SwapKit, Inc.
GENERAL PRIVACY POLICY & DISCLOSURES1
Last Updated: August 2024
1. Introduction and summary of use of data.
SwapKit, Inc. (“Company:” or “SwapKit”) is a software company that facilitates transfer of data on behalf of businesses between blockchains through API-based integrations with our customers own applications and products. Our customers are generally businesses, and we refer herein to their customers who are individuals or households as “end users.” Data that may be relatable, from sources external to our database, to an identifiable natural person is referred to herein as personal information or personal data for purposes of over-inclusive compliance with general principles of privacy.
Summary of privacy practices. SwapKit, Inc. (“SwapKit” or “Company”) seeks to provide secure and confidential blockchain based services to its users, primarily businesses, and their end users, and in so doing collects and processes extremely limited kinds of data, some of which might be defined under local law as personal information or personal data. We collect and process only sufficient data to perform our services and potentially to communicate with end users about our services.
Why a Policy? Your privacy is of utmost importance to us, and it is our policy to safeguard and respect the confidentiality of information and the privacy of individuals. This Privacy Policy (as amended from time to time, the “Privacy Policy“) sets out how SwapKit, and its successors, assigns, subsidiaries, and affiliates (collectively, the “Company“, “we“, “us“) may generally collect, use and manage the personal information that we receive, if any. The Privacy Policy, also informs you of rights you may have, depending upon your home jurisdiction, with respect to the processing of your personal information as well as your rights, to the extent recognized by your home jurisdiction, as to such personal information.
What we collect, upon what legal rationale, and to whom it may be provided. The Company collects only sufficient information from business customers and end users (with their consent) to provide its services and in some instances to communicate with the end user, as well as to monitor operations and prevent abuse, and to ensure system security and functionality. Data collected from end users includes public wallet addresses and limited portions of IP addresses, including general geodata, that is sufficient to perform our services, to pre-screen for unlawful use of our platform and to ensure functionality. Email addresses or similar information may be collected for the purpose of communicating with our direct customers about our services and generating an initial API key, and we collect limited generalized information from our direct customers to deliver and improve our services. Data is provided to companies that pre-screen for legal users, and in some instances, to fiat-conversion services to reimburse business customers.
If you reach our platform(s) via a third party, please see the privacy policy of the third party. because Company does not manage or control independent businesses, nor their customers or service providers.
Payments are collected onchain, although some payments to business users may be converted to fiat by a third party contractor. We do not receive or process fiat payment data. All third party contractors’ use of data received in assisting with providing our services is limited by contractual provisions to the purposes of servicing Company and its customers.
Data is deleted on a regular basis, as frequently as every 30 days, or when no longer required by the Company.
Unless otherwise noted herein, wallet addresses and limited IP data is disclosed to third parties solely for screening for unlawful use and, in an aggregated form, to convert onchain smart contract payments for business users to fiat.
Please note that Company does not share any data it collects with any affiliates or other third parties other than as specifically stated herein.
We specifically note that SwapKit does not sell or “share” data to third parties to perform marketing or profiling, and does not engage in automated decision-making re customers/users, except (i) by screening end user wallets against published lists of sanctioned addresses by the U.S. Treasury and similar governmental bodies; and (ii) on behalf of our business customers, implementing optional additional risk-based screening of end user wallets.
To understand the privacy policy of a business user of Company, please refer to that business’s own privacy policy, for which we are not responsible as we cannot and do not manage or control independent companies. Prior to accessing our services through the API and once you leave our site you are governed by the other site’s own privacy policy. We have no control over and cannot control the privacy practices of entities from whom we receive data or to whom we provide data except by appropriate contractual limitations, which we use.
In sum, as set forth in the summary above, we seek to comply with, and the terms below seek to comply with general principles of privacy laws re limited collection, data quality/accuracy, specifying the purpose, limiting the use of data collected, security safeguards, openness, and individual participation. We have stated in the summary above what data is received, how it is used, why (legal purpose) it is used, and to whom it may be disclosed. Cybersecurity is addressed below. Openness and individual participation are addressed by this Policy.
We note that this is a General Policy, and the details of privacy notices vary by jurisdiction and are changing on a regular basis; however, the Company only collects extremely limited data that is required in order to perform its services, to pre-screen for unlawful use, to maximize functionality, and to communicate with its direct customers.
Should our practices change going forward from the extremely limited collection at this time, we will inform you of such changes as stated below. In such case, the below provisions, as hereafter amended, will apply to such services. See 2 and 14 below.
Cross-border issues. Processing of data currently occurs in the United States of America. By use of our services or platforms you are deemed to consent to such usage; if you do not consent to such usage, please do not use our services.
Cybersecurity. We take reasonable measures to protect your personal information in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction. However, it is not possible to guarantee 100% security or confidentiality of information you provide to us. If you have reason to believe that your interactions with us are no longer secure, please contact Privacy@SwapKit.dev immediately. Any data held by Company is deleted on a regular basis when no longer required.
