Privacy Policy

This privacy notice applies to Helvetic Digital Finance AG and its brand Helvetic, which sometimes use trading names including Helvetic (together “Helvetic” or “we” or “our”).

This notice shows our commitment to protect your privacy rights and sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. It applies to:

• the website/portal features and services provided to you when you visit our websites, portals or our payment panels our clients may use on their websites;
• your use of software including terminals, mobile and desktop applications provided by Helvetic; and
• email, other electronic messages including SMS, telephone, web chat, website/portal and other communications between you and Helvetic.
• Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

You may provide some information to us, for example when you enquire for or make an application for the Helvetic Services, register to use and/or use any Helvetic Services, by filling in forms on one of our websites, participating in one of our events or by corresponding with by us phone, e-mail, web chat or otherwise. We may collect some of it through automatic means, for example by using cookies when you visit our websites. Read our Cookie Statement to know more. We may also obtain data about you from third parties, like credit reference and fraud prevention agencies.

TRACKING OPTION FOR USERS OPERATING IOS 14.5, IPADOS 14.5, TVOS 14.5 AND LATER

We use the AppTrackingTransparency framework for users operating iOS 14.5, iPadOS 14.5 and later, to obtain your permission to track you for the purpose of providing you with an improved functioning of the system as well as better and personalized ad experience in the future. If you allow, the gathered data will be used entirely to improve the system and to determine the most suitable ads to show on the application when we decide to include such functionality.

We use the AppTrackingTransparency framework for users operating iOS 14.5, iPadOS 14.5 and later, to obtain your permission to track you for the purpose of providing you with an improved functioning of the system as well as better and personalized ad experience in the future. If you allow, the gathered data will be used entirely to improve the system and to determine the most suitable ads to show on the application when we decide to include such functionality.

The AppTrackingTransparency framework will present an app-tracking authorization request to the user containing the abovementioned purpose of tracking the user.

USES OF THE INFORMATION

We use information we collect about you to provide you with the products we offer, to notify you about changes to our products and to improve our products. We also use this information to provide you with information about other products we or selected third parties offer which are similar to the ones you have used or enquired about or we think may be of interest to you. If you use one of our financial products, we will also use your information to assess your financial situation and to try to identify and prosecute possible frauds.

By registering for an account on this platform or subscribing to our newsletter, you hereby agree and consent to receive direct marketing emails from the platform operator, as well as any affiliated companies, partners, or subsidiaries. These marketing communications may include, but are not limited to, promotional offers, product updates, newsletters, and other information related to the platform and its services. You acknowledge that the receipt of these direct marketing emails is a condition of your registration and continued use of the platform. If you do not wish to receive marketing emails, you can opt-out or cancel at any time by responding to an email with an unsubscribe request, adjusting your email preferences, or by contacting our support team. However, please note that certain essential service-related communications may still be sent to you, as required for the proper functioning of your account and the platform.

DISCLOSURE OF YOUR INFORMATION

We will not disclose your personal data to anyone except as described in this notice. We may share your personal information with third parties to provide you with the products we offer, including service providers, credit reference agencies and financial institutions. We may also share your personal information with third parties to prevent crime and reduce risk, if required to do so by law, where we deem it appropriate to do so, to respond to legal process or to protect the rights or property of Helvetic, our customers or others.

WHERE WE STORE YOUR PERSONAL DATA AND DATA SECURITY

The information Helvetic collects from you may be transferred to, stored at and processed by recipients located in destinations outside the European Economic Area (“EEA”). These countries may have data protection standards that are different to (and, in some cases, lower than) those in which you reside. We will take all steps necessary to ensure that the recipients will use and protect your information in the same secure way that we do.

If we have given you (or if you have chosen) a password, access code or any other secure means or access or authentication which enables you to access certain parts of our site, you are responsible for keeping this password confidential and complying with our instructions. You must not share your password or other login credentials with anyone, and you hereby authorise Helvetic to act upon instructions and information from any person that enters your credentials.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site, unless you are communicating with us through a secure channel provided by us. Once we have received your information, we will use strict procedures and security features in an effort to prevent unauthorised access.

