Privacy policy

Last updated: 10 Jul 2025

1. INTRODUCTION

This Privacy policy refers to Personal data processed by the ALCUM AG, a company registered in the Commercial Register of Zug under the IDE number CHE- 447.699.432 (hereinafter “we” or “company”), and having its statutory seat in Dammstrasse 16, CH-6300 Zug, Switzerland, and explains about your legal rights related with processing of Personal data (hereinafter – Policy).

We are committed to protecting your Personal Data and your right to privacy.

We process your personal data in compliance with applicable laws and regulations. This policy applies to all individuals who use our services, enter into contracts with us, or visit our website (hereinafter referred to as 'you' or 'customer').

The Policy provides a general overview of how we process Personal Data. Additional details may be provided in service agreements or other documents.

By using our services or visiting our website, you agree to this policy. We reserve the right to update this Policy online from time to time, and the new policy will immediately replace the older one once posted.

2. INFORMATION WE COLLECT

We collect the following types of personal information:

We collect your information to provide the services you request, and we highly value the protection of your privacy. We strictly adhere to the principles of lawfulness, fairness, and transparency when collecting your personal data. You acknowledge that if you do not provide the necessary information, we may suspend providing services until the required information is received.

We may collect the following types of information from you:

• Personal Identification Data: full name, date of birth, gender, nationality, your contact details, including your email address, telephone number, residential address and postal address.
• Your financial details, including the identity of the wallets associated with transactions involving our tokens, as well as your bank details, tax identification number, income/other assets/asset verification statements.
• Your documents and data uploaded as part of the Know Your Customer (KYC) process, including a government-issued ID, passport, driving licence, occupation and employment, proof of address and photocopies of utility bills, and other data from our forms, such as the source of your assets and funds. Information on whether you (or someone close to you) holds a prominent public function or presence on sanctions lists. We may need to collect certain additional information to comply with our legal requirements or in our legitimate interest. Proof of legal formation, personal identification data for all material beneficial owners, and personal data of the board of directors and senior persons responsible for the operations of the corporate entity if you are the company representative.
• Information collected automatically includes personal data categories such as browsing information (e.g., IP address, device ID, browser type) and usage data (e.g., authentication details, security questions, and click-stream data). It also covers service performance metrics like error messages and diagnostic data.

3. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

When you visit our platform: We automatically collect certain data sent by your device, such as technical and browsing information.

When you register for our services: We obtain the necessary details to set up your account and verify your identity.

When you use our services: Transactional and financial data are gathered to process payments, enhance security, and comply with regulations.

For fraud prevention and security: We analyze user activity and assess devices for potential threats or unauthorized access.

Through customer interactions: Additional information may be collected when you communicate with our support team or respond to requests for verification.

4. LEGAL GROUND OF PERSONAL DATA PROCESSING

We collect and process personal data in accordance with applicable data protection laws. The processing of your personal data is based on one or more of the following legal grounds:

• Compliance with a Legal Obligation – When required by anti-money laundering (AML) laws, counter-terrorism financing (CTF) regulations, tax laws, or other legal frameworks, we collect and process necessary data to fulfill our regulatory obligations.
• Performance of a Contract – Certain personal and financial information is required to provide our services, execute transactions, and fulfill contractual agreements with you.
• Legitimate Interests – We may process certain personal data to enhance security, prevent fraud, improve our services, and ensure regulatory compliance, provided that such processing does not override your rights and freedoms.
• Consent – For specific activities such as marketing, research, and the use of cookies and tracking technologies, we rely on your explicit consent. You can withdraw your consent at any time.
• Public Interest – In cases where data processing is necessary for preventing financial crimes or complying with public regulations, we may process personal data in the public interest.

5. YOUR RIGHTS AS A DATA SUBJECT

Right to Be Informed – You have the right to receive clear, transparent, and easily understandable information about how we collect, use, store, and process your personal data. This includes details about our legal basis for processing, data retention periods, and your rights regarding your personal data.

Right to access. You have the right to request access to any of your Personal data that may be stored, including, for example, the right to know whether we process your Personal data, which categories of Personal data we process, and the purposes for which we process the data.

Right to rectification. You have the right to request that we correct any of your Personal data that You believe to be inaccurate or incomplete.

Right to Object – In certain cases, you have the right to object to the processing of your personal data, including, for example, when it is carried out based on legitimate interests or for direct marketing purposes.

Right to erasure. You may also request that your Personal data are deleted if they are no longer required for the purposes for which they were collected, or if You consider that the processing is illegal, or that Personal data must be deleted in order not to violate the legal requirement. In certain cases, under statutory regulation, where the laws of the relevant jurisdiction prohibit us from deleting our stored and processed data, we will not be able to fulfill such an obligation, even upon your request, but we will inform You if any such obligation applies to us.