2. Scope of General Privacy Policy.
Our Privacy Policy is reviewed regularly to ensure that any new obligations and technologies, as well as any changes to our business operations and practices are taken into consideration, as well as that it remains abreast of the changing regulatory environment. We may amend this Privacy Policy at any time by posting the amended version on this site including the effective date of the amended version. We will announce any material changes (as we determine in our sole discretion) to this Privacy Policy on our website. Any personal information we hold will be governed by our most recent Privacy Policy. We encourage you to periodically review this page for the latest information on our privacy practices. All changes shall be effective from the date of publication unless otherwise provided. You accept these changes by continuing to use our products and services. Please see the Company’s Terms of Service, policies and guidelines for current limitations and services being provided.
This Privacy Policy applies only to the extent required under applicable law to you and shall not operate to “opt Company into” any laws not otherwise legally applicable to us.
For example, the Company believes it is not subject to the European Union (EU) and United Kingdom (UK) General Data Protection Regulation (GDPR) because it is not established in the European Union or European Economic Area (EEA); the Company does not target goods or services to the EU or EEA and although it offers services globally (as Blockchains are global), the Company does not accept payment in Euros or pounds and deals in Digital Assets only (non-fiat); the Company does not build profiles on digital wallet addresses or IP addresses; and the Company only uses the public digital wallet addresses and IP addresses it receives temporarily for the purpose of performing its own services and communications with customers. For the aforementioned reasons, and due to the limited data collected (which may be public data) the Company believes that the EU GDPR and UK GDPR do not apply to the Company’s processing of personal data. To further clarify, if you are not based in jurisdictions subject to the European General Data Protection Regulation (GDPR) and the UK GDPR, or similar thereto, and even if you do, provisions relating to these laws may not in our view apply to you.
With respect to the United States individuals (generally individuals in the US at time of use), please see our US State Privacy Policy2, and in particular the limitations of that Policy and individual state notices addressed; such notices only apply if those state notices apply to you under the particular state law involved.
For information about cookies, please see our Cookie Policy3.
By accessing the Website or using our services, you agree that your personal information may be used, retained, processed, disclosed, transferred to, stored, and handled as described in this Policy.
Unless we specifically request or invite it, we ask that you not send us, and you not disclose to Company, any sensitive personal information or personal data (such as for example, Social Security numbers or government-issued identity numbers, information related to racial or ethnic origin, political opinions, religion or philosophical beliefs, health, sex life or sexual orientation, localized geodata, criminal background, or trade union membership, or biometric or genetic data used for the purpose of uniquely identifying an individual) in connection with our services or otherwise to us.
Please note that if you are an employee of the Company, a contractor or vendor to the Company or a third-party provider, your personal information may be used in connection with your employment contract or your contractual relationship whichever applies and is governed by policies related to those contracts. We limit by contract any vendors or contractors or third-party providers to using personal information or personal data solely for the purposes of SwapKit and its customers.
Further, Company does not expect nor would it knowingly permit the use of SwapKit services by minors. If you are a parent or guardian and become aware that a minor has accessed our services, please contact us directly at <Privacy@SwapKit.dev>. See also 15 below.
If you have not done so already, please also review our Terms of Service. The Terms of Service contain provisions that limit our liability to you and require you to resolve any dispute with us on an individual basis and not as part of any class or representative action. This Privacy Policy is incorporated into and made a part of our Terms of Service.
If you do not agree with any part of this privacy policy or our Terms of Service, then please do not access the Website or use any of our services.
3. Definitions.
As used herein, the following terms are defined as follows:
“Digital Asset” refers a digital representation of value (also referred to as “cryptocurrency,” “virtual currency,” “digital currency,” “crypto token,” “crypto asset,” or “digital commodity”), such as bitcoin, XRP or ether, which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized, (ii) closed or open-source, and (iii) used as a medium of exchange and/or store of value. A “wallet” refers to a public wallet, and does not include any private keys. See also section 8 below.
“Our services” or “services” refers to all the services, products and functionalities available on [website] and any pages thereof, any application and any other software, tools, or features provided by the Company.
“Personal information” or “personal data” or “your data” refer to any information relating to you, as an identified or identifiable natural person, including your name, an identification number, location data, or an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of you as a natural person.
“Service Provider” means a service provider, contractor, or processor utilized or engaged by the Company.
“Terms of Service” refers to the terms of service for the Company, as amended from time to time.
“User“, “users” or “you” refer to anyone who accesses or uses the Website, our services and other services, websites, or apps provided by the Company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. “End users” specifically refers to users who access the services through another User’s application or website and are not our direct customer.
“We“, “us“, or “Company” refer to SwapKit, Inc., and its successors, assigns, and affiliates.
