1. zondacrypto
  2. Legal
  3. Privacy Policy

Privacy Policy

We value your privacy and take care to ensure a high standard of protection of the users, interested parties and visitors of http://www.zondacryptoswiss.com/. This Privacy Policy (hereinafter the ‘Policy’) sets forth the rules for the collection, processing and use of the personal data of the website’s users, clients, interested parties and visitors.

The purpose of this Policy is primarily to inform the clients, users, visitors and interested parties about their rights in relation to the processing of their data by the Controller.

In our activities we commit to comply with this Policy and with the requirements of the provisions of the law. 

 

  1. Controller of your data

The data controllers are:

  1. BB Trade Switzerland AG with its registered office in Dammstrasse 16, 6300 Zug, incorporated under Swiss law;

  2. BB Trade Estonia OÜ, with its registered office in Harju maakond, Tallinn, Lasnamäe linnaosa, Tähesaju tee 9, 13917 ESTONIA (office no. 10, 2nd floor), incorporated under Estonian law;

(both hereinafter referred to as the ‘Controller’).

 

  1.  Definitions

Whenever this Policy mentions:

  1. Processing – this means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

 

  1. Personal data – this means any information relating to an identified or identifiable natural person (‘data subject’). This includes the data of users and interested parties;

 

  1. Processor – this means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;

 

  1. Profiling – this means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

 

  1. Pseudonymisation – this means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

 

  1. User – this means a person or entity having registered at and being in the process of http://www.zondacryptoswiss.com/ verification;

 

  1. Client – this means a person or entity, with whom the Controller entered a business relationship, i.e. passed the process of verification;

 

  1. Visitor – this means a person browsing the website http://www.zondacryptoswiss.com/

 

  1. Interested party – this means a person having submitted an inquiry/report via http://www.zondacryptoswiss.com/

 

  1. Fiat currency – currency recognised by at least one country as an official means of payment (e.g. EUR, USD, GBP, PLN); 

 

  1. Cryptocurrency – any virtual currency, which digitally represents value (e.g. BTC, ETH, USDT, XRP). 

 

III. Categories of data processed

The Controller collects and processes personal data you share with us or generate when using our services, including the following categories of personal data:

  1. User’s and Client’s data such as e-mail address, login, full name, safety code, citizenship, residency, country of birth, login history (both successful and unsuccessful), phone number, national identification number (e.g. PESEL number, Social Security Number, and other analogues), date of birth, sex, data from personal ID card/passport/residency card (series and number, expiry date, place of issue, state of issue), image (photo, video or linked via a third-party tool, incl. Facebook, Google or Weibo), residence address (street name, street number, apartment number, postal code, city, country), data from utility bills, information about business activity, purpose of creating an account, source of funds transferred into the exchange, source of funds available to the user, information about any political positions held (status of a Politically Exposed Person (‘PEP’) or a PEP’s family member or close collaborator), as well as other information provided as part of the account opening process or in any "Know Your Customer" documentation (including copies of your identification documents), information regarding your account and your use of our services or products, such as exchange transaction details from Fiat currencies into Cryptocurrencies, Cryptocurrencies into other Cryptocurrencies and Cryptocurrencies into Fiat currencies (amount spent, date, time, vouchers or offers used), data for fraud prevention, data required by anti-money laundering (‘AML’) provisions, payment data (including verification data); information you provide when you voluntarily complete client surveys, apply for special offers and promotions, enter into competitions or register to our events (such as seminars and webinars), including data from your messages concerning the Services (e.g. chat logs and support requests) or your feedback about your experience with the Controller, as well as any communication you have with us via our website or mobile application, by email or otherwise, including recordings of our telephone discussions; additionally for corporate users: form of legal organization, company name/business alias, Tax ID (NIP), register number, statistical number, country of business, date of formation, website, information about board members, information about real beneficiaries, information about partners/shareholders (equity structure, how many shares held);

 

  1. Visitor's data such as the computer’s IP address, URL, browser information, plug-in types, operating system and platform, pages opened, duration of the visit, number of the various page views, number of visits, referral source, communication data in connection with any enquiry or message you send us (e.g. via forms or contact fields), as well as location-based data, technical data, and behavioral and preference data are collected; however, these are only used for statistical purposes and to improve the website’s contents – including the use of Google Analytics, and, if the user accesses the website or app using portable devices, we may also collect identification data of that device, data of the Internet Service Provider ISP and the subscriber’s data; however, these are only used for statistical purposes or to ensure the correct operation of the website;

