The "General Data Protection Regulation" (EU Regulation 2016/679, also known and hereinafter referred to as "GDPR") requires us, pursuant to Article 13, to provide You with the following information on the processing of Your Personal Data.
This policy informs you of the Personal Data Processing activities we perform as a result of providing the website of Jur A.G. accessible via jur.io, the Passport NFT Citizenship Dapp accessible via citizenship.jur.io and the Token Swap Dapp accessible via swap.dev.jur.io (“Services”) (see in the Glossary what we include in the definition of "Services").
“Processing of Personal Data” means any operation concerning any information relating to an identified or identifiable natural person. For example, first and last name, or an email address with a “user name” that identifies you (e.g. johndoe@….) is considered “Personal Data”, and the actions of collection, registration with us and use of your Personal Data to send you a communication are considered “Processing” operations; same applies to communication of Data to other organisations and storage.
As our entity provides the Services and establishes purposes and means of the Processing of Personal Data relating to You, we qualify as “Data Controller” under the GDPR.
If You, the User, are the individual whose Personal Data are processed by us, you are referred to as a "Data Subject," and you have the right to receive the following information about who we are, what Personal Data we process, why, how and for how long we process it, and what obligations and rights you have regarding it. If the actual User of the Services is some type of entity (e.g., company, association, etc.), the Data Subjects are the natural persons who materially use the Service on behalf of the entity (e.g., the entity's legal representative and/or its members and/or workers). In the latter case, information strictly related to the entity (e.g., VAT number) is not considered Personal Data, while other information referring to individuals (e.g., identification data of the legal representative) is Personal Data.
Depending on the Services that You use, we may need to process certain Personal Data. In some cases, specified below, we may have an interest in processing Personal Data for purposes other than the provision of the Services: in these cases, we will process only where there is an appropriate legal basis and, where required by law, on the basis of the Consent of the Data Subject.
The following grid and clauses explain how the Company, as Data Controller, will process Your Data.
At Jur we believe in Web3 and decentralization. Jur adopts a progressive decentralization approach which in the future may include the existence of multiple legal entities powering Jur Network’s growth, independent from the originating company, Jur AG. For the time being, the development company Jur AG is the responsible party for this Website. Compliance with the regulations imposed on us to explain how the company treats your data:
09 Aug 2022
12 Apr 2023
Who are we ('Data Controller')?
Jur A.G., a company duly existing and incorporated under the laws of Switzerland, with registered office in 6300 Zug (Switzerland), Dammstrasse n. 16, VAT no. CHE-330.514.446 (hereinafter simply referred to as "Company" or " Data Controller").
- To all categories of Users who are individuals
- To all for individuals who materially use the Services on behalf of the Users, where the User is a legal entity
What categories of Personal Data do We process?
Browsing Data and Common Data to the minimum extent necessary to achieve each of the Purposes set out below.
Please do not include any "sensitive" information in the communication texts and description fields of our online forms (sensitive information is considered to be Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data and data concerning a person's health or sex life or sexual orientation).
What is the origin of your Personal Data?
Normally it is you who transmits them to us or another individual who is part of the organization for which you work and authorized for the purpose.
