Published on June 30, 2023

Privacy Policy

Updated on 16 November 2023

1. General

This is the privacy policy (“Privacy Policy“) for any website, any mobile app (the "App"), any other applications and other services owned or operated (collectively the “Services“) provided by Pocket App Ltd (the "Company", "Pocket", "we" or "us") which aims at providing technical and digital services to the large public, including but not limited to the Pocket web service, the Pocket mobile application, and related software and infrastructure services. Pocket is the controller of your personal data collected through the Services and we are committed to protecting and respecting your privacy. Pocket is dedicated to collect as little personal data about its users as possible.

2. Introduction

Our users privacy is dear to us. We want to be transparent about the data we collect and process.

Our business operations requires us to collect certain personal information from our clients. We only ask for and collect data that is needed to provide our service. We do not not track our users across our platform.

This Privacy Policy explains who we are, why and how we process personal data collected through your use of our Services and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to.

When you supply any personal data to us, we have legal obligations towards you in the way we use that data. We must collect the information fairly and explain to you how we will use it. For ease of reading, we have divided this Privacy Policy into several sections:

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice that we may provide at or around the time that we collect or process personal data about you so that you are fully aware of how and why we are using that data.

Your consent to this Privacy Policy is given once you tap on the button “Start“ or “Set up now” which appears upon your first connection, and which indicates “By proceeding you agree to our Terms and Conditions and Privacy Policy“.

By tapping the button, you (the “User“) agree to be bound by the Privacy Policy, as amended and published on the Services, and to comply with this Privacy Policy and all applicable laws and regulations. If you do not agree with the Privacy Policy, you should refrain from using the Services.

The Privacy Policy may be updated by Pocket at any time without prior notice. The current version is published on pocketethereum.com­/policy/privacy. Please check the Privacy Policy regularly for changes. All changes are effective as of the date they are made. If you continue to access or use our services after the policy has been updated, you will be deemed to have bindingly consented to the updates. If you do not agree to the amended terms, you should not continue to access or use our services.

Please note that the Services is not intended for use by nor directed at anyone under the age of 18 and we do not knowingly collect data relating to children. If you believe we have collected personal information about your child, you may contact us at team@pocketethereum.com and request that we remove any information about them.

2.1. Privacy Policy for SSL/TLS Encryption

This website uses SSL/TLS encryption for reasons of security and to protect the transmission of confidential content, such as the requests you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://“ to “https://“ and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3. Who is responsible?

Pocket App Ltd, Industriestrasse 33, CH - 5242 Lupfig is responsible for the collection, use, disclosure, retention and protection of your personal information in accordance with our privacy standards, this Privacy Notice, as well as any applicable national laws.

4. What information we collect

4.1. What is personal information?

Where this Privacy Policy refers to 'personal data' it is referring to data about you from which you could be identified – such as your name, your date of birth, your contact details, identification documents and even your IBAN, IP address or Ethereum addresses.

By law, all organisations who process your personal data in Europe (including Switzerland) are obliged to process your personal data in certain ways and to ensure that you are given an appropriate amount of information about how they use it. You also have various rights to seek information from those organisations about how they are using your data, and to prevent them from processing it unlawfully. For more information about these rights, please see the 'Your Rights' section of this Privacy Policy.

4.2. The information we collect from you when you use the Services

While you use our Ethereum exchange service within the specified thresholds we collect:

  • Contact details (email address)
  • IBAN of your bank account
  • Payout methods (Ethereum address, extended public key)
  • Preferred language and currency

While you use our Ethereum Lightning exchange service within the specified thresholds we collect:

  • Contact details (email address)
  • IBAN of your bank account
  • Preferred language and currency
  • Type of Lightning Wallet
  • Lightning invoice
  • Receiver node ID

If you want to exchange within our extended limits and decide to go through our video identification process, we further collect:

  • Full name, residential address, date of birth, citizenship(s);
  • Verification information, which includes information necessary to verify your identity such as a passport, driver’s licence or Government-issued identity card);
  • Information concerning your financial situation such as occupation, profession, income, financial assets, and source funds;
  • Information on whether you hold a prominent public function (PEP);

If you are part of an operating company that uses our exchange services, we collect additional data depending on the type and size of the company.

In case you order any physical goods from our webshop we collect data in relation to the shipment procedure:

  • Name, delivery address
  • Payment information
  • Contact details (email address)

4.3. How and what types of data we collect from you when you use the App

When you use the App to create a wallet, an account or profile, fill in forms provided on the App, subscribe to our services, notifications or newsletters, or report a problem with the App, we may collect, store and use certain personal information that you disclose to us.

The information we collect from you may include (but is not limited to): your IP address, IBAN, email address, telephone number, feedback and log-in information.

We shall also collect information about you when you visit and interact with the App through the use of technologies such as cookies. The following are examples of information we may collect:

  • information about your device, browser or operating system;
  • time zone setting;
  • your IP address;
  • information about interactions you have with the App (such as scrolling and clicks);
  • information about the way you use and the actions you take within the App;
  • length of time on the App and time spent within certain sections;
  • response times; and
  • download errors.

