Data Privacy

Data Protection Declaration

CoreLedger AG, im alten Riet 102, 9494 Schaan, Principality of Liechtenstein (hereinafter referred to as “CoreLedger”) is responsible for processing the personal data provided by you on our website and app for smartphones and tablets (hereinafter referred to as websites and applications collectively as “application” or “applications”) or generated by us as a result of processing your registration for our application. CoreLedger is responsible within the meaning of the Basic Data Protection Regulation.

The protection of your data is very important to CoreLedger. This data protection declaration was created for the sake of transparency.

This data protection declaration is divided into sections (hereinafter referred to as “sections”), each of which deals with a specific topic so that you can immediately find the topic you are looking for and concentrate on it.

The CoreLedger applications may contain links to other websites and/or smartphone applications. CoreLedger AG is not responsible for the privacy practices or the content of such Web sites and/or smartphone applications.

A.Type of Data Processed

Data collected by the application is listed below. 

First Name, Last Name, Contact Details and Other Personal Data

When you create an account to log into the application, CoreLedger AG may ask you for the following information: first name, last name, gender, contact details, month and year of birth, shipping address, phone number, payment method, and age of the recipient in the event of purchasing goods and/or services;

Additional information may be collected in the management of all relationships through the use of the application.

Navigation Data and Cookies  

The computer systems and software used for the application collect data that is included due to the use of Internet communication protocols. This information is not collected by CoreLedger AG in order to be associated with data subjects; nevertheless, by its nature it could contribute to the identification of data subjects. This category of data includes the IP addresses or domain names of the computers used by users when they connect to the application, URI (Uniform Resource Identifier) addresses, addresses of the services requested, the time of the request, the method used to direct the request to the server, the size of the file received in response, the numerical code indicating the status of the response sent by the server (good result, error, etc.) and other parameters related to the user’s operating system and computer.

The purpose of this data is merely to collect anonymous statistical information regarding the use of the application, to verify its proper functioning and to identify anomalies and/or misuse. Except in cases where the data is used to determine responsibility for a possible computer crime against the application or third parties, the data will not be stored for more than seven days.

B.Processing of Personal Data of Children under 16 Years of Age

Children under the age of 16 or under the age set by national legislation at which they can give their consent to the processing themselves, or in any case no younger than 13 years of age, may not register for the applications in order to access the areas reserved for the registered user.

Users who do not indicate their age will be treated as minors under the age of 16 or in accordance with the laws of the country they indicated when registering and may therefore not access the areas reserved for the registered user of the Applications.

C.Purposes of the Processing of Personal Data

We will process your data for the following purposes:

• Fulfilling the contractual obligations that we have towards you and you towards us, such as carrying out procedures relating to the management of our relations with you (e.g. managing responses to enquiries received via the contact forms; releasing password-protected areas in the applications; assisting with the loss of the login/password data of your personal account for the applications).
• Compliance with legal requirements;
• Communication via e-mail about similar products or services if you use or have used a service in an application, or if you purchase or have purchased a product or service through the application (soft spam);

D.Legal Basis for the Processing of Personal data, the compulsory/voluntary Provision of Personal Data and the Consequences of Nonprovision.

The legal basis for the processing of personal data is the correct execution of the contractual relationship with you. Failure to provide the data necessary for this purpose, or the inaccuracy of the data provided, make it impossible for CoreLedger AG to provide the service and to process the contractual relationship.

The provision of the data and the related processing is also necessary for CoreLedger AG in order to fulfil its legal obligations. If you provide CoreLedger AG with your data, we must process them in accordance with the applicable laws, which may include storing and disclosing them to the relevant authorities to fulfil legal obligations (e.g. data protection law, personal and company law (PGR) or tax laws and tax treaties).

The provision of data and related processing for marketing purposes is based on your explicit consent, which is given via a special checkbox. You are not obliged to give this consent to CoreLedger AG and you are free to withdraw it at any time without consequences. You can revoke your consent for this purpose in accordance with the section “Rights of the data subjects”.

E.Disclosure of Data

The data will be disclosed to the employees of CoreLedger AG or their contractors who are responsible for the development and administration of the applications. These employees, who are bound to secrecy or have received a corresponding legal obligation, are entitled to process this data in order to pursue the aforementioned objectives.

Data may be passed on, used and transferred for accounting and administrative purposes within the companies belonging to CoreLedger AG or participating in CoreLedger AG.

Data will be communicated to third parties who are used as data processors and process data on behalf of CoreLedger AG (e.g. companies responsible for the administration and processing of customer orders, suppliers such as hosting providers with whom it is necessary to cooperate for the purpose of providing services, platform providers for sending e-mails or suppliers who carry out technical maintenance, suppliers who develop interactive games and competitions).

