Privacy

1. Preliminary remarks

1.1. This privacy policy (hereinafter referred to as the “Privacy Policy” or the “Present Policy”) must be read in conjunction with the Terms and Conditions and the Cookie Policy of Allfeat Foundation. The three documents constitute the entirety of the relationship between the user as data subject, and Allfeat Foundation as data controller. Allfeat Foundation is an organization duly incorporated and validly existing under the laws of Switzerland, having its corporate seat at c/o Sielva Management SA, Gubelstrasse 11, 6300 Zug, under code CHE-344.522.073 (hereinafter referred to as the “Foundation”).

1.2. The Foundation takes data protection very seriously and maintains the Privacy Policy to define how the Foundation will use the information pertaining to the data subjects in compliance with both the European Union GDPR (hereinafter referred to as “GDPR”), and the Swiss Federal Act on Data Protection” (hereinafter referred to as “FADP”).

1.3. The Privacy Policy covers data collected through the website located at allfeat.com, allfeat.org or any other websites, pages, features, or content the Foundation owns or operates (hereinafter collectively referred to as the “Websites”). The Privacy Policy does not cover any other data collection or processing, including, without limitation, data collection practices of other web pages to which we link, as they may be subject to their own privacy policies.

1.4. The Foundation is not liable for any possible misinterpretation of the Privacy Policy.

2. Privacy Statement

2.1. The Privacy Policy is intended to inform the data subjects about how the Foundation collects, uses, shares, and protects or otherwise processes their personal data (hereinafter referred to as the “Personal Data”). Other policies may be notified separately.

2.2. All Personal Data processed by the Foundation are necessary to fulfill the purposes for which they were collected.

2.3. When using the Websites for mere information purposes, the Foundation may also collect the Personal Data that the data subject’s web browser transmits to the Foundation’s server, including its IP address, the date and time of its r visit, and data relating to its operating system and web browser. The Foundation uses this data to ensure the security and successful navigation of the Websites and to compile statistics.

2.4. When using the Websites for mere information purposes, the Foundation may also collect the Personal Data that the data subject’s web browser transmits to the Foundation’s server, including its IP address, the date and time of its visit, and data relating to its operating system and web browser. The Foundation uses this data to ensure the security and successful navigation of the Websites and to compile statistics.

2.5. The Foundation is not in the business of selling or renting the data subject’s information to third parties and does not share its personally identifiable information with others, except as follows:

1. to deliver the Services to the data subject;
2. to share the data subject’s information as required by law or in the interest of protecting or exercising the Foundation’s or others’ legal rights, for example, in connection with court proceedings or requests from law enforcement officials;
3. to conduct pre-engagement assessments and formalities such as anti-money laundering checks;
4. for client relationship management purposes;
5. for internal administrative or operational processes;
6. to analyse the services the data subject may be interested in;
7. to send invitations and information from the Foundation about events, publications, and services provided; and
8. to satisfy any legal, regulatory, accounting or reporting requirements.

3. Acceptance

3.1. By browsing the Websites, the data subjects acknowledge that the Foundation may collect and process a certain number of Personal Data that relate to them and that they have read and understood the Privacy Policy and agree to comply with all applicable laws and regulations and to the process of the data necessary to deliver the service, comply with legislation, and protect the legitimate interest of the Foundation.

3.2. Any processing that goes beyond what is necessary will take place through the consent of the data subjects. The data subjects can give consent to a specific form of processing by ticking the box in the pop-up window that says “I have read the Privacy Privacy Policy and the Cookie Privacy Policy agree to be bound by it” (hereinafter referred to as the “Consent”).

3.3. The consent can be withdrawn at any moment without consequences by simply communicating it to the Foundation at the contacts provided for in section 18 of the Present Policy.

3.4. If the data subject does not agree with the terms of the Privacy Policy, it should refrain from using the Websites.

4. Principle for processing Personal Data

4.1. While Processing Personal Data, the Foundation will respect the following general principles (Art. 5 GDPR, Art. 6 FADP):

1. Fairness and lawfulness When processing Personal Data, the individual rights of the Personal Data subjects must be protected. Personal Data must be collected and processed according to the relevant legislation, fairly, and in good faith, and must be proportionate to the objective.
2. Restriction to a specific purpose Personal Data handled by the Foundation should be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the types of Personal Data collected are not excessive for the purpose for which they are collected. Subsequent changes to the purpose are only possible to a limited extent.
3. Transparency The data subjects must be informed of how their Personal Data are handled In accordance with the relevant legislation.
4. Data minimisation The data must be adequate and relevant to the purpose they are processed for.
5. Accuracy The data must be accurate and up to date.
6. Storage limitation The data collected must be kept in a form that allows the identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed.
7. Integrity and confidentiality Processed in a manner that ensures appropriate security of the Personal Data.