YOUR RIGHTS

Where applicable, you may have certain rights under data protection legislation, including the right to access, correct, update or delete your personal information; object to or restrict its processing; request to transfer certain of your personal information to another service provider (so called, data portability); or to revoke any consent you have given.

However, please note that there are exceptions to those rights. For the full explanation of the rights available, please refer to our Comprehensive Privacy Policy.

AUTOMATED DECISION MAKING

Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review.

For example, we use automated decisions to complete a credit assessment on you when you apply to financial services of Helvetic, or to carry out anti-fraud checks on the transactions you perform. However, if you are in the European Union, you have the right to object to the automated decision and have it manually reviewed based also on information that you can provide. You can contact us at the details below to exercise your right.

LEGAL BASIS FOR PROCESSING

Helvetic will process your personal information only when we have one of the following grounds:

• On the basis of your consent, for example to send you marketing messages;
• Where necessary to enter into a contract with you and perform our obligations under that contract;
• Where we have a legitimate interest, subject to such processing not overriding your own rights and freedoms;
• Where we have a legal obligation to collect your personal information or otherwise need your personal information to protect your vital interests or those of another person;
• Exceptionally, when necessary in the public interest, for example when law enforcement agencies request information to investigate a crime.

CHANGES TO OUR PRIVACY NOTICE

Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, you will be notified by e-mail. Please check back frequently to see any updates or changes to this privacy notice.

CONTACT US

At Helvetic, we welcome all comments, queries and requests relating to our use of your information.

Our Data Protection Officer is the person in charge of ensuring our company adheres to this privacy notice. This person is also the main contact for our Data Protection Supervisory Authority. If you wish to exercise any of your rights or receive further information concerning Helvetic (to which this notice applies), you should write to our Data Protection Officer (DPO) at [email protected] or at the address below:

Helvetic Digital Finance AG, Banhoffplatz, CH-6300 Zug, Switzerland

PRIVACY NOTICE (COMPREHENSIVE VERSION)

This privacy notice applies to Helvetic Digital Finance AG and its brand Helvetic, which sometimes use trading names including Helvetic (together “Helvetic” or “we” or “our”).

This notice shows our commitment to protect your privacy rights and sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. It applies to:

the website/portal features and services provided to you when you visit our websites, portals or our payment panels our clients may use on their websites; your use of software including terminals, mobile and desktop applications provided by Helvetic; and email, other electronic messages including SMS, telephone, web chat, website/portal and other communications between you and Helvetic.

The Helvetic Website is not intended for the use by anyone under the age of 18. If you are below the age of 18, you may not use the Helvetic Website.

We ask that you read this Policy carefully as it contains important information about what to expect when we collect personal information about you and how we will use your personal data.

I. INTRODUCTION

The aim of this Policy is to set out the purposes for which, and the manner in which, we may collect and use personal information obtained about you. By either registering as a user of any services provided by us on the Helvetic Website, and/or by using the Helvetic Website, you consent and to this use by us. You may choose not to provide any information to Us, however Helvetic may be unable to provide services.

Your use of Helvetic Website is also governed by our online Terms and Conditions. Please ensure you have read the Terms and Conditions as well as this Policy. Please pay attention to the fact that Helvetic may update this Privacy Policy from time to time, therefore please do review it regularly.

Your personal data controller is Helvetic as specified in the Terms & Conditions. We have appointed a data protection officer (“DPO”) and you can contact our DPO via email at [email protected].

We comply with the applicable data protection laws, in particular the Swiss Data Protection Act (SDPA) and the EU General Data Protection Regulation (GDPR), where applicable. For individuals who reside in the European Economic Area (including the United Kingdom) (collectively “EEA Residents”), pursuant to Article 6 of the EU General Data Protection Regulation (GDPR) or any equivalent legislation (collectively “EEA Data Protection Law”), we process this personal information based on our Terms of Use (Agreement) with you to comply with our legal obligations, to satisfy our legitimate interests as described above and to satisfy on your consent.

