Privacy and the security of transactions are core elements of cryptocurrencies, blockchain technology and its whole global movement. Skyline really appreciates the trust Clients have in us when trading cryptocurrencies and other digital assets on our platform. For this reason, privacy and data security have an enormously high priority for Skyline. It is very important to us that you feel safe during your visit to our website and while using our services as well as over the course of all other business transactions with us. As soon as you make use of products and/or services of Skyline, you entrust us with the processing of your personal data. Skyline wants to give you the best possible experience with our platform to ensure that you enjoy the usage of our products and services now and in the future.
Who is responsible for the processing of your personal data and whom can you contact in case of necessity?
If you have any questions in connection with the processing of your personal data and the exercising of your rights under GDPR or FADP, you can contact our privacy team: firstname.lastname@example.org Please note that for certain requests, we require further identification data from you (e.g. Passport, ID card, etc), in order to ensure that your personal data is only shared with you.
From which sources does the data originate?
We process first and foremost personal data which we have received from you.
Insofar as we receive personal data from third parties, this concerns the following persons / organizations in particular:
In some cases, we collect personal data from public registers (such as Zefix), public administration or other third-party sources, such as fraud prevention agencies, services and providers specialized in collecting and providing data related to money laundering and terrorist financing, the media and the Internet.
What personal data and special categories of personal data do we process?
Subject to the products or services we provide to you, we collect and process personal data received from you within the scope of the business relationship. The following personal data might be processed:
Where relevant for the products or services we provide to you, we may also collect and further process personal data about third parties, such as beneficial owners, representatives, dependents or family members. Please send a copy of this Privacy Notice to these third parties, before providing us with this information.
For which purposes and based on which legal basis do we process your personal data?
All processing is performed in accordance with the GDPR and the FADP on the basis of your consent (Art. 6 (1) lit. a EU-GDPR; Art. 13 (1) FADP). Processing will only take place in accordance with the defined purposes and to the extent agreed in the declaration of consent. Given consent may be withdrawn at any time without giving reasons and with future effect, if you no longer agree to the processing. Please note that the withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal.
All processing is performed on at least one of the following legal basis:
In light of the above-listed legal basis, processing of personal might be purported for:
Who receives your personal data?
The protection and confidentiality of your personal data is important to Skyline. Therefore, we transfer your personal data only to the extent described below or within the scope of an instruction at the time the data is collected from you. In addition, personal data that we collect concerning you will neither be sold by us nor otherwise disclosed to third parties.
4.1. Skyline Group
Within the Skyline Group, ,the offices or employees will receive your personal data who need it to fulfill the contractual and legal obligations and legitimate interests. We transfer personal data for the purpose of our daily business operations like account management and other operations requested by you as well as to conduct internal administrative activities efficiently in a shared way and to maintain as well as improve our products and services.
4.2. Third parties
Skyline might transfer your personal data to any third parties acting on your behalf or involved in a transaction, such as payment recipients, correspondent banks, clearing houses, stock exchanges, fund managers, brokers, Virtual Asset Service Providers (VASP). Also, Skyline might transfer your personal data to any other person with your consent to the disclosure or the purpose of performing a contract or in order to take steps at the request of the data subject prior to entering into a contract.
To a limited extent, where deemed appropriate by us, we also transmit personal information to processors who perform services for us including Group companies, such as IT providers, marketing providers, debt recovery, fraud prevention, credit reference agencies and advisors/contractors bound by legal and contractual confidentiality obligations. We also use cloud services for the purpose of office automation (e.g. for the purpose of communication, data storage, document filing and collaboration) and customer relationship management automation (e.g. to systematically organize the relationship and interactions with existing and potential clients). The cloud services may be partially or fully managed by the cloud service providers and made available to us on demand via the Internet from the servers of the cloud service providers. The data centers of the cloud service providers for the services rendered to us, i.e. where the data is being locally processed and stored, will be located in Switzerland and/ or the EU. By the use of cloud services for office automation and customer relationship management automation we will as well process bank client identifying data and data relating to the client relationship with the Skyline. Skyline client identifying data is all information relating to an identified or identifiable person as a bank client, such as name, contact details, account number etc.
4.4. Public bodies and institutions and auditors
We might also transfer your personal data to public bodies and institutions and external regulatory/statutory auditors, including regulatory/supervisory authorities, such as the Swiss Financial Market Supervisory Authority FINMA or Criminal Prosecution Authorities (i) if we are required to do so by law or in the context of legal proceedings, (ii) if we believe that disclosure is necessary to prevent damages or financial loss, or (iii) in connection with an investigation into suspected or actual fraudulent or illegal activities.
Is your data transferred to third countries or international organizations?
As a matter of principle, your data will be stored in Switzerland and in the EU. We will only transfer or grant access to your personal data to recipients outside of Switzerland or the EU, if it is necessary for the execution of your orders (e.g., for fiat or digital asset transactions), prescribed by law or regulations (e.g., the exchange of sender/recipient transaction data or for regulatory purposes), or if you have provided us with your consent.
In such cases, subject to legal or contractual authorizations, we process or have personal data processed in a third country only where the conditions of Art. 44 et seq of the GDPR are met. For example, the processing and the transfer shall be carried out based on special safeguards, such as the adherence to a code of conduct or certification mechanism together with binding and enforceable commitments from the recipient in the third country to apply the appropriate safeguards to protect the data or compliance with officially recognised special contractual obligations published by the European Commission.
For how long is my personal data stored and when will it be deleted?
We process and store (retain) your personal data as long as it is necessary for the fulfillment of our contractual, legal and regulatory obligations.
What data protection rights do you have?
You are entitled to the following rights associated with the processing of your personal data:
Am I subject to an obligation to provide personal data?
Within the scope of our business relationship, you must provide that personal data which is required for the initiation, execution and termination of a business relationship, or that we are legally or regulatory obligated to collect. In particular, provisions of money laundering laws and regulations require that we verify your identity before entering into a business relationship, for example, by means of your identity card or passport, and record your name, place and date of birth, nationality and your residential address. In order to comply with these regulatory and statutory obligations, you must provide us with this personal data and corresponding documents and notify us without undue delay of any changes that may arise in the course of the business relationship. As a rule, without this data we must reject the conclusion or performance of an order/a transaction, or are no longer able to carry out an existing order/transaction and therefore may be forced to terminate the business relationship.
As a rule, we do not perform decision-making based solely on automated processing pursuant to Art. 22 GDPR to establish or terminate a business relationship. Should we use such a process in individual cases, we will inform you separately, where this is legally prescribed. In such a case and under certain circumstances, you will have a right to object such procedures.
To what extent do we perform profiling?
Under certain circumstances we may process your personal data automatically with the aim of evaluating certain of your personal aspects (profiling), for example:
How do we protect your personal data?
The security of data is very important to Skyline and we are committed to protecting data we collect. We maintain comprehensive administrative, technical and physical measures designed to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. These measures meet the highest international safety standards and are regularly reviewed regarding their effectiveness and suitability for achieving the intended safety objectives.