We are a blockchain security, hardware start-up, open for early-stage investors. We maintain our website www.bitfold.com (“the Website”) to present our Bitfold project (“the Project”). If you would like to receive updates on the Project progress or you are interested in participating (financially or by sharing your know-how with us) in the Project, you can send us an e-mail or subscribe to our newsletter.

In this document, we would like to familiarize you with the most important information and rules regarding the processing of personal data in connection with the Regulation on the Protection of Personal Data (GDPR).

In accordance with the applicable provisions on the protection of personal data, in particular the general Regulation, in order to ensure proper protection of personal data, the data subject must first of all provide information regarding the processing of personal data set out in Article 13 or 14 GDPR – depending on whether they were obtained directly from the data subject or from other sources. The required information is provided below, including, in particular, the principles of protection and processing of Users’ Personal Data by the Personal Data Administrator.

  1. Definitions

    2. Controller/Administrator – the Controller of personal data pursuant GDPR, which is Bitfold AG with its registered seat in Switzerland, 6340 Baar, Kanton Zug, Mühlegasse 18, register number: CHE-266.860.023, hereinafter referred to as: “Bitfold”;

    Joint Controller – the joint controller of personal data pursuant to GDPR, which is Bitfold R&D (spółka z ograniczoną odpowiedzialnością) with its registered seat in Poland, Lodz, zip code: 90-525, ul. Wólczańska 143, entered in the Register of Entrepreneurs operated by the District Court for Łódź – Śródmieście in Łódź, 20th Commercial Department of the National Court Register under KRS number: 0000840803, REGON: 386040760, NIP: 7252299166, with a share capital of PLN 100,000, hereinafter referred to as: “Bitfold R&D”;

    GDPR – Regulation of the European Parliament and of the Council (UE) 2016/679 of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (J. o L. UE 2016 it. L119); and the Swiss Federal Act on Data Protection;

    User – www.bitfold.com users, natural or legal persons, who accepted this Privacy Policy;

    Website – www.bitfold.com.

  2. Joint Agreements

    3. Under the joint administration agreement concluded between the Controller and the Joint Controller, the scopes of responsibility regarding the fulfillment of obligations under the GDPR have been established as follows:

    The provided personal data will be processed by the Administrator and the Co-administrator in order to send up-to-date information about the progress in the implementation of the Project or to inform about possible cooperation, if you are interested (financially or by sharing your knowledge) with prior consent expressed separately to the Administrator and the Co-administrator by e-mail.

  3. How to contact us for more information on the processing of your personal data?

    4. All correspondence regarding matters related to the processing of your personal data, please send in writing to the address of the Administrator with the note “Personal data” or to the e-mail address biuro@bitfold.com also with the inscription “Personal data”. The administrator does not appoint an inspector of personal data protection, as there is no obligation to do so. In particular, the following should be reported to this address:

    • all events affecting the security of information transfer;
    • possible suspected personal data breach;
    • suspicion of sharing files containing viruses and other files of similar nature.
  4. How do we collect your data?

    5. We collect the personal data of our Users through the Website, from themselves – they provide personal data by sending us an e-mail or subscribe to our newsletter.

  5. Requirement to provide personal data
    1. Providing any personal data is voluntary and depends on your decision.
    2. However, providing personal data is necessary to receive updates on the Project progress or to receive information from us about possible cooperation if you are interested in participating (financially or by sharing your know-how with us) in the Project and for sending commercial information. Therefore, in order to enable us to contact with you, you can provide us with your e-mail address or subscribe to our newsletter.
    3. Your personal data is stored in the system used by the Administrator to manage contacts with current or potential Bitfold clients, partners and investors.
    4. By agreeing to receive communications from us, you consent to the transfer of your personal data to a third country Switzerland or United States, which are not members of EEA.
  6. Automated decision making and profiling

    7. We kindly inform you that we do not make automated decision-making, including on the basis of profiling.

  7. What is the purpose of processing your personal data by Bitfold?
    • providing services by electronic means in the scope of sharing content posted on the Website – the legal basis for processing is the legitimate interest of the Joint Controllers;
    • enabling contact between you and the Joint Controllers or one of the Joint Controllers – if you are interested in receiving information about the progress in the implementation of the Project or participation (financial or by sharing your know-how with us) in the Project – via e-mail address – the basis for processing is legitimate interest in the need to answer a question or message sent by you;
    • for analytical and statistical purposes, researching Users’ behavior in order to improve the quality of services provided – the legal basis for processing is the legitimate interest of the Joint Controllers, consisting in conducting analyzes of user activity, and their preferences in order to improve the functionalities used and the services provided;
    • enable subscription to the newsletter – the legal basis for processing is the consent to the processing of the personal data subject;
    • providing the User by the Joint Controllers with information about offers, promotions, discounts and news (direct marketing) – the basis for processing is the implementation of the Joint Controllers’ legitimate interest.
  8. What is the legal basis for the processing of my personal data?

    9. The legal basis for the processing of your data will be:

    • Consent granted;
    • The necessity to fulfill the legal obligation imposed on the administrator;
    • Necessity arising from legitimate interests pursued by the administrator, such as sending updates on the Project progress or contacting with you in matters relating to participation in the Project (financially or by sharing your know-how with us) or direct marketing.
  9. What personal information do we collect?

    10. E-mail address, name, surname, telephone number.

    In addition, we also collect operating data that characterizes both the way you use the Website, in particular: IP address (both static and dynamic), digital logs, information about your use of the Website, browser type, domain name and the type of operating system.

    Newsletter Terms and Conditions

    1. By subscribing to our newsletter, you agree to receive email from us. The aim of our newsletter service is to keep our Users about our product, company offers and news. The subscription to our newsletter service is not mandatory.
    2. The frequency of the newsletter issues will be at most 2 per month, excluded special occasion (maximum 2 per month).
    3. We reserve the sole right to either modify or discontinue the newsletter, at any time with or without notice to you. We will not be liable to you or any third party should we exercise such right.
    4. We reserve the sole right to unsubscribe Users from or newsletter service, without notice. We will do so with any subscriber we deem registered with fake data.
    5. We will not communicate / spread / publish or otherwise give away your address. You’ll be able to change your subscription settings or to delete it all together anytime.
  10. The period of processing and storage of personal data
    1. In accordance with applicable law, we do not process your personal information perpetually but for the time that is needed to achieve the purpose of processing. After this period, your personal data will be irretrievably deleted or destroyed.
    2. The period of storage of personal data for the time of the Project implementation + 3 months after the Project finishes and in case of deregistration – up to 3 months from the day of deregistration.
    3. The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent that it will be required by law. After the end of the processing period, the data is irretrievably deleted or anonymized.
  11. Your rights
    1. Your basic rights are as follows:
      1. Access your personal data;
      2. Correction of personal data;
      3. Removal of personal data;
      4. Update your data;
      5. Restrictions on the processing of personal data;
      6. Oppose the processing of personal data;
      7. Transfer of personal data;
      8. Withdrawing consent to the processing of personal data;
      9. To file a complaint regarding the processing of personal data by us.
    2. We indicate that these rights are not absolute and therefore we may legally refuse you to comply in some cases. However, if we refuse to accept the request, then only after careful consideration and only if the refusal to consider the request is necessary.
    3. The rights referred to in point 1 you carry out:
      1. by e-mail to biuro@bitfold.com or
      2. in writing to the address of the Data Administrator. In order to verify your application, the Administrator may ask for additional information or for sending documents necessary to confirm the identity of the applicant. In the absence of providing this information or sending documents, the Administrator reserves the right to leave the application without recognition. If the application is correct, the Administrator executes it within 7 days from the day of the submission of the correct application (this deadline is due to technical issues). In exceptional cases, this period may be longer, about which the Administrator will notify the User.
    4. A request to delete (remove) personal data takes place when:
      1. Your data will no longer be necessary for the purposes for which it was collected by the Administrator;
      2. You withdraw your consent to the processing of personal data;
      3. You will object to the processing of your data;
      4. Your data will be processed illegally;
      5. The data should be deleted in order to fulfill the obligation arising from the law;
      6. The data was collected in connection with the provision of electronic services offered to the child;

      Removal of personal data from our database means that it will not be processed in it and will not be shared with other entities. However, it does not mean the cessation of data processing by entities to whom the Data was previously made available (eg the fact that your personal data will be removed from our database does not mean that the entity that previously provided your personal data from us will not be able to send you an e-mail. Any complaints in this regard and requests to delete personal data should be directed to the sender.

    5. The right to request limitation of data processing shall be due if:
      1. You will notice that your data is incorrect – you can then request to limit the processing of your data for a period of time that allows us to check the correctness of this data; or
      2. Your data will be processed unlawfully, but you will not want to be removed;
      3. Your data will no longer be needed but may be needed to defend or enforce claims; or
      4. You will object to the processing of the data pending the determination of whether the legitimate grounds on our side are superior to the grounds of objection.
    6. The right to oppose further processing shall apply if:

      7. The processing of your personal data is based on a legitimate interest or for statistical purposes, and the opposition is justified by the specific situation in which you have found yourself. However, according to the law, we may refuse to take into account the objection if we show that:

      – There are legitimate grounds for processing which override your interests, rights and freedoms (such as tax law, accountancy law, obligation to prove accountability),

      – There are grounds for establishing, pursuing or defending claims.

    7. The right to lodge a complaint in relation to the processing of your personal data by us – you do so by submitting it to the supervisory body, which is the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw. Detailed information is available on the web page https://uodo.gov.pl/pl/83/155.
    8. If the processing of personal data takes place on the basis of consent, you may withdraw your consent at any time – at its sole discretion.
    9. If you would like to withdraw your consent to the processing of personal data, simply send an e-mail to the following address: biuro@bitfold.com.
    10. If the processing of your personal data took place on the basis of consent, its withdrawal does not mean that the processing of personal data up to this point was illegal. In other words, until the withdrawal of consent, we have the right to process your personal data and its revocation does not affect the legality of the current processing.
    11. Who do we share your personal information with?
      1. Our subcontractors (processors), such as:
        • Accounting firm servicing the Administrator;
        • Legal and IT companies, contractors of services at the request of the Administrator;
        • Polish Agency for Enterprise Development – under a grant agreement;
        • Our employees and people cooperating with us;
        • Entities providing software and e-internet service platform.
      2. Entities or bodies entitled under the law.
    12. Will your personal data be transferred outside the European Economic Area?

      13. Yes, your personal data are transferred to Switzerland. However, in the European Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data, the European Commission has ensured that Switzerland guarantees an appropriate and adequate level of protection for the personal data transferred.

      We also inform you that due to the fact that we use cookies from third parties (more information you can find in the Cookies Policy), there is a risk that some of your personal data may be transferred to the United States. The Administrator and Joint Controller transfers your personal data using mechanisms that comply with applicable law.

    13. Responsibility for securing and processing personal data
      • The Controller and the Joint Controller are responsible for the processing of Personal Data in accordance with the law.
      • The Administrator and the Joint Controller are not responsible for the effects of providing Personal Data to a public authority if the obligation to disclose results from the law or from the request of such authority. All claims in this respect should be addressed to that public authority.
    14. Final provisions
      • In matters not covered by this Privacy Policy, the regulations on the protection of personal data apply.
      • Any amendments to this Privacy Policy will be notified to you by e-mail.
      • This Privacy Policy is effective from 27th January 2023.