1. Introduction

The Crypto Group Holding AG and any of its affiliates (“The Crypto Group”, “us” or “we”) highly appreciates your interest in our products and services. Your privacy is important to us and we want you to feel comfortable using our products and services and visiting our websites. It is a major concern for The Crypto Group that your personal data is treated in a responsible manner and in compliance with legal requirements. To this end, we take precautions, such as implementing robust technical and organizational security measures including password encryptions, firewalls, authentication technologies, access management, employee awareness-raising and training, appointment of a Data Protection Officer (hereinafter “DPO”).

This Privacy Policy describes the way we process your personal data when you use our products and services, visit our websites, use our mobile applications, or register for any service and provide information about yourself (hereinafter “The Crypto Group Services”).

Please read our Privacy Policy carefully before registering for, or using any The Crypto Group Services and, in particular, before entering any personal data, to understand our views and practices regarding your personal data, how we will treat your personal data and the basis on which it could be disclosed to third parties. Please note that any additional terms and conditions that apply to The Crypto Group Services will be provided hen registering for such services.

2. Processing personal data

2.1 Categories of personal data

The Crypto Group processes different categories of personal data (such as data of clients, prospects, website users, suppliers, vendors or other third parties), it limits its processing of these to a necessary minimum and in accordance with the applicable laws and regulations. This is understood as referring to the following:

• Master data (e.g., name, address, e-mail address, phone number, date of birth, account and contract number, other account information, concluded transactions or third parties, e.g., family members, authorized representatives, advisors who might also be affected by the data processing, and other data transmitted to us if a person voluntarily completes a registration form or comment field for a newsletter or uses certain services).
• Risk management, transaction and/or order data (e.g., data with respect to beneficiaries of a transfer, card payments, data on investment products, risk and investment profiles, fraud cases).
• Technical data (e.g., IP addresses, browser plug-in types and versions, cookies, internal and external identifiers, logging data, record of access and changes, content accessed by the website user, including time and date of access, business/account number).
• Marketing data (e.g., preferences, wishes, requested reference material).

It is not The Crypto Group’s intention to seek any sensitive data (also called special category data) unless legally required. Sensitive data includes several types of data relating to race or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life, or criminal records. The Crypto Group suggests that you do not provide sensitive data of this nature and informs you that if you choose to do so, this is at your own risk.

2.2 Origin of personal data

In line with the purposes of paragraph 2.3, we may collect personal data - to the extent legally permitted - from the following sources, in particular:

• Personal data that is given to us by the data subject, namely for the account opening, during an advisory discussion, for making an enquiry, as part of a registration on our websites or when using certain products and services, signing up for a newsletter and/or event, participating in discussion boards or other social media functions on our websites or any information relating to a job application registration.
• Personal data that is necessary for the facilitation of products and services and that is transmitted to us via the technical infrastructure (e.g., via our websites, login information, e-Banking, apps, payment and trading transactions, or collaborations with financial or IT service providers or marketplaces and stocks).
• Personal data from third parties, such as authorities, sanction lists (e.g., UNO/EU), Worldcheck, rating agencies, credit report entities (e.g., Swiss Central Office for Credit Information (ZEK), Information Office for Consumer Credit (IK), Schufa Holding AG (SCHUFA)), analytics providers or search information providers as well as group companies of The Crypto Group.
• Personal data that is publicly assessable (e.g., public register information, public social media platforms).

2.3 Purpose and usage of data

We may process personal data as described above for the provision of our services and/or for our own legally prescribed purposes and to the extent legally permitted. This is understood as referring to the following, in particular:

• Processing, improving, managing and executing our products and services (e.g., accounts, payments, invoices, cards, financing, financial planning, investment, stock exchange, pensions, e-Banking, succession planning) as well as to update the data of individuals with whom we maintain a business relationship.
• Product and service development, statistics, business decisions (e.g., developing ideas for new or assessing existing products, services, procedures, technologies and returns, establishing key figures for the use of services and utilization figures).
• Managing, controlling and monitoring business related decisions and risks, processing business in good time (e.g., investment profiles, limits, market, credit, operational and fraud risks).
• System administration and reporting aggregated statistical information about browsing patterns and action which does not identify any individual.
• Compliance, legal and/or regulatory disclosure, notification and reporting obligations to authorities, courts, including but not limited to money laundering and terrorist financing (e.g., automatic exchange of information with foreign tax authorities, prosecution departments).
• Market research, marketing, comprehensive client service, advise and information regarding range of services and products etc. (e.g., events for clients, prospects and interested third parties, cultural events, sponsorship, assessment of client, market or product potential, information regarding changes, determination of client satisfaction, online and hardcopy advertisement).
• Protection of our interests and rights in case of claims against us or our employees and clients.

