Privacy Policy
1
Du Bois Gold (“we”) understands how important data privacy and protection is to all of our customers. Du Bois Gold wants to ensure that all our customers understand how and what information and data we collect from our customers through our web user interface, our mobile app and when we provide other services.
2
This privacy policy applies to all Du Bois Gold platforms and services and all Registration / KYC / AML Partners or any other person or entity assigned by us to collect, store or process personal data complies with this privacy policy.
I
Preamble
1
Scope of data processing
3
Du Bois Gold AG, Baarerstrasse 8, 6300 Zug, Switzerland, is the controller of the personal data collected, stored and otherwise processed in accordance with this privacy policy.
4
We process personal data in compliance with applicable data protection laws, in particular, the Federal Act on Data Protection (“FADP”; including the corresponding Ordinance thereto, “OFADP”) and, to the extent applicable, the EU General Data Protection Regulation (“GDPR”).
5
We only process personal data of our customers if this is necessary to provide a functional website, mobile app, as well as our contents and services (including the performance of a contract). The processing of our customers’ personal data is normally only carried out with their consent. An exception applies in those cases where prior consent cannot be obtained and the processing of the data is permitted by law, necessary for the performance of a contract or if we have an overriding interest in processing the personal data (e.g. for marketing purposes, security reasons, general management and development of services, systems and products, the establishment, exercise and defence of legal claims or the prevention and investigation of crime, as well as risk management and fraud prevention).
6
We may collect the personal data described in this privacy policy directly from the customer, through our third-party service providers or other public or private legitimate sources.
2
Legal basis for data processing
7
Insofar as we obtain the consent of the customer for the processing of personal data, art. 6 para. 1 let. a GDPR serves as the legal basis.
8
In the processing of personal data required for the performance of a contract to which the customer is a party, art. 6 para. 1 let. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
9
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, art. 6 para. 1 let. c GDPR serves as the legal basis.
10
In the event that the vital interests of the customer or another natural person require the processing of personal data, article 6 para. 1 let. d GDPR serves as the legal basis.
11
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the customer do not outweigh the first interest, art. 6 para. 1 let. f GDPR serves as the legal basis for processing.
3
Data erasure and storage data
12
The time periods for which personal data is retained depends on the purposes for which it is used. DBG and/or the Registration / KYC / AML Partners or any other person or entity assigned by DBG to collect such data may retain information about Users in their databases for as long as Users registration and whitelisted Ethereum address is active or as needed to provide the described services and in accordance with applicable laws.
13
The retention and use of personal information by DBG and/or the Registration / KYC / AML Partners or any other person or entity assigned by DBG to collect such data will be as necessary to comply with legal obligations, resolve disputes, and enforce agreements.
14
The retention period may extend beyond the end of the relationship between the parties, but it will be only as long as it is necessary for DBG to have sufficient information to respond to any issues that may arise later. For example, DBG and/or the Registration / KYC / AML Partners or any other person or entity assigned by DBG to collect such data may need or be required to retain certain information to prevent fraudulent activity, protection against liability, permit itself to pursue available remedies or limit any damages that DBG and/or the Registration / KYC / AML Partners or any other person or entity assigned by DBG to collect such data may sustain, or if a law, regulation, rule or guideline requires it.
II
Provision of the website and creation of log files
1
Description and scope of data processing
15
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is, in particular, collected:
i) Information about the device and browser type and version used
ii) The user’s operating system
iii) The Internet service provider of the user
iv) The IP address of the user
v) Date and time of access
vi) Websites from which the user’s system reaches our website
vii) Pages within our website accessed by the user
16
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
17
The KYC data such as contact details, date of birth, nationality or source of funds submitted by the user through the respective form on our website.
2
Legal basis for data processing
18
The legal basis for the temporary storage of data and log files is art. 6 para. 1 let. f GDPR (i.e. legitimate interests pursued by our company or third parties).
19
The legal basis for collecting and processing the KYC data is art. 6 para. 1 let. b and c GDPR (i.e. a statutory duty or the performance of a contract with the user).
