1. What is this privacy notice about?
Protecting your privacy and personality is important to us. This privacy notice sets out how Centi Ltd. processes and protects personal data that you provide to us or that we collect from you. It is not part of a contract and may be changed from time to time.
The references to the EU General Data Protection Regulation (GDPR) do not apply where our processing of your personal data is not subject to the GDPR. Feel free to contact us as indicated below if you wish to learn more.
2. Who is responsible for processing your data?
The following company (also “we”) is the “controller”, i.e. the party that is primarily responsible, under data protection law, for the processing of personal data in accordance with this privacy notice:
Centi Ltd.
Im Schilf 4
8044 Zurich
Switzerland
inquiries@centi.ch
3. Which data do we process?
“Personal data” (also “data”) is any information that can be linked to a particular individual, and “process” means any handling of personal data, such as obtaining, using and disclosing it. This privacy notice explains how we process personal data, particularly in the course of our business dealings and in connection with our website (Sections 4, 6 and 14). If you would like further information on our data processing, please do not hesitate to contact us (see Section 2).
You are not obliged to disclose data to us, except in some cases (for example if a contractual obligation involves disclosing data to us). However, we need to process data for legal and operational reasons when we conclude and execute contracts. The use of our apps and website is also not possible without data processing (see Section 14).
When you share data with us, it must be current and accurate. If you opt to include data relating to third parties please make sure you have the right to share and that these third parties are informed about our processing of their data.
You may provide data to us that relates to other individuals. If you do this, we understand that you confirm this data is accurate. As we may not be in direct contact with these third parties, we ask you to inform them about our processing of their data (for example by referring to this privacy notice).
4. How do we process data in connection with our Wallet Interface Services?
We provide a non-custodial digital cash wallet interface service where we store the encrypted public and private keys of your wallet and provide a user interface for the User to gain access to the encrypted Wallet copy through a secure identification system. We process data as follows:
- We may advertise our services, for example by sending marketing e-mails – see Section 6 for details.
- We process data when we are in contact with you in view of a contract for our services. This concerns primarily your user name, e-mail address, login credentials and login data, and the date of contact.
- If we enter into a contract with you, we process data collected before (see above) and information on the conclusion of the contract (for example the date of conclusion and the subject of the contract).
- We also process personal data during and after the term of the contract. Examples are information on the use of the services, but also on contacts with customer service, mutual claims, complaints, defects, data on the termination of the contract and – should disputes in connection with the contract arise – also on these and corresponding procedures. We use this data because we cannot perform contracts without it.
- We also process the aforementioned data for statistical analysis (for example [examples, such as: in which regions and at what times our services are used, which customer groups use which services] etc.). Such evaluations help us with the improvement and development of products and business strategies. We may also use them on a personal basis for marketing purposes; please see Section 6 for details.
5. How do we process data in connection with our BSV and dedicated payment token payment and STAS token services?
Centi acts as a digital cash payments enabler for retailers through existing infrastructure at their (physical or e-commerce) shops/points of sale, in particular offering the possibility to retailers to let their (end) customers pay with the cryptocurrency Bitcoin Satoshi Vision (BSV) and dedicated payment tokens or issue, use, collect and redeem Substantiated Tokens from Actualized Satoshis (STAS Tokens).
In relation with our BSV payment services, we enter into an agreement with merchants. In addition to the data processing laid out in Section 4, we process data as follows:
- We process data of merchant contact persons with whom we are in contact, for example name, contact details, professional details and details from communication, and details of management persons etc. as part of the general information about companies with which we work. Further, we also connect information about their business, their bank accounts and settlement details, and additional documentation that is required for us to comply with obligations under applicable law, including laws on combating money laundering and terrorist financing.
- We also process data for statistical analysis (for example [examples, such as: which products sell best, in which regions and at what times, which customer groups buy which products] etc.). Such evaluations help us with the improvement and development of products and business strategies. We may also use them on a personal basis for marketing purposes; please see Section 5 for details.
- If we know the identity of the person who makes the payment or uses the STAS tokens, we process data for these services as follows: Identity data such as your full name, street address, identification documents and/or other documents you may have submitted for compliance reasons will not be used for marketing purposes and remains restricted to be processed and used only by our compliance department. Other personal data, such as e.g. a shipping address will be shared with other parties if relevant to the services they offer and only if you provided us with such data.
