Privacy & Cookies Policy
This Privacy & Cookies Policy (“Policy”) explains how Summa GmbH, a company incorporated in Switzerland, having its registered office at c/o Sielva Management SA, Gubelstrasse 11, 6300 Zug, Switzerland (“Summa GmbH”, “Company”, “we”, “us”, or “our”), collects, uses, stores and shares your personal data when you use our website https://onegog.io (“Site”) and any related services (“Services”).
For the purposes of applicable data protection laws (including the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR)), Summa GmbH is the data controller of your personal data.
If you have questions about how we protect or use your data, contact us at guidance@onegog.io.
1) How We Protect Your Data
We use secure servers and encryption (TLS/HTTPS) to protect your information. Only staff and service providers with a legitimate need to know have access to your data and are bound by confidentiality obligations.
While we implement security measures, transmission over the internet is never completely secure. You use our Services at your own risk.
2) Information We Collect
We collect several categories of personal and technical information to operate the Services, comply with legal obligations, and improve your user experience.
2.1 Information You Provide
When you create an Account or use the Services, you may give us a range of details, including but not limited to:
Basic identification data: full name, email address, phone number, residential address, date and place of birth, nationality.
Identity verification documents: a copy of your passport, national ID card, driver’s license, or other government-issued identification; in some cases we may ask for a “selfie” or live video for identity confirmation.
Financial details: bank account information, payment card details (processed via secure third-party gateways), cryptocurrency wallet addresses you link or use with our platform.
Compliance information: your employment status or occupation, details about the source of funds or source of wealth, tax residency information, and any other documentation we may need to meet anti-money laundering (AML) and counter-terrorist financing (CTF) requirements.
Communication content: information you submit through support tickets, emails, forms, or surveys (e.g., feedback, complaints, or responses to compliance requests).
Important: If you provide personal data about someone else (for example, if you act on behalf of a company and share details of directors or beneficial owners), you confirm that you have the legal right to share that information and that the individual understands and agrees to our processing as described in this Policy.
2.2 Information We Collect Automatically
When you access or use the Site and Services, we automatically gather technical and behavioral data to keep the platform secure and functional:
Technical details: Internet Protocol (IP) address, browser type and version, operating system, language preferences, time zone, device identifiers, hardware model, and connection type.
Usage data: dates and times of logins, pages and screens you visit, buttons or links you click, time spent on certain pages, search queries, referral URLs, and other interaction metrics that help us understand how our platform is used.
Transaction metadata: records of orders, deposits, withdrawals, cryptocurrency wallet addresses involved in your transactions, and confirmation details (hashes, network fees, status codes).
Diagnostic & performance data: error reports, crash logs, and technical measurements that help us monitor stability and detect suspicious or malicious activity.
This automatic data collection helps us secure accounts, prevent fraud, optimize performance, and comply with regulatory record-keeping obligations.
2.3 Information From Third Parties
We may also receive information about you from external sources, including:
- KYC/AML verification partners that validate your identity, screen for sanctions/PEP status, and confirm the authenticity of documents.
- Fraud-prevention and risk databases that flag suspicious activities or known compromised credentials.
- Payment service providers, banks, and card networks that confirm payment details, ownership of accounts, and transaction outcomes.
- Business partners or service providers who help us meet compliance and security requirements, support customer onboarding, or provide analytics to improve user experience.
3) How We Use Your Information
We use the personal data we collect for several clearly defined purposes. Each purpose is tied to a lawful basis under applicable data protection laws (such as the Swiss FADP and the EU GDPR).
3.1 Providing and Operating the Services
Account creation & management: verifying your identity, setting up and maintaining your profile, and enabling secure login and authentication.
Transaction processing: facilitating deposits, withdrawals, exchanges of fiat and cryptocurrency, and any other transactions you request.
Customer support: responding to questions, troubleshooting issues, and resolving complaints or disputes.
These activities are necessary to perform our contract with you.
3.2 Meeting Legal & Regulatory Obligations
Anti-Money Laundering & Counter-Terrorist Financing (AML/CTF): screening against sanctions lists, politically exposed person (PEP) lists, and other watchlists; monitoring transactions for suspicious activity; reporting to competent authorities where required.
Tax reporting & record-keeping: maintaining legally mandated records of your transactions and identity information.
Responding to lawful requests: cooperating with regulators, law enforcement, and courts when required.
These uses are based on legal obligations that apply to financial service providers.
3.3 Securing the Platform & Preventing Fraud
- Monitoring logins, device usage, and network traffic for unusual patterns that might indicate unauthorized access or abuse.
