Privacy Policy and Cookie Policy

PRIVACY POLICY

EIDOO Sagl, Via Motta 10, 6830 Chiasso, Switzerland, and Eidoo Lithuania UAB, Liepų al. 24, LT-35121 Panevėžys, Lithuania (the "Companies"), collect Personal Data (as defined below) in compliance with the applicable law and regulations, in particular the Swiss Federal Act on Data Protection ("FADP") as well as the General Data Protection Regulation  (EU/2016/679) ("GDPR") (together "Data Protection Law").


Pursuant to the Data Protection Law, the following capital terms shall have the meaning indicated here below:

"Personal Data" means any information relating to an identified or identifiable natural or legal person;

"Processing" means any operation or set of operations, performed whether or not by automated means which are applied to Personal Data or sets of Personal Data, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

AML” means anti-money laundering.


This privacy policy applies to the extent that the Companies collects and/or processes personal data in the capacity of a data controller and use the collected data in the capacity of a data processor.

1. What personal information we collect

We collect different information depending on how you use the site and how you interact with us.

Eidoo collects personal data on different ways:

• via the site we may collect data which include:

  • Technical data, such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the site.
  • Usage data, which includes information about how you use the site, and any communications we may receive from you.
  • Marketing and communications data, including your preferences in receiving marketing and other communications from us.


• via the Eidoo app we may collect data which include:

  • Technical data, such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the site.
  • Usage data, which includes information about how you use the app, and any communications we may receive from you.


• via the EidooID app we ask you to provide data required by the AML legislation which include:

  • Identity information, such as name, title, place and date of birth, gender, nationality, organization name and position, and information from photographic identity documents such as driving license or passport information.
  • Contact data, such as address and email and personal and business telephone details.
  • Financial and/or employment information including business activities and source of funds.  If you ask us to provide you with specific legal services, we may also ask you for further information relating to your employment.
  • Details in respect of political exposure or any actual or alleged criminal convictions.
  • Information about the origin of your assets

Our site is not intended for storing or 'special categories' of personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information.

2. How we collect personal data

Different personal data is collected in different ways.

a) Personal data you provide to us
  • When you request an EidooID, you will provide us with the information required in order to comply with the KYC/AML duties. This data is collected via direct solicitation. We are also obtaining information from public sources (such as Companies House) and third-party search agencies for anti-money laundering. Information obtained from third parties include your name (and other family names), address, any directorships you hold, political exposure, and any alleged or actual criminal offences.
  • You will also provide us with personal data when you correspond with us, and if you apply for a position with the firm.
  • When you sign up to one of our mailing lists, you will provide us with your contact information, IP address, and your marketing and communications preferences.
b) Personal data we collect automatically
  • As you use the site or our app, we will collect certain technical data including your browser type, the Internet Protocol (IP) address used to connect your computer to the internet, and your usage habits, patterns and preferences. We collect this data using cookies, beacons and similar technologies. We use Google Analytics to help us analyse user habits while visiting our site. The data gathered from cookies may be transmitted to Google servers in the European Union and Switzerland. The information will be used by Google only for the purpose of evaluating website use, creating website activity reports, and other services relating to website activity and internet usage on behalf of the Companies. The IP address that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google.
We use the following cookies:
  • Google Analytics, Firebase (website analytics and visitor tracking)
  • Cloudfare (website security and access control)

You can remove cookies from your computer through the settings on your browser, but be aware that this may impact your ability to make use of some features on this and other web sites. Management of cookie settings varies from one browser to another.

3. How and why we use personal data

We will only use your information where:

a) You have given us permission to do so

If you sign up to our mailing lists, we will use the personal data in the management of our relationship with you and for communication purposes, including to send you newsletters and invitations to events, training programs or lectures, and to maintain our list of contacts.

If you apply for a position with the Companies, we treat any information you send to us as strictly private and confidential and will only use it in relation to application you have submitted.

b) We have a legitimate interest (reasonable business purpose) for doing so

We will use your information for our legitimate business reasons where our doing so will not unduly affect your rights.

