Privacy and Cookies Policy

1. Unless otherwise defined in this Privacy Policy, terms used have the same meaning as in the Terms & Conditions.

2. This Privacy Policy was last modified on 10 January 2022 and may be updated to reflect changes in legislation. By continuing to access or use our Service after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Services.

3. We process your data with due care, in accordance with all applicable laws and regulations, including the regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (the “GDPR”).

4. The Privacy Policy only covers data processing carried out by us. The Privacy Policy does not address, and we are not responsible for, the privacy practices of any other parties, or data publically available on the blockchain.

5. We do not knowingly collect or ask for data from people under the age of 18. If you are such a person, please do not use our service or send us your data. We delete data that we learn is collected from a person under the age of 18 without verified parental consent.

   1. Who processes your personal data?

      1. Your personal data are being processed by our companyNuFi AG, with its registered seat at Arbachstrasse 60B, 6340 Baar, Switzerland established and governed by the law of Switzerland (the “Controller“, “NuFi”, “we”, “us” or “our”).

      2. To learn more about personal data management or if you have any other questions, you're welcome to contact us at [email protected]

   2. What personal data is processed?

      We may collect the following types of data about you:

      1. Personal Data

         The only personal data we knowingly collect and process that may directly identify you is email address. We also may collect and process other personal data if disclosed by you to us through our services or when contacting us.

         While we also collect and process your cryptocurrency wallet address through our third party partners, this data remains pseudo-anonymous and we do not store it with your email address. Interactions and transactions with our third party partners may be connected to the pseudo-anonymous identity of your wallet and this data may be stored on our servers in order to be

         able to provide you with your historical usage information (such as crypto exchanges executed through third party providers) on the Site.

      2. Technical Data

         We collect and process anonymised technical data from your session including the URL of the website visited before using our Service, the time and date of Site user visits, Site user behaviour, Service usage patterns, IP address, the browser name, the type of computer or device accessing our Service, time spent on the Site, technical data concerning user wallets, and other similar technical data, for the purposes of improving our services. We may also aggregate technical data with a unique identifier to personalise your experience.

         Our authorised external service providers may also automatically collect technical data when you visit or interact with our Site.

      3. Cookies

         1. To make this Site work properly, we place small data files called cookies and similar technologies on your device. Cookies we use collect the Technical Data outlined above.

         2. We use our session-based and also permanent functional cookies which enable the Site to remember your actions and preferences (e.g., to remember that you are logged in) so you don’t have to keep re-entering them whenever you come back to the Site or browse from one page to another.

         3. We also use third parties’ permanent cookies, which helps us to detect abusive traffic on our Site without any user friction.

         4. We use anonymised analytical cookies for the improvement of our Site as described below.

   3. What are the purposes and legal basis for processing your personal data?

      1. We process your personal data in order to:

         1. carry out the agreement existing between us based on your decision to use our Services

            We process your personal data to provide our Services including informing you about updates and new features of our Services, notifying you about updates of our Terms & Conditions and this Privacy Policy, responding to you in relation to any queries you may have with respect to our Services through emailing us or through submitting a support ticket, and resolving potential agreement-related disputes.

            We process your email address when you use our Service.

            Legal basis for such processing:the performance of a contract in accordance with Article 6 (1) (b) of GDPR.

         2. improve our Services

            We use anonymised technical data to improve our services including influencing current and future features, and to prevent and detect security flaws and user interface issues.

            Legal basis for such processing: legitimate interest in accordance with Article 6 (1) (f) of GDPR.

         3. personalise our Services

            We use anonymised technical data connected to a users session to personalise our services.

            Legal basis for such processing: consent in accordance with Article 6 (1) (a) of GDPR.

   4. Who are recipients of your personal data?

      1. We do not share your personal data with any recipients outside of the Controller and the group of companies into which the Controller belongs unless one of the following circumstances applies:

         1. it is necessary for the performance and improvement of our Services

            We work with external service providers (Sub-Processors) to provide our Services to you. We only work with Sub-Processors who have the same or above technical and organisational security measures as us. Before your personal data is shared with a Sub-Processor you will be prompted that the service is not provided directly by us. Currently, we utilise Google Analytics to provide our Services and other providers of wallet services, including Trezor T and Ledger Nano, which will be made known to you.

         2. It is necessary for legal reasons

            We may share your personal data with recipients outside the Controller if we have a good-faith belief that access to and use of your personal data is reasonably necessary to:

            (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of the Controller, our users or the public as far as in accordance with the law. When possible, we will inform you about such processing.

   5. Do we transfer your data to countries outside the EU/EEA?

      1. We may transfer your personal data to countries outside the European Union and the European Economic Area where we engage with external service providers. In such a case:

         1. we transfer your personal data only to a country that is considered to have an adequate level of protection in accordance with the EU Commission's decision

         2. or there are appropriate safeguards in place to protect your personal data, such as standard contract clauses or binding internal company rules.

      2. Regardless of the country in which your personal data is processed, the Controller takes reasonable technical, legal and organisational measures to ensure that the level of protection is the same as in the European Union and the European Economic Area.

      3. If we are involved in a merger, acquisition or other reorganisation, your data may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

   6. What is the storage period?

      1. We store your personal data only if it is legally permitted and necessary for the purposes for which the data were collected.

   7. What are your rights?

      1. You have rights to access, rectify, erase, restrict and receive personal data collected, stored and processed by NuFi. These rights do not include data publicly available on blockchain.

      2. Right of access- We offer you access to your personal data we process as indicated above, which is processed by NuFi. This means you can contact us and request from us a confirmation whether or not your personal data are being processed and if so, you have the right to request access to your data.

      3. Right to rectification- You have the right to have inaccurate personal data we have stored about you rectified.

      4. Right to erasure- You may also ask us to erase your personal data from our systems. We will comply with such requests unless we have a legitimate ground to not delete your personal data.

      5. Right to restriction of processing- You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our Services and Site.

      6. Right to data portability- You have the right to receive your personal data from us in a structured, commonly used and machine-readable format in order to transmit the personal data to another controller.

      7. How to use your rights - You may exercise your rights above, free of charge, by sending an email to [email protected].

1. May you complain?

   1. In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection.

1. Is your data secure?

   1. We take all reasonable, appropriate security measures to protect the Controller and our customers from unauthorised access to or unauthorised alteration, disclosure or destruction of personal data we hold. Measures include, where appropriate, encryption, firewalls, secure facilities and access rights systems. Should, despite the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you about the breach as soon as reasonably possible. If you have any questions, feel free to contact us at [email protected].