top of page

Privacy Policy

Effective starting: October 1st, 2023

1. Introduction

This is the Privacy Notice (hereafter the “Notice”) of CENSE AG (hereafter referred to as "CENSE" or "We"), a company registered in Switzerland under registration number CHE-334.198.597 with the commercial register of the Canton of Zug.

We offer specialized services to financial institutions, focusing on ensuring compliance with Anti-Money Laundering and Counter-Terrorist Financing legislation, with a specific emphasis on virtual assets. For more information about how CENSE processes Personal Data in connection with its services, please refer to our Privacy Notice.

When you engage with CENSE’s website and associated websites (collectively referred to as the "Website") We collect and process specific information related to your interactions with the "Website". This encompasses the data you choose to provide voluntarily. In instances where you share information about third parties with CENSE, you affirm that you possess the necessary authorization to do so and that the provided data is accurate. It is your responsibility to ensure that these individuals are duly informed about the Notice.

CENSE approach to privacy adheres to the EU General Data Protection Regulation (the “GDPR”), the Swiss Data Protection Act (the “DPA”), and the revised Swiss Data Protection (the “revDPA”). However, the precise application of these laws is contingent upon the unique circumstances of each case.

2. Scope

The Notice outlines the actions We undertake with your data as you engage with the Website, interact with CENSE within the context of an established contract, and communicate with CENSE.

Furthermore, the Notice outlines CENSE’s commitment to protect your information and personal data and provides the framework through which effective management of data protection matters can be achieved while providing our Services.

In cases where additional processing activities not covered by this Notice are applicable, We will provide timely notices to keep you informed. Moreover, We may communicate information concerning the processing of your data separately, as seen in consent forms, terms and conditions, supplementary privacy notices, forms, and other pertinent notifications.

CENSE acts as a Data Controller and determines the purposes and means of personal data processing when:

  1. Cookie files are collected during the use of the Website;

  2. the Websites are visited and interacted with;

  3. We host seminars or any other events;

  4. Job Applications are managed and considered; and

  5. any steps taken by a Client’s representative prior to establishing and during the course of, a business relationship with CENSE.

3. Definitions

Agreement

The Service Level Agreement concluded with each Client, its annexes and appendices.

Client

The legal entity to which CENSE provides services under a Service Level Agreement.

Services

Services encompassing the assessment of Money Laundering and Terrorist Financing risks, specifically tailored for clients dealing with virtual assets.

Data Controller, or Controller

CENSE where it, alone or jointly with others, determines the purposes and means of the processing of personal data by written instruction for processing activities given to Processor

Data Processor, or Processor

any legal entity that processes personal data on behalf of CENSE or CENSE’s Processor;

Data Subject

any individual whose personal data CENSE may process.

Personal Data

any information relating to an identified or identifiable Data Subject;

Visitor

any individual interacting with website or using CENSE’s Websites

Processing

any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Personal data breach

a breach of data security leading to unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Consent

any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they, by a statement or by clear affirmative action, signify agreement to the processing of their personal data;

User

any individual or legal entity in respect of whom the Services is performed as part of the Services provided to a Client (may be referred to as ‘you’ in this Policy);

Website

Cense.com or any other public-facing websites owned and managed by CENSE.

4. Our Principles

We adhere to the principles of personal data protection as envisaged in the GDPR. In accordance with these principles, personal data is:

  1. Processed fairly, lawfully, and transparently in relation to the Data Subject;

  2. Processed for specified, explicit and legitimate purposes only and not further processed in a manner that is incompatible with those purposes;

  3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;

  4. Kept accurate and up to date;

  5. Not retained longer than necessary;

  6. Processed in a manner that ensures their appropriate security; and

  7. Not transferred outside the European Economic Area (EEA) or the EU without adequate protection.

5. How does CENSE collect and use Personal Data?

5.1. When you download a white paper, register for a webinar, request a demo, or request a conversation

We collect your name, company email address, phone number, company name, industry, and job title directly from you when you complete a form on our website.

In some cases, We may provide you with a free text field so that you can submit comments to us. We ask that you do not provide additional Personal Data in these fields.

We use your name and contact information to send the white paper, register you for the webinar, or reach out to you to discuss CENSE products and Services or demos. We use information about your role and company to better understand our customers and potential customers and their interests in our services. CENSE’s legal basis for processing your Personal Data for these purposes is our legitimate interest which includes promotion of our business, industry, and Services in response to requests from our existing or potential customers.

If you have indicated that you wish to receive marketing communications when you submit a form online, We will also use your Personal Data to provide you with additional information about products, services, events, and resources. CENSE legal basis for such outreach is your consent and you may unsubscribe at any time via the link in the footer of our emails.

