privacy policy

1. Preamble

This Privacy Policy governs the relationship between you (“you”, “your”) and Metathunder Sagl, in incorporation, domiciled in Switzerland (“we”, “us”, “our”), each a “Party”, together “the Parties”.

With this Privacy Policy, we would like to inform you about the types of personal data we collect when you use our website and/or any of its subsides (“Website”) and/or our services and products provided thereon (“Services”).

“Personal Data” means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The Website is an interface allowing you to purchase digital collectibles (“NFT”). NFT are running on the Ethereum Network, using specially developed smart contracts (hereinafter each a “Smart Contract”). The Website and Smart Contract are collectively referred to as “Application”. When you visit our Website, use our Services and/or Application or otherwise interact with us, you are trusting us with your Personal Data. We herewith would like to inform you how this Personal Data is used, to whom it is transferred and what rights you have in connection with the processing of your Personal Data.

As an internationally oriented company with headquarters in Switzerland, the Federal Act on Data Protection (“FADP”) and the Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (“GDPR”) are of equal importance to us. For this reason, we have aligned this Privacy Policy to the stricter standard of the GDPR.

2. General Information on Processing of Personal Data
2.1 Name and Address of Data Controller

“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its nomination may be provided for by Union or Member State law.

When we process your Personal Data as described herein, we independently determine the purposes and means of processing your Personal Data and do not act on behalf of any third party. This means that we are fully responsible for implementing appropriate technical and organizational measures to ensure and to demonstrate that our processing activities are compliant with the requirements under the applicable data protection regulation.

Hence, the Data Controller within the meaning of GDPR and other national data protection laws and regulations that determine the purposes and means of processing personal data is:

Metathunder Sagl

Our data protection coordinator can be contacted at admin@pjpp.io

2.2 Scope and Purpose of Processing Personal Data

We only process Personal Data if this is necessary to provide a functional Website and/or Application as well as its contents, products and Services. The processing of your Personal Data is normally only carried out with your prior consent, except those cases where prior consent cannot be obtained for factual reasons and the processing of Personal Data is permitted by law. An exception is made in cases where it is not possible to obtain your consent, or the processing of Personal Data is permitted by legal regulations even without consent. This includes in particular the provision in art. 6 (1) (f) GDPR, which permits the processing of Personal Data if this is necessary to protect our legitimate interests. The details of the scope and purpose of processing your Personal Data are outlined in this Privacy Policy.

In case you decide to access and/or use the Website and/or Application to purchase an NFT according to our Terms & Conditions of Sale and Use, we process your Personal Data based on this contractual relationship to (i) perform our pre-contractual and contractual rights and obligations towards you, (ii) provide you with the Website and the Application and (iii) enabling you to use the Services and features on our Website and/or the Application (as further described in the Terms & Conditions of Sale and Use.

2.3 Legal Basis of Processing Personal Data

If you give us your consent to the processing of Personal Data, art. 6 (1) (a) GDPR serves as the legal basis for the processing.

If the processing of Personal Data is necessary for the performance of a contract to which you are party, such as the Terms & Conditions of Sale and Use, art. 6 (1) (b) GDPR serves as the legal basis for the processing. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing of Personal Data is necessary for compliance with legal obligation to which we are subject, art. 6 (1) (c) GDPR serves as the legal basis for the processing.

If the processing of Personal Data is necessary to protect the vital interests of the data subject or another natural person, art. 6 (1) (d) GDPR serves as the legal basis for the processing.

If the processing of Personal Data is necessary for the purposes of the legitimate interests pursued by us or a third party and where such interests are not overridden by the interests, fundamental rights and freedoms of the data subject which require protection of Personal Data, art. 6 (1) (f) GDPR serves as the legal basis for the processing.

2.4 Data Storage, Data Retention and Deletion

Your Personal Data will be erased or blocked as soon as it is no longer necessary in relation of the purpose of storage. Furthermore, Personal Data may be stored if this has been required by regulations, laws or other provisions to which we are subject. The Personal Data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

If your Personal Data is saved on the publicly accessible Ethereum blockchain, we cannot be responsible for your Personal Data and information, since we do not control the Ethereum network and cannot order deletion of your Personal Data and information. In so far, your right to be forgotten, as far as applicable and as defined further below in Section XII, is restricted.

3. Provision of Website and Creation of Log Files

Every time you visit our Website, our system automatically collects following data and information from the computer system of the calling computer:

  • Information relating to the browser type and version used
  • Your operating system
  • Your Internet Service Provider
  • Your IP address
  • Date and time of access
  • Websites from which your system reaches our Website
  • Websites accessed by your system via our Website

The data is also stored in the log files of our system but is not stored together with other Personal Data of you.

