DAO App - Privacy Policy 1.4

Privacy Notice

Last modification: 12 October 2021

The security and protection of your Personal Data is one of the top priorities of SBorg SA., a company duly incorporated under the laws of Switzerland, with registration number CHE-198.086.882 and with official address at Rue du Grand-Chêne 8, 1003 Lausanne, Switzerland (the “Company, “Us” or “We”) which operates a website hosted at the URL : appdao.swissborg.com (the “Site”).

This Privacy Notice (the “Notice”) describes how your Personal Data is collected, used, and shared when you visit the Site as a Visitor. This Notice aims to protect the privacy and the fundamental rights of the Visitors when their Personal Data is processed by the Company, such as the fundamental rights of the Visitors while they are browsing the Site.

Capitalized terms not defined in this Notice shall have the meaning given to them in our Terms of Use or in the Cookies Policy.

1. DEFINITIONS

“Consent” shall mean any freely given, specific and informed indication of his/her wishes by which a Data subject signals agreement to the Processing of Personal Data relating to him/her;
DAO Program shall mean the collaborative ecosystem created to promote and grow the SwissBorg project;
DAO Member shall mean any person who has registered on the DAO Program;
DAO Administrator shall mean any person that manages the DAO Program;
DAO Services shall mean, including but not limited to, the missions, campaigns or quests that are offered on the DAO Program and the means of communication between the DAO Members;
“Data controller” shall mean the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data and who is in charge of this Processing;
“Data subject” shall mean natural or legal persons whose Personal Data is processed;
“Disclosure” shall mean making Personal Data accessible, for example by permitting access, transmission or publication;
“Personal Data” shall mean all information relating to an identified or identifiable person;
“Personal Data breach” shall mean a breach of security leading to the accidental or unlawful destruction, loss or alteration of – or to the unauthorized Disclosure of, or access to – Personal Data transmitted, stored or otherwise processed;
“Processing” or “Process” shall mean any operation or set of operations – by automated and other means – that is performed upon Personal Data or sets of Personal Data, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmitting, disseminating or otherwise making available, aligning or combining, or erasing;
“Recipient” means third, public authority, agency or other body – that is, someone or something other than the Data subject or the Company – to which the Personal Data is disclosed;
Reward shall mean one of the following:

A CHSB amount, as determined at the Company’s sole discretion (converted from USD Rate at the time the mission has been completed);
Points (DAO Coins).

2. PERSONAL DATA WE COLLECT

The Company shall collect Personal Data from both natural or legal persons who browse the Site (the “Visitors”) and from natural persons who are users of the Website by registering on the Site (the “Users”). This Notice shall apply to any use of the Site, whatever the method or medium used. It details the conditions at which the Company may collect, keep, use and save Personal Data that relates to you, as well as the choices that you have made in relation to the collection, utilisation and Disclosure of your Personal Data.

When you visit the Site, when you subscribe to our newsletter and/or when you become a User, the Company will collect the following Personal Data :

a) Visitors data

When you browse the Site, even if you do not subscribe to our newsletter, do not become a User and do not contact us, the Company automatically:

Collects your cookies;
Uses Google Analytics;
Uses Bubble;
Uses MailGun;
Uses Airtable.

b) Users data

When you become a User, the Company shall collect:

Username;
Email address
Biography and background;
Motto;
Residency;
Picture;
Main Talents;
Main Spoken Languages;
Occupation:
Motivation;
Registration Source;
The day you joined the DAO Program (including DAO 1.1, DAO 1.2, DAO 1.3 versions);
ERC 20 Address and/or SwissBorg Wealth App User ID.

The below information is accessible to all DAO Members and used to facilitate the communication between the DAO Members:

Username;
Biography and background;
Motto;
Residency;
Picture;
Main Talents;
Main Spoken Languages;
Motivation;
The day you joined the DAO Program (including DAO 1.1, DAO 1.2, DAO 1.3 versions).

