Effective starting: October 1st, 2023
This is the Privacy Notice (hereafter the “Notice”) of CENSE AG (hereafter referred to as "CENSE" or "We"), a company registered in Switzerland under registration number CHE-334.198.597 with the commercial register of the Canton of Zug.
We offer specialized services to financial institutions, focusing on ensuring compliance with Anti-Money Laundering and Counter-Terrorist Financing legislation, with a specific emphasis on virtual assets. For more information about how CENSE processes Personal Data in connection with its services, please refer to our Privacy Notice.
When you engage with CENSE’s website and associated websites (collectively referred to as the "Website") We collect and process specific information related to your interactions with the "Website". This encompasses the data you choose to provide voluntarily. In instances where you share information about third parties with CENSE, you affirm that you possess the necessary authorization to do so and that the provided data is accurate. It is your responsibility to ensure that these individuals are duly informed about the Notice.
CENSE approach to privacy adheres to the EU General Data Protection Regulation (the “GDPR”), the Swiss Data Protection Act (the “DPA”), and the revised Swiss Data Protection (the “revDPA”). However, the precise application of these laws is contingent upon the unique circumstances of each case.
The Notice outlines the actions We undertake with your data as you engage with the Website, interact with CENSE within the context of an established contract, and communicate with CENSE.
Furthermore, the Notice outlines CENSE’s commitment to protect your information and personal data and provides the framework through which effective management of data protection matters can be achieved while providing our Services.
In cases where additional processing activities not covered by this Notice are applicable, We will provide timely notices to keep you informed. Moreover, We may communicate information concerning the processing of your data separately, as seen in consent forms, terms and conditions, supplementary privacy notices, forms, and other pertinent notifications.
CENSE acts as a Data Controller and determines the purposes and means of personal data processing when:
Cookie files are collected during the use of the Website;
the Websites are visited and interacted with;
We host seminars or any other events;
Job Applications are managed and considered; and
any steps taken by a Client’s representative prior to establishing and during the course of, a business relationship with CENSE.
The Service Level Agreement concluded with each Client, its annexes and appendices.
The legal entity to which CENSE provides services under a Service Level Agreement.
Services encompassing the assessment of Money Laundering and Terrorist Financing risks, specifically tailored for clients dealing with virtual assets.
Data Controller, or Controller
CENSE where it, alone or jointly with others, determines the purposes and means of the processing of personal data by written instruction for processing activities given to Processor
Data Processor, or Processor
any legal entity that processes personal data on behalf of CENSE or CENSE’s Processor;
any individual whose personal data CENSE may process.
any information relating to an identified or identifiable Data Subject;
any individual interacting with website or using CENSE’s Websites
any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Personal data breach
a breach of data security leading to unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they, by a statement or by clear affirmative action, signify agreement to the processing of their personal data;
any individual or legal entity in respect of whom the Services is performed as part of the Services provided to a Client (may be referred to as ‘you’ in this Policy);
Cense.com or any other public-facing websites owned and managed by CENSE.
4. Our Principles
We adhere to the principles of personal data protection as envisaged in the GDPR. In accordance with these principles, personal data is:
Processed fairly, lawfully, and transparently in relation to the Data Subject;
Processed for specified, explicit and legitimate purposes only and not further processed in a manner that is incompatible with those purposes;
Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
Kept accurate and up to date;
Not retained longer than necessary;
Processed in a manner that ensures their appropriate security; and
Not transferred outside the European Economic Area (EEA) or the EU without adequate protection.
5. How does CENSE collect and use Personal Data?
5.1. When you download a white paper, register for a webinar, request a demo, or request a conversation
We collect your name, company email address, phone number, company name, industry, and job title directly from you when you complete a form on our website.
In some cases, We may provide you with a free text field so that you can submit comments to us. We ask that you do not provide additional Personal Data in these fields.
We use your name and contact information to send the white paper, register you for the webinar, or reach out to you to discuss CENSE products and Services or demos. We use information about your role and company to better understand our customers and potential customers and their interests in our services. CENSE’s legal basis for processing your Personal Data for these purposes is our legitimate interest which includes promotion of our business, industry, and Services in response to requests from our existing or potential customers.
If you have indicated that you wish to receive marketing communications when you submit a form online, We will also use your Personal Data to provide you with additional information about products, services, events, and resources. CENSE legal basis for such outreach is your consent and you may unsubscribe at any time via the link in the footer of our emails.
