General Privacy Policy of
TTM Prime
Version of November 30 2023
1. What is this privacy policy about?
TTM Prime (hereinafter also “TTM”, “we” or “us”) processes personal data relating to you or other individuals in different ways and for different purposes.
“Personal data” means all information relating to an identified or identifiable natural person, and “processing” means any operation with it, such as collecting, using, and disclosing it.
This privacy notice explains our processing of such data (hereinafter referred to as personal data or data) when:
Please take the time to read this privacy notice to learn how and why TTM processes your personal data, how TTM protects your personal data and what rights you have in this context. If you have any questions or would like further information about our data processing, please do not hesitate to contact us (para. 2).
We have aligned this Privacy Policy with both the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR). However, whether and to what extent the GDPR is applicable at all depends on the individual case.
“Personal data” means all information relating to an identified or identifiable natural person, and “processing” means any operation with it, such as collecting, using, and disclosing it.
This privacy notice explains our processing of such data (hereinafter referred to as personal data or data) when:
- • you visit our website www.ttmprime.com
- • you make use of our services, in particular exchange services related to Tradable Crypto Assests, Counterparty Trading and Settlement of Exchange Transactions etc
- • you are otherwise associated with us by contract
- • you contact us via email, letter, by text message, via a contact form, etc
- • you deal with us in the context of all other data processing related to our offers
Please take the time to read this privacy notice to learn how and why TTM processes your personal data, how TTM protects your personal data and what rights you have in this context. If you have any questions or would like further information about our data processing, please do not hesitate to contact us (para. 2).
We have aligned this Privacy Policy with both the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR). However, whether and to what extent the GDPR is applicable at all depends on the individual case.
2. Who is responsible for processing your data?
For the data processing according to this privacy notice, the following company is the “controller”, i.e. the party primarily responsible under data protection law unless otherwise communicated in individual cases:
If you have any questions regarding data protection, please feel free to contact us at the following address so that we can process your request as quickly as possible: info@ttmprime.com
- • TTM Prime
- • Dammstrasse 16
- • 6300 Zug
- • Switzerland
If you have any questions regarding data protection, please feel free to contact us at the following address so that we can process your request as quickly as possible: info@ttmprime.com
3. What personal data do we process?
We process different categories of personal data depending on the occasion and purpose. You will find the most important categories below, whereby this list cannot be exhaustive.
You disclose much of the data mentioned in this section yourself (e.g. when communicating with us, when using the website, etc.). If you wish to claim services, you must provide us with data as part of your contractual obligation under the relevant contract, in particular, master data and contract data.
You disclose much of the data mentioned in this section yourself (e.g. when communicating with us, when using the website, etc.). If you wish to claim services, you must provide us with data as part of your contractual obligation under the relevant contract, in particular, master data and contract data.
a. Master data
Master data is the basic data that we need to process our business relationships or for marketing and advertising purposes and that relates directly to your person and characteristics. For example, we process the following master data:
- • salutation, surname and first name and gender
- • address, contact details such as e-mail address and telephone and mobile number
- • information on income and asset situation (e.g. gross income, rent and assets)
- • in case of contact persons of companies also relations to the company you are working for
b. Contract data
Contract data is information that incurs in connection with the conclusion or execution of a service contract, for example information about the services to be rendered (e.g. which cryptos you want to buy), as well as data from the period prior to the conclusion of a contract, information on the conclusion of the contract itself (e.g. the closing date and the subject matter of the contract), as well as the information required or used for the execution. For example, we process the following contract data:
- • date, information on the type and duration as well as conditions of the respective contract, data concerning the termination of the contract
- • contact details
- • information on the use of services (e.g. tradable crypto assets list, exchange transactions)
- • information on payments and payment methods, acceptance and return of client funds, complaints, feedback, etc
c. Communication data
Communication data is data in connection with our communication with you, for example, when you contact us via contact form or via other means of communication. Communication data are is, for example:
- • content of correspondence (e.g. of e-mails, written correspondence, telephone conversations, chat messages, etc.)
- • information on the type, time and, if applicable, location of the communication and other peripheral data of the communication
d. Technical data
Technical data is generated in connection with the use of our website. This includes, for example, the following data:
- • The IP address of the end device and device ID
- • information about your device, the operating system of your end device or language settings
- • information about your internet provider
- • accessed content or protocols in which the use of our systems is recorded
- • date and time of access to the website and your approximate location
e. Other data
We may also collect data from you in other situations. In connection with official or judicial proceedings, for example, data (such as files, evidence, etc.) occurs that may also relate to you.
4. For what purposes do we process your personal data?
We use the personal data we collect primarily for collaboration with you (Exchange Services). In addition, we also process your personal data, to the extent permitted and deemed appropriate, for other purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:
If we ask for your consent for certain processing activities, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time by written notice.
- • For communication purposes, i.e. to contact you and to stay in contact with you. This includes answering inquiries and contacting you in case of queries, e.g. by email. For this purpose, we especially process your communication and master data.
