This is our privacy policy and Fractal ID User Agreement

Privacy Policy
Effective Date: 1 November 2019

This is the Privacy Policy of Trust Fractal (“We”, “Us”, or “Fractal”). It governs your personal data which is processed in the context of an agreement entered into between you and us on
the use of the services of Fractal, including the use of our website and software. In terms of this policy, 'processing' means any operation or set of operations which is performed on your personal data. This personal data may include personal details, details about the way you access our website and software, and details about which Fractal partners you access, among
others and is described below in more detail.

This remainder of the policy shall provides information on the processing, the legal basis upon which the Personal data is processed by us and how you may exercise your rights over your Personal Data. Where this Policy refers to provisions contained in the General Data Protection Regulation (GDPR), these provisions shall apply. In case of any conflict between the GDPR and the terms of the Privacy Policy , the provisions of the GDPR shall prevail.

Purpose and Legal basis for the processing

In order to use our Fractal ID software you must register with us. Your use of Fractal ID requires submission of certain necessary information, particularly your e-mail address among other data. You may not use Fractal ID without submitting the information stated as necessary at registration. Therefore, the processing of your personal data is required to carry out our services to which the legal basis is Art. 6 (1) (b) of the GDPR.

After registration, you are able to voluntarily provide further personal data and store these with us so that you may use certain services or software. You may also provide this personal data and provide consent to transfer such personal data to third parties for the purpose of registering and maintaining a business relationship with such third parties. The legal basis for the processing of personal data is your consent pursuant to Art. 6 (1) (a) of the GDPR.

While providing personal data for the purposes of registering and maintaining a business relationship with third parties, you may also voluntarily verify yourself and your personal data through Fractal so that you may use your personal data in relation to third parties. The legal basis for the processing of such personal data is your consent pursuant to Art. 6 (1) (a) of the GDPR.

Similarly, your personal data and its verification may be collected, processed and stored for the purposes of satisfying a legal obligation that a third party must meet to enter into and maintain a business relationship with you. In such an event, the legal basis for the processing and storage of such personal data is your consent pursuant to Art. 6(1) (c) of the GDPR. During any verification process you decide to undergo, you may be asked to voluntarily provide biometric data for the purposes of uniquely identifying yourself as a natural person. In these cases, you give explicit consent for the processing for the purpose of identifying yourself as a natural person The legal basis for the processing of such personal data is your consent pursuant to Art. 9(2)(a) of the GDPR.

We also process your personal data in order to show you the third parties you have authorized us to send personal data to previously and also to make corresponding suggestions of other third parties who you may want to register with using our services. Without being able to process your personal data for this purpose, we would not be able to perform the services we have agreed to with you. The legal basis for the processing of such personal data is your consent pursuant to Art. 6 (1)(b) of the GDPR.

We may use your personal data in order to send you marketing information or emails if you have agreed to receive such. If you have agreed to such, then may also use the personal data that we collect in order to send you information on the products and services offered by Fractal or its third-party partners. The legal basis for the processing of such personal data is your consent pursuant to Art. 6 (1) (a) of the GDPR.

If you voluntarily submit a customer support request via an email, chat or other correspondence system we will also process your personal data for the purpose of fulfilling such request. The legal basis for the processing of such personal data is your consent pursuant to Art. 6 (1)(a) of the GDPR. Further, while providing information to us, we may need to contact you to be able to provide our services correctly. The legal basis for the processing of such personal data is your consent pursuant to Art. 6 (1)(b) of the GDPR.

Finally, we also process your personal data for the purposes of the legitimate interests, in order to ensure the integrity, security and availability of our system, services software and your personal data to you, us and the third parties you have authorized. The legal basis for the processing of such data is Art. 6 (1) (f) of the GDPR.

Transfer to third countries

We may use processors that process your data in countries outside of the EU. In case we transfer Personal Data outside the territorial scope of the GDPR, we ensure that there is either an adequacy decision by the European Commission or that a similar level of data protection compared to the GDPR is guaranteed by the use of the contractual clauses at least as
protective as those provided by the EU Commission. We do this by entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EC). (https://eurlex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en).

