Data Protection Policy

At Vereign we respect your personal data. In this spirit, this data protection policy (hereinafter: “Privacy Policy”) shall offer you transparency and inform you how we protect your data at https://www.vereign.com.

In summary, on this web presence we introduce our company and promote our products and services, which shall empower you with seamless addition of integrity, authenticity and privacy to any kind of digital service (hereinafter “Vereign Services”).

I. OVERVIEW ABOUT OUR COMMITMENTS

  • Our collection and processing of your personal data under this Privacy Policy is limited to the extent necessary to fulfil the rather apparent purposes of offering you information on our web page.
  • As part of our privacy by design concept and as far as technically feasible we will process and store your IP address in an anonymous form.
  • Only in case you have explicitly provided us with your contact details, we will use these details for the apparent purpose of contacting you, just as you requested.
  • In no event we will sell (or otherwise make available) to any third party for their business or political agenda.
  • In no event we will use your personal data for any purpose unrelated to informing you about our company or our Vereign Services.
  • Nothing in the following detailed explanations shall put this initial summary in question. In case of inconstancies the above summarizing statements shall prevail and bind us accordingly.

II. NAME AND CONTACT DETAILS OF THE CONTROLLER

Vereign AG

Dammstrasse 16,

6300 Zug, Switzerland

Email: contact@vereign.com

For questions with regard to this Privacy Policy or other concerns in this subject area, you may contact our data protection team by email directly via: dataprotection@vereign.com.

III. LEGAL FRAMEWORK

Our data protection practice complies with applicable law including but not limited to the Swiss Data Protection Act (“Swiss DPA”) and its Ordinance (“Swiss DPO”). Also we are fully compliant with the General Data Protection Regulations (“GDPR”) of the European Union and its local adaptations including but not limited to the German Federal Data Protection Act (“Bundesdatenschutzgesetz”). We will continue to monitor and analyse further country specific data protection regulations outside of the European Union but so far we have identified the GDPR as sufficient and acceptable regulatory standard throughout the entire world.

As a matter of principle, we collect and use personal data as much as necessary to provide our services requested by you (Art. 6 para. 1 Lit. b GDPR). A notable exception applies where a contractual basis is not apparent and the processing of personal data can only be authorised via your explicit consent (Art. 6 para. 1 Lit. a GDPR). In such a situation we will explain to you the exact purposes and consequences of the concerned data processing and you may at any time retrieve your consent given to us. In no event will we sell your personal data to any third party for any business or political agenda.

IV. ALLOWED PURPOSES FOR COLLECTING AND PROCESSING YOUR PERSONAL DATA

Our collection and processing of your personal data under this Privacy Policy is limited to the extent necessary to fulfil the following rather apparent purposes:

1. CONTACT FORMS AND JOB OFFERINGS

On our website https://www.vereign.com. we may provide you with:

a) CONTACT FORMS

We are providing you with the opportunity to get in touch with our team and in particular you may send us a respective email to contact@vereign.com. Your provided contact details will be used exclusively to process and answer your query and potentially keep you up to date regarding further related developments. After you gave us your contact details, you may at any time retract your consent and object to any further usage.

b) ADVERTISED JOB OFFERINGS

On our website we may also provide you with the opportunity to apply for advertised job positions, within our company group. In case you choose to apply for such a particular job offering, we will use your name, contact details and all other provided information exclusively for the relevant application process. In case you choose to opt for “Send me further details about other vacancies” we will use your contact details and all other provided information to keep you informed about future job positions, even after the job offering you applied to has been filled. But of course, you may retract your consent any time (see also below: V. Rights of the data subject).

c) YOUR FEEDBACK REGARDING OUR DEVELOPED SOFTWARE

Regardless of the channel you use to provide us with your feedback regarding our software projects, as an open source company your collaboration and engagement is crucial for us. We need interested participants to test and try out the Vereign Services and provide us with feedback. If you choose to engage in such software testing and providing us with feedback, in the spirit of the free software community, this is also a main reason you are providing your personal data to us and this purpose forms our legal relationship in the meaning of Art. 6 para. 1 Lit. b GDPR. We commit ourselves to exclusively use your related personal data for this purpose of testing and improving Vereign Services.

d) SHAREHOLDER RELATIONSHIP AND RELATED THIRD-PARTY WIDGETS

In order to provide you with the opportunity to participate in our venture and acquire tokenized shares of our company, we have incorporated a widget https://www.aktionariat.com/our-products/brokerbot which lets you purchase and trade our shares in a digitised form. For the registration and other usage of this widget and any accompanying accounts the data protection policy of Aktionariat AG will apply, seehttps://www.aktionariat.com/terms-of-service, just as you will need to accept this data protection policy during your respective on-boarding.

We will have access to that data and will process this data for the sole purpose of our shareholder relationship. This means we will include you in our legally mandatory shareholder list and reach out to you in case of any official shareholder information.

