The processing of your personal data will be based on the principles of correctness, lawfulness, transparency, limitation of purpose and storage, minimisation and accuracy, integrity, and confidentiality, as well as on the principle of accountability pursuant to Article 5 of the Regulation. Your personal data will therefore be processed in accordance with the legal provisions of the Regulation and the confidentiality obligations provided therein.
Processing of personal data means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
The Data Controller is DaChain (Malta) Limited with registered office under the laws of Malta on 28/02/2022 and having company registration number C101600 (hereinafter referred to as the "Data Controller"), which can be reached at Level 3, Valletta Buildings South Street Il-Belt Valletta, VLT 1103, Malta.
The Data Protection Officer of DaChain (Malta) Limited may be contacted at the Data Controller's registered office at the above address and/or by email at: email@example.com
We inform you that, by using the Application, the Data Controller may collect and process information and personal data concerning you, which may consist of an identifier such as your name, an identification number, location data, an online identifier or one or more characteristic elements of your physical, physiological, psychological, economic, cultural, or social identity that are capable of identifying you or of making you identifiable, depending on the type of services requested by you (hereinafter only "Personal Data").
The personal data processed through the application are as follows:
The managing of the Application involves the use of computer systems and software procedures that are used to operate the Application and that acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified and, as such, this information is also considered Personal Data.
This information includes various parameters relating to the operating system and computer environment of the user connecting to the Application, including the IP address, the location (country), the computer domain names, the URI (Uniform Resource Identifier) addresses of the resources requested on the Application, the time of the requests, the method used to send the requests to the server, the size of the file obtained in response to a request, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and computer environment.), and other parameters relating to the user's operating system and computer environment.
These data are used solely for the purpose of obtaining anonymous statistical information on the use of the Application, as well as to check its correct functioning and to identify any malfunctioning and/or abuse of the Application - the data are deleted immediately after processing, unless it is necessary to identify those responsible in the event of hypothetical computer crimes against the Application or third parties.
SDKs and related tracking technologies: SDKs (Software Development Kits) and related technologies are information that applications record and/or read on the user's device. Typically, these technologies allow the user to analyse the use of applications in order to avoid malfunctions and improve the user experience. The Data Controller may use SKDs, and related technologies provided by third parties that are generally used to process Personal Data on behalf of the Data Controller as data processors in order to provide its services. There may be residual cases in which some services provided to the Data Controller by third parties may involve access by such third parties to personal data and other information contained in the user's device, also for purposes other than the provision of services. With reference to such further processing, the third parties act as autonomous controllers and for this reason we list below the links to the information on the processing of personal data provided by the third parties with reference to the processing of user data:
- Google Analytics https://www.google.com/intl/it_it/analytics/learn/privacy.html
- Google Play Services https://www.google.com/policies/privacy/
- Mixpanel.com https://mixpanel.com/legal/privacy-policy/
With reference to these types of data, we invite you to enter in the aforementioned forms, including the instant messaging service, only the personal data strictly necessary for the management of your request, thus excluding irrelevant information and / or that may fall within the category of special categories of personal data referred to in Article 9 of the Regulation ([...] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation).
c. Data provided during account registration and access to the Application
During registration and access to your personal area, personal data are provided directly by you or transmitted to the Controller by third parties, as independent data controllers. In particular, it should be noted that, following your choice to create the Application's account by linking it to a pre-existing social network account (e.g. Gmail, Apple, or another social network, if applicable), using the social log-in button on the Application, or to create the account by linking it to a pre-existing account on the applications and/or websites of the Controller's partners, these third parties, as independent data controllers, provide the Controller with the personal data strictly necessary for your identification (personal data and contact details).
Within your personal area, the Data Controller will process, in addition to the above-mentioned data, further personal data, such as for example your personal and contact data, information about any nickname you may have chosen, NFTs DaChain and utility tokens stored in your Wallet.
