- General Information
Noteworthy AG (also «we», «us») appreciate you visiting our website and/or using our App, and your interest in the products and services we offer. Protecting your personal data is very important to us. In this Privacy Notice, we explain how we collect your personal data when you use our website, our mobile phone application, obtain products or services from us, interact with us in relation with a contract, communicate with us or otherwise deal with us, what we do with your personal data, for what purposes and on what legal foundation we do so, and what rights you have on that basis. We use the word «data» here interchangeably with «personal data».
«personal data» means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, economic or social identity of that natural person . «Processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
If you provide information to us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that the data is accurate and that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
This Privacy Notice is aligned with the EU General Data Protection Regulation («GDPR») and the Swiss Data Protection Act («DPA»). However, the application of these laws depends on each individual case.
- Name and Address of the Responsible Person and the Data Protection Officer/Data Protection Advisor
The responsible person for processing your data under this Privacy Notice («Controller») unless we tell you otherwise in an individual case is:
c/o Sielva Management AG
6300 Zug – Switzerland
You may contact us regarding data protection matters and to exercise your rights at: email@example.com
- Categories of Data we Process
The processing of personal data is limited to data that is required to operate a functional website and for the provision of content, products, and services. The processing of personal data of our users is based on the purposes agreed or on a legal basis. We only collect personal data that is necessary to implement and process our tasks and services or if you provide data voluntarily. Depending on the reason and purpose of the processing, we process different data about you:
- Technical Data
When you use our website or other online offerings (e.g. reservation of cryptonotes), we collect the IP address of your terminal device and other technical data in order to ensure the functionality and security of these offerings. This data includes logs with records of the use of our systems. We generally keep technical data for 6 months. In order to ensure the functionality of these offerings, we may also assign an individual code to you or your device (for example as a cookie, see Section XIV). Technical data as such does not permit drawing conclusions about your identity. However, technical data may be linked with other categories of data (and potentially with your person) in relation with user accounts, registrations, access controls or the performance of a contract.
- User Account and Registration Data
Some of our services may only be used with a registration (e.g. reservation of cryptonotes, newsletters). Such data will be kept for 12 months from the date of the use of the services or the user account is closed.
User account and registration data includes
- information you provide when you create an account on our website (for example username, password, name, e-mail)
- contact details when you subscribe to our newsletter.
- Communication Data
When you get in contact with us via contact form, e-mail, telephone, chat, or by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. If we record telephone conversations, we will tell you specifically. If we have to confirm your identity, for example in relation to a request for information, we collect data to identify you (for example a copy of an ID document). We generally keep this data for 12 months from the last exchange between us. This period may be longer where required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. E-mails in personal mailboxes and written correspondence are generally kept for at least 10 years. Chats are generally stored for 2 years.
Communication Data includes
- your name and contact details,
- the means, place and time of communication and usually also its contents (i.e. the contents of e-mails, letters, chats, etc.). This data may also include information about third parties. For identification purposes, we may also process your ID document number or a password ,
- communications by telephone, fax, e-mail, voicemail, text messaging, picture messaging, video messaging or Instant Messaging.
- Master Data
Master data is the basic data that we need, in addition to contract data (see below), for the performance of our contractual and other business relationships or for marketing and promotional purposes, such as name and contact details, and information about, for example, your role and function, your bank details, your date of birth, customer history, declarations of consent. We process your master data if you are a customer or other business contact or work for one (for example as a contact person of the business partner), or because we wish to address you for our own purposes or for the purposes of a contractual partner (for example as part of marketing and advertising, for invitations to events, for vouchers, newsletters, etc.). We receive master data from you (for example when you buy our product on our website), from parties you work for, or from third parties such as contractual partners, and from public sources such as public registers or the internet (websites, social media, etc.). We generally keep master data for 10 years from the last exchange between us but at least from the end of the contract. This period may be longer if required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. For contacts used only for marketing and advertising, the period is usually much shorter, usually no more than 2 years from the last contact.
Master data is not comprehensively collected for all contacts. Rather, the collection of master data depends on the individual case and purpose of the processing. In general, it may include:
- first and last name
- home address
- delivery address
- invoice address
- e-mail address
- telephone number and other contact details
- date of birth and age
- payment information (e.g. credit card and account information)
- language preferences
- photos and videos (e.g. while attending Noteworthy events)
- copies of ID cards
- details of your relationship with us (e.g. customer, supplier, visitor, service provider or service recipient, etc.)
