Privacy policy

Cryptonow Wallet App

1. General

This Privacy Policy describes how we, Värdex Schweiz AG ("Controller", "we"), acting as a "Controller" within the meaning of the EU General Data Protection Regulation 2016/679 ("GDPR"), the German Federal Data Protection Act (Bundesdatenschutzgesetz, "BDSG") and in accordance with all other provisions relevant to data protection law, process personal data in connection with the Cryptonow Wallet App ("Cryptonow Wallet App").

The security and the protection of personal data are among the most important aspects in connection with the management of voucher cards which can be used to purchase cryptocurrencies. For this reason, high data protection standards are of particular importance to us.

2. Contact, data protection officer (DPO)

The controller of your personal data processed in connection with the use of the Cryptonow Wallet App is Värdex Schweiz SA, Schutzengelstrasse 36, 6340 Baar, Switzerland.

If you have any questions about how we collect, store and use your personal data, or if you wish to exercise your statutory rights as a data subject, or if you wish to obtain a copy of the personal data we hold about you, please contact our Data Protection Officer. To do so, please contact our data protection officer either at the address listed above or by email at: [email protected]

3. What is the Cryptonow Wallet App about?

The Cryptonow Wallet App allows you to capture so-called „Cryptonow Voucher Cards“, which are vouchers issued by Vaerdex and which are commercially available, on your mobile phone or any other device supported by the Cryptonow Wallet App (collectively, a "Mobile Device"). Each Cryptonow Voucher Cards represents a certain amount of a crypto currency (a „Crypto Value“) and by capturing the Cryptonow Voucher Card, you can use the Cryptonow Crypto Wallet App to manage the CryptoValues, buy or sell CryptoValues and send CryptoValues to third parties.

This Privacy Policy applies only to the personal data we process in connection with the Cryptonow Wallet App and/or your use of the Cryptonow Wallet App, which may include transferring personal data to third parties.

The purchase and sale of cryptocurrencies takes place exclusively via our cooperation partners, with whom you must register separately and for whom separate data protection notices apply.

4. What personal data is processed?

4.1 Categories of personal data

We process your personal data as part of the initiation and performance of our business relationship, when we receive or collect it from you and from other persons affected by the performance of our business relationship . This includes the personal data you provide to us when you first launch the Cryptonow Wallet App. This also includes personal data that is collected when you set up your Cryptonow Voucher Cards, exchange a Cryptonow Voucher Cards, store CryptoValues in the Cryptonow Wallet App or manage them via the Cryptonow Wallet App, when you view the transactions carried out via the cooperation partners, or when you contact the support.

Relevant personal data (collectively, "Data") may include:

  • technical data about the Mobile Device with which you use the Cryptonow Wallet App and which identifies the Mobile Device as uniquely as possible ("Device Data"). Device Data includes, in particular, the device‘s serial number, device type/model, device properties such as language, IP address, and other information about the settings of your Mobile Device.

  • Cryptonow Voucher Card information stored on your Mobile Device via the Cryptonow Wallet App that uniquely identifies your Cryptonow Voucher Card, such as serial numbers, wallet IDs and wallet blockchain public addresses, as well as information required to add the Cryptonow Voucher Card to the so-called "Wallet".

  • Details of the transactions you make by using the Cryptonow Wallet App, e.g. date/time, currency, collaborator, voucher card used, amount;

  • Information about how you use the Cryptonow Wallet App and the circumstances of use, e.g. date/time you use the App, including the version of the Cryptonow Wallet App used.

  • If required: username, mobile phone number, email address;

  • If required: password or other factor for securing access.

Even if access to the Cryptonow Wallet App should be secured by a biometric feature, e.g. fingerprint, we do not collect or store biometric features as a personal authentication feature. The storage and processing of such data takes place on the respective mobile device. We have no access to biometric features stored there.

4.2 Purposes of the processing

a) We process your personal data for the following purposes:

  • Setting up the user account for the Cryptonow Wallet App, if required. In this context, we may also transmit data that you have provided to us to the cooperation partners, or you may request us to do so.

  • In some cases, we also already accept the registration data for our cooperation partners, which you must provide to the cooperation partner;

  • Provision of the services originating from us and connected to the Cryptonow Wallet App, these are in particular the connections to the cooperation partners and the administration of the cryptocurrencies;

  • Forwarding of the transactions initiated by means of the Cryptonow Wallet App to the respective cooperation partner, and receiving feedback;

  • Preventing and combating cases of abuse and fraud, including recording fraudulent behaviour (e.g. too many login attempts);

  • Verifying your identity and legitimacy as a user of the Cryptonow Wallet App when you contact us, for example requesting your name, address, telephone number, email address;

  • Responding to your enquiries and processing your request when you provide us with contract-related information, in particular error messages or content of a contact form;

  • Fulfilment of our legal obligations to provide information to authorities;

  • Documentation of the initiation and execution of transactions and the contractual relationship as a whole, in accordance with the statutory retention obligations;

  • Transfer of your data to the cooperation partners, including receipt of feedback on processing steps, insofar as this is necessary for the provision of the Cryptonow Wallet App or insofar as we are permitted to do so on the basis of consent granted by you.

b) Quality control

We aim to maintain a high level of service to you as our client. To this end, it may be necessary for us to monitor telephone and email communications between our staff and you, provided you give us consent to do so, or where permitted by law, without consent, for the purposes of quality assurance and training, or for other purposes permitted by law. We will only ever carry out these measures in accordance with the applicable legal provisions and will protect the privacy of your communications at all times.

