Last update: 02/15/2022
1. Data Controller and Data Protection Officer
The data controller of the personal data collected through the Site is CheckSig S.r.l., briefly also CKSG S.r.l. (Tax Code / VAT No. 11028330964) based in Milan MI, Piazza del Liberty 8 CAP 20121; e-mail: firstname.lastname@example.org, PEC address: email@example.com (hereinafter also just “CheckSig” and/or the “Owner“).
2. Categories of personal data processed
2.1. Data provided by the User
CheckSig will process the following personal data provided directly by the User:
- Individual Users: personal data: name, surname, date and place of birth, tax code and nationality; contact details: residence and/or domicile address, telephone number, e-mail; verification data (for the purpose of verifying an account): identity documents (passport, driving license and identity card) and data of a proof of address for the verification of residence, photos, data on the condition of politically exposed persons; other personal and/or economic information (in order to comply with legal obligations): profession and economic sector, income and assets, origin of funds, password for the account; additional personal data provided by the User in the use of the additional sections on the Site (for example “Do you need help“);
- Users Legal entities: personal data: company name, country of residence, VAT number; contact details of the legal representative: telephone number, e-mail; any other personal data provided by the User when using the additional sections on the Site (for example “Do you need help“).
2.2. Data collected by CheckSig
Computer systems and software procedures on which this website is based are made so that they get, during their ordinary activity, information and personal data that are later sent implicitly through the web by systems based on the Internet protocol.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes the IP addresses or domain names of the computers used by the Users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
2.3. Personal data of third parties
Should the Data Controller process personal data of third parties communicated directly by a User (for example in the event that the User intends to make an appointment with CheckSig also on behalf of a friend, or intends to make use of an executor, i.e. the delegated subject to operate in the name and on behalf of the User or to whom the powers of representation of the User are conferred), the User acknowledges that in this case they are the owner of the processing of the personal data of the aforementioned third parties. Therefore, by providing such personal data of third parties to CheckSig we guarantee that: (i) the personal data that should be communicated by the User to CheckSig have been processed by the User in accordance with the provisions in force on privacy and (ii) the aforementioned third parties have been previously and duly informed by the User in relation to methods and purposes of the processing itself and have authorized it to do so. All responsibility for the communication of information and data of third parties without said parties’ permission or for any incorrect or unlawful use of the same is solely of the User.
3. Purposes of processing and legal basis
3.1. Registration on the Site and creation of the personal account for the establishment, the execution and the management of the contractual relationship
|The legal basis for processing of personal data is the contractual relationship to which the User is a party pursuant to art. 6 par. 1 letter b) GDPR.|
The personal data referred to in paragraph 2.1. will be processed by CheckSig for:
- the registration on the Site, creation and management of the User’s personal account and any IT-technical assistance on the use of the account;
- the establishment, execution and management of the contractual relationship and/or for the supply of services connected to the same contractual relationship. And in particular, for the following purposes:
- provision of the services covered by the contractual relationship: request the opening of an account by e-mail and/or telephone in the case of a legal person User, keep, buy or sell digital assets, consult the movements and/or communications of CheckSig about your account, create a Crypto Dossier for each User;
- verification of the User’s identity: in order to correctly process a withdrawal request, CheckSig verifies, in confirmation of the aforementioned request, the identity of the customer via video call;
- administrative and accounting: issuing of invoices; customer database management;
- management of active and/or passive disputes.
3.2. Fulfilment of legal obligations
|The data processing legal basis is the need to comply with a legal obligation to which the Data Controller is subject pursuant to art. 6 par. 1 letter c) GDPR.|
The personal data referred to in paragraph 2.1. will be processed by CheckSig for the fulfillment of the legal obligations imposed on CheckSig by virtue of civil, fiscal and accounting regulations, as well as in the field of anti-money laundering, prevention of terrorist financing, to respond to any requests for information deriving from national authorities and supranational.
3.3. Marketing activities
|The legal basis for the processing of data is the prior consent of the User pursuant to art. 6 para. 1 lit. a) GDPR.|
The personal data of the User referred to in paragraphs 2.1. and 2.2. will be processed for promotional activities through traditional (operator calls) and automated (email, SMS, instant messaging) by CheckSig such as:
- newsletters, brochures and presentations;
- sending commercial and/or promotional information and updating communications in relation to CheckSig services;
- invitations to events;
- market research.
