Privacy Policy

Last updated: 2025-08-01

CryptoQorn Labs AG is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites www.cryptoqornlabs.com, www.cryptoqorn.io or use our MiCA Wallet app as well as your rights regarding that information.

1. Information We Collect

1. When do we collect your data and why?

We collect different Personal Data when you register on our website or use our services. We store your Data only for the time needed to carry out the operations for which it was collected, except when we need to assert our legal rights or are legally required to retain it for a different period of time. At the end of these retention periods, your Data is erased or anonymized. Meaning, the personal data collected if you just browse on our website will be deleted immediately while the personal data stored in the context of your registration will be stored until the registration is valid.

2. Newsletter Unsubscription

You can unsubscribe from our newsletter at any time. You will find a link to unsubscribe at the end of each newsletter. Unsubscribing is also considered a withdrawal of your consent. In such a case, the data you have provided will be deleted.

3. Types of Personal Data Collected

We may collect the following types of personal data from users depending on the service:

• Full Name
• Date of birth
• Gender
• Address
• Citizenship
• Email address
• Phone number
• Passport or National ID
• Biometrical data (fingerprint, face photos)
• IP-Address
• Geo-location

Please note:

CryptoQorn Labs Eco-System never sells your data to third parties and prohibit our service providers from re-using it for their own behalf.

2. How We Collect Information

We collect personal data in the following ways:

• Webform (personal data, address, e-mail, phone number)
• Machine reading of passport or national ID (personal data)
• Mobile device sensors (camera, biometrical sensors, geolocation sensors)
• Access logs (IP address)

3. Purpose for Using Your Information

We use the collected information for purposes such as:

• Identification for financial/crypto transactions
• Communication
• Sales
• Marketing

4. Legal Basis for Processing (if applicable under GDPR)

We process personal data on the following legal basis:

• Consent
• Contract performance
• Legal obligation (like KYC check, AML Check, Bookkeeping etc.)

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Track the user session between various systems

You may manage your cookie preferences through your browser settings

6. Sharing of Information

We may share your personal data with:

• Our Identity verification providers Sumsub and WebID for the purpose of personal identification
• Our Payment providers OnRamper for the purpose of payment processing
• Legal authorities for the purpose of auditing under legal obligations or court decision

We ensure that such third parties comply with applicable privacy regulations.

7. Data Storage and Security

1. Your data is stored at:

• AWS Frankfurt
• AWS Zurich
• Processing centers of our data sub processors Sumsub, WebID and OnRamper

2. We implement security measures such as:

Full pledge of security controls according to DORA, NIS2 and MiCAR

3. Cybersecurity Measures

CryptoQorn Labs AG employs advanced cybersecurity protocols to protect personal data and ensure the integrity of its systems. These measures include:

• Threat Detection: Continuous monitoring of systems using automated tools to detect and respond to suspicious activities and potential threats in real-time.
• Penetration Testing: Regular penetration tests conducted by certified security professionals to identify and remediate vulnerabilities.
• Incident Response: A comprehensive incident response plan is in place to quickly contain, investigate, and mitigate any data breaches or cyberattacks.
• Employee Training: All employees undergo mandatory cybersecurity awareness training, including phishing prevention, secure data handling, and access control procedures.
• Compliance: Our cybersecurity framework aligns with international standards such as ISO/IEC 27001, NIST Cybersecurity Framework, and applicable EU and Swiss regulations.

These measures are reviewed and updated regularly to adapt to emerging threats and maintain a high level of security across all platforms and services.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

9. International Data Transfers

If we transfer your data outside of your jurisdiction, we ensure that:

• Data is encrypted in transit and storage
• Access rights for the data are controlled
• No data leaves EU or Switzerland

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Right to access your data
• Right to rectify inaccuracies
• Right to delete your data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a data protection authority

To exercise your rights, please contact us using the details below under 12.

Right to Notification or Complaint (Art. 49 FADP / Art. 77 GDPR):

Where applicable to you, you have also the right to file a notification or complaint with a competent data protection authority. In Switzerland, the competent supervisory authority is:

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Effective Date." We encourage you to review this policy periodically.

12. Contact Us

1. General Inquiries

If you have any questions or concerns about this Privacy Policy or your personal data, please contact us at info@cryptoqornlabs.com

2. Data Controller

The Data Controller within the meaning of the Swiss Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR) is:

3. Data Protection Officer (DPO)

CryptoQorn Labs AG has appointed a Data Protection Officer (DPO) to oversee compliance with data protection regulations and to serve as a point of contact for all privacy-related matters. If you have any questions, concerns, or requests regarding the processing of your personal data, you may contact our DPO: