Last updated: 27 March 2019
SwissBorg Token Exchange Ltd, a company with a registered office in Malta, holder of company number C 88877 (hereinafter referred to as “we”, “our”, “us” or the “Company”) is the “Controller”, “Controller of Data” or “Data Controller” under the terms of the Maltese Data Protection Act 2018 and the EU Regulation 2016/679. SwissBorg Token Exchange Ltd’s product is the Community App, hereinafter referred to as “the Application” or “App” or “Community Application” or “Community App”.
The security and protection of your Personal Data is one of our top priorities, and we are committed to protecting and respecting your privacy and managing your Personal Data transparently and in a fair and lawful manner.
This policy, together with our terms and conditions of use and any other documents referred to herein sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. Please read the following to understand our practices in processing your data, as well as your rights regarding your Personal Data and how we will treat it.
Should you have any queries, concerns, requests or complaints in relation to the manner in which we process your Personal Data, you may contact us by email on email@example.com. You also have the right to lodge a complaint before the Information Commissioner’s Office with regard to matters concerning your Personal Data.
The Company shall collect Personal Data from natural persons who are users of the SwissBorg’s Community App as members of the community (hereinafter referred to as the “User” or “Users”).
2.1. SwissBorg Token Exchange Ltd. provides this Policy to describe its procedures regarding the Processing of Personal Data collected while using the Community App. This Policy shall apply to any use of the App, whatever the method or medium used. It gives details on the conditions at which SwissBorg Token Exchange Ltd. may collect, keep, use and save information that relates to you, as well as the choices that you have made in relation to the Collection, Utilisation and Disclosure of your Personal Data.
3.1. By using the App, you acknowledge that the Community App may collect and process a certain Personal Data that relates to you and that you have read and understood this Policy and agree to be bound by it and to comply with all Applicable Laws and regulations. If you do not agree with the terms of this Policy, please do not submit any of your Personal Data and refrain from using the App.
We will always keep your Personal Data private and safe and we will never sell your Personal Data. While Processing Personal Data, SwissBorg Group and its Affiliates will respect the following general principle:
4.1. Fairness and lawfulness: when Processing your Personal Data, your individual rights will be protected. Your Personal Data will be collected and processed lawfully, in a fair manner, in good faith and proportionally to the objective.
4.2. Restriction to a specific purpose: Personal Data handled by us will be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the Personal Data collected is not excessive for the purpose for it is collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.
4.3. Transparency: The Data subject must be informed of how his/her Personal Data is being handled. When the Personal Data is collected, the Data subject must be informed of:
4.4. Consent of the Data subject
Personal Data must be collected directly from the individual concerned and the Consent of the Data subject may be required before Processing Personal Data. The Consent must be obtained in writing or electronically for the purposes of documentation. The Consent is valid only if given voluntarily. If, for any reason, the Consent of the Data subject is not given before Processing Personal Data, this one should be secured in writing as soon as possible after the beginning of the Processing.
Personal Data can be processed without Consent if it is necessary to enforce a legitimate interest of the Company. Legitimate interests are generally of a legal (e.g. filing, enforcing or defending against legal claims) or financial (e.g. valuation of companies) nature. The Processing of Personal Data is also permitted if national legislation requests, requires or allows this.
4.5. Accuracy: Personal Data kept on file must be correct and if necessary, kept up to date.
5.2. Changes: You are responsible to provide us with Personal Data that is correct and inform us of any changes occurring in your data in writing, in order for us to be able to take all reasonable measures to keep our records in your regard accurate and up to date. You have the choice, at any time, not to provide your Personal Data to the Community App; however, do note that failure to provide such Personal Data for us to process may result in being denied the possibility to use the Community App and being unable to continue to provide our products or services to you or pursue any contractual relationship which may be in place between us.
5.3. Personal Data you give us: You may give us Personal Data about you by filling in any forms on the Community App, participating in the Competition, subscribing to a newsletter or by corresponding with us by phone, e-mail or otherwise. This includes Personal Data you provide when you register on the application, use our services or when you report a problem with the App. The Personal Data which you may provide us may include (depending on the nature of your interaction with us) your name, your surname, mobile number, e-mail address, identification.
5.4. Personal Data and information we collect about you: with regard to each of your logins to our App, we may automatically collect the following information:
5.5. Personal Data we receive from other sources
In case we receive Personal Data from other sources, we will have informed you when we collected data, that it may be shared internally and combined with data collected on this application. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Apart from Personal Data, we may collect other types of information which is not related to an individual and which is anonymous. For example, the number of logins within the App, as well as the order to download the application from any application store where the Community App may be downloaded. By collecting this type of information, we aim at improving our customer services.
This policy applies to all information which is received during your visit to or use of the Website, when you subscribe to our newsletter, when you become a User and/or when you participate to a Referendum.
6.1. The following paragraphs describe the various purposes for which we use your Personal Data. Please note that not all of the uses below will be relevant to every individual.
6.2. Generally, the main reason why we collect Personal Data is to enable you to use the application and to take part in the competition, to transfer your tokens to your account once the competition is over, to keep a details list of the Users who participate in the Competition, to keep you updated about the result of the competition and/or advances of the SwissBorg Wealth Management Application (v.1). If you contact us via email to the contacts set out in the terms and conditions of the Community App or on the Community App itself, we will keep a record of that correspondence.
6.3. We collect and process your Personal Data, including data provided by yourself, data we collect about you and data provided by third parties in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act (2018) in the following ways upon the following grounds:
6.4. If you do not want us to use your data in this way, or to pass your details on to specific third parties for marketing purposes, you have the right to withdraw your consent at any time by writing by email on firstname.lastname@example.org. Withdrawal of consent does not affect the legality of data processed prior to such withdrawal:
To safeguard legitimate company interests which requiring processing beyond the fulfilment of contractual obligations such as:
6.5. You shall have the right to object to any of the above-mentioned legitimate company interests as a basis for the processing of Personal Data by contacting us by email on email@example.com. If you submit any objection, we will no longer process your Personal Data unless we can give evidence of mandatory or legitimate reasons for processing, or processing serves the enforcement, exercise, or defence of our company’s legitimate interests.
7.1. We disclose your Personal Data with AWS Amazon Cloud Computing Services.
7.3. Your Personal Data may also be provided to trusted third party processors for the customer care and client communication services, credit reference, fraud prevention, business scoring, credit scoring, placing of monetary deposits, transfer of payments, debt collection and recovery.
7.5. We may share your Personal Data with any member of our group of companies, which means our subsidiaries and our ultimate holding company and its subsidiaries.
7.6. We may share your Personal Data with selected third parties including:
7.8. We will ensure that all companies to which we disclose your Personal Data will only process it in accordance with our instructions and on our behalf, and may only use such data to the extent to which we ourselves are entitled. All such companies and third parties will further be required by us to meet the requirements of data protection legislation and our strict privacy and retention policies to keep your data secure at all times.
7.9. We may, if necessary or authorized by law, provide customer data to law enforcement agencies, regulatory organisations, courts or other public authorities. We attempt to notify our customers about legal demands for their Personal Data unless prohibited by law or court order, or when the request is an emergency. We may dispute such demands when we believe that the requests are disproportionate, vague or lack proper authority, but we do not promise to challenge every demand.
7.10. Your Personal Data shall not be processed for purposes other than those it was collected for; should further processing be required, you will be informed of that purpose and provided with necessary information.
7.11. You shall have the right to object to any of the above-mentioned legitimate company interests as a basis for the processing of Personal Data by contacting our Senior Regulatory Officer by email on firstname.lastname@example.org. If you submit any objection, we will no longer process your Personal Data unless we can give evidence of mandatory or legitimate reasons for processing, or processing serves the enforcement, exercise, or defence of our company’s legitimate interests.
7.12. Unless otherwise stated, the third parties who receive data from us, are prohibited to use this Personal Data beyond what is necessary to provide the product or service to you, directly or by participating in the Community App activities.
8.1. The security of your Personal Data is our priority. We take all physical, technical and organizational measures need to safeguard Personal Data. We will use all reasonable efforts to protect your information in a highly secure data centre, adhering to strict computer security standards. We have put in place privacy protection control systems designed to ensure that our customers’ information remains safe, secure and private.
8.4. Unfortunately, the transmission of our information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your risk. Once we have received your data, we will use strict procedures and security features to try prevent unauthorized access.
8.5. In line with applicable law, we shall, where lawfully obliged, notify the competent authorities and/or you in cases of Personal Data breaches and will keep a log of any such breaches.
9.1. We will process and store your Personal Data for as long as necessary in order to fulfill our contractual, regulatory and statutory obligations. We will assess and respond to requests to delete data and we shall accordingly delete data provided that the data is no longer required in order to fulfill contractual, regulatory or statutory obligations, or the fulfillment of any obligations to preserve records according to law.
9.2. We will normally retain your records for a minimum of five years to comply with legal, regulatory and contractual requirements unless there is the particular reason to hold the records for longer; your Personal Data may be retained for longer periods in the event of prospective or pending debt collecting, legal or law-enforcement proceedings and until such proceedings are formally and definitively concluded.
We apply high industry standards and will always apply adequate technical and organisational measures, in accordance with applicable laws to ensure that your data is kept secure. In the event of a Personal Data breach, we shall without undue delay, and not later than 72 hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Company shall communicate this breach to you, if it is feasible, without undue delay.
11.1. In relation to your Personal Data, you have the right to:
11.2. You shall also have the right to ask us not to process your Personal Data for marketing purposes, including receiving our newsletter. Before collecting your data, we will seek your explicit consent if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can withdraw your consent by contacting our Regulatory Officer by email on email@example.com.
11.3. Access to Data: You have the right to request, free of charge, access to and a copy of your Personal Data as processed by us. The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, we may charge you a reasonable request fee according to applicable laws.
11.4. We may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
11.5. Automatic Decision Making: in establishing and carrying out our business relationship, we generally do not make use of automated decision making. If we use this procedure in individual cases, we shall inform you of this separately, provided it is a legal requirement.
12.1. You also have the right to receive your Personal Data, which you have provided to us with, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance. This right can be exercised by contacting us through our contact form or writing to us on firstname.lastname@example.org, attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
12.2. The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, we may charge you a reasonable request fee according to applicable laws.
12.3. We may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
13.1. SwissBorg Token Exchange Ltd. will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the Processing in order to meet the requirements of the GDPR and protect your rights.
13.2. We will implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which is necessary for each specific purpose of the Processing is processed. This obligation applies to the amount of your Personal Data we collect, the extent of its Processing, the period of storage and their accessibility.
14.1. We hope to be able to answer any questions or concerns you have about your Personal Data. You can get in touch with us at the postal address or email address given in section 17 hereafter.
14.2. You also have the right to make a complaint if you feel your Personal Data has been mishandled or if the Company has failed to meet your expectations. You are encouraged to contact the Company about any complaints or concerns but you are entitled to lodge a complaint directly before the Office of Information and Data Protection Commissioner with regard to matters concerning Personal Data.
To ask questions or make comments on this Policy or to make a complaint about our compliance with applicable privacy laws, please contact us through:
We will acknowledge and investigate any complaint pursuant to this Policy.