- execution of the request to withdraw utility tokens in the Wallet section of the Application, during which the personal data (e.g. name, surname, date of birth), contact data (telephone number, e-mail), your country of residence, the information included in the identity document, the information relating to the payment method, the information contained in the bank account holder certificate will be processed if the payment method chosen by the user to withdraw utility tokens is bank transfer;
- execution and conclusion of the purchase contracts of DaChain® NFTs through the Brand Page of the Application and management of any related administrative/accounting activity, within which the personal data (e.g. name, surname), the country of residence, the eventual nickname/alias chosen, the contact data, the identity document, the information related to the quantity of utility token available in your Wallet, the information related to the DaChain® NFTs you purchased, as well as any information related to your purchase experience will be processed;
- execution and conclusion of the withdraw of utility tokens from the Wallet section of the Application, where personal data (e.g. name, surname, date of birth), contact data (telephone number, e-mail), your country of residence, the information contained in the identity document, the information relating to the payment method, the information contained in the bank account holder certificate if the payment method chosen by the user for withdrawing utility tokens is bank transfer will be processed;
- execution and conclusion of the purchase contracts of DaChain® NFTs through the Brand Page of the Application and management of every related administrative/accounting activity, within which the personal data (e.g. name, surname), the country of residence, the eventual chosen nickname/alias, the contact data, the identity document, the information related to the quantity of utility token available in your Wallet, the information related to the DaChain® NFTs purchased by you, as well as every information related to your purchase experience will be processed;
- execution and conclusion of the exchange activities of DaChain® NFTs in the Trade section of the Application, within which your personal data, the eventual chosen nickname, the contact data, the information related to the DaChain® NFTs exchanged by you and/or made available by you in the Trade section, the information related to the amount of utility token available in your Wallet as well as any information related to your experience of DaChain® NFTs exchange will be processed;
- use of the entertainment services available in the Application, such as virtual games and interactive augmented reality experiences, within which your personal data may be processed, such as, for example, your personal data, any chosen nickname, contact data, information relating to your DaChain® NFTs.
A "cookie" is a small text file that may be stored in a dedicated space on the hard drive of the device used by the user (e.g., computer, tablet, smartphone, etc.) when visiting a website through their browser and may be subject to the user's prior consent before being installed. Thanks to cookies, the website remembers the user's actions and preferences (e.g., login details, language, font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to the website or navigates from one page to another.
- first party and third-party analytical cookies, if tools are used to reduce the identifying power of the cookies and the third party does not cross-reference the information collected with other information it already has, used to collect information, in aggregate form, on the number of users and how they visit the site.
- navigation or session cookies (for authentication purposes), the deactivation of which compromises the use of services accessible by login.
- functionality cookies, which allow the user to navigate according to a number of selected criteria (e.g., language, products selected for purchase) in order to improve the service provided to the user.
On the other hand, for "profiling cookies", i.e., those aimed at identifying the user's preferences and improving the user's browsing experience, as well as for third-party analytical cookies, if no tools are adopted to reduce the identifying power of the cookies and the third party cross-references the information collected with other information it already has, the user's prior consent is required.
- Types of Cookies used by the Application and consent management
We inform you that the Application uses the following cookies, which can be deselected, even individually (as specified below in the section on "Cookie settings"):
- technical navigation cookies: these cookies allow the Application to function correctly and allow the contents to be displayed; deactivating them would lead to malfunctioning of the Application. These cookies are not permanently stored on the user's computer and disappear when the browser is closed.
- session and functionality cookies, used to activate specific functions of the Application and to configure the Application according to your choices (for example, language or authentication to restricted areas, etc.), in order to improve your experience.
- analytical cookies, which allow the Controller to understand how users use the Application and to track traffic to and from the Application. The information collected by these cookies is processed in aggregate and anonymous form, without any information being collected on the specific ID - therefore, the use of these cookies does not involve the use of your Personal Data.
- profiling cookies, used to observe the preferences revealed by the user through the use of the Application and to send promotional messages in line with these preferences.
- third-party cookies, i.e., cookies from web servers other than those of the Controller, used for purposes specific to those third parties, including analytical and profiling cookies.
It should be noted that these third parties, listed below with the relevant links to their Privacy Policies, are typically the independent data controllers of the data collected through the cookies they serve; in this case the user gives or withholds consent directly to the owner of the cookie in question to which the Application merely refers. The management of the information collected by "third parties" is governed by their privacy policies, which you are kindly requested to refer.
The cookies installed through the Application can be found here: https://dachain.com/cookie-list
The user can select/de-select below which cookies to allow [insert link or way to access cookie management].
