Privacy Policy

Posting Date: 15/05/2020
Effective Date: 15/05/2020

Idoneus International AG, Baarerstrasse 12, 6300 Zug, Switzerland (“Idoneus”) is committed to respecting the privacy and security of your personal information. This Privacy Policy describes the information collected on our websites, landing pages, contact forms, inquiry forms, emails, platforms, mobile and desktop applications, KYC forms and documents, etc (collectively called the “Platform”). explains how we may use information that we obtain about you through your use of our Platform and outlines Idoneus’s duties of transparency under the General Data Protection Regulation (GDPR).

By using the Platform or by providing your information to us, you consent to the collection, usage, storage, and disclosure of your information in accordance with this Privacy Policy, the Terms and Conditions, and any written agreement(s) executed and in effect in connection with any of our Platform or services.

The data processing is based on statutory provisions (Switzerland: FADP, EU: GDPR, in particular article 6 (1) (a) and / or (f) GDPR). Herewith we inform you about the most important aspects of the data processing within our Platform.

If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in a way, you can complain to the supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).

  1. INFORMATION COLLECTED BY IDONEUS

The information we receive and how we use it depends on what you do when visiting the Platform. The Platform and related services may require registration for access. As part of registration and related services, we ask you to provide us certain information about you. You may provide us and our service providers personal information using the Platform in a number of ways, for example by entering that information into data fields on the Platform (e.g., by creating an account) or in communications with us using the contact information at the end of this Privacy Policy or in the Terms and Conditions.

When you use our Platform or when we interact with you, the Personal Data we collect, may include:

  • Contact Data, such as your name, job title, business address, telephone number, mobile phone number, email address, and social media profiles.
  • Profile and Usage Data, including passwords to our Site or password protected platforms or services, your preferences in receiving marketing information from us, your communication preferences and information about how you use our Site including the services you viewed.
  • Technical Data, including Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Site or use our services.
  • Know Your Customer (KYC) data required to identify prospective investors in order to comply KYC and anti-money Laundering and Terrorist Financing (AML) laws and regulations. Information required for this purpose will include formal identification information, including passport number, driver’s license details, national identity card details, video identification data, photograph identification cards, and/or resident permit (visa) information.
  • Financial Information: Bank account information, payment card primary account number (PAN), transaction history, trading data, crypto wallet information, and/or tax identification.
  • Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.

We may also collect Personal Data from third party partners and public sources as required or permitted by applicable law, such as public databases, credit bureaus, ID verification partners, resellers and channel partners, joint marketing partners, and social media platforms.

We use public databases and ID verification partners to verify your identity. ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such information includes your name, address, job position, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws.

In some cases, we may process additional data about you to ensure our services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contract with you and others.

Clients in the United States may be required to provide documents relating to their income or net assets, such as Internal Revenue Service (IRS) forms, bank statements, brokerage statements, tax assessments, reports from national consumer reporting agencies, and certain written representations and confirmations. Public information is that information that you make publicly available through your account or by posting or otherwise communicating via the Platform.

The data will be stored on servers in Switzerland and will not be passed on or sold to third parties. In accordance with article 17 (1) GDPR, these personal data are deleted if they are no longer necessary for the purposes for which they were collected or otherwise processed. In addition, you can unsubscribe from all communication from Idoneus at any time by canceling your account. The data will be deleted completely after your cancellation.

(a) Server Information

Like every online product, the Idoneus servers automatically and temporarily store the following information in the server log files. This information is provided by your browser, unless you have deactivated the function.

  • IP address of the enquiring computer
  • File query by the client
  • The http response code
  • The Internet page from which you visited us (referrer URL)
  • The time of the server query
  • The browser type and version
  • The operating system used on the enquiring computer

The server log files are not analyzed with respect to individuals. At no time can this data be attributed to specific individuals. All interactions with our servers through the internet are encrypted via SSL.

