Privacy Policy

Version 1.0 - November 22, 2022

About Us

This privacy policy ("Privacy Policy") explains how we process and protect your personal data when you use this Website or any of our services provided via https://www.aktionariat.com/ or our app (together, the "Services").

The Services are operated by Aktionariat AG, Weinbergstrasse 18, 8703 Erlenbach (the "Company", "we", "our", or "us").

Unless otherwise defined in this Privacy Policy or our General Terms & Conditions, the definitions used in this Privacy Policy have the same meaning as in the Swiss Federal Act on Data Protection.

1 Personal Data We Collect

We collect the following categories of personal data when we provide the Services:

- Contact details provided to us such as e-mail addresses

- Information about your shareholdings with companies that have issued their shares with our Services.

- Public data visible on the Ethereum blockchain such as transaction data and token balances

2 How We Collect Personal Data

We collect information about our users when they use our Services, including taking certain actions within it.

Directly

- When users access, use, or otherwise interact with our Services;

- When users correspond with us by electronic means;

- When users sign up to receive our newsletter and other marketing materials;

- When users submit their data to us.

Indirectly

- From public sources, such as the Ethereum blockchain;

- From our corporate customers (issuers) which may provide information about their shareholders with us.

3 How You Can Manage Your Data

Issuers that use our services might store personal data about you with us. This mainly concerns the shareholder registry and includes your name, address, and e-mail.You can view and manage this data through us in the Aktionariat app or alternatively get in touch with the issuer that entered your data. Note that updating your data with one issuer automatically also updates your data with other issuers. If you do not want your data to be shared between issuers, you should use separate accounts for each issuer or group of issuers whose data you wish to be kept separate.

4 Legal Basis & Purposes

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.

Contract: To perform our contractual obligations or take steps linked to a contract with you. In particular:

- To provide our Services;

- To send you notifications of issuers on their behalf.

Consent: We may rely on your freely given consent at the time you provided your personal data. In particular:

- To provide users with news, special offers, newsletters, and general information about goods and services which we offer.

Legitimate interests: We may rely on legitimate and/or vital interests based on our evaluation that the processing is fair and reasonable. In particular:

- To maintain and improve our Website and Services;

- To develop new services;

- To inform our customers about related new products.

Public interest: To meet regulatory and public interest obligations. In particular:

- To comply with applicable regulations and legislation.

5 Data Retention

We retain personal data for so long as it is needed for the purposes for which it was collected or in line with legal and regulatory requirements or contractual arrangements.

Be aware that companies are required by law to keep all information that is relevant for the shareholder registry – so if we are tasked by an issuer to keep their shareholder registry up to date, we are legally required to keep your data. Even if you are not a shareholder anymore, the law requires all data in connection with an entry in the shareholder registry to be kept for another 10 years.

6 Service Providers

We may employ third party companies ("Service Providers") to facilitate the operation of our Services, assist us in analysing how our Services are used or perform website-related services, such as payment, delivery of IT infrastructure services. These third parties have access to your personal data only and insofar as necessary to perform these tasks on our behalf.

7 Data Transfers

We and/or the Service Providers may transfer your personal data to and process it:

- In Switzerland;

- In the EU & EEA.

We safeguard your personal data per our contractual obligations and applicable data protection legislation when transferring data abroad.

Such safeguards may include:

- the transfer to countries that have been deemed to provide an adequate level of protection according to lists of countries published by the Federal Data Protection and Information Commissioner;

- applying standard data protection model clauses, binding corporate rules or other standard contractual obligations that provide appropriate data protection.

8 Data on the Blockchain

When using our Services (e.g. our app or the widgets we provide to the issuers) to initiate blockchain-based transactions, you should be aware that these transactions will be publicly and irrevocably archived on the Ethereum blockchain once you sign them and send them to the network. These transactions typically include information about how many tokens have been bought, sold, transferred or otherwise interacted with, a timestamp, and the involved addresses. They do not include personal data such as your name ore-mail address. Nonetheless, once someone knows that a particular address belongs to you, they can connect all the transactions involving that address to you. If, for example, you are concerned with one issuer not knowing about what tokens of other issuers you own, you should use distinct address for distinct issuers.

9 Data Disclosure

We may disclose your personal data in the good faith belief that such action is necessary:

- To comply with a legal obligation (i.e., if required by law or in response to valid requests by public authorities, such as a court or government agency);

- To protect the security of the Services;

- To prevent or investigate possible wrong doing in connection with us.

10 Data Security

We take reasonable technical and organisational security measures that we deem appropriate to protect your stored data against manipulation, loss, or unauthorised third-party access. Our security measures are continually adapted to technological developments.

We also take internal data privacy very seriously. Our employees and the Service Providers that we retain are required to maintain secrecy and comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

The security of your personal data is important to us but remember that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend using antivirus software, a firewall, and other similar software to safeguard your system.

11 Your Rights

You have the below data protection rights. Please note that we may ask you to verify your identity before responding to such requests.

Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.

Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.

Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent. This includes cases where you wish to opt-out from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you initially consented unless there is another legal basis for processing. To stop receiving emails from us, please click on the 'unsubscribe' link in the email you received.

Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when it was unlawfully processed.

Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.

Right to portability: You have the right to request that we transmit your personal data to another data controller in a standard format such as Excel, where this is data which you have provided to us and where we are processing it on the legal basis of your consent or to perform our contractual obligations.

Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests or if we need to continue to process the personal data for the exercise or defence of a legal claim.

Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en/home.html).

12 Links to Third-Party Apps and Sites

Our Services may contain links to websites or apps that we do not operate. If you click a third-party link, you will be directed to that third party's site or app. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

13 Cookie Policy

Cookies are files with a small amount of data that are commonly used as a unique anonymous identifier. These are sent to your browser from the website you visit and stored on your computer's hard drive.

We do not use cookies for tracking you (hence no cookie warning), but for keeping your session alive once you login to the corporate dashboard. Also, WalletConnect uses cookies to keep its sessions open when our widgets interact with your wallet through WalletConnect. For data sent to us through your usage of the registration widget or other widgets on the corporate websites of issuers, the issuers are responsible and we are merely processing such data on their behalf.

14 Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We, therefore, encourage you to review this Privacy Policy periodically for any changes.

Changes to this Privacy Policy are effective when they are posted on this page.

15 Contact Us

If you have any questions about this Privacy Policy, do not hesitate to get in touch with us at: info@aktionariat.com.