Right to data transfer. If your personal data is processed automatically with your consent or as part of a contractual relationship, you may request it in a structured, commonly used electronic format. You can also request that Personal data be transferred to another controller. Please note that this can only be done where technically possible.

Right to withdraw your consent. In cases where the data are processed with your consent, you have the right to withdraw your consent for data processing at any time.

6. TRANSFER OF PERSONAL DATA TO THIRD PARTIES

As a general rule, Personal data are processed within the territory of the European Union/European Economic Area (EU/EEA), but may, in certain cases, be transmitted and processed outside the EU/EEA.

Personal data may be transmitted and processed outside the EU/EEA where the transfer is necessary for the conclusion and execution of a contract where Personal data may be stored using data storage solutions whose servers are outside the European Economic Area or the Customer has given their consent, and if there are adequate safeguards in place, or when we need to cooperate with law enforcement authorities in connection with conduct or activities that the company, service provider, or third party reasonably and in good faith believes may violate federal, state, or local law; or where we need to retain information to enforce or defend legal claims.

By submitting your Personal data to us or by consenting to the processing of your Personal data you agree to the processing of your data, including both data storage and data transfer, outside the EU for the purposes set out in this Policy. We will take all reasonably necessary precautions to ensure that the processing of your Personal data complies with all applicable Personal data protection Laws. We may transfer your Personal data based on:

• an adequacy decision by the European Commission;
• standard data protection clauses elaborated by the European Commission;
• standard data protection clauses elaborated by data protection authority;
• using other possible safeguards and derogations where it is allowed by the applicable laws.

Where necessary (e.g. when we transfer data to service providers), we put in place appropriate contractual measures and security mechanisms to protect shared personal data and to comply with our data protection, confidentiality and security standards and obligations.

7. DATA STORAGE

We will retain your personal data only for as long as it is necessary to fulfill the purposes for which it was collected, in accordance with our legal obligations, contractual requirements, or legitimate business interests. Once personal data is no longer required, we will securely delete, anonymize, or restrict access to it, unless retention is necessary to comply with applicable laws, resolve disputes, enforce our agreements, or protect our legal rights.

8. DATA BREACH NOTIFICATION

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), regarding data breach notifications. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant data protection authority within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR.

If the data breach is likely to result in a high risk to your rights and freedoms, we will also inform you without undue delay, as required by Article 34 GDPR, unless an exception applies.

We will take all necessary steps to mitigate risks and prevent future breaches.

9. COOKIES

To improve user experience, security, and service performance, we use cookies. Cookies are small text files stored on your device when you visit a website. They can be used to ensure website functionality, for analytics, or for marketing purposes.

We are currently conducting an audit of the cookies used on our website. Once the cookies are identified, we will update this policy with detailed information about each cookie category:

Statistical cookies are used to improve the website's functionality and enhance user experience. The website utilizes "Google Analytics," a web analytics service provided by Google, Inc. (hereinafter referred to as "Google"), which helps analyze how users interact with this website. For this purpose, Google Analytics uses cookies. The information generated in relation to our website is used to create reports on website usage. This information is stored by Google. Google's privacy policy is available here: https://www.google.com/privacypolicy.html.

The information collected by cookies about website usage—such as standard internet log data (including your IP address) and anonymous visitor behavior data—is transmitted to Google and stored on servers, including those located in the USA. Before a website visitor's IP address is sent to Google, it is anonymized by the website.

If you wish to opt out of Google Analytics cookies, you need to download and install the "Google Analytics Opt-out Browser Add-on." You can do so by following this link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can change your cookie settings or delete cookies in your browser settings at any time.

Cookie: _ga

• Cookie Type: Statistical
• Description: This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session, and campaign data for the site's analytics reports.
• Expiration Time: 1 year 1 month

Cookie: _ga_FC05G56CPJ

• Cookie Type: Statistical
• Description: This cookie is used by Google Analytics to persist session state.
• Expiration Time: 1 year 1 month

10. INFORMATION SOURCES

You have the right to approach us in order to put queries, withdraw consents, submit applications for the exercise of the data subject‘s rights and complaints concerning processing of the Personal Data.

Our contact details are published on our website, or you can reach us via email or other telecommunication channels listed on our website.

Please provide your name, contact information and the nature of your concern/question so that we can respond to your message appropriately.

If you are domiciled in the European Union and you are not satisfied with our response, you have the right to file a complaint with the data protection authority in the jurisdiction where you live or work. The contact details of each Data Protection Authority can be found on the following website: https://edpb.europa.eu/about-edpb/board/members_en.

The date of the last update specified below shows when the Privacy Policy was last updated.

2025-07-10