“Website” means the Company website, which includes the website of a Company affiliate.
4. Data Controllers.
We seek to use reasonable organizational, technical, and administrative measures designed to protect personal information under our control. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately notify us at Privacy@SwapKit.dev.
The Company may use encryption to protect your information and store decryption keys in separate systems. We may process and retain your personal information on servers in multiple data center locations, including the United States of America and elsewhere in the world. Currently servers are located in the United States of America. By using our services or accessing the Website, you are deemed to agree that your personal information may be transferred to, stored, and handled as described in this Policy.
Data privacy laws sometimes differentiate between “controllers” and “processors” of personal information. A “controller” determines the purposes and means (i.e., the why and how) of processing personal information. A “processor”, which is sometimes referred to as a “service provider,” on the other hand, processes personal information on behalf of a controller and is subject to the latter’s instructions and corresponding contractual restrictions. The Company you are contracting with is your data controller or data policy manager, and is responsible for the collection, use, storage, disclosure, retention and protection of your personal information in accordance with our policies and procedures, this Privacy Policy, as well as any applicable national laws.
5. How we protect personal information.
The Company respects the privacy of users who access the Website or use our services, and it is therefore committed to taking the reasonable steps to safeguard any existing or prospective users, applicants and app visitors that may be required by applicable law. The Company seeks to keep any personal data of its users and its potential users in accordance with the applicable privacy and data protection laws and regulations.
While no website or application is absolutely secure, we believe we have the necessary and appropriate technical and organizational measures and procedures in place to seek to ensure that your information remains secure at all times. We regularly train and raise awareness for all our employees regarding the importance of maintaining, safeguarding and respecting your personal information and privacy. We regard breaches of individuals’ privacy very seriously and will impose appropriate disciplinary measures, including dismissal from employment. Although we have not appointed an official Group Data Protection Officer, you may request to exercise your applicable access, rectification, cancellation, and/or objection rights at <Privacy@SwapKit.dev>. .
Personal information, if any, that you provide us with when engaging with the Website or our services is protected in several ways. Such information is securely stored in a safe location, and only authorized personnel have access to it. All data is transferred to the Company over a secure connection, and reasonable measures are taken to prevent unauthorized parties from viewing any such information. Personal information provided to the Company that does not classify as personal data is also kept in a safe environment and accessible by authorized personnel of Company only.
6. Information we may collect.
When you are using the Website or our services, we or our Service Providers may collect from you any of the following types of information:
- Identifiers. We collect public wallet information and limited data from IP addresses, including general geodata, from end users. We also collect email addresses or similar information from our business customers.
- Contact information. We may collect contact information, such as email address, or messaging application, if any. We may collect the information and content that you submit to us, such as when you provide information in the “Contact Us” function of the Website.
- Financial Information. We or our Service Providers may collect financial information, such as transaction information, balances of connected-wallets of users and similar information, token balances for tokens that a given address has ever transacted in, information about the balances of the connected wallets of users, onchain payment information, and onchain purchase history. In some cases, our direct customers’ payment information is provided to a fiat payment provider. Fiat payment information is not received by the Company.
- Third-Party Information. Our business customers may collect information on end user accounts with third-party websites, platforms, apps, and services and information that you have provided to such third parties when creating any account or similar mechanism with, or using, the third- party websites, platforms, apps, and services; we receive only the limited data identified above and that is solely for purposes of utilizing our services.
- Publicly-available blockchain data. If you submit a proposed transaction through our API, including through our customers’ own applications as an end user, we or our Service Providers may collect and log your publicly- available blockchain address to learn more about your use of the services and to screen your wallet for any prior illicit activity. We or our Service Providers may screen your wallet using intelligence provided by leading blockchain and website analytics providers. Note that blockchain addresses are publicly- available data that are not created or assigned by us or any central party, and by themselves are not personally identifying. Similarly, because blockchain data is controlled in a disseminated fashion, and not by this Company, and consequently it cannot be deleted or destroyed by this Company (although it may be collected by us for a limited time solely for the purpose of providing our services.
- Information from other sources. We or our Service Providers may receive information about your wallet address or transactions made through the services from their end user customers, with the end-user’s consent. A Service Provider such as a fiat payment provider may also obtain personal data on you from other publicly accessible directories and sources. These may include websites; bankruptcy registers; tax authorities; governmental agencies and departments, and regulatory authorities, to whom they have regulatory obligations; credit reference agencies; sanctions screening databases; and fraud prevention and detection agencies and organizations, including law enforcement. Further, analytics providers who screen for wallets and IP addresses that are barred by authorities may also gather personal information. Analytics providers who seek to ensure the functionality of our platforms may also use other aggregated personal information or personal data from our business customers. Please see our Cookie Policy for more information.
