Tokenestate SA Privacy policy

June 7th, 2019

 

TOKENESTATE SA is a Swiss Limited Company (“Société anonyme”) registered Rue de la Place-d’Armes 3, 2000 Neuchâtel, Switzerland, under number CHE-258.642.458 (“Company”, “we”, “us”, “our” or “Controller”).

 

To ensure transparency, this Privacy Policy describes our information handling practices when you access content that we own or operate on any websites, pages, features, or content we own or operate (“Site(s)“) and/or when you use our web application or our mobile applications (“Webapp(s)“), our application programming interfaces (“API”) or third party applications and related services (“Third Party Service(s)“).

 

The Company understands that the Collection of Personal Data involves a great deal of trust on your part. We take this trust very seriously and make it our highest priority to ensure the security and confidentiality of the Personal Data you provide us with.

 

This is why we implemented privacy by design and privacy by default standards and undertake to store your Personal Data in a secured way as well as to Process your Personal Data with all appropriate care and attention in accordance with the Federal Data Protection Act (FADPRS 235.1), the Ordinance on the Federal Data Protection Act (RS 235.11) and, where applicable, the General Data Protection Regulation (“GDPR”). Data which is deemed to be personal consists of all the information relating to a person who is either identified or identifiable (“Personal Data”).

 

As part of our commitment to protect your Personal Data in a transparent manner, we want to inform you why and how the Company Collects, uses and stores your Personal Data, the lawful basis on which your Personal Data is Processed and what your rights and our obligations are in relation to such Processing.

 

Capitalized terms not defined in this Privacy (hereinafter: the “Policy”) Policy have the meanings set forth in the Terms.

 

Please read this Policy carefully to understand our policies and practices regarding your Personal Data and how we will treat and Process them.

 

By using the Services and/or visiting or registering on the Site(s), the API, the Webapp (altogether: the “Platform”), you accept the Collection and Processing described below.

 



In this Policy, the following terms shall have the following definitions:

 

Collect means a systematic approach to gathering and measuring Personal Data from the User to achieve a given result.

Consent means any freely given, specific, informed and unambiguous by which you, by a statement or by a clear affirmative action, consent to the Processing of Personal data.

Data controller” means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data and who is in charge of this Processing.

Data subject” means natural or legal persons whose data is processed, whether it is a User or a Visitor.

Disclosure” means making Personal Data accessible, for example by permitting access, transmission or publication.

Force Majeure” means act of God (such as, but not limited to, fires, explosions, earthquakes, drought, tidal waves and floods), any other natural disaster of overwhelming proportions, act of war (whether declared or not), hostilities, invasion, act of foreign enemies, terrorism or civil disorder, rebellion, revolution, insurrection, or military or usurped power, or civil war, contamination by radio-activity from any nuclear fuel, or from any nuclear waste from the combustion of nuclear fuel, radio-active toxic explosive, or other hazardous properties of any explosive nuclear assembly or nuclear component of such assembly, pressure waves from devices travelling at supersonic speeds or damage caused by any aircraft or similar device; riot, commotion, strikes, go slows, lock outs or disorder;acts or threats of terrorism; discontinuation of electricity or water supply; other unforeseeable circumstances beyond the control of the Parties against which it would have been unreasonable for the affected party to take precautions and which the affected party cannot avoid even by using its best efforts.

Personal Data means the User’s personal data, including but not limited to his last name, first name, mailing address, email address and phone number, collected and processed in accordance with the Privacy policy and the Swiss Data Protection Act (RS.235.1).

Platform” means the internet website available at the following address www.tokenestate.io and/or the API or the Webapp made available by the Company to the Users.

Processing means any operation or set of operation which is performed on Personal data or set of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Recipient” means third, public authority, agency or other body – that is, someone or something other than the Data subject or the Company – to which the Personal Data is disclosed.

Service(s)” means the services provided by the Company to a User and/or the services available on the Platform.

User(s)” means user(s) of the Platform provided by the Company.

User account” means an account created by a User on the Platform, including Personal data.

Visitor” means a person or entity using the Platform without having registered as a User.

 



  1. Acceptance of our Policy

 

While visiting or using the Platform or the Services, the Companymay Collect and Process a certain number of Personal Data relating to you.

 

The Policy shall apply to any Visitor or User of the Platform or use of the Services, whatever the method or medium used. It details the conditions at which, we may Collect, keep, use and save information that relates to you, as well as the choices that you have in relation to the Collection, utilization and disclosure of your Personal Data.