- Running automated risk scoring and fraud-prevention tools to protect you and the platform.
- Detecting technical errors, bugs, and potential cyber-attacks to maintain the availability and integrity of the Services.
3.4 Improving and Developing Our Site & Services
- Analysing how users interact with the platform to identify usability issues or popular features.
- Running A/B tests and user experience research to make the platform more intuitive.
- Adding new features or products based on aggregated user behavior and market needs.
3.5 Communicating With You
Operational messages: confirming transactions, notifying you of account or security events, and informing you about policy or Terms of Use updates.
Marketing & promotions: sending information about new features, offers, or campaigns (only where lawful).
Surveys & feedback: inviting you to provide opinions or participate in product research.
Marketing messages and some optional communications are sent only if we have a lawful basis, typically consent or a pre-existing customer relationship permitted under Swiss/EU law. You can opt out or withdraw consent at any time (see Section 8, Your Rights).
3.6 Analytics, Research & Reporting
- Compiling aggregated or anonymised data to understand trends, trading activity, or system performance.
- Generating internal business intelligence reports to help guide strategy and compliance planning.
- Measuring the effectiveness of marketing campaigns or referral programs without identifying individual users.
4) Disclosure of Your Information
We treat your personal data with care and only share it when there is a valid legal, contractual, or operational reason. We do not sell or rent your personal information to third parties.
4.1 Service Providers and Contractors
We engage carefully selected third-party vendors to help us operate and secure the Services.
These include:
- Identity verification & AML/CTF screening partners that check documents, perform sanctions and politically exposed person (PEP) checks, and monitor transactions for suspicious activity.
- Cloud hosting & IT infrastructure providers that securely store data and keep our platform running.
- Payment processors & banking partners that facilitate fiat and crypto transactions.
- Analytics, risk, and fraud-prevention tools that help detect abnormal patterns or protect against unauthorized use.
4.2 Affiliates and Business Partners
We may share information with companies within our corporate group or with trusted business partners who assist us in delivering or enhancing the Services (for example, technology integrations, liquidity providers, or joint promotional campaigns). Such sharing is limited to what is necessary for the agreed purpose.
4.3 Legal & Regulatory Authorities
We may disclose your data when required by law or regulation, including to:
- Swiss or foreign regulators and supervisory authorities for AML/CTF, sanctions, or prudential compliance.
- Law enforcement agencies, courts, or administrative bodies in response to subpoenas, warrants, or lawful requests.
- Tax authorities where reporting obligations exist.
4.4 Corporate Transactions
If we undergo a business transaction such as a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred to the relevant successor entity or purchaser. We will ensure that any acquiring party is bound by confidentiality and data protection obligations no less strict than those described in this Policy.
4.5 Protection of Rights & Security
We may share information when we believe it is necessary to:
- Enforce our Terms of Use or other agreements.
- Protect the rights, property, or safety of Summa GmbH, our users, or others.
- Detect, investigate, and prevent fraud, unauthorized access, or security breaches.
4.6 No Sale of Personal Data
We never sell or trade your personal information to third parties for monetary or marketing gain.
5. Cookies & Similar Technologies
We use cookies and similar technologies to make the Site work, remember preferences, improve performance, and provide analytics.
5.1 Types of Cookies
Strictly Necessary Cookies: Required for core functions such as login and security.
Analytics Cookies: Help us understand how users navigate the Site (e.g. Google Analytics).
Preference Cookies: Store your language or region settings.
Marketing Cookies: Help show relevant ads (if used). You will be asked for consent where required.
5.2 Managing Cookies
You have control over your cookie preferences:
Consent banner & settings: When you first visit our Site, you will see a cookie banner. You can accept all, reject non-essential cookies, or adjust your preferences.
Browser controls: Most web browsers allow you to refuse or delete cookies at any time by adjusting your settings. Instructions are usually found in your browser’s “Help” or “Privacy” section.
Effect on Services: Please note that disabling some cookies (particularly Strictly Necessary Cookies) may reduce functionality, prevent you from logging in, or affect performance.
For more information about cookies and how to manage them, you can visit resources such as www.allaboutcookies.org or your national data protection authority’s guidance.
6. International Data Transfers
We aim to keep your personal data within Switzerland or the European Economic Area (EEA), where privacy protections are considered adequate under both Swiss and EU law. Our main servers and primary technical infrastructure are hosted in these jurisdictions.
However, certain trusted service providers or partners may be located in, or may process your data from, countries outside Switzerland and the EEA (for example, where we use specialised technology providers or payment networks that operate globally).