- Information from tracking technologies. We or our Service Providers may access and collect information from mobile device ID (including general non-specific device location), cookies, web beacons, and other similar technologies to provide and personalize the services and features of the services for you across sessions. This may include counting the number of users that have visited our website, the top pages on the website visited by users, and top referring sources. Please see our Cookie Policy for more information.
- Other personal, commercial and/or identification information. We or our Service Providers may access and collect whatever information we or our Service Providers, respectively, in each’s sole discretion, deem necessary or advisable to comply with our or the respective Service Provider’s legal or regulatory obligations under various laws which may be determined by them to be applicable to us, such as the U.S. Bank Secrecy Act (BSA) or other laws or regulations. This information may include your corporate documentation or driver’s license, state identification card, passport number, financial account number, debit card number, geolocation data or credit card number in combination with any required security or access code. At this time all pre-screening of wallets for unlawful uses, and collection and processing of data regarding fiat payments, is performed by third-party service providers specializing in that service; Company does not receive or collect data related to these functions. Company does not collect driver’s licenses, state identification information, or passport numbers, or any information required for pre-screening of users or for payments as those are handled by contracted third parties.
Information that we may collect about you automatically:
- Browser Information. Information that is automatically collected via analytics systems providers from your browser, including your IP address and/or domain name, any external page that referred you to us, your login information, Internet browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, your Media Access Control (MAC) address, computer type (Windows or Mac), and screen resolution.
- Log Information. Information that is generated by your use of the Website or our services that is automatically collected and stored in our server logs. This may include, but is not limited to, device- specific information, location information (such as country of origin), system activity and any internal and external information related to pages that you visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website or app, including date and time; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. We may collect similar information, such as your device type and identifier, if you access the Website or our services through a mobile device. We use this information to ensure that the Service functions properly.
We may obtain information about you in a number of ways through your use of our services, including through any of our websites, or engagement with the Website or our services, webinar sign-up forms, event subscribing if any, news and updates subscribing, if any, and from information provided in the course of on-going support service communications. We may also receive information about you from third parties such as your payment providers and through publicly available sources. For example:
- If you are an end user, our business customers may provide us with your wallet address, and a portion of your IP address sufficient to perform our services. General data analytics providers may collect sufficient information from our site(s) to perform that function; or
- Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our website.
7. How we may use data and the lawful basis for processing your personal information.
Certain laws, such as the European GDPR and UK GDPR, may require us to have a legal basis for processing “personal data” (as that term or comparable term is defined under applicable law). Our bases for processing your data include (but are not limited to):
Consent.
To the fullest extent permitted by applicable law, when you have given us or our Service Providers clear consent to process your Personal Data for one or more specific purposes.
To provide the functionality of the Website or our services, providing our services and fulfilling your requests.
We process personal data in order to provide our services and products, as well as information regarding our products and services based on the relationship with our users (i.e., so as to perform our obligations), to provide users with related customer service, to respond to your inquiries and fulfill your requests, such as to send you documents you request or email alerts, to send you important information regarding our relationship with you or regarding the Website or our services, changes to our terms, conditions, and policies and/or other administrative information. In addition, the processing of personal data takes place to enable the completion of any user on-boarding process, at which time we may process various information such as contact details. We may rely on your consent, our legitimate interests, and/or the fulfillment of a contractual obligation (such as under the Terms of Service available at [website]) as the lawful basis for processing your Personal Data.
Our legitimate interests are to provide you with our services that you or your company have requested appropriately.
When processing is necessary for the performance of a contract with you.
Personal Data may be processed when it is necessary to perform a contract we have with you, or when you have asked us to take specific steps before entering into a contract. We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation. We may rely on legitimate interests and/or the fulfillment of a contractual obligation as the legal basis for processing your Personal Data.
To comply with applicable laws, subpoenas, court orders, other judicial process, or the requirements of any applicable regulatory authorities and to exercise and defend legal claims.
We may need to use your personal information to comply with any applicable laws and regulations, subpoenas, court orders or other judicial processes, or requirements of any applicable regulatory authority (including Know Your Customer, compliance, security and identity checks). We do this not only to comply with our legal obligations but because it may also be in our legitimate interest to do so.
There are a number of legal obligations which may ultimately be imposed by relevant laws to which we are subject, as well as specific statutory requirements for example, to the extent applicable, anti- money laundering laws, financial services laws, corporation laws, anti-terrorism laws, privacy laws and tax laws. There are also various supervisory authorities whose laws and regulations may apply to us. Such obligations and requirements impose on us necessary personal data processing activities for identity verification, wallet screening, payment processing when appropriate, compliance with court orders, tax laws or other reporting obligations and controls. These obligations apply at various times, including user on-boarding, payments and systemic checks for risk management. We may also use data to prevent the use of our services in connection with fraudulent or other illicit activities.
For the purpose of safeguarding legitimate interests.