5.2. When you apply for a job

Should you submit a job application through CENSE's online application forms, We will require the following details from you:

  1. Your name, email address, and phone number. This allows CENSE to reach out to you concerning the role, seek further details, or extend an interview invitation;

  2. A copy of your CV/resume, along with a cover letter. If applicable, you can also provide a link to your website or LinkedIn profile. This enables CENSE to evaluate your qualifications and suitability for the position;

  3. Information about your location and whether you're open to relocating for the role. Additionally, We need to know if you require visa sponsorship related to the position. This helps CENSE assess your eligibility for the role and determine the onboarding timeline;

  4. Your salary expectations. This information aids CENSE in determining whether We can meet your salary preferences adequately; and

  5. Any specific accommodations you might require during the interview process. This ensures that We can provide a welcoming environment that caters to your needs.

 

In certain instances, We may obtain Personal Data from third parties, such as recruitment firms.

CENSE processes this information based on legitimate interests, which encompass identifying suitable candidates for job openings and ensuring fair opportunities for job applicants. Additionally, where applicable, We process this information to fulfill legal obligations, such as maintaining a safe workplace and preventing unlawful discrimination.

Typically, throughout the recruitment process, We strive to avoid collecting or processing Personal Data categorized as "sensitive" under data protection laws, often referred to as "special categories" of Personal Data. However, there are circumstances in which We may require or request such sensitive Personal Data on a voluntary basis. This is done for valid recruitment-related reasons, such as health or disability information to provide appropriate accommodations during the interview process. We process such information where authorized by law or when necessary to comply with applicable regulations.

5.3. When you submit questions and feedback

If you contact us with questions or feedback, We will use your contact information (name and business email address) to respond to you. We may record and store logs and transcripts of the communication to keep track of what we discussed and for quality and training purposes.

CENSE's legal basis for using your contact information and storing our communication with you is our legitimate interests, which include maintaining and improving customer relationships, ensuring a high level of customer support, and promoting our business and services.

5.4. For website analytics and advertising

When you visit the Website, We automatically collect certain information such as IP address, geographic region, type of web browser, and information on what pages you visit. This information is used to help us analyze visitor traffic, perform statistical analysis, improve the site to provide a better experience for you, to improve CENSE’s products and services, and inform business strategy. We collect this information using various types of technology including cookies and similar technologies.

5.5. How does CENSE share my Personal Data?

CENSE uses some tools, apps, and third-party services to assist in business management. A list includes tools among others associated with customers, and communication with the CENSE, Data Storing. If these tools are provided by third-party vendors, to ensure the security of Personal Data We perform Due Diligence and use contractual measures to safeguard your data. Categories of third-party vendors with whom We share Personal Data include the third-party services included in the following table:

Category
Purpose

Data Analytics Providers

Analyze market trends and deliver insights that inform our business strategy;

Professional Consultants

Receiving professional services

Social network platforms

  • Managing our relationships with clients

  • Promoting the Services

Communication providers

  • Email and voice communication

  • Sending transactional emails and SMS

Cloud service providers

  • Hosting of personal data

  • Storage/Backup

Project   management   and   customer
support providers

Automation of customer support processes

Business intelligence providers

Product analytics

Blockchain Analytics Providers

Detection and prevention of fraudulent transactions/activities

Additionally, in the course of business, We may need to provide Personal Data to:

  1. members of the CENSE’s group of companies, only for the purposes outlined in this Privacy Policy;

  2. any competent law enforcement body, regulatory, government agency, court or other third party (e.g., our professional advisers) where We believe disclosure is necessary:

    • as a matter of applicable law or regulation;

    • to exercise, establish or defend our legal rights; and/or

    • to protect your vital interests or those of any other person;

  3. a buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of CENSE’s business, provided that We inform the buyer it must use your Personal

    Data only for the purposes disclosed in this Privacy Policy; and/or

  4. any other person with your consent to the disclosure (obtained

    separately from any contract between CENSE).

6. How does CENSE protect my Personal Data?

CENSE uses appropriate technical and organisational measures to protect the Personal Data that We collect and process about you. The measures are designed to provide a level of security appropriate to the risk of processing your personal information. For example:

  1. We only work with trusted technologies and vendors who are bound by contractual obligations to protect your Personal Data and who are assessed for information security risk prior to onboarding;

  2. We limit the number of people who can access your information to people who need to know as part of their job;

  3. We provide training to our employees on data privacy and information security; and

  4. We have in place reasonable security defenses, including malware protections, vulnerability management and recovery resilience measures.

7. Does CENSE transfer my Personal Data internationally?

CENSE’s headquarters are located in Switzerland. CENSE third-party vendors operate in a number of countries around the world. This means that We may process Personal Data and transfer Personal Data to countries outside of the country in which you are based. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

Where We transfer your Personal Data to countries and territories outside of the European Economic Area and Switzerland, which have been formally recognized as providing an adequate level of protection for personal information, We rely on the relevant “adequacy decisions” from the European Commission or Swiss authorities.

Where the transfer is not subject to an adequacy decision, We have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Privacy Policy and applicable laws. The safeguards We use to transfer Personal Data are the European Commission’s Standard Contractual Clauses.

8. For how long is my Personal Data retained by CENSE?

We retain the Personal Data We collect from you where We have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested, as part of an ongoing recruitment process, or to comply with applicable legal, tax or accounting requirements).

In certain circumstances, We may need to keep your information for legal reasons after our contractual relationship has ended. The specific retention periods depend on the nature of the information and why it is collected and processed and the nature of the legal requirement.

