RABBIT.IO PRIVACY POLICY

The present Privacy Policy describes how we collect, handle and process personal data when you provide them when accessing and using RABBIT.IO (the “Website”) and/or when using the RABBIT Wallet or other services that we offer (the “Services”).

Your privacy is of the utmost importance to us and it is our intention to be transparent with our use of your personal data. It is our commitment to ensure that your personal data is handled with care and in compliance with the Swiss Federal Act on Data Protection and other provisions of relevance under Swiss and European law, in particular with the EU General Data Protection Regulation (GDPR).

In addition, information that you submit to RABBIT.IO in response to an email request for information or any other communication with RABBIT.IO will also be treated in accordance with this Privacy Policy.

Acceptance of RABBIT.IO Privacy Policy
By exploring and using RABBIT.IO and/or using the Services, and by submitting information to RABBIT.IO, you signify acceptance to the terms of our Privacy Policy.

Where we require your consent to process your personal data, we will ask for your consent to the collection, use, and disclosure of your personal data as described further below.

RABBIT.IO may provide additional occasional disclosures or information about the data collection, use and sharing practices of specific Services.

If you do not agree with any aspect of this Privacy Policy, you should immediately discontinue access or use of our Services.

Data & Personal data
Personal data is data that can be used to identify you directly or indirectly, or to contact you.

Our Privacy Policy covers all personal data that you voluntarily submit to us and that we obtain from our partners. This Privacy Policy does not apply to anonymized data, as it cannot be used to identify you. You may be asked to provide personal data anytime you are in contact with us.

RABBIT.IO may also combine your personal data with other information to provide and improve our products, services, and content (see the section below).

Except as described in this Privacy Policy, RABBIT.IO will not give, sell, rent or loan any personal data to any third party.

Personal data collected by RABBIT.IO
We collect personal data you provide directly to us or which you generate when you open an account with us, visit our Website our use our Services.

When we require certain personal data from users it is because we are required by law to collect this data (anti-fraud / anti-money laundering / counter financing of terrorism / know your customer obligations) or it is relevant for specified purposes. Any information you provide to us that is not required is voluntary.

We also collect personal data when you use or request information about our Services, subscribe to marketing communications, request support, complete surveys, or sign up for one of our events.

We may also collect personal data from you offline, such as when you attend one of our events, or when you contact customer support.

We may use this information in combination with other information we collect about you as set forth in this Privacy Policy.

Data Collection When Registering / Using Our Services
As a principle, information transmitted to our servers is encrypted in such a way that we cannot access your data or share it with third parties. The RABBIT Wallet is designed in a way that ensures that an encryption password is stored only on your browser/device and is active only when you have an active session.

We can however collect some other personal data when you register on our Website or use the RABBIT Wallet. Such data may include in particular:
  1. walletID – pseudonymized identificatory
  2. paths for generating addresses and corresponding indexes linked to the walletID
  3. encrypted data for each used address linked to the walletID
  4. encrypted invoice data linked to the walletID
  5. encrypted transaction data linked to the walletID
  6. RABBIT Wallet data, including creation time, sessionId, session expiration time, number of failed password attempts, authentication ban time (if the number of acceptable password entry attempts is exceeded) and other anonymous personal UI/UX preferences
  7. Encrypted IP addresses (used for whitelisting) linked to the walletID

In addition to the above, we may collect personal information necessary to interact with you such as your account identification information, name and email.

We may also collect personal data from third party partners and public sources as required or permitted by applicable law, such as public databases, credit bureaus, ID verification partners, resellers and channel partners, joint marketing partners, and social media platforms which include financial information, reputational information, corporate/business activities for corporate customers.

Depending on the case and in the event we may have to comply with our own legal obligations, we may use public databases and ID verification partners to verify your identity. Such information may include your name, address, job position, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data.

In some cases, we may process additional data about you to ensure the Website and the Services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contract with you and others.

Data Collection When Visiting Our Website
When visiting our Website, we store every instance of access in a log file and therefore, the following Data are stored in this process: operation timestamp, IP address, browser details, requested resource, HTTP referrer, anonymous internal application details about performing operation.

These Data are generally anonymized with no personal reference and only used to establish connection with the Website, to ensure ongoing system security and stability and for statistical purposes. These Data are not associated or stored with personal data. These Data are kept for a duration of one month.

