About this Notice
This privacy notice (“Notice”) explains how and why Vesting Labs Ltd. (also referred to as “TokenOps”, “Company”, “we”, “our” and “us”) uses personal data about those individuals that either use or access our website https://tokenops.xyz/ (the “Website”) or use our services as may be described on the Website from time to time (the “Services”) (in each case, referred to as “you”).
You should read this Notice, so that you know what we are doing with your personal data. Please also read any other privacy notices that we make available to you, that might apply to our use of your personal data in specific circumstances outside the scope of this Notice, which primarily concerns our processing of your personal data in relation to or in connection with Website and other Services.
Please note our Services are intended solely for use by individuals who are at least 18 years of age. We do not collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from an individual under 18, we will promptly delete such data. If you believe that we may have collected data relating to a person under the age of 18, please contact us at privacy@tokenops.xyz.
Who we are and our contact details
2.1.
We are Vesting Labs Ltd. with company number 14695174 and registered office address at 101 New Cavendish Street, 1st Floor South, London, United Kingdom, W1W 6XH. We own and manage the Website and software used in the Services and are the controller of data collected through the Services (as defined below).
2.2.
Our contact for data protection purposes is privacy@tokenops.xyz.
2.3.
Our EU representative is ZAMA SAS and representative in Switzerland is Zama Switzerland AG, who can each be contacted by email to privacy@zama.org. Zama SAS is registered with the Paris Register of Commerce and Companies under reference 879243319 RCS Paris and has its registered office at 8 rue du Sentier, Paris 75002 and Zama Switzerland AG is registered in the Commercial Register of the Canton of Zug under company number CHE-186.971.062 with address at Grafenauweg 8, 6300 Zug, Switzerland.
Our data protection responsibilities
In this Notice we refer to the following terms, which have the following meanings:
“Personal data” is any information that relates to an identifiable natural person from which that person can be identified. Your name, address and contact details are all examples of your personal data, if they identify you.
The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use, consultation and transmission.
The term “controller” means any person or body which alone or jointly with others determines the purposes and means of processing of personal data. The Company is a so-called "controller" of your personal data in relation to the Website and Services and any marketing and promotional activities we undertake. This means that we make decisions about how and why we process your personal data for use in the Website and Services and, because of this, we are responsible for making sure it is used in accordance with applicable data protection laws.
What types of personal data do we collect and where do we get it from?
We collect your personal data from various sources. The table below sets out the different types of personal data that we collect and the sources we collect it from. Typically, you provide us with personal data directly when you communicate with us (including via the Website) or when you use our Services. We also obtain some personal data from other sources, and create some personal data ourselves, as set out in the table.
Marketing and communications data
You
Systems used for the Services
Please be aware that we cannot communicate with you or perform the Services without your personal data. Where we don’t need your personal data, we will make this clear, for instance we will explain if any forms you are required to complete are optional or contain sections that can be left blank.
If any of the personal data you have given to us changes, such as your contact details, please inform us without delay so that this can be updated.
What do we do with your personal data, and why?
We process your personal data for engagement with us or use of the Services, and the management and administration of our business.
We are required by law to always have a so-called “lawful basis” (i.e. a reason or justification) for processing your personal data. The table below sets out the purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.
Please note that where we have indicated in the table that our processing of your personal data is either:
necessary for us to comply with a legal obligation; or
necessary for us to take steps, at your request, to potentially enter into a contract with you, or to perform it,
we may not be able to provide our Services to you if you choose not to provide the relevant personal data to us.
Website Information
(It is in our and your interest to keep you informed of product and service developments)
We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand the spread of our customers.
Marketing and service communications
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. Where you opt-in to receiving marketing communications from us, we will send communications concerning us and our services (and Zama SAS products and services) to your nominated address.
The marketing communications may be sent via email, SMS, broadcast channels within Telegram, group chats or direct messages to you through the Website, Telegram or otherwise, in each case where you have opted in to receiving such communications and have not opted out. In the case of Zama SAS, marketing communications may be sent by email, but only where you have opted in to receiving such marketing communications and not subsequently opted out.
Third-party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes, including Zama SAS.
Opting out
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time to contact@tokenops.xyz or, where the marketing relates to products or services of third parties by following the opt-out links on any marketing message or other method indicated. Please note that if you opt out from receiving marketing communications from us for one channel only, we will continue to use the other channels that you have consented to. Please also note that where you opt out from receiving marketing communications, we will retain your contact details on our CRM system in order to process this request and make a record of your updated preference.
Where you have opted in to receive marketing communications from a third party, including Zama SAS, you should follow the instructions in the communication if you wish to opt out.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us for the purposes of using our Services or Website and you will still receive service-related communications that are essential for administrative or customer service purposes, through your preferred methods of communication. You can update your preferred method(s) at any time in your account settings.
Cookies
Where you opt-in to remarketing tags (we currently use X pixel) and targeted advertising technologies (we currently use X ads), you may adjust your settings at any time to opt out. Please see our Cookie Notice at https://tokenops.xyz/cookie-notice for more information on how to do this.
Service communications
We will send service-communications that are essential for administrative or customer service purposes through your preferred method of communication. You can update your preferred method(s) at any time, but we do require at least one method to be able to notify you of changes in or interruptions to the Services.
Who do we share your personal data with, and why?
Sometimes we need to disclose your personal data to other people.
From time to time we may ask third parties to carry out certain business functions for us, such as IT support. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data. Examples of these third-party service providers include service providers and/or sub-contractors, which include IT systems software and maintenance, back up, and server hosting providers.
In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right, for example where:
(a)
we buy, sell or transfer our business (or part of it) in connection with a share or asset sale or outsourcing, we may disclose or transfer your personal data to the prospective seller, buyer or transferor and their advisors; and
(b)
we need to disclose your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.
We have set out below a list of the categories of recipients with whom we are likely to share your personal data:
(a)
IT support, cloud platform and data hosting providers;
(b)
service providers which provide the tools used for remarketing and targeted advertising;
(c)
Service providers which provide communication tools;
(d)
consultants and professional advisors including legal advisors and accountants;
(e)
courts, court-appointed persons/entities, receivers and liquidators; and
(f)
governmental departments and statutory and/or regulatory bodies.
Where in the world is your personal data transferred to?
We may transfer your personal data to service providers and other external recipients that are established in jurisdictions other than your own.
Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your personal data as is provided to it under the laws in your jurisdiction.
Most of the service providers we use are located in the UK, EEA or Switzerland. However, some of our cloud service providers are located in the United States and we have agreements in place with them that include specific standard contractual terms approved for use in the UK, EEA and Switzerland which give the transferred personal data the same protection as it has in the UK/EEA/Switzerland, namely the EU Standard Contractual Clauses with UK and Swiss Addenda. Our remarketing tag provider (X pixel) and targeted advertising provider (X ads) are located in the United States Transfers of personal data to X Corp. in the United States are made on the basis of X Corp.'s certification under the EU-US Data Privacy Framework (DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework, as applicable. Where DPF certification does not cover the relevant category of data, transfers are made on the basis of Standard Contractual Clauses approved by the European Commission. A copy of the applicable transfer safeguards is available on request by contacting us at privacy@tokenops.xyz. As a general principle, we will always seek to ensure that adequate protections are put in place when transferring your personal data from within to outside the UK, European Economic Area or Switzerland. For more information regarding the transfers undertaken by us and the protections put in place, please contact us at privacy@tokenops.xyz. Details of our (sub)processors are available at https://tokenops.xyz/service-providers.
How do we keep your personal data secure?
We will take specific steps (as required by applicable data protection laws) to ensure we take appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long do we keep your personal data for?
We will only retain your personal data during the use of the Services or, if longer, for no longer than is necessary for the purposes for which we are processing your personal data. This will depend on a number of factors, including:
(a)
any laws or regulations that we are required to follow;
(b)
whether we are in a legal or other type of dispute with each other or any third party;
(c)
the type of information that we hold about you; and
(d)
whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
By law we have to keep basic information about our customers (financial and tax information) for the duration of the contract and then seven years after they cease being customers for tax purposes and contract, service (including Telegram communications data) and account data for the duration of the contractual relationship and then six years after they cease being customers, to preserve the documents in case of a dispute, for the limitation period.
We will keep your marketing communications data until you withdraw your consent or object to direct marketing, in which case your data will be suppressed or deleted within 30 days. We will keep your communications data, including channels you have opted in and out of, for the duration of the contractual relationship and six years thereafter.
Website and technical information (cookie and tracking data) will be kept as set out in our Cookie Notice at https://tokenops.xyz/cookie-notice.
In some circumstances you can ask us to delete your data: see your legal rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you would like further details on our retention policy, please email us at privacy@tokenops.xyz.
11. How do we communicate with you?
We will use your personal data to communicate with you using your preferred method(s) including email, SMS, Telegram group chats, direct messaging and broadcasting channels or otherwise through the Website:
in relation to any use of our Services;
to administer our relationship with you;
to respond to any questions or complaints that you may have; and
to invite you to take part in market research or request feedback on our products and services.
From time to time and with your consent (where required), we will provide you with information about news which may be of interest to you.
Where you have subscribed to our online newsletter, we will also provide a copy by email.
Please note that you may opt-out of receiving the newsletter and any other marketing materials that we send you, by unsubscribing or contacting us at any time through the Website or by emailing at contact@tokenops.xyz.
12. What are your privacy rights and how can you exercise them?
Where our processing of your personal data is based on your consent (please see the tables above), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Where processing is based solely on your consent (e.g. marketing communications and non-essential cookies), we will stop processing immediately upon withdrawal and will not rely on any alternative lawful basis for the same processing.
Right to object to processing based on legitimate interests:
Where our processing of your personal data is based on the legitimate interests (please see the tables above), you have the right to object to this processing at any time on grounds relating to your particular situation. Upon receipt of your objection, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.
Right to object to direct marketing:
Where we are processing your personal data for direct marketing purposes - including any profiling carried out for the purpose of direct marketing - you have the right to object to that processing at any time. This right is unconditional: we are required to cease processing your personal data for direct marketing purposes as soon as you exercise it, and we may not override or refuse your objection on any grounds. You can do this by unsubscribing to the address specified in a direct marketing email or by notifying us at contact@tokenops.xyz or by updating your communication preferences. Laws in certain jurisdictions may provide individuals with rights relating to personal data, such as those listed below. We will honour these rights to the extent required by law. If you are a US resident, please also refer to the section entitled "Additional Information for US Residents" below for information on additional rights that may be available to you. You have the right to (subject to applicable laws and certain limitations):
(a)
access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the persons to whom it is disclosed and the period for which it will be stored;
(b)
require us to correct any inaccuracies in your personal data without undue delay;
(c)
require us to erase your personal data;
(d)
require us to restrict processing of your personal data;
(e)
receive the personal data which you have provided to us, in a machine-readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us (please see the tables above) and where the processing is automated;
(f)
object to a decision that we make which is based solely on automated processing of your personal data (however, we do not currently conduct any such decision making);
(g)
make a complaint regarding the way we use your personal data.
If you wish to exercise any of these rights, please contact us at privacy@tokenops.xyz in the first instance. We will aim to respond to all legitimate requests within one month of receipt. More information on our complaints procedure is available on request from privacy@tokenops.xyz.
If you are resident in the UK and have a complaint and are dissatisfied with the outcome of our complaints procedure, you may also have the right to lodge a complaint with the relevant data protection regulator (for example for the Information Commissioner’s Office in the UK (www.ico.org.uk).
If you are resident in the EEA, you have the right to lodge a complaint with the data protection supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. A list of all EEA supervisory authorities and their contact details is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
If you are resident in Germany, you may contact the supervisory authority of the German federal state in which you are habitually resident or work. The Federal Commissioner for Data Protection and Freedom of Information (BfDI) can also be contacted at poststelle@bfdi.bund.de or www.bfdi.bund.de.
If you are resident in Switzerland, you may lodge a complaint with the Federal Data Protection and Information Commissioner by following the guidance at https://www.edoeb.admin.ch/en/submitting-a-complaint.
Additional Information for US Residents
This section provides additional information for residents of the United States, including disclosures required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the "CCPA"), and other applicable US state privacy laws (collectively with the CCPA, "US Privacy Laws"). This section supplements the information provided elsewhere in this Notice. To the extent there is any conflict between this section and the remainder of this Notice, this section shall prevail in respect of US residents.
Categories of Personal Information Collected. In the preceding twelve (12) months, we have collected the following categories of personal information (as defined under the CCPA) from or about consumers: (a) identifiers, such as name, email address and digital wallet address; (b) internet or other electronic network activity information, such as browsing history on our Website, IP address, online identifiers and information regarding your interaction with the Website; (c) commercial information, such as records of Services obtained or considered and subscription type; and (d) inferences drawn from the above categories of personal information. The sources from which we collect personal information and the purposes for which we use it are described in sections 4 and 5 of this Notice, respectively.
Sale and Sharing of Personal Information. We do not "sell" your personal information as that term is traditionally understood (i.e., in exchange for monetary consideration). However, certain uses of cookies, pixels and similar tracking technologies on our Website (including the X pixel and X ads described in this Notice) may constitute "selling" or "sharing" of personal information under the CCPA, as these technologies may enable third parties to collect information about your online activity for the purpose of targeted advertising. You may opt out of such selling or sharing by adjusting your cookie preferences via our Cookie Notice at https://tokenops.xyz/cookie-notice or by contacting us at privacy@tokenops.xyz . We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
Sensitive Personal Information. We do not collect or process categories of personal information that constitute "sensitive personal information" as defined under the CCPA.
Your US Privacy Rights. Subject to applicable US Privacy Laws and certain limitations and exceptions, if you are a US resident you may have the following rights in relation to your personal information:
Right to Know. You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected your personal information, the business or commercial purposes for collecting, selling or sharing your personal information, and the categories of third parties to whom we have disclosed your personal information.
Right to Delete. You have the right to request that we delete personal information that we have collected from you, subject to certain exceptions provided by law.
Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt Out of Sale or Sharing. You have the right to opt out of the "sale" or "sharing" of your personal information (as those terms are defined under the CCPA). As noted above, you may exercise this right by adjusting your cookie preferences via our Cookie Notice at https://tokenops.xyz/cookie-notice or by contacting us at privacy@tokenops.xyz .
Right to Non-Discrimination. You have the right not to receive discriminatory treatment for exercising any of your privacy rights. We will not deny you the Services, charge you different prices or rates, or provide you with a different level or quality of the Services because you have exercised your rights under US Privacy Laws.
Exercising Your Rights. To exercise any of the rights described above, please submit a request to us by emailing privacy@tokenops.xyz . We will verify your identity before fulfilling your request by matching information you provide with information we already hold about you. In certain circumstances, we may ask you to provide additional information to verify your identity. We will respond to verifiable requests within forty-five (45) days of receipt. If we require more time (up to an additional forty-five (45) days), we will inform you of the reason and the extension period in writing.
Authorized Agents. If you are a California resident, you may designate an authorized agent to submit a request on your behalf. To do so, you must provide the authorized agent with written permission to act on your behalf, and we may require you to verify your own identity directly with us and confirm that you have provided the authorized agent with permission to submit the request.
Other US State Privacy Laws. Residents of certain other US states (including, without limitation, Virginia, Colorado, Connecticut, Texas, Oregon, Montana and other states with applicable privacy legislation) may have similar rights under their respective state privacy laws. If you are a resident of any such state, you may exercise the rights available to you under applicable law by contacting us at privacy@tokenops.xyz . If your request is denied, you may have the right to appeal our decision by contacting us at the same address, and we will respond to your appeal in accordance with the timeframes required by applicable law.
Do Not Track Signals. Certain web browsers may transmit "Do Not Track" signals. At this time, we do not respond to "Do Not Track" signals or similar mechanisms. However, you may opt out of tracking technologies as described in our Cookie Notice at https://tokenops.xyz/cookie-notice.
13. Updates to this Notice
We may update this Notice from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. We will update you on material changes to this Notice. We also encourage you to check this Notice on a regular basis.
14. Where can you find out more?
If you want more information about any of the subjects covered in this Notice or if you would like to discuss any issues or concerns with us, you can contact us through the Website or by email to privacy@tokenops.xyz.
15. General
This Notice should be read together with our cookie notice available at tokenops.xyz/cookie-notice
