Privacy Policy
1. PREAMBLE
Idoneus International AG is a corporation incorporated under the laws of Switzerland, duly registered under the commercial register number CHE-437.383.973 and domiciled at Baarerstrasse 12, 6300 Zug in Switzerland.
This Privacy Policy exists and is to be read, understood and accepted in conjunction with Idoneus’ Terms of Use and KYC/AML/CFT Policy. Definition of terminology used in this Privacy Policy is described in the Terms of Use.
2. PURPOSE AND SCOPE
Idoneus International AG (“Idoneus”; “we”) is committed to respecting the privacy and security of your personal data. This Privacy Policy describes the data collected on our websites, landing pages, contact forms, inquiry forms, newsletter signup forms, emails, platforms, mobile and desktop applications, KYC forms and documents, etc (collectively called the “Systems”) and explains how we may use data that we obtain about you through your use of our Systems, and outlines Idoneus’s duties of data protection and transparency under the FDPIC Data Protection Act and General Data Protection Regulation (GDPR).
This Privacy Policy is valid for data processing by Idoneus International AG and its parent, sister, subsidiary and otherwise affiliated companies.
If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in a way, you can complain to the supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).
3. NAME AND ADDRESS OF THE CONTROLLER
The controller within the meaning of the GDPR, FADP and other national data protection laws and regulations that determine the purposes and means of processing personal data is:
Idoneus International AG
Baarerstrasse 12
6300 Zug
Switzerland
4. CONSENT
By accessing and using the Systems and by providing your data to us, you consent to the collection, usage, storage, transfer and disclosure of your data in accordance with this Privacy Policy, the Terms of Use, the KYC/AML/CFT Policy and any written agreement(s) executed and in effect in connection with any of our Systems or Services.
We will not use your personal information for purposes other than those purposes we have disclosed to you in this document, without your permission. From time to time we may request your permission to allow us to share your personal information with third parties. You may opt out of having your personal information shared with third parties or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to limit the use of your personal information, certain features or our services may not be available to you.
On other occasions where we ask you for consent, we will use the information for the purposes which we explain at that time. You have the right to withdraw your consent at any time; however, we may have other legal grounds for processing your information, including those identified in this document.
You can unsubscribe from all communication from Idoneus at any time by canceling your account. The data will be deleted completely after your cancellation except for the data that Idoneus is legally required to retain to fulfill its regulatory duties.
5. DATA PROVISION
The data we receive and how we use it depends on what you do when visiting the Systems. The Systems and related services may require registration for access. As part of registration and related services, we ask you to provide us certain information about you. You may provide us and our service providers personal data using the Systems in a number of ways, for example by entering that data into data fields on the Systems (e.g., by creating an account) or in communications with us using the contact data at the end of this Privacy Policy or in the Terms of Use.
When you use our Systems or when we interact with you, the Personal Data we collect, may include:
- Contact Data, such as your name, job title, business address, telephone number, mobile phone number, email address, and social media profiles.
- Information about your position or role with the organization on whose behalf you are contacting us.
- Personal data pertaining to the business relationship with you, including, but not limited to, offers, requests, contracts, transactions and instructions, accounts, assets (this may include private keys, if applicable), ability to repay credits, creditworthiness and solvency, other risk classifications, risk profiles, transaction history, claims, or other persons involved in the business relationship.
- Profile and Usage Data, including passwords to our Systems or password protected platforms or services, your preferences in receiving marketing information from us, your communication preferences and information about how you use our Systems, including the services you viewed.
- Technical Data, including Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Systems or use our services.
- As a registered member of VQF, Know Your Customer (KYC) data is required to identify prospective clients, partners and investors in order to comply with KYC and anti-money Laundering and Terrorist Financing (AML) laws and regulations. Information required for this purpose will include formal identification information, including passport number, driver’s license details, national identity card details, video identification data, photograph identification cards, and/or resident permit (visa) information.
- Financial Information: Bank account information, payment card primary account number (PAN), transaction history, trading data, crypto wallet information, and/or tax identification.
- Transaction Information: Information about the transactions you make on our Systems, such as the name of the recipient, your name, the amount, and/or timestamp.
Clients in the United States may be required to provide documents relating to their income or net assets, such as Internal Revenue Service (IRS) forms, bank statements, brokerage statements, tax assessments, reports from national consumer reporting agencies, and certain written representations and confirmations. Public information is that information that you make publicly available through your account or by posting or otherwise communicating via the Systems.
6. DATA COLLECTION
Website Visits
You can visit the websites and find out about our services without telling us who you are. As with any connection to a web server, the server on which we provide the websites automatically logs and stores certain technical data.
Client Registration
We operate the Systems. When you register as a client on the Systems, we collect the information you provide to us.
