Privacy Policy

Last updated November 27, 2023

1. GENERAL

This is the privacy policy (“Privacy Policy”) for any website or application owned or operated (collectively the “App”) provided by Relai AG, a company organized and existing under the laws of Switzerland, under company registration number CHE-340.229.036 whose registered office is located at Hardturmstrasse 161 in 8005 Zurich Switzerland (“Relai“, “we”, or “our”). Relai is the controller of your personal data collected through the App and we are committed to protecting and respecting your privacy. Relai is dedicated to collect as little personal data about its users as possible.

This Privacy Policy is drafted in English and translated to German, Italian, Spanish and French. In case of conflict the English version shall be the binding version.

2. INTRODUCTION

This Privacy Policy explains who we are, why and how we process personal data collected through your use of the App and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to.

When you supply any personal data to us, we have legal obligations towards you in the way we use that data. We must collect the information fairly and explain to you how we will use it. For ease of reading, we have divided this Privacy Policy into several sections:

Introduction
What information we collect
How and why we use/share your information
How long we keep your information
Security
International Data Transfers
Your Rights
Contact Details

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice that we may provide at or around the time that we collect or process personal data about you so that you are fully aware of how and why we are using that data.

Your consent to this Privacy Policy is given once you tick the box in the pop-up window which appears upon your first connection and which says “I warrant that I read and understood the Privacy Policy and I agree to be bound by it”.

By ticking the box, you (the “User”) agree to be bound by the Privacy Policy, as amended and published on the Website and the App, and to comply with this Privacy Policy and all applicable laws and regulations. If you do not agree with the Privacy Policy, you should refrain from using the App and/or the Website.

The Privacy Policy may be updated by Relai at any time without any prior notice requirement. The current version is published on https://relai.app/privacy-policy/, you are expected to review such Terms on a regular basis. If you do not agree with any such modification, you should cease using the Relai Services. You agree that your continued access and/or use of Relai Services and/or the Website shall constitute an affirmative acknowledgement by you of the amendments and shall be deemed to be your acceptance of the revised Agreement.

Please note that the App is not intended for use by nor directed at anyone under the age of 18 and we do not knowingly collect data relating to children. If you believe we have collected personal information about your child, you may contact us at [email protected] and request that we remove information about him/her. For these requests, we will require further identification (e.g. Passport, ID card, etc), in order to ensure that the child’s personal information is only shared with the parent/custodian of the child.

2.1 Controller

Relai is aware that both the protection and the careful handling of your personal data are very important. Relai will solely use the personal data provided by you in compliance with the applicable data protection requirements, this Privacy Policy and your consent.

Relai AG is the data controller and therefore responsible for the processing of personal data in connection with the services provided by the company.

If you have any questions in connection with the processing of your personal data please contact [email protected].

2.2 Privacy Policy for SSL/TLS Encryption

This website uses SSL/TLS encryption for reasons of security and to protect the transmission of confidential content, such as the requests you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3. WHAT INFORMATION WE COLLECT

3.1 What is personal data?

Where this Privacy Policy refers to ‘personal data’ it is referring to data about you from which you could be identified – such as your name, your date of birth, your contact details, your nationality, your ID and even your IBAN or IP address.

By law, all organizations who process your personal data in Europe (including Switzerland) are obliged to process your personal data in certain ways and to ensure that you are given an appropriate amount of information about how they use it. You also have various rights to seek information from those organizations about how they are using your data, and to prevent them from processing it unlawfully. For more information about these rights, please see the ‘Your Rights’ section of this Privacy Policy.

3.2 How and what types of data we collect from you when you use the App

When you use the App to create a wallet, an account or profile, fill in forms provided on the App, subscribe to our services, notifications or newsletters, or report a problem with the App, we may collect, store and use certain personal information that you disclose to us.

