Privacy Policy
Effective from: 14 February 2023
This privacy policy (“Policy”) describes how SR Saphirstein AG, Bellerivestrasse 245, 8008 Zurich, Switzerland, entered in the Commercial Register of the Canton of Zurich under the number CHE-256.014.995 (“Company”, “Fiat24”, “we”, “our”, or “us”) collects, uses, shares, and stores personal information of users of its website, https://www.fiat24.com (the “Site”). This Policy applies to the Site, web-applications, products and services on the Public Blockchain (Ethereum) (collectively, “Services”) on or in which such personal information is posted, linked, used, checked or referenced.
If you have not done so already, please also review our Terms of Use. The Terms of Use contain provisions that limit our liability to you and require you to resolve any dispute with us on an individual basis and not as part of any class or representative action. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF USE, THEN PLEASE DO NOT USE ANY OF THE SERVICES.
Please note that this Privacy Policy does not apply to information collected through third-party websites or services that you may access through the Services or that you submit to us offline.
If you are visiting the Site from the European Union (EU), see especially our Notice to EU Data Subjects below for our legal bases for processing and transfer of your data (section 8).
1. What we collect
We get information about you in a range of ways, including the following:
1.1 Information You Give Us.
Information we collect from you may include:
Identity information, such as your first name, last name or similar identifier, title, date of birth, gender, nationality, place of birth and occupation;
Passport and/or photo ID for identity verification purposes;
Contact information, such as your postal address, email address and telephone number;
Information required to comply with anti-money laundering (AML) laws and know-your-customer (KYC) requirements (such as nationality and place of birth);
Information required to comply with tax law requirements, such as your country of tax identification and tax identification number (TIN);
Profile information, such as your nickname, interests, preferences, feedback and survey responses;
Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with Service, receive customer support or otherwise correspond with us;
Financial information, such as bank account number for cash withdrawal and the bank BIC number;
Transaction information, such details about transfers or purchases you make through the Service;
Usage information, such as information about how you use the Service and interact with us;
Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them;
Technical information, such as your Ethereum wallet address and network information regarding transactions. Please note that your Ethereum wallet address is not collected by https://www.fiat24.com/ or the associated web-application (“Fiat24”);
Your GPS location at the moment of opening your account with Fiat24.
1.2 Information Automatically Collected
We may automatically record certain information about how you use our Site (we refer to this information as “Log Data“). Log Data may include information such as a user’s Internet Protocol (IP) address, device and browser type, operating system, the pages or features of our Site to which a user browsed and the time spent on those pages or features, the frequency with which the Site are used by a user, search terms, the links on our Site that a user clicked on or used, and other statistics. We use this information to administer the Service and we analyze (and may engage third parties to analyze) this information to improve and enhance the Service by expanding its features and functionality and tailoring it to our users’ needs and preferences. The IP address will be evaluated for clarification and defense purposes only in the event of an attack on the website(s)’ network infrastructure or in case of a suspicion of unauthorized or abusive use of the websites. It may further be used for identification purposes in criminal proceedings and in the context of civil and criminal proceedings against the concerned individual, as necessary and required.
1.3 Information we will never collect
We will never ask you to share your Ethereum private key or wallet seed. Never trust anyone or any site that asks you to enter your private keys or wallet seed.
2. Use of Personal Information
2.1 To provide our service
In addition to the processing purposes already mentioned in section 1.1, we will use your personal information in the following ways:
To enable you to access and use the Services incl. recording your Fiat24 account balance and transaction history in the Public Blockchain, Ethereum.
To verify your identity.
To provide and deliver products and services that you may request.
To process and complete transactions, and send you related information, including purchase confirmations and invoices.
To send information, including confirmations, technical notices, updates, security alerts, and support and administrative messages.
2.2 To comply with the law
We use your personal information as we believe necessary or appropriate to comply with applicable laws including anti-money laundering (AML) laws, know-your-customer (KYC) requirements, tax law requirements, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
2.3 To communicate with you for marketing reasons
We may use your contact information (email address) to send you information about promotions, upcoming events, newsletters, and other news about products and services offered by us and our selected partners. You can unsubscribe from these communications at any time.
2.4 To optimize our platform
In order to optimize your user experience, we may use your personal information to operate, maintain, and improve our Services. We may also use your information to respond to your comments and questions regarding the Services, and to provide you and other users with general customer service.
2.5 With your consent
With your consent, we may use or share your personal information, such as posting your testimonials or endorsements on our website, or if you instruct us to take a specific action with respect to your personal information. You may withdraw your consent at any time by contacting us (see section 13).
2.6 For compliance, fraud prevention, and safety
We may use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
3. Sharing of Personal Information
We do not share the personal information that you provide us with other organizations without your express consent, except as described in this Privacy Policy and in consideration of the principle of proportionality (need-to-know). We disclose personal information to third parties under the following circumstances:
Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates (i.e. our family of companies that are related by common ownership or control) for purposes consistent with this Privacy Policy.
Business Transfers. We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
Compliance with Laws and Law Enforcement; Protection and Safety. We may share personal information for legal, protection, and safety purposes.
We may share information to comply with laws, including KYC, AML, and tax law requirements.
We may share information to respond to lawful requests and legal processes.
We may share information to protect the rights and property of the Company, our agents, customers, and others. This includes enforcing our agreements, policies, and terms of use.
We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
Professional Advisors and Service Providers. We may share information with those who need it to do work for us. These recipients may include third party companies and individuals to administer and provide the Service on our behalf (such as bill and credit card payment processing, customer support, hosting, email delivery and database management services), as well as KYC/AML service providers, lawyers, bankers, auditors, and insurers.
Other. You may permit us to share your personal information with other companies or entities of your choosing. Those uses will be subject to the privacy policies of the recipient entity or entities.
Public Blockchain (Ethereum). Your Fiat24 account balance and transaction history is recorded in the Public Blockchain. It is therefore possible that your data on this Public Blockchain is visible to third-party users of the Public Blockchain.
We may also share aggregated and/or anonymized data with others for their own uses.
4. International Transfer
The Company’s own office is only in Switzerland and has service providers in the EU countries. Your personal information may be transferred to or from the Switzerland/EU to other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction, such us Singapore.
More important information also for cases in which Swiss Law is applicable is provided below about transfer of personal information outside of the European Economic Area (EEA) (section 10 f.).
5. How Information is secured
We retain information we collect as long as it is necessary and relevant to fulfill the purposes outlined in this privacy policy. In addition, we retain personal information to comply with applicable law where required, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Use, and other actions permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you or used to identify you) in which case we may use this information indefinitely without further notice to you.
We employ industry standard security measures designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the internet can never be fully guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, biometrics, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our digital services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected.
6. Information Choices and Changes
6.1 Manage Contact Details
You can request to change contact choices, opt-out of our sharing with others, and update your personal information and preferences. See for further information about your rights section 9 below.
6.2 Tracking Technologies Generally
Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. For more information, please see our Cookie Policy.
6.3 Google Analytics
We use Google Analytics, a web analysis service of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland respectively Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics uses methods that allow an analysis of the use of the website, such as cookies. These generate information about your use of this website such as
Navigation path that a visitor takes on the site,
Length of stay on the website or sub-page,
The sub-page on which the website is left,
The country, region, or city from where access takes place,
Device (type, version, colour depth, resolution, width and height of the browser window),
Recurring or new visitors,
Browser type/version,
The operating system used,
The referrer URL (the page previously visited),
Host name of the accessing computer (IP address), and
Time of the server query
that are transferred to the USA and stored there on servers of Google, a company of the holding company Alphabet Inc. The IP-address will be shortened by the activation of IP anonymisation (“anonymiseIP”) on this website, before transmission within the member states of the European Union or other states that are party to the agreement on the European Economic Area, as well as in Switzerland. According to Google, the anonymised IP address that the user’s browser transmits within the scope of Google Analytics will not be merged with any other data held by Google. In exceptional cases only, the complete IP address may be transmitted to a Google server in the USA and shortened there. n these cases, we rely on the industry standard Google Analytics Terms of Use which can be found here.
The information is used in order to evaluate the use of the website, to compile reports on the activities on the website and to provide other services related to the use of the website and the Internet for the purposes of market research and tailor-made website design. Google may also pass this information on to third parties insofar as this is required by law or if third parties process the data on Google’s behalf. According to Google, no connection is ever made between the IP address and other data relating to the user.
Users can prevent the collection of the data (including the IP address) generated by the cookie and related to the website use by the respective user’s personal data by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link.
An opt-out cookie is stored on your device. If you delete cookies, the link must be clicked again.
6.4 Google Tag Manager
We use Google Tag Manager a service of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, respectively Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, in order to manage cookies and pixels for tracking tools and other tools. The Tag Manager tool itself is a cookie-free domain and does not collect any personal data. Instead, the tool triggers other tags that may in turn collect data. If you have performed a deactivation at domain or cookie level, this remains in place for all tracking tags implemented using Google Tag Manager.