- • We also process data to improve our services and for product development.
- • To ensure IT security and for prevention: we process personal data to monitor the performance of our company, in particular IT, our website, applications, and other platforms, for security purposes, to ensure IT security, to prevent theft, fraud and abuse, and for evidence purposes. This includes, for example, the evaluation of technical records of the use of our systems (log data), the prevention, defense and investigation of cyber-attacks and malware attacks, analyses and tests of our networks and IT infrastructures, system and error checks.
- • To protect our rights: we may also process personal data to enforce claims in or out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims. For this purpose, master data and communication data may be processed.
- • To comply with legal requirements: this includes, for example, the processing of complaints and other notifications, compliance with orders of a court or an authority, measures to detect and investigate abuses, and generally measures that we are obliged to take by applicable law, self-regulation, or industry standards. For this purpose, we may especially process your master data and communication data.
- • We may also process data for other purposes. These include company management, including business organization and company development, other internal processes and administrative purposes (e.g. management of master data, accounting and archiving), training as well as educational purposes and the preparation and processing of purchase and sale of business units, companies or parts of companies and other transactions under company law and the associated transfer of personal data, as well as measures for business management and the protection of other legitimate interests.
If we ask for your consent for certain processing activities, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time by written notice.
5. What online tracking and online advertising techniques do we use?
On our website, we use various techniques to let us and third parties consulted by us recognise you when you use our website and, in some cases, track you across multiple visits. The use of such techniques is regulated separately. The following section provides information on this topic.
a. How and for what purpose do we use cookies and similar technologies?
We use third-party services for our website to measure and improve the user experience of the website and online advertising campaigns. For this purpose, we may embed third-party components on our website, which may in turn use cookies. When we track you or use similar technologies, the core purpose is to enable us to distinguish access by you (via your system) from access by other users so that we can ensure the functionality of the website and perform statistical analyses. We do not want to identify you in this process. The technology used is designed to recognise you as an individual visitor each time you access the site, for example, by having our server (or the servers of third parties) assign a specific identification number to you or your browser (so-called “cookie”).
Cookies are files that your browser automatically stores on your end device when you visit our website. Cookies contain a unique identification number (an ID) that allows us to distinguish individual visitors from others, but usually without identifying them. Depending on the purpose use, cookies contain further information, for example, on accessed sites and the duration of the visit to a site. On the one hand, we use session cookies, which are deleted again when the browser is closed, and on the other hand, we use permanent cookies, which remain stored for a certain duration after the browser is closed and are used to recognise visitors on a subsequent visit.
We particularly use cookies for the following purposes:
Cookies are files that your browser automatically stores on your end device when you visit our website. Cookies contain a unique identification number (an ID) that allows us to distinguish individual visitors from others, but usually without identifying them. Depending on the purpose use, cookies contain further information, for example, on accessed sites and the duration of the visit to a site. On the one hand, we use session cookies, which are deleted again when the browser is closed, and on the other hand, we use permanent cookies, which remain stored for a certain duration after the browser is closed and are used to recognise visitors on a subsequent visit.
We particularly use cookies for the following purposes:
- • personalisation of content
- • displaying personalised advertisements and offers
- • displaying ads on third-party websites and measuring their success, i.e. whether you respond to these ads (remarketing)
- • save settings between your visits
- • determining whether and how we can improve our website
- • collection of statistical data on the number of users and their usage habits, as well as to improve the speed and performance of the website
- • we may process your contact details to target you with advertisements on third-party platforms
b. How can cookies and similar technologies be disabled?
When accessing our website, you have the option to activate or deactivate certain categories of cookies. You can configure your browser in the settings to block certain cookies or similar technologies or delete existing cookies and other data stored in the browser. You can also enhance your browser with software (so-called “plug-ins”) that blocks tracking by certain third parties. You can find out more about this in the help pages of your browser (usually under the heading “Privacy”). Please note that our website may no longer fully function if you block cookies and similar technologies.
6. To whom do we disclose your personal data?
In connection with our processing activities, we also disclose your personal data to other recipients.
We further disclose personal data to service providers as required for their services. This particularly concerns IT service providers, but also consulting companies, analysis service providers, debt collection service providers, credit agencies, marketing service providers, etc. As far as service providers process personal data as processors, they are obliged to process personal data exclusively according to our instructions and to implement data security measures.
Data may also be disclosed to other recipients, e.g. to courts and authorities as part of legal proceedings and legal information and cooperation duties, to buyers of companies and assets, to financing companies in the case of securitizations, and to collection agencies.
In individual cases, it is possible that we also disclose personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or entitled to disclose such data.
We further disclose personal data to service providers as required for their services. This particularly concerns IT service providers, but also consulting companies, analysis service providers, debt collection service providers, credit agencies, marketing service providers, etc. As far as service providers process personal data as processors, they are obliged to process personal data exclusively according to our instructions and to implement data security measures.