The information we collect from you may include (but is not limited to):

Relai App

Every time a Relai user makes a transaction through the Relai app, we collect information about the order. The data we collect includes the user’s

Currency (EUR or CHF)
Amount
Bank details (IBAN, BIC),payment service provider information and payment details
Bitcoin wallet address
Timestamps for order created, executed, exchanged, and payment received
Trade recurrence (once, weekly, or monthly)
Referral code (if applied)
Referral commission
User details for sell orders (which includes first and last name, address, and bank details)
For incoming deposits, we collect the deposit amount, deposit ID, user details, and bank details
All exchange orders we place on our third-party exchange partners
Push notification tokens (if permissions are given in the app)

Optional Verification

On February 15, 2022, Relai introduced an optional verification process for customers who want to buy more than the daily buy/sell limit of CHF 1,000, under which users aren’t required to complete identity verification (under Swiss regulations).

Once a customer has completed the verification process, Relai stores the following user data:

Name
Date of birth
Email
Phone number
Address
Nationality
Tax residency
ID information
Investment profile information

The verification process is done through our service provider Inverid, please refer to their privacy policy to see what data Inverid stores.

The verification process is not mandatory to use Relai.

It’s optional for users who want to buy an unlimited amount of bitcoin.

Individuals who are happy to buy or sell less than CHF 1,000 worth of BTC per day can continue to use the app without having to complete an identity verification process.

The Relai.app Website

To gain more insight into our user base and potential customers, Relai also collects data from its website visitors.

Online identifiers (geolocation/tracking details, browser fingerprint, operating system, mobile device type, browser name and version, anonymized IP addresses) and usage data (authentication data, click-stream data, and other data collected via cookies and similar technologies) are collected and retained in strict compliance with the General Data Protection Regulation (GDPR) and any other comprehensive data privacy regulation that may apply.

We shall also collect information about you when you visit and interact with the App through the use of technologies such as cookies. The following are examples of information we may collect:

information about your device, browser or operating system;
unique device identification number;
time zone setting;
your IP address;
information about interactions you have with the App (such as scrolling and clicks);
information about the way you use and the actions you take within the App;
length of time on the App and time spent within certain sections;
response times; and
download errors.
only with your explicit consent, data from: camera & telephone (read SMS confirmation).

Please refer to your device’s help material to learn what controls you can use to remove cookies, block cookies, or disable IDFA tracking. If you do this, it may affect your use of any website or any app, including Relai’s App (Relai’s website or application).

We may also partner with third parties who may collect anonymous usage or statistical data through your use of the App (including, for example, sub-contractors in technical, payment and/or delivery services, business partners, advertising networks, analytics providers).

We may also collect information about how you use the App through Google Play’s Android Advertising ID technology and Apple iOS’s Advertising Identifier. This is used only by us and our trusted third-party service providers (see “Service Providers” below) for advertising and user analytics. The advertising identifier will only be connected to personally identifiable information where you have provided us with your explicit consent. We will respect your user selections for this technology and will not use the data in any way which you have asked us not to. We are committed to abiding by Google’s and Apple’s terms of use and you may contact us ([email protected]), Google or Apple directly if you have any questions regarding our use of this technology.

3.3 Updating your information

If you want to update the information you have previously given to us, you can contact us at [email protected].

4. HOW AND WHY WE USE/SHARE YOUR INFORMATION

4.1 Lawful basis for processing your information

We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:

Where you have asked us to do so, or consented to us doing so;
Where we need to do so in order to perform a contract we have entered into with you;
Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests;
Where we need to comply with a legal or regulatory obligation; and
For marketing messages.

You will receive marketing messages from us if you have given us your consent to do so or if you have provided feedback on our App and have not opted out of receiving marketing messages.

To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email and update your account preferences. You may also contact us ([email protected]) to inform us if you do not wish to receive any marketing materials from us.

4.2 Sharing your information

Depending on how and why you provide us with your personal data, we may share it in the following ways:

with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries;
with selected third parties including business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you (see “Service Providers” below); or
with analytics that assist us in the improvement and optimisation of the App.

