For the purpose of applicable data protection legislation, the data controller of your Personal Data is Crowdlitoken AG.
You can contact us by emailing firstname.lastname@example.org.
Marketing Communications Preferences
You may request us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, or by contacting us at any time at email@example.com.
What Personal Data We Collect
When you use our Site or when we interact with you, the Personal Data we collect, may include:
- Contact Data, such as your name, job title, business address, telephone number, mobile phone number, email address, and social media profiles.
- Technical Data, including Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Site or use our services.
- Financial Information: Bank account information, payment card primary account number (PAN), transaction history, trading data, crypto wallet information, and/or tax identification.
- Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.
We may also collect Personal Data from third party partners and public sources as required or permitted by applicable law, such as public databases, credit bureaus, ID verification partners, resellers and channel partners, joint marketing partners, and social media platforms.
We use public databases and ID verification partners to verify your identity. ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such information includes your name, address, job position, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws.
In some cases, we may process additional data about you to ensure our services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contract with you and others.
How We Use Your Personal Data
In general, we use personal information to create, develop, operate, deliver, and improve our Services, content and advertising, and for loss prevention and anti-fraud purposes. We may use this information in the following ways:
- To Maintain Legal and Regulatory Compliance
Some of our services are subject to laws and regulations requiring us to collect and use your personal identification information, formal identification information, financial information, transaction information, employment information, online identifiers, and/or usage data in certain ways.
We must identify and verify prospective investors in order to comply with anti-money laundering and terrorist financing laws across jurisdictions. In addition, we use third parties to verify your identity by comparing the personal information you provided against third-party databases and public records.
We may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. If you do not want to have your personal information processed for such purposes, then we shall terminate your account as we cannot perform the services in accordance with legal and regulatory requirements.
- To Enforce Our Terms in Our User Agreement and Other Agreements
We handle sensitive information, such as your identification and financial data, so it is very important for us and our customers that we are actively monitoring, investigating, preventing and mitigating any potentially prohibited or illegal activities, enforcing our agreements with third parties, and/or violations of our posted user agreement or agreement for other services. We collect information about your account usage and closely monitor your interactions with our services. The consequences of not processing your personal information for such purposes is the termination of your account as we cannot perform our services in accordance with our terms.
- To Provide CROWDLITOKEN Services
We process your personal information in order to provide the services to you, in particular in order got grant access to the CROWDLITOKEN eco system. We cannot provide you with services without such information.
- To Provide Service Communications
We send administrative or account-related information to you to keep you updated about our services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our services.
- To Provide Customer Service
We process your personal information when you contact us to resolve any question, dispute, collected fees, or to troubleshoot problems. We may process your information in response to another customer’s request, as relevant. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the services.
- To Ensure Quality Control
We process your personal information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions. Our basis for such processing is based on the necessity of performing our contractual obligations with you.
- To Ensure Network and Information Security
We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our services. Without processing your personal information, we may not be able to ensure the security of our services.
- For Research and Development Purposes
We process your personal information to better understand the way you use and interact with our services. In addition, we use such information to customize, measure, and improve the Services and the content and layout of our website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our services. Our basis for such processing is based on legitimate interest.
- To Enhance Your Website Experience
We process your personal information to provide a personalized experience and implement the preferences you request. For example, you may choose to provide us with access to certain personal information stored by third parties. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our services.
- To Facilitate Corporate Acquisitions, Mergers, or Transactions
We may process any information regarding your account and use of our services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your personal information processed for such purposes.
- To Engage in Marketing Activities
Based on your communication preferences, we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. We use information about your usage of our services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.
If you are a current customer residing in the EEA, we will only contact you by electronic means (email or SMS) with information about our services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.
If you are a new customer and located in the EEA, we will contact you if you are located in the EU by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to use your personal information in this way, or to pass your personal information on to third parties for marketing purposes, please follow the opt-out links included in marketing communications or contact us at firstname.lastname@example.org. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services.
We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time we may request your permission to allow us to share your personal information with third parties. You may opt out of having your personal information shared with third parties or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to so limit the use of your personal information, certain features or our Services may not be available to you.
Disclosing and Transferring Personal Data
We may disclose your Personal Data to third parties and legal and regulatory authorities, and transfer your Personal Data outside the EEA, as described below.
There are certain circumstances where we may transfer your personal data to employees, contractors and to other parties.
We may also share your information with certain contractors or service providers. They may process your personal data for us in particular for customer identification as part of the KYC process, for the screening of customers or transactions in order to implement AML policies. Customer and financial data will furthermore be processed by paying agents. Other recipients/service providers include advertising agencies, IT specialists, database providers, backup and disaster recovery specialists, email providers or outsourced call centers. Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function;
We may also share your information with certain other third parties. We will do this either when we receive your consent or because we need them to see your information to provide products or services to you. These include credit reference agencies, anti-fraud databases, screening agencies and other partners we do business with.