 

By visiting or using the Platform or the Services, you acknowledge that you have read and understood this Policy and agree to be bound by it and to comply with all applicable laws and regulations. You also acknowledge that you have read and understood the Terms that apply to the Platform and agree to be bound by them.

 

The Company may modify this Policy from time to time and will post the most current version on the Platform. You will be notified by email and you will be asked to consent to these modifications before they become applicable.

 

By accessing to and/or using the Platform and/or the Services, you signify acceptance to the terms of this Policy. Where we require your consent to Process your Personal Data, we will ask for your consent to the Collection, use, and disclosure of your Personal Data.

 

If you do not agree with or you are not comfortable with any aspect of this Policy, you should immediately discontinue visiting, accessing or using our Platform and/or Services.

 

  1. Purpose of the Collection

 

The Company uses Personal Data mainly for the purpose of improving the user experience and the Platform and targeting the Services to your needs.

 

We and our Service providers may use your information for our legitimate business interests. Our legitimate business interests are explained below, alongside examples of how your Personal Data may be used for these purposes.

 

The main reason why we Collect Personal Data about you is:

 

  • To proceed to the KYC and comply with our AML obligations;

  • to improve the Platform features and the Platform Content;

  • to administer your Account;

  • to identify your needs and target the Services;

  • to fulfill your specific requests through the Platform;

  • to enable you to enjoy and easily navigate the Platform and benefit from the Services;

  • to accomplish our business purposes, especially to comply with a legal obligation, because we have a legitimate interest and/or with your Consent;

  • for specific purposes stated below.

 

The Personal Data will be freely provided by you to the Company or Collected automatically while using the Platform, in accordance with this Policy. In addition to the information contained in this Policy, the Platform may provide Users with additional and contextual information concerning particular services or the Collection and Processing of Personal Data upon request.

 

Personal Data transmitted to the Company by you are controlled by TOKENESTATE SA, Rue de la Place-d'Armes 3, 2000 Neuchâtel, Switzerland.

 

  1. Type of Personal Data Collected

 

Your Consent to this Policy followed by your submission of Personal Data represent your agreement to the Collection, Processing and storage of Personal Data by the Company as described in this Policy.

 

    1. Cookies

 

When accessing to and/or using the Platform and/or the Services, cookies are placed on your computer, mobile or tablet. A cookie is a piece of data stored on your hard drive by the Company’s server. It contains the following data:

 

  • The name of the server that has placed it there

  • An identifier, in the form of a unique number

  • An expiration date (some cookies only)

 

Cookies are managed by the web browser on your computer (like Internet Explorer, Firefox, Safari or Google Chrome).

 

Different types of cookies which have different purposes are used:

 

  • Essential cookies: These cookies are essential to allow you to browse our Platform and use their functionalities. Without them, services such as shopping baskets and electronic invoicing would not be able to work.

 

  • Performance cookies: These cookies Collect information on the use of our Platform, such as which pages are consulted most often. These cookies enable us to optimise our Platform and simplify browsing. These cookies do not Collect any information which could be used to identify you. All the information Collected is aggregated, and, therefore, anonymous.

 

  • Functionality cookies: These cookies enable our Platform to remember the choices you have made when browsing. For example, we can store your geographical location in a cookie so that the Platform corresponding to your area is shown. We can also remember your preferences, such as the text size, font and other customisable aspects of the Platform. The cookies may also be able to keep track of the products or videos consulted to avoid repetition. The information Collected by these cookies cannot be used to identify you and cannot monitor your browsing activity on sites which do not belong to the Company.

 

  • Accepting or refusing cookies: We must remind you that reconfiguration is liable to alter the conditions under which you access any of our services which require the use of cookies. Most browsers allow you to manage your preferred cookies. You can set your browser to refuse or delete certain cookies. As a rule, you can also manage similar technologies in the same way, using your preferred browsers. The following links show you how to set the cookies, depending on the browser used:

 

 

    1. Services

 

Depending on the Services, we Collect:

 

  • personal details such as your name, identification number, date of birth, KYC/AML documents (national identity card or passport, utility bill, payslips, etc.), phone number, physical and electronic address, and family details / status such as the name of your spouse, partner, or children;

  • username, password, settings and preferences;

  • financial information, including payment and transaction records and information relating to your assets (including fixed properties), financial statements, liabilities, taxes, revenues, earnings and investments (including your investment objectives);

  • tax domicile and other tax-related documents and information;

  • where applicable, professional information about you, such as your job title and work experience;

  • your knowledge of and experience in investment matters;

  • details of our interactions with you and the products and services you use;

  • any records of emails/written exchanges/phone calls between you and us;

  • where applicable, details of your nomination of a mandate;

  • identifiers we assign to you, such as your client or account number, including for accounting purposes;

  • when you access our Platform, data transmitted by your browser and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your Operating System, web browser, browser language and requesting domain, and IP address.

