Privacy Policy

Introduction.

Pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679, laying down provisions for the protection of individuals with regard to the processing of personal data and the free circulation of such data, (hereinafter also only the “GDPR“) we inform you that the processing of personal data of Users and/or visitors (hereinafter also only the “User” or cumulatively also the “Users“) who consult and/or visit and/or register on the website “www.relai.app (the “Website”) or application owned or operated (the “Relai App” and the Website and Relai App collectively the “Apps”) provided by Relai AG, a company organized and existing under the laws of Switzerland, under company registration number CHE-340.229.036 whose registered office is located at Langstrasse 136 in 8004 Zurich Switzerland (“Relai“, “we”, or “our”) takes place in compliance with the legislation for the protection of personal data and confidentiality to which our business is dutifully inspired, for the purposes and methods better described in this Privacy Policy.

What is “personal data”? Personal Data refers to any information or pieces of information that could identify You either directly (e.g. your name, surname, email, home address, etc.) or indirectly (e.g. through pseudonymized data, such as a unique ID number, etc.). It may also include unique identifiers like your computer’s IP address.

Relai is dedicated to collecting as little personal data about its Users as possible. This Privacy Policy is drafted in English and translated to French, German, Italian and Spanish. In case of conflict the English version shall be the binding version.

1. Who are the Data Controller and the Data Protection Officer?

The data controller of the personal data collected through the Apps is Relai, e-mail: [email protected].

In accordance with the new GDPR provisions, Relai has appointed a Data Protection Officer (“DPO”). The Data Protection Officer may be reached at the following email addresses: [email protected].

Relai uses Data processors in relation to the processing of personal data. For further information please refer to the List of Outsourced Services.

2. What Categories of personal data does Relai process?

2.1. Data provided by the User.

Relai will process the following personal data provided directly by the User.

2.1.(i) Relai App. Every time a Relai User makes a transaction through the Relai App, we collect information about the order. The data we collect includes the following individual Users’ personal data (name, surname, date and place of birth, tax code and nationality), contact details (residence and/or domicile address, telephone number, e-mail), verification data (for the purpose of verifying an account): identity documents (passport, driving license and identity card) and data of a proof of address for the verification of residence, photos, data on the condition of politically exposed persons; other personal and/or economic information (in order to comply with legal obligations): profession and economic sector, income and assets, origin of funds, password for the account. We could also collect additional personal data provided by the User in the use of the additional sections on the Relai App (for example for help desk or for incoming deposits), like the deposit amount, deposit ID, user details, and bank details; push notification tokens (if permissions are given in the App).

2.1.(ii) Website. Every time a User visits the Website we collect information provided by the User when he/she subscribes to the newsletter format (giving a specific consent on this marketing activity) or uses additional sections on the Relai App (for example for help desk).

2.2. Data collected by Relai.

Computer systems and software procedures on which the Apps are based are made so that they get, during their ordinary activity, information and personal data that are later sent implicitly through the web by systems based on the Internet protocol. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes the IP addresses or domain names of the computers used by the Users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

Every time a User visits the Website we collect information about online identifiers (geolocation/tracking details, browser fingerprint, operating system, mobile device type, browser name and version, anonymized IP addresses) and usage data (authentication data, click-stream data, and other data collected via cookies and similar technologies). For more details please refer to the Cookie Policy. 

2.3. Personal data of third parties

Should the Data Controller process personal data of third parties communicated directly by a User (for example in the event that the User intends to make an appointment with Relai also on behalf of a friend or a relative), the User acknowledges that in this case they are the owner of the processing of the personal data of the aforementioned third parties. Therefore, by providing such personal data of third parties to Relai: (i) the personal data that should be communicated by the User to Relai have been processed by the User in accordance with the provisions in force on privacy; (ii) the aforementioned third parties have been previously and duly informed by the User in relation to methods and purposes of the processing itself and have authorized it to do so. All responsibility for the communication of information and data of third parties without said parties’ permission or for any incorrect or unlawful use of the same is solely of the User.

3. What are the purposes of the processing and the legal basis?

3.1. Registration on the App and creation of the personal account for the establishment, the execution and the management of the contractual relationship

The legal basis for processing of personal data is the contractual relationship to which the User is a party pursuant to art. 6 par. 1 lett. b GDPR.

The personal data referred to in paragraph 2.1. will be processed by Relai for:

1. the registration on the App, creation and management of the User’s personal account and any IT-technical assistance on the use of the account;
2. the establishment, execution and management of the contractual relationship and/or for the supply of services connected to the same contractual relationship. And in particular, for the following purposes:
   1. provision of the services covered by the contractual relationship: request the opening of an account by email and/or telephone in the case of a legal person User, buy or sell bitcoin, consult the movements and/or communications of Relai about your account;
   2. verification of the User’s identity: in order to correctly process a sell/buy request, Relai verifies, in confirmation of the aforementioned request, the identity of the customer;
   3. administrative and accounting: customer database management;
   4. management of active and/or passive disputes.

