1. General Privacy Policy

At TonUP, we take data privacy and the protection of your Personal Data very seriously. We treat your Personal Data confidentially and according to the applicable data protection laws (herein defined to include the relevant regulations, by-laws, decrees, court orders or similar instruments) and this privacy policy ("Privacy Policy" or "Policy").

Your provision of Personal Data, such as your Telegram account or email addresses, is strictly on a voluntary basis. However, if you choose not to provide, or to permit the use, disclosure and/or processing of, the Personal Data we require, it may not be possible for us to provide you with the information, products and/or services you want. Subject to the terms of this Privacy Policy, this data will not be passed on to third parties without your permission or without being required by the applicable laws.

However, please note that data transmissions online, including email communication and Telegram communication, cannot be entirely secure and may be exposed to security vulnerabilities and system errors. While we seek to exercise due care, a complete protection of personal details against unauthorized access by third parties may not always be possible.

IF YOU PROVIDE PERSONAL DATA TO US, YOU CONSENT TO THE COLLECTION, USE AND DISCLOSURE OF SUCH PERSONAL DATA IN ACCORDANCE WITH THIS POLICY. IF YOU PROVIDE THE PERSONAL DATA OF ANOTHER INDIVIDUAL, IT MEANS THAT YOU HAVE INFORMED THAT PERSON OF THE PURPOSES FOR WHICH WE REQUIRE THAT PERSON’S PERSONAL DATA AND THAT PERSON HAS CONSENTED TO THE COLLECTION, USE AND DISCLOSURE OF THE PERSONAL DATA IN ACCORDANCE WITH THIS POLICY.

1.1 Database requests for AML

To comply with international sanctions and applicable regulation for securities and to fight money-laundering or the financing of terrorism, we may need to check Personal Data provided by you against publicly available databases.

1.2 Marketing information

We may issue marketing information, including newsletters, to you to provide updates on the Services. If you would like to receive the information, we require your email address as well as information which allow us to check that you are the owner of the provided email address and that you agree to receiving the information. Further data may also be collected, if necessary for this purpose. We use those data exclusively to conduct checks as mentioned above and the sending of the requested information. Subject to the terms of this Privacy Policy, we do not transmit such data to third parties.

The given permission to the storage of the data, the email address as well as the use of such for the purpose of sending the newsletter can be withdrawn at any time via the "unsubscribe" link where available within the message or by sending us an email.

1.3 Processing of data

We may contract with services to collect pseudonymous usage data, which is used for the sole purpose of helping to improve our products for our users. Subject to this Privacy Policy, and to the extent under our reasonable control, we will not associate the data with any personal user data.

If you wish to submit or have submitted Personal Data to us for the purpose of registering for and obtaining the Services, you consent to our collection, processing, use and disclosure of such Personal Data for such purposes.

We also reserve the right to monitor, check, and process your Personal Data if necessary, to investigate or obtain evidence concerning any complaint, claim or dispute or any actual or suspected illegal or unlawful conduct, or to aid in such investigation or evidence gathering by any law enforcement or regulatory authorities.

We may also collect, process, use and disclose Personal Data where required or permitted by law for any purpose.

Notwithstanding anything to the contrary in this Privacy Policy, we may disclose Personal Data to third parties in order to achieve any of the purposes stated herein. The third parties include:

our service providers and contractors, including third party vendors that provide data processing or management services; our business partners and affiliates; other holders or users of Tokens; any person or entity involved in the transfer of Tokens or Services provided to you; and law enforcement authorities, regulatory authorities, statutory bodies, or public agencies for the purposes of complying with their requirements, policies, directives, or requests.

1.4 Transmission of data on contract conclusion for services and digital contents

Except as otherwise stated in this Policy above or expressly agreed on, we may transmit Personal Data to third parties, but only if it is necessary in relation to the Service including any transmission of data to relevant payment agents.

1.5 Data processors

From time to time, we may contract with authorized data processors to process your Personal Data on our behalf for the given purposes herein. The Personal Data you provide may be transferred and processed outside your jurisdiction in accordance with applicable data protection law(s).

1.6 Commercial use policy

Only in the event and for the time that you give us your consent, we will use your Personal Data and/or transmit it to our business partners and affiliates of our organization in order for us or our business partners to inform you via email about upcoming opportunities or to market and promote our respective products and services.