We will use your identity, contact and usage information to keep our records up to date.

We will use your technical information to:

  • provide and make improvements to the site, system maintenance, support, reporting and hosting of data, and troubleshooting;
  • ensure that the site is secure;
  • analyse how users interact with the site; and
  • address any issues you may experience with the site.

We may also use any or all of the information above to administer and manage our business in general. If you feel that your interests and fundamental rights outweigh our business purposes, and that we should therefore stop processing your data, please let us know.

c) We need to comply with a legal or regulatory obligation

In certain circumstances, we may need to retain or use your data to comply with regulations and/or the law, especially AML laws and regulatory investigations.

We will only retain this data for as long as is necessary to fulfill the purposes for which it was collected or to comply wih legal, regulatory or internal policy requirements.

4. How we share your personal data

We will only disclose your personal data where we are required to do so to comply with our legal or regulatory obligations; where we need to do so for business management or administration purposes; or because you have asked us to. This is likely to include:

  • within the Companies;
  • to third parties who process your personal data on our behalf (such as IT systems providers and other service providers);
  • to third parties who process your personal data on their own behalf but in connection with a service provided to us or you on our behalf (such as accountants, consultants, barristers and other providers of professional services, and in the case of disputes, with the Court or alternative dispute resolution providers);
  • to companies providing services for money laundering checks and other fraud and crime prevention services;
  • to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation.

We may share your personal data with other companies if you have given us permission to do so. This is the case when through EidooID you are asking to have access to the services of a third entity without the need to undo the KYC/AML procedure. In this case, you will execute with the third entity a transaction confirming that you are the identified person and authorizing us to share your KYC/AML file with the third party in order to have access to this third-party services. In this case, the Companies is no more liable for the use of the data done by the third party.

5. International transfers of personal data

The Companies is part of an international group, this could conduct to an international transfer of personal data.

Should we transfer your data outside Switzerland or the European economic Area to a country which Switzerland or the European Commission does not deem to have adequate data privacy laws, we will ensure that such transfer(s) are in accordance with applicable data privacy laws. In respect of transfers within the Companies Group, we have executed a data transfer agreement giving effect to the Model Clauses pursuant to Commission decision 2004/915/EC.

In respect of transfers outside of the Companies Group, we either implement the Model Clauses pursuant to Commission decision 2004/915/EC or 2010/87/EU (as appropriate) with the recipient of your personal data.

6. How we protect your personal data

The safety of your personal data is important to us, and we use various technical and organization measures to ensure that your data is secure.

We are committed to safeguarding and protecting personal data and maintain appropriate technical and organizational measures to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure.  We also have in place safeguards including data encryption in motion and at rest, data access and security monitoring, and 24/7 network security monitoring for breaches or anomalous behavior to ensure the security of your data.

7. Data subject rights

Under Data Protection Law, data subjects have a number of rights with regard to their personal data.  They have the right to request from us access to and rectification or erasure of their personal data, the right to restrict or object to processing, as well as in certain circumstances the right to data portability.

If a data subject has provided consent for the processing of their data, he or she has the right (in certain circumstances) to withdraw that consent at any time.

Any data subject wishing to exercise any of the above rights should email us at: dpo@eidoo.io.

We endeavor to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests.  We also reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning access to personal data, and for any additional copies of the personal data requested from us.

8. Data Controller, Data Processor, Data Protection Officer and representative in the European Union

The Data Controller is the EIDOO Sagl, Via Motta 10, 6830 Chiasso, Switzerland.

The Data Processor are the employee within Eidoo Sagl active within the EidooID Service.

The representative within the union is Eidoo Lithuania, Panevėžio m. sav. Panevėžio m. Liepų al. 24-70.

The contact of the DPO is the following EIDOO Sagl, Data Protection Officer, Via Motta 10, 6830 Chiasso, Switzerland / e-mail: dpo@eidoo.io.