Virtune AB (publ), reg. no. 559175-2067, Kungsgatan 26, 111 35 Stockholm, Sweden (“Virtune”, “we”, “our” or “us”) offers investment products in the form of Exchange Traded Products providing exposure to the crypto market..
This policy describes how Virtune collects and processes personal data for which Virtune is the data controller. Should you have any questions regarding our processing of your personal data, please contact us at data@virtune.com or via the contact details in section 7.
We process your personal data in different ways depending on the context in which you come in contact with us and in which capacity you act (please note that “process” in this context is a generic term used in the General Data Protection Regulation (EU) 2016/679 (”GDPR”) for actions taken in relation to your personal data). This policy is therefore divided into different sections, to make it easier for you to find the information you are looking for. The different sections are based on which of our services that you use, for example if you apply for a job. You can read about how your personal data is processed under each of these categories.
These different sections are followed by multiple sections where information that is universal for all types of services is described. These sections include information about who we share your personal data with, where we process your personal data, what rights you have vis-à-vis us and how you can get in touch with us. Below, you can click yourself to each section.
It is important to us that you feel safe with what types of personal data we collect and even more importantly how we process it. Thus, this policy covers the necessary information about this, which is why we think it is important that you read and understand the information.
Once a decision has been made through automated decision-making, you will be informed about this as well as about your ability to contest the decision. You also have the right to have the decision reviewed by a real person.
For certain purposes, we rely on our legitimate interest as the legal basis for the processing of your personal data. In assessing our legitimate interest, we rely on a balancing of interests test by which we have determined that our legitimate interests of the processing override your interest and your fundamental right not to have your personal data processed. We have expressed our legitimate interest in the tables above. Please contact us if you want to read more about how this test has been performed. Our contact details can be found in section 7.
When we share your personal data, we ensure that the recipient processes them in accordance with this privacy notice, by, e.g. entering into Data Transfer Agreements or Personal Data Processing
Agreements with the recipients. The agreements ensure that your data are processed in accordance with the GDPR and this privacy policy. We would like to emphasize that we do not sell your personal data to any third party.
Personal data shared with the recipient: According to 1.1, 1.3, 1.4, 1.5 and 1.6
Recipients: Partners within Sweden, for example our legal partners.
Purpose and legal basis: The partners with whom we work closely may gain access to your personal data to the extent necessary in order for us to fulfill our obligations under the contract with you. Thus, sharing with partners outside the Group can take place on the legal basis of performance of contract.
Categories of persons whose personal data may be shared with the recipient: Representatives of our customers and job applicants.
Personal data shared with the recipient: According to 1.1, 1.3, 1.4, 1.5 and 1.6
Our databases with personal data are stored on our servers in the Google Cloud Platform. Google does not have access to the servers and thus do not have the right to use any information. It is only Virtune that can access the servers and data.
We use Hubspot and EmailJS to send out emails to our customers and therefore your email address is stored with them.
Google Analytics is used to analyze the usage behavior of our customers. Data is anonymized and aggregated as a general rule after collection and we do not follow up how each individual customer uses Virtune's services. Case management system We need access to the customer's email address in order to respond to support errands.
Purpose and legal basis: We sometimes need to use the services of other companies in order to run our business. In such cases, we have a legitimate interest in being able to use these services. If the sharing of your personal data is necessary to fulfill that interest, and that interest overrides your right not to have your data processed, sharing may take place on the legal basis of legitimate interest.
If we, or a significant part of our business, were to be sold to or integrated with a third party, all of the personal data that we have collected about you may be shared with our advisor, potential buyer and their advisor and then passed on to the new owner of the business. This applies regardless of under which of the above-mentioned services that we have collected your personal data. In such cases, we have a legitimate interest in being able to provide the potential buyer(s) with sufficient information about our business, in order to perform the transaction. If the sharing of your personal data is necessary to fulfill that interest, and that interest overrides your right not to have your data processed, sharing may take place on the legal basis of legitimate interest.
You have the right to object to the sharing of your personal data, based on the circumstances in your individual case. More information about your right to object can be found in section 4.5.
The transfers described above may be made to recipients in member states of the EU/EEA as well as to third countries whose legislation may differ from the rules for data protection within the EU/EEA. In the case of transfers to such third countries, we will take appropriate measures to ensure that your personal data are adequately protected.
We will ensure that appropriate safeguards are put in place by ensuring that at least one of the following conditions is met in each such transfer.
Adequate level of protection according to art. 45 GDPR The European Commission has decided that certain countries outside the EU/EEA have a sufficiently high level of security. This means that personal data can be transferred there without any further action having to be taken with regard to the transfer itself (beyond what applies under the GDPR in general). A list of which countries are included can be found here.
