Privacy Policy

DSENTAG operates the website www.tokengate.io and is responsible for collecting, processing and using your personal data in compliance with the applicable data protection law. Your trust is important to us, which is why we take the protection of data seriously and ensure appropriate security. We observe the statutory provisions of theFederal Act on Data Protection (FADP), the Ordinance to the Federal Act on DataProtection (OFADP), the Telecommunications Act (TCA) and other applicable data protection provisions of Swiss and international law, in particular where applicable EU law. Inthis privacy policy, we inform you about what personal data we collect from you and for what purposes we use it. If you have any questions regarding data protection, you can get you in touch with us at support@tokengate.io or at our address.

DSENT AG
Gotthardstrasse26
6300Zug
Switzerland

Data Processing in connection with our website

1. Data processing in connection with our websiteWhat data do we collect when you visit our website?When you visit our website, our servers temporarily store each access in a log file. The following technical data is collected without your intervention and stored by us, as in principle with every connection to a web server:

- the IP address of the requesting computer,
- the operating system of your computer,
- the browser you are using (type, version, and language),
- name of the IP address range,
- the date and time of the server request,
- the web page from which access was made (referrer URL), possibly with - - the search terms used,
- the status code (for example, error message, debug information),
- the browser used (type, version and language), and
- the transmission protocol used.
The collection and processing of these data are carried out for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability over the long term and optimising our internet presence as well as for internal statistical purposes. It is within our legitimate interest to process such data to offer you a well-functioning website.

The IP address will also be used together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website to identify offenders in connection with civil or criminal proceedings. The processing of this data is in our legitimate interest to track your visit to our website and to improve the website accordingly.

We will store your access data for up to one year after our business relationship is no longer active.

2. What data do we collect when you create an account with us?

You can create an account on our website, through which you can easily make use of our technology and related services. For this we need the following necessary information:

- first name,
- last name,
- email address,
- country of residence, and
- date of birth

We use these data as well as additional information voluntarily provided by you only in order to offer our services to you in the best possible way. The processing of this data is, therefore, necessary for the performance of pre-contractual and contractual measures.

We will store these data for up to one year after our business relationship is no longer active

3. What data do we collect when you create an account with us?

To provide our services to you, we need information about you. For this we need the following necessary information:

- first name,
- last name,
- email address,
- country of residence
- date of birth, and
- additional identification information.
We use these data as well as additional information voluntarily provided by you only in order to offer our services to you in the best possible way. The processing of this data is, therefore, necessary for the performance of pre-contractual and contractual measures

We cooperate with Intrum AG, Eschenstrasse 12, 8603 Schwerzenbach, Switzerland, to comply with our identification obligations.

Furthermore, to send you confirmations and similar messages related to our services (e.g., payment confirmation, invoices, receipts), we use software and the services from Mailjet GmbH (“Mailjet”). Mailjet has its main seat at 4 rue Jules Lefebvre, 75009 Paris, France.

We will store these data for up to one year after our business relationship is no longer active.

4. What data do we collect when you use our contact form?

You can use our contact form to get in touch with us. For this we need the following information:

- first name,
- last name,
- email address, and
- your message

We only use these data as well as any additional information voluntarily provided by you (e.g. com- pany name, area of interest, project, ticket name) in order to answer your contact enquiry in the best possible and personalised way. The processing of this data is therefore in our legitimate interest.

We will store these data for up to one year after our business relationship is no longer active.

5. What are cookies? Do we need cookies?

Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful. Cookies are information files that your web browser automatically saves on your computer's hard drive when you visit our website. In particular, we use the following temporary and persistent cookies:

- technically necessary cookies,
- performance Cookies,
- functional cookies, and
- marketing cookies.
We use these cookies, for example, when including a form on the website, so that you do not have to repeat the entry when calling up another subpage. Cookies may also be used to identify you as a registered user after you register on the website, without you having to log in again when you visit another page.

Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer, or a message always appears when you receive a new cookie.