5. Information we may collect about the data subject

5.1. The information that the Foundation may collect from the data subject (hereinafter collectively referred to as the “Personal Data”) can be, for instance:

1. Full name and contact details (e.g. email address, telephone number, shipping address, etc.),
2. IP address and location,
3. Wallet address, balance,
4. Every data subject’s transaction details are performed on the Websites, and
5. Other Personal Information or commercial and/or identification information – Whatever information the Foundation, in its sole discretion, deems necessary to comply with the legal obligations under various anti-money laundering (AML) obligations, such as under the European Union’s 4th AML Directive and the U.S. Bank Secrecy Act (BSA).

5.2. Personal Data are also the information the Foundation collects about the data subject automatically, such as:

1. Browser Information Information that is automatically collected via analytics systems providers from the data subject’s browser, including itsIP address and/or domain name and any external page that referred the data subject to the Foundation, its login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform,
2. Log Information Pieces of Information that are generated by the data subject’s use of the Services, and automatically collected and stored in the Foundation server logs. These may include but arenot limited to, device-specific information, location information, system activity, and any internal and external information related to pages that the data subject visits, including the full Uniform Resource Locators (URL) clickstream to, through and from the Websites, including: - date and time, - page response times, download errors, and length of visits to certain pages, - page interaction information (such as scrolling, clicks, and mouse-overs), and - methods used to browse away from the page.

5.3. Personal Data are also the information the Foundation receives about the data subject from other sources.

5.4. The Foundation obtains pieces of information about the data subjects in several ways through their use of the Services, the account opening process, webinar sign-up forms, event subscribing, news and updates subscribing, and from information provided in the course of ongoing support service communications. The Foundation also receives information about the data subjects from third parties, such as their payment providers, and through publicly available sources.

6. Disclosure of the Personal Data

6.1. The Foundation will not disclose any of the Personal Data to a third party, except:

1. to the extent that it is required to do so pursuant to any applicable laws, rules or regulations,
2. if there is a duty to disclose,
3. if the Foundation’s legitimate business interests require disclosure,
4. in line with what is stated in the Terms and Conditions and Cookie Privacy Policy, and
5. with the data subject’s consent.

6.2. As part of using the Personal Data for the purposes set out above, the Foundation may disclose the Personal Data to the following:

1. Any employee of the Foundation in charge of processing those data according to the principle outlined in this policy and with the adequate training to do so.
2. Any of the Foundation’s service providers and business partners for business purposes, within the limits outlined by this policy and by the relevant legislation. This category includes specialist advisors who have been contracted to provide the Foundation with administrative, financial, legal, tax, compliance, insurance, IT, debt-recovery, analytics, research, or other services. These specialists will qualify as joint controllers or data processors. As external professionals, they will be required to perform the data processing in line with this policy and the relevant legislation.

6.3. If the Foundation discloses the Personal Data to service providers and business partners, such providers and partners may store those Personal Data within their own systems in order to comply with their legal and contractual obligations or to protect their legitimate interests.

6.4. The Foundation requires that service providers and business partners who process personal information acknowledge the confidentiality of the Personal Data, undertake to respect any data subject’s right to privacy, and comply with all relevant privacy and data protection laws as well as with the Present Policy.

7. Retention of the Personal Data

In accordance with applicable laws, the Foundation will use the Personal Data for as long as necessary to satisfy the purposes for which they were collected or to comply with applicable legal requirements.