- details of your status, allocations, classifications and mailing lists
- details of interactions with you
- official documents (e.g. excerpts from the commercial register, permits)
- declarations of consent and opt-out information
- as regards customers, suppliers and partners, master data also includes information about the role or function in the company, qualifications and information about superiors, co-workers and information about interactions with these persons.
- Contract Data
We collect contract data in relation with the conclusion or performance of a contract, e.g. information about the products and the services provided or to be provided, as well as data from the period leading up to the conclusion of a contract, information required or used for performing a contract, and information about feedback (e.g. complaints, feedback about satisfaction, etc.). We generally collect this data from you, from contractual partners and from third parties involved in the performance of the contract, but also from third-party sources (for example e-commerce or payment services providers) and from public sources. We generally keep this data for 10 years from the last contract activity but at least from the end of the contract. This period may be longer where necessary for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons.
Contract data includes:
- contract dates (including contract date, type of contract, contract provisions; parties to the contract; term of contract; contract value; claims lodged under contract)
- purchasing information (including date of purchase; place of purchase; time of purchase; type, quantity and value of the products and services purchased; payment method used; paying agent; purchasing history)
- customer services information
We receive this data partly from you (for example when you make payments), but also from third parties including payment and KYC services companies .
- Other Data
We also collect data from you in other situations. For example, data that may relate to you (such as files, evidence, etc.) is processed in relation with administrative or judicial proceedings. We may obtain or create photos, videos and sound recordings in which you may be identifiable (for example at events). We may also collect data about who participates in events or campaigns. The retention period for this data depends on the processing purpose and is limited to what is necessary. Much of the data set out in this Section is provided to us by you, e.g. through forms, in relation with communication with us, in relation with contracts, when you use the website, etc. You are not obliged or required to disclose data to us except in individual cases. If you wish to enter into contracts with us or use our services, you must also provide us with certain data, in particular master data, contract data and registration data, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data cannot be avoided. However, in the case of behavioural and preference data, you have the option of objecting or not giving consent.
We provide certain services to you only if you provide us with registration data, because we or our contractual partners wish to know who uses our services or has accepted an invitation to an event, because it is a technical requirement or because we wish to communicate with you. If you or the person you represent (for example your employer) wishes to enter into or perform a contract with us, we must collect master data, contract data and communication data from you, and we process technical data if you wish to use our website or other electronic offerings for this purpose. If you do not provide us with the data necessary for the conclusion and performance of the contract, you should expect that we may refuse to conclude the contract, that you may commit a breach of contract or that we will not perform the contract. Similarly, we can only submit a response to a request from you if we process communication data and – if you communicate with us online – possibly also technical data. Also, the use of our website is not possible without us receiving technical data.
As far as it is not unlawful we also collect data from public sources or receive data from other companies within our group, from public authorities and from other third parties .
- Purposes of the Processing
We process your data for the purposes explained below. Further information is set out in Sections XIV et seq for online services. These purposes and their objectives represent interests of us and potentially of third parties. You can find further information on the legal basis of our processing in Section V.
We process your data for communication purposes, in order to communicate with you, in particular, when you contact us in order, to respond to your queries or when you exercise your rights. For this purpose, we use in particular communication data, master data and registration data to enable us to communicate with you and provide our services or respond to requests. We keep this data to document our communication with you, for training purposes and quality assurance.
- Performance of a Contract
We process your data for entering into a contract with you, perform and administer it. In particular, we process communication data, master data, registration data and contract data about you. This might include data about third parties, e.g. if you order products or services for the benefit of a third party. This also includes data about potential customers that we receive from communication with you, on a trade fair or any other business event. As regards the conclusion of a contract, we use this data to open up a business relationship with you. Administering and performing the contract with you might involve third parties, such as logistic companies, advertising service providers, banks, insurance companies, payment services and KYC services companies in order to provide our products and services to you.
- Marketing and Relationship Management
We process your data for marketing and relationship management purposes. For example, we send personalized newsletters for products and services. Marketing and relationship management might include contacting you via e-mail, telephone or other channels for which we have contact information from you. We and, if applicable, selected third parties, only display personalized content or advertising based on your usage behavior or send e-mails for marketing purposes (e.g. newsletter) if and to the extent you give your consent to us if required under applicable law. You can object to such marketing activities or withdraw your consent at any time (please see Section XI and XII).