For example, We will retain your information:

  1. Where We are made subject to a legal obligation to do so (e.g., where

    We are subject to a court order or legal hold);

  2. Where We require access to your information in order to effectively

    deal with and resolve requests or complaints (e.g., where there is an

    ongoing complaint with respect to a service We have provided);

  3. To evidence compliance (e.g., We may be required to retain information about a data subject access request after the request is dealt with in case there is a subsequent complaint and the

    information is needed to demonstrate how the request was handled);

  4. In connection with litigation or regulatory matters (e.g., We would retain your information if there was an ongoing legal claim and the information was relevant to the claim; this information would be

    retained until the legal claim had been concluded); or

  5. Following the conclusion of your recruitment process:

    • in case of a successful application, in which case your Personal Data may be retained as part of your employment file; or

    • in case of an unsuccessful application, in which case your Personal Data may be retained so that We can make you aware of other opportunities which may be of interest to you (where you have indicated that you would like to hear from us in this way).

When We have no ongoing legitimate business need or legal reason to process your Personal Data, We will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then We will securely store your Personal Data and isolate it from any further processing until deletion is possible.

9. Your email marketing and cookie choices

9.1. E-mail

You can opt out of marketing communications from CENSE at any time by clicking “unsubscribe” at the bottom of the e-mail or sending us a note at gdpr@cense.com. We will stop sending you marketing and promotional emails, but We will still respond to questions or requests and communicate with you about your account.

9.1. Tracking and cookies

CENSE’s website incorporates a few commonly used tools for user experience and advertising purposes. These tools are often referred to as “cookies”, but may also include similar technologies (herein, We refer to cookies to describe technologies that collect or store information about you based on your browsing patterns and information you provide). Cookies can be very useful because without them, you would have to enter certain bits of your Personal Data each time you visit your favourite site.

CENSE uses cookies that are necessary to make our website function, to improve performance, and to understand how you interact with our site. Some of CENSE’s vendors use third-party cookies or other digital markers to help us maintain and improve our websites and deliver interest-based advertising.

10. Your rights

Depending on where you are located and subject to applicable privacy laws, your rights regarding your Personal Data (which you may exercise by sending us an email at gdpr@cense.com) may include the following:

10.1. The right to access the information We hold about you

We will provide you with a copy of your Personal Data that We hold in an understandable format.

You also have the right to ask us about:

  • the categories of Personal Data we’re processing;

  • the purposes of Personal Data processing;

  • the categories of third parties to whom the Personal Data may be disclosed

  • how long the Personal Data will be stored (or the criteria used to determine that period); and

  • your other rights regarding our use of your Personal Data.

10.2. The right to request We correct any inaccurate Personal Data about you

We will correct your Personal Data and where your Personal Data is processed by a third party on our behalf to manage our business, we will notify them of your request.

10.3. The right to request we transfer your Personal Data to another entity

We will transfer your Personal Data to another organization, provided that We process the Personal Data with your consent or We have a contract with you, and where our processing is automated. We will tell you if We are unable to meet your request.

10.4. The right to be “forgotten” by us

Depending on the circumstances, you may have a right to request that We delete your Personal Data from our systems and We will make commercially reasonable efforts to have your information deleted from our partners’ systems.

Where your right to deletion has arisen, there may still be some circumstances in which We are unable to comply (including where our retention of the information in question is subject to any mandatory retention specified under financial or other legislation or is needed to complete the transaction for which it was collected). If We cannot comply with a deletion request, We will provide the reason why.

10.5. The right to object to processing and require the restriction of processing

In certain circumstances, you may have the right to object to CENSE’s processing of your Personal Data or request that CENSE restrict that processing. These rights may be limited where CENSE is permitted or required by applicable law to continue processing the data, in which case We will inform you of the basis for our continued processing.

 

Please note that all requests under the rights listed above may require verification procedures in order to validate your identity as required by applicable law. Any such additional information requested will be used only to validate your identity. We will endeavor to respond to your request within 30 days. Where an exemption applies (for example, where complying with a request would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights), We will tell you if We can’t meet your request for that reason. We will also inform you if We require additional time to fulfil your request, for example where the request is complex, and additional time is permitted under applicable law.

10.6. The right to withdraw consent

If We have collected and processed Personal Data with your consent, you may withdraw that consent at any time using the contact information provided below. Withdrawing your consent will not affect the lawfulness of any processing conducted prior to the date you withdraw consent, nor will it affect any processing based on lawful grounds other than consent.

10.7. The right to lodge a complaint regarding our use of your personal information

You have the right at any time to make a complaint about our use of your Personal Data and We will do our very best to resolve any concerns you may have. You may also lodge a complaint with your local data protection authority or regulator.

11. Updates to this Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, regulatory, technical or business developments.

You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

12. How to contact us

If you have any questions or concerns about our use of your personal information, please contact us through an email at gdpr@cense.com or you may write to CENSE at the following address:

Neuhofstrasse 22,

6340 Baar,

Switzerland

bottom of page