Security is highly important to us. We take all reasonable measures to protect personal data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, including industry standard security and encryption features.

If the Profile is opened by a legal person, the Head or other representative of the Client must clearly inform data subjects (Beneficial owners, Head, etc.) about the transfer of their data to Us and ensure to present this Privacy Policy to them.

II. DEFINITIONS

„Account“ shall mean the contractual arrangement wherein a Helvetic member has accepted our Terms of Use and Privacy Policy, and received approval to use the Helvetic Services, including the purchase and sale of Bitcoins and to perform associated Transactions.

„AML“ shall mean anti-money laundering and counter-terrorism financing regulations.

„DPL“ shall mean data protection law applicable to Helvetic, including the Swiss Data Protection Act, draft of September 2017, its successors or implementing texts as well as equivalent legislation, which applies to the processing of Personal Data by Helvetic.

„Personal data“ shall mean any information that identifies an individual, such as name, address, e-mail address, trading information, and banking details. Personal Data does not include anonymised and/or aggregated data that does not identify a specific user.

„Service(s)“ shall mean the technological platform, functional rules and market managed by Helvetic to permit Sellers and Buyers to perform purchase and sale transactions of Bitcoins and/or other Cryptocurrencies.

„Supervisory institutions“ shall mean d’Organisme de Surveillance pour Intermédiaires Financiers & Trustees (“SOFIT”), Swiss Financial Market Supervisory Authority (FINMA), or other institutions that directly or indirectly supervise our activity.

„Helvetic platform“ shall mean hardware and software technologies used by Helvetic to provide the Helvetic Service as set out in our Terms of Use.

„Transaction“ shall include the following:

• The action between the Member to Buy and/or Sell cryptocurrencies through the Service for currencies at the market rate.
• The transfer of cryptocurrencies between Members (“Transfer Transaction”);
• The transfer of currencies among Members (“Currency Transfer Transaction”); and
• Helvetic may not offer all these transaction types at this time.

„You“ or „Your“ or „the Client“ shall mean the natural person who is contracting with us, making payment to our System or representative, Beneficial owner on whose behalf the Personal data is provided.

Other terms in this Privacy Policy are used as defined in our online Terms & Conditions.

III. THE PURPOSES OF PROCESSING

1. Data collection and use of personal information

We collect and process Your data for the following purposes:

• a) Provision of Payment services; Verification of the identity; prevention of fraud, money laundering, counter-terrorist financing, other financial crimes; implementation of other obligations under AML requirements;
• b) Notification about changes in our Services and dispute prevention;
• c) Dispute settlement;
• d) Marketing;

A. Provision of Payment services; Verification of the identity; prevention of fraud, money laundering, counter-terrorist financing, other financial crimes;