1.7 Right of access to and correction of Personal Data

You have the right to be informed about your Personal Data in our possession or under our control, their origin and addressee and the purpose of data processing as well as the right to correction of those data at any time. For further questions and questions concerning Personal Data, please email us.

1.8 Objection to commercial mails

Providers of the Services or the information, products or services featured on this website may publish their contact information in various parts on this website. The use of such contact information by third parties for the purpose of distributing unsolicited advertisements or other commercial information is prohibited. The operators of the Services reserve the right to take legal measures in case of being sent unsolicited commercial information, including spam messages.

1.9 Amendment of this privacy policy

We may amend this Privacy Policy from time to time and will make available the updated Privacy Policy via this website. Each time we collect, process, use or disclose Personal Data, the latest version of this Privacy Policy in force at the time will apply.

2. GDPR compliance

This section should be read together with section 1 and its terms should prevail where there is any consistency.

We are committed to demonstrate the highest level of integrity in dealing with our customers, Token holders, investors and other business partners. When you are using the our Services, we may collect, process and/or disclose Personal Data in accordance with this Policy. Further, we may either receive your Personal Data directly from you when you are communicating with us or provide your Personal Data otherwise in the course of other interactions with us, or indirectly from third parties who legally provide your Personal Data to us.

This Policy is meant to inform you, which Personal Data we collect, store, process, use and/or disclose, for which purposes and on which legal basis. We further inform you about your rights to protect your Personal Data.

This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy. Your continued use of our Services or website constitutes your agreement to be bound by this Policy, as amended or updated from time to time.

2.1 Consent to international transfer in countries with lower level of data protection

If you do not wish your Personal Data to be transferred to third countries outside the EU/EEA, please do not tick the consent box and do not send any Personal Data to us.

Please note that we may collect your Personal Data directly from the country where you are based and may store it on servers outside EU/EEA, which may be operated by third party service providers. We may need to involve third party service providers due to their legitimate interests in having a secure and sufficient data storage system. We select the respective third party service providers with due care, ensuring that such service providers respect the applicable privacy laws; are aware of the importance of protecting Personal Data; and implement “state-of-the-art” technical and organizational measures.

WHEN CONSENTING TO THIS PRIVACY POLICY, YOU ALSO CONSENT TO SUCH INTERNATIONAL TRANSFER TO AND PROCESSING OF YOUR PERSONAL DATA BY SUCH THIRD PARTIES IN THIRD COUNTRIES OUTSIDE THE EU/EEA. PLEASE FIND A LIST OF THE THIRD PARTY SERVICE PROVIDERS AND THE RESPECTIVE THIRD COUNTRIES INVOLVED IN SUCH PROCESSING OF YOUR PERSONAL DATA UNDER SECTION 2.7.

2.2 Consent and withdrawal

In the circumstances where we ask for your consent to process your Personal Data or whenever you are providing your consent to us, you have ensured that it is provided freely and on a fully informed basis. If you give your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After your withdrawal, we will stop to process your Personal Data, including storage. This paragraph is only relevant to cases of processing undertaken on a voluntary basis. It does not apply to cases where processing is necessary or obligatory by law or in any way. To withdraw your consent, please email us.

2.3 Which Personal Data we process

For the purposes of providing the Services, the categories of Personal Data about you that we or our authorized third party data processors may process include:

Contact details: email address, social media account details; Financial details: bank information for payments, credit card information for payments, utility bill, credit report, other financial details with respect to “Accredited Investor” (or equivalent status) verification; Corporate details: name, place of registration, registration number, transparency register number, details with respect to articles of association and other similar documents / certificates, details with respect to shareholders and/or beneficial owners (including their personal and contact details); and your public cryptocurrency wallet address.

2.4 How we collect your Personal Data

We may collect Personal Data about you from the following sources:

when you contact us via email, Telegram or by any other means; in the ordinary course of our transactions and relationship with you; when we provide you with access to our blockchain protocol; where you have manifestly chosen to make such Personal Data public, including via social media profiles; when we receive your Personal Data from third parties who legally provide it to us, such as credit reference agencies or law enforcement agencies; when you visit any of our websites or use any features or resources available on or through our websites. When you visit our website, your device and browser may automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a website and other technical communications information), some of which may constitute Personal Data; when you submit your resume/CV to us for a job application; and when you acquire the Tokens.