Recipients of Data

To conduct our Services, we use third party service providers to provide us with necessary services. We may transfer your personal data to these service providers for further processing based on your consent with this privacy policy or on the basis of your agreement to use our services. All transfer of data is undertaken by way of secure connections to these service providers. These service providers only receive your personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which your personal data are processed. These include the following categories of service providers: identification service providers, identity verification providers, monitoring services, server hosting providers, newsletter senders, customer relationship or support services, website hosting services, email sending services, web traffic analysis providers.

Additionally, through our services your data may be transferred to third parties so that you may register and maintain an account and/or business relationship with those services. You will be asked to consent to the transfer and continual transfer of your personal data to those individual third-party services upon the first transfer of your personal data. You may revoke your consent to their access to your personal data on our servers at any time. We may however be required to store your personal data on their behalf and send personal data to them again if there is a legal obligation to do so.

The categories of personal data we process

As described above, we require that you provide us with your email address to register for our services. In addition to collecting your email address, we may collect and process information about the device you use, location settings of the device, and your IP address. During the use of our services we may require you to provide the following categories of personal data to access certain third parties or even our own services. Your provision of this personal data is always voluntary, but if certain personal data is not provided you may not be able to utilize all services:

name, nationality, country of residence, address, phone number, place of birth, date of
birth, identification document information, personal photo, biometric face scans, financial
details, and company/workplace details.

Your rights when your Personal Data are being processed

We guarantee you the applicable rights of the German data protection laws. Please note that we will require you to provide us with proof of identity before we respond to any requests for the exercise of your rights.
To exercise any of your rights, please contact us at:
Trust Fractal GmbH
Wiener Straße 10
10999 Berlin, Germany
Email: privacy@fractal.id

As soon as personal data is being processed, you have the following rights:

(a) Right of access
Pursuant to Art. 15 GDPR, you have the right to obtain confirmation as to whether or not your personal data is processed.

(b) Right to rectification
In accordance with Art. 16 GDPR, you are entitled to demand that we rectify your personal data if they are inaccurate or erroneous.

(c) Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right to demand a restriction of processing for your personal data. This may result in us being able to longer offer you services. However, if we stop processing the Personal Data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. to comply with regulatory obligations, for the defence of legal claims or for the protection of another natural or legal persons or for reasons of important public interest of the EU or a Member State).

(d) Right to erasure (‘right to be forgotten’)
In accordance with Art. 17 GDPR, you have the right to have your personal data erased without undue delay. This does not include your personal data that has to be stored due to statutory provisions or in order to assert, execute or defend legal claims. Please note that after deleting the Personal Data, we may not be able to provide the same level of servicing to you as we will not be aware of your preferences.

(e) Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to a third party without hindrance from Fractal, if
● The processing is based on consent pursuant to Article 6 (1)(a) GDPR or on a
contract pursuant to Article 6 (1)(b) GDPR; and
● The processing is carried out by automated means.
The relevant subset of Personal Data is data that you provide us with your consent or for the purposes of performing our contract with you.

(f) Right to object
Pursuant to Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data which is based on Article 6 (1) lit. e) or lit. f) GDPR, including profiling based on those provisions. The Controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims.

(g) Right to withdraw your consent
You have the right to withdraw your consent under the data protection law at any time. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal of your consent regarding your personal data may lead to the termination of your contract as the whole contractual relationship between Fractal and You is dependant on personal data.

(h) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. You have the right to address the supervisory authority for any questions or complaints. The supervisory authority of Fractal is the data protection supervisory authority in Berlin (‘Berliner Beautragte für Datenschutz und Informationsfreiheit’) https://datenschutzberlin.de/.

Automated individual decision-making

Our software conducts automated screening of personal data to issue a decision on your eligibility to participate in third party services. This decision may negatively impact your ability to participate in those third-party services. Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing of your biometric data and which produces legal effects concerning you. You have the right to elect to have your data reviewed by a natural person assigned by Fractal. In case you do not agree with the automated decision, or its review, you may not be able to use our services.

Data Retention

We will not retain your personal data for longer than is necessary for the purpose it was collected. Thus, we store your data for as long as you have an account with Fractal. You may cancel your account with Fractal at any time, in which case we will delete your data once all outstanding transactions are settled and once we confirm there are no legal retention obligations to continue storing the data. Should we have a legal obligation to continue storing your personal data, either on our own behalf, or on behalf of a third party, we will delete the data as soon as that legal obligation ends.

Controller Details

Your personal data will be processed and controlled by us. Fractal is your data controller in the context of our software and services and your account with us. Our full address is:

Trust Fractal GmbH
Wiener Straße 10
10999 Berlin, Germany
E-mail: privacy@fractal.id

You may also contact our data protection officer at the above e-mail address or:

DGD Deutsche Gesellschaft für Datenschutz GmbH
Fraunhoferring 3
85238 Petershausen

In case you provide your consent to process your personal data with Fractal in order to participate in third party services who have legal obligations to collect and process your personal data to be eligible to participate in those third party services, then Fractal is a data processor on behalf of those third parties regarding the personal data process required for that eligibility. Information on such third parties is provided in our software or contact us via the e-mail address provided.

Changes to the privacy policy or the purpose of processing
This Policy was last updated on the effective date noted above. This Policy may be amended or updated from time to time to reflect changes in our privacy practices with respect to the processing of personal data or changes in the applicable law. We encourage you to save this Privacy Policy locally on your computer and to regularly check this page so that you may
review any changes we might make. If we make a material change to the Privacy Policy, you will be provided with appropriate notice.

USER AGREEMENT
effective 2 December 2019

This User Agreement (the “Terms”) establishes the terms and conditions that apply and govern your use of the Services of Trust Fractal GmbH, Wiener Straße 10, 10999 Berlin, Germany (referred to as “Fractal”, “we”, and “us”) as a user. These terms are legally binding, thus we ask that you read them very carefully.

Fractal offers software which includes applications and services that are owned, licensed, managed and/or developed by Fractal for the purposes of verification and management of identifying information or providing information about identity verification and management (“Services”). Also included in the Services is transmission of certain parts of your data to third parties, upon your consent, so that you may verify your eligibility to use and login to those third party services and into those services.

These Terms do not alter or control in any way other written terms or conditions or other agreements you have agreed to with Fractal. Additionally, if you are representing a legal entity (such as a business), by using these Services you are warranting that you have authority to bind that entity to these terms. You must also have the legal capacity to agree to these legal terms and conform to the eligibility requirements found below to agree to these terms and use Fractal’s Services.

By clicking “I agree” or otherwise using the Services you agree to be bound by these Terms and any other terms referenced by these Terms.

Eligibility to use the Services

By using or registering for the Services you represent and agree that:
You are 18 years or older;
You will follow these Terms;
You have not been suspended from using the Services before;
You will provide updated and accurate information;
Only you or a legally authorised representative of yours will use your account;
You will maintain the security of your account and never transfer it;
You will only register for one account that is on behalf of yourself when registering as a natural person;
You are not sanctioned or restricted in a way that would make your use of the Services unlawful according to any applicable laws or treaties.
You will otherwise follow the law.

  1. Registration for the Services

You may be required to provide certain information (such as identification, business or trade name, physical address, email, phone number, business details) as part of the registration process for any Services, or as part of your continued use of the Services. Any information you give to Fractal must always be accurate and up to date and you will inform us promptly of any updates. The information you provide must not misrepresent you or be intentionally inaccurate. Fractal can, at its own discretion, at any time, suspend your access to Services if Fractal becomes aware that the provided information is incorrect or expired, until you provide or correct the information.

  1. Availability of the Services

Fractal may change, limit or discontinue any of the Services with reasonable notice, if such notice is required. This includes for maintenance purposes. Fractal is also entitled to temporarily prevent or restrict your use of the Services if and to the extent required for the security and functioning of the Services. Fractal has no obligation to maintain the uptime of Services, but shall try its best to make the Services reliable and available to you.
4. Prohibited Use of Fractal ID
When using the Services, you may not (or allow those acting on your behalf to):
Utilize the Services for unauthorized or unlawful purposes, to engage in or support any unlawful activities, in a way that contradicts any applicable guidance, orders, regulations, or rules of Fractal or any presiding government, court, law enforcement agency, supervisory authority and/or regulatory agency, or to facilitate any activities that can lead to death, personal injury or environmental damage;
Use the Services for a third-party or enable a third-party to use Fractal ID by disclosing, offering or selling your account information or by any other means except to your own legally authorized representatives;
Copy, reverse engineer or attempt to extract the source code from any component of the Services;
Introduce into any component of the software: any viruses, worms, defects, Trojan horses, malware, or any items of a destructive nature;
Interfere with or disrupt in any way Fractal or the servers or networks providing the Services;
Use unauthorized bots or applications to access the services; or
Submit false, incorrect or incomplete information through the Services.

  1. Indemnification
    Unless prohibited by applicable law, you will defend and indemnify Fractal, and its affiliates, directors, officers, employees, and Users, against all liabilities, damages, losses, costs, fees (including legal fees), and expenses, including all damages Fractal may incur relating to any allegation or third-party legal proceeding to the extent it arises from your misuse of the Services or your violation of these Terms.
  2. Disclaimer

EXCEPT AS EXPRESSLY SET OUT IN THE TERMS OF SERVICE, FRACTAL DOES NOT MAKE ANY SPECIFIC PROMISES ABOUT THE SERVICE. FOR EXAMPLE, WE DO NOT MAKE ANY COMMITMENTS ABOUT THE SPECIFIC FUNCTIONS OF THE SERVICES, OR THE SERVICES’ RELIABILITY, AVAILABILITY, OR ABILITY TO MEET YOUR NEEDS. FRACTAL ALSO DOES NOT REPRESENT OR WARRANT THAT THE CONTENT OR THE SERVICES ARE COMPLETELY ACCURATE, COMPLETE, RELIABLE, CURRENT, OR ERROR-FREE. WE PROVIDE THE SERVICES "AS IS". YOU ALSO ACKNOWLEDGE THAT, BECAUSE OF THE NATURE OF THE INTERNET, MOBILE NETWORKS, AND THE DEVICES WHICH ACCESS THE INTERNET AND/OR MOBILE NETWORKS, THE SERVICES MAY NOT BE ACCESSIBLE WHEN NEEDED, AND THAT INFORMATION, DATA, AUDIO AND VIDEO TRANSMITTED OVER THE INTERNET AND/OR MOBILE NETWORKS MAY BE SUBJECT TO INTERRUPTION OR THIRD PARTY INTERCEPTION AND MODIFICATION THAT IS OUTSIDE THE CONTROL OF FRACTAL. ADDITIONALLY, FRACTAL CANNOT WARRANT OR REPRESENT THAT YOUR USE OF THE INTERNET OR SERVICES IS SAFE AND YOU SHOULD USE REASONABLE SAFETY MEASURES TO PROTECT YOURSELF FROM ANY HARMFUL COMPONENTS. YOU EXPRESSLY AGREE THAT YOUR USE OF THE SERVICES AND YOUR RELIANCE UPON ANY OF THE CONTENT IS AT YOUR SOLE RISK.

SOME JURISDICTIONS PROVIDE FOR CERTAIN WARRANTIES, LIKE THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. EXCEPT AS EXPRESSLY PROVIDED FOR IN THESE TERMS OF SERVICE, TO THE EXTENT PERMITTED BY LAW, FRACTAL EXCLUDES ALL WARRANTIES, GUARANTEES, CONDITIONS, REPRESENTATIONS, AND UNDERTAKINGS.

