Version effective from 26. July 2023
Protecting your personal data is very important to us. Personal data is any information about a natural person from which such person can be identified (“Personal Data”).
Neither our App nor our Website are intended for children and we do not knowingly col-lect data relating to children as we only accept the purchase and use of our Services by legal adults.
The data controller responsible for your Personal Data is AI Brainvisuals AG, St. Luzi-Strasse 18, 9492 Eschen, Principality of Liechtenstein.
- App: firstname.lastname@example.org when logged into app.metrade.io;
- Email address:email@example.com;
- Postal address: AI Brainvisuals AG, St. Luzi-Strasse 18, 9492 Eschen, Principality of Liechtenstein.
It is important that the Personal Data we hold about you is accurate and up to date. Please inform us about any relevant changes during your relationship with us using the contact details as set out above.
Our App, Website or Website App may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements and their data privacy and protection measures at large. When you leave our Services, we encourage you to read the data pri-vacy statement of every third-party website you visit.
2. What Data do we collect about you?
Personal Data, or personal information means any information about an individual from which the person can be identified. It does not include data from which the identity of the natural person cannot be derived (anonymous data). We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
- Identity Data: These may include your first and last name, date of birth, Na-tional Registration number, copies of identification documents, username, pass-word and any other information we need to verify your identity or prove your eli-gibility to use our Services.
- Contact Data: These may include your billing address, delivery address, e-mail address and telephone number.
- Financial Data: Financial Data is data collected and processed in order to pro-vide you with financial products and services. This may include your identification number and bank account numbers, credit or debit card numbers, information on your savings and investments, loans and credits or your investor profile (which may contain information on your knowledge and experience of financial instru-ments, investment targets, your capacity to bear losses and risk tolerance).
- Transaction Data: Transaction Data includes details about payments to and from your account linked to our Services and card numbers, date, time, amount, currencies/crypto currencies used, exchange rate, beneficiary details, details on the location of the merchant or CDM/ATM, IP address of sender and receiver, sender’s and receiver’s name, registration information, device information used to facilitate the payment and other details of services you have selected and the mandate you have given us.
- Technical Data: Technical Data is data about your device or other equipment including information on the internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, the type of mobile device you use, device’s IMEI number, the MAC address of the device’s wireless network interface, mobile phone number used by the device, in-formation stored on your device including, if you allow us to, login information.
- Marketing and Communications Data: Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Location Data: Location Data is data determining your location using GPS tech-nology or IP address.
- Information from social media networks or online accounts: Such in-formation is information from any such account that you share with us.
- Aggregated Data: We also collect, use, and share Aggregated Data such as sta-tistical or demographic data. Aggregated Data may be derived from your Personal Data but is not considered Personal Data according to the data protection laws and regulations applicable to us as this data does not directly or indirectly re-veal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the com-bined data as Personal Data which will be used in accordance with this Priva-cy Policy.
3. Failure to Provide Personal Data
Where we need to collect Personal Data by law, or under the General Terms and Condi-tions we entered with you and you fail to provide that data when requested, we may not be able to perform the obligations we have. In this case, we may have to terminate your account but we will notify you if this is the case at the relevant time.
4. How do we Collect Personal Data?
By way of direct interactions: You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us through the Website, the App, by email, regular mail, phone, or otherwise.
This includes Personal Data you provide when you:
- create an Account on our Website/App;
- report a problem with our Website/App;
- subscribe to our communications or publications;
- request marketing to be sent to you;
- take part in a promotion or survey; or
- give us any other feedback or piece of information.
Automated technologies or interactions: Each time you interact with our App, Web App, Website or use our Services we may automatically collect Transaction Data, Tech-nical Data, Usage Data and Location Data.
Third parties or publicly available sources: We may receive Personal Data about you from third-party and public sources as set out below:
- Banks/wallet providers you use to have your funds/cryptocurrencies invested with us;
- Business partners such as those who offer complementary services (such crypto-currency platforms or exchanges etc.),
- Credit reference agencies, fraud prevention agencies or data brokers, including bodies charged with tasks in the public interest;
- Advertising networks, analytics providers and search information providers based inside and outside the EU, Switzerland and the Principality of Liechtenstein);
- Providers of technical, payment and delivery services.
5. Legal Grounds and Purposes for which we Process your Personal Data
We will only process your Personal Data in accordance with the applicable laws. The laws applicable to us are notably the following:
- The General Data Protection Regulation (2016/679, “GDPR“) and its ancillary regulations;
- The Swiss Federal Data Protection Act (“DPA”) in its current and, as from 1 September 2023, in its revised form as well as the ordinances to the DPA in their current and, as from 1 September 2023, in their revised form;
- The Principality of Liechtenstein Data Protection Act (“FL-DSG”) and the ordi-nances and ancillary regulations thereto.