|Purpose||Categories of Personal Data||Legal Basis||Retention Period|
Analysing traffic on the Site (e.g. detecting the most visited pages,
number of visitors per time slot or per day, geographical origin, average
connection time, browsers used, visitor origin - from search engines or
other sites -, phrases and words searched, etc.) in order to understand
how it is used and manage, optimise and improve it, or even just for
statistical purposes; solving operational problems (e.g. anomalies in page
loading); performing monitoring activities to repel and/or prevent cyber
attacks and fraud
Browsing Data, anonymous information (which does not allow us to trace
Your identity) and Common Personal Data (e.g. full IP address)
The need to make the Site available in accordance with the terms of
service or other similar legal text available on the Site on the date of
access in question (Art. 6.1.b GDPR)
|1 Week from the date of Your last access to the Site|
Satisfying Your requests regarding the Site and our activities received at
the contact details on the Site
The need to take pre-contractual measures at Your request (Art. 6.1.b
|For a maximum of 2 years from Your last request|
Providing You with access to Your profile page of Passport NFT Citizenship
The need to execute Your request for a service governed by the terms of
service or other similar legal text available on the Site on the date of
access in question (Art. 6.1.b GDPR)
|For a maximum of 2 years Your last request|
|Providing the Services and carrying out the related transactions, if any||Common Data||The need to execute the agreement of purchase and sale (Art. 6.1.b GDPR)||For a maximum of 10 years from the date of Your last purchase|
Direct marketing communications relating to dapp(s), sent to the e-mail
address You have previously provided to us (“soft spam” or “soft opt-in”)
Our legitimate interest in consolidating our business relationship with
You (Art. 6.1.f of the GDPR), unless You inform us that You wish to object
|For a maximum of [_] years from the date of Your last access to your account|
Direct marketing, also, after profiling. In particular,
it is specified that the Data, also with the help of Cookies, will be
used to re-target subjects who are already users of the Site, even if
only as visitors, or to find new ones based on the characteristics of
the subjects who are already users of the Site. Direct marketing
activities, including but not limited to the newsletter, have the sole
purpose of letting users know about news, commercial or otherwise,
proposed by the Site and the Company, and do not include the promotion
of goods or services offered by third parties.
The Company does not transfer Data to third parties so that these third
|Browsing Data and Common Data||Express consent, also with respect to the installation of Cookies (Art. 6.1.a GDPR).||Until consent to processing is revoked|
Fulfilling obligations under Applicable Law and/or orders issued by
Authorities, based on the need to fulfil legal obligations to which the
Data Controller is subject
Depending on the case, the need to execute the purchase and sale
agreement (Art. 6.1.b GDPR), or the need to fulfil legal obligations
from another source (Art. 6.1.c GDPR)
|For the time required by these legal and regulatory obligations|
Establish, exercise and/or defend a right in court on the basis of the
need to pursue that purpose
Our legitimate interest in exercising or defending our rights in court
(Art. 6.1.f GDPR)
For the duration allowed by the law to establish, exercise and/or defend
the right considered.
Clarification of Maximum Retention Period
Your Personal Data will be processed for the maximum periods indicated above for the respective processing purposes, unless Applicable Law requires us to retain it for a longer period or permits us to do so in order to protect our rights and/or legitimate interests.
To whom do we disclose Data (Recipient Categories)?
To the minimum extent necessary to achieve each of the Purposes, on the basis of Applicable Law and/or a contractual agreement with the Data Controller, to
(a) individuals/entities who provide us with services and process Personal Data on our behalf as Data Processors or act as autonomous Data Controllers (e.g. IT providers, commercial agency, accounting, tax and legal services, etc.);
(b) other persons authorised by us (e.g. our workers), committed to confidentiality or subject to a legal obligation to confidentiality;
(c)public organisations and authorities, if and to the extent required by Applicable Law or by their orders, or for the exercise, verification and/or defence of a right in court;
(d) to the distributed ledger used by the Services, and therefore, indirectly, to decentralised nodes managing such a ledger, for the sole purpose of enabling transactions relating to Crypto Assets.
The Data Controller does not disclose Personal Data, except where such disclosure is required, in accordance with the law, by Authorities, information and security bodies or other public entities for purposes of defense or State security or for the prevention, detection or prosecution of criminal offenses.
Do we transfer Personal Data outside the European Union?
Some of our IT service providers are based in countries that may not have equivalent privacy and data protection laws to the country in which You reside.
We ensure that when we transfer information of users in the European Economic Area, the United Kingdom or Switzerland, to third countries, the transfer will take place only if there is an adequacy decision or on the basis of the Standard Contractual Clauses (SCCs) provided by the European Commission and other appropriate measures to safeguard the transfer. You can contact us for further information about the transfer of Personal Data outside the above indicated areas.
If You do not agree with the above, please do not use our Services.
Am I obliged to provide my Personal Data?
Due to the way the Internet works, you may not refuse to disclose your Browsing Data; you may not refuse to disclose certain Personal Data (such as the IP address of Your device).
What happens if I refuse to disclose my Data?
If you refuse to provide Personal Data for the above contractual or pre-contractual purposes, we will not be able to enter into/perform the contractual relationship or fulfill your request.