In addition, we can aggregate and anonymise your personal data so that a personal reference can no longer be established and use this anonymised data ourselves or make it available to our cooperation partners for market research purposes.

4.3 Legal basis for processing

a) Processing for the performance of contractual obligations (Art. 6 para. 1 sentence 1 lit. b GDPR)

We process your data for the purpose of performing a contract, this concerns in particular the contract for the provision and use of the Cryptonow Wallet App and related services. This also includes pre-contractual measures such as for the initiation of the contract, measures for the transmission of transactions to the cooperation partners, and all activities required with the operation and administration of the Cryptonow Wallet App, which require handling of your personal data.

The purposes of the data processing in the individual case primarily depend on the specific service feature and may include, among other things:

  • Validation of your identity in the course of registration;

  • Management of your data with which you authenticate yourself to the cooperation partners, security query;

  • Initiation of transactions and transmission to the cooperation partners;

  • Presentation and management of the crypto assets managed by means of the Cryptonow Wallet App;

  • Security measures to protect against misuse of the Cryptonow Wallet App;

  • Conducting evaluations of your use of the Cryptonow Wallet App and the Cryptonow Voucher Card if offered by us and if initiated by you;

  • Retrieving transaction data from the cooperation partners in order to be able to display your transaction data within the Cryptonow Wallet App and to enable you to carry out the evaluations of your data offered in the Cryptonow Wallet App, if applicable;

  • Ensuring quality standards of the Cryptonow Wallet App

b) Processing based on statutory provisions (Art. 6 Abs. 1 lit. c GDPR)

We are subject to various legal regulations, e.g. tax laws. In addition, the requirements of the supervisory authorities responsible for us also apply. The laws, often substantiated by the regulations of the supervisory authorities, regularly oblige us to process personal data. These can be in particular:

  • Credit assessment, prevention of misuse;

  • Fulfilment of control and reporting obligations under tax law and foreign trade law;

  • Fulfilment of obligations under tax law and commercial law to retain data;

  • Assessment and management of risks;

  • Ensuring IT security and the secure IT operation of our systems.

c) Processing based on a balancing of interests (Art. 6 para. 1 lit. f GDPR)

In addition to the cases mentioned above, we also process your personal data if we or a third party have a legitimate interest in the processing, which may be the case in particular:

  • Testing and optimisation of procedures for needs analysis and direct approach of customers, associated measures for the further development of our products and services;

  • Advertising for our own products or market and opinion research, unless you have objected to the use of your data in this respect.

  • Assertion of legal claims and defence in legal disputes;

  • Prevention and investigation of criminal offences, insofar as these measures do not already fall under lit. b);

  • Measures for risk and business management, insofar as these measures do not already fall under lit. b);

d) Processing based on your consent (Art. 6 para. 1 lit. a GDPR)

Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Your consent can be revoked at any time. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.

Consent may include, for example:

  • Setting of cookies

  • Transfer to recipients in third countries (cf. sec. 5)

  • Listening in on a telephone call for quality assurance purposes;

  • Use of your data to send a newsletter or for telephone calls for advertising purposes;

  • Disclosure of personal data to third parties outside of the legal bases mentioned in section 4.3 lit a), b) or c);

  • Evaluation of transaction data for marketing purposes by us or by our cooperation partners;

For details, please refer to the respective declaration of consent.

4.4 Recipients of your data

Within our company, only those departments will have access to your data that need it to fulfil our contractual and legal obligations. Where reasonably possible, access within these departments will also be limited to those persons who are entrusted with the task for which your data is required.

In addition, we disclose your data to our suppliers and service providers if this is necessary for the purposes stated in sec. 4.2 and is permissible according to the legal basis as per sec. 4.3. All services are controlled by us in this respect.

We only disclose your personal data to third parties, including companies affiliated with us in the group and to our service providers, in accordance with the following rules:

a) to our cooperation partners in order to enable you to register there and to use the services of the cooperation partners within the framework of your own legal relationship;

b) to our suppliers, service providers and also other companies affiliated with us in the group in order to provide our services for you.

c) When you initiate a transaction, we transmit your personal data necessary for the execution of the transaction to the selected cooperation partner. In doing so, your personal data may be transferred to locations outside the EEA. Please also refer to sec. 5.

d) Recipients may also be law enforcement agencies, supervisory organisations, courts or other authorities, but only to the extent that we are obliged to do so by law or by official measures issued on a statutory basis or in connection with legal proceedings, or if this is necessary for civil or criminal prosecution in cases of abuse or fraud activities. Transmissions for other purposes - in particular for address trading - are excluded.

e) Recipients may also be third parties to whom we may transfer your personal information with your consent.

