Date of last revision: 05th February, 2018
This document refers to personal data, this is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The Data Protection Act (DPA), Privacy and Electronic Communications Regulations (PECR) and The General Data Protection Regulation (GDPR) which is EU wide and far more extensive, seek to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain such as Companies House data.
1. About our services
We are the company which sells VLM tokens. VLM token is a usual digital product (digital goods, digital commodities), developed by the Company as variety of digital tokens, specified by standard Ethereum ERC20 Token Standard (ERC20). VLM token could be useful only within the platform created by Company (hereinafter – VOLUM Platform). VLM token is a digital product, utility token, and it does not have any value outside VOLUM Platform. The utility of such good is closely linked only with VOLUM Platform. The existence of this good maintains by smart contract developed by the Company and Ethereum blockchain developed by third parties. Blockchain was determined as a database for the keeping of data about the release of good, its movement and redemption due to the fact of its reliability (permanence guaranteed by decentralizing) and popularity.
The data gathered by VOLUM can be divided primarily into two categories:
- All data required for the processing, preparation and performance of an agreement with VOLUM. If other service provides are involved in the performance of the agreement, e.g. payment services, optimization services or hosts, your data will be forwarded to them to the extent required.
- When you access our Services, some information is exchanged between your device and our server, or the server of the services we use. This may include personal information. One of the ways in which the information gathered in this way will used is to further improve our Service.
Under the GDPR, you have various rights that you can assert with us. These include the right to selectively object to the use of data, particularly for advertising purposes. The option to object is highlighted in print. Further information on your rights can be found in the additional section below and in the individual descriptions of the respective data uses.
3. Name and Contact Information for the Person Responsible for Data Processing and of the Company’s Data Privacy Officer
4. Purposes of Data Collection, Legal Basis and Legitimate Interests Pursued by Us or a Third Party, and Categories of Recipients
4.1. Accessing our Service. If you access our Service, especially by visiting our website or the browser used on your device automatically sends information to our server and temporarily stores it in a log file. The following information is collected without your intervention and stored until it is automatically or manually deleted in the log file:
- Your device’s IP address
- Date and time of access
- The name and URL of the retrieved file, the website/app from which access was made (referrer URL)
- Your browser’s unique identifier
- The name of your Internet provider
The processing of the aforementioned data is based on Article 6 paragraph 1 lit. f) GDPR. Our legitimate interest arises from the uses listed below. At this point, we note that we are unable and do not attempt to draw any conclusions about your identity from the data collected. Your device’s IP address and the other information listed above are used by us for the following purposes:
- To ensure that a trouble-free connection can be established
- To ensure the convenient use of our Service
- To evaluate system security and stability
- Other administrative purposes
4.2. Concluding, Performing or Terminating an Agreement. We primarily define our Services as those of platform where you can buy VLM tokens. To give you such possibility, we collect the information required to conclude, perform or terminate an agreement. This includes:
- E-mail address
- First and last name
- Billing and payment information
- Information you enter yourself and that is generated during the use of our Services, such as gender, age, country of residing, etc.
The legal basis for this is Art. 6(1) a) and b) and Art. 9(2) a) of the GDPR. Unless we use your contact information for customer support or customer service, the information required to conclude the agreement is stored until it is no longer needed for this purpose and/or until the rights under any guarantee or warranty expire. Subsequently, we retain the required personal information for the periods established by law. During this retention period (usually six to 10 years after conclusion of the agreement), the information is used only in the case of an audit by the tax authority.
4.3. Data Processing for Customer Support or Customer Service4.3.1. Informational purposes
If you have signed-up for our services, we keep you as an existing customer. In this case, we process your contact information in order to send you information about new, enhanced or improved features, products and services, etc.4.3.2. Personalized ads
To ensure that you receive only information that corresponds to your interests, we classify and add information to your customer profile. For this purpose, both statistical information as well as information about you (such as basic or historical data from your customer profile) are used. The goal is to optimize our Services by adapting them to your actual or perceived interests and/or needs, and to send you the appropriate recommendations and not bother you with useless ads.
The legal basis for each of the aforementioned data uses is Art. 6(1) b) and f) of the GDPR and Art. 9(2) a) of the GDPR. The use of existing customer data for the company’s own advertising purpose is recognized as a legitimate interest under Recital 47 of the GDPR.4.3.3. Right to Object
You may object to the use of your data for the aforementioned purposes at any time free of charge for each communication channel and with effect for the future. An email or a letter sent using the contact information shown under 1. is sufficient for this purpose.
Once you submit your objection, we will block the relevant contact address for future advertising data processing. We will process your objection as soon as possible and implement the appropriate blocking measures immediately after it is confirmed. Please note that in some exceptional cases the relevant information or product recommendations may still be received even after receipt of your objection. This is simply due to technical reasons and does not mean your objection has not been processed. Thank you very much for your understanding.
5. Data Processing for the Provision of our Services
In this section, we inform you about the data processing necessary for the provision of our Services:
5.1. Online Presence and Website Optimization. We will not sell or lease your information to third parties for their marketing purposes without your explicit consent. We only disclose certain information to third parties from time to time to be able to offer the best possible product to our customers, improve the quality of our Services and protect the interests of our customers. However, this disclosure will always be subject to strict limitations, which are described in more detail below.5.1.1. Cookies – General Information
If you already have a customer account and are logged on, the information stored on the cookies are associated with that account.
6. Recipients outside the EU
As indicated above under 3.4 and 3.5, data may also be sent to recipients located outside the European Union or the European Economic Area. This applies in particular to the aforementioned processing of analysis and/or targeting technologies, which can result in data transmission to the servers of the service providers. Other recipients may be affiliated service providers that we need in order to provide our services, e.g. hosts, CRM tools, analytical service providers. These servers may be outside the EU, especially in the US. We make absolutely sure that these service providers guarantee data protection standards equivalent to those of the GDPR and that they comply with the applicable directives. Therefore, we only work with those service providers who are certified by the EU-US Privacy Shield. In case number C(2016) 4176), the European Commission established the suitability of this data protection level for certification in compliance with Art. 45 GDPR. The use of these certified service providers thus meets European standards for lawful data processing. In addition, we have obtained suitable contractual guarantees from all service providers based in other EU countries, which ensure compliance with these EU standards and the enforcement of the rights of affected persons, for example based on the standard contractual clauses of the European Commission.
7. Your Rights
7.1. Overview. In addition to the right at any time to withdraw any consent you have given us, you are also entitled to the following if the respective legal conditions are met:
- The right to be informed about your personal data that is stored with us, pursuant to Art. 15 GDPR
- In the event of transmissions covered by Art. 46, 47 or 49(1) 2) GDPR, the right to information, or references to suitable or appropriate guarantees that a copy of them can be obtained, or where they are available
- Your personal data that is stored with us, pursuant to Art. 15 GDPR
- The right to correct inaccurate or incomplete data, pursuant to Art. 16 GDPR
- The right to the deletion of your personal information that is stored with us, pursuant to Art. 17 GDPR
- The right to limit the processing of your data, pursuant to Art. 18 GDPR
- Right to data portability, pursuant to Art. 20 GDPR.
7.2. Right to Object. Under the provisions of Art. 21(1) GDPR, the data subject has the right to object on grounds relating to his or her particular situation, at any time to the processing of personal data.
7.3 You can request the following information:
- Identity and the contact details of the person or organization that has determined how and why to process your data.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of VOLUM or a third party such as one of its clients, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient (s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
8. Data Security
We apply the highest standards to data security for our infrastructure and the processing of your data. For example, we use protection mechanisms for computers such as firewalls and data encryption. Our buildings and data are subject to physical access controls. Access to the personal information of our customers is only possible for those employees who need them to carry out their activities.
All personal data sent by you, including your payment information, is also transmitted using the generally accepted and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard, e.g. it is also used for online banking. You will recognize a secure SSL connection with the placement of an “s” at the end of http (i.e. https://www.volum.io) in the address bar of your browser, or with the lock icon at the bottom of the browser.
We also apply suitable technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and against unauthorized access by third parties. Our security measures are continuously monitored using the latest technology, and regularly adapted to the relevant risk, and improved if necessary.
VOLUM may on occasions pass your Personal Information to third parties exclusively to process work on its behalf. VOLUM requires these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR. VOLUM do not broker or pass on information gained from your engagement with the agency without your consent. However, VOLUM may disclose your Personal Information to meet legal obligations, regulations or valid governmental request.