7. Changes to this Privacy Policy
We may change this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make any changes, we will change the "Effective From" date at the top of this page.
Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the changes to the Site (or as otherwise indicated at the time of posting). In all cases, your continued use of the Site or Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.
8. Notice to EU Data Subjects
8.1 Personal Information
With respect to EU data subjects, “personal information,” as used in this Privacy Policy, is equivalent to “personal data” as defined in the European Union General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, "GDPR"). For information on the processed data, please see section 1.1 to 1.3).
8.2 Sensitive Data
Some of the information you provide us may constitute sensitive data as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents. For information on the processed data, please see section 1.1 to 1.3).
8.3 Legal Bases for Processing
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below.
If you have questions about the legal bases under which we process your personal information, contact us at privacy@fiat24.com.
To provide our service
Our processing of your personal information is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Service (art. 6 para. 1 lit. b GDPR).
To communicate with you; To optimize our platform; For compliance, fraud prevention, and safety; To provide our service
These processing activities constitute our legitimate interests (art. 6 para. 1 lit. f GDPR). Furthermore, the legal basis for these processing lies within the meaning of art. 6 lit. a and c GDPR. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with law
We use your personal information to comply with applicable laws and our legal obligations, including anti-money laundering (AML) laws, know-your-customer (KYC) requirements (art. 6 para. lit. c GDPR), and tax law requirements.
With your consent
Where our use of your personal information is based upon your consent (as described in (section 2.3 and 2.5), you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at privacy@fiat24.com (art. 6 para. lit. a GDPR).
8.4 Use for New Purposes
We may use your personal information for reasons not described in this Privacy Policy, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will first seek your consent for any unrelated purpose.
9. Your Rights
You have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
Opt-out. Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you Service-related and other non-marketing communications.
Access. Provide you with information about our processing of your personal information and give you access to your personal information free of charge.
Correct. Update or correct inaccuracies in your personal information and to be informed of the correction. We will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.
Delete. Delete your personal information in certain circumstances. In individual cases, the right to deletion may be excluded.
Right to data portability. You have the right, in certain circumstances, to obtain from us, the personal data you have provided to us, free of charge and in a readable format.
Right to lodge a complaint with a supervisory authority. if you are a resident of an EU or EEA Member State, you have the right to lodge a complaint with a competent supervisory authority about the way, in which your personal data is processed.
Restrict. Restrict the processing of your personal information, under certain conditions.
Right of withdrawal. <in principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past do not become unlawful as a result of your revocation.
Due to the nature of a Blockchain certain rights may be limited. However, we will do our best to grant you the rights by also taking into account all technical possibilities.
You can submit these requests by email to our data protection team at privacy@fiat24.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at privacy@fiat24.com or submit a complaint to the data protection regulator in your jurisdiction.
10. Cross-Border Data Transfer
Please be aware that your personal data will be transferred to, processed, and stored in Switzerland and the EU. Data protection laws may be different from those in your country of residence. Such third party companies are obliged to protect the privacy of individuals to the same extent as we do. If the level of data protection in a country does not correspond to the Swiss or European level, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times. Certain third party providers mentioned in this Privacy Policy are based in the USA (see section 6.2).
Please contact us at privacy@fiat24.com, if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
11. Note on data transfers to the USA
For the sake of completeness, we would like to point out that the US authorities may take surveillance measures under US legislation that allow for the general storage of all data transferred from the European Union or Switzerland to the US. This is done without distinction, limitation or exception, on the basis of the objective pursued and without objective criteria that would allow limiting the access of the US authorities to personal data and their subsequent use to specific, strictly limited purposes justifying access to such data.
Furthermore, we would like to point out that there are no legal remedies in the USA for data subjects from EU Member States or Switzerland that would allow them to access the data concerning them and to obtain its rectification or deletion, and that there is no effective legal protection against general access rights of the US authorities. We expressly draw the data subject's attention to this legal and factual situation so that they can make an informed decision about consenting to the use of their data.
For individuals residing in EU Member States or Switzerland, please note that from the perspective of the European Union and Switzerland, the USA does not have an adequate level of data protection due to, among other things, the issues mentioned in this section. Where we have stated in this privacy policy that the recipients of data (such as Google) are located in the USA, we will ensure by contract that your data is adequately protected by our partners.
12. Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Site may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.
13. Contact Information
If you have any questions regarding data protection, if you would like to receive information or if you would like to request the deletion of your personal data, please contact us by email at privacy@fiat24.com.
Alternatively, you can write to: SR Saphirstein AG, Bellerivestrasse 245, 8008 Zurich, Switzerland.
Last updated