565
Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
Borgergade 28, 5
Tel. +45 33 1932 00
Fax +45 33 19 32 18
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Tel. +372 6274 135
European Data Protection Supervisor
Rue Wiertz 60
Office: Rue Montoyer 30, 6th floor
Tel. +32 2 283 19 00
Fax +32 2 283 19 50
Office of the Data Protection Ombudsman
P.O. Box 800
Tel. +358 29 56 66700
Fax +358 29 56 66735
Commission Nationale de l’Informatique et des Libertés – CNIL
3 Place de Fontenoy
TSA 80715 – 75334 Paris, Cedex 07
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523
Tel. +30 210 6475 600
Fax +30 210 6475 628
Hungarian National Authority for Data Protection and Freedom of Information
Szilágyi Erzsébet fasor 22/C
Tel. +36 1 3911 400
Data Protection Commission
21 Fitzwilliam Square
Tel. +353 76 110 4800
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121
Tel. +39 06 69677 1
Fax +39 06 69677 3785
Data State Inspectorate
Blaumana str. 11/13-15
Tel. +371 6722 3131
Fax +371 6722 3556
State Data Protection Inspectorate
A. Juozapaviciaus str. 6
Tel. + 370 5 279 14 45
Fax +370 5 261 94 94
Commission Nationale pour la Protection des Données
1, avenue du Rock’n’Roll
Tel. +352 2610 60 1
Fax +352 2610 60 29
Office of the Information and Data Protection Commissioner
Second Floor, Airways House
High Street, Sliema SLM 1549
Tel. +356 2328 7100
Fax +356 2328 7198
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel. +31 70 888 8500
Fax +31 70 888 8501
Urząd Ochrony Danych Osobowych (Personal Data Protection Office)
ul. Stawki 2
Tel. +48 22 531 03 00
Fax +48 22 531 03 01
email: firstname.lastname@example.org; email@example.com
Comissão Nacional de Protecção de Dados – CNPD
Av. D. Carlos I, 134, 1º
Tel. +351 21 392 84 00
Fax +351 21 397 68 32
The National Supervisory Authority for Personal Data Processing
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 31 805 9211
Fax +40 31 805 9602
Office for Personal Data Protection of the Slovak Republic
820 07 Bratislava 27
Tel.: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
Information Commissioner of the Republic of Slovenia
Ms Mojca Prelesnik
Tel. +386 1 230 9730
Fax +386 1 230 9778
Agencia Española de Protección de Datos (AEPD)
C/Jorge Juan, 6
Tel. +34 91399 6200
Fax +34 91455 5699
104 20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 1625 545 700
Tel: +354 510 9600
Website: https://www.personuvernd.is or https://www.dpa.is
Data Protection Office, Principality of Liechtenstein
Principality of Liechtenstein
Tel. +423 236 6090
Tel +47 22 39 69 00
Third party disclosure
Your Personal Data may be accessed and stored as necessary for the uses stated above in accordance with this Policy. While the Company may share your Personal Data with agents and contractors in order to perform the functions listed above, including hosting services and Platform management, we require that they treat your Personal Data, and limit their use, in accordance with the standards specified in this Policy.
When you use the Platform, you submit information to the Company that we store in order to offer you personalized features.
In any case where cross-border transfer is done, we ensure that an adequate protection is guaranteed for Personal Data to be transferred outside of Switzerland and the EEA. In some specific cases when this level of protection is not guaranteed, we will obtain your prior Consent or establish with the recipient of Personal Data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting us.
Unless otherwise stated, the third parties who receive data from the Company are prohibited to use this Personal Data beyond what is necessary to provide the service to you, directly or by participating to our activities.
For any question and/or compliance aspects, please contact: firstname.lastname@example.org.
Compliance with Laws and Law Enforcement
The Company may share your Personal Data to relevant third parties, in particular if we are requested to do so to comply with a court order or law enforcement authorities request, or if we find it necessary, as determined in our sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest, in case of violations of the Terms and Conditions or as otherwise required or permitted by law.
Jurisdiction and Applicable Law
This Policy and all matters arising out of or relating to it shall be governed by the substantive laws of Switzerland, without regards to principle of conflicts of laws thereof.
Any controversy, claim or dispute between a User and the Company arising out of or relating to this Policy shall be subject to the exclusive jurisdiction to the ordinary courts of Lausanne, Switzerland, without prejudice to an appeal to the Swiss Federal Court.
Latest date of issue: June 7, 2019
Keep in touch!
Subscribe to our newsletter