Warning: The User is informed that not authorising technical cookies may make it impossible to use the Application, view its contents and use its services. Inhibiting functionality cookies may mean that some services or certain functions of the Application are not available or do not function properly, and the User may have to modify or manually enter certain information or preferences each time he visits the Application.
However, failure to authorise other cookies, including third-party cookies, does not affect the operation of the Application.
The choices made by the User in relation to the Application's cookies will in turn be recorded in a specific technical cookie, with the characteristics set out in the relevant cookie table.
Your cookie preferences will need to be reset if you use different devices or browsers to access the Application.
3. PURPOSE OF PROCESSING
Your personal data will be processed, with your consent where necessary, for the following purposes:
a) allow the navigation through the Application, the registration in the personal area and the provision of all the other services made available by the Data Controller (such as, by way of example, the DaChain® NFT sale, the DaChain® NFT exchange, the provision of entertainment services, etc.), including the management of the security of the Application, as well as the contractual and administrative relations and the support services.
b) respond to specific requests made to the Data Controller, such as requests for assistance, information and/or reports forwarded by filling in the relative forms in the Application and/or by writing to the support e-mail addresses in the Application.
c) to send you commercial communications and proposals, including the sending of newsletters and market research, through automated means (SMS, mms, email, instant messaging and chat) and not automated means (paper mail, telephone); it should be noted that the Data Controller collects a single consent for the marketing purposes described herein; if, in any case, you wish to object to the processing of your data for marketing purposes carried out by the means indicated herein, you may do so at any time by contacting the Data Controller at the addresses indicated in the "Contacts" section of this information notice, without prejudice to the lawfulness of the processing carried out prior to the objection;
d) to fulfil any obligations under applicable laws, regulations or EU legislation, or to comply with requests from the authorities;
e) to meet any defence requirements, both in and out of court.
Specific security measures are observed to prevent loss of data, unlawful or incorrect use and unauthorised access.
4. LEGAL BASIS AND OBLIGATORY OR OPTIONAL NATURE OF PROCESSING
The legal basis for the processing of personal data for the purposes referred to in section a) and b) is Article 6(1)(b) of the Regulation ([...]
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), since the processing operations are necessary for the provision of the services. The provision of personal data for these purposes is optional, but failure to do so would make it impossible to access the services requested.
The processing operations carried out for the marketing purposes referred to in point c) are based on the granting of your consent pursuant to art. 6, par. 1, letter a) ([...] the data subject has given consent to the processing of his or her personal data for one or more specific purposes) of the Regulation. This consent may be revoked at any time without prejudice to the lawfulness of the processing carried out prior to revocation in accordance with the provisions of Article 7 of the Regulation. The provision of your personal data for these purposes is therefore entirely optional and does not affect the use of the Application and the Services. Should you wish to object to the processing of your data for marketing purposes, you may do so at any time by contacting the Controller at the addresses indicated in the "Contacts" section of this policy or, where available, through the Privacy Settings contained in your Personal Area.
The legal basis for the processing of personal data for the purpose of communication referred to in point d) is based on the granting of your express, free, and unequivocal consent pursuant to Art. 6(1)(a) of the Regulation. Such consent may be revoked at any time and such revocation shall not affect the lawfulness of the processing carried out prior to such revocation. The processing of personal data for the purpose referred to in point d) is optional and, in the event of refusal, there will be no consequences and the use of the Application, and the Services will not be affected in any way. It should be noted, with regard to the aforementioned purpose of communication for promotional and marketing purposes as per letter d), that the Data Controller has collected a single consent.
The purpose referred to in Section (e) constitutes lawful processing of personal data within the meaning of Article 6(1)(c) of the Regulation ([...]processing is necessary for compliance with a legal obligation to which the controller is subject). Once the personal data have been provided, in fact, the processing is indeed necessary to comply with legal obligations to which the Controller is subject.
Please also note that the processing referred to in section f) is carried out for the establishment, exercise or defence of legal claims, any defensive needs of the Data Controller pursuant to Art. 6, par. 1, letter f) of the Regulation.