The collection and processing of this data is carried out with the purpose of enabling the use of our Website, to guarantee system security and stability in the long term and to enable the optimization of our Website and Internet offer.

The temporary storage of your IP address is necessary to enable the Website to be delivered to your system. An evaluation of the data for marketing purposes does not take place in this context. The legal basis for the temporary storage of Personal Data and log files is art. 6 (1) (f) GDPR.

The Personal Data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the Website, the data will be deleted when the respective session has ended.

If the Personal Data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible. In this case, the IP addresses of the Users are deleted or alienated so that the calling client can no longer be assigned.

The collection of Personal Data for the provision of our Website and the storage of Personal Data in log files is absolutely necessary for the operation of the Website. Consequently, there is no possibility of objection.

4. Cookies

We use Google Analytics to gather information about your use of our website and analyse data to help us maintain and improve our website. Click here to opt out of Google Analytics cookies. The information generated by Cookies about your use of this Website is usually transferred to a Google server in the USA and stored there. Google reserves the right to use these Cookies or the corresponding data for its own purposes, namely, to follow and investigate the use of this application, to generate reports on its activities and to pass these on to other Google services. Google may use the information collected to contextualise and personalise the ads in its own advertising network.

5. Social Media Plugins

So-called social media plugins (“Social Media Plugins“), in particular the button/link of Instagram (a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA), the Twitter button/link of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA and Discord button/link of Discord Inc., 444 De Haro Street, #200, San Francisco, CA 94107, USA may be integrated on certain web pages of our Website (“Social Media Platforms“).

Social Media Plugins from other Social Media Platforms may be used on our Website (e.g., when you use the community section on our Website).

When you call up a page of our Website that contains such a Social Media Plugin, your browser establishes a direct connection to the servers of the respective Social Media Platform. The content of the Social Media Plugin is transmitted directly to your browser and integrated into the page. Through this integration, the Social Media Platform operator receives the information that your browser has called up the corresponding page of our Website, even if you do not have a profile on the respective Social Media Platform or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a server of the platform operator, which may be located in the USA, and stored there.

If you are logged in to the respective Social Media Platform, your visit to our Website can be directly assigned to your profile on the Social Media Platform. If you interact with the Social Media Plugins, for example by clicking the Instagram button, this information is also transmitted directly to a server of the platform operator and stored there. If you wish to prevent this, please log out of your Social Media Accounts before visiting our Website.

We have no influence on the data that Instagram, Twitter or Discord and any other Social Media Platform operators collect on the basis of their Social Media Plugins. The purpose and scope of the data collection and the further processing and use of the data by Instagram, Twitter or Discord as well as your rights and settings options in this regard to protect your privacy, can be found in the data protection notices of the respective providers:

  • Additional information on the Instagram Social Media Plugin can be found here.
  • Additional information on the data protection policies of Twitter can be found here.
  • Additional information on the data protection policies of Discord can be found here.

In order to increase the protection of your data when visiting our Website, the Social Media Plugins are not integrated into the page without restriction, but only using an HTML link (so-called "Shariff solution" from c't). This integration ensures that when you call up a page of our Website that contains such Social Media Plugins, no connection is established with the servers of the provider of the respective social network. If you click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider on which you can (if necessary after entering your login data) e.g. click on the Like or Share button. The purpose and scope of the data collection and the further processing and use of the data by the providers on their pages as well as your rights in this regard and setting options for protecting your privacy can be found in the data protection notices of the respective providers.

In addition, you can completely prevent the loading of the Social Media Plugins with add-ons for your browser, such as the script blocker "NoScript", which can be downloaded here.

6. Google Analytics

Our Website uses functions of the Google Analytics web analysis services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”).

The processing of your Personal Data enables us to analyse your surfing behaviour. We are in a position to compile information about the use of the individual components of our Website by evaluating the data obtained. This helps us to continuously improve our Website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the Personal Data within the meaning of art. 6 (1) (f) GDPR.

We use Google Analytics to gather information about your use of our website and analyse data to help us maintain and improve our website. Click here to opt out of Google Analytics cookies. The information generated by Cookies about your use of this Website is usually transferred to a Google server in the USA and stored there.

Google reserves the right to use these Cookies or the corresponding data for its own purposes, namely, to follow and investigate the use of this application, to generate reports on its activities and to pass these on to other Google services. Google may use the information collected to contextualise and personalise the ads in its own advertising network.