We will process your Personal Data for the following legitimate purposes and based on the following legal grounds:
Contract: We need your Personal Data to conclude a contract with you and to carry out our obligations relating to your contract with us or to take steps at your request prior to entering into a contract. If you have not concluded a contract with us, we do not process your Personal Data based on a contract. We may, however, use your Personal Data for other purposes, such as fraud detection. We always check first whether using your Per-sonal Data for those other purposes is permitted.
Legal obligations: We process your Personal Data to adhere to statutory requirements. As an automated executions on trading signals through user connected exchange ac-counts with Metrade, we are subject to various legal obligations which require us to pro-cess your Personal Data. These to ascertain that the institutions where you hold your wallet did their KYC checks and have suitable systems in place to combat and prevent fraud, money laundering and terrorist financing (AML-CTF). Further and more general-ly, we have to adhere to the rules of conduct in economic and, to a certain extent, finan-cial and financial markets law.
While not generally the case, we may, in some instances, become subject to the obliga-tion to disclose your personal data to judicial authorities, intelligence agencies and regu-latory and supervisory authorities such as the Swiss Financial Market Supervisory Au-thority (FINMA), the Liechtenstein Financial Markets Authority (FMA), the European Central Bank (the ECB) and to other such authorities within the member states of the European Union. We might also to comply with a number of obligations in application of the Foreign Account Tax Compliance Act (FATCA).
Legitimate interest: We have the right to process your Personal Data if it is necessary for the purposes of the legitimate interest pursued by the controller (us) or by a third par-ty, except where such interests are overridden by your interests or fundamental rights and freedoms. Legitimate interests based on our Processing activities are for example the following:
- Research: We study possible trends, problems, root causes of errors and risks to prevent complaints and losses. This way, we can intervene and issue a warning in time, if need be. We also study trends and our clients’ preferences for the purpose of analyzation and continuous development of the products and services we offer;
- New and improved products and services: We use our clients’ Personal Da-ta for the purpose of deploying and developing our products and services in order to keep up with our clients’ evolving wishes and expectations;
- Marketing relating to our products and services: We process your Personal Data for the purpose of direct marketing communications through analyzing your needs, preferences, habits and situation, and to market and/or communicate our products and services to you;
- Risk management and protection of our legal rights; We use your Person-al Data for the purpose of improving our risk management and to defend our le-gal rights, including:
1. providing evidence of transactions you are involved in or your funds/cryptocurrencies are used for or communications between you and us;
2. fraud prevention, for instance by detecting theft of your identity or creden-tials (e.g., phishing, theft of your ID document), unauthorized access to your data or device (hacking attempts);
3. IT management, including infrastructure management, business continui-ty and IT security;
4. establishing statistical models, (e.g., in order do to assess your credit risk score);
5. performing internal control and audit;
6. enforcement of claims and defense within legal disputes.
Public interest: We have the right to process your Personal Data if and insofar as it is necessary for reasons of substantial public interest (such as ensuring effective AML-CTF processes either – to the extent applicable – by ourselves or, if legally or contractually obliged to, for third parties, such as, but not limited to, the provider of your wallet and/or account).
Consent: We may process your Personal Data if you have given us prior consent to do so for one or more specific purposes. You have the right to adapt or withdraw your con-sent at any time and free of charge in the section https://metrade.io/privacy-policy/ on the Website or by contacting us at firstname.lastname@example.org.
Adaptation or withdrawal of your consent will not affect past processing activities (the previous processing of your data remains lawful) but will affect and possibly annul those processing activities which were previously based on your consent in the event no other legal ground is available to us to rely on for the specific processing activity.
Further Processing: We may use your Personal Data for other purposes than the pur-pose for which your Personal Data was initially collected. In that case, the new purpose must be in line with the purposes for which your personal data was initially collected. In those cases, we will always check first if such further use of your Personal Data is permit-ted, considering your rights and interests.
