PRIVACY POLICY
Last updated: 8.06.2023
1. INTRODUCTION
1.1. This Privacy Policy for Neon Protocol Ltd (“Neon”, “we”, “us”, “our”), a legal entity established and existed in accordance with the laws of British Virgin Islands, having a registered office at Jayla Place, 2nd Floor, Road Town, Tortola, British Virgin Islands VG1110, BVI COMPANY NUMBER: 2112318.
1.2. This Privacy Policy describes how Neon may process your personal data (as defined below). Please take a moment to read this Privacy Policy carefully. This applies to the personal data we collect:
- on this Website (“Website”), which Neon owns and operates;
- when you access or use our applications and services;
- when you intentionally provide us with information, which contains your personal data (e.g. by sending us a message by the email).
1.3. By accessing / using our Website, applications and other services (hereinafter collectively referred as “Services”) you confirm that you understand that processing of your personal data (including transfer and disclosure) will be governed by this Privacy Policy. If you do not agree with the terms and conditions of this Privacy Policy, you must immediately stop using any of our Services and contact us so that we can take the best efforts in regard to deleting / restricting / anonymizing of your personal data we can control (if applicable).
1.4. This Privacy Policy is one of the documents that may govern the legal relationship between you and Neon. This Privacy Policy supplements other documents, which governs the provision of our Services (including Cookie Policy) and should be read in conjunction with them.
1.5. If you have any questions related to the processing of your personal data, you can write to our legal and compliance team at [email protected].
2. WHAT TYPES OF INFORMATION WE COLLECT?
2.1. What the personal data is. “Personal data” means any information that relates to an identified or identifiable living individual and other information about the person or related to the person. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
2.2. Categories of personal data that we process in relation to service provision to our users . We generally process different kinds of personal data which we have grouped together as follows:
- Identity Data includes your name, gender, photo, title, username and similar information;
- Contact Data includes email address, telephone number and postal address and/or similar information;
- Blockchain and Transaction Data includes crypto wallet address, public blockchain data about your transactions and similar information;
- Technical Data includes device identifiers, browser version and type, IP address and similar information;
- Usage Data such as how you use our Services, this also includes information we or others collect about you from cookies and similar tracking technologies (e.g. web beacons and pixels);
- Marketing and Communications Data includes your preferences in relation to receiving marketing materials, your communication preferences and similar information;
- Other Data such as any other data generated (obtained) in the course of our interaction with you (e.g., your directions or instructions given to us), customer’s feedback, survey results and similar information.
2.3. Anonymized data. We may anonymize your personal data or aggregate it (“Anonymized data”), so that it can no longer be associated with you or identify you, in which case we may use such Anonymized data for any purposes or share it with another person without any restrictions.
3. HOW WE COLLECT YOUR INFORMATION
3.1 Information you provide to us directly. We collect personal data that is relevant to our relationship with you. We may collect information by the direct interaction with you, this includes personal data you provide when you:
- register in our Services;
- participate in our surveys or polls;
- fill out any forms;
- enter in any agreements with;
- manage marketing emails;
- contacting for help or technical support;
- submit your personal data to us for any other reason.
Information, collected by direct interaction with you generally includes the following types of personal data:
- Identity Data;
- Contact Data;
- Blockchain and Transaction Data;
- Marketing and Communications Data;
- Other Data.
3.2 Information we collect from you automatically. While interacting with our Services, we may collect some information containing your personal data automatically. Information collected automatically includes Technical and Usage Data. We may collect this information by ways of monitoring, which are part of our Services, including cookies and similar technologies.
3.3 Information we receive about you from the third parties and other sources. We may receive information about you from third parties or other sources:
- Usage and Technical Data may be provided by our partners;
- we may collect Blockchain and Transaction Data by viewing public blockchains and transactions are made in them;
- in some cases your personal data, including but not limited Identity and Contact Data may be provided to us by the third parties, which refers to you (e.g. for business purposes) or acts in your interest.
