We are committed to you!

EQUISAFE attaches great importance to the protection of your personal data.

Welcome to our privacy policy. This document has been prepared to comply with all data protection laws, including the GDPR. First and foremost, the privacy policy provides all necessary information about the reasons and methods of collecting your personal data, how to exercise your rights regarding the personal data we collect and process, and how we protect your data.

Transparency is fundamental to our business because that's how trust is established. It's our DNA. Compliance is our guiding principle, which is why we are not only considered a Fintech but especially a RegTech using technology to build a safe and transparent financial ecosystem and network.

This privacy policy is governed by the following regulatory framework:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or "GDPR").

French Law No. 78-17 of 6 January 1978 on information technology, data files, and civil liberties.

1. About Equisafe

EQUISAFE is a French company with a global ambition: to build a new model for the financial ecosystem.

It aims to provide the infrastructure, for any eligible investor, to access a fair and secure financial ecosystem for managing investments in digitized securities.

As you may have understood, establishing trust and compliance is a fundamental element of our business model. EQUISAFE is not just a product; it is a network based on blockchain technology, which revolutionizes automated compliance by strengthening the link between legal, financial, and technical aspects.

EQUISAFE Legal Information: EQUISAFE Mailing Address: 18 rue des Capucines, 75002 Paris, France Registered under number 845 383 645 RCS Paris.

Identification of the data controller under the GDPR:

The data controller is the entity that determines the means and purposes of the processing of personal data.

Regarding the processing of your personal data collected via the website, please contact the data controller at the following address: rgpd@equisafe.io

2. What types of personal data does Equisafe collect?

First and foremost, in all transparency, we must tell you that it is necessary for us to collect certain information about you. That said, we only use essential data, following the principle of data minimization.

The personal data concerning you that are collected and processed for the purposes described below are registration information and the KYC process. There are different types of registration depending on whether you are an issuer or a shareholder/investor.

• Issuer registration:

When an issuer creates an account to start using Equisafe's services, they provide us with an email address that will be used as a login; a password to access their account.

KYC data and documents: Gender, first name, last name, date of birth, nationality, phone number, address, profile picture, proof of address, company status, company registration, banking details.

• Shareholder registration:

When a shareholder creates an account to start using Equisafe's services, they provide us with an email address that will serve as a login; a password to access their account.

KYC data and documents: Gender, first name, last name, date of birth, nationality, phone number, address, profile picture, proof of address, company status, company registration, banking details.

Portfolio configuration data: Your Ethereum wallet address is required. By creating your own decentralized wallet, you prevent your assets from being controlled by a third party, meaning you have 100% control over your assets as they are stored on the blockchain and not on a third-party server.

Documents required for STO/DSO:

• Due diligence (this is a thorough investigation into a company's activities, the associated risks, as well as the financial situation and prospects of the company. It essentially involves collecting all relevant information (financial, commercial, and legal). This document may contain personal data.);
• Term sheet (document describing the conditions under which an investor (angel or venture capital investor) will make a financial investment in your company);
• Memorandum (legal document outlining the objectives, risks, and terms of an investment);
• Evaluation report (type of written report detailing the inspection and market value of the asset studied).
  

3. Why does Equisafe collect and process your personal data?

EQUISAFE uses your personal data to:

• Register you as a new user of our services and administer your account: identify and manage your account, provide services, and secure your account.
• Manage the platform and services.
• Manage our relationship with you.

What about regulatory compliance?

Indeed, as you may have noticed, the KYC process is a necessary step before using our services. This issue deserves further discussion. The growth of the FinTech industry has led to increased demand for regulations, particularly in the fight against financial crime. Anti-money laundering (AML) and Know Your Customer (KYC) practices are widespread in the financial world. KYC, or "Know Your Customer," can be defined as the process of verifying a customer's identity. AML practice is broader than KYC and refers to measures used by financial institutions and governments to prevent and combat financial crimes, especially money laundering and terrorism financing. In this context, EQUISAFE appears as an infrastructure that enhances investors' trust and market transparency. It is therefore natural that all these legal requirements are applied by our company.