  1. Limitation of Liability
    UNLESS PREVENTED BY LAW, FRACTAL WILL NOT BE RESPONSIBLE FOR LOST PROFITS, REVENUES, OR DATA; FINANCIAL LOSSES; OR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES AND ANY LIABILITY SHALL BE LIMITED TO INJURY TO BODY, LIFE, OR HEALTH. IN ALL CASES, FRACTAL WILL NOT BE LIABLE FOR ANY EXPENSE, LOSS, OR DAMAGE THAT IS NOT REASONABLY FORESEEABLE IRRESPECTIVE OF THE LEGAL BASIS. WHERE LIABILITY IS BASED ON FAULT, FRACTAL’S LIABILITY FOR DAMAGES CAUSED BY INTENTIONAL ACTS AND GROSS NEGLIGENCE SHALL BE UNLIMITED. IN ALL OTHER CASES, THE LIABILITY OF FRACTAL IS EXCLUDED.

  2. Termination of Services
    You may terminate this Agreement at any time without notice and without stating reasons, by contacting Fractal in writing, or simply by stopping your use of the Services. Fractal reserves the right to terminate the Agreement with you at any time and for any reason with you by giving you reasonable notice via email. Fractal also reserves the right to discontinue the Services or any portion or feature or your access thereto for any reason and at any time without liability or other obligation to you.
    If you or Fractal terminate this agreement, Fractal may block your accounts at the effective date of termination. After which it will no longer be possible to use the Services without agreeing to these terms. Unless prevented by any statutory storage or retention periods or a need to process current accounts or transactions, your personal data will be permanently deleted after 30 days unless you reagree to these terms and restore your account.

  3. Privacy

Please refer to Fractal’s Privacy Policy for information about how we collect, use, and disclose information about you. By accepting these Terms, you acknowledge that you must also consent to the data handling and information security practices described in our Privacy Policy.

  1. General Provisions

These Terms constitute the entire agreement between you and Fractal, unless a separate agreement has formed between you and Fractal. Unless indicated elsewhere, these Terms shall supercede any oral agreements, and all supplements and modifications must be made in writing. Where this agreement conflicts with separate agreements between you and Fractal related to the Services, these Terms shall be superseded by any conflicting parts of those agreements.

We may modify these Terms and any other documents linked or referred to in these Terms of Service (together, “Documents”), or any portion of the Documents. You should look at these documents regularly. We will notify you of modifications to the Documents by posting a notice or by sending you an email (using the address you provided when registering), as we may determine, at our sole discretion, on a case-by-case basis. Changes will not apply retroactively and will become effective after a reasonable time, as stated by Fractal, after they are posted, or as soon as applicable law allows, whichever is later. If you do not agree with the modifications to the Documents and/or to the functionalities of the Services, you should terminate these Terms. Your continued use of the Services constitutes your acceptance of the modification to the Documents and/or to the functionalities of the Services.

You and Fractal each agree to contract in the English language. If we provide a translation of these Terms, we do so for your convenience only and the English language terms will solely govern our relationship. These Terms do not create any third party beneficiary rights or any agency, partnership, or joint venture. Nothing in these Terms will limit either your or Fractal’s ability to seek injunctive relief. You are not entitled to set-off, unless your claims are legally established. If you do not comply with these Terms, and Fractal does not take action right away, this does not mean that Fractal is giving up any rights that it may have (such as taking action in the future). If a particular term is not enforceable under law, this will not affect any other terms.

These Terms shall be construed in accordance with German law. The laws of Germany will apply to any disputes arising out of or related to these Terms or the Services and ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICES WILL BE LITIGATED EXCLUSIVELY IN THE COURTS OF BERLIN, GERMANY, AND YOU AND FRACTAL CONSENT TO PERSONAL JURISDICTION IN THOSE COURTS.

Question about your verification?

Contact support at support@fractal.id

Email support