Privacy Policy
We (“Ledgy”, “we”, “our” or “us”) understand how sensitive equity information is for any business. That’s why your privacy and your data’s security is crucial to us. We comply with the applicable data protection laws, including in particular the Swiss Federal Act on Data Protection (FADP), the General Data Protection Regulation (GDPR), the UK GDPR and the UK Data Protection Act 2018
This Privacy Policy explains the types of personal data we process (Section 1), the legal grounds on which we process it (Section 2), how we collect (Section 3) and protect that information (Section 4) and where we store it/who we share it with (Section 5) in the context of our services (app.ledgy.com or the “Services”) and the Ledgy website (ledgy.com or the “Website”), as well as the rights you have (Section 6). For information regarding the cookies we use, please refer to our Cookie Policy.
For a brief summary of this Privacy Policy, please refer to our Data Protecton page
1. Personal data we process
When you access the Website or use any of our Services, we may collect and process all or a part of the following types of personally identifiable information about you or your business (the “Personal Data”), including: shareholder and company information, share ledger transaction history and other cap table details, all together the cap table data (the “Cap Table Data”), and identity and contact date, financial payment data, profile, usage and website interaction, and technical data, all together the general personal data (the “General Personal Data”).
The following compilation will help you understand which data we handle and in which role.
Details
Shareholder information
Company information
Share ledger transaction history
Uploaded documents
Other cap table details
Identity and contact data
Date of birth
Telephone numbers
Email
Postal address
Financial and payment data
Credit card details
Profile, usage and website interaction
Communication preferences
Information about how you use our Website
Technical data
Browser type and version
Time zone setting
Location data
Operating system and platform
Provided to us
Our role
Indirectly by the company
Data processor
We carry out the processing of Cap Table Data which we obtained indirectly by a company under the specific instructions of each company/data controller.
Directly by you
Data controller
We determine the means and purposes of the processing of General Personal Data, and Cap Table Data which we obtained directly from shareholders in accordance with this privacy policy.
2. Legal grounds for processing
We retain Personal Data only for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required by law. We rely on the following legal grounds (the “Legal Grounds”) for the corresponding purposes (the “Purposes”) of our processing:
Contract
To perform our contractual obligations or take steps linked to a contract with you or your organisation.
- To register you as a client as instructed by you or your organisation.
- To provide and administer Services as instructed by you or your organisation.
- To process payments, billing, and collection.
Consent
We may rely on your freely given consent at the time you provided your Personal Data
Purpose
To communicate information about our Services (including newsletters and marketing material).
Legitimate interests
We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced.
Purpose
- To administer and manage our relationship with you, including accounting, auditing, and other steps linked to the performance of our business relationship.
- To analyze, improve and personalize our Services and communications and to monitor compliance with our policies, including to provide and maintain our Website, protect its security, and to prevent and detect security threats.
- To deliver the Services you have engaged us to provide.
Public interest
To meet regulatory and public interest obligations.
Purpose
To maintain records and conduct compliance checks, e.g. anti-money laundering, fraud, and crime prevention.
3. How we collect personal data
Directly
Via our Website and electronic communications
- When you or your organization use our Services.
- When you or your organization offer to provide, or provides, services to us.
- When you correspond with us by electronic means using our Website.
- When you or your organization browse, complete a form or make an inquiry or otherwise interact on our Website.
Indirectly
Public sources
Personal data may be obtained from public registers (such as commercial registers), news articles, sanctions lists, and Internet searches. Business customers Our customers may engage us to perform professional services which involve them sharing personal data they control with us as part of that engagement.
4. Personal data security
We have implemented technical and organizational measures in an effort to safeguard the Personal Data in our custody and control.
A list of measures can be found on our Security page.
While we endeavor to always protect our systems, sites, operations, and information against unauthorized access, use, modification, and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transfer or storage, will be absolutely safe from interception.
5. Storage, disclosure to third parties and cross-border transfers
All data is stored in a highly secure data center in Zurich, Switzerland.
Cap Table Data
Disclosure to third parties
We do not share Cap Table Data with anyone except as explicitly instructed by the company.
Cross-border transfers
Cap Table Data, including equity data, documents and shareholder data is stored in Switzerland and the data center provider has no access to it.
General Personal Data
Disclosure to third parties
In the context of our business activities and in line with the purposes set out in Section 3 and the applicable data protection laws, we may transfer General Personal Data to third parties, and certain integrated services may enable you to directly provide data to third party providers (together the “Recipients”). This includes, among others, services for chatbots, e-signature solutions, online forms, usage monitoring, crash reporting and newsletter subscription. We do not transfer Cap Table Data to any Recipients and will indicate to you whenever your data input may be transferred to Recipients so you have full control which data to disclose to such Recipients.
Cross-border transfers
General Personal Data may be transferred to the countries where our Recipients are located. If we transfer data to a country without adequate legal data protection, we take all steps reasonably necessary to ensure that such transfer and storage is in accordance with this Privacy Policy and the applicable data protection legislation. In particular Ledgy will implement the Standard Contractual Clauses issued by the European Commission.
6. Your data protection rights
You have legal rights that you can exercise under certain circumstances with respect to your Personal Data that we hold.
You may request a copy of your Cap Table Data at any time, even in the event of bankruptcy of Ledgy. Please note that this right may not be guaranteed in the event of bankruptcy due to legal uncertainty and that a fee may be charged.
We will respond to your request without undue delay, at the latest within one calendar month after receipt.
Right to access your Personal Data
You have a right to request a copy of the Personal Data held by us as a data controller, which we will provide to you in an electronic form. At our discretion, we may require you to prove your identity before providing the requested information.
Right to the amendment of your Personal Data
You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
Right to withdraw your consent
If you have provided your consent to the collection, processing, and transfer of your Personal Data, you have the right to fully or partly withdraw your consent. This includes cases where you wish to opt out from marketing messages.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing. To stop receiving emails from us, please click on the “unsubscribe” link in the email you received from us or use our contact form.
Right to the erasure of your Personal Data
You have the right to request that we delete your Personal Data when it is no longer necessary for the Purposes for which it was collected, or when it was unlawfully processed.
Right to restriction of processing
You have the right to request the restriction of our processing of your Personal Data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial Purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.
Right to the portability of your Personal Data
You have the right to request that we transmit your Personal Data to another data controller in a common format such as Excel, where this is data which you have provided to us and where we are processing it on the Legal Ground of your consent or in order to perform our contractual obligations (e.g. to provide our Services).
Right to object to processing
Where the Legal Ground for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate Legal Grounds for the processing which override your interests, or if we need to continue to process the Data for the establishment, exercise or defense of a legal claim.
Right to lodge a complaint with a supervisory authority
You have the right to appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.
7. Modifications and additions to this policy
We reserve the right to update and change this Privacy Policy from time to time to reflect any changes on how we process your Personal Data or changing legal requirements. The effective date of our Privacy Policy is posted below, and we encourage you to visit our Website periodically to stay informed about our privacy practices. We will inform you about major changes.
Contact information
If you have any questions about this Privacy Policy, please contact us at: