For purposes of this Policy, unless otherwise required by applicable law, “Personal Information” means any information that (directly or indirectly) identifies, relates to, describes, or is reasonably capable of being associated, linked or linkable with a particular individual or household, including any information that is subject to applicable data protection laws.
This Policy applies to our collection, use and disclosure of Personal Information related to the users of our Services, and applies to all users of our Services.
Collection of Personal Information
The Personal Information we collect varies depending upon the nature of the Services provided or used and our interactions with individuals.
Categories of Personal Information. While the Personal Information we collect varies depending upon the circumstances, we may collect the following categories of Personal Information (subject to applicable legal requirements and restrictions):
- Name, contact information and other identifiers: identifiers such as a name, username, account name, blockchain address, address, phone number, birth date, email address, and online identifier.
- Customer records: electronic customer records containing Personal Information. We may also collect your payment information as well, but note this is processed by our third party payment processor.
- Blockchain information: your wallet address, on-chain activities, interactions with the Services on the blockchain, and other similar activities.
- Device information: internet protocol (IP) address, web browser type, operating system version, phone carrier and manufacturer, application installations, device identifiers, mobile advertising identifiers, and push notification tokens.
- Protected classifications: characteristics of protected classifications under applicable law such as race, sex, age, and disability.
- Communications: direct communication, web forms, online polls, or interactions with our blogs and posts.
- Commercial information: including records of products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
- Usage data: internet or other electronic network activity information including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
- Location data: location information about a particular individual or device, general location information (for example, your IP address may indicate your more general geographic region). However, this information is not precise geolocation.
- Profiles and inferences: inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences.
Sources of Personal Information. We may collect Personal Information about individuals:
- Directly from you: such as when you create an online account with us (the “User Account”), associate your blockchain wallet address with a Galxe ID account, input messages into our Chatbots, participate in a transaction, communicate on the Services, participate in contests and promotions we offer, register to receive marketing and other communications from us, or contact us for customer support purposes.
- From third parties: such as affiliate and other third parties, public records, third-party providers of services to us (e.g., fraud detection, identity verification and security), consumer data resellers, social networks, joint marketing partners and affiliate companies.
- Related to your use of our Services: including information we collect automatically when you use our Website or interact with us, or information we derive about you and your preferences or interests based on the Personal Information we collect and our interactions with you.
Information We Collect From You. We may collect Personal Information from you related to:
- Registration, accounts and profiles: when you register for a User Account with us, we collect your blockchain address(es), usernames, and email address; if you chose to connect third party services to your User Account, we collect the information about those third party services; we may also collect additional information such as your preferences and payment details.
- Marketing, surveys and events: if you sign up to receive news, updates, offers and other marketing communications from us, or attend any events hosted by us, we may collect your name, contact information, and information about your preferences.
- Your communications and requests: when you email us, call us, or otherwise send us communications, we collect and maintain a record of your contact details, communications and our responses.
Information We Collect from Third Parties. We may collect Personal Information about you from third-party sources (which may be combined with other Personal Information we have collected about you), such as:
- Third-party accounts: if you connect your third party accounts to your User Account (such as Twitter, Discord, or GitHub), we will collect certain personal information about you from those third parties.
- Purchases, orders and payments: if you purchase an NFT or other blockchain asset, or sign up for certain Services, we collect information in order to process your payment such as your name, billing address, payment type, as well as credit card number or other payment account details (e.g., PayPal).
- Social media: if you choose to link, create, or log in to your User Account with a social media service (e.g., Twitter, Facebook, Instagram, etc.), we collect your permission to access certain information from your profile with that social media service. If you post or if you engage with a separate social media service or interact with us on our page with any social media service, we may collect Personal Information about you related to those interactions.
- Other: we may obtain Personal Information, such as demographic information or updated contact details, from third parties; we may also collect information from public records.
Information We Collect or Derive About You Automatically. We may collect or derive Personal Information about your use of our Services, or other interactions with us.
Use of Personal Information
We will only process your Personal Information where we have legal grounds to do so. We may use Personal Information for a variety of purposes, including, without limitation:
- Providing support and services: including to provide our Services, operate our Website, App and online services, create your Web3 Score, update your Galxe ID information, and interact with you on our Services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes. Our lawful basis is to fulfil any contractual terms with you.
- Analyzing and improving our business: including to better understand how users access and use our Services, to evaluate and improve our Services and business operations, and to develop new features, offerings, and services; to conduct surveys and other evaluations (such as customer satisfaction surveys); to monitor consumer interest in our products and Services; to troubleshoot problems that may arise on the Services; to improve the accuracy of our customer database; to increase our understanding of our customer database; to increase our understanding of our customers; and for other research and analytical purposes. Our lawful basis is our legitimate business interests in understanding and improving our Services.
- Personalizing content and experiences: including to tailor content we send or display on our Website and other Services and to otherwise personalize your experiences. To assist in these purposes, as well as the other purposes identified in this Policy, at certain times, we create a profile relating to you in order to show you the content that we think you might be interested in and to display the content according to your preferences. Our lawful basis is: 1) our legitimate business interests in offering a more personalized service; and 2) business improvement.
- Advertising, marketing and promotional purposes: including to reach you with more relevant ads and to evaluate, measure and improve the effectiveness of our ad campaigns; to send you newsletters, offers or other information we think may interest you; to contact you about our Services, products, or other information we think may interest you; and to identify potential new customers. Our lawful basis is your consent to choose to subscribe to any newsletter or marketing (and you can unsubscribe at any time).
- Securing and protecting our business: including to protect and secure our business operations, assets, Services, network and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third-party, or other unauthorized activities or misconduct. Our lawful basis is our legitimate business interests in protecting our business and services.
- Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties. Our lawful basis is our legitimate business interests in protecting our business or our need to defend ourselves legally.
- Auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business. Our lawful basis is our legal obligations under relevant legislation such as tax reporting and our legitimate interests in running our governance programs.
- Complying with legal obligations: including to comply with the law, our legal obligations and legal process, such as warrants, subpoenas, court orders, and regulatory or law enforcement requests. Our lawful basis is compliance with applicable law.
- For our legitimate business interests: including our business interest in conducting and managing our business and enabling us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. Our lawful basis is this legitimate business interest.
Aggregate and De-identified Data. We may de-identify information and create anonymous and aggregated data sets and reports to assess, improve and develop our business, products and Services, prepare benchmarking reports on our industry and for other research, marketing and analytics purposes. De-identified information is not Personal Information and we may use de-identified information as allowed under applicable data protection laws.
We may combine information from different sources. For example, we may combine information that we have collected offline with information we collect online, or we may combine information we get from a third-party with information we already have.
If you submit any Personal Information relating to other people to us, you represent that you have the authority to do so and have informed that other person about the contents of this Policy.
Disclosure of Personal Information
We may share or disclose the Personal Information we collect as follows:
- Service providers: We may disclose Personal Information with third-party service providers who use this information to perform services for us, such as hosting providers, auditors, advisors, consultants, customer service and/or support providers.
- Advertising and Marketing Partners: We may share Personal Information with third parties that provide advertising, campaign measurement, online and/or mobile analytics, and related services. These third parties may receive or access browsing and/or other data about your use of the Services, in order to help us better reach individuals with relevant ads and/or measure our ad campaigns, and/or to better understand how individuals interact with our Services overtime and across devices. We may also transfer and/or sell Personal Information we collect and/or join together with other businesses to bring selected opportunities to customers or potential customers.
- Subsidiaries, affiliates, and business partners: We may share your Personal Information with our affiliated companies (i.e., our parent company and other companies under common ownership, control or management with us; and the Creators we have partnered with to offer exclusive content on our Services); they may use such Personal Information for the purposes set out in this Policy.
- Legal compliance: We may be required to share Personal Information in response to a valid court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful. In addition, we may share certain Personal Information when we believe that doing so is reasonably necessary to protect the rights, property and safety of our company and/or others.
- Business transfers: We may disclose and/or transfer Personal Information as part of any actual or contemplated merger, sale, transfer of assets, acquisition, financing and/or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.
- Protect our rights: We may disclose Personal Information where we believe it necessary to respond to claims asserted against us, to enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation and/or to protect the rights, property or safety of Galxe or our affiliates, partners, clients, customers and/or others.
Aggregated and De-identified Data. We may share aggregate or de-identified information with third parties for research, marketing, advertising, analytics and/or other purposes.
What happens if you do not provide us with the Personal Information we request or ask that we stop processing your Personal Information?
If you do not provide the Personal Information we request, or if you withdraw your consent to the processing of your Personal Information, then you may be unable to use the Services.
Automated decisions are those made without human intervention that have a legal effect on you or other similarly significant effect. We do not carry out this type of processing activity.
Cookies and Analytics
Cookies. Cookies are alphanumeric identifiers that are transferred to your computer through your web browser for record-keeping purposes. Some cookies enable you to log-in to our Services or save certain settings and preferences, while others allow us to track usage and activities on our Services, personalize content, or deliver more relevant ads. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The “Help” tab on the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you block cookies, however, certain features on our Website may not be available or function properly.
Pixel tags and embedded script (aka clear GIFs and web beacons). Pixel tags are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, pixel tags are embedded invisibly on web pages. We may use these, in connection with our Website to, among other things, track the activities of the users of our Services, improve ads, personalize and manage content, and gather usage information about our Website. We may also use these in HTML emails to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Our Services are restricted for users of legal age and children under the age of 18 are not allowed to use our Services. Galxe does not knowingly collect or maintain Personal Information from children we actually know at the time of collection are under the age of 18. Should we discover that we have collected Personal Information online from a child who is under 18, we will promptly delete that Personal Information. If you have concerns over the collection of children’s Personal Information on the Services, please contact us at the information provided in the Contact Us section below. Although our Services are not directed to children under the age of 18, if your child uses our Services and you wish to review or delete your child’s Personal Information, you may so request by contacting us at the location or email address set forth below under ‘Contact Us.’
The security of your Personal Information is important to us. We have put in place safeguards to protect the Personal Information we collect from unauthorized access, use and disclosure, and we take steps to ensure that all of our employees, agents, contractors and other third parties have similar adequate measures in place. We also have procedures to deal with any suspected Personal Information breach, and we will notify you and any applicable regulator when we are legally required to do so. However, we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to take steps to keep your Personal Information safe, such as choosing a strong password and logging out of your User Account and closing your web browser when finished using the Services.
Transfers outside the UK/Europe
For users in the UK and European Economic Area (“EEA”). We may sometimes transfer your Personal Information to countries outside the UK and EEA, for example if we are using a supplier based elsewhere. The privacy laws in countries outside the UK and EEA may be different from those in your home country.
Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we will always have security measures and approved European or UK model clauses (available on the European Union’s legal website at eur-lex.europa.eu and the UK ones at the ICO website www.ico.gov.uk) or other adequate safeguards in place to protect your Personal Information. Please contact us if you would like more details about our safeguards for data transfers outside of the UK/EEA.
For other users. If we transfer your Personal Information to countries outside of your home country, we will take steps to comply with the requirements for such transfer in your home country as required by relevant law.
Links to Third-party Websites
The Services provide links to various websites operated by third parties including, but not limited to, third-party sites that may display Galxe trademarks. This Policy does not apply to third-party websites that are accessible through the Services, unless such website directs users or visitors to this Policy. When you click on one of these links, you will be transferred out of the Services and connected to the website of the organization or company that maintains that website. Even if an affiliation exists between us and a third-party website, we exercise no control over linked websites. Each of these linked websites maintains its own independent privacy and data collection policies and procedures. We encourage you to read the privacy policies of those other websites to learn how they collect, use, share, and secure your information before providing any Personal Information.
Except to the extent prohibited by law, and subject to this Policy, we will retain and use your Personal Information for as long as it is needed to provide you with any services, communications, information you have requested, or access to the Website, to document our business relationship with you, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. As soon as it is reasonable to assume your Personal Information is no longer needed or required, we will cease to retain your Personal Information, or remove the means by which the data can be associated with you.
Changes to this Policy
This Policy is kept under regular review and may be updated from time to time. When we make changes to this Policy, we will change the “Last Updated” date above. If a material change is made to this Policy, we may choose to provide notice to you in advance of such change, such as by posting notice of that change on the first page of this Policy or on our homepage, or by emailing your email address of record with us.
Changes to your Information
It is important that the information we hold about you is accurate and current. Please keep us informed as soon as possible if your Personal Information changes or is inaccurate during your relationship with us by using the contact details set out below.
California Shine the Light Law
Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain personal data are entitled to request and obtain from us, free of charge, information about the personal data (if any) we have shared with third parties during the immediately preceding calendar year for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third-party sharing in the prior calendar year. California residents who would like to make such a request may submit a request to the contact information provide below. The request should attest to the fact that the requester is a California resident, and provide a current California address. We are only required to respond to a customer request once during any calendar year. Please be aware that not all information sharing is covered by California’s “Shine the Light” law and only information sharing that is covered will be included in our response.
Supplemental Notice for Nevada Residents
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at Info@Tonohealth.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth below.
Additional Information for EEA/UK Residents
By law, you have a number of rights when it comes to your Personal Information. Further information and advice about your rights can be obtained from the data protection regulator in your country, and many countries provide a right to lodge a complaint with the regulator.
You may request for a copy of the Personal Information which we hold about you or information about the ways we use or disclose about your Personal Information. You may also ask us to correct or update your Personal Information, or withdraw your consent and request us to stop using or disclosing your Personal Information for any of the purposes stated in this Policy.
You may do so by submitting your request in writing or via email at the contact details provided below.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request in some circumstances.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
Under European Union and UK regulation, your rights are:
- The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Information and your rights. This is why we are providing you with the information in this Policy. If you have any additional questions, for example regarding transfers and locations of data or our legitimate interests basis, please contact us.
- The right of access. You have the right to obtain access to your Personal Information (if we are processing it), and certain other information (similar to that provided in this Policy). This is so you are aware and can check that we’re using your Personal Information in accordance with data protection law.
- The right to rectification. This is also known as the ‘right to be forgotten’ and enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions.
- The right to restrict processing. You have rights to ‘block’ or suppress further use of your Personal Information. When processing is restricted, we can still store your Personal Information, but we may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
- The right to data portability. You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on our legitimate interests for processing.
- The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your Personal Information with your national data protection regulator. In the UK, this is the Information Commissioner, and details of how to contact the ICO can be found on their website at ico.org.uk.
- The right to withdraw consent. If you have given your consent to anything we do with your Personal Information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
If you have any concern about our privacy practices, please contact us by email at email@example.com.