 

We may obtain information about you from third party sources as required or permitted by applicable law, such as public databases, credit bureaus, ID verification partners, KCY/AML partners, resellers and channel partners, joint marketing partners, and social media platforms. In the case we obtain any additional information from third parties, you will be notified by email.

 

  1. Purposes for which your Personal Data will be used

 

We will not use your Personal Data for purposes other than those purposes we have disclosed to you, without your Consent.

 

    1. To maintain legal and regulatory compliance

 

Some of our core Services are subject to laws and regulations requiring us to Collect and use your personal identification information, formal identification information, financial information, transaction information, employment information, online identifiers, and/or usage data in certain ways.

 

The Company Collects and Processed your Personal Data in order to comply notably to:

 

  • the Swiss Federal Act on Combating Money Laundering and Terrorist Financing (Anti-Money Laundering Act, AMLA) and its Ordinances (“Loi fédérale concernant la lutte contre le blanchiment d’argent et le financement du terrorisme (LBA) et ses Ordonnances”);

 

  • the Swiss Financial Market Supervisory Authority (FINMA) Ordinance on Combating Money Laundering and Terrorist Financing (“Ordonnance de l’Autorité fédérale de surveillance des marchés financiers sur la lutte contre le blanchiment d’argent et le financement du terrorisme dans le secteur financier (OBA-FINMA)”)

 

    1. To enforce our Terms in our User agreement and other agreements

 

We Process Personal Data, such as your identification and financial data, in order to actively monitor, investigate, prevent and mitigate any potentially prohibited or illegal activities, enforcing our agreements with third parties, and/or violations of our agreements.

 

In addition, we may need to Collect fees based on your use of our Services. We Collect information about your account usage and closely monitor your interactions with our Services. We may use any of your Personal Data Collected on our Services for these purposes. The consequences of not Processing your Personal Data for such purposes is the termination of your Account as we cannot perform our Services in accordance with our Terms.

 

    1. To provide the Services

 

We cannot provide you with Services without being able to use and Process your Personal Data.

 

    1. To provide Service communications

 

We send administrative or account-related information to you to keep you updated about our news (provided you have subscribed to our newsletter) or inform you of relevant security issues or updates to the Platform or the Services, changes of the Terms or to this Policy or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your Account that may affect how you can use our Services.

 

    1. To provide customer service

 

We Process your Personal Data when you contact us to resolve any questions, disputes, Collect fees, or to troubleshoot problems. We may Process your information in response to another customer’s request, as relevant.

 

    1. To ensure quality control

 

We Process your Personal Data for quality control and staff training to make sure we continue to provide you with accurate information. Our basis for such Processing is based on the necessity of performing our contractual obligations with you.

 

    1. To ensure network and information security

 

We Process your Personal Data in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services.

 

    1. For research and development purposes

 

We Process your Personal Data to better understand the way you use and interact with the Services. In addition, we use such information to customize, measure, and improve the Services and the content and layout of our Platform and applications, and to develop new services. Our basis for such Processing is based on legitimate interest.

 

    1. To enhance your experience

 

We Process your Personal Data to provide a personalized experience and implement the preferences you request. For example, you may choose to provide us with access to certain Personal Data stored by third parties.

 

    1. To facilitate corporate acquisitions, mergers, or transactions

 

We may Process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your Personal Data Processed for such purposes.

    1. To engage in marketing activities

 

Based on your communication preferences, you Consent that we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing and to provide you with promotional offers based on your communication preferences. We use Personal Data about your usage of our Services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.

 

  1. Personal Data Disclosure & Sharing

 

    1. Tokenestate’s Staff

 

Our staff use and Process usually Personal Data in order to ensure a consistently high service standard, to provide Services to you.

 

    1. Third Parties

 

When providing products and services to you, we will share Personal Data with persons acting on our behalf or otherwise involved in the transaction (depending on the type of product or service you receive from us).

 

    1. Service providers

 

In some instances, you Consent that we may also share Personal Data with our suppliers and other business partners who provide services to us, such as IT and hosting providers, marketing providers, communication services and printing providers, debt Collection, tracing, debt recovery, fraud prevention, and credit reference agencies, KYC/AML, and others. When we do so we take steps to ensure they meet our data security standards and sign confidentiality agreements, so that your Personal Data remains secure.

 

    1. Public or regulatory authorities

 

If required from time to time, we disclose Personal Data to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.

 

    1. Others

 

If our business is sold to another organization or if it is re-organized, Personal Data will be shared so that you can continue to be provided with the Services.

 

We will usually also share Personal Data with prospective purchasers when we consider selling or transferring part or all of our business. We will in such event take steps to ensure such potential purchasers keep the data secure.

 

You understand and agree that we may need to disclose Personal Data to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others.

 

  1. Location & Transfer of Personal Data

 

Your Personal Data will be stored and hosted in Germany.

 

You hereby expressly Consent to such transfer outside Switzerland but within a country of the European Union where GDPR is applicable.

 

Except where the relevant country has been determined by the Swiss Federal Data Protection and Information Commissioner and the European Commission to provide an adequate level of protection, the Company requires its recipients to comply with appropriate measures designed to protect Personal Data contained within a binding legal agreement. A copy of these agreements can be obtained by contacting by writing the Company using the details in section 15 of this Policy. If and to the extent required by applicable law, we implement the necessary legal, operational and technical measure and/or enter into an agreement with you before such international transfers.

 

  1. Processors

 

As Controller of your Personal Data, we work with Processors in order to provide high quality of the Services. All our Processors are GDPR compliant and agreements have been setup between them and us in order to define exactly which Personal Data are shared and which legal requirements should be applied.

 

  1. Retention of Personal Data

 

We will only retain Personal Data for as long as necessary to fulfil the purpose for which it was Collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your Personal Data depending on its purpose, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.

 

  1. Children

 

We do not request to Collect or Process Personal Data from any person under the age of 18. If a User submitting Personal Data is suspected of being younger than 18 years of age, the Company will require the User to close his or her account and will not allow the User to continue using any Service. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.

 

  1. Security of your Personal Data

 

The security of your Personal Data is very important to us. The Company Processes your Personal Data in a proper manner and shall take appropriate technical and organizational measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of your Personal Data.

 

We use internal rules with our staff and partners and use software, hardware, IT providers and datacenters which provide maximum security.

 

Our Services use strong cryptographic standards such as HTTPS protocol.

 

We follow the evolving of the technology and the Art in order to continuously offer the best quality, security and protection of our Services. We continuously assess and change our internal procedures accordingly with our staff, partners and providers.

 

The Personal Data Processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Company, in some cases, the Personal Data may be accessible to certain types of persons in charge, involved with the operation of the Platform (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data Processors by the Company. The updated list of these parties may be requested from the Data Controller at any time.

 

You shall be solely responsible to keep your password and other information relating to your Account confidential and not allow any third party to access and use your Account. In the event that your Personal Data is unduly accessed, or is reasonably believed to have been unduly accessed, by an unauthorized person and applicable law requires notification, the Company shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Company shall communicate this breach to you without undue delay.

 

YOU HOWEVER ACKNOWLEDGE THAT THE USE OF THE INTERNET IS NOT SAFE AND THAT THERE ARE CERTAIN INHERENT RISKS TO YOUR PERSONAL DATA. THE COMPANY SHALL MAKE REASONABLE EFFORTS TO PROTECT YOUR PERSONAL DATA BUT IT CANNOT GUARANTEE OR WARRANT THAT PERSONAL DATA YOU PROVIDE TO THE COMPANY IS SAFE AND PROTECTED FROM UNAUTHORIZED THIRD PARTY ACCESS AND THEFT AND, THEREFORE, WAIVES ALL LIABILITY IN THIS RESPECT. IN NO EVENT, SHALL THE COMPANY BE HELD LIABLE FOR CIRCUMVENTION OF ANY PRIVACY SETTINGS, VIRUSES OR SECURITY MEASURES CONTAINED ON THE PLATFORM.

 

  1. Liabilities

 

Although the security of your data is protected with our best effort, you agree that the Company should not, in any case, be held responsible for any lost, damages, unauthorized manipulation, access or modification in case of events beyond our control, such as and not limited to:

 

  • Any electronic attack (not exhaustive): DDoS, Penetration, Brute-Force, Stolen Key;

 

  • Malicious attack (not exhaustive): Fishing by email/writing/call, MITM, Fake News;

 

  • Unsafe behaviour (not exhaustive): weak or disclosed user/password, Stolen user/password, Stolen Key;

 

  • Illegal Activities (not exhaustive): Fake ID, Stolen ID, physical break-in;

 

  • Any hardware or software malfunction;

 

  • Communications with unsecure means (not exhaustive): email, phone, SMS, Fax;

 

  • Force majeure.

 

 

  1. Google Analytics

 

The Platform uses Google Analytics, an Internet Platform analysis service supplied by Google Inc. (“Google”). Google Analytics uses cookies which are text files placed on your computer to help to analyse the use made of the Platform by its Users. The data generated by the cookies concerning your use of the Platform (including your IP address) will be forwarded to, and stored by, Google on servers located outside of Switzerland. Google will use this information to evaluate your use of the Platform, compile reports on Platform activity for its publisher and provide other services relating to the activity of the Platform and the use of the internet. Google may release these data to third parties if there is a legal obligation to do so or when the third parties Process these data for the account of Google including, in particular, the publisher of this Platform. Google will not cross-reference your IP address with any other data held by Google.

 

You may deactivate the use of cookies by selecting appropriate parameters on your web browser. However, deactivation of this kind might prevent the use of certain functions of this Platform. By using this Platform, you specifically Consent to the Processing of your Personal Data by Google under the conditions and for the purposes described above.

 

  1. Yours Rights

 

You have a right to ask the Company to rectify inaccurate Personal Data we Collect and Process and the right to request restriction of your Personal Data pending such a request being considered. Where we Process your Personal Data on the basis of your consent, you have the right to withdraw that consent at any time. Please also note that the withdrawal of consent shall not affect the lawfulness of Processing based on consent before its withdrawal.

 

You have a right to ask us to stop Processing your Personal Data, or to request deletion of your Personal Data – these rights are not absolute (as sometimes there may be overriding interests that require the Processing to continue, for example), but we will consider your request and respond to you with the outcome. When Personal Data are Processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing.

 

You may object to direct marketing by clicking the “unsubscribe” link in any of our emails to you, or by contacting us by writing at the address set out in section 15. Where we Process your Personal Data on the basis of your consent, or where such Processing is necessary for entering into or performing our obligations under a contract with you, you may have the right under applicable data protection laws to request your Personal Data be transferred to you or to another controller.

 

You have the right to ask the Company for a copy of some or all of the Personal Data we Collect and Process about you. In certain circumstances the Company may Process your Personal Data through automated decision-making, including profiling.

 

Where this takes place, you will be informed of such automated decision-making that uses your Personal Data, be given information on the logic involved, and be informed of the possible consequences of such Processing. In certain circumstances, you can request not to be subject to automated decision-making, including profiling. You can exercise the rights by contacting us by writing using the details in section 15 of this notice.

 

Right to withdraw consent. You have the right to withdraw your consent to the Processing of your Personal Data Collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of the Company’s Processing based on consent before your withdrawal.

 

Right of access to and rectification of your Personal Data. You have a right to request that we provide you a copy of your Personal Data held by us. This information will be provided without undue delay subject to some fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your Personal Data held by the Company that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.

 

Right to erasure. You have the right to request erasure of your Personal Data that: (i) is no longer necessary in relation to the purposes for which it was Collected or otherwise Processed; (ii) was Collected in relation to Processing that you previously consented, but later withdraw such consent; or (iii) was Collected in relation to Processing activities to which you object, and there are no overriding legitimate grounds for our Processing. If we have made your Personal Data public and are obliged to erase the Personal Data, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are Processing your Personal Data that you have requested the erasure of any links to, or copy or replication of your Personal Data. The above is subject to limitations by relevant data protection laws.

 

Right to data portability. If we Process your Personal Data based on a contract with you or based on your consent, or the Processing is carried out by automated means, you may request to receive your Personal Data in a structured, commonly used and machine-readable format, and to have us transfer your Personal Data directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of your Personal Data.

 

Right to restriction of or Processing. You have the right to restrict or object to us Processing your Personal Data where one of the following applies:

You contest the accuracy of your Personal Data that we Processed. In such instances, we will restrict Processing during the period necessary for us to verify the accuracy of your Personal Data.