3
Purpose of data processing
20
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this the IP address of the user must remain stored for the duration of the session.
21
The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
22
The KYC data is collected to fulfill our statutory duties in accordance with Swiss financial market regulations and is only collected if a customer wants to use our services. In particular, anti-money laundering and corporate laws require us, before entering into a business relationship with a customer, to identify the customer, and the identity of the beneficial owner. In order for us to comply with those statutory duties, customers have to provide us, with the necessary information and documents and to inform us immediately of any subsequent change. We cannot enter into the desired contractual relationship with a customer, if a customer does not provide us with the necessary information and documents.
4
Duration of storage
23
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
24
If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated so that the calling client can no longer be assigned.
25
KYC data is stored for at least ten years in accordance with statutory retention duties.
5
Possibility of objection and elimination
26
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. If this information is not provided our website may not work and it may not be possible to access or use our website.
27
If the KYC data is not submitted, we may not be able to provide the services the customers has requested.
III
Use of cookies
1
Description and scope of data processing
28
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic sequence of characters that enables a unique identification of the browser when the website is called up again.
29
In particular, the following data is collected by the cookies we use:
i) Information relating to the operation of the website, for example, language detection, website scripting language and security tokens to maintain secure areas of our website;
ii) Information about how the customer uses our Website, for example which pages a customer visits most often, whether the customer receives any error messages, and how the customer arrived at our Website
30
Information to track details like the number of unique visitors and pageviews to improve user experience.
2
Legal basis for data processing
31
The legal basis for the processing of personal data using cookies is art. 6 para. 1 let. f GDPR.
3
Purpose of data processing
32
We use technically necessary cookies on our website by default as well as analytics cookies which are only used if the customer’s consent has been obtained.
33
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For them it is necessary that the browser is recognized even after a page change.
34
We need cookies for the following applications:
i) Interaction with our support team
ii) Usage of the website (statistics) by Google Analytics
35
The user data collected by technically necessary cookies are not used to create user profiles nor are they used for marketing purposes.
36
We use Google Analytics, a web analytics service provided by Google Inc. (Google) to ensure the needs-based design and continuous optimization of our website and to statistically record and evaluate the use of our website. Google Analytics uses cookies to analyze how the customer uses the website. The information generated by the cookie about the customer’s use of the website is usually transmitted to and stored on a Google server in the USA. We only use Google Analytics with activated IP anonymization. This means that the customer’s IP address will be shortened in Switzerland, the European Union and the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google will use this information on our behalf to evaluate the customer’s use of the website in order to provide us with reports on the activities of customers on the website and to provide other services related to the use of the website and internet usage. Furthermore, Google will transfer this information to third parties if required by law or if third parties process this data on behalf of Google. The IP address provided by the customer’s browser will not be merged with Google’s other data. The customer may object to Google Analytics collecting the data with effect for the future by installing a deactivation add-on for the user’s browser. Besides the possibility to install the deactivation add-on, there is another alternative to prevent Google Analytics from collecting the data, whereby the user installs a so-called opt-out cookie that prevents the tracking of data on the website. The function remains until the opt-out cookie is deleted.
4
Duration of storage, possibility of objection and elimination
37
Cookies are stored on the customer’s computer and transmitted to our site. Therefore, customer also has full control over the use of cookies. The customer can deactivate or restrict the transmission of cookies by changing the settings in the Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website.
IV
Newsletter
1
Description and scope of data processing
38
A customer can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask such as email address and name is transmitted to us.
39
In addition, the following data is, in particular, collected upon registration:
i) First name
ii) E-mail address
iii) IP address of the calling computer
iv) Date and time of registration
40
During the registration process, the customer’s consent is obtained for the processing of the data and reference is made to this privacy policy.
41
If customers use our platform services and provide us with their email address, we may subsequently use it to send the customers a newsletter from which the customers can unsubscribe at any time. In such a case, the newsletter will only send direct advertising for similar services of our own.