4. HOW WE USE YOUR PERSONAL DATA
4.1. In general. Each data processing activity will be carried out for a specific purpose (generally determined by the nature of our business or our legal obligations) and will be based on at least one of the following lawful grounds:
- when we have your consent;
- when we need to comply with legal obligations (statutory or based on common law);
- when it is required to establish and perform an obligation, which is based on a contract;
- when we have a legitimate interest.
4.2. In order to provide you with a more detailed understanding of the purposes of data processing, we have set out the purposes of processing in the table below, accompanied by examples of activities, for which personal data is processed and the legal basis on which we carry out the relevant processing:
| Purpose | Example of activity | Legal basis for processing |
|---|---|---|
| Providing the services to the general audience | - Account creation (if applicable - Enable general audience to access and use our services | (a) Contract performance (b) Consent (additionally) |
| Providing support for our users and ensure quality control | - Creating bug tickets - Bugs fixing and troubleshooting Receive and answer your technical questions | (a) Contract performance (b) Legitimate interest |
| Product researches and development | - Providing opportunities to participate in product tests (including faucet) - Research and development of our products and services - Allow you voting on certain issues as a part of community | (a) Legitimate interest (b) Contract (if applicable) (c) Consent (additionally) |
| Conducting marketing activities and delivering advertising to our users | - Send you advertising information - Show you the most relevant ads and explore your interests | (a) Consent (b) Legitimate interest (if applicable) |
| To use data analytics to improve and develop our services and understand the needs of our users | - Analyzing user activity - Improve our services based on the data we collect | (a) Consent (b) Legitimate interest (if applicable) |
| To use data analytics to improve and develop our services and understand the needs of our users | - Analyzing user activity - Improve our services based on the data we collect | (a) Consent (b) Legitimate interest (if applicable) |
| Providing security for our services and integrity of our business | - Audit of our services - Fraud prevention activities | (a) Legitimate interest |
| Compliance with our legal and ethical obligations; establish a legal protection for our business or using the information for public safety | - Identity identification and KYC - Reporting officials about crime and suspicious activity - Restricting access to the forum (e.g. in the case of hate speech) - Keeping records for litigation purposes | (a) Legal obligations (b) Legitimate interest |
| Sending notifications | - Sending you newsletter - Report you on current status of our orders - Sending you data breach notification | (a) Legitimate interest (b) Legal obligations (if applicable) (c) Consent (additionally) |
| To develop our business and (or) participate in transactions | - To enable us participate in market transactions (corporate acquisitions, transfer of business) | (a) Legitimate interest |
4.3. Purpose limitation. We have tried to tell you about the purposes for the processing your personal data in clear and transparent way. We accept the possibility that new purposes for processing of your personal data may arise in the process of our interaction with you. We will only process data for a new purpose if:
- the new purpose is compatible with the original purpose; or
- the new purpose of data processing is required by the applicable laws; or
- we have your consent to process personal data for a new purpose. As a general rule, if the new purpose is significantly different from the original goal or looks unexpected, we will not consider it as “compatible”.
5. MARKETING. COOKIES AND ANALITICS.
5.1. We may use your personal data for marketing purposes. If you receive direct marketing communications, you always have the right to unsubscribe from it. Please note that opting out of receiving marketing communications does not affect other notices that may be sent to you from time to time.
5.2. In the course of our interaction with you we may use cookies and similar technologies (“Cookies”). Cookies, in particular, helps to identify you, analyze your preferences, improve and secure the Service and to personalize content and features and tailor advertisement. Please read our Cookie Policy. For further information about cookies, visit www.allaboutcookies.org.
5.3. To understand how users interact with our Services, we may use our own or third-party data analysis solutions (such as Google analytics). You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout.
6. CHILDREN’S PERSONAL DATA
6.1. Our Services are not intended for children. We do not knowingly solicit or collect information from the persons under the age of 18.
6.2. If you are a parent or guardian of a child and believe that we have collected child’s personal data, please contact us. If we discover that personal data relating to a child is under our control, we will take steps to delete or otherwise “forget” such information.
