PRIVACY POLICY
Effective Date: May 17, 2023
The security of your Personal Data is important to ALTERNO LIMITED. Ensuring a transparent process of personal data processing is fundamental to building a trustworthy relationship with you. In this regard, we have developed the Privacy Policy to provide you with up-to-date information about what we do with your Personal Data.
The purpose of our Privacy Policy is to explain what data we collect, how it is used and shared, and how you can control it.
Contents
1. Who collects and process your Personal Data and data subjects
2. Which Personal Data do we collect and process
3. Term of Personal Data processing and place of storage
4. Third parties processing your Personal Data
5. Your rights under the GDPR
6. Cookies and similar technology
7. Age limits
8. Contact us
1.1.This Privacy Policy explains how ALTERNO LIMITED, a legal entity registered in the Republic of Cyprus on February 21, 2023, under registration number HE444020, with location at the address: Grammou 4, Olympia Court, Flat/Office 2C, 3106, Limassol, Republic of Cyprus (“Alterno”, “we”, “us”, “our”) collects, stores, uses, transfers and shares Personal Data from you.
1.2. We can collect information about you that can directly or indirectly identify you (the “Personal Data”) when (1) you use or visit our website https://alternonft.com (the “Website”) including for the purchase of non-fungible tokens (the “NFTs”); (2) we provide our services to the client to use space for posting various 3D-models and sub-files, visual elements, images, computer graphics objects, and other files of the client, that may theoretically have art value and can be tokenized (the “Files”), sale NFT through the Website and maintenance services (the “Services”).
1.3.Unless expressly provided otherwise, all of the terms of the Privacy Policy apply to the following categories of data subjects:
a. users (visitors) of the Website (including but not limited users consuming the Website content, users who registered on the Website); and
b. clients who use the Services.
1.4.Please note that our Website may provide links to third-party websites, applications and services, which are operated and provided by the independent providers. These providers shall have their own privacy policies, cookies policies, as well as terms and conditions, which we encourage you to review before using their services. We are not responsible for the processing activities conducted by third-party providers via their websites, applications and/or services.
IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, PLEASE DO NOT USE OUR WEBSITE OR REQUEST OUR SERVICES.
2.1. We collect Personal Data about you in either directly from you, or automatically when you visit our Website. Sometimes, we may receive Personal Data about you from other sources and third parties.
2.2. We respect your privacy and aim to limit the Personal Data that we collect from you to the amount which is strictly necessary to fulfil the purposes of processing. Categories of Personal Data that we process are specified below.
2.3. Personal Data you provide to us directly:
Users (visitors) of the Website
To register on the Website and manage your account
Purpose of the processing
You may register on the Website by connecting your MetaMask wallet to purchase of NFTs and to use the full functionality of the Website, including the ability to transfer your purchased 3D model files (NFT’s) in the metaverses, to refund the NFT purchases or replace of the incorrect NFT.
Type of Personal Data
Username;
Information about your MetaMask wallet;
Your blockchain metaverse address;
Information about your NFT purchases, sales, and trades on Alterno;
Information you provide in your application for replacement of the incorrect NFT or its return with payment of the fees paid for the NFT;
Other information that you provide in your account
Legal ground for the processing
Contract (i.e., Terms of Use) (point (b) of paragraph 1 of Art. 6 of GDPR).
To making payments for the purchase
Purpose of the processing
You may make purchase payments for the NFT and other paid services offered on the Website.
Type of Personal Data
Full name;
Payment details (your e-wallet (MetaMask wallet) or bank card details);
Transaction details.
Legal ground for the processing
Contract (i.e., Terms of Use) (point (b) of paragraph 1 of Art. 6 of GDPR).
ALTERNO DOES NOT STORE ANY USER PASSWORDS WITH REGARD TO THE NFT TRANSACTIONS.
To send direct marketing advertising
Purpose of the processing
You may receive a personalised marketing advertisements that, based on an analysis of your behavior when using Alterno's functionality, make purchases, etc., will be useful to you.
Type of Personal Data
Full name;
Email;
Information on how you use Alterno's services.
Legal ground for the processing
The legitimate interest (“soft opt-in” basis) based on the balance of interests:
· your interest is in receiving appropriate advertisement for you;
· our interest is in running our business and promote our services.
