Legal
Privacy Policy
This Privacy Policy (the Policy) describes how Copper collects, uses and shares the information you provide to us and the information we collect in the course of operating our business and our websites. We comply with the applicable data protection laws of Switzerland, Swiss Federal Act of 19 June 1992 on Data Protection (FADP) and any reference to the FADP shall always also include a reference to the Ordinance of the FADP (the OFADP), and the European Union, in particular the General Data Protection Regulation, GDPR.
We may revise this Policy at any time by amending this page. We therefore recommend that you check this page on a regular basis to take notice of any changes we make. This Privacy Policy was last updated on 24 June 2022.
This Policy describes:
To find out more click on the sections.
General Information
In this Policy when we refer to Copper or “we”/”us”/”our” we mean Copper Technologies (Switzerland) AG registered in the Commercial Register of the Canton of Zug under No. CHE-477.629.838. Our registered office is at Gubelstrasse 24, 6300 Zug, Switzerland. You can find contact details in the Contact us section of our website.
Who we are
Copper is a FinTech scale-up and go-to provider of safeguarding and trading infrastructure for digital assets. We create and maintain the systems that enable vast sums of crypto-assets to move quickly and securely between exchanges and hedge funds, private banks and family offices. Your interest in our Crypto Asset Services is highly appreciated.
Purpose of this Policy
Copper takes your data protection very seriously and is committed to protecting your personal data and client confidentiality. In order to ensure that Copper will comply with data protection laws and regulations. This Policy sets out the way in which personal data you provide to us is processed and kept secure by Copper and your rights under data protection laws and regulations. It applies whenever we handle your personal data (including when you use our website or other digital platforms or register for our service), so please read it carefully. Which specific data are processed and how they are used depends largely on the services requested or agreed in each case. Before registering for, or using Copper services, in particular before entering any personal data you need to understand our practices regarding your personal data, how we will treat your personal data and the basis on which it could be disclosed to third parties. We process the Personal Data in compliance with the provisions of the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).
Outsourcing
When we collect and process your personal information, Copper is the controller of data. Copper can transfer personal data to affiliated companies outside Switzerland, in particular to Copper Technologies (UK) Limited in London. Copper warrants adequate protection for personal data in situations in which the data is transferred to another country for the purpose of processing such data on behalf of Copper.
What is personal data / client registration
“Personal data” is anything which enables us to identify you in some way such as a name, email address, or an online identifier such as an IP address that we can link to you. You may be asked to provide personal data through our digital channels such as the website. In order to register as a new e.g. corporate client, we might probably collect following data: -Company name / Company address - First and Last name / copy of passport - E-Mail Address / Phone Number / Residential Address -Your wallet ID -Some additional information, e.g. what kind of service is desired, to ensure compliance with KYC/AML requirements (Art. 6 para. 1 Anti-Money Laundering Act, AMLA). We collect these data to fulfil our pre-contractual and contractual legal obligation with the meaning of Art. 13 para. 2 FADP and of Art. 6 para. 1 lit. b GDPR. The process of personal data is not limited to the personal data of our clients, it includes also suppliers, prospects, website users, employees, job applicants, vendors and third parties. Our aim is to limit its processing of these to a necessary minimum and in accordance with the applicable laws and regulations.
Updating your personal information
If you need to change or amend your personal information, including your contact details, please notify Copper as soon as possible in writing; details can be found below.
Third party links
Please note that our website may contain links to third party websites / digital platforms which are provided for your convenience. We recommend that you check the privacy and security policies and procedures of each and every other website / digital platform that you visit.
Origin of personal data that we collect
We collect personal data to the extent that is legally permitted and in particular from the following sources:
Personal data that is given to us by the data subject
We will process personal data that you give to us including when you email us or contact us through various channels as follows:
Signing up for services on our website: when you sign up for newsletters, webinars, participating in discussion boards or other social media functions, events or digital asset acquisition or storage services from us or when you contact us with queries or respond to our communications.
