Legal

Data Protection

A formal data protection notice for website visits, project inquiries, investor conversations, partner contact and connected AMIHAN / Crays ecosystem routes.

Overview

How data is handled

This notice follows the structure of the Crays data protection page and adapts it to AMIHAN, Mercedes Island and the current static website.

1. Controller and scope

This notice applies to the processing of personal data in connection with the Crays Mercedes Island website, the legal pages, project inquiries, AMIHAN contact routes, Crays ecosystem contact routes and related AMIHAN web properties such as amihan.io and amihan.life where this notice is linked or referenced.

The project controller contact for AMIHAN-related requests is:

AMIHAN Limited (BVI)
Also referenced in current project documentation as AMIHAN Innovations Limited BVI and AMIHAN Corporation BVI
Email: info@amihan.io

For the Crays association context, the relevant contact is:

Crays Business Nomads Association
Dammstrasse 16, 6300 Zug, Switzerland
Email: info@crays.org

If a separate contract, booking, investor document, token document or platform notice names a different controller, that more specific notice applies to that activity.

2. Personal data

Personal data means any information relating to an identified or identifiable natural person. Examples include name, email address, phone number, social profile, wallet or account identifier, IP address, device information, project role, investment interest, booking details, message content, company affiliation and documents submitted to us.

Anonymous or aggregated data that cannot reasonably identify a person is not personal data.

3. Data categories

Depending on how you use the website and contact routes, we may process:

technical data such as IP address, access time, browser, device, operating system, referrer URL, log files and security events;
contact data such as name, email, phone, messenger handle, social profile, company and country;
inquiry data such as project, investor, hospitality, booking, creator, partnership, legal or support messages;
application data such as investor interest, budget range, preferred route, project proposal, role, documents and qualification information;
communications data from email, forms, WhatsApp, Telegram, Signal, LinkedIn, social media or other channels you choose;
transactional or compliance data if a later booking, investment, token, wallet, payment, membership or partner onboarding process is activated;
public blockchain, Nostr or wallet identifiers if you voluntarily use them in a Crays or AMIHAN ecosystem context.

Purposes

Why data is processed

4. Website delivery and security

When you access the website, your browser sends technical data to the server. We and our hosting providers process this data to deliver the website, maintain security, prevent abuse, diagnose errors, improve performance and create necessary server logs.

Legal basis may include legitimate interests in providing a secure website, contract preparation where you request services, and compliance with legal obligations.

5. Contact, project and investor requests

If you contact us or submit an inquiry, we process the information you provide to respond, route your request internally, assess project fit, schedule calls, prepare materials, keep records, comply with legal obligations and follow up on legitimate business opportunities.

Where an inquiry progresses into investment, token, booking, hospitality, land, joint venture, partnership or employment discussions, additional data protection notices and contractual documents may apply.

6. Bookings, hospitality and local operations

If a booking, visit, retreat, event, creator program, filming request or hospitality access route is activated, we may process guest and operational data needed for scheduling, safety, transport, accommodation, venue rules, payments, invoicing, local compliance, insurance, emergency contact, access control and communication with local partners.

7. AMIHAN, tokens, wallets and compliance

If you enter a token, wallet, payment, investment, membership, fund, ownership, land-treasury or similar process, personal data may be processed for onboarding, eligibility, KYC/AML, sanctions checks, anti-fraud controls, tax or accounting records, investor communications, transaction administration and regulatory compliance. The exact scope depends on the service and provider used.

8. Analytics, cookies and similar technologies

This static project website is designed to be lightweight. It uses necessary technology to load pages, fonts, images, videos and scripts. AMIHAN web properties may use analytics technologies such as Google Analytics or Google Tag Manager to understand traffic and improve the site. Optional analytics or marketing technologies should be used only where permitted by law and, where required, after consent.

You can restrict cookies in your browser settings. Some website features may not work correctly if necessary storage or cookies are disabled.

Sharing

Recipients and transfers

9. Recipients

Personal data may be shared with recipients where necessary for the purposes described above, including:

AMIHAN and Crays team members who need the information to handle your request;
hosting, infrastructure, domain, security, email, analytics, browser, form, storage and communication providers;
professional advisers such as legal, tax, accounting, compliance, valuation, real estate, corporate finance and technical advisers;
booking, hospitality, venue, transport, island operations, event, insurance and local service partners;
payment, wallet, exchange, blockchain, KYC/AML, bank, fund administration and investor onboarding providers if those services are used;
authorities, courts, regulators, law enforcement or dispute bodies where legally required or necessary to protect rights.

10. International transfers

The project context may involve the British Virgin Islands, Switzerland, the Philippines, the European Union, the United Kingdom, the United States, Singapore, the Cayman Islands, the United Arab Emirates and other locations referenced in AMIHAN or partner operations. Data may be processed in these or other countries depending on the provider and request.

Where required, transfers are protected through appropriate safeguards such as contracts, standard contractual clauses, adequacy decisions, consent, necessity for contract performance or other lawful transfer mechanisms.

11. Retention

We keep personal data only for as long as needed for the purpose collected, including handling inquiries, maintaining business records, meeting legal, tax, accounting and regulatory obligations, resolving disputes and protecting rights. Retention periods differ by data type and legal context.

Technical logs are generally kept for limited security and operational periods. Business, booking, investment, compliance and accounting records may be retained longer where required by law or legitimate documentation needs.

Rights

Your choices

12. Data subject rights

Depending on the law applicable to you, including the GDPR, Swiss data protection law or similar privacy laws, you may have the right to:

request access to your personal data;
request correction of inaccurate data;
request deletion where legally available;
request restriction of processing;
object to processing based on legitimate interests or direct marketing;
withdraw consent where processing is based on consent;
request data portability where legally available;
lodge a complaint with a competent data protection authority.

To exercise rights, contact info@amihan.io or, for Crays association matters, info@crays.org.

13. Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration and disclosure. No internet transmission, public blockchain, social channel, messaging app, email system, wallet system or hosting environment can be guaranteed completely secure.

14. Children

The website is not directed to children. Project, investment, token, booking, wallet and membership routes are intended for adults. We do not knowingly collect personal data from children through this website.

15. Updates

We may update this data protection notice when the project, website, providers, legal requirements, products or processing activities change. The latest version is published on this page.