(b) Platform Visit Tracking Technologies (cookies)

As is standard practice on many websites, the Platform may use “cookies” and other technologies to help Idoneus understand which parts of the Platform are the most popular and the preferences of the Idoneus users. Idoneus may also use cookies and other technologies to study traffic patterns on the Platform, to improve its functionality and usability as well as to improve the effectiveness of our communications with users. Idoneus may also use cookies to customize your experience and provide greater convenience to you during your interactions with the Platform.

A cookie is a unique alphanumeric identifier that websites use to help identify the number of unique visitors to a website, whether or not those visitors are repeat visitors, and the source of the visits. Cookies cannot be executed as code or used to deliver a virus and thus pose no threat to you. Servers and Sites other than the one placing the cookie on your hard drive cannot read the cookie, and no personal information can be gathered by other servers from the cookie. If you prefer not to enable cookies or to disable them, you may do so through your web browser’s security settings. Please note that certain features of the Platform may not be available once cookies have been disabled.

Like most websites, the Platform gathers certain information automatically and stores it in log files. This information includes internet protocol (“IP”) addresses, browser type, operating system, internet service provider (“ISP”), referring/exit pages, date/time stamp of access, and clickstream data, and information about the content you view on the Platform. When you visit the Platform, the servers automatically log your IP address, the time and duration of your visit, and the time and duration spent on the pages of the Platform which you view. If you arrive at the Platform by clicking a paid advertisement or a link in a communication, then the server will capture information that tracks your visit from that link. If you arrive at the Platform by clicking on a non-paid source, such as a search engine result or link on another website, the server may capture information that tracks your visit from that source, to the extent available.

Some of our communications to you may contain a “click-through URL” which links to content on the Platform. When you click one of these URLs, it passes information through the Idoneus web server before you arrive at the destination web page. Idoneus tracks this click-through data to help determine interest in particular topics and measure the effectiveness of our communications. If you prefer not to be tracked, simply avoid clicking text or graphic links in emails you receive from Idoneus.

Certain features of the Platform may use local stored objects (“Flash cookies”) to collect and store information about your preferences and navigation to, from, and on our Platform. Flash cookies are not managed by the same browser settings as are used for browser cookies.

Idoneus additionally may use web beacons or pixel tags, which are tiny invisible graphic images, in the Platform. Web beacons and pixel tags may be used by Idoneus to count users who have visited its webpages and for related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

By continuing to use our Platform without choosing to delete/block cookies, you agree that we can place these types of cookies on your device.

You can manage cookies by activating the setting on your internet browser that allows you to refuse the setting of all or some cookies. Please refer to the instructions or the online help files available via your relevant browser if you wish to manage cookies in this way. Alternatively, please visit www.allaboutcookies.org for further information.

Please note, if you refuse cookies this may mean that you can’t use some of the additional features of our Platform and may not be able to access certain parts of the Platform.

(c) Different Devices

If you use different devices (e.g., your smart phone, laptop, and/or home computer) to access the Platform, we may be provided with and collect device-specific information, including your hardware model, operating system version, unique device identifiers, phone number, location, and mobile network information. We may associate your device identifiers or phone number with your account information.

(d) Third-Party Analytics and Remarketing

Idoneus may use third-party service providers (e.g., Google Analytics) to collect and analyze information about use of the Platform. These service providers may utilize cookies and related technologies to collect personal information. The information generated by the cookies about your use of the website is transmitted to a Google server in the USA and stored there. The IP address provided by Google Analytics as part of Google Analytics will not be consolidated with other Google data. On this website, Idoneus has also added the code “anonymizeIP” to Google Analytics. This guarantees the masking of your IP address so that all data is collected anonymously.

On our behalf, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator. You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that in this case you may not be able to use all features of this website to the fullest extent.

To opt-out of Google Analytics, you may download and install the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout.

Idoneus may use remarketing services (e.g., Google AdWords) to advertise on third party websites after you visit the Platform. You may adjust your ad personalization settings by visiting the Google Ad Settings webpage: http://www.google.com/settings/ads.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms webpage: http://www.google.com/inti/en/policies/privacy/.