We may also disclose your personal information to third parties in the following events:

if we were to sell or buy any business or assets, in which case we might disclose your personal information to the prospective seller or buyer of such business or assets;
if Relai or substantially all of its assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets; or
if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Data transfer to processors:

To a limited extent, we also transmit personal information to processors who perform services for us such as online authentication services (e.g. Inverid, Veriff, iProov & KYC Spider AG), Client support (Intercom Inc.), examination of defective or suspicious business cases (Sift Science Inc.) and sending out newsletters (e.g. UAB MailerLite).

Processors may only use or disclose this data to the extent necessary to perform services for us or to comply with legal rules. We contractually oblige these processors to ensure the confidentiality and security of your personal data that they process on our behalf.

4.3 Service Providers

Our service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfill the services we request, and we stipulate that they protect this information and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject.

4.4 Other Disclosures

During your use of the App, your app store provider and mobile network operator may also collect personal information about you regarding your use of the App such as your identity, your usage and location.

These third parties shall act as separate and independent controllers of that personal data and shall process it in accordance with their own privacy policy.

4.5 Links to third party sites

The App may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. We may also provide links to third party websites that are not affiliated with the App. All third-party websites are out of our control and are not covered by this Privacy Policy. If you access third party sites using the links provided, the operators of these sites may collect information from you that could be used by them, in accordance with their own privacy policies. Please check these policies before you submit any personal data to those websites.

5. HOW LONG WE KEEP YOUR INFORMATION

We will hold your personal information on our systems only for as long as required to provide you with the products and services you have requested, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In some circumstances you can ask us to delete your data: see ‘Your Rights’ below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

6. SECURITY

Relai takes the protection of your information very seriously. We have put in place appropriate physical, electronic and managerial security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed, including use of secure servers, passwords and industry standard encryption for data both in transit and at rest.

Where we have given you a password or PIN code that enables you to access certain parts of our App, you are responsible for keeping this password or PIN code confidential. We ask you not to share a password or PIN code with anyone.

When first launching the App, it creates an individual encrypted digital wallet, i.e. a private key, for every user to store his/her crypto assets. Relai does not have, at any point in time, access to the user’s private keys and funds. You are responsible for keeping your private key confidential. We ask you not to share your private key with anyone. If you lose or give away your private key, you lose or give away your crypto assets.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business, need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. INTERNATIONAL DATA TRANSFERS

Please note that some of our service providers may be based outside of the European Economic Area (the “EEA”). These service providers may work for us or for one of our suppliers and may be engaged in, among other things, the fulfillment of your request for information, products and services, the processing of your payment details and the provision of support services.

Where we transfer your data to a service provider that is outside of the EEA we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld. Transfers of personal data are either made:

to a country recognised by the European Commission as providing an adequate level of protection; or
to a country which does not offer adequate protection but whose transfer has been governed by the standard contractual clauses of the European Commission or by implementing other appropriate cross-border transfer solutions to provide adequate protection.

By submitting your personal information, you agree to this transfer, storing or processing.

If you would like more information about the mechanism by which your personal data is transferred, please contact [email protected].

8. YOUR RIGHTS

As a data subject you have a number of rights in relation to your personal data. Below, we have described the various rights that you have as well as how you can exercise them.

8.1 Right of Access

You may, at any time, request access to the personal data that we hold which relates to you (you may have heard of this right being described as a “subject access request”).

Please note that this right entitles you to receive a copy of the personal data that we hold about you in order to enable you to check that it is correct and to ensure that we are processing that personal data lawfully. It is not a right that allows you to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data.

You can exercise this right at any time by writing to us ([email protected]) and telling us that you are making a “subject access request”. You do not have to fill in a specific form to make this kind of request.

8.2 Your Right to Rectification and Erasure

You may, at any time, request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right.

You may also ask us to erase personal data that we control if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”). Although we will do everything to respect your request and personal data, it may not always be possible to erase all of your personal data as there may be legal requirements to keep certain personal data or technical limitations to the data we can delete.

There may also be legitimate interests in keeping certain data including, amongst others, if the data is required for the App to function. If this is the case, we will continue to process this data.

If erasure is not technically possible or we believe that we have a good legal reason to continue processing personal data that you ask us to erase, we will tell you this and our reasoning at the time we respond to your request.