5.2. When you apply for a job
Should you submit a job application through CENSE's online application forms, We will require the following details from you:
Your name, email address, and phone number. This allows CENSE to reach out to you concerning the role, seek further details, or extend an interview invitation;
A copy of your CV/resume, along with a cover letter. If applicable, you can also provide a link to your website or LinkedIn profile. This enables CENSE to evaluate your qualifications and suitability for the position;
Information about your location and whether you're open to relocating for the role. Additionally, We need to know if you require visa sponsorship related to the position. This helps CENSE assess your eligibility for the role and determine the onboarding timeline;
Your salary expectations. This information aids CENSE in determining whether We can meet your salary preferences adequately; and
Any specific accommodations you might require during the interview process. This ensures that We can provide a welcoming environment that caters to your needs.
In certain instances, We may obtain Personal Data from third parties, such as recruitment firms.
CENSE processes this information based on legitimate interests, which encompass identifying suitable candidates for job openings and ensuring fair opportunities for job applicants. Additionally, where applicable, We process this information to fulfill legal obligations, such as maintaining a safe workplace and preventing unlawful discrimination.
Typically, throughout the recruitment process, We strive to avoid collecting or processing Personal Data categorized as "sensitive" under data protection laws, often referred to as "special categories" of Personal Data. However, there are circumstances in which We may require or request such sensitive Personal Data on a voluntary basis. This is done for valid recruitment-related reasons, such as health or disability information to provide appropriate accommodations during the interview process. We process such information where authorized by law or when necessary to comply with applicable regulations.
5.3. When you submit questions and feedback
If you contact us with questions or feedback, We will use your contact information (name and business email address) to respond to you. We may record and store logs and transcripts of the communication to keep track of what we discussed and for quality and training purposes.
CENSE's legal basis for using your contact information and storing our communication with you is our legitimate interests, which include maintaining and improving customer relationships, ensuring a high level of customer support, and promoting our business and services.
5.4. For website analytics and advertising
When you visit the Website, We automatically collect certain information such as IP address, geographic region, type of web browser, and information on what pages you visit. This information is used to help us analyze visitor traffic, perform statistical analysis, improve the site to provide a better experience for you, to improve CENSE’s products and services, and inform business strategy. We collect this information using various types of technology including cookies and similar technologies.
5.5. How does CENSE share my Personal Data?
CENSE uses some tools, apps, and third-party services to assist in business management. A list includes tools among others associated with customers, and communication with the CENSE, Data Storing. If these tools are provided by third-party vendors, to ensure the security of Personal Data We perform Due Diligence and use contractual measures to safeguard your data. Categories of third-party vendors with whom We share Personal Data include the third-party services included in the following table:
Data Analytics Providers
Analyze market trends and deliver insights that inform our business strategy;
Receiving professional services
Social network platforms
Cloud service providers
Project management and customer
Automation of customer support processes
Business intelligence providers
Blockchain Analytics Providers
Detection and prevention of fraudulent transactions/activities
Additionally, in the course of business, We may need to provide Personal Data to:
any competent law enforcement body, regulatory, government agency, court or other third party (e.g., our professional advisers) where We believe disclosure is necessary:
as a matter of applicable law or regulation;
to exercise, establish or defend our legal rights; and/or
to protect your vital interests or those of any other person;
a buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of CENSE’s business, provided that We inform the buyer it must use your Personal
any other person with your consent to the disclosure (obtained
separately from any contract between CENSE).
6. How does CENSE protect my Personal Data?
CENSE uses appropriate technical and organisational measures to protect the Personal Data that We collect and process about you. The measures are designed to provide a level of security appropriate to the risk of processing your personal information. For example:
We only work with trusted technologies and vendors who are bound by contractual obligations to protect your Personal Data and who are assessed for information security risk prior to onboarding;
We limit the number of people who can access your information to people who need to know as part of their job;
We provide training to our employees on data privacy and information security; and
We have in place reasonable security defenses, including malware protections, vulnerability management and recovery resilience measures.
7. Does CENSE transfer my Personal Data internationally?
CENSE’s headquarters are located in Switzerland. CENSE third-party vendors operate in a number of countries around the world. This means that We may process Personal Data and transfer Personal Data to countries outside of the country in which you are based. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Where We transfer your Personal Data to countries and territories outside of the European Economic Area and Switzerland, which have been formally recognized as providing an adequate level of protection for personal information, We rely on the relevant “adequacy decisions” from the European Commission or Swiss authorities.
8. For how long is my Personal Data retained by CENSE?
We retain the Personal Data We collect from you where We have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested, as part of an ongoing recruitment process, or to comply with applicable legal, tax or accounting requirements).
In certain circumstances, We may need to keep your information for legal reasons after our contractual relationship has ended. The specific retention periods depend on the nature of the information and why it is collected and processed and the nature of the legal requirement.