6. How we use your Personal Data for Profiling and Automated Decision-Making
As a provider of automated investments, we make use of profiling. This entails that in certain situations we automatically assemble a profile using a set of your Personal Data. We do this for purposes of fraud detection when (potentially fraudulent) payment trans-actions are initiated, unusual transaction detection (based on risk profiles), client and product acceptance (based on profiles relating to creditworthiness) and direct marketing. We make use of systems to make automated decisions. This helps us to make sure our decisions are quick and based on what we know. Automated decisions may affect the range of products, services or features offered to you now or in the future, or the price that we charge you for them. They are based on Personal Data that we have or that we are allowed to collect from others. Here are the types of automated decisions we make:
- Investment Decisions: User provides connection and access to its pre-ferred exchange account (for instance Binance) and allow Metrade to per-form signals and orders via the exchange platform. Note we don’t give any investment suggestions / recommendations;
- Detecting fraud: We use your Personal Data to help decide if your ac-count(s) with us may be used for fraud or money-laundering. We may de-tect that an account is being used in ways that fraudsters work. We may also notice that an account is being used in a way that is unusual for you or your business. If we think there is a risk of fraud, we may stop activity on the account(s) or refuse access to them;
- Opening accounts: When you open an account with us, we check if the product or service is relevant for you, based on what we know. We also check that you or your business meet the conditions needed to open the account. This may include checking age, residency, nationality or finan-cial/cryptocurrency position and availability;
- Objection: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or otherwise similarly significantly affects you. You can ob-ject to such automated decision-making, including profiling, by adjusting the settings in our App or Web App or by writing to email@example.com. However, since AI Brainvisuals’ business model relies heavily on automat-ed decisions and profiling, our products and services may then not be pro-vided to you. If the latter is the case, we will notify you accordingly and in time. You do not have this right if the decision is authorized by applicable laws we are subject to.
7. Use of your Personal Data for Direct Marketing Purposes
Generally: If you have previously purchased a product or service from us, we are legally allowed to keep you informed about similar products and services we offer that are suit-ed to your needs. This also applies if you are a visitor to our Website.
To do this properly, we use various sources, such as the Personal Data that we received from you in the context of the contract and information we collect about you through your use of the App or Web App. The use of social media data depends on the privacy settings you use on social media sites.
Other sources of information, including public sources, may also be of relevance. We will always check first whether a public or another source of information can be used reliably.
Where applicable, we will check whether you, as a client, have consented to the use of Personal Data that comes from another party. You have the unconditional right to object to our use of your Personal Data for direct marketing where this direct marketing is based on our legitimate interest and includes profiling. Such objection can be made at any time and free of charge. You can object to direct marketing by unsubscribing to direct marketing campaigns.
Direct Marketing on App or Web App: When you visit our App or Web App we may, upon your specific consent, show you direct marketing material of our products or ser-vices or product or services of third-party partners which are deemed to be relevant to you personally. In such cases your Personal Data will not be transferred to such third-party partners. You have the unconditional right to adapt or withdraw your consent to our use of your Personal Data for direct marketing of third-party partners’ products and/or services, and this at any time and free of charge. Withdrawal or adaptation of your con-sent is possible by unsubscribing to direct marketing campaigns.
Please note that in such cases of withdrawal you will continue to see marketing material from third parties, which will however not be direct marketing and not based on your personal data, when using the App or Web App.
Direct Marketing via Email or Telephone: We may, upon your specific consent, transmit advertisements of our products or services or products or services of third par-ties to you by email or telephone. In such cases your Personal Data will not be trans-ferred to such third-party partners. You have the unconditional right to adapt or with-draw your consent to our use of your personal data for direct marketing of third-party partners’ products and/or services, and this at any time and free of charge. Withdrawal or adaptation of your consent is possible by unsubscribing to direct marketing campaigns. In cases of withdrawal, we stop sending you advertisements by e-mail or telephone.
8. Who do we share your Personal Data with?
To fulfil the abovementioned purposes, we only disclose your personal data to:
- Payment processors and networks (e.g., Swift, Visa, Master Card);
- Wallet providers;
- Cryptocurrency platforms you use for our services;
- Credit reference agencies;
- Know Your Customer (KYC), analytical and cyber security providers;
- Other service providers which process Personal Data on our behalf, we do not al-low our third-party service providers to use your Personal Data for their own pur-poses and only permit them to process your Personal Data for specified purposes and in accordance with our instructions which have been laid down in a contrac-tual agreement;
- Commercial partners (e.g., investment advisory service providers);
- Organizations set up for the detection and prevention of terrorism;
- Financial or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law only;
- Certain regulated professionals such as debt collection agencies, lawyers, nota-ries, or auditors;
- any other third party, but only subject to your prior consent after having sufficient-ly informed you.
9. International Transfers of your Personal Data
In case of international transfers originating from the EEA to a non-EEA country which the European Commission has recognized as providing an adequate level of data protec-tion (such as, in this context, Switzerland), your personal data will be transferred on this basis. The same applies to the extent your Personal Data is being transferred from Swit-zerland to a third country the Swiss Data Protection and Information Commissioner has recognized as providing an adequate level of data protection.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EEA and the US. For transfers to non-EEA countries of which the level of protection has not been recognized by the European Commission or the Swiss Data Protection and Information Commissioner respectively as adequate, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you such as when making an international payment) or im-plement one of the following safeguards to ensure the protection of your personal data:
- Standard contractual clauses approved by the European Commission or the Swiss Data Protection and Information Commissioner, as the case may be; and/or
- Binding Corporate Rules (to the extent required by either EU or Swiss law, as ap-proved by the respective competent authority).
10. Data Security
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contrac-tors and other third parties who have a business on a strict need to know basis. They will only process your Personal Data based on our contractually given instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. How Long for do we keep your Personal Data?
We will retain your Personal Data for the duration required for the purposes of pro-cessing as set out above, in order to comply with applicable laws and regulations or as is necessary with regard to our operational requirements. These include account mainte-nance, facilitating client relationship management, and responding to legal claims or regulatory requests.
The period for which we will retain Personal Data about you will vary depending on the type of Personal Data and the purposes that we use it for. For instance:
- Data kept as a proof of transactions – for 10 years as from processing of the trans-action concerned;
- data kept for KYC purposes or regulatory purposes – for 10 years as from closure or suspension of your account with us;
- customer complaints – for 5 years as from the complaint concerned;
- data used for marketing purposes – for 3 years from the collection of the data concerned;
- tax data – at least for the statutory period as required by the laws applicable to us;
- As far as applicable, FATCA and CRS documents – for 7 years as from the 1st of January following the year of account closing, the statement, or the operation;
- Other data – generally for 10 years since the date of collection or, if such data is used in accord with the purpose it has been collected for on a frequent basis, 10 years since the last use.
12. What are your Rights and how can you exercise them?
In accordance with the laws and regulations applicable to AI Brainvisuals, you have the following rights:
- Access: you can obtain information relating to the processing of your Personal Data, and a copy of all your Personal Data that is processed by us;
- Rectification: when you consider that your Personal Data are incorrect, inaccu-rate, or incomplete, you can require that such Personal Data be modified or com-pleted accordingly;
- Deletion: you can require the deletion of your Personal Data. We are not always able to do this, however, and we do not always have to agree to do this, for exam-ple if we are required by law to keep your Personal Data for a longer period of time;
- Restriction of Processing: you can request a restriction of processing of your Personal Data if:
- 1. you think that your Personal Data is incorrect;
- 2. you think that we are not supposed to be processing your Personal Data; or
- 3. we want to destroy your Personal Data but you still need it (e.g., after the retention period has ended).
- Objection: you can object to the processing of your Personal Data on grounds re-lating to your particular situation. You have the absolute right to object to the pro-cessing of your Personal Data for direct marketing purposes, which includes pro-filing related to such direct marketing;
- Data Portability: where legally applicable, you have the right to have the Per-sonal Data you have provided to be returned to you or, where technically feasible, transferred to a third party.
- Withdrawal of Consent: where you have given your consent for the processing of your Personal Data, you have the right to withdraw your consent at any time.
- Profiling and Automated Decision-Making: you can ask that we do not make our decision solely based on automated processes, including profiling. You can object to such an automated decision and ask that a person reviews it unless such decision is authorized by applicable law to which we are subject.
You can exercise the rights listed above using the details as set out in Section 1 above.
Please note that in case you contact us by email or post you are required to provide at least your first and last name, signature, and a copy of your ID document. Otherwise, we won’t be able to identify you and, consequently, take actions on your request. If you make a request on behalf of someone else, you must provide evidence of your authority to make such a request. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your re-quest is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to com-ply with your request in these circumstances. We try to respond to all legitimate requests within one month. To do so, please contact us through the Website or by emailing us at firstname.lastname@example.org.
Please note that in case you contact us by email or post you are required to provide at least your first and last name, signature, and a copy of your ID document. Otherwise, we won’t be able to identify you and, consequently, reply to your complaint. If you have any concerns about our use of your personal data or if you feel like we have not addressed your questions or concerns adequately, you have the right to lodge a complaint at any time with either the Swiss Data Protection and Information Commissioner who regulates and supervises the processing of personal data in Switzerland, www.edoeb.admin.ch, or, as the case may be, the Datenschutzstelle Fürstentum Liechtenstein, www.datenschutzstelle.li (which is a authority according to article 77 GDPR). However, we would appreciate the chance to deal with your concerns before you approach the rele-vant authority. Accordingly, please contact our DPO Tito Espinoza email@example.com in the first instance.
You will not have to pay a fee to access your Personal Data (or to exercise any of the oth-er rights). However, we may charge a reasonable fee if your request is clearly unfound-ed, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.