Last Updated: December 2022
We collect, use and are responsible for certain personal information about you. When we do so we are subject to various laws in the United States (U.S.), the European Economic Area (EEA) as well as the United Kingdom (UK). For the purposes of those laws, we typically process personal information as a “controller”, which means that we determine why and how personal information is used.
1. Personal Information We Collect About You.
We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual:
Personal information that identifies you
First & last name;
Country of residence;
Personal information relating to your Internet activity
2. How Your Personal Information is Collected.
We collect personal information from:
Publicly accessible sources (e.g., property records);
Third parties (e.g., banks, sanctions screening providers, credit reporting agencies, or customer due diligence providers);
Cookies and other technologies placed on the devices that you use to access our websites.
When you visit our websites, we collect certain information by automated means, such as cookies and similar technologies. The information we collect in this manner includes IP address, unique device identifier, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken, and dates and times of activity. A "cookie" is a text file that websites send to a visitor's computer or other Internet-connected device to uniquely identify the visitor's browser or to store information or settings in the browser. Through these automated collection methods, we obtain and store “clickstream” data to tell us usage patterns. We may link certain data elements we have collected through automated means, such as your browser information, with other information we have obtained about you to let us know, for example, whether you have opened an email we sent to you. We also may use third-party analytics tools that collect information about visitor traffic on our websites. Your browser may tell you how to be notified when you receive certain types of cookies or how to restrict or disable certain types of cookies. Please note, however, that without cookies you may not be able to use all the features of our websites. For further information, please see our Cookies Page.
3. How and Why We Use Your Personal Information.
Under data protection law, we can only use your personal information if we have a proper reason for doing so, for example:
To comply with our legal and regulatory obligations;
For the performance of our contract with you or to take steps at your request before entering into a contract;
For our legitimate interests or those of a third party; or
Where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
Below we explain what we use (process) your personal information for and our justifications for doing so:
a) To provide NFTs or other products or services to you.
For the performance of our contract with you or to take steps at your request before entering into a contract.
b) To prevent and detect fraud against you or DNABLOCK, Inc.
For our legitimate interests or those of a third party i.e., to minimize fraud that could be damaging for us and for you.
c) Conducting checks to identify our customers and verify their identity; Screening for financial and other sanctions or embargoes; Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business e.g., under health and safety regulation or rules issued by our professional regulator.
To comply with our legal and regulatory obligations.
d) Gathering and providing information required by or relating to audits, inquiries, or investigations by regulatory bodies.
To comply with our legal and regulatory obligations.
e) Ensuring business policies are adhered to e.g., policies covering security and internet use.
For our legitimate interests or those of a third party i.e., to make sure we are following our own internal procedures so we can deliver the best products and services to you.
f) Operational reasons, such as improving efficiency, training, and quality control.
For our legitimate interests or those of a third party i.e., to be as efficient as we can so we can deliver the best service for you at the best price.
g) Ensuring the confidentiality of commercially sensitive information.
For our legitimate interests or those of a third party i.e., to protect trade secrets and other commercially valuable information; To comply with our legal and regulatory obligations.
h) Statistical analysis to help us manage our business e.g., in relation to our financial performance, customer base, product range, or other efficiency measures.
For our legitimate interests or those of a third party i.e., to be as efficient as we can so we can deliver the best products and services for you at the best price.
i) Preventing unauthorized access and modifications to systems.
For our legitimate interests or those of a third party i.e., to prevent and detect criminal activity that could be damaging for us and for you; To comply with our legal and regulatory obligations.
j) Updating and enhancing customer records.
For the performance of our contract with you or to take steps at your request before entering into a contract; To comply with our legal and regulatory obligations; For our legitimate interests or those of a third party e.g., making sure that we can keep in touch with our customers about existing orders and new products and services.
k) Statutory returns.
To comply with our legal and regulatory obligations.
l) Ensuring safe working practices, staff administration, and assessments.
To comply with our legal and regulatory obligations; For our legitimate interests or those of a third party e.g., to make sure we are following our own internal procedures and working efficiently so we can deliver the best products and services to you.
m) Customer and website visitor analytics. We use personal information to better understand how you and others use our websites, products and services, so that we can improve them and develop new features, tools, offerings, services and the like, and for other research and analytical purposes.
For our legitimate interests or those of a third party, so that we can provide the best services to you and others and to develop and grow our business. Where legally required, we will first obtain your consent before using your personal information.
n) Marketing our services and those of selected third parties to:
• Existing and former customers;
• Potential customers who have previously expressed an interest in our services;
• Individuals with whom we have had no previous dealings.
For our legitimate interests or those of a third party, licensors and their agents i.e., to promote our or their business to existing and former customers. Where legally required, we will first obtain your consent before using your personal information.
o) External audits and quality checks.
For our legitimate interests or those of a third party i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards; To comply with our legal and regulatory obligations.
4. Promotional Communications.
We may use your personal information to send you updates (e.g., by email, text message, telephone, via our websites) about our products and services, including exclusive offers, promotions or new products and services.
We have a legitimate interest in processing your personal information for promotional purposes (see above “How and why we use your personal information”). However, where consent is legally required, we will ask for this consent before sending you promotional communications.
We do not sell your personal information to other organizations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
Contacting us as described in the “How to Contact Us” section below; or
Using the “unsubscribe” link in emails that you receive from us.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further products or services in the future, or if there are changes in applicable laws and regulations, or the structure of our business.
5. Who We Share Your Personal Information With.
We routinely share personal information with:
Our affiliates, including companies within DNABLOCK, Inc.’s group;
Service providers we use to help deliver our products and/or services to you, such as payment service providers and other third party companies;
Other third parties we use to help us run our business, such as marketing agencies or website hosts;
Our licensors and their agents;
Other third parties whose websites you visit through our websites; and
Third parties approved by you, including social media sites you choose to link your account to or third-party payment providers.
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you. We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a restructuring. We will typically anonymize information before sharing it, but where this may not be possible, we make sure that the recipient of the information is bound by confidentiality obligations.
6. How Long Your Personal Information Will Be Kept.
We will keep your personal information while you have an account with us or while we are providing products and/or services to you. Thereafter, we will keep your personal information for as long as is necessary:
To respond to any questions, complaints or claims made by you or on your behalf;
To show that we treated you fairly; or
To keep records required by law.
7. Your Rights Under the EU/UK General Data Protection Regulation (GDPR)
Subject to the relevant legislative provisions, you have the following data protection rights:
The right to access
You have the right to obtain confirmation as to whether or not your personal information is being processed and, where this is the case, access to the personal information. You also have the right to ask us for a copy of your personal information.
The right to rectification
You have the right to ask us to rectify personal information about you that you think is inaccurate. You also have the right to ask us to complete personal information you think is incomplete. This right always applies.
The right to erasure
This is also known as “the right to be forgotten” and, in simple terms, enables you to request the deletion or removal of your personal information where there is no compelling reason for us to keep using the information. This is not a general right to erasure; there are exceptions e.g., if we have a legal obligation to keep your information.
The right to restriction of processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
The right to data portability
This right only applies to personal information you have given us. You have the right to ask that we transfer the information you gave us to another organization or give the information back to you.
The right to withdraw consent
Where you have provided us with consent to process your personal information, you have the right to withdraw your consent at any time. This will not affect the lawfulness of the processing that has been carried out based on your consent prior to the withdrawal.
The right to object
When we process your personal information for purposes of pursuing our legitimate interests, you have the right to object to such processing at any time. If you object, we will stop the processing unless we have strong and legitimate reasons to continue using your information. Where we process your personal information for marketing purposes, you have the right to object at any time to such processing, (including for profiling, to the extent that it is related to our direct marketing).
The right to lodge a complaint
If you have concerns about the way we handle or process your personal information, please reach out to us via the contact details listed below. We will subsequently investigate the matter and report back to you. If you are still not satisfied after our response, you have the right to complain to a data protection regulator in the country where you live, work or where you believe a violation of the GDPR took place. A list of data protection regulators in the EEA can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-is. If you in the UK, the relevant data protection regulator is the Information Commissioner’s Office (https://ico.org.uk/about-the-ico).
8. Your Rights Under the CCPA
You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to exercise free of charge:
Disclosure of Personal Information We Collect About You
You have the right to know:
The categories of personal information we have collected about you;
The categories of sources from which the personal information is collected;
Our business or commercial purpose for collecting or selling personal information;
The categories of third parties with whom we share personal information, if any; and
The specific pieces of personal information we have collected about you.
Please note that we are not required to:
Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
Provide the personal information to you more than twice in a 12-month period.
Personal Information Sold or Used for a Business Purpose
In connection with any personal information we may sell or disclose to a third party for a business purpose, you have the right to know:
The categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold; and
The categories of personal information that we disclosed about you for a business purpose.
You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to opt-out of the sale or disclosure of your personal information. If you exercise your right to opt-out of the sale or disclosure of your personal information, we will refrain from selling your personal information, unless you subsequently provide express authorization for the sale of your personal information. To opt-out of the sale or disclosure of your personal information, contact us at firstname.lastname@example.org with the subject line “Opting-Out.”
Right to Deletion
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
Delete your personal information from our records; and
Direct any service providers to delete your personal information from their records.
Please note that we may not delete your personal information if it is necessary to:
Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
Debug to identify and repair errors that impair existing intended functionality;
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act;
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
Comply with an existing legal obligation; or
Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Protection Against Discrimination
You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:
Deny goods or services to you;
Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
Provide a different level or quality of goods or services to you; or
Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information.
9. Keeping Your Personal Information Secure.
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
10. How to Exercise Your Rights.
We are committed to protecting the privacy of children. Our products and services are not intended for use by children under the age of 18. We do not knowingly collect personal information from children under the age of 18. If you are under 18 do not use our products or services or provide any information about yourself including, without limitation, your name, address, email address or any screen name or user name you may use. If we learn that we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe that we may have any information from or about a child under 18, please contact us as provided in Section 18 below. Please visit the FTC's website at www.ftc.gov for tips on protecting children's privacy online.
12. International Data Transfers
You can request further information about how we safeguard your personal information outside the EEA/UK by contacting us (see below).
13. How to Contact Us.
You may contact us at:
1308 Factory Pl. Suite 112
Los Angeles, California 90013