What kinds of communication will you send me?
(a) Only if you have sent us requests, we will send you communications necessary to respond to your requests.
(b) Only if you have registered a user profile, we will send you communications concerning access to your profile page.
(c) Only if you have given us your express consent and until you revoke it, we will send you commercial communications relevant to your consent.
What rights do You have as a “Data Subject”?
You, as Data Subject, have the right to:
(a) access the data held by the Data Controller, and to ask for a copy, unless the exercise of the right violates the rights and freedoms of other natural persons;
(b) request the rectification of any incomplete or inaccurate data;
(c) request deletion of the data, subject to the exclusions or limitations set out in the Applicable Law (e.g. Art. 17.3 GDPR);
(d) request restriction of processing, where the conditions are met and subject to the exclusions set out in Article 18.2 GDPR;
(e) lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) (in Switzerland, https://www.edoeb.admin.ch/edoeb/en/home.html), or with the Data Protection Authority of the EU Member State where he/she normally resides or works, or of the place where the alleged infringement occurred.
Furthermore, you have the following rights:
(f) the right to withdraw Your consent to the Processing of Data at any time, where Your consent was the legal basis for the Processing of Data;
(g) the right to object, under which you may object, upon simple request, to the Processing of Data that the Data Controller carries out for direct marketing purposes, as well as for reasons related to your particular situation (e.g. if you see a harm to your reputation), unless the Data Controller demonstrates an overriding legitimate interest, and unless the processing is necessary for the establishment, exercise or defence of a legal claim.
Who can you contact with questions or to exercise your rights?
You may contact the Data Controller for questions concerning the processing of your Personal Data and to exercise your rights by sending an email to
Do we have a EU representative?
Yes, we do. Luigi Cantisani (Lawyer) is Jur’s data protection representative in the EU to serve as the Company’s contact point for Supervisory Authorities and Data Subjects according to Art. 27 GDPR.
We do not knowingly collect personal information about natural persons who, according to their national law, lack legal capacity to act for the purpose of entering into contracts, except for requests relating to minors made by persons exercising parental authority or custody over the minors concerned. If information on such persons is recorded, We will delete it in a timely manner at the request of the Data Subject or the person exercising parental authority over him or her.
DISTRIBUTED LEDGER TECHNOLOGY DISCLAIMER
Remember that if You perform transact Crypto Assets through our Services, certain Personal Data of Yours will be permanently recorded and publicy visible because such transactions are enabled by a public distributed ledger (e.g. information relating to the Wallets that performed the transactions and information about the transactions).
You can learn more about the distributed ledger that we use for the provision of our Services at the following link: https://polkadot.network/
At the present state of the art, there is no technical possibility for us to intervene on the distributed ledger in use (which is not managed by us, nor by one of our providers, but managed in a decentralised manner by multiple nodes scattered around the world and operating among themselves as peers) and to erase or modify such immutable information. Therefore, sometimes we might be unable to completely fulfil some of Your requests pertaining to the Processing of Your Personal Data. For instance if you send us a request for complete erasure of Your Data, we will be able to erase Your user profile, but we will not be able to erase the history of the transactions relating to Crypto Assets that you made through the use of our Services.
In other words, if you decide to transact Crypto Assets, You are consciously deciding to partially waive to some of the above-referred rights and data retention limits in the name of transparency, security and public proof of transactions.
“Applicable Law”: means any provision, of whatever rank, belonging to the law of the European Union, Switzerland or other countries, in whatever way applicable to the Site and to the legal relationships arising as a result of the interactions between the Company and the Users.
“Authorised Agent”: means the natural person, under the direct authority of the Data Controller, who receives instructions from the Data Controller on the Processing of Personal Data, pursuant to and in accordance with Article 29 of the GDPR.
“Authority”: means a body or organisation, public or private, with administrative, judicial, police, disciplinary or supervisory powers.
“Browsing Data”: means the data that the computer systems and software procedures used to operate the Site acquire, during their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects, but given their very nature, this information could, through processing and association with data by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and is deleted immediately after processing.