We process personal data so as to safeguard the legitimate interests pursued by us or by a third- party (including any of our Service Providers). A legitimate interest is when we have a business or commercial reason to use your information. Example of such processing activities include (but are not limited to) the following:
- Initiating legal claims and preparing our defense in litigation procedures;
- Undertaking means and processes to provide for the Company’s IT and system security, preventing potential crime or fraud, asset security and access controls;
- Performing audits or instructing our auditors, to verify that our internal processes function as intended and we are compliant with legal, regulatory, or contractual requirements;
- Developing and adopting measures for managing the business and for further developing products and services, including to enhance, improve or modify our services;
- Performing research, analytics and, data analysis;
- To communicate with you regarding our services;
- Sharing your data with security and analytics providers for the purpose of updating and/or verifying that your use of our services is in accordance with the relevant anti- money laundering compliance frameworks;
- In some cases with fiat payment providers; and
- Risk management.
To provide you with our services, or information about our services, and to review your ongoing needs.
We must use your personal information to perform our services and comply with our obligations to you. It is also in our legitimate interests to try to ensure that we are providing the best products and services so we may periodically review your needs based on our assessment of your personal information to ensure that you are getting the benefit of the best possible products and services from us.
To help us improve our products and services, including support services, and develop and market new products and services.
We may, from time-to-time, use personal information provided by you through your use of our services and/or through user surveys to help us improve our products and services. It is in our legitimate interests to use your personal information in this way to try to ensure the highest standards when providing you with our products and services and to continue to be a market leader within our industry.
To investigate or settle enquiries or disputes.
We may need to use personal information collected from you to investigate issues or to settle disputes with you because it is our legitimate interest to ensure that issues and disputes get investigated and resolved in a timely and efficient manner.
Data analysis.
Our website pages and emails may contain web beacons or pixel tags or any other similar types of data analysis tools that allow us to track receipt of correspondence and count the number of users that have visited our webpage, the top pages on the Website visited by users (within the Website and applications), top referring sources to the Website or opened our correspondence. We may aggregate your personal information with the personal information of our other users on an anonymous basis (that is, with your personal identifiers removed), so that more rigorous statistical analysis of general patterns may lead us to providing better products and services.
If your personal information is completely anonymized, we do not require a legal basis as the information will no longer constitute personal information. If your personal information is not in an anonymized form, we rely on your consent when such data is collected via non-essential cookies if required by law, and also because it is in our legitimate interest to continually evaluate that personal information to ensure that the products and services we provide are relevant to the market.
Internal business purposes and record keeping.
We may need to process your personal information for internal business and research purposes as well as for recordkeeping purposes and other operational or management purposes. Such processing is in our own legitimate interests and is required in order to comply with our legal obligations. This may include any communications that we have with you in relation to the products and services we provide to you and our relationship with you. We will also keep records to ensure that you comply with your contractual obligations pursuant to the Terms of Service governing our relationship with you and other policies, guidelines, and procedures for our Website or our services.
Notifications.
Often the law requires us to advise you of certain changes to products or services or laws. We may need to inform you of changes to the Terms of Service, other any other policies, guidelines, and procedures for our Website or our services (including or the features of our services). We need to process your personal information to send you these notifications. You will continue to receive this information from us even if you choose not to receive direct marketing information from us.
For Service Providers.
We or our Service Providers may collect and process personal information in order for the Service Provider to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services and performing services on our behalf. This lawful basis set forth in this Section for our collection of personal information would generally apply to any appropriate Service Provider i.e. a Service Provider assisting in providing such services or goods.
8. How we may disclose your personal information.
The Company will not disclose any of its users’ (including end-users, as applicable personal information to a third-party, except: (a) to the extent that it believes is or may be required to do so pursuant to any applicable laws, rules or regulations; (b) if there is a duty to disclose; (c) if our legitimate business interests require disclosure; (d) in line with our Terms of Service; (e) safety and security, (f) business changes (such as merger, acquisition, bankruptcy, dissolution, reorganization, asset or stock sale, or other business transaction), (g) with Service Providers to assist in providing, delivering or improving the services, or (h) at your request or with your consent or to those described in this Privacy Policy. The Company will endeavor to make such disclosures on a “need-to-know” basis, unless otherwise instructed by a regulatory authority. Under such circumstances, the Company will notify the third-party regarding the confidential nature of any such information.
As part of using your personal information for the purposes set out above, the Company may generally disclose your personal information to the following:
- Any third-party with your consent or at your direction.
- Any members, employees, officers, directors, managers, and shareholders of the Company, our affiliates and subsidiaries;
- Any of our Service Providers and business partners, for business purposes, such as specialist advisors who have been contracted to provide us with administrative, financial, legal, tax, compliance, insurance, IT, debt-recovery, analytics, research or other services;
- Any third parties connected with the sale, merger, bankruptcy, sale of assets, joint venture or collaboration, assignment, transfer or reorganization of the Company;
- Any enforcement and government agencies, as required under the applicable law;
- To government authorities, including regulatory agencies and courts, as reasonably necessary for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law; and
- Third-party services to which you’ve connected in connection with your use of the Website or our services.