As regards relationship management, we use a customer relationship management system («CRM») to store and process your data as described in this Privacy Notice (e.g. about contact persons, products and services provided to you, interactions, interests, marketing measures, newsletters, invitations to events and other information). In order to provide you with the best products and services and to use our resources as effectively as possible we may use the CRM together with the company group. Company group means Noteworthy AG, Zug, Switzerland and its eventual and future subsidiaries and group companies. In due time, a list of the subsidiaries and group companies will be found on our website.
- Product/Service Improvement and Innovation
We process your data for market research and to improve our products and services (including our website).
- Safety or Security Reasons
We process your data to protect our IT and other infrastructure. For example, we process data for monitoring, analysis and testing of our networks and IT infrastructures including access controls.
- Compliance with Law
We process your data to comply with legal requirements, e.g. money laundering and terrorist financing, tax obligations etc. and we might have to request further information from you to comply with such requirements («Know Your Customer») or as otherwise required by law and legal authorities.
- Risk Management, Corporate Governance and Business Development
We process your data as part of our risk management and corporate governance in order to protect us from criminal or abusive activity. As part of our business development, we might sell businesses, parts of businesses or companies to others or acquire them from others or enter into partnerships and this might result in the exchange and processing of data based on your consent, if necessary.
- Legal Basis for Processing your Data
Where we asked for your consent (e.g. for receiving newsletters and for personalized content or advertising based on your usage behaviour or for processing sensitive data), we process your data based on such consent. You may withdraw your consent at any time with effect for the future by providing us written notice (e-mail sufficient), see our contact details in Section II. If you like to withdraw your consent for online tracking, please see Section XIV. Withdrawal of your consent does not affect the lawfulness of the processing that we have carried out prior to your withdrawal, nor does it affect the processing of your data based on other processing grounds.
Where we did not ask for your consent, we process your data on other legal grounds, such as
- a contractual obligation
- a legal obligation
- a vital interest of the data subject or of another natural person
- to perform a public task
- a legitimate interest, which includes compliance with applicable law and the marketing of our products and services, the interest in better understanding our markets and in managing and further developing our company, including its operations, safely and efficiently.
- Disclosure of Data to Third Parties and Social Plug-ins
In order to perform our contracts, fulfill our legal obligations, protect our legitimate interest and the other purposes and legal grounds set out above, we may disclose your data to third parties, in particular to the following categories of recipients:
- Service Providers
We may share your information with service providers and business partners around the world with whom we collaborate to fulfil the above purposes (e.g. IT provider, shipping companies, advertising service provider, security companies, banks, insurance companies, telecommunication companies, address verification provider, lawyers) or who we engage to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only.
- Contractual Partners Including Customers
In case required under the respective contract we share your data with other contractual partners. If we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.
- Legal Authorities
If legally obliged or entitled to make disclosures or if it appears necessary to protect our interests, we may disclose your data to courts, law enforcement authorities, regulators, government officials or other legal authorities in Switzerland or abroad, e.g. in criminal investigations and legal proceedings including alternative dispute resolution.
- Social Plug-ins
Our website uses social plug-ins to from social media sites such as Facebok, Instagram, Twitter and LinkedIn and integrate them as follows:
When you visit our website, the social plugins are deactivated, i.e. no data is transmitted to the operators of these networks. If you want to use one of the networks, click on the respective social plug-in to establish a direct connection to the server of the respective network.
If you have a user account on the network and are logged in when you activate the social plug-in, the network can associate your visit to our websites with your user account. If you want to avoid this, please log out of the network before activating the social plug-in. A social network cannot associate a visit to our website until you have activated an existing social plug-in.
When you activate a social plug-in, the network transfers the content that becomes available directly to your browser, which integrates it into our website. In this situation, data transmissions can also take place that are initiated and controlled by the respective social network. Your connection to a social network, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy policies of that network.
The social plug-in remains active until you deactivate it or delete your cookies (see Section XIII).
If you click on the link to an offer or activate a social plug-in, personal data may reach providers in countries outside the European Economic Area that, from the point of view of the Switzerland or the European Economic Area (EEA) may not guarantee an adequate level of protection for the processing of personal data in accordance with Swiss/EU standards. Please remember this fact before clicking on a link or activating a social plug-in and thereby triggering a transfer of your data.