 

The Processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of its use instead. We no longer need your Personal Data for the purposes of the Processing, but it is required by you to establish, exercise or defence of legal claims. You have objected to Processing, pending the verification whether the legitimate grounds of Coinbase’s Processing override your rights.

 

Restricted Personal Data shall only be Processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.

 

Notification of erasure, rectification and restriction. We will communicate any rectification or erasure of your Personal Data or restriction of Processing to each recipient to whom your Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.

 

Right to object to Processing. Where the Processing of your Personal Data is based on consent, contract or legitimate interests you may restrict or object, at any time, to the Processing of your Personal Data as permitted by applicable law. We can continue to Process your Personal Data if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law.

 

Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated Processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.

 

Right to lodge a complaint. If you believe that we have infringed your rights, we encourage you to contact us by writing using the details in section 15 of this notice so that we can try to resolve the issue or dispute informally.

 

You can also complain about our Processing of your Personal Datato:

 

  1. Contact

 

General information requests may be addressed by e-mail to our Data Protection Officer: dpo@tokenestate.io

 

We will answer within 3 working days.

 

Any request regarding your Personal Data should be made by writing with a proof of your identity to:

 

TOKENESTATE SA

Anne-Marie Jolivalt

Data Protection Office

Rue de la Place d’Armes 3

CH-2000 Neuchâtel

Switzerland

 

Our representative in the European Union is:

 

LYRAE TECHNOLOGY

SOCIÉTÉ PAR ACTIONS SIMPLIFIÉE À ASSOCIÉ UNIQUE 

Mme Anne-Marie Jolivalt

1365 RTE DE LASNELAZ

74930 PERS JUSSY

FRANCE

EMAIL: am.jolivalt@gmail.com

 

Be aware that communicating by e-mail/SMS/phone/FAX do not ensure confidentiality, integrity and authenticity. We will not answer to any request which will be considered unsafe or not ensuring your identity authenticity.

 

  1. Relevant Authorities

 

In Switzerland: any notice regarding this Policy and/or the Collection and/or Processing of Personal Data shall be made to the Swiss Federal Data Protection and Information Commissioner:

 

Office of the Federal Data Protection and Information Commissioner FDPIC

Feldeggweg 1

CH – 3003 Berne

 

In the European Union: any notice regarding this Policy and/or the Collection and/or Processing of Personal Data shall be made to:

 

Austria

 

Österreichische Datenschutzbehörde

Wickenburggasse 8

1080 Wien

Tel. +43 1 52152 2550

email: dsb@dsb.gv.at

Website: http://www.dsb.gv.at/

 

Belgium

 

Autorité de la protection des données (APD-GBA)

Rue de la Presse 35

1000 Bruxelles

Tel. +32 2 274 48 00

Fax +32 2 274 48 35

email: contact@apd-gba.be

Website: https://www.autoriteprotectiondonnees.be/

Member: Mr Willem Debeuckelaere, President

 

Bulgaria

 

Commission for Personal Data Protection

2, Prof. Tsvetan Lazarov blvd.

Sofia 1592

Tel. + 359 2 915 3580

Fax +359 2 915 3525

email: kzld@cpdp.bg

Website: https://www.cpdp.bg/

 

Croatia

 

Croatian Personal Data Protection Agency

Martićeva 14

10000 Zagreb

Tel. +385 1 4609 000

Fax +385 1 4609 099

email: azop@azop.hr

Website: http://www.azop.hr/

 

Cyprus

 

Commissioner for Personal Data Protection

1 Iasonos Street,

1082 Nicosia

P.O. Box 23378, CY-1682 Nicosia

Tel. +357 22 818 456

Fax +357 22 304 565

email: commissioner@dataprotection.gov.cy

Website: http://www.dataprotection.gov.cy/

 

Czech Republic

 

Office for Personal Data Protection

Pplk. Sochora 27

170 00 Prague 7

Tel. +420 234 665 111

Fax +420 234 665 444

email: posta@uoou.cz

Website: http://www.uoou.cz/

 

Denmark

 

Datatilsynet

Borgergade 28, 5

Tel. +45 33 1932 00

Fax +45 33 19 32 18

email: dt@datatilsynet.dk

Website: http://www.datatilsynet.dk/

 

Estonia

 

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

Väike-Ameerika 19

10129 Tallinn

Tel. +372 6274 135

email: info@aki.ee

Website: http://www.aki.ee/

 

European Data Protection Supervisor

 