 

  1. We work closely with third parties (e.g. business partners, technical, payment and delivery service providers, advertising networks, tracking and analytics providers, data aggregators, lead generation agencies, public sources, third party social networking sites and search information providers) and may receive information about User’s, Client’s or Visitors from them. Such information may include your clickstream through our website, the products you viewed and the page interactions, your personal contact information (if you are referred to us by an introducing broker or a friend), any personal data that is part of your profile on a third party social network (e.g. Facebook) and that you allow that third party social network to share with us (e.g. name, email address, gender, birthday, city, country, interests, profile picture, user ID, friend list). You can learn more about the data that we may obtain about you by visiting the website of the relevant third party social network.

 

  1. The Collector may also receive personal data about individuals when acquiring other companies. When receiving data from third parties (which have collected such data in their own responsibility), we consider that such third parties are authorised to provide the relevant data to us and – unless otherwise indicated by the relevant third parties – have allowed us to process such data in accordance with this Policy.

 

  1. Data of interested parties such as e-mail address, title, category, subject and body of the message, image (face photo and ID document) – where necessary to establish identity.

If you share personal data about other people with us (e.g. as part of our referral program or when giving us access to your contact list), you confirm that you have brought this notice to their attention beforehand. 

We may also receive personal data about you from third parties, such as: merchants who will forward transaction data to us, for example via the global MasterCard network, even in respect of transactions conducted in Switzerland; other third parties you have authorized to share data with us, which may include social networks. 

Such third parties may collect your personal data during the course of their activities and pursuant to their own privacy policy or similar agreement. When receiving data from third parties, we consider that such third parties are authorized to provide the relevant data to us and – unless otherwise indicated by the relevant third parties – have allowed us to process such data in accordance with this Policy.

 

III. Legal basis and purpose of processing

The legal basis / purpose for data processing by the Controller is:

  1. your freely given consent for data processing, concerning a request submitted via the contact form available at http://www.zondacryptoswiss.com/ wherein making contact with the Controller along with providing Personal data is treated as an expression of the required consent;

  2. performing of our pre-contractual or contractual obligations towards you like opening and managing your account and providing you with the product and services, i.e. Data processing is necessary for accessing and browsing http://www.zondacryptoswiss.com/, registering and using an account here;

  3. compliance with our legal obligation including in respect of "know-your-customer", anti-money laundering laws and regulations, as well as rules relating to the prohibition of market abuses, market rules, or our agreements with counterparties we rely on to execute transactions;

  4. legitimate interest including improving the quality of services and adapting them to the needs of the users, clients, interested parties and visitors, responding to your requests, making the website and the services more effective, safeguarding the security of the Controller’s website, sending out the newsletter and marketing the Controller’s own products;

  5. preventing fraud or misuse of our services and manage our risks based on our legal obligations or on our legitimate interests;

  6. enforcing our rights or defending ourselves against legal actions or other proceedings based on our legitimate interests.

The provision of Personal data by users is voluntary but is required in order to be able to use the Controller’s services provided via http://www.zondacryptoswiss.com/.

In the majority of cases, we obtain the data directly from you via our website, which you visit, and by tracing your activity on it, as well as your provision of the data necessary in order to register an account, authenticate your identity and perform services on our website.

The personal data of persons visiting the Controller’s website shall be processed starting from your visit to the website. If you do not accept this Policy, please cease any further activity and leave the site.

In remaining cases, we process such personal data as you provide when sending requests via our contact form.

 

IV. Automated processing decision

Personal data of Users are partially subject to an automated processing decision when verification of the User's account on the site http://www.zondacryptoswiss.com/using the Onfido program (Onfido Limited). The Onfido program, in an automated manner, recommends if the User's verification can be approved, denied or reassigned for manual verification by the Controller. Therefore, the User's verification process is not fully automated, as the final decision about establishing or not establishing a business relationship is made by the Controller. Your submission to the above-mentioned verification process is necessary to use the services of the Controller provided by the website http://www.zondacryptoswiss.com/ including primarily the performance of the contract by the Data Controller.  

 

V. Your rights regarding your data

In the context of the processing of your Personal data, you have the following rights:

  1. right to access the Personal data – the data subject has the right to receive confirmation from us that the subject’s data are indeed processed by us, or not, and if so, then to demand access to their own personal data. Information about access includes, without limitation, the purpose of data processing, the categories of data processed and the recipients or categories of recipients to whom your data have been or shall be disclosed. This is not an absolute right, however, and your right of access may find some limitations due to the interests of other people. You have the right to receive a copy of your data being processed. Receiving the first copy is free of charge;

 

  1. right to have the data rectified – the data subject has the right to require the Controller to rectify the data subject’s Personal data without delay when such data are inaccurate;

 

  1. right to be forgotten – the data subject has the right to require the Controller to erasure the subject’s data without delay, and the Controller has the obligation to delete such data without unnecessary delay if one of the legal grounds for this is met;

 

  1. right to restrict the Processing – the data subject has the right to require the Controller to restrict the processing in the following cases:

    • the data subject disputes the accuracy of the data – for a period allowing the Controller to verify the accuracy of such data;

    • the processing is unlawful and the data subject opposes the deletion of the data, instead requiring that the processing be restricted;

    • the Controller no longer needs the data for the purposes of the processing, but the data subject needs the data for the purpose of determining, pursuing or defending themselves against claims;

    • the data subject has lodged an objection against the processing – until it can be determined whether the Controller’s legitimate reasons override the data subject’s objection.

 

  1. right to object – the data subject may at any time object to the processing in the light of the subject’s individual situation. This is not an absolute right, and in some situations it shall not apply; for example when the processing is necessary in order to protect a right in judicial proceedings;

 

  1. right to data portability – the data subject has the right to receive the personal data in a structured, commonly used and machine-readable format and the right to transmit such data to another controller without hindrance from the Controller, after meeting certain requirements specified by the provisions of the law;

 

  1. right to lodge an objection with the supervisory body – the data subject has the right to lodge an objection with the appropriate supervisory body. http://www.zondacryptoswiss.com/

If you want to exercise any of the above-described rights or you have any questions concerning the processing of your data, please contact us at

  • (e-mail): [email protected] 

  • or (by registered mail): BB Trade Switzerland AG, Dammstrasse 16; 6300 Zug

When you submit such a request, we may require that you provide information to confirm your identity. For security reasons, we may require your requests to be made in written form. 

The exercise of the above-mentioned rights (e.g. your objection to the processing of your personal data or withdrawal of any previously given consent) may prevent us from providing you with all or part of our services. If we consider that, by agreeing to your request, we would no longer be able to provide our services to you in a manner that fulfils our quality standards, we may decide to terminate our relationship with you. 

The abovementioned rights may also be limited – for example when we are required to obtain and process your personal data to comply with applicable law and regulation, to assert or defend against legal claims, or when we have other legitimate grounds for the processing that override your interests and rights. We may therefore be entitled to continue processing your personal data even after you have chosen to withdraw your consent or objected to the processing of your personal data. If requests are manifestly unfounded, unfair, impossible to comply with or could threaten the privacy of others or if they are excessive, in particular because of their repetitive character, we reserve the right to either charge a reasonable fee taking into account the request or refuse to act on the request. 

If you believe that we are processing your personal data in violation of the provisions in force, you always have the right to lodge an objection with the appropriate supervisory body.

 

VI. To whom and where we transfer your data

If necessary, the Controller may share your personal data with the following recipients, who may be located in Switzerland or abroad:

  1. business partners, banks, payment operators, our service providers (e.g. IT, back-office and logistics service providers, debt collection service providers) – if necessary in connection with our business activity, especially for the purpose of performing our contracts with such third parties, providing services and ensuring the appropriate standards of performance and compliance with the provisions of the law and safety requirements, communicating with you and with third parties, meeting financial obligations and responding to your requests and legal demands;

  2. tax authorities, withholding agents, auditors and custodians, or other relevant third parties; 

  3. courts, authorities and self-regulatory bodies;

  4. media outlets requesting comments from us;

  5. data processors (processing entities); and/or  

  6. other third parties with whom you allow us to share data.