For example, We will retain your information:
Where We are made subject to a legal obligation to do so (e.g., where
We are subject to a court order or legal hold);
Where We require access to your information in order to effectively
deal with and resolve requests or complaints (e.g., where there is an
ongoing complaint with respect to a service We have provided);
To evidence compliance (e.g., We may be required to retain information about a data subject access request after the request is dealt with in case there is a subsequent complaint and the
information is needed to demonstrate how the request was handled);
In connection with litigation or regulatory matters (e.g., We would retain your information if there was an ongoing legal claim and the information was relevant to the claim; this information would be
retained until the legal claim had been concluded); or
Following the conclusion of your recruitment process:
in case of a successful application, in which case your Personal Data may be retained as part of your employment file; or
in case of an unsuccessful application, in which case your Personal Data may be retained so that We can make you aware of other opportunities which may be of interest to you (where you have indicated that you would like to hear from us in this way).
When We have no ongoing legitimate business need or legal reason to process your Personal Data, We will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then We will securely store your Personal Data and isolate it from any further processing until deletion is possible.
9. Your email marketing and cookie choices
You can opt out of marketing communications from CENSE at any time by clicking “unsubscribe” at the bottom of the e-mail or sending us a note at firstname.lastname@example.org. We will stop sending you marketing and promotional emails, but We will still respond to questions or requests and communicate with you about your account.
9.1. Tracking and cookies
CENSE’s website incorporates a few commonly used tools for user experience and advertising purposes. These tools are often referred to as “cookies”, but may also include similar technologies (herein, We refer to cookies to describe technologies that collect or store information about you based on your browsing patterns and information you provide). Cookies can be very useful because without them, you would have to enter certain bits of your Personal Data each time you visit your favourite site.
10. Your rights
Depending on where you are located and subject to applicable privacy laws, your rights regarding your Personal Data (which you may exercise by sending us an email at email@example.com) may include the following:
10.1. The right to access the information We hold about you
We will provide you with a copy of your Personal Data that We hold in an understandable format.
You also have the right to ask us about:
the categories of Personal Data we’re processing;
the purposes of Personal Data processing;
the categories of third parties to whom the Personal Data may be disclosed
how long the Personal Data will be stored (or the criteria used to determine that period); and
your other rights regarding our use of your Personal Data.
10.2. The right to request We correct any inaccurate Personal Data about you
We will correct your Personal Data and where your Personal Data is processed by a third party on our behalf to manage our business, we will notify them of your request.
10.3. The right to request we transfer your Personal Data to another entity
We will transfer your Personal Data to another organization, provided that We process the Personal Data with your consent or We have a contract with you, and where our processing is automated. We will tell you if We are unable to meet your request.
10.4. The right to be “forgotten” by us
Depending on the circumstances, you may have a right to request that We delete your Personal Data from our systems and We will make commercially reasonable efforts to have your information deleted from our partners’ systems.
Where your right to deletion has arisen, there may still be some circumstances in which We are unable to comply (including where our retention of the information in question is subject to any mandatory retention specified under financial or other legislation or is needed to complete the transaction for which it was collected). If We cannot comply with a deletion request, We will provide the reason why.
10.5. The right to object to processing and require the restriction of processing
In certain circumstances, you may have the right to object to CENSE’s processing of your Personal Data or request that CENSE restrict that processing. These rights may be limited where CENSE is permitted or required by applicable law to continue processing the data, in which case We will inform you of the basis for our continued processing.
Please note that all requests under the rights listed above may require verification procedures in order to validate your identity as required by applicable law. Any such additional information requested will be used only to validate your identity. We will endeavor to respond to your request within 30 days. Where an exemption applies (for example, where complying with a request would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights), We will tell you if We can’t meet your request for that reason. We will also inform you if We require additional time to fulfil your request, for example where the request is complex, and additional time is permitted under applicable law.
10.6. The right to withdraw consent
If We have collected and processed Personal Data with your consent, you may withdraw that consent at any time using the contact information provided below. Withdrawing your consent will not affect the lawfulness of any processing conducted prior to the date you withdraw consent, nor will it affect any processing based on lawful grounds other than consent.
10.7. The right to lodge a complaint regarding our use of your personal information
You have the right at any time to make a complaint about our use of your Personal Data and We will do our very best to resolve any concerns you may have. You may also lodge a complaint with your local data protection authority or regulator.
12. How to contact us
If you have any questions or concerns about our use of your personal information, please contact us through an email at firstname.lastname@example.org or you may write to CENSE at the following address: