*Privacy Policy*
*Updated 28 November 2023*
This Privacy Policy (the “Policy”) outlines how DeFiMonsters (“DeFiMonsters”, “we”, “us” “our”) collects, uses, stores and discloses your Personal Data (defined below) when using our Services. This Policy should be read together with, and forms part of, our Terms and Conditions of Service (the “Terms”), which are available on the Site. Unless otherwise defined herein, capitalised terms in this Policy have the meaning given to them in the Terms.
DeFiMonsters recognises the importance of protecting Personal Data and we are committed to complying with applicable data protection laws. Please read this Policy so that you know and understand the purposes for which we collect, use, store and disclose Personal Data.
By accessing our Site or Services, interacting with us or providing your data to us, and subject to your rights at law, you accept and agree to these terms and conditions. If you do not agree with any aspect of this Policy, you should immediately discontinue access or use of the Site and Services.
This Policy supplements but does not supersede or replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which DeFiMonsters may have at law to collect, use or disclose your Personal Data.
We may from time to time update this Policy to ensure that it is consistent with future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time. Please check back regularly for updated information on the handling of your Personal Data.
For purposes of this Policy, *"Personal Data"* means any information that directly or indirectly identifies a particular individual, including any other information that is subject to applicable data protection laws.
### Scope
This Policy applies to our collection, use and disclosure of Personal Data related to the Users of our Services, including on our Site or Platform. This Policy does not apply to job applicants or to DeFiMonsters’ employees and non-employee contractors, whose Personal Data is subject to different privacy notices.
### Collection of Personal Data
The Personal Data we collect varies depending upon the nature of the Services provided or used, and our interactions with individuals.
*Types of Personal Data Collected.* While the Personal Data we collect varies depending upon the circumstances and Services you use, we collect the following categories of information that may constitute Personal Data:
- Customer records: electronic customer records.
- Device information: internet protocol (IP) address, web browser type, operating system version, phone carrier and manufacturer, application installations, device identifiers, and mobile advertising identifiers.
- User content: if you post Content on our Site, Platform or a third party platform, if you interact with us, our Services or any User, if you submit feedback and comments to us, or if you in any other way provide Content in the course of using our Services (“User Content”), we may maintain a record of your User Content, including the location, date and time of submission, as well as any other information contained in that User Content.
- Transaction information: including records of DeFiMonsters Token or other Digital Assets deposited, withdrawn, traded or otherwise dealt with.
- Cookie data: as explained in more detail later in this Policy.
- Location data: location information about a particular individual or device, general location information (for example, your IP address may indicate your more general geographic region).
*Sources of Personal Data.* We may collect Personal Data:
- Directly from you: such as when you use our Services, make a transaction, trade Digital Assets, participate in promotions we offer, register to receive marketing and other communications from us, or contact us for customer support purposes. If you submit any Personal Data relating to other people to us, you represent that you have the authority to do so and have informed that other person about the contents of this Policy.
- From third parties: we may collect information about Users from openly available information on the internet.
- Related to your use of our Services: including information we collect automatically when you use our Services or interact with us or information we derive about you and your preferences or interests based on the Personal Data we collect and our interactions with you. This information may be collected via the cookies when you use our Services and you can find more details about our use of cookies later in this Policy.
### Use of Personal Data
We, and our authorised third parties, will only process your Personal Data where we have the legal grounds to do so. We may use Personal Data for a variety of purposes, as follows:
- Providing support and services: to provide and operate our Services, to respond to your inquiries, to provide troubleshooting, to fulfill your requests, to process any payments and to provide technical support; and for other customer service and support purposes. Our lawful basis is to fulfil any contractual terms with you.
- Analysing and improving our business: to better understand how Users access and use our Services, to evaluate and improve our Services and business operations, and to develop new features, offerings, and services; to conduct surveys and other evaluations (such as customer satisfaction surveys); to monitor consumer interest in our products and Services; to troubleshoot problems that may arise on the Site or Platform; and for other research and analytical purposes. Our lawful basis is our legitimate business interests in understanding and improving our Services or consent where we use cookies or similar technology that are not strictly necessary.
- Securing and protecting our business: to protect and secure our business operations, assets and Services; to investigate, prevent, detect and take action regarding fraud, unauthorised access, situations involving potential threats to the rights or safety of any person or third-party, or other unauthorised activities or misconduct. Our lawful basis is our legitimate business interests in protecting our business and Services.
- Defending our legal rights: to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties. Our lawful basis is our legitimate business interests in protecting our business or our need to defend ourselves legally.
- Auditing, reporting, corporate governance, and internal operations: relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and relating to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business. Our lawful basis is our legal obligations under relevant legislation such as tax, reporting and/or our legitimate interests in running our compliance programs.
- Complying with legal obligations: to comply with the law, our legal obligations and legal process, such as warrants, subpoenas, court orders, and regulatory or law enforcement requests. Our lawful basis is compliance with applicable law.
*Where we have indicated above that we rely on legitimate interests for processing of Personal Data, we carry out assessments of likely adverse effects and if required a "balancing" test to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing. We may also carry out a data protection impact assessment for processing that is likely to result in a high risk to you. You can contact us for more details on our assessments using the details in the Contact Us section below.*
*Aggregate and De-identified Data.* We may de-identify information and create anonymous and aggregated data sets and reports to assess, improve and develop our business, products and Services, prepare benchmarking reports on our industry and for other research and analytics purposes.