6. How do we process data in connection with advertising?
We also process personal data in order to promote our services and those of third parties:
- Newsletters: We send out electronic newsletters that may contain advertising for our offers , but also for offers from other companies with which we cooperate. We ask for your consent beforehand, except when we promote certain offers to existing customers. In case of newsletters with performance measurement, for example via Mailchimp, Emarsys etc.: In addition to your name and e-mail address, we may also process information about the services you used before, and whether you open newsletters and which links you click on. For this purpose, our e-mail delivery provider has a function that works with invisible images that are loaded from a server through a coded link, thereby transmitting the relevant information. This helps us assess the impact of newsletters and to optimize them. You can avoid this by setting your e-mail program accordingly (for example by switching off the automatic loading of images).
- Market research: We also process data to improve services and develop new products, for example information about your purchases or your reaction to newsletters or information from customer surveys and polls or from social media, media monitoring services and public sources.
7. How do we work with service providers?
We use various services from third parties, especially IT services (examples are providers of hosting data analysis services), shipping and logistics services and services from banks, the post, consultants, etc. For service providers for our website, please see Section 14. These service providers may also process personal data to the extent necessary.
8. Can we disclose data to other parties?
Yes. Your privacy is of utmost importance to us and we take both the privacy and security of your personal data very seriously. We share your personal data only to the extent necessary for us to provide our services well and efficiently and will never sell it to third parties. We may however share data with service providers (Section 7), and with other parties as explained further in this privacy notice, for example in Section 14 (use of our app and website) and Section 11 (other purposes).
The recipients of data are not all located in Switzerland. This applies in particular to certain service providers (especially IT service providers). These have locations both within the EU or the EEA. We may also transfer data to authorities and other recipients abroad if we are under a legal obligation to do so or, for example, in the context of a company sale or of legal proceedings (see Section 9). Not all of these countries have adequate data protection. We therefore use appropriate contracts to protect data transmitted, in particular the EU Standard Contractual Clauses, which are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914. In certain cases, we may transfer data without such contracts, as permitted under applicable data protection law, for example if you have consented to the disclosure or if it is necessary for the performance of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
9. Do we process data for other purposes?
Yes, because many tasks require data processing, including common internal operations. It is not always possible to determine this precisely in advance, nor the extent of the data processed in the process, but these are typical (although not necessarily frequent) cases:
- Communication: When we are in contact with you (for example when you call us or when you communicate with us on a social media platform, we process the communication content and information about the nature, time and location of the communication. We may also process details of proof of identity to identify you.
- Compliance with legal requirements: We may disclose information to authorities as required by law or in order to comply with internal regulations.
- Prevention: We process data to prevent criminal offences and other breaches, for example in the context of fraud prevention or internal investigations.
- Legal proceedings: Where as we are involved in legal proceedings (for example before a court or administrative body), we process data about the parties to the proceedings and other persons involved, such as witnesses or respondents, and disclose data to such parties, courts and authorities, possibly outside of your country of residence.
- IT security: We process data for monitoring, controlling, analysing and securing our IT infrastructure, as well as for backups and archiving data.
- Competition: We process data about our competitors and the market environment in general. We may process data about key individuals, in particular their name, contact details, role or function and public statements.
- Transactions: If we sell or acquire assets, business units or companies, we process data, to the extent reasonably necessary, to prepare and execute such transactions, for example information about customers or their contact persons or employees, and also disclose corresponding data to buyers or sellers.
- Other purposes: We process data for other purposes such as training and education, administration (for example contract management or accounting), the enforcement and defense of claims, the evaluation and improvement of internal processes, for anonymous statistics and evaluations, and to protect other legitimate interests.
10. How long do we process personal data?
We process your personal data for as long as it is necessary for the processing purpose (in the case of contracts, generally for the duration of the contractual relationship), for as long as we have a legitimate interest in storing it (for example if in order to enforce legal claims, for archiving and or to ensure IT security) and for as long as data is subject to a statutory retention obligation (for certain data, for example, a ten-year retention period applies). After these periods have expired, we delete or anonymise your personal data.
11. How do we keep your personal data secure?
In order to prevent personal data from destruction, loss, alteration, unauthorized access or disclosure we apply appropriate technical and organizational measures, in particular encryption, record keeping, and pseudonymization (as reasonably possible). Note please that data transferred through networks may be accessible to third parties.