7. HOW WE DISCLOSE YOUR PERSONAL DATA
7.1. In the course of conducting our business, in order to execute the purposes of data processing describing above we may share your personal data with the third parties. For example, we may share your personal data to the following categories of recipients as follows:
- To our subsidiaries and affiliates: we may share your personal data with our subsidiaries and affiliates if it necessary to fulfil the purposes of data processing (e.g. by distribution of responsibilities within Neon and its subsidiaries and affiliates in order to provide you the possible service and customer support);
- To professional advisers: we may share your personal data with professional advisers such as lawyers, auditors and accountants (e.g. to comply with applicable laws or obtain a legal advice or professional service);
- To service providers and suppliers: we may share your personal data with those who need it to do work for us. Typically, this category of recipients includes independent contractors (e.g. hosting providers, data analytics provides, marketing providers, etc.);
- To government authorities: we may share your personal data with law enforcement agencies, when it needed to comply the law;
- Protection and safety: we may share your personal data with social services (e.g. emergency or rescue service) and government bodies (e.g. courts and police) if it necessary to protect the health and safety of you or other people, our business or to participate in legal or administrative proceedings;
- Business Transfers: we may share your personal data when it is necessary for business transactions, such as a sale or transfer of a business, financing, bankruptcy, or any negotiation of a deal that affects our business (in whole or in part) (“Business Transactions”), if the Business Transaction cannot be normally completed without disclosure of personal data;
- Blockchain and public display: we may publicly display your personal data when you make it available through the blockchain or provide it for the purposes, which otherwise requires displaying your personal data on the multiple devices (e.g. when you use our social platforms).
7.2. At your instruction or request and (or) based on your direct consent (if required) we may share your personal data with another categories of recipients.
8. INTERNATIONAL DATA TRANSFER
8.1. International transfer of personal data. As a British Virgin Islands based company we process the personal data, mainly, under the rules and regulations of the British Virgin Islands. Whenever we transfer personal data to other jurisdictions, we will ensure that this information is transferred in accordance with this Policy and as permitted by applicable data protection laws.
8.2. Safeguards. Please be aware, that your personal data may be stored/transferred outside the jurisdiction in which such personal data was collected. Unfortunately, not all countries have an adequate level of personal data protection. In such case we will provide appropriate safeguards for the personal data transfers, where possible (e.g. by using technical and/or contractual measures).
8.3. Derogations in the specific situations. We may derogate from using of foregoing safeguards (where permitted by law), especially in the context of blockchain-based Services including (without limitation) when the data transfer is required for important reasons of public interest or in the interest of the data subject, where an applicable contract obligation exists.
9. SECURITY MEASURES
9.1. We take steps to ensure that your information is treated securely. We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, unauthorized access and disclosure, taking into account the nature, scope, context and purpose of the data processing, and the existing level of risks.
9.2. Unfortunately, we are unable guarantee that your personal data will always be secure, since almost any system for keeping / transmitting information can be hacked or may have vulnerabilities. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
10. RETENTION OF PERSONAL DATA
10.1. In general. Basically, personal data is stored or otherwise processed only during that time when there is a business or compliance reason to do so.
10.2. Retention Period. Processing of personal data that Neon collects, stores or otherwise use will take place during the specific period, during which there is a need to access such data in order to fulfill one or more processing purposes (“Retention Period”). In our interaction with personal data, we will use the principle of data minimization, which means that we strive to (i) minimize the amount of personal data collected; and (ii) minimize the length of the Retention Period.
10.3. Length of the Retention Period. The length of the Retention Period depends on the purposes of data processing, taking into account the potential risk of harm from the personal data breach. Thus, we will use your personal data only as long as necessary to fulfil the purposes for which the information is collected, unless the applicable laws require longer length of the Retention Period. Among other things, this means that we may retain records of you for a period of time where we have legal grounds, even if you have ended your interaction with us.
11. THIRD PARTIES AND THEIR SERVICES
11.1. This Website or other Services provided by Neon may refer or contain links to the third-party services, which includes but not limited to the websites, plug-ins and applications (“Third-Party Services”).
11.2. Please note that we cannot control Third-Party Services and its methods and ways of using your personal data, even some our own Services are combined or intended to be used together with such Third-Party Services. We encourage you to review relevant third-party privacy notices that govern their processing of your personal data before any interaction with Third-Party Services.