42
In connection with data processing for the dispatch of newsletters, no data is passed on to third parties. The data will be used exclusively for sending the newsletter.
2
Legal basis for data processing
43
The legal basis for the processing of the data after registration for the newsletter by the user is, with the user’s consent, art. 6 para. 1 let. a GDPR.
44
The legal basis for sending the newsletter as a result of the sale of goods or services is article 3 para. 1 let. o of the Federal Act Against Unfair Competition (“UWG”).
3
Purpose of data processing
45
The collection of the customer’s email address serves to send the newsletter.
46
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.
4
Duration of storage
47
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user’s email address will therefore be stored for as long as the subscription to the newsletter is active. If a customer unsubscribes from the newsletter, the customer’s email address and registration information will be deleted from the mailing list.
5
Possibility of objection and elimination
48
The subscription to the newsletter can be cancelled by the customer concerned at any time. For this purpose, there is a corresponding link in every newsletter.
49
This also makes it possible to revoke the consent to the storage of personal data collected during the registration process.
V
Registration
1
Description and scope of data processing
50
On our website, we offer customers the opportunity to register by providing personal data. The data is entered into an input mask and securely transmitted to us and stored. The data will not be passed on to third parties. The following data is, in particular, collected during the registration process:
i) First name and last name
ii) Address
iii) Phone number
iv) Wallet address
v) Country
vi) Email address
vii) Date of birth
viii) Nationality
ix) Passport copy
x) Source of fund(s)
xi) Photo and / or Video of identification document
xii) Username and password
51
At the time of registration, the following data is also stored:
i) The IP address of the customer
ii) Date and time of registration
52
In the course of the registration process, the customer’s consent to the processing of this data is obtained before the data is transmitted and stored by us.
2
Legal basis for data processing
53
The legal basis for the processing of the registration data is art. 6 para. 1 let. a GDPR if the user has given his consent.
54
If registration serves the fulfilment of a contract to which the customer is a party or the implementation of pre-contractual measures, the legal basis for the processing of the data is art. 6 para. 1 let. b and c GDPR as we may have a statutory duty to collect and process such data.
3
Purpose of data processing
55
A registration of the customer is necessary for the provision of certain contents and services on our website, for the fulfilment of a contract with the customer or for the implementation of pre-contractual measures and to comply to laws and regulations (KYC / AML). In particular, anti-money laundering and corporate laws require us, before entering into a business relationship with a customer, to identify the customer, and the identity of the beneficial owner. In order for us to comply with those statutory duties, customers have to provide us, with the necessary information and documents and to inform us immediately of any subsequent change. We cannot enter into the desired contractual relationship with a customer, if a customer does not provide us with the necessary information and documents.
4
Duration of storage
56
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected and for at least ten years in accordance with statutory retention duties.
5
Possibility of objection and elimination
57
A customer has the possibility to cancel the registration at any time. The customer can change the data stored about him or her at any time.
58
After accessing our platform, the customers will be able to update the information anytime by going to their profile (edit) and updating the information. Certain information might trigger the KYC / AML process. Should customers want to delete their account, they can contact us and we will do so as soon as possible.
VI
Job applications
1
Description and scope of data processing
59
When you apply for an open position at our company, we process the personal data you share with us. Such personal data is, in particular, the following:
i) Name
ii) Contact data
iii) Cover letter
iv) CV
v) Education / diplomas / certification
vi) Recommendation letters
vii) References
viii) Work permits
ix) Notes taken during job interviews
2
Legal basis for data processing
60
The legal basis for collecting and processing personal data received for your job application are art. 6 para. 1 let. b and c GDPR (i.e. we may have a statutory obligation to check your work permit situation before we offer you a position within our company).
3
Purpose of data processing
61
Your personal data is used to decide on the establishment of an employment relationship, in particular to evaluate the information provided by you and your suitability for the position. Within our company, your personal data will only be shared with individuals who are involved in the review and assessment of your job application.