In connection with our provision of digital asset acquisition and storage services: namely for the account opening you will provide us with personal data when you or the company you represent becomes a client of Copper. If you are not a client we may collect or receive your personal information because you are involved in one of our client’s matters.
Recruitment application: when you apply for a role with us you may provide us with your personal data submitted directly by you as well as third party agencies and recruiters on your behalf. We only process the personal data we need in order to assess your suitability for the position you apply for.
Personal data we obtain from other sources
If you apply for a position with us we may collect personal data relating to past employment, qualifications and education, opinions from third parties about you, past employment history and other details about you, which will be provided to us by a third party that provides background screening services to us. We may also ask for an information from official registers such as criminal records checks or credit history.
Personal data that is necessary for the facilitation of products and services that we offer on the Copper Platform and that is transmitted to us via the technical infrastructure (e.g. login information for Copper Unlimited, payment and trading transactions or collaborations with financial or IT service providers).
Personal data from third parties, such as authorities, sanction list (e.g. SECO, UNO/EU), Worldcheck or search information providers)
Personal data that is publicly assessable (e.g. public register information, public social media platforms).
Purpose and usage of data
We may process personal data as described below to the extent legally permitted:
Digital asset acquisition and storage services, improving and managing our products and services as well as to update the data of individuals with whom we maintain a business relationship;
Market research, marketing and business development activity in relation to our services. This may include sending you newsletters, marketing communications and other information that may be of interest to you, events for clients, prospects, etc.;
Review and process job application;
Compliance, legal and/or regulatory disclosure, notification and reporting obligations to authorities, including but not limited to money laundering and terrorist financing;
Exercise or defend our legal rights or for the purpose of legal proceedings against us or our employees and clients;
Managing, controlling and monitoring business related decisions and risk, processing business in appropriate time e.g. investment profiles, limits, operational and fraud risk.
Grounds for processing your personal data
We rely on the following legal grounds to process your personal information:
On the basis of your consent
Art. 13 para. 1 FADP; Art. 6 para. 1 lit. a GDPR Consent – insofar as you have agreed to the processing of your personal data for specific purposes. You can withdraw your consent at any time by contacting us (see below).
For fulfilment of contractual obligation
Art. 13 para. 2 lit. a FADP; Art 6 para. 1 lit. b GDPR Performance of a contract in order to provide you with crypto services or to perform pre-contractual measures in order to proceed with a request – the purposes of data processing are mainly in compliance with the specific products and services and may include needs assessments, support and as well as carrying out transactions.
For compliance with a legal obligation
Art. 13 para. 1 FADP; Art. 6 para.1 lit. c GDPR or in the public interest Art. 6 para.1 lit. e GDPR Compliance with law or regulation – we are subject to various legal obligations, in particular statutory requirements such as the Anti-Money Laundering Act, financial supervisory ordinances and circulars, and tax law. The purposes of processing include assessment of identity, anti-fraud and anti-money laundering measures, the fulfilment of tax law and reporting obligation and the assessment of risk.
For the purpose of protecting legitimate interest
Art. 13. para. 1 FADP; Art. 6 para. 1 lit. f GDPR Legitimate interest - we may process your personal data where necessary for safeguard our legitimate interests or of a third party, some examples of which are given above e.g. guarantee of IT security, prevention and clarification of crimes, asserting legal claims and marketing.
For all data processing in the points 3.1.2. – 3.1.4 the legal basis is given by the necessity of accomplishment a legal obligation. For those cases there is no need for your prior consent to process this data.
How we share personal data with third parties
In addition we contract with third party service providers and suppliers to deliver certain services. Copper adheres to the requirement to have Data Flow Agreements in place with each of its providers so that they process your personal data in accordance with this Policy. This may include:
Third party suppliers or contractors, bound by obligations of confidentiality, in connection with the processing of your personal data for the purposes described in this Policy. This may include, but is not limited to, IT and communications service providers or website hosting company. Our website is hosted on servers based in the UK and operated by AWS.
Third parties relevant to the digital asset acquisition and storage services that we provide. This may include, but is not limited to, counterparties to transactions and other professional service providers.
