Privacy Policy

1. Introduction

Thank you for considering Ping Exchange, a digital hybrid asset trading platform. By visiting, accessing, or using and our associated application program interface or mobile applications (“Platform”), you (“User”) consent to the practices described in this Privacy Policy. This policy explains how we handle your personal data as we provide you with access and utility through our digital asset trading platform via software, API, technologies, products, and functionalities (“Services”).

To comply with laws in the jurisdictions that we operate and to improve our services, we collect, process, and maintain personal information about you. We collect this information through the CorePass application and store it in a sealed, secure vault. We do not disclose any personal information about our customers to any non-affiliated third parties unless described below. We may update this Privacy Policy at any time by posting the revised version on our platform and by sending you a notification via email.

This Privacy Policy is based on the Swiss Federal Act on Data Protection (Data Protection Act, “FADP”) of 25 September 2020 (Status as of 1 September 2023) as amended:

CorePass is authorized to treat and process personal data pursuant to those laws and regulations and by the Swiss Federal Data Protection and Information Commissioner:

Furthermore, this Privacy Policy is also based on the General Data Protection Regulation (“GDPR”) as amended:

2. Definitions

Personal Data and Data Subject

"Personal Data" refers to any information relating to an identified or identifiable natural person (“Data Subject”). This includes name, an identification number, location data, an online identifier, or factors specific to the physical, economic, cultural, or social identity of a natural person.

Sensitive Personal Data

Personal Data worthy of special protection: (i) data concerning religious, philosophical, political, or labor unions, (ii) data concerning health, the intimate sphere, race, or ethnicity, (iii) genetic data, (iv) biometric data that uniquely identify a natural person, (v) data concerning administrative and criminal prosecutions and sanctions, (vi) data concerning social assistance measures.

Data Processor

An individual, organization, or system that processes personal data on behalf of a Data Controller, based on the Controller's instructions.

Digital Asset

A “Digital Asset” is a cryptocurrency or digital good, such as Core, Bitcoin, or Ether, based on the cryptographic protocol of a computer network.

3. Collection of Data

The lawful legal basis for the processing of your personal data is contemplated in the applicable privacy regulations, such as the Swiss Federal Data Protection Law (“FADP”) and the European General Data Protection Regulation (“GDPR”).

At least one of these must apply whenever personal data is to be processed:

  1. Consent: you have given us, CorePass, or our Data Processors your free, specific, informed, or unambiguous consent for your personal data to be processed for a specific purpose.
  2. Contract performance: the processing is necessary for the performance of a contract you have with us or since you want to use our Services.
  3. Compliance with legal obligation: the processing is necessary for the Company to comply with the law in the jurisdictions where it operates (not including contractual obligations).
  4. Public interest: the processing is necessary to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.
  5. Legitimate interests: the processing is necessary for the Company's legitimate interests, or the legitimate interests of a third party, including Users, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

When you use our Services, we collect information about you and that device. We may ask you for this information directly. Alternatively, we may collect it automatically when you use our Services. We may also obtain information from third parties to correct our records or to prevent fraud.

We collect, process, and store Personal Data obtained from you via your use of the Service or the CorePass application. This Personal Data includes:

  1. Full name;
  2. Email address;
  3. Date of birth;
  4. Photo;
  5. ID, date of issue, and validity of the government document. (The accepted government-issued documents are a driver's license, passport, national ID card, or residency permit.);
  6. Financial information (such as bank account number and credit card number) and documents (such as bank statements or company commercial register excerpts), employment information, proof of identity, proof of residence, proof of funds and source of funds, confirmation about your political status, and information about your criminal or sanctions record, where they are relevant for AML/CFT checks pursuant to anti-money laundering and anti-terrorism regulations and we are obliged to collect them. In such a case, your reply is understood as your explicit consent to provide us with the information since you want to continue using our Services.

Additional data that we gather are specifically for operational purposes, which encompass the following:

  1. Core ID;
  2. IP address;
  3. Fingerprints and Boolean values of the CorePass data.

If you contact us, we may keep a record of that correspondence.

There are several ways in which we collect your personal data:

  • that you provide to us or to our Data Processors;
  • that you have made public; and
  • that we automatically collect because of sharing with other parties such as AML/CFT databases if we need to do so.

4. Restrictions

Our platform is designed for adults aged 18 years and older. Persons under the age of 18 should interact with the CorePass application directly and not our platform.

5. Utilization of Your Personal Data

We use your Personal Data to communicate with you, administer, deliver, improve, and personalize our Services. We generate generic data out of the Personal Data collected and use it for our purposes. We also use such data to communicate with you about other products or services offered by Ping Exchange and its partners. We do not share your Personal Data with third parties except where you have given consent or as described in this Policy, such as if requested by an Authority or by Court Order or to comply with AML/CFT regulations.

