SegMint: Privacy Policy for EU/EEA users

We are SegMint GmbH, registered in Germany with company number HRB 133456 whose registered office is at Kreuznacher Str. 30, 60486 Frankfurt (SegMint, we, us or our).

SegMint is strongly committed to safeguarding the privacy and confidentiality of the Personal Data you have entrusted to us. This Privacy Policy covers SegMint's processing of Personal Data relating to visitors, users and account holders, collected through the SegMint Direct website (the Website) and in the course of SegMint's investment services provided to its customers through and in connection with the Website (the Services).

This privacy policy outlines our commitment to you.

1. Accountability

We have strict policies and procedures governing how we deal with your Personal Data. Each of our employees is responsible for respecting and protecting the Personal Data to which the employee has access.

Our management oversees privacy governance including policy, dispute resolution, education, communications activities and reporting to our Board of Directors on privacy matters. Please see Contact Us for more information.

2. Personal Data that we collect

Personal Data includes information that you have provided to us or was collected by us from other sources. It may include details such as your email, wallet address and location, to the extent permitted by local laws. We only collect the Personal Data that we determine to be required for the purposes set out in paragraph 3, How we use your Personal Data.

We may collect data directly from you by submitting your Personal Data to us and using the Website and the Services. This includes:

• Contact details such as name, location, residential address, nationality, date and place of birth, and email address;
• Account information such as username and password which may or may not be considered Personal Data depending on your determinations;
• Wallet Address such as Bitcoin (BTC) Wallet Address;
• Anti-crime and fraud information: such as information relating to your financial situation, your creditworthiness or any criminal or fraudulent activities provided to us by you or third parties, including information which establishes your identity, such as passports and/or other official documents (including personal identification number and document number); information about transactions, credit ratings from credit reference agencies or information pooling groups; information in relation to fraud or offences committed by you or any suspicious transactions made by you, information revealing any politically exposed persons and sanctions lists where your details are included;
• Information or feedback you provide to us, such as when using the contact form of if you contact us in any other way, we will keep records of our correspondence and other content you may upload in your account; and
• Marketing preference information: details of your marketing preferences (e.g. communication preferences) and information relevant to selecting appropriate products and services to offer you.

We may also collect Personal Data automatically when you visit the Website or use the Services. This includes:

• Device Information: such as information about your operating system, browser, software applications, IP address, geolocation, security status and other device information in order to improve your experience, to protect against fraud and manage risk;
• Your transactions: details of transactions with us that you have made or initiated;
• Website and communication usage: details of your visits to and use of the Website and information collected through cookies and other tracking technologies including your IP address, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

We do not collect special categories of Personal Data about you.

SegMint's Services are not directed at persons under the age of 18, and SegMint does not knowingly collect Personal Data from any child under the age of 13. If we learn that we have collected or received Personal Data from a child under 13 without verification of parental consent, we will delete that information. Please instruct us accordingly.

Portions of the above mentioned data such as username, IP address and wallet address may not necessarily be considered Personal Data unless the data subject is identifiable. Therefore, in cases you have discretion over data shared, e.g. when it comes to the username, it is recommended to keep personal data shared to a minimum.

DATA ON BLOCKCHAIN: To fulfill our contractual commitments to you, we may need to input certain information, like your Ethereum or other cryptocurrency wallet address, onto the blockchain. This process is facilitated through a smart contract and mandates your execution of transactions using your wallet's private key. It's important to note that blockchains are publicly accessible, and any personal data shared on them becomes publicly available.

3. How we use your Personal Data

When we collect your Personal Data, we may use or disclose it for the following specific purposes, as outlined below, along with the applicable legal grounds and retention periods for each relating to the specific purposes. Please note that, if your personal data will no longer needed for a specific purpose, we may still process such information if necessary for another purpose for which we collected the data (for example, to comply with a legal obligation).

