Date: 7 July 2025
PRIVACY POLICY
This privacy policy (“Policy”) describes how YouHodler (“YouHodler”, “our”, “we” or “us”) collects, uses and discloses information about Users (hereinafter “Users” or also “User” in the singular) who visit using this website https://www.youhodler.eu (the “Site”) in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and the Swiss Federal Data Protection Act of 1 September 2023 (“DPA”) and related laws.
This Policy also applies when you contact our customer service, download our Platform and/or App (as defined in the “Definitions” section), and contact us via social media and other official channels.
1. DEFINITIONS
For the purposes of this Privacy Notice, the terms hereunder have the following definitions assigned to them:
https://www.youhodler.eu/cookies.
Il Cookies uniquely identify your browser to the server. Cookies allow the Company to store information on the server (e.g. language preferences, technical information, click or route information, etc.).
2. DATA CONTROLLER
The Data Controller is YouHodler SA (“YouHodler”), based at Avenue du Theatre 7, Lausanne, Switzerland, which processes personal data in connection with the use of the Site and the Platform.
3. TYPE OF DATA COLLECTED, PURPOSE AND LEGAL BASIS
YouHodler informs Users that the request to provide certain of the personal data listed and described below may be received by the User at various times during interaction, browsing the Site and/or use of the Platform.
- Visitor/User Data
In order to access the services of the Platform, the following data is collected: Cookies; the User’s geographical location; the type of browser used by the User; the name of the User’s server; the User’s IP address through which the User accesses the Internet; the date and time at which the User accesses the Platform/Application or visits the Site; the pages visited by the User; the Internet address of the websites, if any, from which the User has made a direct connection to the Platform.
Legal basis: consent and legitimate interest of the Controller (Art. 6(1) (a) (f) GDPR; Art. 34 DPA)
- Registration Data
Telephone number; email address; country of residence.
Legal basis: performance of a contract (Art. 6(1) (b) GDPR; Art. 34 DPA)
- KYC and AML data
Personal Data collected for KYC purposes and to make services available on the User’s account, including but not limited to: first and last name, date of birth, gender, address (full details), nationality, country of birth, country of residence, photographic image of an ID, valid ID (for facial comparison, visual authenticity and face comparison, image integrity, validation/comparison/coherence of data that can be matched to the ID, for criminal registration purposes), selfie or video for facial similarity check, document extract (ID report), document extract (assets), document extract (AML), document extract (residence or utility bill), video verification call recordings, documents whose content tends to verify your source of wealth and source of funds.
Legal basis: Performance of a contract and fulfilment of legal obligations (Art. 6(1) (b) (c) GDPR; Art. 34 DPA)
- Eligibility Data of the User
You may have to answer questions and provide certain Personal Data to help us understand which services are best suited to you. This could include: basic employment-based eligibility form, investment and cryptocurrency experience, answers to questions about source of funds, answers to questions for advanced eligibility, answers to questions measuring level of risk, proof of residence, proof of wealth and checklist report.
Legal basis: consent (Art. 6 (1) (a) GDPR; Art. 34 DPA)
- Financial Data
Information relating to the origin of the fiat currency account, fiat currency account address, fiat currency account details, fiat currency account balance, External Wallet address(es), global User account balance, cryptocurrency balance, fiat currency balance, global balance in the External Wallet (if required).
Legal basis: Performance of a contract and fulfilment of legal obligations (Art. 6(1) (b) (c) GDPR; Art. 34 DPA)
- Transaction Data
Information relating to the execution of a transaction or the use of YouHodler’s support services, including cryptocurrency amounts, date of request, details relating to the Agreement (including content viewed, downloaded or sent), billing information, User account activity log, communication log, User account level, currency displayed, public address of the virtual asset service provider (VASP) to which the cryptocurrency funds are sent, sender information and beneficiary (recipient) information of the transactions, the address of the External Wallets, the digital assets in the External Wallets, and any available details (if required).
Legal basis: Performance of a contract and fulfilment of legal obligations (Art. 6(1) (b) (c) GDPR; Art. 34 DPA)
- Credit data
Data collected (relating to the User) before using the services via the Platform, including full name, address, date of birth, all information and documents relating to the pledgeable part of the income:
- a) all income of any kind
- b) all income from employment;
- c) all usufruct rights and their products/all life annuities;
- d) all maintenance contributions;
- c) all pensions and benefits of any kind intended to cover a loss of earnings or a claim arising from the right to maintenance, in particular pensions and lump-sum benefits;
- f) a reference pay slip, if you are self-employed; all relevant information and documents proving income; all relevant information and documents on your financial situation; rent; an extract from the rental agreement; an extract from your tax return; the amount of all credits already obtained; an extract from the debt enforcement register; and all relevant information and documents on expenses.
