Privacy Notice

1. Scope of the processing of personal data and data controller

ASSETERA GmbH and ASSETERA Digital Assets GmbH (together "Companies") processes personal data exclusively on the basis of the statutory provisions (General Data Protection Regulation - GDPR, Telecommunications Act - TKG) and, as a matter of principle, only insofar as this is necessary for the provision of our services and for the fulfilment of statutory obligations. The respective scope of data processing depends on the specific services to be provided. In addition, Companies processes personal data after prior consent for information and advertising purposes. Personal data are all data which directly or indirectly allow a conclusion to be drawn about your person.

In this privacy notice, we inform you about the most important aspects of data processing within the scope of our website.

The data controller within the meaning of Art. 4 (7) GDPR are Companies:

[email protected]

ASSETERA Digital Assets GmbH
[email protected]


2. Legal bases for the processing of personal data

The data you provide is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures. Without this data, we cannot provide you with any services or enter into a business relationship with you. The legal basis is the fulfilment of the contract or the implementation of pre-contractual measures at the request of the user in accordance with Art. 6 para. 1 lit. b and the legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

Data categories: The data varies depending on the service provision, but usually includes at least the following categories of data: Customer data, contractual data, bank data, identification numbers, physical characteristics, ownership characteristics and contractual data with third parties.

The Companies are also legally obliged to process personal data of its customers as well as their beneficial owners and other corporate representatives on the basis of national laws, in particular the Financial Market Money Laundering Act (FM-GwG), which result from EU money laundering regulations as well as regulations against the financing of terrorism. In order not to prevent effective measures, it may not be possible to implement the data subject rights (in this case, above all, the right to information, correction, deletion or data portability) at certain points in time. This is always the case if complying with requests from data subjects results in thwarting or jeopardising the measures. The legal basis is the performance of a task in the public interest as defined in Art. 6 para. 1 lit. e GDPR (in particular Art. 21 FM-GwG).

Your personal data will be processed by Companies in accordance with the due diligence requirements of the FM-GwG for the duration of the current business relationship and deleted after 10 years following the termination of the business relationship in accordance with Art. 21 (1) line 1 FM-GwG. Personal data processed for other purposes shall be handled in accordance with the retention periods resulting from the respective applicable legal requirements and deleted thereafter.


3. Disclosure of data

Your personal data may be collected by or transmitted to IT service providers used by Companies which are based in an EU member state. Insofar as IT service providers process personal data for us as order processors, we conclude corresponding agreements with them in accordance with Art. 28 GDPR.

Companies also uses IT service providers as processors who are based outside the EU. This means that processing of personal data may also take place in a third country under certain circumstances. In order to ensure an adequate level of data protection, Companies also concludes order processing agreements with these processors. An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses (2010/87/EU) of the European Commission, and on the other hand by the conclusion of so-called adequacy decisions, in which the European Commission determines that personal data in a specific third country enjoys adequate protection comparable to European data protection law.

In particular, Companies use an order processor to fulfil its legal due diligence obligations under the FM-GwG.

Your data is collected by or passed on to SUMSUB TECH LTD, Agiou Andreou 153, 3036, Limassol, Cyprus. SUMSUB processes the following categories of data in particular: Customer Data, Contract Data, Bank Data, Identification Numbers, Physical Characteristics and Possession Characteristics. 

In certain cases, it may be necessary for Companies to transmit customer data to issuers of security tokens that the customer has acquired via the ASSETERA Marketplace so that the issuer can fulfil its obligation to comply with due diligence obligations.

Data may also be disclosed in order to assert, exercise or defend legal claims, insofar as there is no reason to assume that there is an overriding interest worthy of protection in not disclosing the data, as well as if there is a legal obligation to disclose the data and insofar as this is legally permissible and necessary for the processing of contractual relationships with you.


4. Contacting

On our website, we offer you the opportunity to contact the Companies about a request and to leave your contact details (name, e-mail, company) so that you can be contacted directly by one of our experts. We process the data provided in accordance with pre-contractual measures based on your request. The legal basis is the implementation of pre-contractual measures based on your request in accordance with Art. 6 (1) lit. b GDPR. The data you provide will be stored in accordance with the retention periods resulting from the applicable legal requirements and then deleted.


5. Newsletter

You can register for the Companies newsletter on our website. We process the data you enter in the registration mask (name, e-mail, company) for the purpose of sending you the newsletter. After entering your data, you will receive an e-mail in which you confirm your consent to receive the Companies newsletter. Only after we have received this confirmation will we send you our newsletter.

You can revoke this consent at any time by using the unsubscribe option in the newsletter or by sending an email to [email protected] or [email protected]. Your data will be stored until you revoke your consent or until the newsletter service is discontinued.


6. Cookies and Web-Analysis-Tools

This website uses cookies. In order to make it easier for you to access our website and to enable evaluations of visits to our website, we store cookies on your terminal device. These record the IP address of your terminal device and thus your visits to our website. However, this only takes place if you have previously given us your consent in the cookie banner. The legal basis for this is consent in accordance with Art 6 (1) lit a GDPR.

You can restrict or prevent the setting of cookies. If the use of cookies is restricted, not all functions of this website may be fully usable.

This website uses the following cookies:

  • functional cookies


7. Your rights

With regard to your data processed by Companies, you are generally entitled to the rights of information, correction, deletion, restriction of processing, data portability, revocation of consent and objection to processing. If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to us [email protected][email protected] or to the Austrian Data Protection Authority.

Austrian Data Protection Authority
Barichgasse 40-42

1030 Vienna

[email protected]