Log In

Privacy Notice

Last updated: November 24th, 2022

Numbrs Personal Finance AG, Neuhofstrasse 12, 6340 Baar, Switzerland (hereinafter referred to as “Self-Custody”, “we”, “us”, “our”) provides this Privacy Notice to explain how we process personal data when you visit or use the Self-Custody Website www.selfcustody.net and its associated services, the Self-Custody, designed to serve persons interested in the crypto space (collectively, the “Services”). We use the term “personal data” to mean data about an identified or identifiable individual. This Privacy Notice also provides information about rights you may have under applicable privacy laws.

For more information on country and region-specific privacy laws that may apply to you, please refer to the Jurisdiction-Specific Disclosures at the end of this Privacy Notice.

1. What personal data do we collect?

The categories of personal data that we collect from you include:

  • Contact form that you enter yourself on the Self-Custody Website, including your first name, last name, email address, region, preferred language, inquiry;
  • Registration information that you enter yourself on the Self-Custody Website, including your first name, last name, full address, ZIP code, city, state, country and email address;
  • The settings you choose within the Self-Custody Website, including the names of third parties with whom you wish to share your information (e.g., banks, payment service providers, friends, family, or any other third party you have designated to receive your data) and their contact information (e.g., telephone numbers, email addresses or wallet addresses);
  • Information collected from any devices you connect with the Self-Custody Website, including information about your mobile device or computer (e.g., IP address and geolocation data, information about the browser (type and version used, language), the Internet service provider of the user, the IP address of the user, date and time of access request, time zone difference to Greenwich Mean Time (GMT), access status/HTTP status code, the data volume transferred, websites from which the system of the user comes to our website, websites accessed by the user’s system through our website, type of device and operating system);
  • Your usage behavior when logged into the Self-Custody Website and information about how you use the Services.
  • Personal data collected in connection with the use of cookies and similar technologies. We use cookies, web beacons and similar technologies to collect the following usage- and device-related personal data when you access our website and use our services from the devices used for this purpose: websites/web pages visited, access time, frequency and duration of visits, links clicked, interaction with advertisements, user segment or category, IP address, model or device type, operating system and version, browser type and settings, identifiers (device ID, advertisement ID, individual device token), cookie-related data (e.g. cookie ID).

You are under no obligation to provide us with the data we ask you for. However, if you do not provide your personal data, you will not be able to use the Services.

2. From whom do we collect personal data?

We may collect personal data directly from you. In addition, if you use the Self-Custody, we may collect your personal data from (i) other devices that you connect with your Self-Custody, (ii) other applications that you connect with the Self-Custody Website, and (iii) banks and payment service providers if you have given them your consent to transfer your personal data to us.

3. For what purposes do we use personal data?

We use the personal data we collect to:

  • Provide you with our website and to provide our related services through them and to manage your relationship with us;
  • Respond to or fulfill your requests and to communicate with you, including for marketing purposes (e.g., via our newsletter);
  • Ensure the security of our services;
  • Analyze performance, fix errors, and improve our services;
  • Exercise our legal rights, defend our legal interests, protect against fraudulent, harmful and illegal activity;
  • Comply with applicable laws such as data protection and consumer laws; and
  • Fulfill any other purposes for which you have provided the information and any other incidental business purposes related to or in connection with the purposes stated in this Privacy Notice.

In addition, if we take steps to enter into a reorganization, restructuring, merger, acquisition or transfer of assets (“Business Transfer”), we may also use your personal information to give effect to that Business Transfer.

4. To whom do we disclose personal data?

Personal data of users who use the Self-Custody Website may be disclosed to (i) the financial services providers that you have authorized to have access to your personal data for the purposes of managing your payments to and from your Self-Custody; and (ii) third parties selected by you with whom you wish to share your personal data.
Your personal data may be disclosed to employees and processors (i.e., service providers) of Self-Custody that develop, operate and support the Self-Custody Website. Self-Custody relies on processors in the European Economic Area and Switzerland to process your personal data.
In the event of a Business Transfer, we may transfer personal information to the acquiring or surviving entity in accordance with applicable law.
Your personal data may also be disclosed to governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law.

5. How long do we store personal data?

We store personal data as long as necessary to provide you with the features of the Self-Custody Website Website and any other services that you requested from us. If we need to keep your information, including personal data, for tax, audit, or legal compliance for a legally prescribed time period thereafter, or if we need it to preserve evidence within statutes of limitation, we will retain the data for such purposes.

