March 22, 2026
Methodology About Contact
TOKENIZATION POLICY
The Vanderbilt Terminal for Digital Asset Policy
INDEPENDENT GLOBAL INTELLIGENCE FOR DIGITAL ASSET REGULATION
MiCA Full Enforcement: Jul 2026 ▲ CASP Licensing | GENIUS Act: Enacted ▲ Mar 2025 | SEC Enforcement: $4.7B ▲ 2024 Fines | VARA Licensed: 23 Entities ▲ +8 in 2025 | FATF Travel Rule: 58 Countries ▲ Adopted | BitLicense Holders: 36 ▲ New York | Regulated Jurisdictions: 72 ▲ Global | Tokenized RWA AUM: $17.2B ▲ +340% YoY | MiCA Full Enforcement: Jul 2026 ▲ CASP Licensing | GENIUS Act: Enacted ▲ Mar 2025 | SEC Enforcement: $4.7B ▲ 2024 Fines | VARA Licensed: 23 Entities ▲ +8 in 2025 | FATF Travel Rule: 58 Countries ▲ Adopted | BitLicense Holders: 36 ▲ New York | Regulated Jurisdictions: 72 ▲ Global | Tokenized RWA AUM: $17.2B ▲ +340% YoY |

Privacy Policy

Privacy Policy

Effective Date: March 17, 2026 Last Updated: March 17, 2026

This Privacy Policy explains how The Vanderbilt Portfolio AG (“we,” “us,” or “our”), operating the website tokenizationpolicy.com (“the Site”), collects, uses, discloses, and protects your personal data. This policy applies to all visitors, subscribers, and users of the Site.

We are committed to protecting your privacy and handling your data in compliance with the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

The Vanderbilt Portfolio AG Zurich, Switzerland Email: privacy@tokenizationpolicy.com

2. Personal Data We Collect

2.1 Data You Provide Directly

  • Contact information: Email address, name, and any other information you provide when contacting us or subscribing to our services.
  • Communication data: The content of emails or messages you send to us.

2.2 Data Collected Automatically

  • Usage data: Pages visited, time spent on pages, referring URLs, click patterns, and navigation paths.
  • Device data: Browser type and version, operating system, screen resolution, and device type.
  • Network data: IP address (anonymized where required by law), approximate geographic location derived from IP address, and internet service provider.
  • Cookie data: Information collected through cookies and similar tracking technologies, as described in our Cookie Policy.

2.3 Data from Third Parties

We may receive aggregated, anonymized analytics data from third-party service providers that help us understand Site usage patterns.

We process your personal data on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR): For non-essential cookies and marketing communications. You may withdraw consent at any time.
  • Legitimate interest (Art. 6(1)(f) GDPR): For website analytics, security monitoring, fraud prevention, and improving our services. Our legitimate interest is balanced against your rights and freedoms.
  • Contractual necessity (Art. 6(1)(b) GDPR): For processing data necessary to provide services you have requested, such as newsletter subscriptions.
  • Legal obligation (Art. 6(1)(c) GDPR): Where processing is necessary to comply with legal obligations.

4. How We Use Your Data

We use personal data for the following purposes:

  • Service delivery: To provide, maintain, and improve the Site and its content.
  • Communication: To respond to your inquiries and send requested information.
  • Analytics: To understand how users interact with the Site, identify popular content, and improve user experience.
  • Security: To detect and prevent fraud, unauthorized access, and other security threats.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

  • Service providers: Hosting providers, analytics platforms, email service providers, and content delivery networks that process data on our behalf under data processing agreements.
  • Legal requirements: When required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate protections for your data.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA) and Switzerland. When such transfers occur, we ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs)
  • Swiss Federal Data Protection Act transfer mechanisms
  • Other legally recognized transfer mechanisms

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Analytics data: 26 months from collection
  • Contact and communication data: 3 years from last interaction
  • Cookie consent records: 2 years from consent date
  • Legal compliance data: As required by applicable law

8. Your Rights

Depending on your location, you have the following rights regarding your personal data:

Under GDPR and Swiss FADP:

  • Right of access: Obtain confirmation of whether we process your data and receive a copy.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your personal data (“right to be forgotten”).
  • Right to restrict processing: Request limitation of processing in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent: Withdraw consent at any time for consent-based processing.

Under CCPA:

  • Right to know: Request disclosure of categories and specific pieces of personal information collected.
  • Right to delete: Request deletion of personal information collected.
  • Right to opt-out: Opt out of the sale of personal information (we do not sell personal data).
  • Right to non-discrimination: Exercise your rights without discriminatory treatment.

To exercise any of these rights, contact us at privacy@tokenizationpolicy.com. We will respond within 30 days (GDPR) or 45 days (CCPA).

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Access controls and authentication measures
  • Regular security assessments
  • Secure hosting infrastructure with reputable providers

10. Children’s Privacy

The Site is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

The Site may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Supervisory Authority

If you are located in the EEA or Switzerland and believe our processing of your data violates applicable data protection law, you have the right to lodge a complaint with:

  • Your local EU/EEA data protection supervisory authority
  • The Swiss Federal Data Protection and Information Commissioner (FDPIC)

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through a notice on the Site. The “Last Updated” date at the top of this policy indicates when it was last revised.

14. Contact Us

For privacy-related inquiries or to exercise your data protection rights:

The Vanderbilt Portfolio AG Email: privacy@tokenizationpolicy.com

For editorial inquiries, see our Contact page.

Institutional Access

Coming Soon