Whenever such a transfer occurs, we implement appropriate legal and technical safeguards to ensure your information remains protected to a standard essentially equivalent to Swiss and EU data protection rules.
These safeguards include:
Adequacy Decisions: We may transfer data to countries officially recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the European Commission as providing an adequate level of data protection.
Standard Contractual Clauses (SCCs): Where an adequacy decision is not in place, we use the European Commission’s approved SCCs (or equivalent Swiss-approved clauses) in our contracts with service providers to guarantee appropriate privacy and security standards.
Additional Technical and Organisational Measures: Such as encryption in transit and at rest, strict access controls, and contractual audit rights to help maintain compliance.
We transfer personal data internationally only when necessary to deliver the Services, comply with legal obligations, or support our business operations. You may request a copy of the relevant safeguards (e.g., the SCCs) by contacting us at guidance@onegog.io.
7. Data Retention
We store your personal data only for as long as it is reasonably necessary to achieve the purposes for which it was collected, to comply with legal and regulatory obligations, and to protect our legitimate business interests.
Active Accounts: We keep your data for as long as your onegog.io account remains open so that you can continue to use our Services, view your transaction history, and maintain security.
After Account Closure: Once you close your account, we generally retain certain personal and transactional records for a minimum of five (5) to ten (10) years, as required under Swiss Anti-Money Laundering Act (AMLA), financial regulations, tax laws, and record-keeping obligations. This retention period allows us to comply with audits, respond to lawful requests, resolve disputes, and protect against potential fraud or abuse.
Shorter Periods for Non-Essential Data: Information that is not subject to a legal retention requirement (for example, routine technical logs or non-essential communications) will be deleted or anonymised once it is no longer needed for operational or security purposes.
Backups and Security Logs: Some residual data may remain in secure backups or system logs for a limited time before being automatically overwritten or securely destroyed.
When data is no longer required, we either delete it permanently or anonymise it so it can no longer be linked back to you.
8. Your Rights
Subject to certain legal limitations and our obligations under Swiss law (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
Right of Access: You may request confirmation as to whether we process your personal data and, if so, obtain a copy of that data together with information about how we use it.
Right to Rectification:If any of your personal data is inaccurate, incomplete, or outdated, you can ask us to correct or update it.
Right to Erasure (“Right to Be Forgotten”): You may request that we delete your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent (if consent was the legal basis), or where the data has been unlawfully processed. Please note that we may decline deletion where retention is required by law (for example, AML record-keeping obligations for up to 10 years).
Right to Restrict Processing: In certain situations (such as when accuracy is contested or processing is unlawful), you can ask us to restrict how we use your data without deleting it.
Right to Object: You may object to processing based on our legitimate interests (e.g., analytics or certain communications) and to receiving direct marketing. We will respect your objection unless we have compelling legitimate grounds or are legally required to continue processing.
Right to Withdraw Consent: If we rely on your consent (e.g., for marketing emails or optional cookies), you can withdraw it at any time. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.
Right to Data Portability: You may request a copy of certain personal data in a structured, commonly used, machine-readable format and ask us to transfer it directly to another controller, where technically feasible.
Right Not to Be Subject to Automated Decisions: You have the right to request human review if a decision that significantly affects you is made solely by automated means (e.g., risk scoring for AML checks).
8.1 How to Exercise Your Rights
You can exercise any of the rights above by contacting us at guidance@onegog.io.
We may need to verify your identity before fulfilling your request to protect your data from unauthorized access.
We aim to respond within 30 days of receiving a valid request, but this may be extended where the request is complex or we have to comply with legal obligations.
8.2 Complaints
If you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or with your local EU supervisory authority if GDPR applies.
9. Third-Party Links
Our Site and Services may contain links to websites, applications, or services operated by third parties. These external sites are provided for your convenience, additional information, or to enable certain integrations (for example, third-party analytics dashboards, partner offers, or external wallets).
Please note that when you click on a third-party link or use an external integration:
- You will leave our Site and be redirected to a service that we do not control.
- The operators of those third-party sites or services may collect, use, and process your personal data according to their own privacy policies and terms.
- We are not responsible or liable for the privacy, security, or content of those external websites or applications, nor for any information you choose to provide to them.
10. Changes to This Policy
We may update this Policy periodically. Significant changes will be notified via the Site or by email. The latest version is always posted on onegog.io.
11. Contact
Questions or requests regarding this Policy:
Summa GmbH
c/o Sielva Management SA, Gubelstrasse 11,
6300 Zug, Switzerland
Email: guidance@onegog.io