You can exercise this right at any time by writing to us ([email protected]) and telling us that you are making a request to have your personal data rectified or erased and on what basis you are making that request. If you want us to replace inaccurate data with new data, you should tell us what that new data is. You do not have to fill in a specific form to make this kind of request.

8.3 Your Right to Restrict Processing

Where we process your personal data on the basis of a legitimate interest, you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.

You may also ask us to stop processing your personal data (a) if you dispute the accuracy of that personal data and want us verify that data’s accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.

Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.

You can exercise this right at any time by writing to us ([email protected]) and telling us that you are making a request to have us stop processing the relevant aspect of your personal data and describing which of the above conditions you believe is relevant to that request. You do not have to fill in a specific form to make this kind of request.

8.4 Your Right to Portability

Where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party, you may write to us and ask us to provide it to you in a commonly used machine-readable format.

Because of the kind of work that we do and the systems that we use, we do not envisage this right being particularly relevant to the majority of individuals with whom we interact. However, if you wish to transfer your data from us to a third party we are happy to consider such requests.

8.5 Your Right to object to processing

You may object to processing of your personal data where we rely on legitimate interest for processing that personal data. We will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.

8.6 Your Right to stop receiving communications

To unsubscribe from communications at any time, please click on the unsubscribe link at the bottom of any email and update your notification preferences in the App. For details on your rights to ask us to stop sending you various kinds of communications, please contact us ([email protected]).

8.7 Your Right to object to automated Decision Making and Profiling

You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.

8.8 Withdrawal of Consent

Where we are relying on consent to process your personal data, you may withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

8.9 Exercising your rights

When you write to us making a request to exercise your rights, we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.

It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be, the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information, then we may delay actioning your request until you have provided us with additional information (and where this is the case, we will tell you).

9. SOCIAL MEDIA

Is data processed on social media platforms and who is responsible in such cases?

Relai is present on various social media platforms (see below) to communicate with active customers, potential customers and interested social media users about Relai’s services, products and other news. If you use such social media platforms, the general terms and conditions and the data protection guidelines of the platform operators also apply.

As part of the technical process of different social media platforms (e.g. Google, Facebook, Twitter, etc.), these platforms will know when you click on content or a website you are visiting, if you are logged in to your social media account at the same time. Such information is collected by social media platforms and assigned to your social media accounts, regardless of whether you click on content of this platform or not. By logging out from your accounts, you can prevent such companies from associating the information collected with your accounts. The activities of those companies are not controlled by Relai and therefore, we do not assume any liability for damages that you may incur through the use of your data by these companies.

Relai can only process personal data of social media users if they communicate directly with Relai via such platforms (e.g. number of visitors, posted articles, likes, direct messages, Client inquiries, comments, etc.). In such cases, Relai is also responsible for the processing of personal data gathered thereby. In addition to the data processing by us, other providers, in particular operators of social networks and platforms, also process personal user data. We have no influence on this data processing and are not responsible for it – the data processing takes place exclusively in the area of responsibility of the other providers.

For a detailed explanation of the respective processing and the possibilities of objection (opt-out) by providers of social media networks, we refer to the respective privacy policies of the providers (see below). In the case of requests for information and the assertion of data subject rights regarding data processing by other providers, we point out that these can be asserted with the below-mentioned providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information.

Our social media pages and channels and the links to the respective data protection declarations:

Relai Social Media: Privacy Policy:

Twitter Link

Instagram Link

Is data processed on social media platforms and who is responsible in such cases?

Our social media pages and channels and the links to the respective data protection declarations:

Relai Social Media: Privacy Policy:

Youtube Link

Apply with LinkedIn Button: When using the opportunity to apply for jobs via the social sign-in button “Apply with LinkedIn”, provided by the social network LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA) you permit Relai to access your LinkedIn profile. After clicking on the button “Apply with LinkedIn” you will be directed to LinkedIn to enter your LinkedIn access data. You can select the data you want to share with Relai and only the data you choose is transferred to Relai. Relai will not receive any information about your login or access data on LinkedIn. For further information please also see the privacy policy from LinkedIn.