Implementation of other obligations under AML requirements

1. Helvetic is required by law to verify your identity, monitor transactions of the Client, prevent fraud, money laundering, counter-terrorist financing, other financial crimes, properly implement obligations of payment service provider and comply with AML regulations.
2. For this purpose, We may collect below data about the natural person client or representative of the legal person client:
   • Identity data: name, surname, personal identification number or other unique sequence of symbols assigned to the person for identification purposes, date of birth, personal identification document number, copy of personal identification document, nationality or the state which has issued the personal identification document, country of residence, ID number in Helvetic system, Account number in Helvetic system, face photo, etc. („Identity data“);
   • Contact data: address, phone number, email address, etc. („Contact data“);
   • KYC data: account number on other payment service providers, checks on public and private registries, fraud, money laundering, counter-terrorist financing and other financial crimes prevention agencies, employer, position, address, occupation, used Services, payment and other transactions, turnover, source of funds, countries from to which funds will be received / transferred, information of political involvement, other data of monitoring of Client’s activity, etc. („KYC data“);
   • Device information: OS of device, browser type and version used for access to Profile, IP and location, time zone setting, etc. („Device information“);
   • Financial information: bank account numbers, bank statement, and trading information; („Financial information“);
   • Online Identifiers: Geo location/tracking details, browser fingerprint, OS, browser name and version, and/or personal IP addresses; („Online Identifiers“);
   • Usage Data: Survey responses, information provided to our support team, public social networking posts, authentication data, security questions, user ID, click-stream data and other data collected via cookies and similar technologies. Please read our Cookie Statement for more information. („Usage data“);
   • Helvetic payment card information: number and CVC code of payment card, PIN code, relevant expiry dates, etc. („Payment card information“);
   • Any other information that you or your customer provide to us.
3. We may also collect and process Identity data about Beneficial owners of legal entity. Also, Identity data might be collected and processed about Head of legal entity if Profile has been opened by other representative of the Client;
4. We may collect data from You and from third parties. We may search publicly available information about You in order to Verify your identity, process transactions, detect and prevent fraud or other similar purposes.
5. We collect data mentioned above as We are required by law and We need this information as to enter contractual relationship with the Client. If you or a representative of legal entity won’t provide required data, We may refuse to enter into contractual relationship and provide Services for the Client.
6. We may provide your data to: supervisory institutions, banking and financial services partners, other payment service providers, payment card manufacturing/personalization and delivery companies, companies that provide identification and sanctions/watch lists screening, transaction monitoring services, government institutions, attorneys, bailiffs, pre-trial investigation institutions, courts, auditors, debt recovery agencies, companies that handle joint debtor data files, fraud, money laundering, terrorist financing and other financial crimes prevention agencies, other subjects that have legitimate interest or Your acceptance.
7. We process personal data for as long as is necessary for the relevant purpose(s) or as required by law (e.g., our tax obligations, AML obligations and obligations to retain business records).
8. We may provide your data to third countries as to perform Your payment transaction to third country recipient or using third country partners services for the payment transaction, in which case we ensure that there is adequate protection for such personal data either by ensuring that the transfer is made on the basis of an adequacy decision (such as the EU-CH adequacy decision), or by use of safeguards described in Art. 6 of the SDPA respectively Article 46 of the GDPR. In some cases, we may transfer your data to countries without adequate data protection, provided that the requirements under the applicable data protection laws, such as your explicit consent, are met.

```html

B. Notification about changes in our Services and dispute prevention

1. We are required by law to notify You about changes in our Services and Terms & Conditions for provision of services. These notifications are not marketing material and are to be provided as required by law. According to this, You shall not have the right to object to receiving such notifications. For this purpose, we may process Your Contact data.
2. We process the above-mentioned data as We are required by law and for the performance of the contract with the client.
3. You can also refer to Us requiring information from Us, to consult with Us about our Services or to inform Us about unauthorized payments, demand to block Your payment instrument or ask to provide other information. You may contact Us by phone or email. As You contact Us, We may process Your Identity data, Contact data, Device data, also record our phone conversations and store content of our correspondence and history of it.
4. Above mentioned data is processed:
   • As You refer to Us by phone: for the purposes of the legitimate interests pursued by Us to prevent disputes between You and Us about proper provision or receiving of information.