8. Lawful basis for processing Personal Data

8.1. The Foundation shall process the Personal Data on the following bases and for the following purposes:

1. Consent The Foundation can process the Personal Data for the specific purposes for which the client has expressed a clear informed and specific consent, such consent can be withdrawn by the data subjects at any time and without consequences by contacting the Foundation with the email provided for in section 18 of the Present Policy.
2. Performance of a contract The Foundation processes Personal Data in order to provide its services and products. For example, the Foundation will have to process the email address of the clients in order to send themthe invoice for the service purchased.
3. Compliance with a legal obligation There are different legal obligations imposed by relevant laws to which the Foundation is subject, as well as specific statutory requirements, e.g. anti-money laundering laws, financial services laws, corporation laws, and tax laws. There are also various supervisory authorities whose laws and regulations apply to the Foundation. Such obligations and requirements imposed on the Foundation are necessary for Personal Data processing activities for identity verification, payment processing, compliance with court orders, tax laws, or other reporting obligations and anti-money laundering controls. These obligations apply at various times, including client onboarding, payments, and systemic checks for risk management. For example, the Foundation must verify the data subject’s identity in order to accept them as clients. This may include third parties carrying out credit or identity checks on the Foundation’s behalf. The use of the Personal Data is necessary for the Foundation to know who they are, as it has a legal obligation to comply with “Know Your Customer” and customer due regulatory diligence obligations.
4. For the purpose of safeguarding legitimate interests The Foundation may process Personal Data so as to safeguard a legitimate interest pursued by the Foundation or by a third party in case of:
   1. Initiating legal claims and preparing the Foundation’s defense in litigation procedures;
   2. Simplify internal administrative procedures;
   3. Measures for managing the business and for further developing products and services;
   4. Risk management.
5. To investigate or settle inquiries or disputes. The Foundation may need to use Personal Data to investigate issues or to settle disputes with the data subject because it is the Foundation’s legitimate interest to ensure that issues and disputes get investigated and resolved in a timely and efficient manner.
6. To comply with applicable laws, subpoenas, court orders, other judicial processes, or the requirements of any applicable regulatory authorities. The Foundation may need to use the Personal Data to comply with any applicable law and regulations, subpoenas, court orders, or other judicial processes, or requirements of any applicable regulatory authority. The Foundation does this not only to comply with its legal obligations but because it may also be in its legitimate interest to do so.
7. Data analysis The Websites may contain web beacons, pixel tags or any other similar types of data analysis tools that allow the Foundation to track the receipt of correspondence and count the number of data subjects that have visited the Websites or opened the Foundation’s correspondence. The Foundation may aggregate the Personal Data with the personal information of other data subjects on an anonymous basis (that is, with their personal identifiers removed) so that more rigorous statistical analysis of general patterns may lead the Foundation to provide better products and services. If the Personal Data is completely anonymised, the Foundation does not require a legal basis as the data will no longer constitute Personal Data.
8. Marketing purposes The Foundation may use the Personal Data to send them marketing communications by email or other agreed forms (including social media campaigns) to ensure they are always kept up-to-date with the Foundation’s latest products and services. If the Foundation sends marketing communications to the data subjects, it will do so based on its consent.
9. Internal business purposes and record-keeping The Foundation may need to process the Personal Data for internal business and research purposes as well as for record-keeping purposes. Such processing is required in order to comply with its legal obligations and, beyond that, it is in the Foundation’s legitimate interest. This may include any communication that the Foundation has with the data subjects in relation to the products and services it provides to the data subjects and its relationship with them.
10. Legal Notifications Often the law requires the Foundation to advise the data subjects of certain changes to products, services, or laws. The Foundation may need to inform the data subjects of changes to the terms of the features of the Privacy Policy. The Foundation needs to process the Personal Data to send them these legal notifications. The data subjects will continue to receive this information from the Foundation even if they choose not to receive direct marketing.

9. Transfers of Personal Data outside of the data subject’s country

9.1. By using the Services, the data subjects acknowledge that their Personal Data may be transferred to other countries, including countries that have different levels of privacy and data protection laws, with the limitation provided by the Present Policy and the relevant legislation.

9.2. The Foundation may transfer the Personal Data to partners located in particular the following countries:

• Switzerland,
• EEA countries, and
• The USA.

9.3. In all such transfers, the Foundation will rely cumulatively on a decision of adequacy issued by the European Commission concerning the transfer of data outside of the EU (art. 45 GDPR), and on a decision of the Swiss Federal Council concerning the transfer of data outside of the Swiss confederation (art. 16 FADP).

9.4. Transfer of data to a country with a lower level of protection of personal data is also possible, but in that case, the Foundation will ensure that the data are protected and processed according to the Present Policy and the relevant legislation through appropriate contractual agreements or other legally binding acts.

