This WISe.Art Privacy Notice relates to the services provided by TrusteCoin AG to provide a secure and trusted marketplace where the user can create, buy, sell, and collect NFTs (Non-Fungible Token) which can be authenticated as genuine digital or physical art pieces. We take your privacy seriously and will only use your personal data to deliver the products and services requested.

Who are we?

TrusteCoin AG is a company incorporated in Zug, Switzerland, and member of the WISEKEY International Group, the ultimate parent Company of which, WISeKey International Holding Ltd. is registered in Zug Switzerland. The entity acts as Controller of personal data in relation to the provision of our products and services. Other companies in the WISeKey Group can establish their own Privacy Notices, always in compliance with the applicable regulations.

Who are our Privacy Officers?

Our Data Protection Officer (DPO) is Pedro Fuentes. The DPO was registered at the Dutch Data Protection Agency (Autoriteit Persoonsgegevens), which act as “Lead Supervisory Authority” for WISeKey’s activities in the European Union. Contact email: privacy@wisekey.com.

What data is collected?

We collect the data necessary for the provision of the services. The main service is the provision of a secure and trusted marketplace, commercially branded as WISeArt, where the user can create, buy, sell, and collect NFTs (Non-Fungible Token). WISeKey also provides other related security services around these digital identities. Personal data that may be included in the user account can include: • First Name • Last Name • Common Name • E-mail address • Locality • State/Province • Country • Public keys, used as wallet address or other blockchain-related identifications Personal data that is not included in Personal Digital Identity but that may be requested as part of the Certificate issuance process (e.g. for vetting the identity of an individual). This data can include: • Title (e.g. Mr./Mrs. /Dr.) • Job title (professional title) • Pseudonym (if relevant) • Company/Organization name (if relevant) • Organizational Unit (if relevant) • Address • Telephone number (home/mobile) • Identification document details (used for identity vetting) • Company registration number and data Personal data is also needed in order to create a user account on our digital identity systems in order to log in to the system. This Personal Data consists of: • First Name • Last Name • Email • Phone number(s) • Password (chosen by user)

Why do we collect information? / Lawful Basis for processing

We rely on a variety of information to run our business. In some cases, this information may include data that relates to an identified or identifiable natural person, which is referred to as Personal Data. The reason that we collect your Personal Data is that we need it in order to provide you with our products and services, which include the provision of an account, or digital identity, to access the WISeArt services. The lawful basis for us processing Personal Data in relation to these services is that processing is necessary for the performance of a contract or to take steps to enter into a contract.

Who is collecting it?

We collect data directly from you or indirectly from those organisations who have entered into a contract with us (for example to request certificates for their employees or customers). This indirect collection is considered a “Processor” role activity and requires appropriate compliance of current regulations. In particular, WISeKey SA, another member of the WISeKey Holding, will act as main data processor, by supplying the technology and services to manage your digital identity and user account to access the WISeArt services.

How will it be used?

We use your personal data only for the provision of the products and services that we have contracted to provide. WISeKey can also use your personal data to send marketing information, news or other information related to our products and services. We offer an explicit “opt-in” subscription mechanism, so these messages will only be sent to the persons that gave their previous authorization.

Where will it be processed?

Processing activities performed by WISeKey will happen in Switzerland, as main location. Switzerland is considered by the EU as a country with adequate data protection regulations, and therefore not subject to additional data transfer controls.

Who will it be shared with?

We do not share your personal data with anyone save to deliver the agreed services (please refer to section “Who is collecting it?”).

How is your data protected?

We use a combination of technical, administrative, organizational, and physical safeguards to protect your personal data. Access to your personal data is restricted to those who are necessary for the delivery of the services. These safeguards are tested as part of our annual audits and accreditations. For further details please see details of the our accreditations. Retention Periods The WISeKey Practices related to digital identity (available at https://www.wisekey.com/repository) requires that audit logs are retained for at least seven years after the expiration of a digital identity.

Your Rights

We comply with all relevant Data Protection/ Privacy legislation. These provide several rights about your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. You have the right to lodge a complaint with the appropriate Data Protection Authority if you believe that we have not complied with our legal obligations. For further information see here. Please email privacy@wisekey.com. to make a request under these provisions. In order to help us deal with such request please provide details of the product/service that the request relates to, the relevant WISeKey office/contact person and any other details (such as customer number etc). Please note that we will perform steps to verify your identity before providing any information.

Automated Decision Making and Profiling

The GDPR defines profiling as ‘any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements’. We do not perform any profiling. WISeKey does not use automated decisions in the processing of personal of data.

This Privacy Notice

As our organisation grows, this Privacy Notice is also expected to change over time. This Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our personal information practices. You should check our site frequently to see the current Privacy Notice that is in effect. The Privacy Notice was last updated on 12th September 2021. Contact If you have questions regarding this Privacy Notice, please contact us via email at: privacy@wisekey.com.