Facebook: Idoneus may use the “Facebook Pixel” developed by Facebook, Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). This feature makes it possible to track the behavior of users who have clicked on a Facebook ad and been directed to the website of the provider in question. The effectiveness of Facebook ads can then be assessed for statistical and market research purposes, which in turn can help optimize future advertising measures. The data we obtain through this process is anonymous, meaning it gives us no means of tracing the identity of any user. This information is stored and processed by Facebook on servers in Princeville, Oregon (USA), in order to facilitate a connection to each user’s profile. Facebook can then use the data for its own advertising purposes in line with its data usage guidelines (https://www.facebook.com/about/privacy/). As a result, Facebook and its partners can insert ads both on and outside of Facebook. A cookie may also be stored on your computer for these purposes. In your browser’s settings, you can allow or deny cookies as a general rule. Please note, however, that doing so may prevent you from enjoying the full functionality of this website.

LinkedIn: Idoneus may use the “LinkedIn Insight Tag” of the network LinkedIn. Provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. We use the LinkedIn Insight Tag to track conversions, retarget website visitors, and unlock additional insights about members interacting with our LinkedIn adverts. The LinkedIn Insight Tag enables the collection of metadata such as IP address information, timestamp, and events such as page views. All data is encrypted. The LinkedIn browser cookie is stored in a visitor’s browser until they delete the cookie or the cookie expires. With the help of the LinkedIn Insight Tag we are able to analyse the success of our campaigns within the LinkedIn platform or determine target groups for them based on the interaction of the users with our website. If you are registered with LinkedIn, it is possible for LinkedIn to associate your interaction with our online services with your user account.

LinkedIn is certified under the Privacy Shield Agreement and therefore guarantees compliance with European data protection legislation. You can permanently opt out on this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. For more information on the Linkedin Privacy Policy, go to: https://www.linkedin.com/legal/privacy-policy. LinkedIn advertising cookie is used on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in analyzing user behavior to optimize our website and advertising.

  1. THIRD PARTY PROVIDERS

For the operation of our Platform we use, among others, the following third-party providers:

Hubspot

  • Scope of processing of personal data

We use Hubspot for our Customer Relationship Management System (CRM) and Inbound Marketing System. For this purpose, the following data (among others) will be shared and stored on Hubspot:

  1. Organization (company and address)
  2. Salutation
  3. Family name and first name
  4. E-Mail-address
  5. Telephone number
  6. Subscription
  7. Further data requested in the forms
  • Legal basis of processing

The legal basis for processing users’ personal data is art. 6 (1) (a) (if consent of customer is available), (b) and (f) GDPR.

  • Purpose of processing

The processing and storage of users’ personal data in the CRM, hosted by the third-party provider Hubspot, is necessary, among other things, to perform the contract between Idoneus and the user or to carry out pre-contractual measures within the scope of services of Idoneus. The creation of internal overviews and evaluations of subscriptions and the usage of our tools helps us to continuously improve our services. This is also our legitimate interest in data processing.

This data will only be used for these purposes and will not be transmitted to other third parties.

  • Period of storage

Data of User:

The data will be deleted as soon as it is no longer needed for our recording purposes.

Consequently, the personal data collected during the registration process to perform a contract or to carry out pre-contractual measures are erased as soon as it is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to meet contractual or legal obligations.

Data of Entity to be checked (Data of Users):

The data of a person/organization to be checked are not stored in the CRM (hosted by HubSpot).

  • Possibility of objection and erasure

Data of Users:

As a user you have the possibility to cancel the registration and to change the data stored about you at any time.

If the personal data is necessary to perform a contract or to carry out pre-contractual measures, an early erasure of the data is only possible if neither contractual nor legal obligations prevent a deletion.

Data of Entity to be checked (Data of Users):

The data of a person/organization to be checked are not stored in the CRM (hosted by HubSpot).