Please refer to your device's help material to learn what controls you can use to remove cookies, block cookies, or disable IDFA tracking. If you do this, it may affect your use of any website or any app, including Pocket (Pockets' website or application).

We may also partner with third parties who may collect anonymous usage or statistical data through your use of the App (including, for example, sub-contractors in technical, payment and/or delivery services, business partners, advertising networks, analytics providers).

We may also collect information about how you use the App through Google Play's Android Advertising ID technology and Apple iOS's Advertising Identifier. This is used only by us and our trusted third-party service providers (see “Service Providers“ below) for advertising and user analytics. The advertising identifier will only be connected to personally identifiable information where you have provided us with your explicit consent. We will respect your user selections for this technology and will not use the data in any way which you have asked us not to. We are committed to abiding by Google's and Apple's terms of use and you may contact us (team@pocketethereum.com), Google or Apple directly if you have any questions regarding our use of this technology.

4.4. Updating your information

If you want to update the information you have previously given to us, you can contact us at team@pocketethereum.com.

4.5. Information we collect about you automatically

Log Information that is generated by your use of our website that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to pages that you visit;

4.6. Information we receive about you from other sources

The banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details;

5. How and why we use/share your Information

5.1. Lawful basis for processing your information

We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:

  • Where you have asked us to do so, or consented to us doing so;
  • Where we need to do so in order to perform a contract we have entered into with you;
  • Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests;
  • Where we need to comply with a legal or regulatory obligation; and
  • For marketing messages

You will receive marketing messages from us if you have given us your consent to do so or if you have provided feedback on our Services and have not opted out of receiving marketing messages.

To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email and update your account preferences. You may also contact us (team@pocketethereum.com) to inform us if you do not wish to receive any marketing materials from us.

5.2. Sharing your information

Depending on how and why you provide us with your personal data, we may share it in the following ways:

  • with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries;
  • with selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you (see “Service Providers“ below); or
  • with analytics that assist us in the improvement and optimisation of the Services.

We may also disclose your personal information to third parties in the following events:

  • if we were to sell or buy any business or assets, in which case we might disclose your personal information to the prospective seller or buyer of such business or assets;
  • if Pocket App Ltd or substantially all of its assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets; or
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

5.3. Service Providers

Our service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfil the services we request, and we stipulate that they protect this information and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject.

5.4. Other Disclosures

During your use of the Services, your web browser, app store provider and mobile network operator may also collect personal information about you regarding your use of the Services such as your identity, your usage and location.

These third parties shall act as separate and independent controllers of that personal data and shall process it in accordance with their own privacy policy.

The Services may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. We may also provide links to third party websites that are not affiliated with the Services. All third-party websites are out of our control and are not covered by this Privacy Policy. If you access third party sites using the links provided, the operators of these sites may collect information from you that could be used by them, in accordance with their own privacy policies. Please check these policies before you submit any personal data to those websites.

6. How long we keep your Information

We will hold your personal information on our systems only for as long as required to provide you with the products and services you have requested, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In some circumstances you can ask us to delete your data: see 'Your Rights' below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

7. Security

7.1. General measures

Pocket App Ltd takes the protection of your information very seriously. We keep any personal data of our clients and our potential clients in accordance with the applicable privacy and data protection laws and regulations. We have put in place appropriate physical, electronic and managerial security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, including use of secure servers, passwords and industry standard encryption for data both in transit and at rest.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business, need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Registered information is securely stored in a safe location, and only authorised personnel have access to it via a username and password.

All reasonable measures are taken to prevent unauthorised parties from viewing any such information. Personal information provided to Pocket that does not classify as registered information is also kept in a safe environment and accessible by authorised personnel only through username and password.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Where we have given you a password or PIN code that enables you to access certain parts of our Services, you are responsible for keeping this password or PIN code confidential. We ask you not to share a password or PIN code with anyone.

7.2. Security in the App

When first launching the App, it creates an individual encrypted digital wallet, i.e. a private key, for every user to store their crypto assets. Pocket App Ltd does not have, at any point in time, access to the user's private keys and funds. You are responsible for keeping your private key confidential. We ask you not to share your private key with anyone. If you lose or give away your private key, you lose or give away your crypto assets.

8. International Data Transfers

Please note that some of our service providers may be based outside of the European Economic Area (the “EEA“). These service providers may work for us or for one of our suppliers and may be engaged in, among other things, the fulfilment of your request for information, products and services, the processing of your payment details and the provision of support services.

Where we transfer your data to a service provider that is outside of the EEA we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld. Transfers of personal data are either made:

  • to a country recognised by the European Commission as providing an adequate level of protection; or
  • to a country which does not offer adequate protection but whose transfer has been governed by the standard contractual clauses of the European Commission or by implementing other appropriate cross-border transfer solutions to provide adequate protection.