6. Storage and Safeguarding of Personal Data

We are committed to protecting the personal information we have collected from you. We take appropriate steps to safeguard your personal information against unauthorized access, improper use or disclosure, unauthorized modification, unlawful destruction, and accidental loss.

We use various security technologies and procedures to help protect your personal information from unauthorized access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our storage, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the internet.

The Personal Data we collect from you is transferred to, and stored in a sealed secure vault. The vault remains inaccessible until unsealed. To compare the data provided later, certain fingerprints and boolean values are generated and stored in our database. Data required for operational purposes, being fundamental to the functioning of the platform, cannot be stored in the vault.

7. Managing, Modifying, and Removing Personal Data

The CorePass app automatically checks the accuracy of your Personal Data. If there is any discrepancy between the information stored in the CorePass app and/or your official documents, we request you notify us. You may request to update your information or ask for deletion, although we may refuse deletion in certain circumstances, such as for legal purposes. For data access, correction, or deletion requests, please, contact our Support Center with the subject “DATA INQUIRY”.

8. Legal Notifications

Often the law requires us to advise you of certain changes to products, services, or laws. We may need to inform you of changes to the terms or the features of our products or services. We need to process your personal information to send you these legal notifications. You will continue to receive this information from us even if you choose not to receive direct marketing information from us.

9. Disclosure of Personal Information

The Company will not disclose any of its clients’ or Users' confidential information to a third party, except:

  1. to the extent that it is required to do so pursuant to any applicable laws, rules, or regulations;
  2. if there is a duty to disclose;
  3. if our legitimate business interests require disclosure;
  4. when in line with our Terms of Service;
  5. at your request or with your consent or to those described in this Privacy Notice.

The Platform will endeavor to make such disclosures on a “need-to-know” basis unless otherwise instructed by a regulatory authority. Under such circumstances, the Platform will notify the third party regarding the confidential nature of any such information.

As part of using your personal information for the purposes set out above, the Platform may disclose your personal information to the following:

any members of the Company, which means that any of our affiliates and subsidiaries may receive such information;

any of our service providers and business partners, for business purposes, such as specialist advisors who have been contracted to provide us with administrative, financial, legal, tax, compliance, insurance, IT, debt-recovery, analytics, research, or other services.

If the Company discloses your personal information to service providers and business partners, in order to perform the services requested by clients/Users, such providers and partners may store your personal information within their own systems in order to comply with their legal and other obligations.

We require that service providers and business partners who process personal information acknowledge the confidentiality of this information, undertake to respect any client’s right to privacy, and comply with all relevant privacy and data protection laws and this Privacy Notice.

10. Location of Your Personal Data Storage

Our operations are supported by a network of computers, servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third-party service providers and business partners store and process your personal data in the clouds and servers located in Switzerland, Slovakia, Italy, Finland, Germany, France, Belgium, Spain, Netherlands, United Kingdom, and Poland.

11. Privacy Considerations in Digital Asset and Blockchain Usage

Your funding of Core, Bitcoin, Ether, and other Digital Assets, may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when blockchain data is combined with other data.

Because blockchains are decentralized or third-party networks that are not controlled or operated by Platform or its affiliates, we are not able to erase, modify, or alter personal data from such networks.

12. Data Retention

Safeguarding the privacy of your personal information is of utmost importance to us, whether you interact with us personally, by phone, by email, over the internet, or any other electronic medium. We will hold personal information, for as long as we have a business relationship with you, in secure computer storage facilities, and we take the necessary measures to protect the personal information we hold from misuse, loss, unauthorized access, modification, or disclosure.

When we consider that personal information is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you or we will securely destroy the records.

However, we may need to maintain records for ten years after you cease being our client/User, unless we are requested by an Authority or Court Order to save them for a longer period of time.

13. Privacy Queries

As a Data Subject, you have several rights, for instance, the right to be informed, the right to access, the right to rectification, the right to erase, or the right to be forgotten.

If you have any questions about this Privacy Policy or the use of your Personal Data, please, contact us by sending an email to our Support Center with the subject “PRIVACY REQUEST”.

We will answer you within a maximum of one month, although we reserve the right to extend this period for more complex requests. We also reserve the right to charge a reasonable administration fee for any manifestly unfounded or excessive requests for access to personal data and for any additional copies of personal data requested.

Pursuant to the FADP, you may also contact the Swiss Federal Data Protection and Information Commissioner, Feldeggweg 1 CH - 3003 Berne.

14. Privacy Policy Updates

We may change our Privacy Policy in the future. We will post any changes on this page and, when appropriate, notify you on the Platform.

Your use of our Services constitutes your acceptance of the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please, do not use our Services.

Last Updated: February 7, 2024