FADP Data Privacy Notice
1. Data protection
MOONCHAIN CAPITAL SA (« hereafter or “we”) takes your privacy seriously.
MOONCHAIN adheres to high data protection standards as well as transparency of personal data collection and processing for our clients in accordance with the Swiss Federal Act on Data Protection (“FADP”).
This privacy notice contains general information on what personal data MOONCHAIN collects, what we do with that information, and what rights you have. If you have any questions or comments, please contact us at the address set out in section 8.
‘Personal data’ is any information that relates to an identified or identifiable natural person.
As part of our commitment to protect your personal data in a transparent manner, we want to inform you:
- Why and how MOONCHAIN collects, uses and stores your personal data;
- The lawful basis on which your personal data is processed; and
- What your rights and our obligations are in relation to such processing.
In respect to natural persons in the European Union (EU), the rules of the General Data Protection Regulation (Regulation (EU) 2016/679) (hereinafter referred to as “GDPR”) might also apply to the processing of the personal data.
In this regards, should you be considered as a natural person in the European Union (EU) according to the GDPR, please refer to our “GDPR Data Privacy Notice” accessible here.
2. What types of personal data do we collect?
MOONCHAIN will, depending on the service we provide to you (if any), collect and process personal data about you including:
- Personal details such as your name, identification number, date of birth, KYC and AML documents (including a copy of your national identity card or passport), phone number physical and electronic address, and family details such as the name of your spouse, partner, or children;
- Information, including payment and transaction records and information relating to your assets, liabilities, revenues, earnings and investments (including your investment objectives);
- Tax domicile and other tax-related documents and information;
- Where applicable, professional information about you, such as your job title and work experience;
- Your knowledge of and experience in investment matters;
- Details of our interactions with you and the services you use;
- Any records of phone calls and emails between you and MOONCHAIN;
- Where applicable, details of your nomination of a mandate;
- Identifiers we assign to you, such as your client number;
- Should you access our Website, data transmitted by your browser and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your web browser, browser language and requesting domain, and IP address (additional data will only be recorded via our Website if their disclosure is made voluntarily, e.g. in the course of a registration or request); and
- In some cases (where permitted by law), special categories of personal data, such as your biometric information, political opinions or affiliations, health information, racial or ethnic origin, religious or philosophical beliefs, and, to the extent legally possible, information relating to criminal convictions or offences.
In addition, in some cases, we might collect this information from public registers (which, depending on the service you receive, may include beneficial ownership and other registers), public administration or other third-party sources, such as wealth screening services, credit reference agencies, fraud prevention agencies.
If relevant to the services we provide to you, we will also collect information about business partners (including other shareholders or beneficial owners), dependants or family members, representatives, and agents. Additionally, where you are an institutional or corporate client or investor, we will also collect information about your directors, employees or shareholders. Before providing MOONCHAIN with this information, you should provide a copy of this notice to those individuals.
3. On which legal basis and for which purposes do we process personal data?
3.1 Legal basis for processing
Depending on the purpose of the processing activity (see section 3.2), the processing of your personal data will be one of the following:
Necessary for the legitimate interests of MOONCHAIN, without unduly affecting your interests or fundamental rights and freedoms (see below);
Necessary for taking steps to enter into or executing a contract with you for the services you request, or for carrying out our obligations under such a contract, such as when we use your data for some of the purposes in sections 3.2 (a), (b) (c) and (i) below (as well as certain of the data disclosures described in section 4);
Required to meet our legal or regulatory responsibilities, including when we conduct the checks referred to in section 3.2 (a) below and make the disclosures to authorities, regulators and government bodies referred to in sections 3.2 (g) and 4 below;
In some cases, necessary for the performance of a task carried out in the public interest;
When we use special categories of personal data, necessary for establishing, exercising or defending legal claims or where the processing relates to personal data manifestly in the public domain; and
In limited circumstances, processed with your consent which we obtain from you from time to time (for instance where required by laws), or processed with your explicit consent in the case of special categories of personal data.
Where the personal data we collect from you is needed to meet our legal or regulatory obligations or enter into an agreement with you, if we cannot collect this personal data there is a possibility we may be unable to on-board you as a client or provide services to you (in which case we will inform you accordingly).
3.2 Purposes of processing
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process personal data for the following purposes:
In order to provide consulting services on investments in the field of cryptocurrencies and blockchain technology, as well as in the context of carrying out our contracts with our clients or to carry out pre-contractual measures that occur as part of a request.
Client on-boarding processes, including to verify your identity and assess your application and to conduct legal and other regulatory compliance checks (for example, to comply with anti- money laundering regulations, and prevent fraud);
Providing services to you and ensuring their proper execution;
Managing our relationship with you, including communicating with you in relation to the services you obtain from us, handling customer service-related queries and complaints, making decisions regarding your identity and tracing your whereabouts;
Helping us to learn more about you as a customer, the services you receive, and other services you may be interested in receiving, including profiling based on the processing of your personal data, for instance by looking at the types of services that you use from us, how you like to be contacted and so on;
Taking steps to improve our services and our use of technology, including testing and upgrading of systems and processes, and conducting market research to understand how to improve of our existing services or learn about other services we can provide;
Contacting you for direct marketing purposes about services we think will be of interest to you and facilitating competitions and promotions;
Meeting our on-going regulatory and compliance obligations (e.g. laws of the financial sector, anti-money-laundering and tax laws, if applicable), including in relation to recording and monitoring communications, disclosures to tax authorities, financial service regulators and other regulatory and governmental bodies, and investigating or preventing crime;
Ensuring the safety of our customers, employees and other stakeholders;
Undertaking transactional and statistical analysis, and related research;
For the MOONCHAIN’s prudent operational management (including risk management, insurance, audit, systems and products training and similar administrative purposes); and
Any other purposes we notify to you from time to time.
4. Who has access to personal data and with whom are they shared?
4.1 With MOONCHAIN
We might share personal data to MOONCHAIN employees or with other MOONCHAIN Group companies (if any) in order to ensure a consistently high service standard across our group, and to provide services to you.
MOONCHAIN will disclose personal data only to those of its employees and affiliated corporate entities of its group (if any) that (i) need to know that information in order to process it on MOONCHAIN’s behalf or to provide services, and (ii) that have agreed not to disclose it to others.
4.2 Third Parties
Personal data may be disclosed to third parties in connection with the services we are providing to you. The recipients of any such information will depend on the services that are being provided. In order to fulfil the aforementioned purposes and subject to any confidentiality restriction we may have expressly agreed with you or any transaction parties, we may disclose your personal data to:
- Service providers which perform services on our behalf, such as payment, crypto-currency platforms exchange, third party storage providers and trade data repositories, third party IT and hosting providers, third party distribution platforms and courier services;
- To other deal/transaction participants, counterparties, vendors and beneficiaries;
- Financial, taxation, regulatory or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law;
- Certain professionals such as lawyers, notaries or auditors; and
- To any other persons as agreed with you.
When we do so we take steps to ensure they meet our data security standards, so that your personal data remains secure.
We reserve the right to make personal data accessible to other recipients, as disclosed to you from time to time or if required by applicable laws or requested by a competent authority.
The provision of personal data may be mandatory, e.g., in relation to our compliance with legal and regulatory obligations to which we are subject. Please be aware that not providing such information may preclude us from pursuing a business relationship with, and/or from rendering our services to you.
4.3 Public or regulatory authorities
If required from time to time, we disclose personal data to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.
- If our business is sold to another organisation or if it is re-organised, personal data will be shared so that you can continue to receive services. We will usually also share personal data with prospective purchasers when we consider selling or transferring part or all of a business. We take steps to ensure such potential purchasers keep the data secure.