Your personal data may be transferred to other third-party organizations in certain scenarios:
- If we’re discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
- If we are reorganized or sold, information may be transferred to a buyer who can continue to provide services to you;
- If we’re required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;
- If we are defending a legal claim your information may be transferred as required in connection with defending such claim.
- Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.
Your information will not be sold, exchanged, or shared with any third parties without your consent, except to provide our services or as required by law.
If a service provider is located in a country that does not apply the standard of data protection of Swiss law and EU General Data Protection Regulation, CROWDLITOKEN will use a contract to ensure that your Personal Data has the same level of protection as if protected in accordance with Swiss Federal Act on Data Protection and its Ordinance and EU General Data Protection Regulation.
Transfer of Data
We store and process your Personal Data in data centers around the world, wherever our service providers are located.
As such, we may transfer your Personal Data outside of Switzerland or the European Union. Some of the countries to which your personal data may be transferred do not benefit from an appropriate protection regulation.
These specific countries can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
For such international Personal Data transfer collected in the European Economic Area and Switzerland we use approved Contractual Data Protection Clauses, or require that any third party located in the U.S. receiving your personal information is certified under the E.U.-U.S. and/or the Swiss-U.S. Privacy Shield Frameworks and require that the third party agrees to at least the same level of privacy protection as required under applicable EU General Data Protection Regulation (GDPR) and in Switzerland under the Swiss Federal Act on Data Protection.
How We Keep Your Personal Data Secure
We store all your Personal Data on servers operated by Swisscom, Switzerland (KYC Data), cyon, Switzerland (Webpage, CROWDLITOKEN platform) and CROWDLITOKEN entity server, Liechtenstein & Switzerland (client data). Marketing data is furthermore stored at servers in Lithuania and Germany.
We take all reasonable effort on technical and organizational security measures to protect your Data from being manipulated, lost or accessed by unauthorized third-parties.
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our Site as safe as possible.
Your Personal Data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.
Although no method of transmission over the Internet, or method of electronic storage is one hundred percent secure, we strive to continually update and improve our security measures with the most recent technological developments.
We would like to draw your attention on the fact that we normally never ask for financial or payment information, such as your credit card number, passcode, account number or pin number, in an e-mail, text or any other communication that we send to you. Please always check that any website on which you are asked for financial or payment information in relation to our reservations or services is operated by Mt Pelerin. The risk of impersonating hackers exists and should be taken into account when using our website and/or Services.
Since we cannot 100% guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur, please accept that you play a vital role in protecting your own Personal Data. When registering with us, it is important to choose an appropriate password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.
How Long We Retain Your Personal Data
CROWDLITOKEN will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Therefore, and in accordance with our record keeping obligations, we will retain Account and other Personal Data for at least five years (and some up to ten years, as required by applicable law) after an Account is closed.
CROWDLITOKEN will also retain Data Collected Automatically either generated by the use of the website or from the website infrastructure itself (for example, the duration of a page visit) for internal analysis purposes.
This Data is generally retained for a shorter period of time, except when this Data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this Data for longer time periods.
Hence, this kind of Data collected via technical means such as cookies, webpage counters and other analytics tools is normally kept for a period of up to one year from expiry of the cookie.
Your Rights Regarding Your Personal Data
By law you have the right to:
- To request details of the Personal Data we hold about you and how we process it;
- To have the Personal Data we hold rectified or deleted, to restrict our processing of that information, to stop unauthorized transfers of your Personal Data to a third party and, in some circumstances, to have Personal Data relating to you transferred to another organization;
- To withdraw consent to our processing of your Personal Data; and
- To lodge a complaint in relation to CROWDLITOKEN’s processing of your Personal Data with a local supervisory authority.
You can learn more about these rights at ec.europa.eu.
If you object to the processing of your Personal Data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see “How We Use Your Personal Data”), or that you may not be able to make use of the services and products offered by CROWDLITOKEN. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your Personal Data to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations. If you have provided your consent and wish to withdraw your consent, please follow the opt-out links on any marketing message sent to you or contact us at privacy@ crowdlitoken.com.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented, unless there are compelling legitimate grounds for further processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of Personal Data necessary for us to provide products or services to you necessitated by any contractual relationship you or your firm has with CROWDLITOKEN.
We must ensure that your Personal Data is accurate and up to date, where relevant. Therefore, please advise us of any changes to your information by emailing us at email@example.com.
If you feel that your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact your local data protection supervisory authority.