The below information is being kept private and used by the DAO Administrator to contact the DAO Member and to proceed with the transfer of the Reward:

Email address;
ERC 20 Address or SwissBorg Wealth App User ID.

c) Newsletter’s subscriber data

When you, as a Visitor or a User, subscribe to our newsletter, We collect your first name and your email address for the sole purpose of sending you our newsletter.

Please note that you are entitled to unsubscribe from our newsletter whenever you want and at your sole discretion by contacting us in accordance with Section 19 of this Notice.

3. ACCEPTANCE

By browsing the Site, Visitors and/or Users acknowledge that the Company may collect and process a certain number of Personal Data that relate to them and that they have read and understood this Notice and agree to be bound by it and to comply with all applicable laws and regulations.

In particular, the Consent for the Processing of Personal Data is given once the Visitor and/or the User ticks the box in the pop-up window which says “This website uses cookies to ensure you get the best experience on our website. By continuing to use our website, you agree to our Cookies Policy”.

The Consent is also given when the Users freely submit to the Company the Personal Data required to become a User. This latter understands and agrees that the Company is free to use these Personal Data within the limit provided by law and this Notice.

If you do not agree with the terms and conditions of this Notice, please do not become a User and refrain from using and/or browsing the Site.

4. HOW DO WE USE PERSONAL DATA

The following paragraphs describe the various purposes for which the Company uses your Personal Data. Please note that not all of the uses below will be relevant to every individual.

Generally, the main reason why We collect Personal Data is to enable you to enjoy and easily navigate the Site.

(a) Personal Data

We use the Personal Data that we collect generally to provide you with a better service, and in particular, to :

Communicate with you;
Provide you with information about new products available, blog posts, promotions, special offers and other information;
Personalize the promotional offers, in particular based upon your activity and your transaction history;
Answer to your questions and comments, in our sole discretion;
Prevent potentially prohibited or illegal activities;
Conduct research and compile statistics on usage patterns;
Manage the accounts;
Enforce the Terms of Use;
Comply with our legal requirements.

If you contact us via email to the contacts set out on the Site, we will keep a record of that correspondence.

b) Collect of the cookies

A Cookie is a piece of information that is placed automatically on your computer’s hard drive when you access certain websites. The Cookie uniquely identifies your browser to the server. Cookies allow the Company to store information on the server (for example language preferences, technical information, click or path information, etc.) to help make the web experience better for you and to conduct Site analysis and Site performance review. Most web browsers are set up to accept Cookies, although you can reset your browser to refuse all Cookies or to indicate when a Cookie is being sent. Note, however, that some portions of the Site may not work properly if you refuse Cookies.

c) Use of Google Analytics:

The Site uses Google Analytics, an Internet site analysis service supplied by Google Inc. (“Google”). Google Analytics uses Cookies which are text files placed on your computer to help to analyse the use made of the Site by its users. The data generated by the Cookies concerning your use of the Site (including your IP address) will be forwarded to, and stored by Google on servers located outside of Switzerland. Google will use this information to evaluate your use of the Site, compile reports on site activity for its publisher and provide other services relating to the activity of the Site and the use of the internet. Google may release these data to third parties if there is a legal obligation to do so or when the third parties process these data for the account of Google including, in particular, the publisher of the Site. Google will not cross-reference your IP address with any other data held by Google.

You may deactivate the use of Cookies by selecting appropriate parameters on your navigator. However, deactivation of this kind might prevent the use of certain functions of the Site. By using the Site, you specifically Consent to the Processing of your Personal Data by Google under the conditions and for the purposes described above.

d) Use of Bubble:

The Site uses Bubble, supplied by Bubble.io (“Bubble”), for the services of Bubble to run automations, compute data on the backend and the frontend, and send notifications.

e) Use of MailGun:

The Site uses MailGun, supplied by mailgun.com. (“MailGun”), for the services of MailGun to send emails to DAO Members.

f) Use of Airtable:

The Site uses Airtable, supplied by airtable.com. (“Airtable”), for the services of Airtable to run automations and compute data on the backend and store data of the DAO Program.