 Information about the third-party Hubspot:

Address:
Hubspot (Headquarters) 25 First Street, 2nd Floor, Cambridge, MA 02141, United States

Description regarding Cookies and Privacy Policy:
https://legal.hubspot.com/privacy-policy?_ga=2.24711800.313185516.1545026838-191162758.1544774747
https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser

KYC Spider

  • Description and scope of data processing

We use KYC Spider for the identification, verification and due diligence of our users and investors, in accordance with the Federal Act on Combating Money Laundering and Terrorist Financing (AMLA as of 1st January 2016).

Data of Users:

In the course of the usage of the platform, the data of Users will be stored.

Data of Entity to be checked (Data of Users):

Furthermore, the results (reports) with regard to the persons/organisations checked may be stored. In the course of the usage of the individual Tools, the following data, among others, will be collected:

  • Organization
  • Family name and first name
  • Date of birth
  • Country of origin
  • Country of residence

Other data requested in the form or chatbot and entered by you/the person to be checked

  • Legal basis for processing

Data of Users:

The legal basis for the processing of data is art. 6 (1) (a) GDPR if the user has given his consent.

If registration serves to perform a contract to which the user is party or to implement pre-contractual measures, the additional legal basis for the processing of the data is art. 6 (1) (b) GDPR.

Data of Entity to be checked (Data of Users):

You are solely responsible for the transmission of the data to us resp. entering the data and checking of persons/organisations as well as for lawfulness thereof and the compliance with all corresponding data protection transparency obligations. Idoneus assumes no liability in this regard. In the event of any violation of this provision, you will indemnify Idoneus against any third-party claims (in particular those of the data subject).

  • Purpose of processing

The Platform is an instrument for checking a person or organization on relevant information regarding money laundering. For this purpose, KYC Spider provides the KYC Records. With the access to / search in KYC Records, the extended identification obligations of the financial intermediary according to the Federal Act on Combating Money Laundering and Terrorist Financing (AMLA as of 1st January 2016) are fulfilled. The financial intermediary detects client relationships with sanctioned persons/organisations (i.e. data pursuant to Art. 22a AMLA) and PEP background (i.e. qualification characteristics pursuant to art. 2a para. 2 AMLA). In addition, KYC Records shows references to further detectable and clarification-relevant information. Finally, KYC Records enable traceable documentation of the corresponding clarification.

  • Period of storage

Data of Users:

The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.

Consequently, the personal data collected are needed to perform a contract or to carry out pre-contractual measures are erased as soon as it is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data in order to meet contractual or legal obligations.

  • Possibility of objection and erasure

Data of Users:

As a user you have the possibility to cancel the registration and to change the data stored about you at any time.

If the personal data is necessary to perform a contract or to carry out pre-contractual measures, an early erasure of the data is only possible if neither contractual nor legal obligations prevent a deletion.

Data of Entity to be checked (Data of Users):

The entity to be checked has the possibility to ask for access, erasure, changing etc. of the data stored in our KYC Records at any time.

Information about KYC Spider:

KYC Spider AG
Gubelstrasse 11
6300 Zug

Telephone Number: 041 726 99 69
E-Mail-Address: contact@kyc.ch

Platform Privacy Policy: https://www.kyc.ch/en/platform-dataprivacy-policy

KYC Records Data Privacy Policy: https://www.kyc.ch/en/kyc-records-dataprivacy-policy

  1. KYC / AML DATA PRIVACY CLAUSE

Idoneus is required to identify prospective users and investors (Know your Customer, KYC). Prospective users and investors are also subject to reviews and checks in in order to prevent money laundering and terrorist financing (AML). This clause describes how data is collected and processed for this purpose.

Idoneus engages service providers to perform KYC and AML reviews. The service providers are data processor which means that they process Personal Data on behalf of the Idoneus. Service provides may use sub-processors. Prior to working with any service provider, Idoneus ensures that they comply with the GDPR or any other relevant data protection legislation that may be applicable.