3.2. Fulfillment of legal obligations

The data processing legal basis is the need to comply with a legal obligation to which the Data Controller is subject pursuant to art. 6 par. 1 lett. c GDPR.

The personal data referred to in paragraph 2.1. will be processed by Relai for the fulfillment of the legal obligations imposed on Relai by virtue of civil, fiscal and accounting regulations, as well as in the field of anti-money laundering, prevention of terrorist financing, to respond to any requests for information deriving from national authorities and supranational.

3.3. Marketing activities

The legal basis for the processing of data is the prior consent of the User pursuant to art. 6 par. 1 lett. a GDPR.

The personal data of the User referred to in paragraphs 2.1. and 2.2. will be processed for promotional activities through automated (e-mail, SMS, instant messaging) by Relai such as:

• newsletters, brochures and presentations;
• sending commercial and/or promotional information and updating communications in relation to Relai services;
• invitations to events;
• market research.

Relai for the pursuit of its legitimate interest – which does not override the interests and/or fundamental rights and freedoms of the User – in the context of the execution of the contractual relationship may process the e-mail address of the User for the CD. soft spam (art. 130, comma 4 D. Lgs. 196/2003 and 6 par. 1 letter f), GDPR).

3.4. Profiling

The legal basis for the processing of data is the prior consent of the User pursuant to art. 6 par. 1 lett. a GDPR.

The personal data of the User referred to in paragraphs 2.1. and 2.2. will be processed for profiling activities not only automated to:

• process and/or create profiles according to the User’s preferences;
• personalize the User’s experience in relation to the services provided by Relai.

However, it is not deemed that partly-automated profiling will produce legal ramifications for the User or have a significant effect on the User in a similar manner. Rights of the interested party.

3.5. Fix an appointment with Relai

The legal basis for the processing of data is the need to implement pre-contractual measures at the request of the User pursuant to art. 6 par. 1 lett. b GDPR.

The personal data of the User referred to in paragraphs 2.1. and 2.3. will be processed to fix an appointment requested by the User and/or to respond to requests for information made by the User, in order to obtain more information on Relai and/or on Relai’s activities and services.

Any purpose other than the specific treatment for which personal data has been provided will be pursued by Relai only after – as required – a specific notice has been sent to the User and the latter’s consent has been obtained.

4. Am I obliged to provide my personal data? What happens if I refuse to do so?

The disclosure of the User’s personal data to the Data Controller which is required through the App may be mandatory or optional for the pursuance of the purposes identified in this Policy.

In particular:

1. the provision of personal data by the User for the purposes referred to in paragraphs 3.1. and 3.2. is optional but necessary because failure to provide it will make it impossible to register on the Relai App and create your own personal account and/or to establish and/or continue in the contractual relationship and/or to provide services related to the aforementioned relationship;
2. the provision of the User’s personal data for the purposes referred to in paragraphs 3.3., 3.4. and 3.5. is optional and failure to provide it will have no consequence on the possibility of registering on the App and establishing a contractual relationship with Relai, but it will not be possible to inform the User about promotional and commercial initiatives and send the user newsletters, invitations to events, evaluate the interests and preferences of the User or fix an appointment with Relai to provide the User with more details about the activities and/or services offered by Relai.

It is also specified that where the User has given their consent to authorize the Data Controller to pursue the purposes referred to in paragraphs 3.3. and 3.4. that precede will remain free at any time to revoke your consent and/or oppose the processing of data for the aforementioned purposes, even only in relation to the methods of contact (for example, if the User wishes to receive the newsletter, but does not wish to receive commercial and/or promotional information and updating communications in relation to Relai services, he/she may object to the processing of his/her personal data aimed at that specific purpose) by simply sending a written notice to that end to the addresses specified in paragraph 10 below.

5. What are the ways in which my personal data are processed?

The processing of the User’s personal data will take place in a lawful, correct and transparent manner, for specific, explicit and legitimate purposes and in compliance with the laws, regulations and provisions on data privacy.

The User’s personal data are mainly processed in electronic format and in some cases also in paper format.

6. Who are the recipients of my personal data?

We reserve the right to share your personal data with other companies in the Group.

The recipients of the Users’ personal data and therefore the subjects who become aware of the Users’ personal data are:

1. subjects in charge of processing by Relai to whom specific written instructions have been provided: all company personnel, collaborators and consultants;
2. subjects who provide services for Relai appointed by the latter in writing as data processors, i.e. the companies that manage and implement the Site and provide CRM services, to fix an appointment, instant messaging and to sign the contract that the User concludes with Relai, as well as entities to which Relai has delegated specific outsourced functions (please refer to our List of Outsourced Services);
3. subjects who operate as independent owners, i.e. banking institutions, tax consultants, regulatory authorities, judicial authorities.