5. RECIPIENTS OF PERSONAL DATA
Your personal data may be shared, for the purposes set out in section 3 of this Policy, with:
- persons who typically act as Data Processors pursuant to article 28 of the Regulations on behalf of the Data Controller, in charge of providing the Services (by way of example: technological services, assistance and consultancy services in accounting, administrative, legal, tax and financial matters, technical maintenance). The Data Controller keeps an up-to-date list of the appointed data processors and guarantees that the data subject will be able to view it at the offices indicated above or upon request to the addresses indicated above.
- persons authorised by the Data Controller to process personal data pursuant to Article 29 of the Regulation (e.g., employees assigned to the maintenance of the Application, CRM management, information systems management, etc.).
- third parties, independent data controllers, to whom the data may be transmitted in order to provide the specific services requested by you and/or to carry out the activities referred to in this policy, and with whom the Data Controller has entered into commercial agreements (e.g. social networks to respond to your request for access and/or registration through social log-in; commercial partners of the Data Controller to provide the services in the Application);
- subjects, bodies or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders of the authorities.
These subjects are hereinafter collectively referred to as "Recipients". A full list of the Data Controllers is available by sending a written request to the Data Controller at the addresses indicated in the "Contacts" section of this Policy.
6. TRANSFERS OF PERSONAL DATA
Some of your personal data are shared with Recipients who may be located outside the European Economic Area. The Data Controller ensures that your personal data is processed by these recipients in compliance with articles 44 - 49 of the Regulation. Indeed, with regard to the transfer of personal data to third countries, the Data Controller informs you that the processing will be carried out in accordance with one of the methods permitted by the law in force, such as, for example, the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programmes for the free movement of data or operating in countries considered safe by the European Commission on the basis of an adequacy decision, in compliance with recommendations 01/2020 and 02/2020 of the European Data Protection Board.
Further information is available by sending a written request to the Data Controller at the addresses indicated in the "Contact" section of this Policy.
7. STORAGE OF PERSONAL DATA
Your personal data will be entered and stored, in accordance with the principles of minimisation and limitation of storage referred to in Article 5.1.c) and e) of the Regulations, in the Data Controller's information systems, whose servers are located within the European Economic Area.
The personal data processed for the purposes referred to in sections a) and b) shall be kept for the time strictly necessary to achieve those same purposes, i.e., for the time required to perform the contract, in accordance with the retention periods required by law.
For the purposes referred to in section c), your personal data will instead be processed until you withdraw your consent.
In general, the Data Controller reserves the right in any case to keep your data for the time necessary to comply with any regulatory obligation to which it is subject or to meet any defensive needs. This is without prejudice to the possibility for the Controller to keep your personal data for the period of time provided for by the applicable laws.
Further information on the data retention period and the criteria used to determine this period may be requested by sending a written request to the Data Controller at the addresses indicated in the "Contact" section of this Policy.
8. RIGHTS OF THE DATA SUBJECT
You may exercise your rights under Articles 15 to 22 GDPR and revoke your consent at any time without prejudice to the lawfulness of the processing carried out before the revocation. In particular, you may request access to your data pursuant to Art. 15 GDPR, rectification pursuant to Art. 16 GDPR, deletion pursuant to Art. 17 GDPR, restriction of processing in the cases provided for by Art. 18 GDPR as well as to obtain the portability of data concerning you in the cases provided for by Art. 20 of the GDPR and not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects your person pursuant to Article 22 of the GDPR.
You may also submit a request to object to the processing of your data pursuant to Article 21 of the GDPR, in which you must give evidence of the reasons justifying your objection: the Data Controller reserves the right to assess your request, which would not be accepted if there were compelling legitimate grounds for processing that override your interests, rights and freedoms.
You also have the right to object at any time and without justification to the sending of direct marketing by automated means (e.g., SMS, mms, email, push notifications, fax, automated call systems without operator) and not (paper mail, telephone with operator). In addition, with regard to direct marketing, it remains possible to exercise this right also in part, i.e., in this case, objecting, for example, only to the sending of promotional communications through automated tools.
Requests should be addressed in writing to the Data Controller at the addresses indicated in the "Contact" section of this Policy.
9. COMPLAINT TO THE DATA PROTECTION AUTHORITY
If you believe that the processing of your Personal Data carried out by the Data Controller is in breach of the provisions of the GDPR, you have the right to lodge a complaint with the competent Data Protection Authority, as provided for in Article 77 of the GDPR, or to take legal action (Article 79 of the GDPR).