4
Duration of storage
62
If your job application results in your employment, the data you submitted will be stored on the grounds of Art. 6 para. 1 lit. b GDPR for the purpose of the employment relationship. If your job application is rejected your personal data will be deleted three months after our last contact with you, unless you provide your consent to the further storage of your personal data in case of new job opportunities in our company.
VII
Order and payment
1
Description and scope of data processing
63
When you make a purchase on our site, we collect the following order data for the purpose of fulfilling the order:
i) Order and receipt number
ii) Details on the purchased items (quantity, price, etc.)
iii) Payment method information
iv) Delivery and billing addresses
v) Messages and communication relating to purchases (e.g. notices of revoca-tion, complaints, and messages to customer service)
vi) Delivery and payment status (e.g. "completed" or "dispatched")
vii) Return status (e.g. "successfully completed")
viii) Information on service providers involved in executing the contract (e.g., shipment numbers of parcel services)
64
We offer common payment methods, including advance payment, debit or credit card, and invoice. For the purpose of executing the payment, we may collect the following payment details:
i) Preferred payment method
ii) Billing addresses
iii) IBAN and BIC or account number and sort code
iv) Credit or debit card details
65
We may also receive further payment details from Stripe, our external payment service provider, in order to execute payments. We only forward information to Stripe that is necessary for processing the payment.
2
Legal basis for data processing
66
The legal basis for collecting and processing the order and payment data is art. 6 para. 1 let. b and c GDPR (i.e. a statutory duty or the performance of a contract with the user).
67
The legal basis for collecting and processing order and payment data for the purposes of managing and optimizing our website operations, ensuring the security of transactions, and providing an improved shopping experience is art. 6 para. 1 let. f GDPR (i.e. legitimate interests pursued by our company or third parties).
3
Purpose of data processing
68
The purpose of processing your personal data in the context of orders and payments is to effectively execute and manage your orders, ensuring the delivery of goods and services as agreed, securely process payments and manage financial transactions, including fraud prevention and dispute resolution, communicate with you about your order status, and comply with legal obligations such as financial reporting and anti-fraud regulations.
4
Duration of storage
69
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this document, which includes the execution and management of your orders, the processing of payments, and compliance with our contractual and legal obligations. Our retention period is also guided by the need to address any legal claims or inquiries and to comply with statutory retention requirements.
70
Upon the termination of your account or the completion of contractual obligations, your personal data will be either deleted or, if legal, technical, or other reasons prevent deletion, it will be blocked from further processing. Blocked data is subject to restricted access, ensuring that it can only be accessed by authorized personnel for specific legal or contractual purposes, such as for tax audits as mandated by applicable laws.
71
We are required to retain certain data, such as order and payment information, for a period of up to ten years to comply with tax and financial auditing obligations. After this period, or once the data is no longer required for its intended purpose and is not subject to any legal retention obligations, it will be definitively deleted.
72
In certain circumstances, immediate deletion of data may not be feasible. In such cases, the data will initially be blocked. This applies particularly in scenarios where data may be necessary for further contractual processing or for establishing, exercising, or defending legal claims. The duration of this blocking is determined by applicable statutory limitation periods, after which the data will be permanently deleted.
73
We may, in accordance with legal provisions, opt not to delete data that has been rendered anonymous or pseudonymous if its deletion would significantly impair its use for scientific research or statistical purposes.
5
Possibility of objection and elimination
74
For order and payment information, the right to object and delete personal data is balanced against the necessity of data for transaction completion and legal compliance. Users may object to data processing, but this is limited where processing is essential for contract execution or legal obligations. Users can request deletion when data is no longer needed for its original purpose, subject to legal and contractual requirements. Necessary data is retained to fulfill contracts, comply with legal obligations, and manage disputes. Immediate deletion may not be possible for data needed for legal obligations or contract management. Such data will be retained as required and then deleted or anonymized. Users interested in objecting to data processing or requesting deletion should contact customer service. Note that these actions may impact the ability to provide services or complete transactions.
75
We may share personal data of customers collected or processed in the course of providing our services and when a customer registers and uses our web, mobile or other platforms with third parties. This includes but is not limited to Registra-tion / KYC / AML Partners, banks, advisors, third-party service providers (i.e., IT, software or cloud service providers shipping/order fulfillment companies, payment service providers, , insurances, authorities and lawyers) in Switzerland, the EU or other countries if required or useful for providing our products and ser-vices. Third-party service providers may only process the personal data we share with them for the performance of the contract with us and in accordance with our instructions.
76
Further, we may share customers’ personal data with third persons where:
· they have consented to us doing so (where necessary) or the organisation that they work for has obtained their consent for us to do so (where necessary);
· it is necessary in connection to the dissolution or a merger with another company or another similar event;
· we are under a legal, regulatory or professional obligation to do so (for example, to comply with anti-money laundering or sanctions requirements); or
· it is necessary in connection with legal proceedings or in order to exercise or defend legal rights.
IX
Is your personal information transferred abroad?
77
We only transfer personal data of customers abroad if the recipient country provides an adequate level of data protection as confirmed by the EU Commis-sion or the Federal Data Protection and Information Commissioner or once the required measures to ensure an adequate level of data protection in accordance with applicable data protection law have been put in place.
78
As some of our service providers and Registration / KYC / AML and order fulfilment Partners are based outside of Switzerland, customer's personal data can be transferred to the EU, Singapore, UAE (Dubai) and the US. The EU provides an adequate level of data protection which is why no specific measure need to be implemented to share customer's personal data. For the transfer of personal data to the US, Singapore and UAE (Dubai) we sign so-called EU Standard Contractual Clauses including any required local law provisions and measures prior to any transfer.
79
For the purposes of orders and payments, payment data can be transferred to payment service providers. You can find more details about the processing of personal data by our payment service provider Stripe (Stripe Payments UK, Ltd. and Stripe Payments Europe, Limited) in their privacy policy.
X
How we protect your personal information
80
We have put in place appropriate security measures to hold personal data of customers securely in electronic and physical form, to protect it from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. Our premises are access controlled and surveyed by video recording where required and our electronic databases require logins and password authentication.
81
Our employees and third-party service providers who have access to personal data and confidential information are subject to the same confidentiality obligations as we are and have signed data processing agreements to the extent required by applicable data protection law.
XI
Rights of the data subject
82
According to applicable data protection law customers have the following rights with regard to the personal data we process:
· Right to access
· Right to correction
· Right to limitation of processing
· Right to deletion
· Right to data portability
· Right to objection
83
If a customer has provided his or her consent to the collection, processing and transfer of personal data for a specific purpose, they have the right to withdraw their consent for that specific processing at any time. Once we have received notification that a customer has withdrawn his or her consent, we will no longer process the personal data for the purpose or purposes originally agreed to, unless we have another legitimate basis for doing so.
84
We may refuse to grant the right customers request to exercise if applicable data protection law or other legislation, allows or obliges us to do so, in which case we will provide reasons for our decision as required by the law.
85
If customers would like to exercise these rights, they can contact us in writing by emailing support@duboisgold.com or by letter to:
Du Bois Gold AG
Baarerstrasse 8
6300 Zug
86
In general, customers will not have to pay a fee to exercise any of their data subject rights. However, we may charge a fee if applicable data protection law allows us to do so, in which case we will inform the customer as required by the law.
87
If a customer feels we have not handled their query or concern to their satisfaction or we are processing personal data in breach of applicable data protection law they can also file a complaint with the competent data protection authority, in Switzerland this is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).
XII
Contact information
88
XIII
Rights of the data subject
89
We reserve the right to update and change this privacy policy from time to time in order to reflect any changes to the way in which we process your personal information or changing legal requirements. Any changes we may make to our privacy policy in the future will be posted on this website. Please check back frequently to see any updates or changes to our privacy policy.
Last Updated: April 2024