Prospective users and investors must provide personal data to us in order to be identified through the submission of information, forms or documents (in whatever format) through an upload to our website, use of our mobile application or otherwise. Personal Data we process enables us to identify the Customers either directly or indirectly by reference to an identifier. Examples of identifiers we process are name, identification number, passport or ID photograph, location data, an online identifier or one or more factors relating specifically to the economic or social identity of the natural person (“Personal Data”). Depending on certain criteria, personal identification will also require an online video verification which will be stored by the service provider.

The result of the verification process, as well as all details and documents provided by users and investors to the service provider via the Platform or a service provider website, mobile application or otherwise are available solely to service provider with whom the user and investor is engaging, and Idoneus. The Personal Data is provided as part of the Idoneus collation and evaluation of due diligence documentation on potential new and existing users and investors to comply with applicable AML legislation.

For the purposes of GDPR, it should be noted that Personal Data may be transferred or accessed outside the European Economic Area (“EEA”) at the request of Idoneus. For prospective users and investors who are not resident within the EEA, you should note that there is a possibility your Personal Data will be transferred outside your country of residence. You should consult with the relevant contact at Idoneus for further details in relation to jurisdictions used for the transfer of your Personal Data.

  1. USE OF INFORMATION

In general, we use personal information to create, develop, operate, deliver, and improve our Services, content and advertising, and for loss prevention and anti-fraud purposes. Idoneus may use your personal information to provide our services and to contact you in response to inquiries you submit. Idoneus may use your information to manage our contractual relationship with you, because we have a legitimate interest to do so, and/or to comply with a legal obligation:

  • To Maintain Legal and Regulatory Compliance

Some of our services are subject to laws and regulations requiring us to collect and use your personal identification information, formal identification information, financial information, transaction information, employment information, online identifiers, and/or usage data in certain ways.

We must identify and verify prospective users and investors in order to comply with anti-money laundering and terrorist financing laws across jurisdictions. In addition, we use third parties to verify your identity by comparing the personal information you provided against third-party databases and public records.

We may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. If you do not want to have your personal information processed for such purposes, then we shall terminate your account as we cannot perform the services in accordance with legal and regulatory requirements.

  • To Enforce Our Terms in Our User Agreement and Other Agreements

We handle sensitive information, such as your identification and financial data, so it is very important for us and our customers that we are actively monitoring, investigating, preventing and mitigating any potentially prohibited or illegal activities, enforcing our agreements with third parties, and/or violations of our posted user agreement or agreement for other services. We collect information about your account usage and closely monitor your interactions with our services. The consequences of not processing your personal information for such purposes is the termination of your account as we cannot perform our services in accordance with our terms.

  • To Provide Services

We process your personal information in order to provide the services to you, in particular in order got grant access to the Platform. We cannot provide you with services without such information.

  • To Provide Service Communications

We send administrative or account-related information to you to keep you updated about our services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our services.

  • To Provide Customer Service

We process your personal information when you contact us to resolve any question, dispute, collected fees, or to troubleshoot problems. We may process your information in response to another customer’s request, as relevant. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the services.

  • To Ensure Quality Control

We process your personal information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions. Our basis for such processing is based on the necessity of performing our contractual obligations with you.

  • To Ensure Network and Information Security

We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our services. Without processing your personal information, we may not be able to ensure the security of our services.

  • For Research and Development Purposes

We process your personal information to better understand the way you use and interact with our services. In addition, we use such information to customize, measure, and improve the Services and the content and layout of our website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our services. Our basis for such processing is based on legitimate interest.

  • To Enhance Your Website Experience

We process your personal information to provide a personalized experience and implement the preferences you request. For example, you may choose to provide us with access to certain personal information stored by third parties. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our services.

  • To Facilitate Corporate Acquisitions, Mergers, or Transactions

We may process any information regarding your account and use of our services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your personal information processed for such purposes.

  • To Engage in Marketing Activities

Based on your communication preferences, we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. We use information about your usage of our services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.