   • As You refer to Us by email or letter: data is collected for the law requirement purposes and for the purposes of the legitimate interests pursued by Us to prevent disputes between You and Us about proper provision or receiving of information.
5. Your data may be provided to supervisory institutions, attorneys, pre-trial investigation institutions, courts, auditors, debt recovery agencies, companies that handle joint debtor data files, other subjects having Your acceptance.

C. Dispute Settlement

1. Before starting a dispute with Us, firstly You should contact Helvetic so that we can handle your complaint and satisfy it benevolently if it is well-grounded. If you are not satisfied with our reply, You can address competent authority according to Our Complaints policy.
2. As the dispute may arise, for dispute settlement purposes, We may collect and process such data: Identity data, Contact data, KYC data, also data provided in Your claim and its supplements, other data needed to investigate Your claim. The data is processed as We are required by the law.
3. Your data may be provided to supervisory institutions, attorneys, pre-trial investigation institutions, courts, auditors, debt recovery agencies, companies that handle joint debtor data files, other subjects having Your acceptance.

D. Marketing

1. We may provide you by email the information about our current and new Services, other goods and services We offer that are similar to those that you have already used or inquired about, to provide you or permit selected third parties to provide you information about goods or services We feel may interest You.
2. Email for our direct marketing purposes (newsletters) will be processed only with Your separate acceptance.
3. You have the right at any time to object to your email usage for direct marketing purposes.
4. We may provide your email address to email marketing service providers to send you newsletters on our behalf.
5. We hereby inform you that we may also use your personal data (such as used services, location, IP, behavior, etc.) to form a view on what We think You may want or need, or what may be of interest to you and show You adverts on our webpage.
6. We may also provide anonymized information to advertisers to promote our products and services. Therefore, such anonymized information would be used to help our advertising partners provide a targeted campaign, relevant for a sub-section of our Clients.
7. You have the right at any time to object to your data usage for marketing purposes.
8. We may contract (hire) certain service providers, i.e., data processors, to process your personal data. These may be companies providing data storage, server and/or communication services, companies developing and maintaining software, companies providing marketing services and analysis of activities online, online traffic and website analysis, statistics services and other service providers. Your personal data may be transferred to these data processors only when and solely to the extent necessary for the provision of the respective services of these data processors.

2. Use of Cookies and Similar Technology

1. Helvetic receives and stores certain information automatically whenever you interact with Helvetic. The Helvetic website uses cookies. Cookies are small text files that are placed on your computer by websites that you visit, including Helvetic. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
2. Cookies are typically stored on your computer’s hard drive. Information collected from cookies is used by us to evaluate the effectiveness of our website, analyze trends, and administer the Platform. The information collected from cookies allows us to determine such things as which parts of our website are most visited and difficulties our visitors may experience in accessing our website. With this knowledge, we can improve the quality of your experience on the Platform by recognizing and delivering more of the most desired features and information, as well as by resolving access difficulties. We also use cookies and/or a technology known as web bugs or clear gifs, which are typically stored in emails to help us confirm your receipt of, and response to, our emails and to provide you with a more personalized experience when using our website. The information we collect includes:
   • Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system platform;
   • Information about your visit or whether you opened an email, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products or services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the site page and any phone number used to call our customer service number.
3. We use third party service provider(s) to assist us in better understanding the use of our website. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our site, what products are browsed, and general Transaction information. Our service provider(s) analyzes this information and provides us with aggregate reports. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors’ interests in our website and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our service provider(s) is/are contractually restricted from using information they receive from our website other than to assist us.
4. If you want to avoid using cookies altogether, you can disable cookies in your browser. However, disabling cookies might make it impossible for you to use certain features or our website or services, such as logging on to your Helvetic Account or making transactions. Your use of our website or service with a browser that is configured to accept cookies constitutes an acceptance of our and third-party cookies.
5. For more information about cookies, the types of cookies we use and how we use them, please see our Cookie Statement.