2.5 Creation of Personal Data

During your interaction with our blockchain platform, we may create Personal Data about you, such as records of your interactions with us and details of your transaction history.

2.6 For which purposes we use your Personal Data

We use your Personal Data to provide, maintain and improve our Services, to grant you access to our organization’s networks and enable you the use of the Tokens. For marketing purposes, we use your Personal Data only if and as long as we have received your consent and in accordance with respectively applicable additional legal requirements in your jurisdiction. We do not sell your Personal Data to third parties.

If you submit Personal Data to us or our authorized data processors for the purposes of obtaining our Services, including the acquisition of the Tokens, we will collect, process, and disclose such Personal Data for the purposes of providing the Services, including the issuance, distribution, use and circulation of or exchange for the Tokens.

2.7 Lawful basis for processing Personal Data

In processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:

we have obtained your explicit prior consent to the processing (where processing that is entirely voluntary; not where processing is necessary or obligatory by law or in any way); the processing is necessary in connection with any contractual relationship that you may enter into with us; the processing is required by applicable law; the processing is necessary to protect the vital interests of any individual; or we have a legitimate interest in carrying out the processing for the purpose of managing, operating, or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.

When we are involving third party processors in the performance of our services and contractual obligations and such involvement requires the sharing of Personal Data, we have entered with our third party Processors into data processing agreements according to Art. 28 of the European General Data Protection Regulation (“GDPR”) and, as far as required, further appropriate safeguards according to Art. 46-49 GDPR. The list of third party processors to which we disclose your Personal Data can be requested by email.

2.8 Processing your Sensitive Personal Data

We do not seek to collect or otherwise process your Sensitive Personal Data, except where:

the Processing is required or permitted by applicable law; the Processing is necessary for the detection or prevention of crime (including the prevention of fraud); the Processing is necessary for the establishment, exercise or defense of legal rights; or we have, in accordance with applicable law, obtained your explicit consent before processing your Sensitive Personal Data (where processing that is entirely voluntary; not where processing is necessary or obligatory by law or in any way).

2.9 Consequences if we may not collect your Personal Data

We need your Personal Data to provide our Services to you and/or perform our contractual obligations towards you. Without providing such Personal Data, we may not be able to provide you the services you are intending to receive.

2.10 Cookies

We may use cookies from time to time.

2.11 Marketing activities

If you have consented to receiving marketing information, including newsletters, from us, we may transfer your Personal Data to our business partners for us or our business partners to inform you via email about upcoming opportunities and promote our respective products and services.

2.12 Links to business partner and co-branded sites

Certain links contained on our web sites may direct you to co-branded web sites maintained by our organization or to organizations which we have established business relationships. When you submit information to one of these co-branded sites, you may be submitting it to both our organization and these business partners. Under no circumstances may our organization be held responsible for the privacy practices of these business partners and we therefore strongly encourage you to read their respective privacy policies as they may differ from ours.

2.13 When we erase your Personal Data

We erase your Personal Data automatically when they are no longer required for the purposes listed above. We also erase your Personal Data according to your request and if further storage is neither required nor permitted by applicable laws.

2.14 Your rights related to data privacy

You have the right to request access to and rectification or erasure of your Personal Data, or restriction of their processing. Furthermore, you have the right to object to processing as well as to request data portability. If you are in the EU/EEA, you have the right to file a complaint to the responsible European Data Protection Authority.

2.15 Our contact information as Data Controller

If you have a direct business relationship with us, we are Data Controller according to Art. 4 para. 7 GDPR. For any requests, please email us.

In the performance of online services, we may be required to process your data on behalf of a contract partner of yours (e.g. vendor, seller, service provider). In this case, the privacy policy of your partner applies. Please contact your contract partner for more information.

3. Definitions

“Controller” means the entity that decides how and why Personal Data is processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws. “Data Protection Authority” means an independent public authority that supervises, through investigative and corrective powers, the application of the data protection law. “EEA” means the European Economic Area. “Personal Data” means information that is about any individual, or from which any individual is identifiable. Examples of Personal Data that we may process are provided above in this Policy. “Process”, “processing” or “processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Processor” means any person or entity that processes Personal Data on behalf of the Controller (other than employees of the Controller). “Services” means any services provided by our organization, including any arrangement and management of the Tokens, other services provided on our platform and/or via our websites. “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive under applicable law.