The Crypto Group may communicate with you via e-mail or physical newsletters containing and offering news, promotional offerings, event information or services (“Newsletter Services”) if you are a registered user (i.e. if you create a user account with us) and opt in for receiving Newsletter Services. If you would rather not receive marketing communication or newsletters from us, you may “opt out” by following the “opt out” instructions in each e-mail footer or by contacting us.

In order to comply with other legislations, e.g., Directive 2014/65/EU of the European Parliament (MiFID II), we have to record certain telephone conversations in some of our legal entities with reference to operations concluded in the performance of our services. For further information about the treatment of your personal data obtained by such recordings.

 

3. Transfer of data via the Internet

Please be advised that data transferred over the Internet may not be subject to any adequate security while in transit even if the sender and recipient are both located in the same country.

We cannot guarantee the security of data transferred over the Internet and accept no liability in respect thereof. Any notices emailed to us by you may not be secure. If you send any confidential information via email to us, you do so at your own risk. When contacting us, please send data via a secure mechanism, where appropriate, instead of over the Internet.

The sender and recipient can still be identified even when the information transmitted is encrypted. As a result, a third party could – inadvertently or otherwise – infer that there is a commercial relationship between you and The Crypto Group. Therefore, we recommend avoiding the transmission of any strictly confidential information via the internet.

 

4. Outsourcing

In certain circumstances The Crypto Group is bound to fully or partially outsource business areas and services to companies of The Crypto Group or service providers outside The Crypto Group (e.g., payment transactions, subscription and redemption of fund units, printing and dispatch of bank documents, IT systems and other support functions). We may also use such service providers for services that are new and have not previously been provided by us.

In such cases, we generally use service providers domiciled in the EU/EEA and Switzerland and, where possible, give preference to our own group companies, so that we can guarantee compliance with corresponding laws and regulations. Where client data needs to be disclosed to service providers, the corresponding service providers are also required to comply with the provisions on bank-client confidentiality and further applicable rules and regulations. If, in exceptional cases, services are outsourced to a provider abroad, The Crypto Group will disclose this in accordance with applicable rules and regulations.

 

5. Storage of data

Once you have transferred personal data to us, this data is stored securely for the purposes mentioned in this Privacy Policy as well as for which the information was provided.

We have implemented appropriate and robust data security measures to ensure that this information is only accessible to a restricted number of authorized individuals and that it is protected against unauthorized access, misuse, loss or damage.

In general, all data which is collected in any country or by any company of The Crypto Group is transferred and stored by us in Switzerland. Switzerland is recognized as a country which offers an adequate level of data protection.

Even though the retention period for personal data depends on statutory retention provisions, applicable legal basis and the purpose of the data processing, The Crypto Group will only store your personal data for as long as necessary, taking into account our obligation to respond to requests or resolve problems, to provide improved and new services and to act in accordance with applicable laws and regulations.

In particular, this means that we are entitled to keep your personal data for a reasonable period of time after you last contacted us. If the personal data we collected is no longer needed in this way, we are obliged to delete it in a secure manner.

 

6. Data subject rights

You have a right to be informed whether personal data in relation to you is being processed by us. On request, we will disclose to you the personal data in our databases, including available details about the origin of the data, the purpose and, where appropriate, the legal basis for the processing and the categories of the processed personal data, the parties involved in the data collection and the data recipients.

You may withdraw your consent to the processing of your personal data and/or may wish to opt out of the use of your information for advertising or marketing purposes at any time. You can exercise further rights, such as the right of rectification and you are also entitled to have any inaccuracies in your personal data corrected, or to have your personal data blocked or deleted, depending on the legal basis under which we are processing particular personal data.

 

7. Note about children

The Crypto Group understands the importance of protecting children’s privacy, especially in an online environment. Therefore, our services are not directed to or intended for children under the age of 16 and we do not knowingly collect any personal information from such users, except when a child is applying for an apprenticeship, internship or an introduction day. In this case we will obtain a written declaration of consent for apprentices from their parents or the legal guardians.

 

8. Cookies and web analytics services

Our websites use different types of cookies.

In addition, we use web analysis tools to get information about how people use our sites and Internet offerings. These tools are usually provided by third parties. Typically, the information for this purpose is captured with cookies and sent to a third-party server. Depending on the provider, these servers are sometimes in other countries.

We only transfer abbreviated IP addresses, which prevents the identification of individual end-user devices. Your IP address is not linked with other data from these third parties. Any onward transfer by third parties will only be based on legal regulations or as part of a data processing service agreement.

 

9. Changes to the Privacy Policy

We reserve the right to amend this Privacy Policy without giving prior notification. We therefore advise you to check our Privacy Policy on our websites on a regular basis. This Privacy Policy was last updated on 1 April 2022.