10. Privacy when using digital assets and blockchains

10.1. Public blockchains are distributed ledgers intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis, which can lead to deanonymisation and the unintentional revelation of private financial information, especially when blockchain data is combined with other data.

10.2. Because blockchains are decentralised or third-party networks that are not controlled or operated by the Foundation or its affiliates, the Foundation is not able to erase, modify, or alter Personal Data from such networks.

11. Protection of Personal Data

11.1. The Foundation respects the Personal Data of any data subject who accesses the Websites, and it is therefore committed to taking all reasonable steps to safeguard any existing or prospective clients, applicants, and website visitors.

11.2. The Foundation keeps any Personal Data of its data subjects in accordance with the applicable privacy and data protection laws and regulations, and never for a time longer than the one required to achieve the purpose for which the data have been collected.

11.3. The Foundation has the necessary and appropriate technical and organisational measures and procedures in place to ensure that the Personal Data remains secure at all times.

11.4. The Foundation regularly trains and raises awareness for all its employees about the importance of maintaining, safeguarding, and respecting Personal Data and privacy.

11.5. The Foundation regards breaches of individuals’ privacy very seriously and will impose appropriate disciplinary measures, including dismissal from employment.

11.6. The Foundation properly instructs any external data processor about how to correctly process Personal Data.

11.7. It is the data subject’s responsibility to make sure that its password is not disclosed to anyone else.

11.8. Personal Data is securely stored in a safe location, and only authorised personnel have access to it. All Personal Data are transferred to the Foundation over a secure connection, and thus all reasonable measures are taken to prevent unauthorised parties from viewing any such information.

12. Security of the Personal Data

12.1. The Foundation applies high industry standards and adequate technical and organisational measures in accordance with applicable laws to ensure that the Personal Data is kept secure.

12.2. In the event of a Personal Data breach, the Foundation shall, without undue delay, and where feasible, not later than seventy-two (72) hours after having become aware of it, notify the breach to the competent supervisory authority.

13. Right to rectification

13.1. The data subject retains at any moment the right to ask for the rectification of non-up-to-date data.

13.2. The use of data is restricted as long as the up-to-date process is ongoing.

14. Right to erasure

14.1. The data subjects have the right to ask for the cancellation of their data when: such a process is no longer necessary to perform the obligation the data have been collected for, the consent has been withdrawn, there is an automated individual decision-making process without a legitimate interest to motivate it, the data were unlawfully processed or it’s required by the legislation.

14.2. When those data have been made public the Foundation will take reasonable steps, considering the technological developments and the costs involved, to inform the other data processors of the request.

14.3. The Foundation retains the right to keep processing the data with the appropriate restrictions when it is evaluating the data subject’s request, when it is required by law, or when it still maintains a legitimate interest in their processing (for example for judicial defence).

15. Right to data portability

15.1. The data subjects have alsothe right to receive their Personal Data, which they have provided to the Foundation, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the Foundation.

15.2. This right can be exercised by contacting the Foundation at the contact details provided in section 18 of the Present Policy. The Foundation will reserve the right to ask for proof of identity of the subject in case it has reasonable doubts about it.

15.3. If the request is submitted by a person other than the data subject without providing evidence that it is legitimately made on its behalf, the request will be rejected.

15.4. The request is free of charge unless it is unfounded or excessive (for example, if the data subject has already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Foundation may charge the data subject a reasonable fee according to applicable laws.

16. Right to oppose an automated decision process

16.1. The data subjects have the right to oppose to an automated decision process they are subject to, unless when this is necessary to enter into a performance or a contract, or when the relevant legislation allows such a process.

17. Contact

17.1. If the data subjects have any questions about how the Privacy Policy works in its main functions, ifthey wantto exercise any of the rights listed in points 13-16, or ifthey want to withdraw the consent previously given,they can reach the Foundation through the following email: [email protected] (hereinafter referred to as the “Help Desk”)

17.2. The Help Desk does not promise in any way to solve every doubt or problem the data subjects may have concerning the use of the Personal Data.

17.3. When the data subjects contact the Foundation, they have to provide theirname, address, and any other information needed to identify the data subjects,their reference, and the issue on which they have feedback, questions, or complaints.

17.4. If the data subjects have any questions concerning the processing of its Personal Data, they should address their correspondence to the Foundation at the Help Desk.

17.5. The data subjects always retain the right to lodge a complaint to the competent national authority in case they think that their rights under the relevant legislation have been violated.