To send you notifications
Purpose of the processing
You may receive echnical notices, updates, security alerts and support and administrative messages, noties of your purchases.
Type of Personal Data
Full name;
Email.
Legal ground for the processing
The legitimate interest based on the balance of interests:
· your interest is to be informed about your in receiving appropriate notifications about our services;
· our interest is in you related information, including confirmations and reminders to ensure you are comfortable using the Alterno's services.
To consider and reply to incoming queries
Purpose of the processing
You may contact us via social media, email indicated on our Website as well as via the form Contact with a question / request / complaint / comment or other feedback about Alterno.
Type of Personal Data
Full name;
Email;
Phone number;
Other data that you provide in your query.
Legal ground for the processing
The legitimate interest based on the balance of interests:
· your interest is in receiving response to your query;
· our interest is in ensuring good customer service, and providing you with the prompt personalized reply to your enquiry.
Clients who use the Services
To discuss terms of cooperation before concluding the contract
Purpose of the processing
Before entering into a contract, Alterno may negotiate such a contract and its terms.
Type of Personal Data
Full name of the counterparty – natural person, or representative of the client – legal entity;
Position of the representative of the client – legal entity;
Phone number of the counterparty – natural person, or representative of the client – legal entity;
Email of the counterparty – natural person, or representative of the client – legal entity;
Other data that the client provides in the application for the contract and further correspondence.
Legal ground for the processing
Contract (point (b) of paragraph 1 of Art. 6 of GDPR).
To conclude contracts with clients
Purpose of the processing
To conclude contracts with clients including to provide the Services.
Type of Personal Data
Full name of the counterparty – natural person, or representative of the client – legal entity;
Position of the representative of the client – legal entity;
Phone number of the counterparty – natural person, or representative of the client – legal entity;
ID data (passport, ID-card) of the counterparty – natural person;
Email of the counterparty – natural person, or representative of the client;
Payment terms;
Information about the NFT posted on the website as part of the concluded contract (information of the Files of the client, the creator of the Files);
Other terms of the contract;
Other data that may be required for this purpose by law.
Legal ground for the processing
Contract (point (b) of paragraph 1 of Art. 6 of GDPR).
2.4 Personal Data we collect automatically:
User (visitor) of the Website
To checking the quality of Website content and improve it
Purpose of the processing
To support the existing functions of the Website, to better understand you as the user / visitor of our Website, learn about your preferences, to analyze the activities on the Website and improve it. Resolution of technical problems on the Website and provides support to the users / visitors.
Type of Personal Data
Technical data:
Website visitor’s internet protocol (IP) address;
Unique device identifier (UDI);
Browser characteristics;
Device's advertising identifier;
Device characteristics;
Operating system (OS);
Referring uniform resource locators (URLs).
Usage data:
Information concerning visitor’s Website activities;
Dates and times of visits to the Website;
Other Website visitor related statistics.
Legal ground for the processing
The legitimate interest based on the balance of interests:
· your interest is in using our Website free from any errors and other problems;
· our interest is in attracting more users and keeping them.
Advertising analysis
Purpose of the processing
To evaluate the effectiveness of our advertising and / or to provide you advertising that will fit your interests.
Type of Personal Data
Technical data;
Usage data;
Advertisement data:
Ads type (e.g., interstitial / banner / rewarded);
Advertisement placement name;
Impressions count;
Revenue figures.
Legal ground for the processing
Consent (point (a) of paragraph 1 of Art. 6 of GDPR).
Analytics
Purpose of the processing
We group users by number / countries / by activity in order to determine the audience for the acquisition of users.
Type of Personal Data
Technical data;
Usage data;
GeoIP:
IP;
Country;
ASN name.
Legal ground for the processing
Consent (point (a) of paragraph 1 of Art. 6 of GDPR).
2.5 Also we may process your Personal Data for the purposes to conduct due diligence when preparing for an M&A deal.
Purpose of the processing
We may need to provide the potential investor and/or his legal counsels with information necessary to conduct due diligence, including with Personal Data of (1) users (visitors) of the Website; (2) clients who use the Services.
Type of Pesonal Data
Information requested by the potential investor and/or his legal counsels.
Legal ground for the processing
The legitimate interest based on the balance of interests:
· your interest is in interaction with us who will have new resources;
· our interest is in attracting new investors and receiving new resources.