4.5 How we handle your personal data

To the extent required by law, we have entered into confidentiality agreements with the recipients of the data named in sec. 4.4 and impose a special obligation on the recipients to maintain data protection, e.g. by means of a contract on commissioned processing pursuant to Art. 28 GDPR. It does not matter whether the recipient is affiliated with us as a group company or not.

5. Cross-border transfer of data

Your personal data is generally processed within Switzerland, the European Union (EU) or the European Economic Area (EEA). With respect to the GDPR, for Switzerland, a so-called "adequacy decision" of the European Commission applies, according to which data transfers to Switzerland are possible under the same conditions as such transfers may take place to any EU member state are possible.

Your data will only be passed on to other responsible parties based in so-called „Third Countries“ (states outside the EU or the EEA) if this is necessary for the integration of a cooperation partner and the services offered by this cooperation partner, or if this is required by law, or if you have given us your consent to do so. As a rule, we only pass on data to service providers located in third countries if they submit to our instructions as processors and ensure compliance with the provisions of the GDPR.

Furthermore, data is only passed on to other controllers, but also to service providers, if it is guaranteed that the recipient has an appropriate level of data protection. This can result, for example, from an adequacy decision of the European Commission or by using the so-called "EU standard contractual clauses". It does not matter whether the recipient is affiliated with us in the group or not.

We will be happy to provide you with further information on the appropriate and adequate safeguards for compliance with an adequate level of data protection upon request; the contact details can be found at the beginning of this document.

6. Duration of the storage of your data

We process and store your personal data only for the duration and purpose of carrying out our business relationship. It should be noted that your business relationship with us is generally a continuing obligation that is intended to last for a longer period of time. If the data is no longer required for the fulfilment of our contractual or legal obligations in connection with our business relationship with you, it will be regularly deleted. Longer storage may take place if:

— we need to retain your data if our legal obligations to retain data extend to it.

— we retain evidence in order to be able to prove or defend claims. This retention is for the duration of the statutory limitation periods.

If these reasons for storing certain data are cumulative, the longest storage period applies. The data is always stored for a specific purpose, i.e. the data may only be used for the purpose for which it was stored.

7. Data security

We have taken appropriate technical, organisational and administrative measures to protect your personal data from unauthorised or unlawful use, disclosure to unauthorised third parties and accidental loss, damage or destruction. We use firewalls to prevent unauthorised access to servers. Servers are located in a secure location to which only authorised staff have access. All employees and all persons involved in the processing of data are subject to a duty to comply with all laws concerning data protection and to treat personal data confidentially. All measures are adapted according to the state of the art.

8. Is there an obligation to provide data?

Within the scope of our business relationship, you must provide the personal data that is required for the establishment, implementation and termination of a business relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we are generally unable to conclude a contract with you or to execute an order, or to perform or terminate an existing contract.

If you do not wish to provide us with the necessary information, documents and change information, we will not be able to enter into the business relationship requested by you or may also have to terminate it.

9. Your rights as a data subject

You have the right to request information from us at any time about the personal data we hold about you, its origin and the purposes and procedures for processing the data, as well as the recipients of the data.

Insofar as the legal requirements are met, you also have the right to demand that we correct, delete or restrict the processing of the relevant data, the right to object to the processing of your data by us and the right to receive the personal data relating to you that you have provided to us in a structured, common and machine-readable format. You may transfer this data or have it transferred to other bodies. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right to deletion.

If we have collected and processed your personal data with your consent, you may revoke this consent at any time. The revocation of your consent does not affect the lawfulness of processing that we have carried out until your revocation. A revocation also does not apply to the processing of your personal data that was not covered by your consent. Nor does revocation affect any processing of your personal data that is carried out on lawful grounds for processing and does not require consent. Further details on consent can be found in section 4.3 d).

You can also object to the processing of your data in accordance with Art. 21 GDPR. If you object to the processing of your data altogether, we will no longer be able to provide the Cryptonow Wallet App and the functions of our cooperation partners that can be accessed via it. In this case, we will have to block your user account and will continue to process your data until the transactions that have not yet been completed by then have been fully processed.

If you are of the opinion that the processing of personal data concerning you by us violates the applicable data protection law, you may lodge a complaint with the competent supervisory authority (Art. 77 GDPR in conjunction with sec. 19 BDSG) for data protection.

You also have these rights vis-à-vis the recipients to whom we transfer your data and who are not merely our processors.

Last Update: 17. Juni 2022

Version: 1.0