5. THIRD-PARTY DISCLOSURE

The Company discloses your Personal Data with HubSpot for the newsletter.

The Company may share your Personal Data to any other relevant Third-Parties, in particular if we are requested to do so to comply with a court order or law enforcement authorities request, or if we find it necessary, as determined in the Company’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest or as otherwise required or permitted by law.

In any case where cross-border transfer is done, the Company ensures that adequate protection is guaranteed for Personal Data to be transferred outside of Switzerland and the European Economic Area (hereinafter: the “EEA”). In some specific cases when this level of protection is not guaranteed, the Company will obtain your prior Consent or establish with the Recipient of Personal Data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting the Company.

Unless otherwise stated, the Third-Parties who receive Personal Data from the Company are prohibited to use this Personal Data beyond what is necessary to provide the product or service to you, directly or by participating in the Company’s activities.

6. PRINCIPLE FOR PROCESSING PERSONAL DATA

While Processing Personal Data, the Company will respect the following general principles :

a) Fairness and lawfulness

When Processing Personal Data, the individual rights of the Personal Data subjects must be protected. Personal Data must be collected and processed lawfully, in a fair manner, in good faith and must be proportionate to the objective.

b) Restriction to a specific purpose

Personal Data handled by the Company should be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the types of Personal Data collected are not excessive for the purpose for which they are collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.

c) Transparency

The Personal Data subject must be informed of how his/her Personal Data is being handled. When the Personal Data is collected, the Personal Data subject must be informed of:

The existence of the present Policy;
The identity of the Personal Data Controller;
The purpose of Personal Data Processing;
Third-parties to whom the Personal Data might be transmitted.

d) Consent of the Personal Data subject

Personal Data must be collected directly from the individual concerned and the Consent of the Personal Data subject may be required before Processing Personal Data. The Consent must be obtained in writing or electronically for the purposes of documentation. The Consent is valid only if given voluntarily. If, for any reason, the Consent of the Personal Data subject is not given before Processing Personal Data, this one should be secured in writing as soon as possible after the beginning of the Processing.

Personal Data can be processed without Consent if it is necessary to enforce a legitimate interest of the Company. Legitimate interests are generally of a legal (e.g. filing, enforcing or defending against legal claims) or financial (e.g. valuation of companies) nature. The Processing of Personal Data is also permitted if national legislation requests, requires or allows this.

e) Accuracy

Personal Data kept on file must be correct and if necessary, kept up to date. Inaccurate or incomplete Personal Data should not be kept on file and deleted.

7. YOUR RIGHTS

You have the right to request access to or information about the Personal Data relating to you which is processed by the Company.

Where provided by law, you, your successors, representatives and/or proxies may (i) request deletion, correction or revision of your Data; (ii) oppose the Personal Data Processing; (iii) limit the use and Disclosure of your Personal Data; and (iv) revoke Consent to any of our Personal Data Processing activities, if the Company is relying on your Consent and does not have another legal basis to continue Processing your Personal Data.

These rights can be exercised by contacting us through the contact information provided in Section 19 hereunder, attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.

The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve (12) months or if the request generates an extremely high workload). In such cases, the Company may charge you a reasonable request fee according to applicable laws.

The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.

If you are a resident of California, you have the right to access the Personal Data we hold about you (also known as the “Right to Know”), to port it to a new service, and to ask that your Personal Data be corrected, updated, or erased. If you would like to exercise these rights, or if you would like to designate an authorized agent to submit these requests on your behalf, please contact us through the contact information provided in Section 19 hereunder.

8. STORAGE OF YOUR DATA

Your Personal Data will be stored in Europe. You agree that the Company may store your Personal Data in any country of the EEA, including Switzerland.