6. Children

We only collect personal data about children with the consent of their parents or legal guardian. You must be at least 18 years of age (or older, subject to locally applicable law) to use the Services.

7. Cookies

When you use our website and/or services, we and selected third parties may use cookies and similar technologies in order to provide you with a better, faster and safer user experience. Cookies are small files that are stored in your browser or on your device when you visit the website. You can prevent the storage of cookies by selecting the appropriate settings on your browser. However, please note that if you do so, you may not be able to use the full functionality of this website.
As part of the website, Self-Custody use the following cookies/cookies for the following purposes:
Language Selection Cookie. This cookie stores your language selection in order to show you the website in the selected language on future visits.
Google Analytics. Google Analytics is a web analytics service provided by Google LLC (“Google”). The information generated by this cookie about the use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. For more information, please visit Google’s website.
Google AdWords Remarketing and Conversion Tracking. This cookie can link your visit to the website with advertisements on Google. You can find more information on Google’s website.
Facebook Conversion Tracking. This cookie can connect your visit to the website with the advertisements on Facebook. For more information, please visit Facebook’s website.
Twitter Conversion Tracking. This cookie can connect your visit to the website with the advertisements on Twitter. For more information, visit the website of Twitter.

8. Your Rights

You may have rights under applicable privacy laws, which may include access, review, modify or delete the personal data we hold about you.
To submit a request to exercise any rights you may have under applicable privacy laws, please contact us using the contact details under “Contact Us” below and clearly describe your request. If you have rights under applicable privacy laws and your request complies with the requirements under such laws, we will give effect to your rights and respond within any mandatory timeframes as required by law.

9. Effect of this Privacy Notice; Changes

This Privacy Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us. We may revise this Privacy Notice from time to time by making the revised document available on our website www.selfcustody.net and updating the “last updated” date above. We will also obtain consent from you where required by applicable law before processing your personal data for any purpose incompatible with the purposes set forth in prior versions of this Privacy Notice.

10. Contact Us, Data Protection Officer and Representative

If you have any privacy-related inquiries or concerns, please contact us, if possible, at [email protected]. For further information please also refer to the Jurisdiction-Specific Disclosures below.

Jurisdiction-Specific Disclosures

In these Jurisdiction-Specific Disclosures, we provide additional (i) information related to rights you may have under the applicable privacy laws of your jurisdiction; and (ii) disclosures required by the privacy laws of particular jurisdictions.

For users residing in California:

  • What laws apply? References to the “CCPA” are references to the California Consumer Privacy Act of 2018. If you reside in California and access our Services or otherwise provide us with your personal information, this section applies to you. This section does not reflect our processing of California residents’ personal information where an exception under California law applies.
  • Do we sell personal information? No. We do not have actual knowledge that we sell the personal information of minors under 16 years of age.
  • What categories of personal information have we collected from California residents over the preceding 12 months? Section 1 of this Privacy Notice (What personal data do we collect?) identifies the categories of personal information we have collected about California residents. These categories of personal information correspond with the following categories of personal information enumerated under the CCPA definition of “personal information” and their respective letter grouping:
    (A) — Identifiers including name, postal address, phone number, unique personal identifier, IP address, email address and account name.
    (B) — Information that identifies or is capable of being associated with you, including salutation, citizenship, place of birth and date of birth.
    (C) — Information about products or services purchased, obtained, or considered through the Services, and other purchasing or consuming histories or tendencies.
    (D) — Internet or other electronic network activity information.
    (E) — Geolocation information.
    (F) — Audio, electronic, visual or similar information.
    (G) — Inferences drawn from any of the information identified above reflecting your preferences and characteristics.
  • How have we collected, used and disclosed California residents’ personal information over the preceding 12 months?
    Section 2 of this Privacy Notice (From whom do we collect personal data?) identifies the sources of such personal information, Section 3 (For what purposes do we use personal data?) identifies the purposes for which we use and disclose California residents’ personal information, and Section 4 (To whom do we disclose personal data?) identifies the categories of third parties to whom we have disclosed California residents’ personal information for a business purpose.
  • What rights do California residents have under the CCPA?
    • Right to know: California residents have the right to request that we disclose what personal information we collect, use, disclose and sell about them specifically.
    • Right to deletion: California residents have the right to request the deletion of personal information that we collected from them.
    • Right to non-discrimination: California residents may not be discriminated against because they exercise any of their rights under the CCPA.
    • Right to opt-out: California residents have the right to opt-out of the sale of their personal information by a business. We do not sell California residents’ personal information.
  • How can California residents exercise their rights? To submit a request to exercise the right to know or the right to delete, please submit an email request to [email protected] or write to us at Neuhofstrasse 12, 6340 Baar, Switzerland. Please specify in your request the details you would like to know or have deleted. We may ask that you provide certain information to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal data at issue. We will respond to your request in accordance with the CCPA. If we deny your request, we will explain why. You can also designate an authorized agent to make a request under the CCPA on your behalf in certain circumstances. If you use an authorized agent for this purpose, we may ask you to verify your identity or that you provided the authorized agent signed permission to submit a request under the CCPA on your behalf. If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such an authorized agent in accordance with the CCPA.

For users in the European Economic Area, the United Kingdom and Switzerland:

1. What laws apply? References to the “GDPR” are references to the General Data Protection Regulation as it applies in the country where you are located. If you are located in the EEA, the EU GDPR applies to the processing of your personal data. As a result of the UK’s departure from the EU, the EU GDPR has been incorporated into the domestic laws of the UK, known as the “UK GDPR”. If you are located in Switzerland, the provisions of the Swiss Federal Data Protection Act (the “FDPA”) apply to you. References to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA.

2. Who is the data controller? Numbrs Personal Finance AG, Neuhofstrasse 12, 6340 Baar, Switzerland. You can contact the data controller at [email protected]. If you are located in Germany, you can also contact our local data protection officer who is Rechtsanwalt Dr. Sebastian Kraska, Marienplatz 2, D-80331 München, Germany ([email protected]).

3. What are the legal bases of processing users’ personal data?

The legal bases for processing of your personal data are:

The performance of the contract you entered into for the use of the Services (i.e., our Terms of Use for the Self-Custody Website), per Article 6(1)(b) GDPR. This includes managing registration for our services, fulfilling the contractual obligations, providing our services, invoice processing, communication, customer support and enforcement of any contractual terms.

Consent for marketing contacts including the sending of newsletters as well as measurement and improving the performance of the website as well as personalization, measurement [and improvement of our and third party advertisements], per Article 6(1)(a) GDPR.

The pursuit of legitimate interests per Article 6(1)(f) GDPR—it is in our legitimate interests to provide good service, ensure the security of our services, defend our legal interests, protect against fraudulent, harmful and illegal activity, and analyze how users access and use our services so that we can further develop and improve them.

Compliance with our legal obligations per Article 6(1)(c) GDPR.

4Where is your personal data processed and on what basis do we transfer personal data across borders? 

With your explicit consent, we transfer your personal data to the financial services providers you have chosen in the Services, and who may be within or outside the European Economic Area, Switzerland or the UK.

Moreover, Self-Custody operates the Services with the assistance of affiliated and unaffiliated service providers in Switzerland. All personal data provided by you to Self-Custody is collected in secure and certified data centers. These data centers are located in Zug, Switzerland. The data centers are managed by WWZ Telekom AG (Chollerstrasse 24, 6301 Zug).

An encrypted back-up copy of the Self-Custody of our users is stored on a server at WWZ Telekom AG in Zug, Switzerland. Self-Custody does not have access to this data in unencrypted form.

We only transfer your personal data to countries where the European Commission, Switzerland or the UK (as applicable) has decided that they have an adequate level of data protection or we take measures to ensure that all recipients provide an adequate level of data protection. We do this for example by entering into appropriate data transfer agreements based on Standard Contractual Clauses and performing data protection assessments of data transfer arrangements as appropriate.

5. Your Rights.

(a) to object, on grounds relating to your particular situation, to the processing of your personal data by us, subject to certain preconditions; If personal data is processed for direct marketing purposes, you have an additional right to object at any time to the processing of personal data in relation to you for the purpose of such marketing. This also applies to profiling where this is connected to direct marketing. In that case, the personal data will no longer be processed by us for these purposes.

(b) to obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and (depending on the circumstances) copies of the personal data – right of access;

(c) to obtain from us the rectification of inaccurate personal data concerning you – right to rectification;

(d) to ask us to erase your personal data, subject to certain preconditions – right to erasure (right to be forgotten);

(e) to request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes – right to restriction of processing;

(f) to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us – right to data portability; and

(g) to lodge a complaint with a supervisory authority (only for EEA and UK).

(h) in some jurisdictions such as France and Portugal, you also have the right to provide us with guidelines as to the processing of your personal data after your death.