By submitting your personal information, you agree to this transfer, storing or processing.

If you would like more information about how the mechanism via which your personal data is transferred, please contact team@pocketethereum.com.

9. Your Rights

As a data subject you have a number of rights in relation to your personal data. Below, we have described the various rights that you have as well as how you can exercise them.

9.1. Right of Access

You may, at any time, request access to the personal data that we hold which relates to you (you may have heard of this right being described as a “subject access request“).

Please note that this right entitles you to receive a copy of the personal data that we hold about you in order to enable you to check that it is correct and to ensure that we are processing that personal data lawfully. It is not a right that allows you to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data. You can exercise this right at any time by writing to us (team@pocketethereum.com) and telling us that you are making a “subject access request“. You do not have to fill in a specific form to make this kind of request.

9.2. Your Right to Rectification and Erasure

You may, at any time, request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right.

You may also ask us to erase personal data that we control if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten“). Although we will do everything to respect your request and personal data, it may not always be possible to erase all of your personal data as there may be legal requirements to keep certain personal data or technical limitations to the data we can delete.

There may also be legitimate interests in keeping certain data including, amongst others, if the data is required for the App to function. If this is the case, we will continue to process this data. If erasure is not technically possible or we believe that we have a good legal reason to continue processing personal data that you ask us to erase, we will tell you this and our reasoning at the time we respond to your request.

You can exercise this right at any time by writing to us (team@pocketethereum.com) and telling us that you are making a request to have your personal data rectified or erased and on what basis you are making that request. If you want us to replace inaccurate data with new data, you should tell us what that new data is. You do not have to fill in a specific form to make this kind of request.

9.3. Your Right to Restrict Processing

Where we process your personal data on the basis of a legitimate interest, you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.

You may also ask us to stop processing your personal data (a) if you dispute the accuracy of that personal data and want us verify that data's accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.

Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.

You can exercise this right at any time by writing to us (team@pocketethereum.com) and telling us that you are making a request to have us stop processing the relevant aspect of your personal data and describing which of the above conditions you believe is relevant to that request. You do not have to fill in a specific form to make this kind of request.

9.4. Your Right to Portability

Where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party, you may write to us and ask us to provide it to you in a commonly used machine-readable format.

Because of the kind of work that we do and the systems that we use, we do not envisage this right being particularly relevant to the majority of individuals with whom we interact. However, if you wish to transfer your data from us to a third party we are happy to consider such requests.

9.5. Your Right to object to processing

You may object to processing of your personal data where we rely on legitimate interest for processing that personal data. We will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.

9.6. Your Right to stop receiving communications

To unsubscribe from communications at any time, please click on the unsubscribe link at the bottom of any email and update your notification preferences in the Services. For details on your rights to ask us to stop sending you various kinds of communications, please contact us (team@pocketethereum.com).

9.7. Your Right to object to automated Decision Making and Profiling

You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.

Where we are relying on consent to process your personal data, you may withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

9.9. Exercising your rights

When you write to us making a request to exercise your rights, we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.

It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be, the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information, then we may delay actioning your request until you have provided us with additional information (and where this is the case, we will tell you).

10. Use of services

10.1. Newsletter

We may send newsletters by ourselves or through a mail order service provider. The mail order service provider is used on the basis of our legitimate interests in accordance with the GDPR and the Swiss Data Protection Act.

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for technical optimization of dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

11. Privacy when using digital assets and blockchains

When you are consuming our services that include the use of the Ethereum, your transactions are recorded in a public blockchain. Public blockchains are intended to immutably store transactions accross wide networks of computer systems. Due to their public nature, blockchains are open to forensic analysis that can lead to deanonymization and revelation of private financial information.

Because the Ethereum blockchain is decentralized we are not able to erase, modify, or alter any information from it.

12. Cookies

Our website uses cookies and other technologies which store information in your browser. We only use these, when it is necessary to ensure a good user experience and never to track your behaviour on our website or across websites of third parites. We do not use any trackers.

13. Changes to this Privacy Policy

Our Privacy Policy is reviewed regularly to ensure that any new obligations and technologies, as well as any changes to our business operations and practices are taken into consideration, as well as that it remains abreast of the changing regulatory environment. Any personal information we hold will be governed by our most recent Privacy Policy.

If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

14. Contact Details

If you have any queries regarding this Privacy Policy, if you wish to exercise any of your rights set out above, or if you think that the Privacy Policy has not been followed, please contact us by emailing at team@pocketethereum.com.

15. Alternative Dispute Resolutions

Any disputes, disagreements or claims relating in any way to this Privacy Policy may also be resolved by the use of alternative dispute resolution mechanisms, such as mediation or arbitration, with the agreement of all parties concerned.

16. Applicable Law and Jurisdiction

This Privacy Policy and the use of the Service will be governed by and construed and enforced in accordance with the laws of Switzerland without giving effect to any choice or conflict of law provision or rule. The place of jurisdiction is Zurich or Aargau in Switzerland.