If you wish to delete your account, please get in touch with accounts@aktionariat.com. But please note after deletion of your account we may have no way any more to contact you or even acknowledge you as a legit shareholder. Hence before erasing you account with Aktionariat AG, please reach out to us, so we can make sure that your acquired shares will not be lost.

2. IP-ADDRESSES AND WEB SERVER LOG FILES

In order to allow for the requested website to be displayed in your browser, we need to temporarily store and process your IP address. The legal basis for this temporal storage of personal data is Art. 6 para. 1 Lit. f GDPR.

After your individual session has ended, your IP address will be saved anonymously in log files of our web server. The information in our log files includes:

- the exact pages you accessed in our URL(s)

- date and time of your request

- your browser type

- your operating system

- your anonymised IP address

We will use this non-personal data exclusively for optimising our webpage and to safeguard the security of our information technology systems.

V. DATA PROCESSORS

The administration and processing of personal data in the scope of this Privacy Policy is primarily carried out by us, and our subsidiary Vereign Labs Ltd.

However, for specific tasks, like hosting our webpage we also have contracted external service providers.

Any of such external providers, just as our subsidiary, are processing your personal data on our behalf. All these parties remain contractually and legally bound to this privacy policy and any applicable law, including but not limited to GDPR.

VI. YOUR RIGHTS AS A DATA SUBJECT

According to applicable law (in particular Swiss law and even more so GDPR) but also due to our own commitment you shall have the following rights toward us:

  1. Right of access: You may request information about your data processed by us, in particular about the purposes of processing, the category of personal data, the categories of recipients to whom the data have been or will be disclosed by us, the envisioned period of storage, the existence of a right of rectification, erasure, restriction of processing or objection to it, the existence of a right to lodge a complaint, where your data are collected from (if these are not collected by us), and the existence of automated decision-making, including profiling.
  2. Right to rectification: You have the right to demand without undue delay the rectification of inaccurate personal data stored by us as well as to have incomplete personal data stored by us completed.
  3. Right to erasure: You have the right to demand that personal data stored by us be erased as long as the processing of this data is not necessary to fulfil a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
  4. Right to block data: You have the right to demand to have your personal data blocked. Data that is blocked will not be deleted from our databases, but it will not be processed as long as being blocked.
  5. Right to data portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format, or to demand that it be transmitted to another controller.
  6. Right to object: Consent given to process your personal data can be revoked at any time. As a result of this, we will no longer be permitted to continue processing data based on this consent in the future.
  7. Right to lodge a complaint: You have the right to lodge a complaint with any competent supervisory authority. Therefore you may contact a locally competent authority at your place of residence or you may report any presumed violation of applicable data protection law, to the Federal Data Protection and Information Commissioner (FDPIC) as the federal data protection authority in Switzerland. The FDPIC’s contact details are as follows:

    Federal Data Protection and Information Commissioner

    Feldeggweg 1, 3003 Berne, Switzerland

    Tel: +41 58 462 43 95

    Fax: +41 58 465 99 96

    www.edoeb.admin.ch

  8. Exercise your rights: In order to exercise your rights as a data subject, please contact our Data Protection Team (dataprotection@vereign.com) or send an email or postal mail to our contact details as indicated under clause I above.

In case you exercise your rights in accordance with the GDPR towards us, we will not charge any fees. However, a reasonable fee may be charged if your inquiry is demonstrably abusive, improper or if you make a repeated inquiry without relevant justification.

We may need to collect information about you that will enable us to clearly identify you as a data subject. In doing so, we will endeavour not to complicate or even hinder your request. Rather, we want to make sure that none of your personal data falls into the hands of unauthorised persons.

VII. SECURITY

We have implemented extensive security provisions and measures to establish an appropriate level of safety to protect personal data stored by us from unauthorized access, misuse, altering, misappropriation, destruction, and loss. At Vereign we seek to combine and align our overall requirements concerning cyber security and resilience, regardless whether these requirements are derived from best practise approaches, applicable law or contractual regulations. This holistic point of view makes it feasible for us to deal with the respective requirements in a transparent and effective way. As part of our security management processes, we obligated ourself to conduct regular external penetration tests of our Seal Applications and its underlying processes.

However, in case you choose to communicate with us via an insufficiently encrypted communication channel, we would like to point out that such insufficiently encrypted data transfer cannot provide any guarantee that access to your data by third parties is averted.

VIII. EXTERNAL HYPERLINKS

Our webpages may contain hyperlinks, which will lead you to internet sites from other companies. This Privacy Policy does not apply to these linked internet sites belonging to other companies.

IX. AMENDMENTS OF THIS PRIVACY POLICY

It may be necessary to adapt our data protection statement to changing framework conditions of a technical, factual or legal nature. This Privacy Policy may be amended from time to time, provided that nothing in newer versions of this Privacy Policy shall contradict the summary given to you in clause I above (“overview about our commitments”).

As of: April 2021