With this privacy policy, we inform you about the personal data we process in connection with our activities and operations, including our bcts.ch website. In particular, we provide details on why, how, and where we process personal data. We also inform you about the rights of individuals whose data we process.

For specific or additional activities and operations, further privacy policies and other legal documents, such as general terms and conditions (GTC), terms of use, or participation conditions, may apply.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, including the European Union’s (EU) General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures an adequate level of data protection.

1. Contact Information

Data Controller

Blockchain Trust Solutions AG
Unterdorfstrasse 58
CH-9107 Urnäsch
Email: info@bcts.ch

We will inform you if there are other data controllers for specific cases of data processing.

Data Protection Officer

Toni Caradonna
Appenzellerstrasse 5
CH-9107 Urnäsch
Email: welcome@bcts.ch

2. Terms and Legal Basis

2.1 Definitions

Personal data includes all information related to an identified or identifiable individual. A data subject is a person whose personal data we process.

Processing covers any handling of personal data, regardless of the methods and procedures used, such as querying, matching, modifying, storing, retrieving, disclosing, collecting, recording, deleting, organizing, transmitting, linking, destroying, and using personal data.

The European Economic Area (EEA) consists of the EU member states, Liechtenstein, Iceland, and Norway. The GDPR refers to the processing of personal data as processing of personal information.

2.2 Legal Basis

We process personal data in accordance with Swiss data protection laws, particularly the Federal Act on Data Protection (FADP) and the associated ordinance (DPO).

Where the GDPR is applicable, we process personal data based on at least one of the following legal bases:

• Article 6(1)(b) GDPR – Processing necessary for fulfilling a contract with the data subject or for pre-contractual measures.

• Article 6(1)(f) GDPR – Processing necessary to protect our legitimate interests or those of third parties unless overridden by the fundamental rights and interests of the data subject.

• Article 6(1)(c) GDPR – Processing necessary to comply with a legal obligation.

• Article 6(1)(e) GDPR – Processing necessary for a task carried out in the public interest.

• Article 6(1)(a) GDPR – Processing based on the data subject's consent.

• Article 6(1)(d) GDPR – Processing necessary to protect vital interests of the data subject or another person.

3. Type, Scope, and Purpose of Data Processing

We process personal data required for the sustainable, user-friendly, secure, and reliable execution of our activities and services. This may include contact details, browser and device data, content data, metadata, location data, sales data, and contract and payment information.

We process personal data for as long as necessary for the respective purpose or required by law. Data that is no longer needed is anonymized or deleted.

We may process personal data through third parties, jointly with third parties, or transfer it to third parties. These third parties are primarily specialized service providers we use. We ensure data protection even with such third-party services.

We primarily process personal data with the consent of the data subjects. If processing is permissible for other legal reasons, we may not require consent. For example, we may process personal data to fulfill a contract, comply with legal obligations, or protect overriding interests.

4. International Data Transfers

We primarily process personal data in Switzerland and the EEA but may also transfer or process data in other countries. Data transfers occur if the respective country ensures adequate data protection, based on Swiss Federal Council or EU Commission decisions.

If we transfer data to countries without adequate data protection, we ensure compliance through standard contractual clauses or other safeguards. In exceptional cases, we may transfer data if the necessary legal requirements are met.

5. Data Subject Rights

5.1 Data Protection Rights

Data subjects have the following rights:

• Access: Request whether we process personal data and obtain details about such processing.

• Correction and Restriction: Request correction of inaccurate data, completion of incomplete data, and restriction of data processing.

• Deletion and Objection: Request deletion of data ("right to be forgotten") and object to future data processing.

• Data Portability: Request the transfer of personal data to another data controller.

We may restrict or refuse data subject rights within the legal framework. Data subjects must cooperate in verifying their identity before exercising their rights.

5.2 Right to Complain

Data subjects may enforce their rights through legal action or file a complaint with a data protection authority. The Swiss authority is the Federal Data Protection and Information Commissioner (FDPIC).

6. Data Security

We implement technical and organizational measures to ensure appropriate data security. However, absolute security cannot be guaranteed.

Our website uses SSL/TLS encryption (e.g., HTTPS). Digital communication is subject to potential surveillance by security authorities, and we have no direct influence over such data processing.

7. Website Usage

7.1 Cookies

We may use cookies and tracking technologies to enhance user experience and measure performance. Users can manage cookie preferences via browser settings.

7.2 Server Log Files

Our web servers may log IP addresses, timestamps, access status, browser details, and referrer URLs to ensure website security and usability.

8. Notifications and Communications

We send notifications via email or other communication channels. Messages may include tracking mechanisms to measure engagement.

Users can opt-out of receiving notifications unless they are essential to our services.

9. Social Media Presence

We maintain social media profiles and are subject to the respective platforms’ privacy policies. Users should be aware that their interactions on such platforms may be subject to additional data processing beyond our control.

10. Third-Party Services

We integrate third-party services, including hosting, analytics, and cloud infrastructure. Users should refer to the respective service providers' privacy policies.

11. Changes to This Privacy Policy

We may update this privacy policy at any time. Updates will be published on our website.