Data may also be disclosed to other recipients, e.g. to courts and authorities as part of legal proceedings and legal information and cooperation duties, to buyers of companies and assets, to financing companies in the case of securitizations, and to collection agencies.
In individual cases, it is possible that we also disclose personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or entitled to disclose such data.
7. Do we disclose personal data abroad?
Some recipients of data are not only located in Switzerland. This applies in particular to certain service providers. These may be located outside the European Economic Area (EEA) and Switzerland (especially in the USA, UK), but also in other regions and countries worldwide, e.g. Singapore. For example, we may transmit data to authorities and other persons abroad if we are legally obliged to do so or, for example, in the context of a company sale or legal proceedings. Not all of these countries currently guarantee an adequate level of data protection according to the standards of Swiss law. We therefore take contractual precautions to contractually compensate for the lower level of legal protection, especially with the standard contractual clauses issued by the European Commission and recognised by the Swiss Data Protection and Information Commissioner (FDPIC).For more information and a copy of these clauses, please visit:
https://www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows.html
In certain cases, we may transmit data in accordance with data protection law requirements even without such contracts, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the execution of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
https://www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows.html
In certain cases, we may transmit data in accordance with data protection law requirements even without such contracts, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the execution of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
8. How long do we process personal data?
We store and process your personal data as long as it is necessary for the purpose of the processing (in the case of contracts, usually for the duration of the contractual relationship), as long as we have a legitimate interest in storing it (e.g. to enforce legal claims, for archiving and or to ensure IT security) and as long as the data is subject to a legal retention obligation (for example, for certain data, a ten-year retention period applies). If there are no legal or contractual obligations to the contrary, we will destroy or anonymise your data after the storage or processing period has expired within our normal processes.
9. What are the legal basis for data processing?
As the case may be, data processing is only permitted if the applicable law specifically allows it. This does not apply under the FADP, but does apply, for example, under the GDPR as far as it is applicable. In this case, we base the processing of your personal data on the following legal bases:
- • on your consent (Article 6(1)(a) and Article 9(2)(a) GDPR)
- • that the processing is necessary for the performance of the contract or pre-contractual measures (e.g. the review of a contract proposal; Article 6(1)(b) GDPR)
- • that the processing is necessary for the establishment or defence of legal claims or civil proceedings (Article 6(1)(f) and Article 9(2)(f) GDPR)
- • that the processing is necessary for compliance with domestic or foreign legal provisions (Article 6(1)(c) and (f); Article 9(2)(g) GDPR)
- • that the processing is necessary for a legitimate interest in the data processing, in particular the interests mentioned in section 4 (Article 6(1)(f) GDPR)
10. How do we protect your data?
We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data to protect it against unauthorised or unlawful processing and to protect it against the risks of loss, accidental loss or alteration, unauthorised access. However, security risks cannot be completely ruled out; residual risks are unavoidable.
11. What rights do you have?
Under the applicable data protection law, you have certain rights to obtain further information about and influence our data processing. Particularly, these are the following rights:
Please note that these rights are subject to legal requirements and restrictions and are therefore not fully applicable in every case. In particular, we may need to further process and store your personal data in order to fulfil a contract with you, to protect our own legitimate interests such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we may therefore also reject a data subject request in whole or in part (e.g. by redacting certain content relating to third parties or our trade secrets).
If you wish to exercise any rights against us, please contact us in writing. You will find our contact details in section 2. As a rule, we will have to verify your identity (e.g. by means of a copy of your ID card ). You are also free to file a complaint against our processing of your data with the competent supervisory authority. The competent supervisory authority in Switzerland is the Swiss Data Protection and Information Commissioner (FDPIC).
- • Access right: you can request further information about our data processing. We are at your disposal for this purpose. You can also submit a so-called information request if you wish to receive further information and a copy of your data.
- • Objection and deletion: you may object to our data processing and request that we delete your personal data at any time if we are not obliged to continue processing or storing this data and if it is not necessary for the contract.
- • Correction: you can have incorrect or incomplete personal data corrected or completed or complemented by a note that indicates your objection.
- • Data portability: you also have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to have it transferred to a third party, as far as the respective data processing is based on your consent or is necessary for the execution of the contract.
- • Revocation: if we process data based on your consent, you can revoke your consent at any time. The revocation is only valid for the future, and we reserve the right to continue to process data based on another basis in the event of a revocation.
Please note that these rights are subject to legal requirements and restrictions and are therefore not fully applicable in every case. In particular, we may need to further process and store your personal data in order to fulfil a contract with you, to protect our own legitimate interests such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we may therefore also reject a data subject request in whole or in part (e.g. by redacting certain content relating to third parties or our trade secrets).
If you wish to exercise any rights against us, please contact us in writing. You will find our contact details in section 2. As a rule, we will have to verify your identity (e.g. by means of a copy of your ID card ). You are also free to file a complaint against our processing of your data with the competent supervisory authority. The competent supervisory authority in Switzerland is the Swiss Data Protection and Information Commissioner (FDPIC).