If you are a current customer residing in the EEA, we will only contact you by electronic means (email or SMS) with information about our services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.

If you are a new customer and located in the EEA, we will contact you if you are located in the EU by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to use your personal information in this way, or to pass your personal information on to third parties for marketing purposes, please follow the opt-out links included in marketing communications or contact us at compliance@idoneus.io. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services.

We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time we may request your permission to allow us to share your personal information with third parties. You may opt out of having your personal information shared with third parties or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to so limit the use of your personal information, certain features or our Services may not be available to you.

On other occasions where we ask you for consent, we will use the information for the purposes which we explain at that time. You have the right to withdraw your consent at any time; however, we may have other legal grounds for processing your information, including those identified above.

  1. WHEN IDONEUS DISCLOSES YOUR INFORMATION

We may disclose aggregated information about our users without restriction. This data cannot be attributed to any specific individual. Idoneus may disclose aggregated user data in order to describe our services to current and prospective affiliates, and to other third parties for lawful purposes.

Idoneus and its service providers may transfer information between them for business purposes. For example, our service providers may handle technical support, payment processing, marketing, advertising delivery and tracking, or information analysis. We furnish our service providers the information they need to perform these and other services, and we work with our service providers to respect and protect your information. We may also provide your information to our affiliates. The entities with which we share information may be located in Switzerland or other countries.

In the event that Idoneus or some of our assets are sold or transferred or used as security, or to the extent we engage in business negotiations with our business partners, the information collected on the Platform may be transferred or shared with third parties as part of that transaction or negotiation. We may also provide information or provide access to information to any of our affiliated businesses or to our business partners.

On rare occasions, we may disclose specific information without your consent and without notice to you as required to comply with laws and regulations, or to comply with court orders, subpoenas, lawful discovery requests, or requests from regulatory, governmental or tax authorities or agencies. Information collected from you may also be used to investigate security breaches or otherwise cooperate with authorities. We may also share information with companies assisting in fraud protection or investigation.

We may disclose information about you without your consent and without notice to you as required to enforce or apply the Terms and Conditions, or other agreements, including for billing and collection purposes.

Your information will not be sold, exchanged, or shared with any third parties without your consent, except to provide our services or as required by law.

If a service provider is located in a country that does not apply the standard of data protection of Swiss law and EU General Data Protection Regulation, Idoneus will use a contract to ensure that your Personal Data has the same level of protection as if protected in accordance with Swiss Federal Act on Data Protection and its Ordinance and EU General Data Protection Regulation.

  1. TRANSFER OF DATA

We store and process your Personal Data in data centers around the world, wherever our service providers are located.

As such, we may transfer your Personal Data outside of Switzerland or the European Union. Some of the countries to which your personal data may be transferred do not benefit from an appropriate protection regulation.

These specific countries can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

For such international Personal Data transfer collected in the European Economic Area and Switzerland we use approved Contractual Data Protection Clauses, or require that any third party located in the U.S. receiving your personal information is certified under the E.U.-U.S. and/or the Swiss-U.S. Privacy Shield Frameworks and require that the third party agrees to at least the same level of privacy protection as required under applicable EU General Data Protection Regulation (GDPR) and in Switzerland under the Swiss Federal Act on Data Protection.

  1. HOW YOUR INFORMATION IS PROTECTED

Idoneus has implemented reasonable physical, technical, and organizational safeguards to help protect your personal information from unauthorized access, acquisition, or disclosure, alteration, or destruction.

Your Personal Data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.

Although no method of transmission over the Internet, or method of electronic storage is one hundred percent secure, we strive to continually update and improve our security measures with the most recent technological developments.

We would like to draw your attention to the fact that we normally never ask for financial or payment information, such as your credit card number, passcode, account number or pin number, in an e-mail, text or any other communication that we send to you. Please always check that any website on which you are asked for financial or payment information in relation to our reservations or services is operated by Idoneus. The risk of impersonating hackers exists and should be taken into account when using our website and/or Services.

If you do receive a suspicious request, do not provide your information and report it by contacting one of our member service representatives as set in this Privacy Policy.

Since we cannot 100% guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur, please accept that you play a vital role in protecting your own Personal Data. When registering with us, it is important to choose an appropriate password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.

Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us at the email address, mailing address or telephone number listed at the end of this Privacy Policy.

  1. THIRD-PARTY SITES

The Platform may contain links to other websites. Please note that when you click on one of these links, you will leave the Platform and will be subject to the policies and privacy practices of the other websites, which may differ significantly. You should review the policies of other websites you visit. Idoneus is not responsible for the content, technology, security, or practices of linked websites operated by others, or for your use of linked websites.

  1. CHILDREN’S PRIVACY

The Platform is not aimed at or intended for children. We do not knowingly collect information from children under the age of thirteen through the Platform. If we obtain actual knowledge that we have inadvertently collected personal information relating to a child under the age of thirteen, we will delete that information from our records. If you believe we might have any information from or about a child under the age of thirteen, please contact us at compliance@idoneus.io.

  1. DO NOT TRACK

“Do Not Track” is a privacy setting that you may set in your web browsers. If turned on, this setting requests that websites not track information about users. At this time, we do not respond to “Do Not Track” browser settings or signals.

  1. DATA RETENTION

We retain personal information for as long as necessary to provide services to you and fulfil the transactions you have requested, or for other necessary purposes such as complying with our legal obligations and enforcing our agreements. Retention periods vary depending on the type of information and how it is used. The criteria we use to determine the appropriate retention periods include:

  • How long we have a relationship with you and provide services or Platform to you.
  • Whether there is a legal, contractual or similar obligation that requires us to keep your information for a certain period of time.
  • Whether you have consented to retention of your information for a longer period of time.

When we no longer need to use or retain your personal information, we will remove it from our systems or depersonalize it so that it cannot be used to identify you.

  1. RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL INFORMATION

If personal data concerning you are processed, you are a data subject within the meaning of the GDPR and you have the following rights:

12.1. Right of access

You can ask the controller to confirm whether personal data concerning you is being processed by us.

Is that the case, you can request the following information from the controller:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data has been or will be disclosed;
  4. the envisaged period for which the personal data will be stored, or, if specific information on this is not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning you or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data is not collected from you, any available information as to their source;
  8. the existence of automated decision-making, including profiling, in accordance with art. 22 (1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to art. 46 GDPR relating to the transfer.

12.2. Right to rectification

You have the right to obtain from the controller the rectification and/or completion of incorrect or incomplete personal data concerning you. The controller shall make the correction/completion without delay.

12.3. Right to restriction of processing

Under the following conditions, you have the right to request the restriction of processing of personal data concerning you:

  1. the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful, and you refuse the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
  4. you have objected to processing pursuant to art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override those of you.

Where processing of personal data concerning you has been restricted, such personal data may only be processed – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

12.4. Right to erasure

12.4.1. Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you and the controller is obliged to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
  2. you withdraw consent on which the processing is based pursuant to art. 6 (1) (a) or art. 9 (2) (a) GDPR, and where there is no other legal basis for the processing;
  3. you file an objection to the processing pursuant to art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you file an objection to the processing pursuant to art. 21 (2) GDPR;
  4. the personal data concerning you has been unlawfully processed ;
  5. the deletion of personal data concerning you is necessary to fulfil a legal obligation in Union or Member State law to which the data controller is subject ;
  6. the personal data concerning you was collected in relation to the offer of information society services referred to in art. 8 (1) GDPR.

12.4.2. Information to third parties

Where the controller has made the personal data public and is obliged pursuant to art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, the personal data.

12.4.3. Exceptions

The right to erasure shall not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller ;
  3. for reasons of public interest in the area of public health in accordance with art. 9 (2) (h) and (i) and art. 9 (3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with art. 89 (1) GDPR, insofar as the right referred to in a) is likely to render it impossible or seriously impair the achievement of the objectives of that processing ; or
  5. for the establishment, exercise or defence of legal claims.