3. Data processing

1. Your data will be processed by automated means, as well as to manual processing, including automated individual decision-making and profiling, for various processing purposes.
2. Automated decision making and profiling might be used for Verification of your identity, monitoring Your operations and activity in the Profile, predicting other aspects of Your behavior. Such procedures are necessary according to AML requirements and necessary for entering and performing business relationship between Us and the Client. Helvetic implements suitable measures to safeguard Your rights and freedoms and legitimate interests, including the right to obtain human intervention. You also have the right to express your point of view and to contest the decision.
3. The information We process about You is stored on our secure servers. We use all needed technical, organizational and other means to protect your data.

4. Tracking option for users operating iOS 14.5, iPadOS 14.5, tvOS 14.5 and later

1. We use the AppTrackingTransparency framework for users operating iOS 14.5, iPadOS 14.5 and later, to obtain your permission to track you for the purpose of providing you with an improved functioning of the system as well as better and personalized ad experience in the future. If you allow, the gathered data will be used entirely to improve the system and to determine the most suitable ads to show on the application when we decide to include such functionality.
2. The AppTrackingTransparency framework will present an app-tracking authorization request to the user containing the abovementioned purpose of tracking the user.

III. DISCLOSING AND TRANSFERRING PERSONAL DATA

We may disclose your Personal Data to third parties and legal and regulatory authorities and transfer your Personal Data outside Switzerland and the EEA, as described below.

1. Disclosures to Third Parties

1. There are certain circumstances where we may transfer your Personal Data to employees, contractors and to other parties:
   • We may share information about you with other members of our group of companies so we can provide the best service across our group. They are bound to keep your information in accordance with this Privacy Policy;
   • We may also share your information with certain contractors or service providers. They may process your Personal Data for us, for example, if we use a marketing agency. Other recipients/service providers include advertising agencies, IT specialists, database providers, backup and disaster recovery specialists, email providers, or outsourced call centres. Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function;
   • We may also share your information with certain other third parties. We will do this either when we receive your consent or because we need them to see your information to provide products or services to you. These include credit reference agencies, anti-fraud databases, screening agencies, and other partners we do business with;
   • We may share your information to improve and develop our business, including without limitation to optimise our websites/portals, products and services. This may include using information you insert into forms but do not submit to us, for example by using that information to optimise our website(s) and contacting you for customer service purposes in relation to that form. We can also use your personal information to develop and test new products and services.
2. Your Personal Data may be transferred to other third-party organisations in certain scenarios:
   • If we’re discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
   • If we are reorganised or sold, information may be transferred to a buyer who can continue to provide services to you;
   • If we’re required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example, the Police;
   • If we are defending a legal claim, your information may be transferred as required in connection with defending such claim;
   • To comply with local and national laws;
   • To send marketing messages, to provide you with the information on products and services you have requested or we think may be of interest to you; to obtain your views on our goods, services, and our website(s). In respect of marketing, market research, and similar activities, we may use your personal information for such purposes whether or not you are accepted as or continue to receive Helvetic Services. If you no longer wish to receive marketing or promotional information from Helvetic, you can always stop it;
   • To manage and mitigate our credit risks. If you apply for one of our financial products, we will assess your financial position (and/or of your business), to the extent this is provided for in the applicable Terms of Use. This credit check will also affect any linked parties such as directors, shareholders, and principals. We can do so by receiving and sharing information from and with credit reference agencies and fraud prevention agencies. This credit check will affect also anyone with whom you have a joint account or similar financial association. If it is a joint application, and such a link does not already exist, then one may be created. These links will remain until you file a “notice of disassociation” at the credit reference agencies. For your information, the agencies will record our inquiries which may be seen by other companies who make their own credit inquiries; and a “footprint” may be placed on your credit file, whether or not you are accepted as our customer. If you are a director, we will seek confirmation from credit reference agencies that the residential address that you provide is the same as that held by the relevant companies’ registry (where applicable). In addition, where you take services from us, we will give information on how you manage your accounts to the credit reference agencies. If you do not repay any monies in full and on time, credit reference agencies will record the outstanding debt and may share this information with other organizations that perform checks similar to ours. Records remain on file at such agencies for 6 years after they are closed, whether settled by you or defaulted. If you would like further information on our use of credit reference agencies, please Contact Us;