10. COOKIES AND SIMILAR TECHNOLOGIES

Cookies are small text files that are placed on your computer or mobile device when you visit a website, mobile app or use an online platform. Cookies and similar technologies are widely used by online service providers to facilitate and help to make the interaction between users and websites, mobile apps and online platforms faster and easier, as well as to provide reporting information. For more information about cookies and their impact on you and your browsing visit www.aboutcookies.org

Cookies set by the website and/or mobile app and/or platform owner (in this case, Relai) are called “first party cookies”. Cookies set by parties other than the website and/or mobile app and/or platform owner are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website and/or mobile app and/or platform (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognize your computer or device both when it visits the website and/or mobile app and/or platform in question and also when it visits certain other websites and/or mobile apps and/or platforms. By choosing to use our Website/App after having been notified of our use of cookies in the ways described in this Privacy Policy, and, in applicable jurisdictions, through notice and unambiguous acknowledgement of your consent, you agree to such use.

10.1 Why Do We Use Cookies?

We use first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites and/or App and/or platform to operate, and we refer to these as “essential” or “strictly necessary” cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Websites and/or App and/or platform. Third parties serve cookies through our Websites and/or App and/or platform for analytics and to help us deliver ads, measure the performance of those ads, and make them more relevant to you. This is described in more detail below.

10.2 Our Cookies

Essential cookies:

Purpose: These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features.
Vendor:

– Relai AG
How to refuse: Because these cookies are strictly necessary to deliver the Websites and the Services to you, you cannot refuse them.

Analytics and customization cookies:

Essential cookies:

Purpose: These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features.
Vendor:

– Relai AG
How to refuse: Because these cookies are strictly necessary to deliver the Websites and the Services to you, you cannot refuse them.

Analytics and customization cookies:

Purpose: These cookies collect information that is used either in aggregate form to help us understand how our Website/App are being used or how effective marketing campaigns are, or to help us customize our Website/App for you.
Vendor:

– Google Analytics

– Google Tag Manager

– Intercom
How to refuse: To refuse these cookies, please follow the instructions below under the heading “Managing Cookies” Alternatively, please click on the relevant opt-out link below:

– Google Web Browser Opt-Out Plugin

– Intercom does not appear to provide an opt-out link for its cookies. For more information about such cookies, please see this page.

Advertising cookies:

Purpose: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
Vendor:

– Facebook Pixel Tracking

– Google AdWords

– LinkedIn Insight Tag
How to refuse: To refuse these cookies, please follow the instructions below under the heading “Managing cookies” Alternatively, please click on the relevant opt-out link below:

– Facebook Opt Out

– Google Opt Out

– LinkedIn does not appear to provide an opt-out link for its Insight Tag cookies. For more information about such cookies, please see this page.

Managing Cookies:

Most internet browsers allow you to erase cookies from your computer hard drive, block all cookies (or just third-party cookies), or warn you before a cookie is stored on your device. Please note, if you choose to block all cookies, our Services will not function as intended and you will not be able to use or access many of the features of the Services we provide. If you have blocked all cookies and wish to make full use of the features and Services we offer, you will need to enable your cookies. You can do this in your browser. Rather than blocking all cookies, you can choose to only block third-party cookies which will still allow our website to function as intended.

11. NEWSLETTER – MAILERLITE

The newsletters are sent via the mailing service provider ‘Mailerlite’, a newsletter dispatch platform of the provider MailerLite Limited, an Irish registered company at Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland. You can view the data protection regulations of the mailing service provider here. The mail order service provider is used on the basis of our legitimate interests according to art. 6 para. 1 lit. f GDPR and an order processing contract according to art. 28 para. 3 GDPR.

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for technical optimization of dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

You may unsubscribe from our newsletter at any time. You will find a link to unsubscribe at the end of each newsletter.

12. CONTACT DETAILS

If you have any queries regarding this Privacy Policy, if you wish to exercise any of your rights set out above, or if you think that the Privacy Policy has not been followed, please contact us by emailing at [email protected].