12. Anything else to consider?
Depending on the applicable law, data processing is only permitted if the applicable law specifically allows it. This does not apply under the Swiss Data Protection Act, but does under the GDPR, where it applies (which can only be determined on a case-by-case basis). In this case, the processing of your personal data is based on the fact that it is necessary for the preparation and execution of contracts (Section 3), that it is necessary for the legitimate interests of us or third parties, for example for statistical evaluations (Section 3) or for marketing purposes (Section 6), that it is required or permitted by law or that you have separately consented to the processing. You will find the relevant provisions in articles 6 and 9 of the GDPR.
13. What are your rights?
You have certain rights under applicable data protection law:
- If you wish to receive further information and a copy of your data, you can submit an access request to us;
- you can object to our data processing, especially in connection with direct marketing;
- you may have inaccurate or incomplete personal data corrected or completed, or have it supplemented by a note of objection;
- you have the right to receive certain personal data in a structured, common and machine-readable format;
- if we process data on the basis of your consent, you can withdraw consent at any time. Withdrawal is only valid going forward, and we reserve the right to continue to process data on another basis, where applicable.
Note please that these rights may be subject to conditions and restrictions. – If you wish to exercise such a right, please feel free to contact us (Section 2). We will have to verify your identity (for example by means of a copy of an ID). You are also free to lodge a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).
14. How do we process data in connection with our app, website and with social media?
14.1 Log files
When you use our app, we collect information about the installation of the app, your approximate location (only city and country), the volume of data you upload and download, and information about your device such as device type, operating system, device ID, your mobile carrier and your time zone.
When you use our website, the web servers collect certain data for technical reasons that is then temporarily kept in log files, in particular the IP address of the device used, information about the internet service provider and the operating system of your device, information about the referring URL, information about the browser used, the date and time of access, and content accessed when visiting the website. We use this data to be able to provide our website, to ensure system security and stability and to optimise content, and for statistical purposes.
14.2 Cookies and similar technologies
Our website also uses cookies, i.e. files that your browser automatically stores on your device. We may also use other technologies for example to store data in the browser, but also to recognize visitors, for example pixel tags or fingerprints. Pixel tags are invisible images or program code that are loaded from a server and thereby transmit certain information. Fingerprints are details about the configuration of your terminal device that make your terminal device distinguishable from other devices. This allows us to distinguish individual visitors, but usually without identifying them. Cookies may also contain information about pages accessed and the duration of the visit. Certain cookies (“session cookies”) are deleted when the browser is closed. Others (“persistent cookies”) remain stored for a specific duration so that we can recognize visitors on a subsequent visit.
You can set your browser so that it blocks certain cookies or similar technologies or deletes cookies and other stored data. You can find out more about this in the help pages of your browser (usually under “Privacy”).
Cookies and similar technologies help us make your visits more enjoyable. We process data in this context for the purposes of providing the website and enhancing user experience, and some cookies and technologies help us provide website functionality. In addition, they ensure you do not have to repeat certain settings or data entered during a session. Cookies and similar technologies can also help us safeguard the security of our website, detect and correct errors and detect and prevent misuse.
14.3 Third party cookies
Cookies and other technologies may also come from third parties that provide services to us. These may be located outside of Switzerland and the EEA (please see Section 8 for information). For example, we use analytics services so that we can optimize and personalize our website. Cookies and similar third-party technologies also enable them to show you personalized advertising on our websites or other websites and social networks that work with the same third party, and to measure the effectiveness of ads (for example whether you came to our website via an ad, and the actions you then take on our website). The third parties may record website usage for these purposes and combine their records with other information from other websites. In this way, they can record user behaviour across websites and devices in order to provide us with statistical analyses. These providers may also use information for their own purposes, for example for personalised ads on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person.
One of the most important third-party providers is Google. We use Google Analytics on our website, an analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland). Google collects certain information about the behavior of users on the website and the device used. The IP addresses of visitors are truncated in Europe before being forwarded to the USA. Google provides us with analyses based on the recorded data, but also processes certain data for its own purposes. You can find information on the data protection of Google Analytics here, and if you have a Google account, you can find further details here.
14.4 List of cookies
14.5 Our use of social media
To be used if fan pages etc. are operated: We operate our pages on social networks and other platforms. If you communicate with us or comment on or post content, we collect information, which we use primarily for communicating with you, for marketing purposes and for statistical analyses (see Sections 6 and 9). Please note that the platform provider also collects and uses data (for example on user behaviour), possibly together with other data known to it (for example for marketing purposes or to personalise the platform content). Where we are joint controllers with the provider, we have into an agreement with the provider, about which you can obtain information from the provider directly.