For a complete and updated list of the subjects to whom the data is communicated, the User can write to the contact details indicated in paragraph 1 above.

7. How long do you keep my personal data?

For the purposes referred to:

1. paragraphs 3.1. (Registration on the App and creation of the personal account for the establishment, the execution and the management of the contractual relationship) and 3.2. (Fulfillment of legal obligations), the User’s personal data will be kept by Relai for the entire duration of the contractual relationship and for a period of 5 years after the contractual relationship has come to an end;
2. paragraph 3.3. the personal data will be stored for 2 years from the collection of consent and its registration in the CRM or in any case until the withdrawal of consent;
3. in paragraph 3.4 (Marketing Activities) personal data will be stored for 1 year from the collection of consent and its registration in the CRM or in any case until the withdrawal of consent, unless cancellation is always possible by email;
4. in paragraph 3.5 (Profiling) the personal data will be stored for 6 months from the date of the conferment, unless cancellation is always possible by email.

8. How do you handle the transfer of personal data to third parties?

Unless otherwise specifically stated, personal data will not be transferred or processed outside the EU or other place considered not adequate to the relevant EU legislation. In the event that it is necessary (e.g., for certain types of cookies), the transfer of data may take place under standard European Commission clauses or other adequate guarantee (ex Art. 46 GDPR) or under one of the exceptions under Art. 49 GDPR, unless otherwise specified. In particular, the transfer of data to the United States to entities adhering to the so-called EU-US Data Privacy Framework is to be considered an adequate guarantee.

9. How can I exercise my rights?

Pursuant to articles 13, paragraph 2, letters b), c) and d) and 15-22 of the GDPR, Users can exercise the following rights:

1. the right to request access to their personal data together with indications relating to the purpose of the processing, the category of personal data processed, the subjects or categories of subjects to whom they have been or will be communicated (with indication of the possibility in which such subjects are located in third countries or are international organizations), when possible to the retention period of personal data or to the criteria used to determine this period, to the existence of their rights to rectify and / or delete personal data, to limit processing and of opposition to processing, to one’s right to lodge a complaint with a supervisory authority, to the origin of the data, to the existence and logic applied in the event of an automated decision-making process. If they exercise this right, and unless otherwise indicated by the User, they will receive an electronic copy of their personal data that is subject to processing;
2. the right to obtain:
   1. their personal data rectified if inaccurate or completed if incompleted;
   2. the cancellation of their personal data should there be one of the conditions laid down in art. 17 of the GDPR (for example: the User’s personal data are no longer necessary with respect to the purposes for which they were collected, the User decides to revoke the consent to the processing – where this represents the legal basis – and there is no other legal basis for the processing itself, the User opposes the processing and no other legitimate interest of the Data Controller prevails, the personal data are processed unlawfully);
   3. the limitation of the processing of personal data concerning the User 1) for the time necessary for Relai to ascertain the accuracy of the User’s personal data (in the event that the User has contested it), or 2) if the processing of personal data is illegal and the User requests, instead of deleting his personal data, the limitation of the related processing, or 3) when Relai no longer needs the User’s personal data but the same are for the User necessary to ascertain, exercise or defend a right in court, or, finally, 4) for the time necessary to assess the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the User, if the User has opposed the processing of their personal data pursuant to point c) below;
   4. the User’s personal data in a structured format, commonly used and readable by an automatic device also in order to transmit them to another owner, if the processing is based on consent or on a contract and is carried out by automated means (so-called right to data portability). If the User is interested, they can ask Relai to transmit their directly to the other Data Controller, if this is technically feasible;
3. the right to object to the processing of their personal data, if such processing is carried out pursuant to art. 6.1 lett. e) (i.e. for the execution of a task of public interest to which the Data Controller is subject) or lett. f) (i.e. to pursue a legitimate interest of the Data Controller) of the GDPR, unless there are compelling legitimate reasons for the Data Controller to proceed with the processing, pursuant to art. 21 of the GDPR;
4. the right to withdraw consent at any time, where given, without prejudice to the lawfulness of the processing of the User’s personal data based on consent and carried out before the revocation;
5. if carried out, the User also has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly indicates his person, also having the right to obtain human intervention from the Data Controller, to express their opinion and to contest the decision;
6. if you are not satisfied with the processing of your personal data carried out by Relai, you can lodge a complaint with the CNIL, following the procedures and indications published on the official website of this authority. For more information on how to contact the CNIL, please visit their official website: https://www.cnil.fr;
7. any corrections or deletions of the User’s personal data or limitations of the processing carried out at the User’s request – unless this proves impossible or involves a disproportionate effort – will be communicated by Relai to each of the recipients to whom the personal data may have been transmitted of the User in accordance with this Privacy Policy.