The use of Google Analytics is based solely on your consent. You can withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The Personal Data collected by Google is

  • The IP address of the your calling system;
  • The accessed Website;
  • The website from which you have accessed the accessed Website (referrer);
  • The sub-pages accessed from the accessed Website;
  • The time spent on the Website;
  • The frequency with which the Website is accessed.

The Personal Data collected by Google is usually transferred to a Google server in the USA and stored there. We have activated the "anonymizeIP" function on this Website. This means that your IP address is shortened by Google within member states of the European Union or the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the transmitted IP address will not be associated with any other Personal Data.

You can prevent the use of Google Analytics for this and other Websites by downloading and installing the browser plugin available at the following link:https://tools.google.com/dlpage/gaoptout?hl=en. For more information on how Google Analytics handles Personal Data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en

7. Purchase of an NFT

If you decide to access the Application and purchase an NFT through our Application, we collect and process the following Personal Data of you:

  • Your Public Key (“PuK”)
  • The IP address used by your system

In case you decide to access and/or use the Website and/or Application to purchase an NFT according to our Terms & Conditions of Sale and Use, we process your Personal Data based on this contractual relationship and to perform our pre-contractual and obligations towards you. The legal basis for the processing is art. 6 (1) (b) GDPR. In particular, the collection and processing of your PuK is necessary in order to perform our contractual obligations under the Terms & Conditions of Sale and Use (such as to transfer ownership of your NFT purchased by you to your Ethereum wallet address) and is based on art. 6 (1) (b) GDPR.

As your PuK is saved on the publicly accessible Ethereum blockchain, we cannot be responsible for retention and deletion of your PuK, since we do not control the Ethereum network. In so far, your right to be forgotten, as far as applicable and as defined further below in Section XII, is in this regard restricted.

The collection and processing of your IP address used by your system is necessary to verify if you adhere to our Terms & Conditions of Sale and Use. Pursuant to Section 3 of the Terms and Conditions of Sale and Use, you are not allowed to buy an NFT if the country you are resident of, citizen of, or located in does not allow the access to the Application and/or the purchase of an NFT.

Generally, we delete your IP address one year after the NFT sale was concluded. However, in case we are permitted or required under applicable laws, for legal, tax or regulatory reasons, we may retain your IP address for a longer period of time. In such case, the legal basis for the processing is art. 6 (1) (c) GDPR.

8. E-Mail Contact

There is an option on our Website to put your email address on a contact list. This contact form on our Website can be used for electronic contact. If you take advantage of this possibility, the following data entered in the contact form will be transmitted to us and will be stored:

  • Your email address

At the time your email address is sent, the following data is stored in addition:

  • Your IP address
  • Date and time (of sending)

Your consent is obtained for the processing of the Personal Data. Alternatively, you can contact us via the e-mail address provided. In this case, your Personal Data transmitted by e-mail will be stored. Your Personal Data is used exclusively for processing the conversation. If you contact us by e-mail, you can object to the storage of your Personal Data at any time. In this case, the conversation cannot be continued.

The legal basis for the processing of data is art. 6 (1) (a) GDPR if you have given us your consent.

The legal basis for the processing of Personal Data transmitted in the course of sending an e-mail is art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is art. 6 (1) (b) GDPR.

The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.

9. Newsletter

You can subscribe to a free newsletter on our Website. Our newsletter primarily contains information about us, our Services, features, information about services related to the Application or envisaged plans and marketing information.

When you register for the newsletter, we collect and process the following Personal Data from the input mask transmitted to us:

  • Email address

In addition, the following data is collected upon registration:

  • IP address of the calling computer
  • Date and time of your registration

During the registration process, your consent pursuant to art. 6 (1) (a) GDPR is obtained for the processing of your Personal Data and reference is made to this Privacy Policy. The data will be used exclusively for sending the newsletter.

The consent is based on the so-called double opt-in procedure. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with a foreign e-mail address. The collection of your e-mail address serves to send the newsletter. The collection of other Personal Data as part of the registration process serves to prevent misuse of the services or the e-mail address.

The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. Your email address will therefore be stored for as long as the subscription to the newsletter is active. The other Personal Data collected during the registration process will generally be deleted after a period of seven days.

The subscription to the newsletter can be cancelled by you at any time. For this purpose, there is a corresponding link in every newsletter. This also makes it possible to withdraw the consent to the storage of Personal Data collected during the registration process.