Data may also be disclosed to third parties with whom CoreLedger AG has an ongoing contractual relationship regarding services necessary for the performance (delivery services for the delivery of products, audit firms, persons or companies that support and advise us in this area).

Finally, data will be disclosed on request to the competent tax authorities or to other public bodies in accordance with the legislation in force.

F.Data Transmission

Since CoreLedger AG is represented internationally, some of your data may be passed on to recipients outside the European Economic Area, such as those mentioned in the previous section. CoreLedger AG ensures that the processing of your personal data is carried out by these recipients in accordance with the applicable legislation. For this reason, the data transfers are carried out within the framework of adequacy decisions

G.Storage Period of Personal Data

The data processed for the purpose of providing services and fulfilling contractual obligations will be stored by CoreLedger AG only for the period of time necessary for the performance of the requested service and for the correct fulfilment of the contractual relationship with you. As these data are processed in order to provide you with the service and to fulfil the contract, CoreLedger AG may store them for a longer period of time, in particular as long as may be necessary to protect CoreLedger AG’s interests against possible claims arising from the provision of the service.

In any case, CoreLedger AG will stipulate that the storage period in connection with orders and purchases made by you shall be 24 months. In addition, CoreLedger AG specifies that it will retain your authentication data for the services of the application for up to 48 months from the last login. After the end of this period, the data will be anonymized.

Your requests and the data they contain, collected through the Contacts/Customer Service section of the Applications, will be stored for one year after the request has been completed so that CoreLedger AG can process any additional requests received after the request has been completed. At the end of this period, data enabling the identification (including indirect identification) of a natural person (such as first name, surname, e-mail) will be stored anonymously and only in the form of aggregated data for statistical purposes.

The data processed for the purpose of complying with legal regulations will be stored by CoreLedger AG for the period stipulated by law.

The data processed for marketing and profiling purposes will be stored by CoreLedger AG until the date of revocation of consent. As soon as you have withdrawn your consent, CoreLedger AG will no longer use your data for these purposes, but may restrict data processing, in particular for as long as may be necessary to protect CoreLedger AG’s interests against possible claims arising from the provision of the service.

CoreLedger AG informs you that in order to comply with the storage limitation, the data processed for marketing and profiling purposes will be retained for the purpose of calculating compliance with authentication data for a maximum of 48 months after the last login.

H.Rights of Data Subjects

As a data subject, you have the right at all times:

• to request information about your data (and/or a copy of such data);
• to request the correction or updating of your data processed by CoreLedger AG if they are incomplete or out of date;
• request the deletion of your data from CoreLedger AG’s databases if their processing is unnecessary or unlawful;
• request CoreLedger AG to limit the processing of your data if the data is inaccurate, unnecessary or unlawfully processed, or if you have already refused to do so;
• exercise data transferability (i.e. the right to obtain a copy of the personal data you have provided to CoreLedger AG);
• refuse to process your personal data by using a legal basis relating to your particular situation which, in your opinion, prevents CoreLedger AG from processing your personal data;
• Withdraw your consent for marketing and profiling purposes and refuse processing for Soft Spam purposes. We remind you that your explicit consent to send promotional communications for marketing and profiling purposes extends not only to automated systems without operator intervention (e.g. e-mail), but also to traditional contact methods such as postal mail. It is possible to withdraw consent to such processing at any time, even in separate ways. For example, you may decide to receive such communications only by post and not through automated systems such as e-mail.

Please note that the data that you have provided to CoreLedger AG can be changed at any time via the “Change data” section of the application or by sending a written message to: [email protected]. You can exercise the above rights by using the above methods.

We inform you that you may at any time by writing to the above email address to opt out of receiving this promotional information for marketing purposes or, if you receive communications from IT-Tools, follow the procedure indicated in light green (via the “Opt Out” button).

Consent to profiling may be revoked at any time by changing the favorites of the user profile that can be created in the application or by sending a written notice to the above email address.

CoreLedger AG also informs you that you are entitled at any time to file a complaint with the competent supervisory authority (in particular the data protection authority in Liechtenstein) if you are of the opinion that the processing of your personal data does not comply with the currently applicable legislation.

Should you require further information, you can contact CoreLedger AG in writing at the following address: webprivacy@coreledger.net

I.Modification of the Privacy Policy

This version 1.0 of the privacy policy is valid from 19 August 2019. CoreLedger AG reserves the right to partially or completely modify or simply update its content, also due to changes in the applicable legislation. CoreLedger AG will inform you about these changes as soon as they are introduced.