- We may need to disclose personal data to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others.
5. International transfers of personal data
The Recipients referred to in section 4 above may be located outside Switzerland.
In those cases, except where the relevant country has been determined by the Federal Data Protection and Information Commissioner to provide an adequate level of protection, MOONCHAIN requires such recipients to comply with appropriate measures designed to protect personal data contained within a binding legal agreement.
A copy of these measures can be obtained by contacting the Data Protection Officer (“DPO”) at the address at the end of this notice. If and to the extent required by applicable law (such as Swiss Banking Secrecy), we implement the necessary legal, operational and technical measure and/or enter into an agreement with you before such transfers.
6. How long and where do we store your data?
We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your personal data depending on its purpose, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.
It should be noted here that our business relationship is a long-term obligation, which is set up on the basis of periods of years.
In general, MOONCHAIN will retain personal data for the period of your relationship or contract with MOONCHAIN plus 10 years, reflecting the length of time for which legal claims may be made following termination of such relationship or contract.
An ongoing or anticipated legal or regulatory proceeding may lead to retention beyond this period.
Due to requirements potentially laid down by the Swiss Financial Market Supervisory Authority ("FINMA"), MOONCHAIN might also have to store all electronic correspondence (e-mails, etc.) and evidence of the calls made on business telephones by its employees for a period of two years.
All personal data will be stored in a server physically located in Switzerland.
7. Your rights
You have a right to ask MOONCHAIN to rectify inaccurate personal data we collect and process and the right to request restriction of your personal data pending such a request being considered.
Where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time. Please also note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You have a right to ask us to stop processing your personal data, or to request deletion of your personal data – these rights are not absolute (as sometimes there may be overriding interests that require the processing to continue, for example), but we will consider your request and respond to you with the outcome.
Where we process your personal data on the basis of your consent, or where such processing is necessary for entering into or performing our obligations under a contract with you, you may have the right under applicable data protection laws to request your personal data be transferred to you or to another controller. You have the right to ask MOONCHAIN for a copy of some or all of the personal data we collect and process about you.
In certain circumstances MOONCHAIN may process your personal data through automated decision-making, including profiling. Where this takes place, you will be informed of such automated decision-making that uses your personal data, be given information on the logic involved, and be informed of the possible consequences of such processing. In certain circumstances, you can request not to be subject to automated decision-making, including profiling.
You can exercise the rights set out above by contacting the DPO using the details in section 8 of this notice.
8. Exercising your rights and complaints
If you are not satisfied with any aspect of the processing of your personal data by MOONCHAIN, we would like to discuss it with you to understand how we can rectify the issue.
You may exercise any of your rights in relation to your personal data by writing to us at the following addresses. To avoid delay in dealing with your request, please enclose with your signed letter a copy of your passport or identity card:
MOONCHAIN CAPITAL SA, att. to Mr Christopher MANESSIS, Data Protection Officer,
Rue des Epinettes 19, 1227 Les Acacias, Switzerland.
If you are not satisfied with MOONCHAIN’s response, you have the right to make a complaint to the data protection authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen.
9. Security Note
We have in place appropriate technical and organisational measures to prevent unauthorised or unlawful access to the personal data you have provided to us. As complete data security cannot be guaranteed for communication via e-mails, instant messaging, and similar means of communication, we would recommend sending any particularly confidential information by an alternative secure means.
10. Changes to personal data
MOONCHAIN is committed to keeping your personal data accurate and up to date. Therefore, if your personal data changes, please inform us of the change as soon as possible.
11. Status of this privacy notice
This privacy notice was drafted on June 2018. It is a notice explaining what MOONCHAIN does, rather than a document that binds MOONCHAIN or any other party contractually.
We reserve the right to amend it from time to time. If the notice has been updated, we will take steps to inform you of the update by appropriate means, depending on how we normally communicate with you, such as through your account statement.