The aforementioned rights are not subject to any formal constraint and are free of charge. Relai may only ask the User to verify their identity before taking further actions following the User’s request.

10. Who can I contact to exercise my rights and for more information?

To exercise the rights and/or to obtain any type of information regarding the management of the contractual relationship established and/or the additional purposes for which the personal data are processed, the User can send a written communication to: Relai [email protected].

11. What about …..?

11.1 Cookies

As mentioned in section 2.2 above, in order to allow a safe and efficient browsing of the Website, the Data Controller uses cookies: for further information on their use, read the Cookie Policy. For further information on their use on the Site, read the Cookie Policy, which is a part of this policy.

11.2 Social Media

11.2.(i) Social sharing buttons. The Apps can be reached by interacting with the Relai pages on social networks. The social network may collect data relating to the User’s visit to the Site. This Privacy Policy does not concern the processing of the User’s personal data by the social network, therefore, the User must refer exclusively to the dedicated Privacy Policy of the social network itself.

11.2.(ii) Who is responsible in such cases? Relai is present on various social media platforms (see below) to communicate with active customers, potential customers and interested social media users about Relai’s services, products and other news. If you use such social media platforms, the general terms and conditions and the data protection guidelines of the platform operators also apply. As part of the technical process of different social media platforms (e.g. Google, Facebook, X, etc.), these platforms will know when you click on content or a website you are visiting, if you are logged in to your social media account at the same time. Such information is collected by social media platforms and assigned to your social media accounts, regardless of whether you click on content of this platform or not. By logging out from your accounts, you can prevent such companies from associating the information collected with your accounts. The activities of those companies are not controlled by Relai and therefore, we do not assume any liability for damages that you may incur through the use of your data by these companies.

Relai can only process personal data of social media users if they communicate directly with Relai via such platforms (e.g. number of visitors, posted articles, likes, direct messages, Client inquiries, comments, etc.). In such cases, Relai is also responsible for the processing of personal data gathered thereby. In addition to the data processing by us, other providers, in particular operators of social networks and platforms, also process personal user data. We have no influence on this data processing and are not responsible for it – the data processing takes place exclusively in the area of responsibility of the other providers.

For a detailed explanation of the respective processing and the possibilities of objection (opt-out) by providers of social media networks, we refer to the respective privacy policies of the providers (see below). In the case of requests for information and the assertion of data subject rights regarding data processing by other providers, we point out that these can be asserted with the below-mentioned providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information.

Our social media pages and channels and the links to the respective data protection declarations:

Relai Social Media: Privacy Policy:

Twitter (X) Link

Instagram Link

Facebook Link

LinkedIn Link

Telegram Link

Youtube Link

Apply with LinkedIn Button: When using the opportunity to apply for jobs via the social sign-in button “Apply with LinkedIn”, provided by the social network LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA) you permit Relai to access your LinkedIn profile. After clicking on the button “Apply with LinkedIn” you will be directed to LinkedIn to enter your LinkedIn access data. You can select the data you want to share with Relai and only the data you choose is transferred to Relai. Relai will not receive any information about your login or access data on LinkedIn. For further information please also see the privacy policy from LinkedIn.

11.3 Security measures

Relai takes the protection of your information very seriously. Pursuant to art. 32 of the GDPR, Relai and the persons appointed as data processors adopt adequate security measures in order to minimize the risk of destruction or loss – even accidental – of personal data, unauthorized access or processing that is not permitted or does not comply with collection purposes indicated in our Privacy Policy. We have put in place appropriate physical, electronic and managerial security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed, including use of secure servers, passwords and industry standard encryption for data both in transit and at rest.We limit access to your personal data to those employees, agents, contractors and other third parties who have a business, need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Where we have given you a password or PIN code that enables you to access certain parts of our App, you are responsible for keeping this password or PIN code confidential. We ask you not to share a password or PIN code with anyone. 

May attention: when first launching the App, it creates an individual encrypted digital wallet, i.e. a private key, for every user to store his/her crypto assets. Relai does not have, at any point in time, access to the user’s private keys and funds. You are responsible for keeping your private key confidential. We ask you not to share your private key with anyone. If you lose or give away your private key, you lose or give away your crypto assets.

12. If I am a minor, can I use the App?

The Apps are intended to be used and viewed by adults. Therefore, requests from minors cannot be considered.

13. Is the Privacy Policy subject to change or update?

This Privacy Policy may be subject to modification also as a consequence of any regulatory changes. We kindly invite you to periodically review this Privacy Policy for the latest information on our privacy practices.