The Controller may enter into written data processing contracts with another entity (Processor). The right to enter into such contracts arises from the provisions of the law. Processors may include, without limitation: IT service providers, auditors, accounting firms, outsourced workforce providers, customer service software providers, e-mail operators (Google Inc.), server hosting providers.

Processors shall be contractually required to implement appropriate technical and organizational measures in order to protect the data of interested persons and users and to process such data only in accordance with the Controller’s instructions.

For the purpose of registering an account on http://www.zondacryptoswiss.com/ and for verification of your identity, your data shall be transferred for processing to entities providing the authentication of scans of documents as a service (Onfido Limited, LexisNexis Risk Solutions Europe Limited, Sum And Substance LTD).

In addition, for the purpose of sending you, as Users and Clients, email messages, your Personal Data will be entrusted to the mailing service provider, Insider Services UK Limited.

Additionally, please be informed that the Controller may transfer your personal data to the business partner - Intercom R&D Unlimited Company (2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin, Ireland) oraz Intercom, Inc. (55 2nd Street, 4th Fl., San Francisco, CA 94105, USA), as well as other companies from INTERCOM group, while you use the chat on the website http://www.zondacryptoswiss.com/.

Moreover, your personal data may be disclosed to competent public authorities if required by the current provisions of the law.

Your personal data may be disclosed to the Controller’s affiliates (companies with capital or personal ties) – viz. Orion Software sp. z o. o. based in Poland, Expofer Servis House s. r. o. based in Czech Republic, to the extent necessary for business collaboration and the performance of contractual obligations.

To track your activity on our website, we use tools such as Google Analytics, Google Search Console, Google Tag, AHRefs, SEMRush, KW Finder, Screaming From, and SERPRobot. They are, however, tools which are used only to collect statistical data and do not collect any of your Personal data. 

 

VII. Security measures

Your personal data are stored and protected in accordance with the principles set out in the provisions of the law in force. The Controller undertakes appropriate measures to:

  1. prevent data loss, unauthorized access, use, destruction, modification or disclosure;

  2. ensure appropriate technical and organizational protections;

  3. protect the personal data according to the risk level and any special category of personal data.

Taking into accounting the current state of technology, costs, nature, scope, context and purposes of the Processing operations, as well as the rights and freedoms of individuals, such activities may include, without limitation, Pseudonymization and encryption of personal data, measures ensuring confidentiality, integrity, availability and resilience, restoration measures, as well as procedures for regular testing, evaluation and assessment of the effectiveness of the security measures used.

 

 VIII. Storage period

We process your data only for a period no longer than necessary to achieve the purposes of processing, subject to any legal, regulatory or contractual requirements, the time in which any litigations or investigations might arise and the need to answer queries or resolve issues. After achieving the purpose of processing, your data shall be erased, as long as the provisions of the law allow this to be done. Depending on the legal basis for processing, different storage periods may apply.

Your data shall be stored until the statute of limitation runs out on any claims or until the legal obligation to store your data expires.

The personal data of interested parties shall be stored until they withdraw their consent or until the Controller’s response (as long as this is possible in the light of the provisions of the law).

Personal data of Users and Clients will be stored for as long as necessary to fulfil the purposes for which it was collected, in particular for the duration of the contractual relationship. After the end of the business relationship or collaboration, data will be retained only as long as legally required or justified by legitimate business interests. This includes compliance with statutory retention obligations (e.g. under the Swiss Code of Obligations or Anti-Money Laundering Act), and for the duration of applicable limitation periods for potential legal claims (which may be up to 10 years). Unless a longer or shorter retention period is required or permitted by law, we delete or anonymise personal data no later than five years after the end of the business relationship.

Visitor’s Personal data, who will not be qualified as Users, Clients and Interested parties, will be stored in compliance with applicable Cookies Policy.

 

IX. Age policy

Our services are not intended for persons younger than eighteen (18) years of age. We have no intention of processing their personal data. If you are younger than 18, do not use the Controller’s services and do not send us any information about yourself. If we become aware that we have been processing the personal data of a person younger than 18, we shall erase such data as soon as possible.

 

 X. Modifications

The Controller keeps this Policy under regular review and consequently, it may change at any time in the future.You shall be notified of any amendments by publication of an updated, modified Privacy Policy on the Controller’s website. It is recommended to read through the contents of the Privacy Policy regularly.