Resources from External Websites
We include resources from external servers on our Website. These contain visible content (videos, images), communication functionalities (e.g., chat plugins), as well as technical resources. The technical resources are used to improve the performance or security of our Website. When calling up these resources, the operator of the external servers learns your IP address and/or certain marginal data that are necessary for the use of the servers of the external operator.
Third Party and Public Sources
To the extent necessary to achieve the purposes described in this privacy statement, we also collect general personal data from publicly accessible registers, websites, from authorities and regulators, from third party providers and platforms, such as credit rating agencies or compliance database providers, etc. (e.g. to verify your signature authorization or your identity) or by obtaining information from third parties (e.g. for reference purposes in the application process, if you consent to this).
KYC/AML Data Sources
We use public databases and ID verification partners to verify your identity. ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such information includes your name, address, job position, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. In some cases, we may process additional data about you to ensure our services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contract with you and others. For more information about the identity verification duties that we must fulfill, please refer to our KYC/AML/CFT Policy.
Cookies
As is standard practice on many websites, the Systems may use “cookies” and other technologies to customize your experience and provide greater convenience to you during your interactions with the Systems. Idoneus may also use cookies and other technologies to study traffic patterns on the Systems, to improve its functionality and usability as well as to improve the effectiveness of our communications with users. Idoneus may also use cookies to help Idoneus understand which parts of the Systems are the most popular and the preferences of the Idoneus users. You can instruct your browser not to accept cookies or to prompt you each time before a cookie is set. You can also delete cookies on your device by using the appropriate function of your browser. In addition, you have the possibility to inform us of your preferences regarding the acceptance of cookies via the cookie preferences tool used on the Systems.
Other Persons
We may receive and collect personal data from clients with respect to other persons involved in the client’s relationship with us, such as representatives, signatories, proxies, asset managers, or beneficial owners.
Web Analytics
We use web analytics services (such as Google Analytics) to evaluate the use of the Systems and obtain information for its optimization. The web analytics services we use collect and store usage data using cookies. Before they are transmitted to a server outside Switzerland/EU/EEA, the requesting IP addresses are shortened. We thus do not transmit any personal data to the provider of the web analytics services abroad.
Social Media Platforms
On our Systems or through our presence on social media platforms, you will find information on current developments at Idoneus and our range of services. The respective social media platforms collect and analyze usage data such as the number of visitors and demographic information about the visitors of our company page. We may receive reports based on this data. The reports only contain aggregated or otherwise sufficiently anonymized data. Only the providers of the respective social media platform can identify you on the basis of the usage data collected.
Newsletter
When you sign up for our newsletter, we collect the information you provide to us. This includes general personal data such as first name, last name and email address. We use analytics services to measure and analyze the use of our newsletter. The analytics services collect and analyze usage data such as the number of people who have opened a newsletter or clicked on certain posts. We receive evaluations based on this. These allow us to optimize our newsletter and provide you with content that interests you. You can let us know at any time that you would like to stop receiving our newsletter in the future. To do so, please use the unsubscribe link at the end of the newsletter.
7. DATA UTILIZATION
In general, we use personal data to create, develop, operate, deliver, and improve our services, content and advertising, legal and regulatory compliance, and for loss prevention and anti-fraud purposes. Idoneus may use your personal information to provide our services and to contact you in response to inquiries you submit. Idoneus may use your information to manage our contractual relationship with you, because we have a legitimate interest to do so, and/or to comply with a legal obligation:
To Maintain Legal and Regulatory Compliance
We may process your personal data to comply with applicable laws and regulations or internal rules of Idoneus, such as with respect to the prevention of anti-money laundering and terrorist financing, know-your-customer, prevention of tax evasion, risk management and supervision, for combating abusive conduct, for purposes of investigations or proceedings and for the response to inquiries of public authorities.
We must identify and verify prospective users and investors in order to comply with anti-money laundering and terrorist financing laws across jurisdictions. In addition, we use third parties to verify your identity by comparing the personal information you provided against third-party databases and public records.
We may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. If you do not want to have your personal information processed for such purposes, then we shall terminate your account as we cannot perform the services in accordance with legal and regulatory requirements.
To Enforce Our Terms in Our User Agreement and Other Agreements
We handle sensitive information, such as your identification and financial data, so it is very important for us and our clients that we are actively monitoring, investigating, preventing and mitigating any potentially prohibited or illegal activities, enforcing our agreements with third parties, and/or violations of our posted user agreement or agreement for other services. We collect information about your account usage and closely monitor your interactions with our services. The consequences of not processing your personal information for such purposes is the termination of your account as we cannot perform our services in accordance with our terms.
To Provide Services
We process your personal information in order to provide the services to you, in particular in order to grant access to the Systems. We cannot provide you with services without such information.
To Provide Service Communications
We send administrative or account-related information to you to keep you updated about our services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our services.
