Privacy Notice
Last Updated: November 6, 2024 Version: 1.0
Please read this Privacy Notice carefully. It details how we process (collect, store and use) your personal data when you use our Products or participate in the Events, such as when you use the Website, the App, or participate in the quests. We handle your data in line with this Privacy Notice and strive to comply with applicable laws.
Definitions
Capitalised terms not defined in this Privacy Notice have the meanings given in the TomoCat Terms & Conditions or such other terms that may be provided by us to you from time to time (“Terms”). We recommend reading the Terms carefully as they impact your rights and obligations.
Terminology
In this Privacy Notice, “personal data” and “personal information” are synonyms. They refer to any information that identifies or can reasonably identify you, either directly or indirectly.
We are the data controller for the data collected under this Privacy Notice, meaning we determine how and why your data is processed. If you have questions about this Privacy Notice or your data processing, please contact us at: [insert email address].
General
We collect personal information about you as listed below. We may also collect certain other information to comply with our legal obligations, in connection with legal proceedings, or to protect our rights and legitimate interests, as well as those of third parties. Please only share information that is necessary or we ask for. As a general rule, we collect personal information directly from you, however when you interact with a Third-Party Service integrated with the Products, we may receive your personal information from them.
Wallet Data
This may include Wallet addresses, their balances, and information about transactions associated with the Wallet addresses. Wallet address means a public address on the respective blockchain network associated with your Wallet. The Wallet address itself and associated transaction data do not identify you as an individual. However, if such data is combined with certain other data (such as a name, email address, nickname, etc.), it may become possible to identify you as an individual and thus, such a set of data may be deemed personal information.
Telegram Data
When you access or interact with the App we will automatically receive from Telegram certain information, such as your Telegram user id, public Telegram name, username and profile picture, an IETF language tag of your client language, your premium subscription status and some colour parameters related to your in-app theme.
Social Networks Data
When visiting our Communication Channels, using our Products or participating in Events, you may provide us with your Social Network Data, which may include your username, profile picture, bio, and other public information associated with your profile.
Technical Data
This includes data collected automatically via cookies or similar technologies. This typically includes device information such as the operating system version, location, Internet Protocol (IP) address, and advertising identifiers (GAID for Android and IDFA for iOS).
Analytical Data
This includes data collected automatically via cookies or similar technologies. This may include the following information: IP address, device details, operating system, browser information, and data regarding your interactions with our Products, such as when you clicked a button or made an input.
Contact Data
This may include Telegram handle, name, contact details and any other data we request or that you choose to provide.
General
Generally, we use your personal data as outlined below. In addition to the outlined use cases, we may process your personal data to comply with our legal obligations, in connection with legal proceedings, or to protect our rights and legitimate interests, as well as those of third parties. In such cases, the lawful basis for processing will be either legal obligation or legitimate interest, as applicable.
Wallet Data
Purposes:
To allow you to (i) use the functionality of the Products; (ii) participate in the Events; and/or (iii) receive the Reward. We may also use the data for financial, accounting, and tax purposes.
Lawful basis:
The performance of a contract with you. With respect to the financial, accounting, and tax purposes, the legal basis is compliance with the applicable law.
Telegram Data
Purposes:
To ensure a smooth and convenient interaction with the App and to enable certain in-App features.
Lawful basis:
Performance of a contract with you to ensure operation of the Products and legitimate interest to improve the App and our Products in general.
Social Networks Data
Purposes:
To enable your participation in our Communication Channels, to join Events, or to access and use the features of our Products.
Lawful basis:
Performance of a contract with you and our legitimate interest to achieve the above purposes.
Technical Data
Purposes:
To ensure proper operation of our Products.
Lawful basis:
The performance of a contract with you and our legitimate interest to ensure security and operability of the Products.
Analytical Data
Purposes:
To analyse your interactions with the Products.
Lawful basis:
Your consent or our legitimate interest to analyse your interactions with the Products.
Contact Data
Purposes:
To contact you in matters related to the Products or Events, as well as to respond to your inquiry.
Lawful basis:
Our legitimate interest to achieve the above purposes.
General
We keep your information as long as we need it for the purposes we collected such information. We may retain it longer if required to meet our legal obligations, in relation to legal proceedings, or to protect our rights and legitimate interests or those of third parties. Considering the statutes of limitations established in the Terms, the storage periods are as follows.
Wallet Data
For one (1) year from your last interaction with our Products and Events. However, with respect to the Wallet Data, which does not allow us to identify any particular individual, we do not establish any limitation period. Please note that due to the nature of a blockchain, the Wallet Data may be stored permanently on the applicable blockchain, not by us, and may be accessed and viewed by any person at any time. Please consider the features of the blockchain data processing outlined in this Privacy Notice below.
Telegram Data
For one (1) year from your last interaction with our Products and Events.
Social Networks Data
As long as you use the Product, participate in an Event, or engage with our Communication Channels, and for one (1) year after your last interaction with our Products, Events, or Communication Channels.
Technical Data
The Technical Data is typically stored during the active user session or shortly after it ends.
Analytical Data
We do not set a specific storage limitation period for analytical data, as it does not allow us to identify any individual. If we are ever able to identify a person based on analytical data, we will implement an appropriate storage limitation period.
Contact Data
For one (1) year after the later of: (i) the last date you contacted us about the same matter; or (ii) from your last interaction with our Products and Events.
General
We do not sell or rent your data. We may share it in line with this Privacy Notice, applicable laws, the Terms, or with your consent. We will take appropriate measures to protect your data during such transfers.
Recipients
Your personal information is shared with the following categories of recipients:
Affiliates;
other users of the Products. Note that certain data may be publicly available to other users;
social networks;
users of social networks;
solutions to conduct the Events, if applicable;
operators of the Third-Party Projects and Third-Party Services;
payment processors and payment service providers;
analytical service providers;
support and technical teams;
hosting service providers;
government authorities, upon their request or if necessary to comply with our legal obligations;
another entity if we sell or otherwise transfer the App or its parts; and
other third-party solutions, which may be from time to time integrated in relation to the App.
Wallet Data and Blockchain
Wallet Data interacts with public decentralised blockchain networks and related systems like smart contracts. “Decentralised” means no one person or group controls the blockchain, and “public” means anyone can access the data, and access cannot be restricted.
Public Access and Irreversibility
Data on a blockchain is distributed via nodes and is publicly accessible. Since blockchain data is public, we do not control or manage access to it. If you make any blockchain transactions, certain personal information may become publicly available. Once data is entered into a blockchain, it cannot be changed or deleted. Therefore, your ability to exercise certain data protection rights or abilities may be limited. The choice to transact on a blockchain or carry out any transactions is up to you.
Cases
Automated decision-making is the process of making a decision by automated means without any human influence on the outcomes. In the course of an Event, personal data may be processed automatically to determine eligible users, Rewards, etc.
Remedies
If you do not agree with the outcomes of automatic decisions, you may: (a) request us to manually review the respective information and provide you with the outcomes of the review and/or (b) express your point of view and provide additional information or documents in order to contest the decision.
Verification
To exercise your data subject rights, we may request information to verify your identity and confirm that you have the right to make the request.
Blockchain Data Processing
Please note that when you interact with blockchain networks, you may not be able to fully exercise certain rights that you may have pursuant to the applicable data protection legislation with respect to the Wallet Data. For instance, we may not be able to ensure that your Wallet Data is deleted, corrected, or restricted. You may learn more above in the Features of Blockchain Data Processing section of this Privacy Notice.
Data Subject Rights
Subject to the applicable laws, you have the following rights:
You can request to see if we process your personal data. If we do, you can ask for details about the processing and a copy of the data to verify its accuracy and legality.
You can request to correct or complete any incomplete or inaccurate data. We may need to verify the accuracy of the new information you provide.
You can request the deletion of your personal data if we no longer need it, you have successfully objected to processing, we processed it unlawfully, or we must erase it to comply with the law. We may not always be able to fulfil your request due to legal or technical reasons, which we will explain in our response.
You can object to the processing of your data if it does not comply with applicable laws. We may, however, show that we have compelling legitimate grounds for processing that override your rights.
You can ask us to suspend processing your data if: (i) you need to verify its accuracy, (ii) it is used unlawfully, but you do not want it deleted, (iii) you need it to establish, exercise, or defend legal claims, or (iv) you have objected to its use, and we need to verify if we have overriding grounds.
You can request your personal data be transferred to you or a third party in a structured, commonly used, machine-readable format. This right applies only to automated data processed based on your consent or performance of contract.
You can withdraw your consent at any time if we are processing your data based on your consent.
You can request a human review of decisions made solely based on automated processing, including profiling, if such decisions impact your rights.
You can file a complaint with a supervisory authority if we violate your rights or legal obligations.
The Products and Events may include links and social networks plugins to third-party sites and apps. Clicking these may allow third parties to collect or share your data. We do not control or endorse these third parties and are not responsible for their privacy practices. We recommend reviewing the privacy policies of any external sites or apps you visit.
The Products and Events are not intended for children under 18 years (or older if local laws set a higher age). We do not knowingly collect or use personal data from children. If we learn that a child has provided us with personal information, we will promptly delete it. Parents or guardians who believe their child’s data has been collected should contact us.
We keep our Privacy Notice under regular review, and we may update it at any time. If we make any changes to this document, we will change the “Last Updated” date above. Please review this Privacy Notice to check for the updates.
Last updated