In furtherance of the above, we may also share your personal data as follows:
Our Service Providers may provide us with services for our websites, as well as other products and services, such as web hosting and moderating, mobile application hosting, data analysis, payment processing, order fulfillment, customer service, infrastructure provision, technology services, email and direct mail delivery services, auditing, legal services, and other similar services. If the Company discloses your personal information to Service Providers and business partners, in order to perform the services we make efforts to require that Service Providers and business partners who process personal information acknowledge the confidentiality of this information, undertake to respect any user’s right to privacy and comply with all relevant privacy and data protection laws and this Privacy Policy. In these circumstances, however, your information will be subject to the relevant party’s privacy statements. If you do not wish for your information to be shared in this manner, you may choose to not access the Website or use our services.
The Website or our services may at some point include links, or introductions, to third-party services or service providers. The use of these third-party services or service providers may result in the collection and sharing of information about you by these third-party services. We encourage you to be aware when you leave our services, and to read the privacy statements or notices of each website or app on which you land after you click on a link or social networking button.
Business Transactions: The Company may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may assign or transfer this Privacy Policy and your personal data to a third-party in connection with such a corporate business transaction, for example, during negotiations or as an asset. Personal Data may also be disclosed in the event of insolvency, bankruptcy, or receivership.
Legal Obligations and Rights: In addition to the purposes described above, we may disclose personal data to third parties, such as legal advisors and law enforcement, to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such personal data if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our agreement for services, or as otherwise required by law. If required by applicable law, we will use reasonable efforts to seek your consent or opt-in to such sharing (to the extent legally permitted).
Transfers Directed or Permitted by You: We may disclose personal data about you to certain other third parties at your direction or with your consent or permission.
Cookies: To enable our systems to recognize your browser or device and to provide and improve our services, we use cookies and similar technologies. For more information about how we use them, how you can control them, and your choices regarding interest-based advertising and targeted advertising please see our Cookie Policy.
Non-Identifiable: In addition, where allowed by applicable law, we may use and disclose information that is not in personally identifiable form for any purpose. If we combine information that is not in personally identifiable form with information that is identifiable (such as combining your name with your geographical location), we will treat the combined information as personal information as long as it is combined.
9. Transfers of personal information outside of the European Economic Area (EEA) and the United Kingdom (UK).
Your personal information will be processed and stored in the United States or in any country where we have facilities or Service Providers, and by accessing the Website or using our services or by providing consent to us (where required by law), your information may be transferred to countries outside of your country of residence, including to the United States, which may provide for different data protection rules than in your country. To the extent applicable, we may transfer your personal information outside the EEA and UK to other Company subsidiaries, Service Providers and business partners (i.e., Data Processors) who are engaged on our behalf. To the extent that we transfer your personal information outside of the EEA and UK, we will use reasonable efforts to ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the European Union (EU) General Data Protection Act 2016 and the UK Data Protection Act 2018. If transfers of personal information are processed in the US, we may in some cases rely on standard contractual clauses. Please note, all servers are at this time located in the United States of America, and by use of our services you are deemed to have consented to such location.
10. Your personal information will be stored and processed in the United States. Transfers of personal information outside of your country.
By using our products and services, you consent to your personal data being transferred to other countries, including countries that have differing levels of privacy and data protection laws than your country. In all such transfers, we will use reasonable organizational, technical, and administrative measures to protect your personal information as described in this Privacy Policy and ensure that appropriate information sharing contractual agreements are in place. Currently servers are located solely in the United States.
11. Privacy when using blockchains.
Your engagement with the Website or our services relating to Digital Assets may be recorded on a public blockchain. Please note, to be clear, the Company is entitled to limit payments for any products or services to any one or more Digital Assets and/or to fiat. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when blockchain data is combined with other data.
Because blockchains are decentralized networks which are not controlled or operated by Company or its affiliates, we are not able to erase, modify, or alter personal data from such networks.
12. Data Retention.
Safeguarding the privacy of your personal information is of utmost importance to us, whether you interact with us personally, by phone, by email, over the internet or any other electronic medium. We will hold personal information, for as long as we require it for our business relationship with you, in secure computer storage facilities, and we take the reasonable measures to protect the personal information we hold from misuse, loss, unauthorized access, modification or disclosure.
We will retain Personal Data we process on behalf of our customers or users for as long as needed to provide the Service to our customers, subject to our compliance with this Privacy Policy and any relevant customer agreements. When we consider that personal information is no longer necessary for the purpose for which it was collected, we will delete such information or remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time (after you cease being our user). For example, we may be subject to certain laws that require us to retain certain information for a period of 5 years after our business relationship with you has ended.
