Information and/or Personal Data which may be collected, stored, processed, transferred, used and disclosed by the Company includes but is not limited to information and/or data that can be used on its own or with other information to, directly or indirectly, identify, contact, or locate a single person, or to identify an individual in context.
The following terms “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Processing Activity/ies”, “Pseudonymisation”, “Cross-Border processing of Personal Data”, “Supervisory Authority” used in this document shall have the same meaning as in the GDPR.
3. Basic Principles Regarding Personal Data Processing
The Company, as Controller, shall adhere to the GDPR principles as stipulated in Article 5(2) of the GDPR where the “Controller shall be responsible for, and be able to demonstrate, compliance with the principles.” The Personal Data must be processed fairly and lawfully; be obtained only for specific and lawful matters; be adequate and up to date; not to be held for any longer than necessary; and be protected in appropriate ways.
The Company shall be accountable and must disclose information held to the Data Subject when requested and shall not transfer Personal Data outside of the European Economic Area (EEA), unless that country or territory also ensures an “adequate” level of protection. The Processing of Data must be carried out in accordance with the rights of the Data Subjects.
4. The Company May Collect the Following Information
Information provided by the Participant: when acquiring, holding and/or using the Token, using the Services, subscribing to the Company’s updates, responding to a survey or when filling enquiry forms on the Website and when corresponding by phone, e-mail or other communication services, you may be asked to provide certain information. The information may include Personal Data such as name, address, e-mail address, phone number, financial and/or credit card information, cryptocurrency address, personal description, ID or Passport copy, date of birth, passport number, or other data which can be used for personal identification purposes and required for ‘know your customer’ that may be required to comply with applicable laws.
Information, collected automatically by the Company: on each visit to the Website, the Company will automatically collect the following:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, the User login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about the visits, including the full Uniform Resource Locators (URL), clickstream to, through and from the Website (including date and time), products viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
- information may be collected by cookies and other tracking. Cookies are small data files that are stored on your device when visiting a website, which enable the Company to collect information about your device identifiers, web browsers used to access the Services, pages or features viewed, time spent on pages, mobile app performance and links clicked. Web beacons (or pixel tags) are electronic images that may be used to help deliver cookies, count website visits, understand usage and determine the effectiveness of email marketing campaigns.
Participants are advised that if they wish to deny the use and saving of cookies from this Website on their computer’s hard drive they should take necessary steps within their web browsers security settings to block all cookies from this Website.
Information, which is received from third-parties: this includes, but is not limited to the Company partners, sub-contractors in technical, payment services, advertising networks, search information providers, credit reference agencies, or other third parties who may provide information, for the purpose of fulfilling the Services or to comply with legal requirements. The Company shall endeavour that these third parties are to provide the same level of data protection and that they shall only carry out their contractual obligations towards the Company or upon the instructions of the Company and not for any other purposes.
In case of using a location-enabled device: the Company may collect location data or use various means to determine the location.
5. Use of Information
The Company may use your Personal Data when acquiring, holding and/or using the Token, to supply you with the Services required, to bill you and to contact you when required. The Company may also analyse the Personal Data provided to help in administering, supporting and improving the business, as per the following ways:
- to provide, maintain, deliver and improve the Services and obtaining your views of the Services;
- to send periodic emails with products and services;
- to follow up with the Participant after correspondence (live chat, email or phone inquiries);
- for marketing and retargeting purposes;
- to carry out any other purpose for which the information was collected.
Your Personal Data may be processed only if you have unambiguously given your consent or, the processing is necessary for the performance of the Services you request or, for compliance with legal obligations as in the case of Anti Money Laundering and Terrorist Financing Regulations (AML/TF) or, pursuant the public interest or, requested in the exercise of official authority vested in the Company or a third party with whom the Personal Data is disclosed except where such interest is overridden by the interest to protect the fundamental rights and freedoms that arise from the right of privacy.