- Transfer of Data Abroad
As we have explained in Section VI, we disclose data to other parties, not all of them located in Switzerland. Your data may be processed in the European Economic Area (EEA) and in exceptional circumstances also in countries outside the EEA and around the world, which includes countries that do not provide the same level of data protection as Switzerland or the EEA and are not recognized as providing an adequate level of data protection. We only transfer data to these countries when it is necessary for the performance of a contract or for the exercise or defence of legal claims, or if such transfer is based on your explicit consent or subject to safeguards that assure the protection of your data, such as the European Commission approved standard contractual clauses.
- How Long We Keep your Personal Data
We only process your data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of complying with legal retention requirements and where required to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. Upon expiry of the applicable retention period we will securely destroy your data in accordance with applicable laws and regulations.
- Security of your Personal Data
We take appropriate organisational and technical security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
However, we and your personal data can still become victims of cyber-attacks, cybercrime, brute force, hacker attacks and further fraudulent and malicious activity of third-parties including but not limited to viruses, forgeries, malfunctions and interruptions, which is out of our control and responsibility.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Your Rights
You have various rights in relation with our processing of your personal data, depending on the applicable data protection law:
- Right of Access
You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information.
- Right to Rectification
We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
- Right to Erasure
You have the right to require us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
- Right to Restriction
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Right to Withdraw Consent
Where we process data based on your consent, you have the right to withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
If you believe that your data protection rights might have been breached, please let us know the applicable supervisory authority.
- Right to Object
Under applicable data protection law you have the right to object at any time to the processing of personal data pertaining to you under certain circumstances, in particular where your data is processed in the public interest, on the basis of a balance of interests or for direct marketing purposes.
If you like to exercise the above-mentioned rights, please contact us at firstname.lastname@example.org. Please note that we need to identify you to prevent misuse, e.g. by means of a copy of your ID card or passport, unless identification is not possible otherwise.
If you subscribe to one of our newsletters offered, you may cancel the subscription at any time by using the option to unsubscribe contained in the newsletter.
However, depending on the purpose of these cookies, we may ask for your express prior consent before they are used. You can access your current settings by clicking on the «Change Your Cookies» – button below and you can withdraw your consent under the same link at any time. You can also set your browser to block or deceive certain types of cookies or alternative technologies, or to delete existing cookies. You can also add software to your browser that blocks certain third-party tracking. You can find more information on the help pages of your browser (usually with the keyword «Privacy») or on the websites of the third parties.
- Necessary Cookies
Necessary cookies are necessary for the functioning of the website or for certain features. They make the use of our website more pleasant for you. For example, they help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. They also ensure that you can move between pages without losing information that was entered in a form and that you stay logged in. These cookies exist temporarily only («session cookies»).The session cookies are automatically deleted after leaving our pages. If you block them, the website may not work properly. Other cookies are necessary for the server to store options or information (which you have entered) beyond a session (i.e. a visit to the website) if you use this function (for example language settings, consents, automatic login functionality, etc.). These cookies have an expiration date of up to 12 months. The legal basis for such cookies is our legitimate interest according to provide you with all functions of our website.
- Performance Cookies
- Marketing Cookies
- Monitoring Tools
We use social media monitoring tools that help us to identify and monitor content on third-party websites, e.g. in posts, tweets, blogs, news, forum posts and social media platforms. This gives us a detailed insight into customer opinions and any topics on the internet that mentions our company name(s) or talks about our brand(s). In doing so, so-called “crawlers” search available online sources to seek out the relevant hits. Some monitoring tools search both publicly available data on the internet and closed-loop third-party networks with which they have directly concluded contracts in order to access their data.
Our use of monitoring tools is based on our legitimate interests of market and opinion research for marketing and PR purposes. Data processing by such monitoring tools is external and separate from our web and social media sites and we are not responsible for any data processing by such monitoring tools.
If you like to object to the use of your information by such monitoring tools, or require information about the data stored by them, or if you wish to exercise any other right that you are entitled to, please contact the respective monitoring tool.
- Tracking Tools
Based on your consent we use tracking tools to ensure a tailored design and the continuous optimization of our website. We also use the tracking tools to statistically record the use of our website and evaluate it for the purpose of optimizing the content we show you.
- Updating and changing this Privacy Notice
Due to continuous development of our website and application and the contents thereof, changes in law or regulatory requirements, we might need to change this privacy notice from time to time. Our current privacy notice can be found at our website and can be saved and printed out by you.
Noteworthy AG, Zug, Switzerland