We may keep your data for longer than 5 years if we cannot delete it for legal, regulatory, or technical reasons. We may further retain and use this Personal Data as necessary, including by not limited to:
- complying with our legal obligations (including in defense or pursuit of a legal claim),
- maintaining accurate accounting, financial, and other operational records,
- resolving disputes, and
- enforcing our agreements.
Also, the personal information we hold in the form of a recorded information, if any, by telephone, electronically or otherwise, will be held in line with local regulatory requirements (i.e., 5 years after our business relationship with you has ended or longer if we have legitimate interests (such as handling a dispute with you). If you have opted out of receiving marketing communications, we will hold your details on our suppression list so that we know you do not want to receive these communications.
13. Cookies.
When you use our products and services, [if you are our business customer], we may make use of the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools (collectively, “Cookies“) on your computer or other devices used when engaging with us. We use Cookies to help us recognize you as a customer, collect information about your use of our products and services, to better customize our services and content for you, and to collect information about your computer or other access devices to ensure our compliance with our legal obligations. We may receive reports based on the use of Cookies from third-party Service Providers on an individual as well as aggregated basis. For more information, including the information on how you may disable these technologies, please see our Cookie Policy4.
14. Your rights regarding your personal information.
To the extent granted by applicable law, you may have certain rights to control or seek information about the Company’s processing of your personal data. Depending on your jurisdiction, and subject to its relevant exemptions and exceptions, these rights may include, among others, the right to:
Information Access.
If you ask us, we will confirm whether we are processing your personal information and, if so, what information we process and, if requested, provide you with a copy of that information within 30 days from the date of your request.
Rectification.
It is important to us that your personal information is up to date. We will take all reasonable steps to make sure that your personal information remains accurate, complete and up-to-date. If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your personal information to others, we will let them know about the rectification where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them directly.
You may inform us at any time that your personal details have changed by emailing us at <Privacy@SwapKit.dev>. . The Company will change your personal information in accordance with your instructions. To proceed with such requests, in some cases we may need supporting documents from you as proof, i.e., personal information that we are required to keep for regulatory or other legal purposes. Please note that, to the extent any of your personal information is memorialized on the public blockchain, we may not be able to rectify it. See 8 above.
Erasure.
You can ask us to delete or remove your personal information in certain circumstances such as if we no longer need it, provided that we have no legal obligation to retain that data. Such requests will be subject to the contract that you have with us, and to any retention limits we are required to comply with in accordance with applicable laws and regulations. If we have disclosed your personal information to others, we will let them know about the erasure request where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them directly. Erasure is subject to the limitations set forth in the Terms of Service and any other policies, guidelines, and procedures for the Website or our services. Please note that, to the extent any of your personal information is memorialized on the public blockchain, we may not be able to delete or remove it. See 8 above.
Processing restrictions.
You can ask us to block or suppress the processing of your personal information in certain circumstances such as if you contest the accuracy of that personal information or object to us processing it. It will not stop us from storing your personal information. We will inform you before we decide not to agree with any requested restriction. If we have disclosed your personal information to others, we will let them know about the restriction of processing if possible. If you ask us, if possible and lawful to do so, we will also inform with whom we have shared your personal information so that you can contact them directly.
Data portability.
In certain circumstances you might have the right, to obtain personal information you have provided us with (in a structured, commonly used and machine readable format) and to re-use it elsewhere or ask us to transfer this to a third-party of your choice.
Objection.
Please see limitations and procedures set forth in the Terms of Service and any other policies, guidelines, and procedures published on the Website or regarding our services. Please be aware that information cannot be deleted from the public blockchain. Otherwise, you can ask us to stop processing your personal information, and we will do so, if we are:
- Relying on our own or someone else’s legitimate interests to process your personal information except if we can demonstrate compelling legal grounds for the processing;
- Processing your personal information for direct marketing;
- Appealing our decisions to your local regulator and such appeal has been terminated; or
- Processing your personal information for research unless we reasonably believe such processing is necessary or prudent for the performance of a task carried out in the public interest (such as by a regulatory or enforcement agency).
Automated decision-making and profiling.
We do not make decisions about you based on automated decision making, except (i) by screening end user wallets against published lists of sanctioned addresses by the U.S. Treasury and similar governmental bodies; and (ii) on behalf of our business customers, implementing optional additional risk-based screening of end user wallets. If we make a decision about you based solely on an automated process (e.g., through automatic profiling) that affects your ability to access the Website or our services or has another significant effect on you pursuant to sub (ii) preceding, you can request not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us or for the compliance with applicable law. However, such requests by end users are solely at the discretion of our business customers, and should be directed towards them; we do not address end user requests of this type, and do not control the specific risk parameters implemented by our business customers. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. We may not be able to offer our products or services to you in such a case.