   • To prevent, detect, and prosecute fraud or crime, Helvetic may participate in anti-fraud initiatives, which involve assessing you (and/or your customers) and monitoring your transactions and/or locations to detect patterns requiring investigations or otherwise profile and assess the likelihood of fraud occurring. We can do so utilizing products and services from third parties. Besides, if you give us false or inaccurate information about you, or we identify or suspect a fraud or a crime, we may pass your information to fraud prevention agencies and to law enforcement agencies, and we may decide to take legal action against you;
   • To prevent or mitigate information security risk;
   • To manage and enforce our rights, Terms of Use, or any other contracts with you (and/or your business), including to manage any circumstances where transactions, rewards, or points are disputed; manage, investigate and resolve complaints; or recover debt or in relation to your insolvency.

3. Your Personal Data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be Personal Data.
4. Your information will not be sold, exchanged, or shared with any third parties without your consent, except to provide Helvetic Services or as required by law.
5. The third-party service providers of Helvetic are contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law. We ensure that such third parties will be bound by terms complying with DPL.
6. Specifically, Your Personal Data may be transferred to the following third-party organisations in certain scenarios:
   • ShuftyPro: Analyses ID documents and other AML-KYC related documents and information to assist us in satisfying our KYC obligations. ShuftyPro processes and stores data in ISO 27001-certified data centers worldwide. Learn more about how ShuftyPro processes data.
   • Helvetic Digital Finance AG: When you top up through the Platform by wire transfer or credit card, your Personal Data may be shared with Helvetic Digital Finance AG, as a free-of-charge crypto wallet is automatically created upon registration. Helvetic Digital Finance AG processes and stores data in ISO 27001-certified data centers worldwide. Learn more about how Helvetic Digital Finance AG processes data.
   • Helvetic Digital Finance AG: When you hold, buy, sell, or transfer cryptocurrency through the Platform, your Personal Data may be shared with Helvetic. Helvetic Digital Finance AG processes and stores data in ISO 27001-certified data centers worldwide. Learn more about how Helvetic Digital Finance processes data.

2. Disclosures to Legal Authorities

1. Helvetic may be required by law to pass information about you to regulatory authorities and law enforcement bodies worldwide, or we may otherwise determine that it is appropriate or necessary to do so. Such disclosures may also include requests from governmental or public authorities, or with commercial organizations with whom you may have had dealings and who are seeking to mitigate fraud risk, or for the purposes of litigation or legal process, national security, or where we deem it in the national or public interest or otherwise lawful to do so. As such, we may share your Personal Data with law enforcement, data protection authorities, government officials, and other authorities when:
   • a) Compelled by court order, or other legal procedure.
   • b) Disclosure is necessary to report suspected illegal activity.
   • c) Disclosure is necessary to investigate violations of this Privacy Policy or our Terms of Use.

3. International Transfers of Personal Data

We store and process your Personal Data in data centers around the world, wherever Helvetic facilities or service providers are located. As such, we may transfer your Personal Data outside of Switzerland and the European Union. Some of the countries to which your Personal Data may be transferred for these purposes that are located outside Switzerland or the EU do not benefit from an adequacy decision issued by the Swiss Data Protection and Information Commissioner or by the EU Commission regarding protection afforded to Personal Data in that country. Details of these specific countries can be found here: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html and https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

Such transfers are undertaken in accordance with our legal and regulatory obligations and appropriate safeguards under DPL will be implemented, such as standard data protection clauses with data recipients or processors approved by competent authorities. A copy may be requested at the address set out in the Contact Us section.

IV. YOUR RIGHTS

1. Please be informed about your rights under Data Protection regulations in relation to Your personal data:
   • a) Right to Information: The right to ask us for information about what personal data of Yours is being processed and the rationale for such processing.
   • b) Right of Access: The right to access your personal data.
   • c) Right of Rectification: The right of rectification of inaccurate personal data concerning you, and the right to have incomplete personal data completed. Please be advised that we may need to verify the accuracy of the new data You provide to Us.
   • d) Right of Erasure (the right to be forgotten): The right of erasure of personal data concerning You if there is no convincing reason for Us continuing to process it. Please be advised that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to You, if applicable, at the time of your request.