United States of AmericaStandard Contractual Clauses according to art. 46.2 GDPR Since only a few countries are considered to have an adequate level of protection, a common measure to ensure sufficient protection in the event of a transfer outside the EU/EEA is to enter into the European Commission's Standard Contractual Clauses pursuant to Implementing Decisions 2001/497/EC, 2010/87/EU or 2021/914/EU, without any changes or amendments in conflict with the clauses. If you want to read them in their entirety, you can download them via the European Commission's website (under the heading Standard contractual clauses for international transfers (Word)).
If you would like to receive further information about transfers to countries outside the EU/EEA, or if you would like to receive a copy of the safeguard we have used, you can contact us by using the contact details set out in section 7 below.
According to current legislation, you have the right to exercise certain rights against us when we process your personal data. Below we describe each right, and what it means for you in relation to the personal data that we process. If you want to read more about what the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) writes about these rights, there are links under each section to the relevant page on the Swedish Authority for Privacy Protection's website.
If you want to exercise any of these rights, want to know more or have questions, please feel free to contact us at data@virtune.com or by using the contact details set out in section 7 below.
You have the right to be informed about how we process your personal data. In this privacy policy, we generally describe what personal data is processed by us in different contexts. If you want to know more about whether we process your personal data, and to what extent it is done, you can contact us as described above and request information about what personal data we process.
If you want to read more about the right to information – please see here (in Swedish: here).
We can also provide you with a copy, a so-called register extract, of the personal data processed by us. In the register extract, we provide information about e.g. which categories of personal data are processed, what the personal data are used for, how long the data will be stored, with whom the personal data has been shared and where the data come from.
If you want to read more about the right of access – please see here (in Swedish: here).
We strive to always have accurate personal data about you and to update them when necessary. If you discover that we process inaccurate data about you, you have the right to contact us as described above to have these corrected. You also have the right to ask us to complete incomplete data if this is relevant based on the purposes for which your data are processed, by providing us with additional information.
If you want to read more about the right of rectification – please see here (in Swedish: here
You have the right to request the erasure of your personal data. However, this right is not absolute. Certain conditions must be at hand in order for us to erase your data. For example, you may have the right to have data erased if they are no longer necessary for the purposes for which they were collected, if you withdraw your consent or if you object to us using your data for direct marketing.
The right to erasure is also limited in the event that an exception applies to the data in question. For example, we have the right to retain the data if it is necessary for establishing, exercising or defending legal claims.
If you want to read more about the right of erasure – please see here (in Swedish: here
You always have the right to object to our processing if the legal basis for the processing is that the processing is necessary for purposes relating to our legitimate interest (the legal basis is stated in the various processing operations above in section 1).
If you object, we do not have the right to process the data anymore, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or if it is needed for the establishment, exercise or defense of legal claims. If we consider that we have such legitimate grounds, or if the data are needed for the establishment, exercise or defense of legal claims, we will notify you of this, and the reasons for such assessment.
You can also object to your personal data being processed for marketing purposes (including profiling if this is included as part of this). If you do so, we will cease the processing for these purposes.
If you want to read more about the right to object – please see here (in Swedish: here
You can request that the processing of your personal data should be restricted, for example if you do not think that the information we have about you is correct or if you believe that the processing is unlawful. Such request can also be made during the time we investigate whether our legitimate interests override your interest of privacy when you object to the processing (see more about this under right to object above).
If you want to read more about the right to restriction – please see here (in Swedish: here
You have the right to receive your personal data that you have provided to us (in case the legal basis for our processing is consent or performance of an agreement), in a structured, commonly used and machine-readable format. However, this presupposes that the processing takes place by automated means (i.e. not in physical form on paper). If technically possible, and you wish to do so, we may also transmit such personal data to another data controller.
If you want to read more about the right to transmit personal data – please see here (in Swedish: here
You can withdraw the whole or part of the consent you have given at any time, with effect as from the withdrawal (i.e. the processing of personal data that we have carried out before the withdrawal will not be affected). In the case of direct marketing via e-mail, a withdrawal can be carried out through a link attached in each such e-mail.
You can lodge a complaint to the Swedish Authority for Privacy Protection (or with another supervisory authority) if you believe that our processing of your personal data is not in accordance with applicable legislation.
If you want to read more about the right to lodge a complaint – please see here (in Swedish: here).
To protect your privacy, we may (if necessary) require you to prove your identity when you contact us to exercise your rights.
In order for us to deliver our services with the highest possible quality, we use so-called cookies and similar tracking technologies on our website.
When you visit our website, you will be asked if you consent to our use of cookies (with the exception of such necessary cookies that do not require your consent). You can delete cookies from your browser or adjust your settings for the use of cookies, at any time. You can read more about this in our cookie policy. In the cookie policy, we describe e.g. what types of cookies we use, what they are used for and for how long they are valid.
We may make changes to this privacy policy. All such changes are available here on the website in our latest version of the privacy policy, which is why you should review the privacy policy at regular intervals and each time you use our services.
If you have any questions or comments regarding the processing of your personal data, you can contact us via the e-mail address below.
VIRTUNE AB (publ)Address:Sibyllegatan 47, 114 42 Stockholm, Sweden
Email: data@virtune.com