IP address of the accessing computers will be analyzed only in the event of an attack on the network infrastructure or in case of suspicion of otherwise unauthorized or improper use of the Website and for the sole purposes of defense or use as part of criminal proceedings for identification purposes and for criminal and/or civil proceedings against the user involved. IP address is also used to filter out geographical zones from accessing our Services.

How Your Personal Data Is Used
Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. In general, we use personal information to create, develop, operate, deliver, and improve our Services, content and advertising, and for loss prevention and anti-fraud purposes. We may use this information in the following ways:

Maintaining Legal and Regulatory Compliance
Some of our Services may be subject to laws and regulations requiring us to collect and use your personal identification information, formal identification information, financial information, transaction information, employment information, online identifiers, and/or usage data in certain ways.

We must identify and verify customers using our Services in order to comply with anti-money laundering and terrorist financing laws across jurisdictions. In addition, we use third parties to verify your identity by comparing the personal information you provided against third-party databases and public records.

We may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. If you do not want to have your personal information processed for such purposes, then we shall terminate your account as we cannot perform the Services in accordance with legal and regulatory requirements.

Enforcing the Terms of our RABBIT Wallet and Other Agreements
We may collect data relating to your use of our products and services in order to enforce the RABBIT.IO Terms of Use and other agreements with you or third parties. The consequences of not processing your personal information for such purposes is the termination of your account as we cannot perform our Services in accordance with our terms.

Providing RABBIT.IO Services
We process your personal information in order to provide the Services to you. We cannot provide you with Services without such information.

Providing Service Communications
We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services.

Providing Customer Service
We may process your personal information when you contact us to resolve any question, dispute, or to troubleshoot problems. When such instances involve other users of the RABBIT Wallet, we may process your information in response to another user’s request, as relevant. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.

Ensuring Quality Control
We may process your personal information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions. Our basis for such processing is based on the necessity of performing our contractual obligations with you.

Ensuring Network and Information Security
We may process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services.

Research and Development Purposes
We may process your personal information to better understand the way you use and interact with our Services. In addition, we use such information to customize, measure, and improve the Services and the content and layout of our Website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services. Our basis for such processing is based on legitimate interest.

Enhancing Your Website Experience
We may process your personal information to provide a personalized experience and implement the preferences you request. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services.

Facilitating Corporate Acquisitions, Mergers, or Transactions
We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your personal information processed for such purposes.

EEA residents: pursuant to EEA Data Protection Law, we process this personal information to satisfy our legitimate interests as described above.

Engaging in Marketing Activities
Based on your communication preferences, we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. We use information about your usage of our Services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.

If you are a current customer residing in the EEA, we will only contact you by electronic means with information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.

If you are a new customer and located in the EEA, we will contact you if you are located in the EU by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to use your personal information in this way, or to pass your personal information on to third parties for marketing purposes, please follow the opt-out links included in marketing communications or contact us at support@rabbit.io. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services.

We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time we may request your permission to allow us to share your personal information with third parties. You may opt out of having your personal information shared with third parties or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to limit the use of your personal information, certain features or our Services may not be available to you.

Cookies – Collection & Use of Data Collected Automatically
Cookies are small files that a Website or its service provider transfers to your computer's hard drive through your web browser (if you have permitted) that enables the Website's or service provider's systems to recognize your browser and capture and remember certain information. They are widely used in order to make Websites work, or work more efficiently, as well as to provide information to the owners of the Website.

Cookies are stored on the hard drive of your computer and do not necessarily transmit your personal data to RABBIT.IO.

Cookies are used to help RABBIT.IO understand your preferences based on previous or current Website activity, which enables RABBIT.IO to provide you with improved services.

Cookies are also used for security purposes and to compile aggregate Data about Website traffic and Website interaction so that better Website experiences and tools can be offered in the future.

RABBIT.IO may also use trusted third-party service providers that track this information on RABBIT.IO’s behalf. Our service provider(s) will place cookies on the hard drive of your computer and will receive data that we select to educate us on:
  • How visitors navigate around our Website
  • What products are browsed
  • General transaction information

Our service provider(s) analyses this data and provide(s) us with aggregate reports. The data and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors' interests in our Website and how to better serve those interests. The data collected by our service provider(s) may be linked to and combined with data that we collect about you while you are using the Website or our Services. Our service provider(s) is/are contractually restricted from using information they receive from our Website other than to assist us.

You can choose to have your computer warn you (through your browser settings) each time a cookie is being sent, or you can choose to turn off all cookies. If you choose to turn cookies off, some of the features that make your Website experience more efficient may not function properly.

For the purposes of continuous optimization of the Website, RABBIT.IO uses the web analysis service of “Google Analytics”. Google Analytics is a web analytics service offered by Google Inc., a company of the holding company Alphabet Inc., in the USA, that tracks and reports Website traffic. The data collected is processed in a non-personally identifying form (IP anonymization). Google Inc. discloses this information only to third parties to the extent required by law. Google uses the Data collected to track and monitor the use of the RABBIT.IO Website. This Data is shared with other Google services. Google may use the collected Data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the RABBIT.IO Website available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

Disclosing and Transferring personal data
We may disclose your personal data to third parties and legal and regulatory authorities, and transfer your personal data outside the EEA, as described below.

There are certain circumstances where we may transfer your personal data to employees, contractors and to other parties.

We may also share your information with certain contractors or service providers. They may process your personal data for us, for example, if we use a marketing agency. Other recipients/service providers include advertising agencies, IT specialists, database providers, backup and disaster recovery specialists, email providers or outsourced call centers. Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function.

Your personal data may be transferred to other third-party organizations in certain scenarios:
  • If we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
  • If we are reorganized or sold, information may be transferred to a buyer who can continue to provide services to you;
  • If we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;
  • If we are defending a legal claim your information may be transferred as required in connection with defending such claim.

Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.

Your information will not be sold, exchanged, or shared with any third parties without your consent, except to provide RABBIT.IO Services or as required by law.

If a service provider is located in a country that does not apply the standard of data protection of Swiss law and GDPR, RABBIT.IO will use a contract to ensure that your personal data has the same level of protection as if protected in accordance with Swiss Federal Act on Data Protection and EU General Data Protection Regulation.

How Personal Information is Shared with Third Party Websites and Services
Please note that merchants you interact with may have their own privacy policies. Hence RABBIT.IO is not responsible for their operations, including, but not limited to, their information practices.

Information collected by third parties, which may include such things as contact details or location data, is governed by their privacy practices. We encourage you to learn about the privacy policies of those third parties.

If you authorize one or more third-party applications to access your RABBIT.IO Account, then information you have provided to RABBIT.IO may be shared with those third parties. Unless you provide further authorization, these third parties are not allowed to use this information for any purpose other than to facilitate your transactions using RABBIT.IO Services.

Transfer of Data
We store and process your personal data in data centers around the world, wherever we have our premises or service providers are located.

As such, we may transfer your personal data outside of Switzerland or the European Union. Some of the countries to which your personal data may be transferred do not benefit from an appropriate protection regulation.

These specific countries can be found here: ec.europa.eu

For such international personal data transfer collected in the European Economic Area and Switzerland we use approved Contractual Data Protection Clauses, and require that the third party agrees to at least the same level of privacy protection as required under applicable EU General Data Protection Regulation (GDPR) and in Switzerland under the Swiss Federal Act on Data Protection.

Security of Data
We store all your personal data on a server operated by Solar Communications GmbH. We take all reasonable effort on technical and organizational security measures to protect your Data from being manipulated, lost or accessed by unauthorized third parties.

Our Website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our Website as safe as possible.

Your personal data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.

Although no method of transmission over the Internet, or method of electronic storage is one hundred percent secure, we strive to continually update and improve our security measures with the most recent technological developments.

We would like to draw your attention to the fact that we normally never ask for financial or payment information, such as your credit card number, passcode, account number or pin number, in an e-mail, text or any other communication that we send to you. Please always check that any Website on which you are asked for financial or payment information in relation to our reservations or services is operated by RABBIT.IO. The risk of impersonating hackers exists and should be taken into account when using our Website and/or Services.

If you do receive a suspicious request, do not provide your information and report it by contacting one of our member service representatives as set in this Privacy Policy.

Since we cannot 100% guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur, please accept that you play a vital role in protecting your own personal data. When registering with us, it is important to choose an appropriate password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.

Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us at the email address listed at the end of this Privacy Policy.

Retention of Data

Personal Data
RABBIT.IO will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy.

RABBIT.IO will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Therefore, and in accordance with our record keeping obligations, we will retain account and other personal data for at least five years (and some up to ten years, as required by applicable law) after an account is closed.

Data Collected Automatically
RABBIT.IO will also retain data collected automatically either generated by the use of the Website or from the Website infrastructure itself (for example, the duration of a page visit)) for internal analysis purposes.

This Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this Data for longer time periods.

Hence, this kind of data collected via technical means such as cookies, webpage counters and other analytics tools is normally kept for a period of up to one year from expiry of the cookie.

Disclosures Due to Legal Compliance
RABBIT.IO complies with all applicable privacy laws and regulations.

RABBIT.IO may be compelled to surrender personal user or customer information to legal authorities without express user consent if presented with a court order or similar legal or administrative order, or as required or permitted by the laws, rules, and regulations of any nation, state, or other applicable jurisdiction.

Also, in the event of a violation of the Terms & Conditions of use of the Website or a violation of any restrictions on use of materials provided in or through the Website, we may disclose personal user information to our affected business partners or legal authorities.

Your Rights
RABBIT.IO is the data controller with respect to your personal data. We determine the means and purposes of processing your data.

We may process your personal data if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of RABBIT.IO, our customers or others.

Whenever made possible, you can update your Personal data directly within your account settings section. If you are unable to change your personal data, please contact us to make the required changes.

Should you have any question or wish you exercise your Rights, please contact our Data Protection Officer by writing an email at support@rabbit.io so that we may consider your request under applicable law.

We reserve our right to verify your identity before responding to such requests.

Please note that according to Swiss law, specific data must be stored for a determined period of time. Such data must be therefore remained with RABBIT.IO until the legal period has expired. These specific data are blocked in our system and used only in order to meet legal requirements.

Right to Access Your Personal data
You are entitled to ask RABBIT.IO if we are processing your data. In case the answer is positive, you can request that we provide you a copy of your Personal data we hold. We may require you to specify the information or processing activities to which your request relates.

This information will be provided without undue delay.

Your right to access shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.

Right to Correct Your Personal data
You are entitled to request that any incomplete or inaccurate Personal data we hold about you is corrected or updated.

Your right to access and correction shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated. In any case, please keep in mind that you always have the ability to delete your account and stop using the Services.

Right to Withdraw Your Consent
You have the right to withdraw your consent to the processing of your personal data collected based on your consent at any time. Your withdrawal will not affect the lawfulness of previous processing based on your consent before the withdrawal.

Right to Erasure of Your Personal Data
You are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.

Right to Data Portability
If we process your personal data based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal data in a structured, commonly used and machine-readable format, and to have us transfer your personal data directly to another “controller” (natural or legal person that determines the purposes and means of the processing of your personal data), where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others.

Right to Restriction of Processing
You have the right to restrict or object to us processing your Personal data where one of the following applies:
  • You contest the accuracy of your Personal data that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your Personal data;
  • The processing is unlawful, and you oppose the erasure of your Personal data and request the restriction of its use instead;
  • We no longer need your Personal data for the purposes of the processing, but it is required by you to establish, exercise or defense of legal claims.


Right to Objection of Processing
Where we are processing your personal data based on consent or legitimate interests (or those of a third party) you may object at any time to the processing of your Personal data. However, we may be entitled to continue processing your Personal Information based on our legitimate interests or where this is relevant to the defense of legal claims.

You also have the right to object where we are processing your personal data for direct marketing purposes.

Automated Decisions
You may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.

Complaint
If you believe that we have infringed your rights, we encourage you to contact us first at support@rabbit.io so that we can try to resolve the issue amicably.

You also have a right to lodge a complaint with a supervisory authority, in particular in the Member State in the European Union where you are habitually resident, where we are based, or where an alleged infringement of Data Protection law has taken place.

Children's Personal data
We do not knowingly request to collect personal data from any person under the age of 18.

If a user submitting personal data is suspected of being younger than 18 years of age, RABBIT.IO will require the user to close his or her account.

We will also take all necessary steps to delete his or her data as soon as possible.

Links to Other Websites
RABBIT.IO’s Website may contain links to other websites that are not operated by RABBIT.IO. If you click on a third-party link, you will be directed to that third party's website.

RABBIT.IO strongly advises you to review the privacy policy of every website you visit.

RABBIT.IO has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party websites or services.

Changes to this Privacy Policy
RABBIT.IO may update the Privacy Policy from time to time. You shall be notified by or by any means of a notice on our Services prior to the change becoming effective.

The changes of the Privacy Policy shall also be posted on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact
If you have questions or concerns regarding this Privacy Policy, or if you have a complaint, you should first contact us at: support@rabbit.io

Version of May 2021