“Committee” o “EDPB”: means the European Data Protection Board, established by Article 68 of the GDPR and governed by Articles 68 to 76 of the GDPR, which replaces WP29 as of 25/5/2018.
“Common Data”: means the Personal Data concerning Your personal details, including, but not limited to, Your first and last name, e-mail address, telephone number, tax code, VAT number, as Well as any other data You may provide us with, for example through the forms or contact details of our organisation available on the Site.
“Company”: the company Jur A.G., with registered office in 6300 Zug (Switzerland), Dammstrasse n. 16, VAT number CHE-330.514.446.
“Consent of the Data Subject”: means “any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her” (art. 4, paragraph 11, GDPR).
“Cookie”: means a short fragments of text (letters and/or numbers) that allow the Web server to store information on the browser to be reused during the same visit to the Site (session cookies) or afterwards, even after days (persistent cookies). Cookies are stored, according to the user’s preferences, by the individual browser on the specific device used (computer, tablet, smartphone). The following categories are considered:
Technical cookies: these cookies are essential for the correct functioning of the Site and are used for the sole purpose of transmitting a communication over an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or User to provide such service.
Analytical cookies: these cookies are used to anonymously collect and analyse the Site’s traffic and usage. These cookies, while not identifying the user, allow, for example, to detect if the same user logs in again at different times. They also make it possible to monitor the system and improve its performance and usability. The deactivation of such cookies can be performed without any loss of functionality.
Profiling cookies: these cookies are persistent ones used to (anonymously or otherwise) identify Your preferences and improve Your browsing experience.
Third party cookies (analytical and/or profiling): these cookies are generated by organisations not part of the Site, but integrated into parts of the Site page. For example, Google widgets (e.g. Google Maps) or social plugins (Facebook, Twitter, LinkedIn, Google+, etc.).
“Crypto Assets”: a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology.
“Data”: one or more of the categories indicated as Personal Data.
“Data Controller”: means "the natural or legal person, public authority, service or other body which alone or jointly with others determines the purposes and means of the processing of personal data", as defined in Article 4, subsection 1, no. 7, of the GDPR.
“Data Processor”: means "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller", as defined in Article 4, subsection 1(8) of the GDPR.
“Data Subject”: “an "identified or identifiable natural person", as defined in Article 4, subsection 1, no. 1, of the EU Regulation 2016/679 (so-called "GDPR").
“GDPR”: means the EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
“Limitation”: means the marking of personal data stored with the aim of limiting their processing in the future, as defined in Article 4(1)(3) of the GDPR.
“Privacy Law”: the EU Regulation 2016/679 ("GDPR"), , as well as the measures adopted by the Supervisory Authority in execution of the tasks established by the GDPR and FADP, and further applicable legislation, of whatever rank, including the opinions and guidelines prepared by the Committee.
“Profiling”: means "any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of that natural person's professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements", as defined in Article 4, subsection 1(4) of the GDPR.
“Personal Data”: means "any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person", as defined in Article 4, subsection 1, no. 1, of the GDPR).
“Processing”: means "any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction", as defined by Art. 4, subsection 1, no. 2, of the GDPR.
“Publication”: means the action by which the Data Controller communicates information on the Site, without the implementation of procedures requiring the User to view it.
“Recipient“: means “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not”, as defined in Article 4, sub-paragraph 1, no. 9, of the GDPR.
“Services”: means the Passport NFT Citizenship Dapp accessible via citizenship.jur.io and Token Swap Dapp accessible via swap.dev.jur.io and the services offered by the Company through the Site, including the provision of the Site itself.
“Site”: means the web pages displayed through jur.io, including subdomains and other Jur’s webpages expressly referring to this policy.
“Supervisory Authority”: the independent public authority established by a European Union state, or by the European Union itself, in charge of supervising the application of the Privacy Law, as well as the Swiss Federal Data Protection and Information Commissioner (“FDPIC”).
“Third Party”: means "the natural or legal person, public authority, service or other body other than the Data Subject, the Data Controller, the Data Processor and the persons authorised to process personal data under the direct authority of the Data Controller or Data Processor", as defined in Article 4, subsection 1, no. 10, of the GDPR.
“User”: means any individual, or legal entity using any of the Services.