The storage as well as the Processing of your Personal Data may require that your Personal Data are ultimately transferred/transmitted to, and/or stored at a destination outside of your country of residence, notably Switzerland. Where permitted by law, by accepting the terms of this Notice, you agree to such transferring, transmission, storing and/or Processing. You also agree that such activities may take place to or in countries offering a lower level of protection than your country of residence.

9. DATA RETENTION

In accordance with applicable laws, the Company will use your Personal Data for as long as necessary to satisfy the purposes for which your Personal Data was collected or to comply with applicable legal requirements.

10. SECURITY OF YOUR PERSONAL DATA

The Company applies high industry standards and will always apply adequate technical and organisational measures, in accordance with applicable laws to ensure that your data is kept secure.

In the event of a Personal Data breach, the Company shall without undue delay, and where feasible, not later than seventy-two (72) hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Company shall communicate this breach to you, if it is feasible, without undue delay.

11. PORTABILITY OF YOUR DATA

You also have the right to receive your Personal Data, which you have provided to the Company with, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company.

The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such cases, the Company may charge you a reasonable request fee according to applicable laws.

12. PRIVACY BY DESIGN AND BY DEFAULT

The Company will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the Processing in order to meet the requirements of the GDPR, the Federal Data Protection Act (RS 235.1), the Ordinance on the Federal Data Protection Act (RS 235.11) and protect your rights.

The Company will implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which are necessary for each specific purpose of the Processing are processed. This obligation applies to the amount of your Personal Data we collect, the extent of their Processing, the period of storage and their accessibility. These measures will ensure that by default your Personal Data are not made accessible without your intervention to an indefinite number of third parties.

13. INTELLECTUAL PROPERTY RIGHTS

By participating in this DAO Program you hereby agree that all the content/materials delivered, including but not limited to, campaign content, mission content, quest content, comments, will be the sole property of the Company. Before using any SwissBorg content/materials outside the DAO Program, you shall request the written permission of the Company.

14. CONTACTING THE COMPANY AND COMPLAINTS

We will use your Personal Data to get in touch with you for the purpose of the DAO Program.

The Company hopes to be able to answer any questions or concerns you have about your Personal Data. You can get in touch with the Company at the postal address or email address given in Section 19 hereafter.

The Company appoints SwissBorg Solutions OÜ as its EU representative for the purposes of article 27 of the EU General Data Protection Regulation 2016/679, whose address is at Roosikrantsi tn 2-1091 Kesklinna linnaosa, Tallinn Harju maakond 10119, Estonia, and whose email address is legal@swissborg.com.

You have the right to make a complaint if you feel your Personal Data has been mishandled or if the Company has failed to meet your expectations. You are encouraged to contact the Company about any complaints or concerns but you are entitled to complain directly to the relevant supervisory authority.

15. CHANGE TO THE PRIVACY NOTICE

The Company may modify this Notice from time to time, and will post the most current version on the Site. If a modification reduces your rights, we will inform you by email.

16. DATA CONTROLLER

The Data Controller is SBorg SA, with a registered address at Rue du Grand-Chêne 8, 1003 Lausanne, Switzerland, and with company registration number CHE-198.086.882.

17. LINKS

The Site may contain links which direct you to Third-Party websites. The Company rejects any liability relating to the privacy policy in force on said Third-Party websites, the collection and use of your Personal Data by the latter and relating to the contents of said websites (whether the links are hypertext links or deep-links).

Furthermore, you acknowledge and agree that using our Site could imply downloading other applications. Under no circumstances the Company shall be liable for the utilization of these other applications, especially with regard to the data protection rules.

18. JURISDICTION AND GOVERNING LAW

This Notice and any questions relating thereto shall be governed by the laws of Switzerland, to the exclusion of any rules of conflict resulting from private international law.

Any dispute relating to this Notice must exclusively be brought before the courts of Lausanne, subject to an appeal to the Swiss Federal Court.

19. CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at privacy@swissborg.com or by mail using the details as follows : SBorg SA, Rue du Grand-Chêne 8, 1003 Lausanne, Switzerland.

/18