Disabling cookies may prevent you from using all features of our website.

6. Do we use tracking tools?

1. We use the web analysis services of LogRocket Inc. (hereinafter referred to as “LogRocket”) a Massachusetts (USA) corporation. LogRocket is a company duly incorporated and organized under the laws of the United States of America, having its registered address at 87 Summer Street, Boston, MA 02110.

LogRocket is a web user behavioral analytics product and service that helps us understand how users interact with our platform. LogRocket collects information such as mouse movements, clicks, and keystrokes. This information is used to improve the user experience and troubleshoot issues.

LogRocket may collect other data as well, such as device and browser information, network information, and error and exception data. This data is used to help us understand how users are interacting with our platform and to identify areas for improvement.

LogRocket may collect the following types of data:

- User session information: This includes information about how long a user is active on our platform, the pages they visit, and the actions they take.

- Interaction data: This includes information about how users interact with our platform, such as clicks, keystrokes, and mouse movements.

- Device and browser information: This includes data about the device and browser that the user is using to access our platform, such as the operating system, browser version, and screen resolution.

- Network information: This includes data about the user's network, such as the IP address and geographic location.

- Error and exception data: This includes information about any errors or exceptions that occur on our platform, including the stack trace and error message.

We take the privacy and security of our users' data seriously. We do not sell or share directly or indirectly any data collected by LogRocket with third parties, and we take appropriate measures to ensure the security of all data collected by LogRocket. However, please be aware that information may be transferred to third parties if this is required by law or if third parties process this data on our behalf.If you do not wish to have your data collected by LogRocket, you may opt out by disabling JavaScript in your browser. Please note that this may impact your ability to use certain features of our platform.By using our platform, you consent to the use of LogRocket as outlined in this privacy policy.

2. We use the web analysis services of Google Analytics provided by Google LLC (hereinafter referred to as “Google”) a California (USA) corporation. Google is a company duly incorporated and organized under the laws of the United States of America, having its registered address at 1600 Amphitheatre Parkway, Mountains View, California, CA 94043.

We use Google Analytics to collect data about user behavior on our website. This data may include information about the pages you visit, the buttons you click, and the products you view. We use this information to improve the user experience and make our platform more user-friendly.

Google Analytics sets cookies on our website, which allows us to track user behavior across multiple sessions. These cookies do not contain any personally identifiable information, but they may be used to build a profile of your interests and preferences.

If you do not wish to have your data collected by Google Analytics, you can disable cookies in your browser settings or use a browser extension that blocks tracking. Please note that disabling cookies may affect your ability to use certain features of our platform.

Please be aware that information may be transferred to third parties if this is required by law or if third parties process this data on our behalf.

By using our platform, you consent to the use of Google Tag Manager as outlined in this privacy policy.

If you have any questions or concerns about our data collection practices, please contact us at support@tokengate.ioStorage and exchange of data with third parties

Storage and exchange of data with third parties

7. Where do we store our data?

We store the data collected according to this privacy policy with Exoscale, Allmendstrasse 13, 8102 Oberengstringen, Switzerland. Exoscale is a company of Akenes SA, which has its registered seat at Boulevard de Grancs 19A, 1006 Lausanne, Switzerland.

8. How long will my data be kept?

We only store personal data for as long as is necessary for the above-described uses and further processing in the context of our legitimate interest. Contract data is stored by us for a longer period of time, as this is prescribed by statutory obligations. Obligations to store data may arise out of ac- counting law, civil law and tax law. According to these laws, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years.

9. Will my data be disclosed to other third parties?

We only disclose your personal data to other third parties if you have expressly consented, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular, to enforce claims arising from the contractual relationship. In addition, we disclose your data to third parties insofar as this is necessary for the use of the website and the execution of contracts (also outside the website). Furthermore, we may disclose your data for our client relationship management, and compliance including AML and KYC matters.