12. BLOCKCHAIN & PRIVACY
12.1. In the process of interacting with you, Neon may provide you with blockchain-based Services or refers to the blockchain-based services owned and operated by the third parties. In general, Blockchain can be described as a technology for distributed data storage. This means that the data records in the blockchain, by the general rule, are (i) immutable; (ii) decentralized (controlled / stored by many persons); and (iii) publicly available.
12.2. In particular, blockchain has the following impact on your privacy:
- Immutability: in general, personal data placed in the blockchain cannot be deleted;
- Decentralization: there is no single person who administer the blockchain data, due to decentralized nature of the blockchain records (blockchain is governed by the multiple voices, not one);
- Public Availability: blockchain-stored information (including any personal data, if any) can be easily accessed by any interested person.
12.3. Contrary to popular misconception, blockchain transactions, generally, cannot be described as “anonymous”. Information from the blockchain can be compared to other publicly / non-publicly information obtained from other sources. In particular, this may lead to the de-anonymization (disclosure of personality) and / or disclosure of your financial status and transactions.
12.4. Please do not use blockchain technology if the possible impact on your privacy does not meet your expectations. If you are unfamiliar with blockchain technology, we strongly encourage you to do your own research or seek a professional advice on how the blockchain may impact on your privacy.
13. YOUR RIGHTS
13.1. Rights you may enjoy. Depending on the jurisdiction, in which you reside and (or) we provide Services, you may have certain rights regarding the control of your privacy. For example, GDPR and similar laws provide you the following rights:
- Access: the right to require us provide you with confirmation of data processing activity, a copy of the personal data processed and supplementary information, such as the terms under which we process your personal data (these terms are already described in this privacy policy);
- Rectification: the right to require us correct incorrect personal data or complete it;
- Erasure (right “to be forgotten”): the right to require us to erase your personal data;
- Restriction of processing: the right to require us to restrict using of your personal data in certain circumstances (when processing is restricting, we, generally, may only store your personal data and will refrain from most other processing activities);
- Data portability: the right to require use to provide you with a copy of your personal data in structured, commonly used and machine-readable format;
- Object: the right to object to the processing of their personal data in certain circumstances (have an absolute right to stop direct marketing communications with you, or, in certain circumstances, may object against processing, which is based on legitimate interests);
- Withdrawal: the right to withdraw your consent to the processing of personal data (this will not affect the lawfulness of processing based on consent before its withdrawal).
13.2. We will not use any automated individual decision-making (i.e. a decision making process, which used solely automated means without any human involvement), including profiling, which produces legal effects concerning your rights or which may significantly affect you, unless:
- it is necessary for the entry into or performance of a contract;
- it is authorized by the applicable laws;
- it is based on the individual’s explicit consent.
13.3. We will be happy if you contact us and we will consider the opportunity to help you exercise your rights. Please note that, in general, these rights are not absolute and requests to exercise them may be denied in certain circumstances.
14. RIGHT TO LODGE A COMPLAINT
14.1. If you believe that we are violating your privacy rights or handling your personal data inappropriately, you have the right to file a complaint with your national data protection authority (“Data Protection Authority”) or bring a suit in the court. We would be happy if you contact us before doing this so that we can take steps to resolve your problem or clear your doubts regarding your personal data treatment.
14.2. Contact details of Data Protection Authority in several jurisdictions can be found by the links below:
For individuals in the EU: https://edpb.europa.eu/about-edpb/board/members_en
For individuals in the UK: https://ico.org.uk/global/contact-us/
For individuals in the British Virgin Islands: https://ombudsman.ky/privacy-policy
15. HOW WE UPDATE THIS PRIVACY POLICY
15.1. Wereservetherighttoupdateourprivacypracticesforbusiness,legaloroperationalreasonsatany time. We will provide you with the most actual information on how we treat your personal data by updating this Privacy Policy.
15.2. We recommend you reviewing the current version of this Privacy Policy, available at the following link https://dao.neonevm.org/privacy-policy, to stay up to date with the latest changes. The date the Privacy Policy was last revised is identified at the top of this page. In the event of material changes in our privacy practices, we may additionally notify you (e.g. by placing the notification on the main page of our Website or by email).