As an individual you may exercise your right to access your Personal Data held about you by the Company by submitting your request in writing to the following email address: firstname.lastname@example.org
7. Rectification, deletion
The Company shall at your request immediately rectify, block or erase your Personal Data that has not been processed according to the GDPR and Data Protection Act or processed unlawfully and where applicable proceed with notifying any third party about the measures undertaken. Although all reasonable efforts will be made to keep your information updated, you are kindly requested to inform us of any change referring to the Personal Data held by this Company. In any case if you consider that certain information about you is inaccurate, you may request rectification of such data.
Provided that no such notification shall be implemented if it is shown to be impossible or it will entail a disproportionate effort on the part of the Company.
8. Data Portability
You have the right to receive, upon request, a copy of the Personal Data that you have provided to the Company in a structured, commonly used and machine-readable format and to transmit such data to another controller, for free. The Company shall endeavour to ensure that such requests are processed within one month for free, subject that this request is not excessive and does not affect the rights of other individuals’ Personal Data.
9. Right to be forgotten
Upon request, you have the right to have your Personal Data erased by the Company. The Company acting reasonably will take all necessary actions (including technical measures) to inform third-party data Processors to comply with the request unless your Personal Data needs to be retained to comply with legal obligations or court orders.
10. Data Subject’s Support
The Company shall provide its Users with user support through an online chat with an agent. Username and email address shall be necessary to sign up for online chat. The data collected in this manner shall be processed exclusively for the purpose of providing user support.
11. International or Cross-border Transfer of Your Data and Your Express Agreement
12. Sharing of Information
The Company may share the Participants’ data with others as follows:
- With partners necessary to acquiring, holding or using the Token and/or providing the Services;
- When using interactive areas of the Website, like our blog or other online forums, certain information you choose to share may be displayed publicly, such as your username, actions you take and any content you post;
- To Courts and Government authorities or bodies if requested to do so under a court order or legal process, or to establish or exercise the Company’s legal rights or defend against legal claims;
- If the Company believes that the Participant’s actions are inconsistent with the Terms or policies, or to protect the rights, property and safety of the Company or others;
- In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
- Between and among the Company; or
- With your consent or at your direction.
At any point in time you shall retain all rights to your data.
The Company protects information collected using physical, technical, and administrative security measures to reduce the risks of disclosure, unlawful processing, accidental loss, destruction, damage and unauthorized access. Should a security breach occur, the Company will use reasonable endeavours to try to fix it.
14. Social Sharing and Links to Third Party Websites
When sharing the Website, Services or other Company’s information on social websites, this will enable the sharing of information with your contacts or the public, depending on the settings you establish with the entity that provides the social sharing feature. Service links to third party websites may be made available to you, and that are not owned or controlled by the Company. Please be aware that the Company is not responsible for the privacy practices of such websites. For more information about the purpose and scope of data collection and processing in connection with social sharing features and links to third party websites, the Company encourages you to visit the privacy policies of the entities that provide these features.
Furthermore, you are advised to conduct yourself appropriately when engaging with the Company on social media or when sharing the Website, Services or other Company’s information.
15. Data Retention
The Company will retain your Personal Data and that of visitors of the Website for a reasonable period or as long as the law requires. The Company will retain your data as long as needed for acquiring, holding or using the Token and/or for the provision of the Services.
16. Disposal of Personal Data
When the Company receives requests to dispose of Personal Data records by Data Subjects, the Company shall ensure that these requests are handled within a reasonable time frame. The Company shall keep a record including a log of these requests.
The Company shall also strive in obtaining adequate disposal mechanisms to ensure no Personal Data is leaked outside of the Company.
17. Response to Personal Data Breaches
When the Company learns of a suspected or actual Personal Data breach, the Company shall perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to the rights and freedoms of Data Subjects, the Company will notify the relevant Supervisory Authorities without undue delay and, when possible, within 72 hours from when it learns of such breach. Data Subjects will be informed when the Personal Data breach is of a “high” level.
18. Governing Law
The Company is based in Malta and by participating in the Token Offer and/or using the Services, or otherwise providing information to the Company, you consent to the processing and transfer of information in accordance with Maltese law.
19. Final Provisions
You may request the Company to access your information and Personal Data at any time.
This document was updated on 25 July 2019 and is effective from that date.
Company Address: Palace Court, Church Street, St. Julians, STJ 3049, Malta.