The following third parties may also have access to your personal information:
any other person who is authorised to act on your behalf;
regulators, government departments, law enforcement authorities, tax authorities and insurance companies;
any relevant dispute resolution body or the courts; and
persons or businesses in connection with any sale, merger, acquisition, disposal, reorganisation or similar change in our business.
If we transfer your personal information outside Switzerland and the EU or the EEA (so called third countries), service providers are obligated to comply with the data protection levels in Switzerland and Europe in addition to written instructions by agreement to the standard contractual clauses. In all cases, however, any transfer of your personal information will be compliant with applicable rules and regulations.
Storage of data and data security
How long we hold your personal data for will vary and will depend principally on:
the purpose for which we are using your personal data – we will need to keep the information for as long as is necessary for the relevant purpose, and
legal obligations – laws or regulation have set a minimum period for which we have to keep your personal data.
According Swiss regulations, business communication, contracts, account opening forms, accounting documents, reports must be stored for up to 10 years. We will not hold your personal data for any longer than is necessary, unless we are required to keep your personal data longer to comply with the statutory retention period. We will ensure that your stored data is subject to appropriate security measures, which are continually improved by new technological developments.
Data subject rights
You have a number of legal rights in relation to the personal information that we hold about you and you can exercise your rights by contacting us using the details set out below.
Your rights include:
The right to access the personal information held about you (Art. 8 FDPA; Art 15 GDPR);
The right to have your personal information rectified if it is inaccurate or incomplete (Art. 5 FADP; Art. 16 GDPR);
The right to have your personal information rectified if it is inaccurate or incomplete (Art. 5 FADP; Art. 16 GDPR);
The right to erasure as long as there is no legal basis that allow us to further process such data (Art. 5 FADP, Art. 17 GDPR);
The right to restrict the processing of your personal information under certain conditions (Art. 12, 13, 15 FADP; Art 18 GDPR);
The right to object certain processing of personal data (Art. 4 FADP; Art. 21 GDPR);
If applicable, the data portability rights - under some circumstances, receiving some personal data that you have provided to us in a readable format (Art 20 GDPR);
If applicable, the right to lodge a complaint with a supervisory authority for an EU or EEA member country ( Art. 77 GDPR); and
Where you have provided consent to the processing of personal data, the right to request to withdraw such consent at any time. Please note that the revocation will only take affect in the future.
Please note that if you choose to exercise your rights to have personal data restricted or deleted, then we may not be able to provide you with a full service.
The provisions of money laundering law require that we verify your identity before establishing the authority / authorization, e.g. by means of your passport and that we record your name, date of birth, address etc. In order to complete this statutory obligation, you must provide us with the necessary information and documents and notify us without delay of any change that may arise during our business relationship. Without necessary information and documents, we will not be allowed to enter or continue the business relationship.
We do not make decisions based solely on automated processing, including profiling, as define in Art. 22 GDPR to establish or implement the business relationship.
Cookies
In common with many other website operators, we use standard technology called 'cookies' on our website. Cookies are small pieces of information that are stored by your browser on your computer's hard drive and they are used to record how you navigate this website on each visit.
We will also collect information when you use our services or when we otherwise interact or correspond with you. We use various technologies to collect and store information when you visit our websites, such as Google Analytics. We may, for example, collect information about the type of device you use to access the websites, your IP address and your geographic location, the operating system and version, your browser type, the content you view and features you access on our websites, the web pages and the search terms you enter on our websites. For information about how we use Cookies and the choices you may have, please see our Cookies Policy.
Click here for information on our Cookies Policy
How to contact us
You may contact us in writing to the DPO email address or via regular mail to the address indicated below.
Email: dpo@copper.co
Post:
Data Protection Officer,
Copper Technologies (Switzerland) AG,
Gubelstrasse 24, 6300 Zug, Switzerland.
If you are not satisfied with the response you receive from us or how we handle your personal information, then please let us know. We will examine your issue and improve, where necessary. We understand how crucial the protection of personal data is, especially in an online environment.