15. Changes to this Privacy Policy.
Our Privacy Policy is reviewed regularly to ensure that any new obligations and technologies, as well as any changes to our business operations and practices are taken into consideration, as well as that it remains abreast of the changing regulatory environment. Any personal information we hold will be governed by our most recent Privacy Policy.
If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and other places we deem appropriate. You consent to these changes by continuing to use our services.
16. Our products and services are not directed at children.
Users Under Age 18. We do not knowingly permit users under age 18 ) in accordance with our Terms of Service. Our products and services are not directed to persons under the age of majority in such person’s jurisdiction (e.g., 18 years old in the United States), hereinafter “Children“, “Child” and we do not knowingly collect personal information from Children. If we learn that we have inadvertently gathered personal information from a Child, we will take legally permissible measures to remove that information from our records. If you are a parent or guardian of a Child, and you become aware that a Child has provided personal information to us, please contact us at the email address indicated below. You may request to exercise your applicable access, rectification, cancellation, and/or objection rights by contacting us at Privacy@SwapKit.dev
17. Accessibility.
If you have a problem reading or accessing information or materials on the Website or regarding our services, please inform us at <Privacy@SwapKit.dev>.
18. Choices and Access.
We give you choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt out from:
Receiving marketing communications from us: We do not engage in marketing at this time. If we were to do so and you no longer wanted to receive marketing communications from us on a going forward basis, you may opt out of receiving them by contacting us at <Privacy@SwapKit.dev>. In your request to us, you would need to provide your name, identify the form(s) of marketing communications that you no longer wish to receive, and include the address(es) to which it/they are sent. For example, if you no longer wish to receive marketing emails or direct mail from us, tell us that, and provide your name and email or postal address.
Receiving reminders from us: If you no longer want to receive reminders from us on a going- forward basis, you may opt out of receiving them by contacting us at the email address <Privacy@SwapKit.dev>. . In your request to us, please provide your name and the email address or phone number at which you receive reminders from us.
Our sharing of your personal information with affiliates and third-party partners: If we were to engage in such activities and you previously opted in to receiving marketing communications from our affiliates or third-party partners, you may opt out of our sharing of your personal information with those parties for their direct marketing purposes on a going-forward basis by contacting us at <Privacy@SwapKit.dev>. . In your request to us, please state that we should no longer share your personal information with our affiliates and/or third- party partners for their marketing purposes, and include your name and email address.
We will seek to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out as described above, we will not be able to remove your personal information from the databases of our affiliates with which we have already shared your information (i.e., as of the date that we implement your optout request). Please also note that if you opt out of receiving marketing-related messages from us, we may still send you important transactional and administrative messages, from which you cannot opt out.
If you would like to review, correct, update, restrict, or delete your personal information, or if you would like to request to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), please contact us at <Privacy@SwapKit.dev>. We will respond to your request as soon as reasonably practicable and no later than one month after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.
19. Contact Information.
Any questions, complaints, comments and requests regarding this Privacy Policy are welcome and should be addressed by contacting us at <Privacy@SwapKit.dev>.
20. General Data Protection Authorities.
If you are not satisfied with our response to your complaint, you have the right to submit a complaint to the regulator in your country. Here are the contact details of some of the regulators:
For residents of Australia:
Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2001
For residents of Canada:
Contact: https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/.
For residents of the United Kingdom:
The Information Commissioner’s Office Wycliffe House, Water Ln
Wilmslow SK9 5AF, UK
Contact: Contact us | ICO
If you are an EEA citizen European Economic Area:
This will be the supervisory authority in the member state where you work, normally live, or where the alleged infringement of data protection laws has occurred. A list of EEA supervisory authorities is available here.
Contact: Please click here for contact information for EU national data protection authorities.
For residents of Japan:
Personal Information Protection Commission Kasumigaseki Common Gate West Tower 32nd Floor, 3-2-1, Kasumigaseki, Chiyoda-ku, Tokyo, 100-0013, Japan
For residents of Singapore:
Personal Data Protection Commission 10 Pasir Panjang Road,
#03-01 Mapletree Business City Singapore 117438
If your own jurisdiction is not listed here, please see your local governmental guidance.
1 Note to Client: We would recommend the Cookie approve-reject pop up at the time users come to the website, to opt in or opt out of. We also recommend you provide accessibility adjustments. For example, if you look at the LLOY website you will see a little person in a blue circle (bottom right screen) which is a recognized symbol of access to accessibility options. This is a requirement in California. Please also note that should Company decide in future to sell personal information or share personal information for marketing purposes, it may need to provide a pop-up “Opt Out” button at the same time/location as the Cookie pop-up. Once a revised privacy policy gets used, please be sure to retain an archival copy of each version (including a record of when it became effective). Also retain records of any internal trainings related to privacy.
2 [Insert hyperlink to US State PP.]
3 [Insert hyperlink to Cookie Policy.]
4 Hyperlink to Cookie Policy.