CheckSig for the pursuit of its legitimate interest – which does not override the interests and/or fundamental rights and freedoms of the User – in the context of the execution of the contractual relationship may process the e-mail address of the User for the CD. soft spam (art. 130, comma 4 D. Lgs. 196/2003 and 6 par. 1 letter f) GDPR).
|The legal basis for the processing of data is the prior consent of the User pursuant to art. 6 para. 1 lit. a) GDPR.|
The personal data of the User referred to in paragraphs 2.1. and 2.2. will be processed for profiling activities not only automated to:
- process and/or create profiles according to the User’s preferences;
- personalise the User’s experience in relation to the services provided by CheckSig.
However, it is not deemed that partly-automated profiling will produce legal ramifications for the User or have a significant effect on the User in a similar manner. Rights of the interested party.
3.5. Fix an appointment with CheckSig
|The legal basis for the processing of data is the need to implement pre-contractual measures at the request of the User pursuant to art. 6 par. 1 letter b) GDPR.|
The personal data of the User referred to in paragraphs 2.1. and 2.3. will be processed to fix an appointment requested by the User and/or to respond to requests for information made by the User, in order to obtain more information on CheckSig and/or on CheckSig’s activities and services.
Any purpose other than the specific treatment for which personal data has been provided will be pursued by CheckSig only after – as required – a specific notice has been sent to the User and the latter’s consent has been obtained.
4. Mandatory or optional nature of the provision of the User’s personal data – consequences of any refusal
The disclosure of the User’s personal data to the Data Controller which is required through the Website may be mandatory or optional for the pursuance of the purposes identified in this Policy.
- the provision of personal data by the User for the purposes referred to in paragraphs 3.1. and 3.2. is optional but necessary because failure to provide it will make it impossible to register on the Site and create your own personal account and/or to establish and/or continue in the contractual relationship and/or to provide services related to the aforementioned relationship;
- the provision of the User’s personal data for the purposes referred to in paragraphs 3.3., 3.4. and 3.5. is optional and failure to provide it will have no consequence on the possibility of registering on the Site and establishing a contractual relationship with CheckSig, but it will not be possible to inform the User about promotional and commercial initiatives and send the user newsletters, invitations to events, evaluate the interests and preferences of the User or fix an appointment with CheckSig to provide the User with more details about the activities and/or services offered by CheckSig.
It is also specified that where the User has given their consent to authorise the Data Controller to pursue the purposes referred to in paragraphs 3.3. and 3.4. that precede will remain free at any time to revoke your consent and/or oppose the processing of data for the aforementioned purposes, even only in relation to the methods of contact (for example, where the User wishes the processing to be performed through traditional contact means only, they may oppose to the processing of their personal data performed through automated contact means) by simply sending a written notice to that end to the addresses specified in paragraph 10 below.
5. Methods of processing personal data
The processing of the User’s personal data will take place in a lawful, correct and transparent manner, for specific, explicit and legitimate purposes and in compliance with the laws, regulations and provisions on data privacy.
The User’s personal data are mainly processed in electronic format and in some cases also in paper format.
Users’ personal data in particular will be processed through CheckSig’s Customer Relationship Management (“CRM“). Once entered into the CRM, the User’s personal data can be read, modified and updated by employees of the CheckSig sales, marketing and communication department expressly appointed as data processors.
6. Recipients of personal data
The recipients of the Users’ personal data and therefore the subjects who become aware of the Users’ personal data are:
- subjects in charge of processing by CheckSig to whom specific written instructions have been provided: all company personnel, collaborators and consultants;
- subjects who provide services for CheckSig appointed by the latter in writing as data processors, i.e. the companies that manage and implement the Site and provide CRM services, to fix an appointment, instant messaging and to sign the contract that the User concludes with CheckSig;
- subjects who operate as independent owners, i.e. banking institutions, tax consultants, regulatory authorities, judicial authorities.
For a complete and updated list of the subjects to whom the data is communicated, the User can write to the contact details indicated in paragraph 10 below.
7. Retention times for personal data
For the purposes referred to:
- paragraphs 3.1. and 3.2. the User’s personal data will be kept by CheckSig for the entire duration of the contractual relationship and for a period of 10 years after the contractual relationship has come to an end;
- paragraph 3.3. the personal data will be stored for 2 years from the collection of consent and its registration in the CRM or in any case until the withdrawal of consent;
- in paragraph 3.4 personal data will be stored for 1 year from the collection of consent and its registration in the CRM or in any case until the withdrawal of consent;
- in paragraph 3.5 the personal data will be stored for 6 months from the date of the conferment.