If you apply for employment or work placement, you may need to provide information about your education, employment, right to work, and state of health. Your application will constitute your express consent to our use of this information to assess your application and to allow us to carry out any vetting or monitoring activities, which may be required of us under applicable law as an employer, and which we may undertake to assist us to monitor delivery of our own commitments to diversity and equality.
CROWDLITOKEN is required to identify prospective investors before any investment is made (Know your Customer, KYC). Prospective investors are also subject to reviews and checks in in order to prevent money laundering and terrorist financing (AML). This statement describes how data is collected and processed for this purpose.
CROWDLITOKEN engages service providers to perform KYC and AML reviews. The service providers are data processor which means that they process Personal Data on behalf of the CROWDLITOKEN. Service provides may use sub-processors. Prior to working with any service provider CROWDLITOKEN ensures that they comply with the GDPR or any other relevant data protection legislation that may be applicable.
Prospective investors must provide personal data to us in order to be identified through the submission of information, forms or documents (in whatever format) through an upload to our website, use of our mobile application or otherwise. Personal Data we process enables us to identify the Customers either directly or indirectly by reference to an identifier. Examples of identifiers we process are name, identification number, passport or ID photograph, location data, an online identifier or one or more factors relating specifically to the economic or social identity of the natural person (“Personal Data”). Depending on certain criteria investor identification will also require an online video verification which will be stored by the service provider during the Securities Token Offering (STO) and afterwards only by CROWDLITOKEN.
The result of the verification process, as well as all details and documents provided by investors to the service provider via the Site or a service provider website, mobile application or otherwise are available solely to service provider with whom the investor is engaging. The Personal Data is provided as part of the CROWDLITOKEN collation and evaluation of due diligence documentation on potential new and existing investors to comply with applicable AML legislation.
For the purposes of GDPR, it should be noted that Personal Data may be transferred or accessed outside the European Economic Area (“EEA”) at the request of CROWDLITOKEN. For prospective investors who are not resident within the EEA, you should note that there is a possibility your Personal Data will be transferred outside your country of residence. You should consult with the relevant contact at CROWDLITOKEN for further details in relation to jurisdictions used for the transfer of your Personal Data.
Cookies are files, often including unique identifiers, that are sent by web servers to web browsers, and which may then be sent back to the server each time the browser requests a page from the server.
Cookies can be used by web servers to identity and track users as they navigate different pages on a website, and to identify users returning to a website.
Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
COOKIES ON THE WEBSITE
We use both session cookies and persistent cookies on the website.
Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked, by us, to the information stored in and obtained from cookies. The cookies used on the website include those which are strictly necessary cookies for access and navigation, cookies that track usage (performance cookies), remember your choices (functionality cookies), and cookies that provide you with targeted content or advertising
We may use the information we obtain from your use of our cookies for the following purposes:
- to recognise your computer when you visit the website;
- to track you as you navigate the website, and to enable the use of any e-commerce facilities;
- to improve the website’s usability
- to analyse the use of the website
- in the administration of the website
- to personalise the website for you, including targeting advertisements which may be of particular interest to you.
THIRD PARTY COOKIES
When you use the website, you may also be sent third party cookies.
Our advertisers and service providers may send you cookies. They may use the information they obtain from your use of their cookies:
- to track your browser across multiple websites
- to build a profile of your web surfing
- to target advertisements which may be of particular interest to you.
Most browsers allow you to refuse to accept cookies. For example:
- in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector;
2. in Firefox you can block all cookies by clicking “Tools”, “Options”, and un-checking “Accept cookies from sites” in the “Privacy” box.
3. in Google Chrome you can adjust your cookie permissions by clicking “Options”, “Under the hood”, Content Settings in the “Privacy” section. Click on the Cookies tab in the Content Settings.
4. in Safari you can block cookies by clicking “Preferences”, selecting the “Privacy” tab and “Block cookies”.
Blocking all cookies will, however, have a negative impact upon the usability of many websites. If you block cookies, you may not be able to use certain features on the website (log on, access content, use search functions).
You can also delete cookies already stored on your computer:
1. in Internet Explorer, you must manually delete cookie files;
2. in Firefox, you can delete cookies by, first ensuring that cookies are to be deleted when you “clear private data” (this setting can be changed by clicking “Tools”, “Options” and “Settings” in the “Private Data” box) and then clicking “Clear private data” in the “Tools” menu.
3. in Google Chrome you can adjust your cookie permissions by clicking “Options”, “Under the hood”, Content Settings in the “Privacy” section. Click on the Cookies tab in the Content Settings.
4. in Safari you can delete cookies by clicking “Preferences”, selecting the “Privacy” tab and “Remove All Website Data”.