• To communicate with you regarding products and services that may be of interest: to provide you with updates and offers, where you have chosen to receive these. We may also use your information for marketing our own and our selected business partners' products and services to you by email and phone. Where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by visiting Contact Us.
  • Use justifications: Consent, legitimate interests (to keep you updated with news related to our products and services).
  • Personal Data: Contact details, general information, marketing preference information, and financial information from the onboarding process.
  • Retention period: For the duration of our contract with you or while you have an account with us, and until you withdraw consent for marketing communications if required by law【53†source】.
• To create your customer profile: we may process your personal data where required in order to create and maintain your customer profile within the Website. This includes any information in order to verify your identity and to be able to provide our Services.
  • Use justifications: Contract performance, legitimate interests (to enable us to perform our obligations and provide our Services to you).
  • Personal Data: Contact details, general information, financial information, anti-crime and fraud information, feedback provided to us.
  • Retention period: for the duration of the period we have a contract with you and/or for the period during which you are registered with an account.
• To communicate effectively with you and conduct our business: to conduct our business, including to respond to your queries, to otherwise communicate with you, or to carry out our obligations arising from any agreements entered into between you and us.
  • Use justifications: Contract performance, legitimate interests (to enable us to perform our obligations and provide our Services to you).
  • Personal Data: Contact details, general information, financial information, feedback provided to us, transactions and holdings.
  • Retention period: for the duration of the period we have a contract with you and/or for the period during which you are registered with an account.
• To understand our customers and to develop and tailor our products and Services: we, or third party service providers on our behalf, may analyze the Personal Data we hold in order to better understand our business and develop our products and Services. In order to ensure that content from our Website is presented in the most effective manner for you and for your device, we may pass your data to business partners, suppliers and/or service providers (see paragraph 5).
  • Use justifications: legitimate interests (to ensure the quality and legality of our Services, to allow us to improve our Services and to allow us to provide you with the content and Services within the Website).
  • Personal Data: contact details and general information (such as name, address, date of birth, phone number and email address), financial information (such as information and preferences provided by you during your onboarding process), information or feedback you provide to us, transactions and holdings and website and communication usage.
  • Retention period: for the duration of the period we have a contract with you and/or for the period during which you are registered with an account.
• To provide and manage products and Services: to administer our Services, including to carry out our obligations arising from any agreements entered into between you or your company and us, or to notify you about changes to our Services and products.
  • Use justification: contract performance, consent, legitimate interests (to enable us to perform our obligations and provide our Services to you or to notify you about changes to our Service).
  • Personal Data: contact details and general information (such as name, address, date of birth, phone number and email address), anti-crime and fraud information, financial information (such as information and preferences provided by you during your onboarding process), information or feedback you provide to us, website and communication usage and transactions and holdings.
  • Retention period: In the event processing will be based on contract performance or our legitimate interests: for the duration of the period we have a contract with you and/or for the period during which you are registered with an account. In the event processing will be based on consent: until the moment you withdraw your consent.
• To verify your identity, protect against fraud and manage risk: we and other organizations may access and use certain information to prevent fraud, money laundering and terrorism as may be required by applicable law and regulation and best practice at any given time, including checking against sanctions, politically exposed persons (PEP) and other fraud or crime screening databases. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them.
  • Use justifications: legal obligations, legal claims, legitimate interests (to prevent crimes and protect our business).
  • Personal Data: contact details and general information (such as name, address, date of birth, phone number and email address), anti-crime and fraud information, financial information (such as information and preferences provided by you during your onboarding process) and your transactions and holdings.
  • Retention period: for the duration of 5 years after the end of our contract with you, as required by the applicable laws.
• To comply with legal or regulatory requirements, or as otherwise permitted by law: we may process your Personal Data to comply with our regulatory requirements or dialogue with our regulators or defend or prosecute claims as applicable which may include disclosing your Personal Data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or
  • Use justifications: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities).
  • Personal Data: contact details and general information (such as name, address, date of birth, phone number and email address), anti-crime and fraud information, financial information (such as information and preferences provided by you during your onboarding process), information or feedback you provide to us, device information and transactions and holdings.
  • Retention period: for the duration of 5 years after the end of our contract with you, as required by the applicable laws, unless a longer duration will be required to comply with regulatory requirements or to defend or prosecute legal claims.
• To notify you about changes to our Services and products.
• Use justification: legitimate interests (to notify you about changes to our Service).
• Personal Data: contact details and general information (such as name, address, date of birth, phone number, and email address), and financial information (such as information and preferences provided by you during your onboarding process).
• Retention period: for the duration of the period we have a contract with you and/or for the period during which you are registered with an account.
• To monitor queries and transactions to ensure service quality, compliance with procedures, and to combat fraud.
• Use justifications: legal obligations, legal claims, legitimate interests (to ensure the quality and legality of our Services).
• Personal Data: contact details and general information (such as name, address, date of birth, phone number, and email address), financial information (such as information and preferences provided by you during your onboarding process), anti-crime and fraud information, information and feedback you provide to us, website and communication usage, and your transactions and holdings.
• Retention period: for the duration of the period we have a contract with you and/or for the period during which you are registered with an account.
• To protect our business or troubleshoot problems, we may process information relating to your device and use of our service. By doing so we will be able to ensure network security and to customize our Services in order to provide you with the best experience.
• Use justifications: legitimate interests (to ensure the quality of our Services and provide our Services to you).
• Personal Data: device information and website and communication usage.
• Retention period: for the duration of the period in which the Website is installed on your device.
• To reorganize or make changes to our business: in the event that we (i) are subject to negotiations for the sale of our business or part thereof to a third party, (ii) are sold to a third party or (iii) undergo a reorganization, we may need to transfer some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or reorganization, certainly limited to what is required for this purpose and only to the extent allowed under applicable laws. We may also need to transfer your Personal Data to that reorganized entity or third party after the sale or reorganization for them to use for the same purposes as set out in this policy.
  • Use justifications: Legitimate interests (to allow us to change our business).
  • Personal Data: anti-crime and fraud information and any other information that will be required for this purpose, such as information you provide to us (e.g. regarding complaints).
  • Retention period: for the duration of the (negotiations of the) sale, reorganization and/or due diligence process.