10. International Data Transfer

We are a Swiss based company but our affiliates, partners and other third-party providers may be situated in different jurisdictions. Therefore, and within the scope of the purposes and uses described above, we may be required to transfer your Personal Data to third countries outside of Switzerland and outside of the European Union or the European Economic Area and to countries that may not provide an equivalent level of data protection. We transfer Personal Data in line with art. 6 FADP and art. 44 et seq. GDPR. In case that Personal Data will be transferred to a country that does not provide equivalent level of data protection, the Personal Data will be transferred either on:

  • An adequacy decision by the Commission (art. 45 GDPR);
  • Standard Contractual Clauses, see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en; to ensure your Personal Data is protected and appropriate safeguards are taken. Copies may be requested from us;
  • In the absence of the safeguards above, we refer to the special conditions stated in art. 49 GDPR and transfer your Personal Data in particular when (i) you explicitly have consented to the proposed transfer after having been informed of the possible risks of such transfer, (ii) the transfer is necessary for the performance of the contract between you and us or the implementation of pre-contractual measures at your request, (iii) the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person or (iv) the transfer is necessary for the establishment, exercise or defence of legal claims and further special conditions as stated in art. 49 GDPR.
11. Data Security

We have appropriate technological and organizational measures and operational, electronic and physical security processes designed and implemented to protect your Personal Data by taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing.

Please be aware that we cannot ensure the security of your Personal Data or information you transmit to us over the Internet.

12. Your Rights

If Personal Data concerning you are processed, you are a Data Subject within the meaning of the GDPR and you have the following rights:

12.1. Right of Access

You can ask us, as the Data Controller to confirm whether Personal Data concerning you is being processed by us.

Is that the case, you can request the following information from us:

  1. The purposes of the processing;
  2. The categories of Personal Data concerned;
  3. The recipients or categories of recipient to whom the Personal Data has been or will be disclosed;
  4. The envisaged period for which the Personal Data will be stored, or, if specific information on this is not possible, the criteria used to determine that period;
  5. The existence of the right to request from the Data Controller rectification or erasure of Personal Data, or restriction of processing of Personal Data concerning you or to object to such processing;
  6. The right to lodge a complaint with a supervisory authority;
  7. Where the Personal Data is not collected from you, any available information as to their source;
  8. The existence of automated decision-making, including profiling, in accordance with art. 22 (1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

You have the right to request information as to whether the Personal Data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to art. 46 GDPR relating to the transfer.

Your right of access may be restricted to the extent that it is likely to render the performance of research or statistical purposes impossible or seriously compromises it and the restriction is necessary for the performance of research or statistical purposes.

12.2. Right to Rectification

You have the right to obtain from the Data Controller the rectification and/or completion of incorrect or incomplete Personal Data concerning you. The Data Controller shall make the correction/completion without delay.

Your right to rectification may be restricted to the extent that it is likely to render the performance of research or statistical purposes impossible or seriously compromises it and the restriction is necessary for the performance of research or statistical purposes.

12.3. Right to Restriction of Processing

Under the following conditions, you have the right to request the restriction of processing of Personal Data concerning you:

  1. The accuracy of the Personal Data is contested by you, for a period enabling the Data Controller to verify the accuracy of the Personal Data;
  2. The processing is unlawful and you refuse the erasure of the Personal Data and request the restriction of their use instead;
  3. The Data Controller no longer needs the Personal Data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; or
  4. You have objected to processing pursuant to art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the Data Controller override those of you.

Where processing of Personal Data concerning you has been restricted, such Personal Data may only be processed – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the Data Controller before the restriction is lifted.

Your right to restriction of processing may be restricted to the extent that it is likely to render the performance of research or statistical purposes impossible or seriously compromises it and the restriction is necessary for the performance of research or statistical purposes.

12.4. Right to Erasure
Obligation to Erase

You have the right to obtain from the Data Controller the erasure of Personal Data concerning you and the Data Controller is obliged to erase Personal Data without undue delay where one of the following grounds applies:

  1. The Personal Data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
  2. You withdraw consent on which the processing is based pursuant to art. 6 (1) (a) or art. 9 (2) (a) GDPR, and where there is no other legal basis for the processing;
  3. You file an objection to the processing pursuant to art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you file an objection to the processing pursuant to art. 21 (2) GDPR;
  4. The Personal Data concerning you has been unlawfully processed;
  5. The deletion of Personal Data concerning you is necessary to fulfil a legal obligation in Union or Member State law to which the Data Controller is subject;
  6. The Personal Data concerning you was collected in relation to the offer of information society services referred to in art. 8 (1) GDPR.
Information to Third Parties

Where the Data Controller has made the Personal Data public and is obliged pursuant to art. 17 (1) GDPR to erase the Personal Data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform Data Controllers which are processing the Personal Data that you as the Data Subject have requested the erasure by such Data Controllers of any links to, or copy or replication of, the Personal Data.