To Provide Customer Service
We process your personal information when you contact us to resolve any question, dispute, collected fees, or to troubleshoot problems. We may process your information in response to another client’s request, as relevant. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the services.
To Ensure Quality Control
We process your personal information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the services such as inaccurate transaction records or other interruptions. Our basis for such processing is based on the necessity of performing our contractual obligations with you.
To Ensure Network and Information Security
We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our services. Without processing your personal information, we may not be able to ensure the security of our services.
For Research and Development Purposes
We process your personal information to better understand the way you use and interact with our services. In addition, we use such information to customize, measure, and improve the services and the content and layout of our website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our services. Our basis for such processing is based on legitimate interest.
To Enhance Your Systems Experience
We process your personal information to provide a personalized experience and implement the preferences you request. For example, you may choose to provide us with access to certain personal information stored by third parties. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our services.
To Facilitate Corporate Acquisitions, Mergers, or Transactions
We may process any information regarding your account and use of our services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your personal information processed for such purposes.
To Engage in Marketing Activities
Based on your communication preferences, we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. We use information about your usage of our services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.
On these legal bases, we process your personal data if and to the extent that the applicable data protection law requires a legal basis or justification for the lawfulness of the data processing in general or specific processing activities.
8. DATA STORAGE
We store and process your personal data primarily in Switzerland and the EU.
The personal data collected by us will only be stored for as long as it is necessary for the execution of the contractual relationship (from the initiation to the termination of a contract) or the other purposes pursued with the processing and/or a legal obligation to store and document or a predominant private or public interest exists. As soon as the personal data collected by us are no longer required for the above-mentioned purposes, they will be deleted or anonymized.
You are aware that data written on a blockchain as part of our service provision (e.g. execution of trade orders) cannot be deleted by Idoneus.
In the interest of the integrity and confidentiality of personal data, we take appropriate technical and organizational measures. In particular, we implement access controls, and procedures to regularly review, assess, and evaluate the effectiveness of the measures in accordance with our risk assessment.
As per regulatory requirements of VQF and FINMA, all KYC/AML data is retained for 10 years on secure servers in Switzerland.
9. DATA SHARING
In order to achieve the purposes described in this Privacy Policy, it may be necessary for us to share your personal data with third parties. These are the following categories of recipients:
- Other group companies
- External service providers
- Other clients (if applicable)
- Suppliers and business partners (e.g., intermediaries, correspondents, custodian banks, clearing houses, any stakeholder or market counterparties, exchanges or any company in which you hold financial instruments through us)
- Authorities, agencies, and courts (if applicable)
We may disclose aggregated information about our users without restriction. This data cannot be attributed to any specific individual. Idoneus may disclose aggregated user data in order to describe our services to current and prospective affiliates, and to other third parties for lawful purposes.
On rare occasions, we may disclose specific information without your consent and without notice to you as required to comply with laws and regulations, or to comply with court orders, subpoenas, lawful discovery requests, or requests from regulatory, governmental or tax authorities or agencies. Information collected from you may also be used to investigate security breaches or otherwise cooperate with authorities. We may also share information with companies assisting in fraud protection or investigation.
We may disclose information about you without your consent and without notice to you as required to enforce or apply the Terms of Use, KYC/AML/CFT Policy, or other agreements, including for billing and collection purposes.
Your information will not be sold, exchanged, or shared with any third parties without your consent, except to provide our services or as required by law.
10. DATA TRANSFER
We store and process your personal data primarily in Switzerland and the EU. However, we may also transfer your personal data to recipients in countries outside of Switzerland or the EU (worldwide). We transfer data to countries without adequate data protection on the basis of the revised European Commission’s standard contractual clauses including the Swiss specifications as required by the Swiss data protection supervisory authority, other transfer mechanisms, or legal exceptions (e.g. necessity for contract performance).
11. DATA AND CYBERSECURITY
Idoneus has implemented reasonable physical, technical, and organizational safeguards to help protect your personal information from unauthorized access, acquisition, or disclosure, alteration, or destruction.
Your Personal Data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.
Although no method of transmission over the Internet, or method of electronic storage is one hundred percent secure, we strive to continually update and improve our security measures with the most recent technological developments.
12. RESPONSIBILITY OF THE USER
We would like to draw your attention to the fact that we normally never ask for financial or payment information, such as your credit card number, passcode, account number or pin number, in an email, text or any other communication that we send to you. Please always check that any Systems on which you are asked for financial or payment information in relation to our reservations or services is operated by Idoneus. The risk of impersonating hackers exists and should be taken into account when using our Systems and/or services.
If you do receive a suspicious request, do not provide your information and report it by contacting one of our member service representatives as set in this Privacy Policy.
Since we cannot 100% guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur, please accept that you play a vital role in protecting your own Personal Data. When registering with us, it is important to choose an appropriate password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.
Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us at the email address or mailing address listed at the end of this Privacy Policy.
13. THIRD-PARTY SITES
The Systems may contain links to other websites. Please note that when you click on one of these links, you will leave the Systems and will be subject to the policies and privacy practices of the other websites, which may differ significantly. You should review the policies of other websites you visit. Idoneus is not responsible for the content, technology, security, or practices of linked websites operated by others, or for your use of linked websites.
14. CHILDREN’S PRIVACY
The Systems are not aimed at or intended for children. We do not knowingly collect information from children under the age of eighteen through the Systems. If we obtain actual knowledge that we have inadvertently collected personal information relating to a child under the age of thirteen, we will delete that information from our records. If you believe we might have any information from or about a child under the age of eighteen, please contact us at compliance@idoneus.io.
15. DO NOT TRACK
“Do Not Track” is a privacy setting that you may set in your web browsers. If turned on, this setting requests that websites not track information about users. At this time, we do not respond to “Do Not Track” browser settings or signals.
16. RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL INFORMATION
You have the following rights in relation to personal data concerning you:
- The right to obtain information about what personal data we store about you and how we process it;
- The right to receive or transfer a copy of your personal data in a common format;
- The right to have your personal data corrected;
- The right to have your personal data deleted; and
- The right to object to the processing of your personal data.
Please note that legal and regulatory requirements and exceptions apply to these rights. To the extent permitted by law, we may refuse your request to exercise these rights. You also have the right to file a complaint with the competent data protection supervisory authority. In Idoneus’ case the primary supervisory authority is the Federal Data Protection and Information Commissioner of Switzerland.
17. FORCE MAJEURE
For the purposes of this Policy, a “Force Majeure Event” shall mean an event beyond the control of Idoneus, which prevents Idoneus from complying with any of its obligations under this Policy, including but not limited to: natural disasters (such as, without limitation, floods, earthquakes, and hurricanes), acts of terrorism, civil unrest, war, strikes, legislation or governmental regulation imposed after the fact, fire, explosions, power failures, power outages, power shortages, energy rationing, pandemics, epidemics, transmission errors, technical failures or interruptions, misuse/disruption of the Internet, websites, linked websites, network, IT infrastructure or telecommunication network, as well as data misuse by third parties or data loss.
18. UPDATES TO THIS PRIVACY POLICY
Idoneus may update this Privacy Policy and the Systems to reflect material changes in how we collect, use, share, or store your information, to satisfy legal requirements, or for other business purposes. You should review this Privacy Policy when you visit the Systems to understand our current practices. The date at the top of the page shows when this Privacy Policy was last updated.
We encourage you to refer to this Privacy Policy on an ongoing basis so that you understand our current practices. You consent to any changes we make to this Privacy Policy if you continue to use the Systems after receiving a notice of the change or upon our posting of the new Privacy Policy on the Systems.
19. INTERPRETATION OF THIS PRIVACY POLICY
Any interpretation associated with this Privacy Policy will be made by our legal counsel. This Privacy Policy includes examples but is not intended to be restricted in its application to such examples, therefore where the word “including” is used, it means “including without limitation.”
This Privacy Policy does not create or confer upon any individual any rights, or impose upon Idoneus any rights or obligations outside of, or in addition to, any rights or obligations imposed by applicable country, state, and other privacy laws, as applicable. Should there be, in a specific case, any inconsistency between this Privacy Policy and applicable privacy laws, this Privacy Policy shall be interpreted in that case to give effect to, and comply with, such privacy laws.
20. GOVERNING LANGUAGE AND TRANSLATIONS
You agree that this Privacy Policy, and other notices posted through the services have been drafted in English. Although translations in other languages of any of the foregoing documents may be available, such translations may not be up to date or complete. Accordingly, you agree that in the event of any conflict between the English language version of the foregoing documents and any other translations thereto, the English language version of such documents shall govern.
21. APPLICABLE LAW
This policy is governed by and construed and interpreted in accordance with the substantive laws of Switzerland, excluding the Swiss conflict of law rules. All disputes arising out of or in connection with this contract shall be subject to the ordinary jurisdiction of the courts of Zug, Switzerland.
We recognize that the Systems may be accessed from anywhere in the world, and that the laws of the jurisdictions in which some users are located may differ substantially from those of Switzerland. Because we cannot practically prevent users in different jurisdictions from accessing the Systems, you are responsible for knowing and complying with the laws of your jurisdiction. If such laws conflict with your use of the Systems or any of its content or functionality, the Systems is not intended for you, and we ask you not to use it or submit any information through it.
22. QUESTIONS AND CONTACT INFORMATION
If you have questions or comments about this Privacy Policy or the Systems, please contact us using the information below:
Idoneus International AG
Baarerstrasse 12
6300 Zug
Switzerland
Email: compliance@idoneus.io
Last revised date: 16/04/2024