12.5. Right to information

If you have exercised your right of rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to obtain from the controller the information about those recipients.

12.6. Right to data portability

You have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit the data to another controller without hindrance from the controller to which the personal data have been provided, where:

  1. the processing is based on consent pursuant to art. 6 (1) (a) GDPR or art. 9 (2) (a) GDPR or on a contract pursuant to art. 6 (1) (b) GDPR ; and
  2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others shall not be affected by this.

The right to data portability shall not apply to processing necessary for the performance of a task carried out of a public interest or in the exercise of official authority vested in the controller.

12.7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.

The data controller no longer processes the personal data concerning you, unless he demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related with such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You have the possibility to exercise your right of object in the context with the use of information society services, and notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

12.8. Right to withdraw the consent to process personal data

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

12.9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to art. 9 para. 1 GDPR, unless art. 9 para. 2 let. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in points a) and c), the controller implements suitable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

12.10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to art. 78 GDPR.

We must ensure that your Personal Data is accurate and up to date, where relevant. Therefore, please advise us of any changes to your information by emailing us at compliance@idoneus.io.

  1. CROSS-BORDER TRANSFERS

Your information, including personal information, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

  1. UPDATES TO THIS PRIVACY POLICY

Idoneus may update this Privacy Policy and the Platform to reflect material changes in how we collect, use, share, or store your information, to satisfy legal requirements, or for other business purposes. You should review this Privacy Policy when you visit the Platform to understand our current practices. The date at the top of the page shows when this Privacy Policy was last updated.

We encourage you to refer to this Privacy Policy on an ongoing basis so that you understand our current practices. You consent to any changes we make to this Privacy Policy if you continue to use the Platform after receiving a notice of the change or upon our posting of the new Privacy Policy on the Platform.

  1. INTERPRETATION OF THIS PRIVACY POLICY

Any interpretation associated with this Privacy Policy will be made by our legal counsel. This Privacy Policy includes examples but is not intended to be restricted in its application to such examples, therefore where the word “including” is used, it means “including without limitation.”

This Privacy Policy does not create or confer upon any individual any rights, or impose upon Idoneus any rights or obligations outside of, or in addition to, any rights or obligations imposed by applicable country, state, and other privacy laws, as applicable. Should there be, in a specific case, any inconsistency between this Privacy Policy and applicable privacy laws, this Privacy Policy shall be interpreted in that case to give effect to, and comply with, such privacy laws.

  1. GOVERNING LANGUAGE AND TRANSLATIONS

You agree that this Privacy Policy, and other notices posted through the Services have been drafted in English. Although translations in other languages of any of the foregoing documents may be available, such translations may not be up to date or complete. Accordingly, you agree that in the event of any conflict between the English language version of the foregoing documents and any other translations thereto, the English language version of such documents shall govern.

  1. APPLICABLE LAW

This policy is governed by and construed and interpreted in accordance with the substantive laws of Switzerland, excluding the Swiss conflict of law rules. All disputes arising out of or in connection with this contract shall be subject to the ordinary jurisdiction of the courts of Zug, Switzerland.

We recognize that the Platform may be accessed from anywhere in the world, and that the laws of the jurisdictions in which some users are located may differ substantially from those of Switzerland. Because we cannot practicably prevent users in different jurisdictions from accessing the Platform, you are responsible for knowing and complying with the laws of your jurisdiction. If such laws conflict with your use of the Platform or any of its content or functionality, the Platform is not intended for you, and we ask you not to use it or submit any information through it.

  1. QUESTIONS AND CONTACT INFORMATION

If you have questions or comments about this Privacy Policy or the Platform, please contact us using the information below:

Idoneus International AG
Baarerstrasse 12
6300 Zug
Switzerland

Email: compliance@idoneus.io