8. Transfer and communication of personal data to third parties
The User’s personal data are transferred to non-EU countries and in particular to the USA and in this case the Data Controller has adopted the appropriate guarantees (Standard Contractual Clauses in accordance with the requirements set out in Commission Decision No. 2021/914 EU).
9. The exercise of rights by the individual concerned
Pursuant to articles 13, paragraph 2, letters b), c) and d) and 15-22 of the GDPR, Users can exercise the following rights:
- the right to request access to their personal data together with indications relating to the purpose of the processing, the category of personal data processed, the subjects or categories of subjects to whom they have been or will be communicated (with indication of the possibility in which such subjects are located in third countries or are international organizations), when possible to the retention period of personal data or to the criteria used to determine this period, to the existence of their rights to rectify and / or delete personal data, to limit processing and of opposition to processing, to one’s right to lodge a complaint with a supervisory authority, to the origin of the data, to the existence and logic applied in the event of an automated decision-making process. If they exercise this right, and unless otherwise indicated by the User, they will receive an electronic copy of their personal data that is subject to processing;
- the right to obtain:
- their personal data rectified if inaccurate or completed if incompleted;
- the cancellation of their personal data should there be one of the conditions laid down in art. 17 of the GDPR (for example: the User’s personal data are no longer necessary with respect to the purposes for which they were collected, the User decides to revoke the consent to the processing – where this represents the legal basis – and there is no other legal basis for the processing itself, the User opposes the processing and no other legitimate interest of the Data Controller prevails, the personal data are processed unlawfully);
- the limitation of the processing of personal data concerning the User 1) for the time necessary for CheckSig to ascertain the accuracy of the User’s personal data (in the event that the User has contested it), or 2) if the processing of personal data is illegal and the User requests, instead of deleting his personal data, the limitation of the related processing, or 3) when CheckSig no longer needs the User’s personal data but the same are for the User necessary to ascertain, exercise or defend a right in court, or, finally, 4) for the time necessary to assess the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the User, if the User has opposed the processing of their personal data pursuant to point c) below;
- the User’s personal data in a structured format, commonly used and readable by an automatic device also in order to transmit them to another owner, if the processing is based on consent or on a contract and is carried out by automated means (so-called right to data portability). If the User is interested, they can ask CheckSig to transmit their directly to the other Data Controller, if this is technically feasible;
- the right to object to the processing of their personal data, if such processing is carried out pursuant to art. 6.1 lett. e) (i.e. for the execution of a task of public interest to which the Data Controller is subject) or lett. f) (i.e. to pursue a legitimate interest of the Data Controller) of the GDPR, unless there are compelling legitimate reasons for the Data Controller to proceed with the processing, pursuant to art. 21 of the GDPR;
- the right to withdraw consent at any time, where given, without prejudice to the lawfulness of the processing of the User’s personal data based on consent and carried out before the revocation;
- if carried out, the User also has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly indicates his person, also having the right to obtain human intervention from the Data Controller, to express their opinion and to contest the decision;
- if you are not satisfied with the processing of your personal data carried out by CheckSig, you can lodge a complaint with the Guarantor for the Protection of Personal Data, following the procedures and indications published on the official website of this authority (https://www.garanteprivacy.it/web/garante-privacy-en/home_en);
The aforementioned rights are not subject to any formal constraint and are free of charge. CheckSig may only ask the User to verify their identity before taking further actions following the User’s request.
10. Contacts for the exercise of the User’s rights and for further information
To exercise the rights and/or to obtain any type of information regarding the management of the contractual relationship established and/or the additional purposes for which the personal data are processed, the User can send a written communication to: CheckSig S.r.l., Piazza del Liberty 8, 20121 Milan or an e-mail to: firstname.lastname@example.org, or a certified email to: email@example.com.
12. Social sharing buttons
13. Security measures
In order to avoid loss of data, illegitimate or not correct uses and entered not authorize, specific safety measures are observed, as best described in the dedicated section of the Site.
14. Use of the Site by minors
The Website is intended to be used and viewed by adults. Therefore, requests from minors will not be considered.
15. Applicable law