Legal basis: Performance of a contract and fulfilment of legal obligations (Art. 6(1) (b) (c) GDPR; Art. 34 DPA)
- Automatically collected data (in this case it depends on the State where the User is located, in Italy at the moment these data are not collected)
- a) Location Data - Information that is automatically collected through analytics providers to determine your location, including your IP address and/or domain name, the internet address of websites from which you have directly linked to the Application, login information, browser type and version, date and time you access the Application, browser plugin types and versions, operating system and platform. This information is collected to verify the User’s location in order to provide proof of address (PoA).
- a) Log Data - Information generated from Platform usage that is automatically collected and stored by YouHodler. This information may include, but is not limited to, device specific information, location information, system activity and any internal and external information relating to pages visited.
Legal basis: Performance of a contract and fulfilment of legal obligations (Art. 6(1) (b) (c) GDPR; Art. 34 DPA)
- Data Collected from Third Party Providers
- a) Bank Transaction and/or Payment Provider Information - Information from banks and/or payment providers used to transfer money to YouHodler, such as basic personal information, name and address, as well as financial information such as bank account details and, where possible, card details when making card payments.
- b) Advertising Data - Information from advertising networks, analytics providers and search engine information providers that is anonymous or anonymised information.
- c) PEP Screening and Sanctions Information - Information collected and conducted by our third party AML service providers or from public domain databases based on information extracted from your ID.
Legal basis: Performance of a contract and fulfilment of legal obligations (Art. 6(1) (b) (c) GDPR; Art. 34 DPA)
4. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We share personal data in the following circumstances
- parties, companies or agencies that provide support and/or services to YouHodler (e.g. IT services, marketing services and analysis or consulting activities), who process personal data as data controllers or on behalf of YouHodler as data processors;
- third parties who are required to know the data by law (e.g. police forces or public authorities), in accordance with the principles of proportionality and minimisation
We also share aggregated or de-identified information that cannot reasonably be used to identify you.
5. ANALYSIS
We allow others to provide analytics services on our behalf on the web and in mobile applications. These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our Site and other sites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile applications, links clicked, and conversion information. For more details please see our Cookie Policy
6. TRANSFER OF DATA TO EUROPEAN AND NON-EUROPEAN COUNTRIES
YouHodler operates and uses service providers in different jurisdictions.
Therefore, we and our service providers may transfer personal information collected from you to jurisdictions and countries that may not provide equivalent or adequate levels of data protection.
By using our Site and App, you acknowledge and agree to such transfers and processing from countries outside the European Union or the European Economic Area (so-called Third Countries) to Europe and vice versa, which are nevertheless recognised by the European Commission as providing an adequate level of data protection or other contractual safeguards under the GDPR and the DPA (for example, by signing standard contractual clauses provided by the European Commission).
Further information can be requested by writing to support@youhodler.com.
7. SINGLE SIGN ON (SSO) INTEGRATION
We offer you the ability to sign-in to our services using your Google Sign-in or Apple ID account: when you choose to use Google Sign-in or Apple ID login, we collect and process certain information from your Google or Apple ID account to create and manage your profile, which may include your name and email address.
By using Google Sign-in to access our services, you consent to the collection and processing of this information: we only use this information to manage your authentication and profile; we do not access or store any other personal information or sensitive data from your Google Account.
Your use of Google Sign-in is subject to Google’s privacy policy and terms of service, so we encourage you to review Google’s privacy policy to understand how they manage your data.
In accordance with applicable data protection regulations, you have the right to revoke this consent at any time and request removal of your account by contacting our team at support@youhodler.com.
8. DATA RETENTION
We retain other personal information for as long as necessary to fulfill the purposes for which we originally collected it and subject to (i) the time necessary to retain the information to fulfill the purpose for which it was obtained, (ii) any legal or regulatory requirements applicable to such information, (iii) internal operational needs, and (iv) any information needs based on actual or anticipated investigations or litigation.
9. EXERCISE OF RIGHTS
Subject to certain limitations, you have the right to request access to the personal information we hold about you and to receive it in portable format, the right to request rectification or erasure of your personal information and the right to object to or request restriction of certain processing. If you wish to exercise any of these rights, please contact us at support@youhodler.com.
10. COMPLAINTS
You have the right to lodge a complaint with the Italian or Swiss Data Protection Authority, whose contact details can be found on the websites of the respective authorities.
This Privacy Policy may be amended from time to time, so we encourage Users to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.
Updated 7 July 2025
ANNEX 1 - LIST OF CROSS-BORDER TRANSFERS
EU Member States GDPR
- United Kingdom Adequacy Decision
- United States of America Additional security measures and organisation
- Switzerland Adequacy decision
Other recipients of personal data for processing purposes (Sub-processors)
Twilio
Annex 2 - Standard Contractual Clauses for International Transfers
The standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council are incorporated herein by reference and made available at the following link:
https://commission.europa.eu/system/files/2021-06/1_en_annexe_acte_autonome_cp_part1_v5_0.pdf
Forms are available upon request by email to: legal@youhodler.com.