Rue Wiertz 60

1047 Bruxelles/Brussel

Office: Rue Montoyer 30, 6th floor

Tel. +32 2 283 19 00

Fax +32 2 283 19 50

email: edps@edps.europa.eu

Website: http://www.edps.europa.eu/EDPSWEB/

 

Finland

 

Office of the Data Protection Ombudsman

P.O. Box 800

FIN-00521 Helsinki

Tel. +358 29 56 66700

Fax +358 29 56 66735

email: tietosuoja@om.fi

Website: http://www.tietosuoja.fi/en/

 

France

 

Commission Nationale de l’Informatique et des Libertés – CNIL

3 Place de Fontenoy

TSA 80715 – 75334 Paris, Cedex 07

Tel. +33 1 53 73 22 22

Fax +33 1 53 73 22 00

email:

Website: http://www.cnil.fr/

 

Germany

 

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

Husarenstraße 30

53117 Bonn

Tel. +49 228 997799 0; +49 228 81995 0

Fax +49 228 997799 550; +49 228 81995 550

email: poststelle@bfdi.bund.de

Website: http://www.bfdi.bund.de/

 

Greece

 

Hellenic Data Protection Authority

Kifisias Av. 1-3, PC 11523

Ampelokipi Athens

Tel. +30 210 6475 600

Fax +30 210 6475 628

email: contact@dpa.gr

Website: http://www.dpa.gr/

 

Hungary

 

Hungarian National Authority for Data Protection and Freedom of Information

Szilágyi Erzsébet fasor 22/C

H-1125 Budapest

Tel. +36 1 3911 400

email: peterfalvi.attila@naih.hu

Website: http://www.naih.hu/

 

Ireland

 

Data Protection Commission

21 Fitzwilliam Square

Dublin 2

D02 RD28

Ireland

Tel. +353 76 110 4800

email: info@dataprotection.ie

Website: http://www.dataprotection.ie/

 

Italy

 

Garante per la protezione dei dati personali

Piazza di Monte Citorio, 121

00186 Roma

Tel. +39 06 69677 1

Fax +39 06 69677 3785

email: garante@garanteprivacy.it

Website: http://www.garanteprivacy.it/

 

Latvia

 

Data State Inspectorate

Blaumana str. 11/13-15

1011 Riga

Tel. +371 6722 3131

Fax +371 6722 3556

email: info@dvi.gov.lv

Website: http://www.dvi.gov.lv/

 

Lithuania

 

State Data Protection Inspectorate

A. Juozapaviciaus str. 6

LT-09310 Vilnius

Tel. + 370 5 279 14 45

Fax +370 5 261 94 94

email: ada@ada.lt

Website: http://www.ada.lt/

 

Luxembourg

 

Commission Nationale pour la Protection des Données

1, avenue du Rock’n’Roll

L-4361 Esch-sur-Alzette

Tel. +352 2610 60 1

Fax +352 2610 60 29

email: info@cnpd.lu

Website: http://www.cnpd.lu/

 

Malta

 

Office of the Information and Data Protection Commissioner

Second Floor, Airways House

High Street, Sliema SLM 1549

Tel. +356 2328 7100

Fax +356 2328 7198

email: idpc.info@idpc.org.mt

Website: http://www.idpc.org.mt/

 

Netherlands

 

Autoriteit Persoonsgegevens

Bezuidenhoutseweg 30

P.O. Box 93374

2509 AJ Den Haag/The Hague

Tel. +31 70 888 8500

Fax +31 70 888 8501

Website: https://autoriteitpersoonsgegevens.nl/nl

 

Poland

 

Urząd Ochrony Danych Osobowych (Personal Data Protection Office)

ul. Stawki 2

00-193 Warsaw

Tel. +48 22 531 03 00

Fax +48 22 531 03 01

email: kancelaria@uodo.gov.pl; zwme@uodo.gov.pl

Website: https://uodo.gov.pl/

 

Portugal

 

Comissão Nacional de Protecção de Dados – CNPD

Av. D. Carlos I, 134, 1º

1200-651 Lisboa

Tel. +351 21 392 84 00

Fax +351 21 397 68 32

email: geral@cnpd.pt

Website: http://www.cnpd.pt/

 

Romania

 

The National Supervisory Authority for Personal Data Processing

B-dul Magheru 28-30

Sector 1, BUCUREŞTI

Tel. +40 31 805 9211

Fax +40 31 805 9602

email: anspdcp@dataprotection.ro

Website: http://www.dataprotection.ro/

 

Slovakia

 

Office for Personal Data Protection of the Slovak Republic

Hraničná 12

820 07 Bratislava 27

Tel.: + 421 2 32 31 32 14

Fax: + 421 2 32 31 32 34

email: statny.dozor@pdp.gov.sk

Website: http://www.dataprotection.gov.sk/

 

Slovenia

 

Information Commissioner of the Republic of Slovenia

Ms Mojca Prelesnik

Dunajska 22

1000 Ljubljana

Tel. +386 1 230 9730

Fax +386 1 230 9778

email: gp.ip@ip-rs.si

Website: https://www.ip-rs.si/

 

Spain

 

Agencia Española de Protección de Datos (AEPD)

C/Jorge Juan, 6

28001 Madrid

Tel. +34 91399 6200

Fax +34 91455 5699

email: internacional@agpd.es

Website: https://www.agpd.es/

 

Sweden

 

Datainspektionen

Drottninggatan 29

5th Floor

Box 8114

104 20 Stockholm

Tel. +46 8 657 6100

Fax +46 8 652 8652

email: datainspektionen@datainspektionen.se

Website: http://www.datainspektionen.se/

 

United Kingdom

 

The Information Commissioner’s Office

Water Lane, Wycliffe House

Wilmslow – Cheshire SK9 5AF

Tel. +44 1625 545 700

email: casework@ico.org.uk

Website: https://ico.org.uk

 

Iceland

 

Persónuvernd

Rauðarárstígur 10

105 Reykjavík

Tel: +354 510 9600

email: postur@dpa.is

Website: https://www.personuvernd.is or https://www.dpa.is

 

Liechtenstein

 

Data Protection Office, Principality of Liechtenstein

Städtle 38

9490 Vaduz

Principality of Liechtenstein

Tel. +423 236 6090

email: info.dss@llv.li

Website: https://www.datenschutzstelle.li

 

Norway

 

Datatilsynet

Tollbugata 3

0152 Oslo

Tel +47 22 39 69 00

email: postkasse@datatilsynet.no

Website: www.datatilsynet.no

 

  1. Links

 

If any part of the Platform contains links to third party’s Platforms or pages, those third party’s Platforms or pages do not operate under this Policy. If you choose to visit third party Platforms or pages, you will be directed to these third party's Platforms or pages. We do not exercise control over third party Platforms and therefore recommend you to examine the privacy statements posted on these other Platforms or pages to understand their procedures for Collecting, using, and disclosing Personal Data. We reject any liability relating to the privacy policy in force on said third party’s Platform, the Collection and use of your Personal Data by the latter and relating to the contents of said Platforms (whether the links are hypertext links or deep-links).

 

  1. Third party disclosure

 

Your Personal Data may be accessed and stored as necessary for the uses stated above in accordance with this Policy. While the Company may share your Personal Data with agents and contractors in order to perform the functions listed above, including hosting services and Platform management, we require that they treat your Personal Data, and limit their use, in accordance with the standards specified in this Policy.

 

When you use the Platform, you submit information to the Company that we store in order to offer you personalized features.

 

In any case where cross-border transfer is done, we ensure that an adequate protection is guaranteed for Personal Data to be transferred outside of Switzerland and the EEA. In some specific cases when this level of protection is not guaranteed, we will obtain your prior Consent or establish with the recipient of Personal Data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting us.

 

Unless otherwise stated, the third parties who receive data from the Company are prohibited to use this Personal Data beyond what is necessary to provide the service to you, directly or by participating to our activities.

 

For any question and/or compliance aspects, please contact: dpo@tokenestate.io.

 

 

  1. Compliance with Laws and Law Enforcement

 

The Company may share your Personal Data to relevant third parties, in particular if we are requested to do so to comply with a court order or law enforcement authorities request, or if we find it necessary, as determined in our sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest, in case of violations of the Terms and Conditions or as otherwise required or permitted by law.

 

  1. Jurisdiction and Applicable Law

 

This Policy and all matters arising out of or relating to it shall be governed by the substantive laws of Switzerland, without regards to principle of conflicts of laws thereof.

 

Any controversy, claim or dispute between a User and the Company arising out of or relating to this Policy shall be subject to the exclusive jurisdiction to the ordinary courts of Lausanne, Switzerland, without prejudice to an appeal to the Swiss Federal Court.

 

 

Latest date of issue: June 7, 2019

Keep in touch!

Subscribe to our newsletter