Exceptions

The right to erasure shall not apply to the extent that processing is necessary:

  1. For exercising the right of freedom of expression and information;
  2. For compliance with a legal obligation which requires processing by European Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  3. For reasons of public interest in the area of public health in accordance with art. 9 (2) (h) and (i) and art. 9 (3) GDPR;
  4. For archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with art. 89 (1) GDPR, insofar as the right referred to in a) is likely to render it impossible or seriously impair the achievement of the objectives of that processing; or
  5. For the establishment, exercise or defence of legal claims.
Right to Information

If you have exercised your right of rectification, erasure or restriction of processing against the Data Controller, the Data Controller is obliged to notify all recipients to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to obtain from the Data Controller the information about those recipients.

Right to Data Portability

You have the right to receive the Personal Data concerning you which you have provided to the Data Controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit the data to another Data Controller without hindrance from the Data Controller to which the Personal Data have been provided, where:

  1. The processing is based on consent pursuant to art. 6 (1) (a) GDPR or art. 9 (2) (a) GDPR or on a contract pursuant to art. 6 (1) (b) GDPR; and
  2. The processing is carried out by automated means.

In exercising this right, you also have the right to have the Personal Data transmitted directly from one Data Controller to another, where technically feasible. The freedoms and rights of others shall not be affected by this.

The right to data portability shall not apply to processing necessary for the performance of a task carried out of a public interest or in the exercise of official authority vested in the Data Controller.

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of Personal Data concerning you which is based on art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.

The Data Controller no longer processes the Personal Data concerning you, unless he demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where Personal Data is processed for direct marketing purposes, you have the right to object at any time to processing of the Personal Data concerning you for such marketing, which includes profiling to the extent that it is related with such direct marketing.

Where you object to processing for direct marketing purposes, the Personal Data concerning you will no longer be processed for such purposes.

You have the possibility to exercise your right of object in the context with the use of information society services, and notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

Where Personal Data is processed for scientific or historical research purposes or statistical purposes pursuant to art. 89 (1) GDPR, you have the right to object to processing of Personal Data concerning you, on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Your right to object may be restricted to the extent that it is likely to render the performance of research or statistical purposes impossible or seriously compromises it and the restriction is necessary for the performance of research or statistical purposes.

Right to withdraw the consent to process Personal Data

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Automated Individual Decision-Making, including Profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  1. Is necessary for the conclusion or performance of a contract between you and the Data Controller,
  2. is authorised by European Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

However, these decisions may not be based on special categories of Personal Data pursuant to art. 9 para. 1 GDPR, unless art. 9 para. 2 let. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in points a) and c), the Data Controller implements suitable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the Data Controller, to express your point of view and to contest the decision.

Right to lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of Personal Data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to art. 78 GDPR.

In Switzerland, the Federal Data Protection and Information Commissioner is the competent data protection authority. The contact details are available here: .edoeb.admin.ch.

If you are residing in the European Union, you also have the right to complain to your local data protection supervisory authority. You can find the contact details of the respective authorities of the Member States of the European Union here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html.

13. Third-Party Websites and Links

Our Website may include links to other websites or content, services or products of third parties whose privacy policies and practices may differ from our Privacy Policy. Please be aware that our Privacy Policy applies only to our Website, its content, features, Services and to the Application.

If you access other third-party websites using the links provided, the operators of these third-party websites may collect information from you that will be used by them in accordance with their privacy policies. We do not control those third-party websites or any of the content, products or services contained therein or provided by them. If you submit Personal Data or information to any of those third-party sites, use their content, services or products, your Personal Data or information is governed by their privacy policies and practices.

We are in no way liable or responsible for any of those third-party websites, including, without limitation, their content, services, policies, failures, promotions, products, or actions and/or any damages, losses, failures, misuse, leakage, or problems caused by, related to, arising from or are in connection with those third-party websites. Nonetheless, we encourage you to review and read all policies, privacy policies, agreements, rules, terms, disclaimers, and regulations of each third-party website that you visit and/or content, services, products you use.

14. Amendments of Privacy Policy

We reserve the right to change, amend or adapt this Privacy Policy at any time. Any changed, amended or updated Privacy Policy will be posted on our Website for your information. With the date we post the changed, amended or updated Privacy Policy on the Website, any change or variation becomes effective and applies.

15. Inquiries and Questions

If you have any questions, inquiries or doubts about the processing of your Personal Data and/or this Privacy Policy, please do not hesitate to contact us: admin@pjpp.io