     • Please note that under GDPR Article 17(3)(b), legal requirements take precedence over the right to be forgotten. From an AML perspective, both customer due diligence and transaction records have to be retained for a minimum of a set number of years after the end of the customer relationship, and Helvetic will retain Your data, in line with AML regulations, for a minimum of 10 years.
     • In this context, the right to be forgotten would only be enforceable after this period had ended. We will then take reasonable steps to securely destroy such information or permanently de-identify it.
   • e) Right of Restriction of Processing (Right to withdraw Consent): The right to obtain from Us restriction of processing if there is legitimate reason. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the EU or of a Member State.

• f) Right to Data Portability: The right to receive the personal data concerning You, which you provided to Us and have the right to transmit data to another controller. Please be advised that this right only applies to information which You provided for Us.
• g) Right to Object: The right to object at any time to processing of personal data concerning You which is processed for the purposes of our legitimate interests. We shall no longer process the personal data unless We demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of You or for the establishment, exercise, or defense of legal claims. Where personal data is processed for marketing purposes, You shall have the right to object at any time to processing of personal data concerning You for such marketing.
• h) Right to Object to Automated Processing: This right allows You to object to a decision based on automated processing. Using this right, a customer may ask for his or her request (for instance, a loan request) to be reviewed manually, because he or she believes that automated processing of his or her loan may not consider the unique situation of the customer.
• i) Right to Withdraw Consent: The right to withdraw Your consent at any time where We are relying on consent to process Your personal data. However, this will not affect the lawfulness of any processing carried out before You withdraw Your consent. In some cases, if You withdraw Your consent, We may not be able to provide the Services to You.
• j) Right to Complain: You have the right to make a complaint in regard to the privacy or data processing issues at any time. You can complain in the EU member state where You live or work, or in the place where the alleged breach of data protection law has taken place. In Switzerland, The Federal Data Protection and Information Commissioner (FDPIC) is the competent authority for data protection issues.
  • We would, however, appreciate the chance to deal with Your concerns before You approach the supervisory authority, so please contact Us in the first instance.
  • You can contact our DPO via email at [email protected].

V. SECURITY OF YOUR DATA

1. We take protecting your personal data very seriously and strive to apply all necessary organizational and technological security measures.
2. We use a variety of security measures to ensure the confidentiality of your Personal Data, and to protect your Personal Data from loss, theft, unauthorized access, misuse, alteration, or destruction. These security measures include, but are not limited to:
   • Password-protected directories and databases;
   • Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely;
   • PCI Scanning to actively protect our servers from hackers and other vulnerabilities.
3. All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database. Only authorized Helvetic personnel are permitted access to your Personal Data, and these personnel are required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
4. We do not ask for financial or payment information, such as your credit card number, passcode, account number, or pin number, in an e-mail, text, or any other communication that we send to you. Please always check that any website on which you are asked for financial or payment information in relation to our reservations or services is operated by Helvetic. If you do receive a suspicious request, do not provide your information and report it by contacting one of our member service representatives as set in this Privacy Policy.
5. You are responsible for keeping your account passcode, membership numbers, and pin numbers safe and secure. Do not share those with anyone. If there is unauthorized use or any other breach of security involving your information, you must notify us as soon as possible using the contact information provided in this Privacy Policy.
6. Please note, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site, unless you are communicating with us through a secure channel that we have provided. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. By browsing the Website and/or using the services of the Company, you expressly acknowledge and agree that any personal information or other data provided by you to us or third persons is provided at your own risk.

VI. FINAL PROVISIONS

1. This notice is global in scope but is not intended to override any legal rights or prohibitions in any territory where such rights or prohibitions prevail. In such event, the rights and obligations set out in this notice will apply, subject only to amendment under any applicable local law having precedence.
2. We have the right to adjust the provisions of this Privacy Policy. In such case, we will notify you of any changes to the Privacy Policy in advance and will publish a new version of the Privacy Policy on our Website. The Privacy Policy was last amended on April 20, 2023.