PRIVACY POLICY

When issuing Treesury Tokens, and transactions with Treesury Tokens, Treesury will collect personal data in accordance with applicable laws, by-laws, adopted standards and international regulations applicable to Treesury's activities. In the text below, is information about the situations, purposes and manner in which Treesury processes personal data.

Controller

The controller is the main person responsible for the processing of personal data and who decides on their purpose and intent. The data controller is:

Treesury d.o.o. Beograd

Veljka Dugoševića 54, 11050, Belgrade (Zvezdara), Serbia

Company registration number: 21900796

Phone number: +381 65 2208107

E-mail address: [email protected]

(hereinafter: "Treesury" or "Controller")

When, why and how we collect personal data

In order to successfully perform our services and obligations within the Treesury Token issuing business, we must collect, process, store, and sometimes share personal data. Below is a description of which data we need, and for which purpose, and on which legal basis. In addition, below is information regarding the conditions under which we share personal data with third parties, and what types of personal data we process for the subject purposes.

Data we collect during registration

In order to invest, a potential investor on the Treesury platform must first register and confirm that registration, in order to create a user account. On this occasion, the following data is collected:

  • For natural persons: name and surname, address: city, country, postal code, e-mail address, contact phone, document identification number, document type (passport/identity card), citizenship according to passport information.
  • For legal entities: business data and personal data - name and surname of representative, e-mail address, contact phone number, document identification number, type of document (passport/identity card), citizenship according to passport information.
  • For natural persons and legal entities: account access password.

After registration, the investor accesses the platform using his credentials (username/e-mail address and password) for login.

Information from ID documents is necessary for the identification of investors, so that the Controller can fulfill its legal obligation to exclude from the offer or prohibit the sale of Treesury Tokens to persons who have a certain citizenship, in case of sanctions, or the application of extraterritorial laws that regulate token trade, as well as the possibility of offering to citizens of individual countries.

The processing of personal data is carried out within the framework of transactions with Treesury Tokens on a decentralized database (blockchain). Access to this data is provided by the provider of the unique identification service on a decentralized basis, Tokeny S.à r.l. company, a private limited liability company registered in Luxembourg under the number B218805 and with its registered office at: 9 rue du Laboratoire, L-1911 Luxembourg.

The legal basis for processing, within this purpose, is the taking of actions, at the request of the person to whom the data refers, before the conclusion of the contract. By purchasing Treesury Tokens, the investor enters into a contractual relationship with the Treesury, and the specified data submitted during registration is necessary for the purpose of identifying the Investor in order to conclude such a contract.

Personal data that we collect for the purpose of implementing procedures from the field of money laundering prevention

Treesury must fulfill its obligations as prescribed by regulations from the field of prevention of money laundering and terrorism financing. Therefore, during registration, the investor goes through the KYC / KYB process, which is carried out directly from the Treesury platform, by redirecting to the integrated Sumsub service, which processes personal data in the capacity of a processor.

On this occasion, the following are collected: information about the ID document (number, date of expiration and issuance, country and authority that issued the document) and a photo of that document, a photo of the investor's face, which is made using cameras within the Sumsub service itself.

Within this purpose, the legal basis for processing is compliance with the legal obligations of the Controller, i.e., legal obligations based on regulations regarding prevention of money laundering and terrorism financing.

Data we collect when purchasing Treesury Tokens

In order to purchase Treesury Token, the investor connects his blockchain wallet and realizes the payment of the price via a bank transfer. No additional personal data is collected in order to connect the blockchain wallet. The Controller processes the payment by account and approves the transaction to the investor and transfers the Treesury Token.

Depending on the payment method, Treesury cooperates with different partners, who perform the payment transaction itself. Payment method information as well as user wallet information are stored on decentralized servers. Treesury does not have access to payment card data, but only to investor transaction and account data.

Within this purpose, the legal basis for processing is the execution of the concluded contract, with the person to whom the data is transferred, and reverence for the Controller's legal obligations, i.e., legal obligations regulated by relevant regulations, including financial regulations and regulations on digital assets.

Personal data collected for marketing purposes

As part of its marketing activities, Treesury may send marketing messages to potential investors and other interested parties. Interested parties can also sign up to receive the Treesury newsletter.

The data processed for this purpose is: first and last name, e-mail address and/or phone number (depending on the chosen method of message sending), as well as information about interest in investing such as the investment budget.

As part of marketing activities, we may engage external partners such as marketing agencies, with whom we always have appropriate contracts that regulate the protection of personal data.

For this purpose, the legal basis for processing is the consent of the data subject.

Personal data we collect for the purposes of responding to inquiries

Interested parties can contact us by sending inquiries through the contact form on the website. The data we process in order to be able to respond to those inquiries is: name, e-mail address, status (industrial buyer, investor, farmer - not mandatory information ) and the message itself.

For this purpose, the legal basis for processing is our legitimate interest in communicating with potential investors and other interested parties.

When do we delete your data?

We delete your personal data, according to the prescribed rules, as soon as their purpose has been fulfilled. Different data deletion rules apply depending on the purpose of data processing.

If we process the data for the purpose of contract execution, we generally keep such data until the expiration of the legal statute of limitations, and then we delete such data. In appropriate cases, we store the data until the expiration of our legal storage obligation such as for example the obligations stipulated by accounting or tax regulations or regulations on the prevention of money laundering and terrorism financing.

If it concerns data that we process for of our legitimate interest, we delete it when that interest is realized. In principle, we store data about inquiries that we receive through the website for 3 years.

We delete data collected on the basis of consent after withdrawal of consent. The given consent can be revoked at any time by sending an e-mail to the address: [email protected].

Who do we share your data with?

We will never forward your data to unauthorized third parties. Given that, as part of our business, we receive the services of certain service providers (as described above), depending on the type of services they provide, we give them limited and strictly monitored access to your personal data. Our service providers who have the role of data processors such as technical support service providers, are required to respect the highest standards when processing personal data, which are regulated by relevant processing contracts.

To which countries do we transfer your data?

Due to the very nature of blockchain technology, it is not possible to know where personal data processed on a decentralized database is stored. The basis for the transfer of data outside the Republic of Serbia, with appropriate protection measures, is based on the necessity to execute a contract between the data subject and the Controller, i.e., for the application of pre-contractual measures taken at the request of the data subject.

As part of its operations, Treesury selects servers of partner organizations located in the European Union. In certain cases, such as for the purpose of providing technical support, data may be accessed from the United States of America.

If data is transferred from the Republic of Serbia to an EU member state, countries that the EU considers to provide an adequate level of protection, i.e., member states of the Council of Europe Convention 108, the transfer of data to these states is carried out on the basis of the default level of adequate protection of personal data in that countries, in accordance with the Law on Personal Data Protection of the Republic of Serbia.

The transfer of data outside the aforementioned group of countries is carried out exclusively with the application of the provisions of the Law on Personal Data Protection, which regulates the transfer with the application of appropriate protection measures. Therefore, whenever the situation requires it, Treesury transfers data on the basis of standard contractual clauses that provide appropriate protection measures.

The rights of persons to whom the data refers

Persons who object to the Controller collecting, processing or using their data in a certain way can send a request for the exercise of their rights to the e-mail address: [email protected]. In accordance with the law, these are the following rights:

  • Right of access and copy - the right of access to data, i.e., the right to obtain a copy of the data, as well as information on the processing method.
  • Right to rectification - the right to request changes to the personal data we process.
  • Right to erasure - the right to request the erasure of personal data, under certain conditions regulated by law.
  • Right to restrict processing - the right to request the restriction of personal data processing, under certain conditions regulated by law.
  • Right to data portability - the right to transfer personal data in a machine-readable format, under certain conditions regulated by law.
  • Right to object - the right to object to the processing of personal data, when it is based on our legitimate interest.
  • Right to withdraw consent - the right to withdraw consent, when we perform the processing based on your consent.
  • Right to complain to the supervisory authority - the right to complain is submitted to the supervisory authority whose contact details have been given below:

Commissioner for information of public importance and protection of personal data

Bulevar kralja Aleksandra 15

Belgrade 11120, Serbia

E-mail address: [email protected]

Existence of automated decision-making, including profiling

Treesury does not perform automated decision-making, nor profiling, based on personal data.

Right of modification

We reserve the right to change the Data Protection Rules in accordance with legal provisions. We will notify you of any important changes such as changes to the purpose of personal data processing or the realization of new purposes.

 

Message