2.6 When you use or visit the Website, we may automatically collect the information by using cookies and similar technology. See more in the section 6 “Cookies and similar technology”.
2.7 We do not use automated decision-making and profiling.
3.1.We retain your Personal Data for as long as it is necessary to fulfil the purposes specified in the section 2 “Which Personal Data do we collect and process”.
3.2.The time limits are:
Purpose of the processing | Term |
For Personal Data of users/visitors of the Website who create the account (including payment details) | 3 years since the last use of the account |
For Personal Data of users/visitors of the Website to whom we send direct marketing advertising | 5 years since the last use of the account |
For Personal Data of users/visitors of the Website to whom we send notifications | 5 years since the last use of the account |
For Personal Data of users/visitors of the Website who contact us via the form Contact | as long as it is necessary to respond to the query and 2 years after |
For Personal Data of users/visitors to checking the quality of Website content and improve it | 2 years after |
For Personal Data of users/visitors to advertising analysis | 2 years after |
For Personal Data of users/visitors to analytics purpose | 2 years after |
For Personal Data clients and partners | as provided by applicable law |
In case of conducting due diligence when preparing for an M&A deal | for the period of cooperation with a business partner |
Once these time periods have expired, we will delete or anonymise your Personal Data as soon as possible.
3.3.We securely store your Personal Data at servers provided by [Name of the service] which are physically located in [●].
3.4. We also take security precautions such as:
Measures of pseudonymisation and encryption of Personal Data;
Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services;
Measures for ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing;
Measures for user identification and authorisation;
Measures for the protection of data during transmission;
Measures for the protection of data during storage;
Measures for ensuring physical security of locations at which Personal Data are processed;
Measures for ensuring events logging;
Measures for ensuring system configuration, including default configuration;
Measures for internal IT and IT security governance and management;
Measures for certification/assurance of processes and products;
Measures for ensuring data minimisation;
Measures for ensuring data quality;
Measures for ensuring limited data retention;
Measures for ensuring accountability;
Measures for allowing data portability and ensuring erasure;
When processing and transmitting data, the HTTPS protocol is used. To ensure the security of data storage and processing, SSL certificates and other information protection tools are used. When processing data, caching may be performed.
4.1. Third parties that we share your Personal Data with.
4.1.1.We may share your Personal Data collected and processed by us but only for the purposes specified in section 2 “Which Personal Data do we collect and process” and 6 “Cookies and similar technology” with the companies (third parties) specified in clause 4.1.3 below.
4.1.2.Please note that some of these companies (or some of their offices / group members) may be located outside the European Union (international data transfers) including in the countries which do not ensure an adequate level of protection of your Personal Data. Where this is the case, we meet the strict conditions of Personal Data transfers from the member states of European Union to other countries by using the Standard Contractual Clauses (SCC) adopted by the European Commission to ensure that Personal Data are properly protected or relying on other derogations compliant with GDPR. In case you want to check the relevant SCC, the links to them are provided in clause 4.1.3. If the link is not provided and you want to check the SCC, please, contact us by using one of the contact means specified in section 8 “Contact us”.
4.1.3.The list of third parties with whom we may share your Personal Data:
[Type of the service]
[Name of the third party] | Purposes of transfer | [●] |
Data collected | [●] | |
Privacy Policy | [●] | |
[●] |
[Type of the service]
[Name of the third party] | Purposes of transfer | [●] |
Data collected | [●] | |
Privacy Policy | [●] | |
[●] |
Third-party cookies providers
Google Analytics | Purposes of transfer | To better understand you as the user / visitor of our Website, learn about your preferences, to analyze the activities on the Website and improve it. | |
Data collected | · Technical Data | ||
Privacy Policy | |||
Transfer to the USA and Singapore based on Google Ads Controller-Controller Data Protection Terms and Google Ads Data Processing Terms |
Other
We may also transfer Personal Data to:
our partners, other companies as well as to or affiliated / related companies;
third party marketplaces, with which we have a contractual relationship (the “Base Marketplaces”), that are connected to the Alterno interface through the use of an application programming interface protocol;
the metaverses to which the purchased File can be transferred after the purchase process is completed (including the tokenization process) by granting access to Personal Data via our Website, but in a personalized and limited way;
the payment providers (wallet app or service) when you make payments related to our service and also we may provide your Personal Data to banks or other financial institutions. We do not collect or store private keys that are associated with your wallet.