In this context, we may disclose data to:

- HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA,
- Stripe Inc., Grand Canal Street Lower 1, Grand Canal Dock, Dublin, D02 H210, Ireland,- Issuers of the platform,
- Skribble AG, Förrlibuckstrasse 190, 8005 Zurich, Switzerland,
- Intrum AG, Eschenstrasse 12, 8603 Schwerzenbach, Switzerland,
- Mailjet GmbH, 4 rue Jules Lefebvre, 75009 Paris, France.
These third parties are instructed by us on how they may process the data. For this reason, we have concluded a contract with each of these third parties. Also, they only process the data within Europe.

10. Do we transfer personal data abroad?

We are entitled to transfer your personal data to third parties (contracted service providers) abroad for the purpose of the data processing described in this privacy policy. These are bound to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or in Europe, we will contractually ensure that the protection of your personal data corresponds to that in Switzerland or Europe at all times. In addition, we may conduct impact assess- ments and implement resulting technical and organisational measures to ensure an adequate level of data protection.

11. Is the same protection provided when data is transferred to the USA?

For the sake of completeness, for users residing or domiciled in Switzerland, we would like to point out that in the USA there are surveillance measures by US authorities that generally allow them to get access to all personal data that has been transferred from Switzerland to the USA. This is done without differentiation, limitation, or exception based on the objective pursued and without any objective criterion that would allow limiting the access to the data and subsequent use thereof by US authorities to very specific, strictly limited purposes that could justify the interference associated both with access to and use of such data. In addition, we would like to point out that in the USA there are no legal remedies available for the persons concerned from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw your attention to this legal and factual situation in order to enable an informed decision to consent to the use of your data.

We would like to point out that, from the point of view of the European Union and the Federal Data Protection and Information Commissioner in Switzerland, the USA does not have an adequate level of data protection, partly due to the issues mentioned in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Heap or HubSpot) are based in the USA, we will ensure that your data is protected at an appropriate level by our service providers, through contractual arrangements with these companies as well as adequate technical and organizational measures.

Anything else you need to know?

12. You have a right of access, rectification, deletion and limitation of the pro- cessing as well as of data transferability

You have a right to request information about the personal data that we store about you. In addition, you have a right to correct incorrect data and a right to request the deletion of your personal data, insofar as there is no legal obligation to retain such data and no legal basis for further processing the existing data. Furthermore, you have the right to have your objection recorded if neither the accuracy nor the inaccuracy of the personal data can be determined.

You also have a right to request the data that you have provided to us (right to data portability). Upon request, we will transfer your data to a third party of your choice. You have a right to receive the data in a common file format.

You can contact us for the aforementioned purposes via the e-mail address support@tokengate.ioIn order to process your requests, we may request proof of your identity.

In many countries, you also have the right to file a complaint with the relevant data protection authority if you have concerns about how we process your data.

These rights depend on the applicable data protection legislation and may be either more limited or more comprehensive.

13. Is your data safe with us?

We use suitable technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third par- ties. Our security measures are continuously improved in line with technological developments.

You should always treat your access data confidentially, especially if you share your computer, tablet or smartphone with others.

14. Can you complain about us?

You have the right to complain to a data protection supervisory authority at any time.

15. Which law do we apply? And where does the law apply?

This privacy policy and the contracts concluded on the basis of or in connection with this policy are subject to Swiss law, unless the law of another country is mandatory. The place of jurisdiction shall be the registered office of DSENT AG, unless another place of jurisdiction is mandatory.

16. Can this policy be amended?

Should individual parts of this privacy policy be invalid, this shall not affect the validity of the rest of the privacy policy. The invalid part of this privacy policy shall be replaced in such a way that it comes as close as possible to the economically intended purpose of the invalid part.

Due to the further development of our website and offers or changes to the statutory requirements, it may become necessary to amend this privacy policy. The most current privacy policy is published on our website.

17. Questions about data protection? Please, contact us!

This privacy policy was last modified on 29 June 2022. If you have any questions or comments about our legal notices or data protection, please contact us atsupport@tokengate.io