How do we operate in practice?

For the KYC verification process, we use the Lemon Way KYC digital solution. Lemon Way builds agile KYC automation solutions.

KYC Registrar Smart-Contract:

Our platform uses the Extended ERC-20 Standard (Ethereum) protocol to simplify reporting requirements and regulatory oversight. A smart contract KYC registrar office is implemented for on-chain compliance that is transparent and easily controllable by regulators. It is a code structure ISO 17442: LEI (which is designed to uniquely and unambiguously identify participants in financial transactions).

This smart contract architecture was designed with GDPR principles of data minimization and privacy in mind. The personal data contained in the smart contract for the identification and authorization process are the full legal name in capital letters and the date of birth. But it is important to note that, to comply with CNIL requirements, there are no personal data in clear text on the blockchain. An identification hash and a 12-digit random number are used to make the data unreadable and incomprehensible to any third party.

4. How does Equisafe store and share your personal data?

The personal data collected and processed are hosted in secure databases, using third-party hosting services provided by Amazon Web Services (AWS). AWS infrastructure implements strong protection measures to contribute to the protection of clients' privacy. All data is stored in highly secure AWS data centers. AWS offers several capabilities and security services to increase privacy and control access to the network. These include network firewalls integrated into Amazon VPC and web application firewalls in AWS WAF, which allow you to create private networks and control access to your instances and applications; client-controlled encryption in transit with TLS in all services; automatic encryption of all traffic on AWS's global and regional networks between secure AWS facilities. You can find more information about Amazon Web Services' security practices on their website.

International transfers:

AWS is certified under the EU-US Privacy Shield framework, which requires providing similar protection for personal data shared between Europe and the United States. For more details, see the European Commission's website: Privacy Shield between the EU and the US.

EQUISAFE does not share personal data collected for commercial purposes.

EQUISAFE will disclose your personal data on the order of a court, as part of a government or police investigation, or other legal requirements, to comply with a judicial proceeding, to help prevent or detect crimes.

5. How does Equisafe protect your information?

Security is an important part of our operations. We take appropriate security measures to prevent your personal data from being lost or accessed, modified, or disclosed without authorization.

As you may have noticed, when a user (issuer or shareholder) creates a 12-digit password to start using our services, a confirmation code is sent to them using their email address (two-factor authentication).

All data is encrypted via SSL/TLS (Secure Sockets Layer) when transmitted from our servers to your browser to prevent unauthorized parties from viewing or accessing the personal information you provide during a secure session.

Thus, for data storage purposes, we use the AWS system as explained above, which is a security guarantee. We regularly implement practices to update our physical, technical, and organizational security measures.

6. Knowing your rights and how to exercise them

You must be aware of your rights regarding privacy and personal data.

These rights are as follows:

• Access to your personal information
• Rectification: if you have inaccurate or incomplete personal information
• Limit or restrict the use of your information
• Deletion and right to be forgotten: right to have your information deleted or restrict our use of your data
• Portability in certain circumstances: this is the right to obtain a transferable version of your personal information to transfer to another provider
• Consent management: the right to withdraw your consent to the processing of your personal data

To exercise any of these rights, please write to us at contact@equisafe.io, and we will review your request in accordance with data protection regulations. For your protection, we must ask you to provide proof of identity to allow us to respond to the above requests.

7. How long does EQUISAFE retain your information?

We keep your information:

• only as long as necessary for the purposes set out in this policy
• as long as your account is active or as long as necessary to provide you with the services
• for the duration of your business relationship with us

. We will also retain and use your information to the extent necessary to comply with applicable law, such as the MIFID II directive, which allows keeping your KYC data for one year before renewing them.

8. Changes to the privacy policy

EQUISAFE will likely update the service provided to give you the best possible experience.

9. If you need to contact us:

It's quite simple:

• Online: contact@equisafe.io
• By mail: EQUISAFE 18 rue des Capucines, 75002 Paris, France