5.1. You have following rights under the GDPR:
The right of access to your Personal Data meaning that you can receive a copy of the Personal Data that we hold about you, as well as other supplementary information.
The right to rectification of your Personal Data which is incomplete or inaccurate.
The right to erasure of your Personal Data meaning that you can ask us to delete or remove your Personal Data in certain circumstances.
The right to restrict processing of your Personal Data if (a) the accuracy of the Personal Data is contested by you, (b) the processing is unlawful and you oppose the erasure of the Personal Data, (c) we no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, and (d) you have objected to processing pending the verification whether the legitimate grounds override this.
The right to data portability. Please note that this right only applies to information that we processed based on your consent or contract.
The right to object to the processing of your Personal Data where we are relying on a legitimate interest and there is something about your particular situation that makes you want to object to the processing on this ground. We will no longer process the Personal Data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If your explicit consent serves the basis for Personal Data processing, you have the right to recall your consent to process your Personal Data by at any time. If we have no other grounds for processing your Personal Data, after you send us a request to withdraw consent, we will stop processing your Personal Data that we were processing under your consent.
Right to lodge a complaint with a supervisory authority if you consider that our processing of your Personal Data infringes the relevant legislation.
5.2.You may exercise these rights by means of an email sent to our email address or written notice sent to the address of our registered office. We will address your request as early as possible and no longer that within 1 month. Please note that this period may be extended by 2 further months where necessary, taking into account the complexity and number of the requests. In this case, we will inform you of the extension within 1 month of receipt of your request and will explain you the reasons for the delay.
5.3.Note that if you ask us to delete your Personal Data, we may retain your Personal Data as necessary to comply with our legal obligations or resolve disputes.
6.1. We may collect your Personal Data by automated means, such as cookies (necessary, analytical, advertising cookies), web beacons and web server logs when you visit our Website.
6.2. Cookie is a simple text file sent by our Website to your web browser to uniquely identify you and/or function properly and/or to store information or settings in the corresponding browser, effectively, in your computer or mobile device or other internet connectable devices.
6.3. We use following types of cookies:
Necessary cookies
These cookies help make our Website usable by enabling its basic functions. Our Website cannot function properly without these cookies.
Analytical cookies
These cookies (such as Google Analytics cookies) allow us to measure traffic, analyze user behavior, to count visits and traffic sources so we can measure and improve the performance of our Website.
Advertising cookies
These cookies (such as [●]) may be used to build a profile of your interests and show you relevant adverts on other websites or apps. If you do not allow these cookies, you will experience less personalized advertising.
6.4. Cookies and similar technology, except for strictly necessary cookies (without which our Website cannot function properly and which do not contain Personal Data), are processed based on your explicit consent received via cookies banner .
6.5. If you don't like the idea of cookies or certain types of cookies, you can change your browser's settings to delete cookies that have already been set and to not accept new cookies. Browser manufacturers provide help pages relating to cookie management in their products. Please see below for more information:
· Google Chrome
· Internet Explorer
· Mozilla Firefox
· Safari (Desktop)
· Safari (Mobile)
· Opera
· Opera Mobile
7.1.We do not knowingly collect or solicit Personal Data about or direct or target personalized advertisements to anyone under the age of 18 and over in the Republic of Cyprus, or over the applicable legal minimum age in other countries upon which individuals may enter into legally binding contracts, or knowingly allow such persons to use our Websites. If you are under the age of 18, please do not send any Personal Data to us. If we learn that we have collected Personal Data about an individuals under age 18, we will delete that Personal Data as quickly as possible. If you believe that we might have any Personal Data from or about an individuals under the age of 18, please contact us.
8.1.Would you have any questions regarding the processing of your Personal Data by us, do not hesitate to contact us under the email address: [●] (Data Protection Officer) or by means of a written notice sent to the address of our registered office: Grammou 4, Olympia Court, Flat/Office 2C, 3106, Limassol, Republic of Cyprus.
8.2.Be also informed, that since we are registered under the law of the Republic of Cyprus, the personal data authority overseeing us regarding the Personal Data processing is Commissioner for Personal Data Protection. In case you have any doubts how we process your Personal Data, you may contact the personal data authority of the Republic of Cyprus anytime.
8.3.You may also contact your local data protection authority. A list of local data protection authorities is available here.