### Disclosure of Personal Data
We may share or disclose the Personal Data we may collect as follows:
- Service providers: We may disclose Personal Data to third-party service providers who use this information to perform services for us, such as hosting providers, auditors, advisors, consultants, customer service and/or support providers.
- Subsidiaries, Affiliates, and business partners: We may share your Personal Data with our Affiliates (as defined in our Terms and Conditions of Service); and other businesses we have partnered with to offer our Services; they may use such Personal Data for the purposes set out in this Policy.
- Legal compliance: We may be required to share Personal Data in response to a valid court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.
- Business transfers: We may disclose and/or transfer Personal Data as part of any actual or contemplated merger, sale, transfer of assets, acquisition, financing and/or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.
- Protect our rights: We may disclose Personal Data where we believe it necessary to respond to claims asserted against us, to enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation and/or to protect the rights, property or safety of DeFiMonsters or our Affiliates, partners, clients, Users and/or others.
We ensure third parties who receive your Personal Data will handle your Personal Data as required by applicable data protection laws, such by putting in place appropriate contracts with third parties to protect your Personal Data.
### Automated Decisions
Automated decisions are those made without human intervention that have a legal effect on you or other similarly significant effect. We do not carry out this type of processing activity.
### Cookies and Analytics
Cookies are small alphanumeric identifiers or small data text files that are sent from a server during a browsing session and is placed on your computer. When we refer to “cookies” we include other technologies with similar purposes, such as pixels, tags and identifiers.
We use cookies or similar technologies, which may be provided by third parties, on our Services to enable certain functionality and for security and fraud detection and prevention, as well as to collect usage information about our Services and the emails that we send, and to personalise content and provide more relevant ads and information. We may combine the information we collect via these technologies with other information, including Personal Data.
You may indicate and choose your cookies preferences at any time through your browser settings, such as to accept certain cookies but reject others. Our policy relating to cookies complies with applicable laws. There are some internet activities that cannot take place without cookies collecting, using or disclosing Personal Data, such as those relating to security and network management. Necessary cookies also for example allow you to navigate back and forth between pages without losing your previous actions from the same session. For such necessary cookies, if you use our Site, you will be considered to have consented to the collection of Personal Data by such necessary cookies.
We will get your express consent where our cookies collect Personal Data in the course of internet activities which you have not clearly requested for, or where you have not voluntarily provided your Personal Data, or where Personal Data collected from such cookies are used for advertisements directed at you.
### Children's Privacy
Following the Terms, our Services are restricted for Users under 18 years of age and they are not allowed to use our Services. DeFiMonsters does not knowingly collect or maintain Personal Data from children we actually know at the time of collection are under the age of 18. Should we discover that we have collected Personal Data online from a child who is under 18, we will promptly delete that Personal Data. If you have concerns over the collection of children's Personal Data in our Services, please contact us at the information provided in the Contact Us section below.
### Security
The security of your Personal Data is important to us. We have put in place safeguards to protect the Personal Data we collect from unauthorised access, use and disclosure, and we take steps to ensure that all of our employees, agents, contractors and other third parties have similar adequate measures in place. We also have procedures to deal with any suspected Personal Data breach, and we will notify you and any applicable regulator when we are legally required to do so. However, we cannot guarantee that unauthorised access, hacking, data loss, or other breaches will never occur. We urge you to take steps to keep your Personal Data safe, such as choosing a strong password and closing your web browser when you have finished using the Services.
### Links to Third-party Websites
Our Services provide links to various websites operated by third parties including, but not limited to, third-party sites that display DeFiMonsters trademarks. This Policy does not apply to third-party websites that are accessible through the Services, unless such website directs Users or visitors to this Policy. When you click on one of these links, you will be transferred out of the Services and connected to the website of the organisation or company that maintains that website. Even if an affiliation exists between our Services and a third-party website, we exercise no control over and assume no responsibility for linked websites. Each of these linked websites maintains its own independent privacy and data collection policies and procedures. We encourage you to read the privacy policies of those other websites to learn how they collect, use, share, and secure your information before providing any Personal Data.
### Retention
Except to the extent prohibited by law, and subject to this Policy, we will retain and use your Personal Data for as long as it is needed to provide you with any Services, communications, information you have requested, or access to the Services, to document our business relationship with you, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. As soon as it is reasonable to assume your Personal Data is no longer needed or required, we will cease to retain your Personal Data.
### Your Rights
*By law, you have a number of rights when it comes to your Personal Data. Further information and advice about your rights can be obtained from the data protection regulator in your country. The rights you have depend on the jurisdiction in which you are based.*
You may request for a copy of the Personal Data which we hold about you or information about the ways we use or disclose about your Personal Data. You may also ask us to correct or update your Personal Data, or withdraw your consent and request us to stop using or disclosing your Personal Data for any of the purposes stated in this Policy. You may do so by submitting your request in writing or via email at the contact details provided in the Contact Us section below.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request in some circumstances.
We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
### Changes to this Policy
This Policy is kept under regular review and may be updated from time to time. When we make changes to this Policy, we will change the "Updated" date above. If a material change is made to this Policy, we may choose to provide notice of such change, such as by providing notice through the Site or Platform, or through other communications.
### Changes to your Information
It is important that the information we hold about you is accurate and current. Please keep us informed as soon as possible if your Personal Data changes or is inaccurate during your relationship with us by using the contact details set out below.
### Contact Us
If you have any concern about our privacy practices, please contact us at support@defimonsters.io