EIDOO Sagl, Via Motta 10, 6830 Chiasso, Switzerland, and Eidoo LithuaniaUAB, Liepų al. 24, LT-35121 Panevėžys, Lithuania (the "Companies"), collectPersonal Data (as defined below) in compliance with the applicable law and regulations, in particular the Swiss Federal Act on Data Protection ("FADP") as well as the General DataProtection Regulation (EU/2016/679)("GDPR") (together "Data Protection Law").
Pursuant to the Data Protection Law, the following capital terms shall have the meaning indicated here below:
"Personal Data" means any information relating to an identified or identifiable natural person;
"Processing" means any operation or set of operations, performed whether or not by automated means which are applied to Personal Data or sets of Personal Data, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“AML” means anti-money laundering.
We collect different information depending on how you use the site and how you interact with us.
Eidoo collects personal data on different ways:
· Technical data, such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the website.
· Usage data, which includes information about how you use the website, and any communications we receive from you.
· Marketing and communications data, including your preferences in receiving marketing and other communications from us.
· Technical data, such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the app.
· Usage data, which includes information about how you use the app, and any communications we receive from you.
· Identity information, such as name, title, place and date of birth, gender, nationality, organization name and position, and information from photographic identity documents such as ID card, driving license or passport information.
· Contact data, such as address and email and personal and business telephone details.
· Financial and/or employment information including business activities and source of funds. If you ask us to provide you with specific legal services, we also ask you for further information relating to your employment.
· Details in respect of political exposure or any actual or alleged criminal convictions.
· Information about the origin of your assets
· Our provider Onfido Ltd, UK, is providing us information from public available platforms on criminal records and other non criminal procedures, as well as the status as a political exposed person or the list of persons under sanctions issued by States or international organisations.
· Our website is not intended for storing 'special categories' of personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information.
Different personal data is collected indifferent ways:
a) Personal data you provide to us
· When you request an EidooID, you will provide us with the information required in order to comply with the KYC/AML duties. This data is collected via direct solicitation. We are also obtaining information from public sources (such as Companies House) and third-party search agencies for anti-money laundering. Information obtained from third parties include your name (and other family names), address, any directorships you hold, political exposure, and any alleged or actual criminal offences.
· You will also provide us with personal data when you correspond with us, and if you apply for a position with the firm.
· When you sign up to one of our mailinglists, you will provide us with your contact information, IP address, and your marketing and communications preferences.
b) Personal data we collect automatically
· As you use the site or our app, we will collect certain technical data including your browser type, the InternetProtocol (IP) address used to connect your computer to the internet, and your usage habits, patterns and preferences. We collect this data using cookies,beacons and similar technologies. We use Google Analytics to help us analyse user habits while visiting our site. The data gathered from cookies will be transmitted to Google servers in the European Union and Switzerland. The information will be used by Google only for the purpose of evaluating website use, creating website activity reports, and other services relating to website activity and internet usage on behalf of the Companies. The IP address that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google.
We use the following cookies:
What it is used for
Google Analytics, Firebase
website analytics and visitor tracking
website security and access control
You can remove cookies from your computer through the settings on your browser, but be aware that this will impactyour ability to make use of some features on this and other web sites.Management of cookie settings varies from one browser to another.
We will only use your information where:
a) You have given us permission to do so
If you sign up to our mailing lists, we will use the personal data in the management of our relationship with you and for communication purposes, including to send you newsletters and invitations to events, training programs or lectures, and to maintain our list of contacts.
If you apply for a position with the Companies, we treat any information you send to us as strictly private and confidential and will only use it in relation to application you have submitted.
b) We have a legitimate interest (reasonable business purpose) for doing so
We will use your information for our legitimate business reasons where our doing so will not unduly affect your rights.
We will use your identity,contact and usage information to keep our records up to date.
We will use your technical information like IP addresses, Date and time of the request, Time zone, Content of the request (specific page), Access status/HTTP status code, the data volume transferred, the website where the request comes from, Operating system and its interface, language and version of the browser software, to:
We may also use any or all of theinformation above to administer and manage our business in general. If you feel that your interests and fundamental rights outweigh our business purposes, andt hat we should therefore stop processing your data, please let us know.
c) We need to comply with a legal or regulatory obligation
In certain circumstances, we may need to retain or use your data to comply with regulations and/or the law, especially AML laws and regulatory investigations.
We will only retain this data for as long as is necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory or internal policy requirements.
We will only disclose your personal data where we are required to do so to comply with our legal or regulatory obligations; where we need to do so for business management or administration purposes; or because you have asked us to. This is likely to include:
• within the Companies;
• to third parties who process your personal data on our behalf (such as IT systems providers and other service providers);
• to third parties who process your personal data on their own behalf but in connection with a service provided to us or you on our behalf (such as accountants, consultants, barristers and other providers of professional services, and in the case of disputes, with the Court or alternative dispute resolution providers);
• to companies providing services for money laundering checks and other fraud and crime prevention services;
• to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation.
We may share your personal data with other companies if you have given us permission to do so. This is the case when through EidooID you are asking to have access to the services of a third entity without the need to undo the KYC/AMLprocedure. In this case, you will execute with the third entity a transaction confirming that you are the identified person and authorizing us to share yourKYC/AML file with the third party in order to have access to this third-party services. In this case, the Companies are no more liable for the use of the data done by the third party.
Your personal data is deleted or blocked as soon as the purpose for the saving no longer applies. Furthermore, the data can be saved if this is intended by an act, law or other provisions, which the responsible person is subject to. Ablock or deletion of the data is also done, if a storage period prescribed by the afore-mentioned standards expires, unless it is necessary to continue to save the data for the conclusion or execution of a contract.
The Companies are part of an international group, this could conduct to an international transfer of personal data.
Should we transfer your data outside Switzerland or the European economic Area to a country which Switzerland or the European Commission does not deem to have adequate data privacy laws, we will ensure that such transfer(s)are in accordance with applicable data privacy laws. In respect of transfers within the Companies Group, we have executed a data transfer agreement giving effect to the Model Clauses pursuant to Commission decision 2004/915/EC.
In respect of transfers outside of the Companies Group, we either implement the Model Clauses pursuant to Commission decision 2004/915/EC or2010/87/EU (as appropriate) with the recipient of your personal data.
The safety of your personal data is important to us, and we use various technical and organization measures to ensure that your data is secure.
We are committed to safeguarding and protecting personal data and maintain appropriate technical and organizational measures to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure. We also have in place safeguards including data encryption in motion and at rest, data access and security monitoring, and 24/7 network security monitoring for breaches or anomalous behavior to ensure the security of yourdata.
Under Data Protection Law, data subjects have a number of rights with regard to their personal data. They have the right to request from us access to and rectification or erasure of their personal data, the right to restrict or object to processing, as well as incertain circumstances the right to data portability.
If a data subject has provided consent for the processing of their data, he or she has the right (in certain circumstances) to withdraw that consent at any time.
You also have the right to complain to the data protection supervisory authorities about the processing of your personal data by us.
Any data subject wishing to exercise any of the above rights should email us at: firstname.lastname@example.org.
We endeavor to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests. We also reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning access to personal data, and for any additional copies of the personal data requested from us.
The Data Controller is the EIDOO Sagl, Via Motta 10, 6830 Chiasso, Switzerland.
The Data Processor are the employee within Eidoo Sagl active within theEidooID Service.