4. Consent and Your Choices

Most of our processing is permitted by "legal grounds" other than consent (see paragraph 3 above). In relation to Direct Marketing, where we are required to do so, we will obtain your consent before using your Personal Data for this purpose. Direct Marketing is our communication with you by email, using your contact information, to inform you about products and services that we think may be of interest and value to you. This does not include communications regarding products or services that you currently have, including improved ways to use the products, or additional features of the products as well as transactional information.

If you prefer not to receive our Direct Marketing communications, you can withdraw your consent at any time and have your name deleted from our Direct Marketing and/or shared information lists. If you want to change your privacy preferences, please see Contact Us.

5. Sharing your Personal Data (and transfers outside your country)

Most of our processing is permitted by "legal grounds" other than consent (see paragraph 3 above). In relation We will only use or disclose your Personal Data for the purpose(s) it was collected and as otherwise identified in this Privacy Policy.

• Sharing within SegMint affiliates:We may share yourPersonal Datawithin the group, for marketing purposes, for legal and regulatory purposes, to manage business risks, to ensure we have correct or up to date information about you and to better manage your relationship with us.
• Sharing with external organizations: Personal Data may be provided to third parties, including anti-fraud organizations, legal, regulatory or law enforcement authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations, or to comply with a court order or for the protection of our assets (for example, collection of overdue accounts).
• Business sale or reorganization: Over time, we may buy new businesses or sell some of our businesses. Accordingly, Personal Data associated with any accounts, products or services of the business being purchased or sold will be reviewed as part of the due diligence process and subsequently transferred as a business asset to the new business owner. We may also transfer Personal Data as part of a corporate reorganization or other change in corporate control.
• Sub-contractors and agents: We may use affiliates or other companies to provide services on our behalf such as data processing, web services, identification, support and fraud prevention and detection and marketing including third party service providers such as SumSub and Vercel whose privacy policies can be accessed via the links provided.
  Such companies will be given only the Personal Data needed to perform those services and we do not authorize them to use or disclose Personal Data for their own marketing purposes. We have contracts in place holding these companies to standards of confidentiality equivalent to ours.

Transfer of your Personal Data

As some of SegMint's service providers, e.g. Vercel or sub-processors of SumSub, may have servers based outside the European Economic Area (EEA), SegMint may transfer your personal data to such service providers in the third countries when using their services, in which data protection laws might be of a lower standard than in your country/the EEA. We will, in all circumstances, safeguard personal information as set out in this Privacy Policy.

Where we transfer personal information from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant personal information. In accordance with applicable law to ensure an adequate level of protection, we ensure that the transfer outside the EEA is only done after implementing one of the following safeguards:

• The country to which we transfer your personal data is approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions; or
• We will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements. Please Contact Us if you would like to see a copy of the specific safeguards applied to the export of your Personal Information.

6. Retention of Personal Data

Our retention periods for personal data are based on business needs and legal requirements. We retain your Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose such as satisfying any legal or accounting requirements.

To determine the appropriate retention period of your Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

When Personal Data is no longer needed for the purposes for which we collected it for, our policy is to either irreversibly anonymize the data (and we may further retain and use the anonymized information) or securely destroy the data. Please note that, if your Personal Data will no longer be needed for a specific purpose, we may still process such information if necessary for another purpose for which we collected the data (for example, to comply with a legal obligation).

Details of retention periods for the different purposes are set out in paragraph 3 above.

7. Accuracy and security of your Personal Data

We are committed to maintaining the accuracy of your Personal Data and ensuring that it is complete and up-to- date. If you discover inaccuracies in our records, or your Personal Data changes, please notify us immediately so that we can make the necessary changes. Failure to notify us of changes to your Personal Data may negatively impact the way we communicate or provide our Services to you. Where appropriate, we will advise others of any material amendments to your Personal Data that we may have released to them. If we do not agree to make the amendments that you request, you may challenge our decision as described in Contact Us.

Safeguarding your Personal Information

Security over the internet

Details of retention periods for the different purposes are set out in paragraph 3 above.

8. Changes to this Privacy Policy

From time to time, we may make changes to this Privacy Policy. We will note the date of the most recent revision of this Privacy Policy at the bottom of the page. Please see Contact Us to answer any questions you may have about our Privacy Policy.

9. Your Rights

If you have any questions in relation to our use of your Personal Data, you should first contact us as per the Contact Us section below.

In accordance with applicable law, you may have the right to require us to:

• Provide you with further details on the use we make of your information;
• Provide you with a copy of information that you have provided to us;
• Update any inaccuracies in the Personal Data we hold (please see paragraph 7);
• Delete any Personal Data that we no longer have a lawful ground to use or retain;
• Where processing is based on consent, to withdraw your consent so that we stop that particular processing (see paragraph 4 for marketing);
• Object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
• Restrict how we use your information whilst a complaint is being investigated.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege) as well as technical limitations. Please note that some rights may not be entirely accessible or enforceable due to the inherent technological setup of blockchains as further explained in section 2 above. Notably, blockchains are publicly accessible, and any personal data shared on them becomes publicly available.

You can exercise your rights by filing a request by e-mail to privacy@segmint.io. We aim to respond to your request within one month after receiving such a request. However, this one month term may be extended with two months. In such event, we will inform you within one month after receipt of your request and explain why the extension is necessary.

If you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, you have the right to lodge a complaint to a data protection regulator as further described in paragraph 11. We would, however, appreciate the chance to deal with your concerns before you approach the data protection regulator, so please contact us in the first instance.

10. Collection of Information Using Cookies and Other Tools

SegMint or our service providers may use "cookies," web server logs, web beacons, or other electronic tools to collect information that is related to you but that does not personally identify you, such as:

• IP address;
• Browser type;
• Operating system;
• Computer platform;
• Information about your mobile device;
• Geo-location data; and
• The state or country from which you accessed the Website.

SegMint or our service providers may also use cookies, web server logs, web beacons, or other electronic tools to collect and compile statistical and other non-personal information about your use of the Website and the Services provided within the Website, such as:

• the relevant pages you visit within the Website;
• the date and time of your visit;
• the number of links you click within the Website;
• the functions you use within the Website;
• the databases you view and the searches you request on the Website; and
• the data you save on, or download from, the Website.

A cookie is a small text file placed on your device to collect data about the visitors and users of our Website with the purpose of updating and improving the Website to provide our visitors and users with the best experience. Except for functional or analytical cookies that collect non-personal information, we need your consent to place cookies.

Tracking Cookies

In addition to the cookies which collect non-personal information about your use of the Website and the Services provided within the Website, we may set further cookies if you use the Website, such as Amplitude and Vercel Analytics. The information generated includes information about your use of the Website (including your IP address), which will be transmitted to and stored by Vercel on servers in the United States.

On behalf of us, Vercel will use this information for the purpose of evaluating your use of the Website, compiling reports on activity for website operators and providing other services relating to internet usage.

We will obtain your consent before we can place the Vercel and Amplitude cookies on your device. If you have consented to the use of these cookies, you can always refuse or delete these cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of our Website and Services.

SegMint does not process or respond to web browsers' “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit the Website. For information about online behavioral advertising networks and how to "opt out" of advertising cookies placed by the Network Advertising Initiative's ("NAI") member networks, and thereby limit the tracking of your online activity and the targeted advertising you may receive, please click here. Note that even if you opt out of cookies placed by the NAI member networks, you may still receive online advertising. You can also prevent website tracking by changing the settings in your web browser settings as described above to disable cookies permanently or to alert you when cookies are being sent so you can refuse them at that time.

11. Contact Us

If you have any questions or concerns about our privacy practices or the privacy of your Personal Information, please let us know.

To unsubscribe from marketing material we send you, please follow the instructions at the bottom of the email you have received. Alternatively, or in case of any other privacy related questions, you may email us at privacy@segmint.io.

If after contacting us you do not feel that we have adequately addressed your concerns, you may contact the The Hessian Commissioner for Data Protection and Freedom of Information German data protection regulator ("Der Hessische Beauftragte für Datenschutz und Informationsfreiheit), or any other data protection regulator in the country you reside in, about the way we process your personal data.

ANNEX A: Definitions

Direct Marketing is our communication with you such as mail, telemarketing or email, using your contact information, to inform you about products and services that we think may be of interest and value to you. This does not include communications regarding products or services that you currently have, including improved ways to use the products, or additional features of the products as well as transactional information.

Personal Data is information about an identifiable individual. It includes information that you have provided to us or was collected by us from other sources. It may include details such as your name and address, age and gender, personal financial records, identification numbers and personal references, to the extent permitted by local laws.

The website means www.segmint.io.

ANNEX B: Table of Legal Bases

Use of Personal Data under EU data protection laws must be justified under one of a number of legal "grounds" and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available is set out below. We note the grounds we use to justify each use of your information next to the use in the "Uses of your personal information" section of this policy.

These are the principal legal grounds that justify our use of your information: