PRIVACY POLICY

OF THE

ONSEI WALLET (TESTNET VERSION)

MOBILE APPLICATION

version of 4 November 2024

  • Introduction

This Privacy Policy of the Onsei Wallet (testnet version) mobile application (the “Privacy Policy”) describes how ULAM LABS Konrad Rotkiewicz sp.k. with its registered office in Wrocław, Poland (“ULAM LABS”, “we”, “our”, “us”) collects and uses your personal data and cookies in connection with your use of the App and the App Services.

This Privacy Policy consists of two parts:

  • Privacy Notice – which describes how we collect and use your personal data;
  • Cookie Notice – which describes how tracking technologies are used.

We provide the App and the App Services subject to the Terms. Please read the Terms before accessing or using the App Services or the App.

  • Children

The App and App Services are restricted to persons who are at least 18 years of age. We do not knowingly collect personal data from people who are less than 18 years of age in connection with the App or the App Services. If you – the User – are below 18 years old, you may not use the App nor the App Services nor interact with them.

  • Security features

If you decide to do so, you can enable the biometric security features in the App settings. In such case the biometric data is not collected by us through the App and at all times remains in your device. We do not collect your biometric data, and we do not have access to it. We only have access to the results of the biometric verification conducted by your device’s operating system such as iOS or Android.

  • Your privacy and blockchain

Blockchain network is an application of a distributed ledger technology (DLT). A distributed ledger is an information repository that keeps records of certain actions (e.g. transactions) and that is shared across, and synchronized between, a set of DLT network nodes using a consensus mechanism. Blockchains are governed by their protocols, i.e. set of rules describing how a network operates (e.g. how a consensus is reached as regards validating a transaction). Such blockchains are intended to immutably record transactions across a wide network of computers and computer systems. Public blockchains are networks that are publicly accessible. Many blockchain networks are decentralized which means that we do not control or operate them.

When you use the App Services, some of your data may be recorded on public blockchain networks, depending on the App Service and the blockchain protocol. This means that your personal data could be determined directly, when combined with other data, or when anonymous data is de-anonymized. As a result, third parties may potentially access your personal data. For example, many public blockchain networks are open to forensic analysis or other blockchain analytics operations which can lead to the unintentional disclosure of your personal data such information about your transactions.

This is due to the way blockchain technology works, where transparency and immutability of the data stored on the chain is one of the fundamental principles of the technology. Because blockchain networks are decentralized, we (or our affiliates) are not able to delete or change your personal data from such blockchain networks. Please consult relevant information about the potential risks associated with using blockchain technology set out in the Terms.

  • Definitions

All terms not defined in this Privacy Policy shall have the meaning as defined in the Terms or in the GDPR. The following terms used in this Privacy Policy shall have the meaning set forth below:

  • App – the App as defined in the Terms.
  • App Services – the App Services as defined in the Terms.
  • Applicable Data Protection Law – any applicable laws, statutes, regulations, orders, regulatory requirements, bylaws, and other similar legal instruments in force from time to time relating to data protection, data security, privacy and/or the collection, use, disclosure and/or processing of personal data, including but not limited to the GDPR.
  • controller, processor, processing, and other terms relating to personal data not defined here have the meaning as defined in Art. 4 of the GDPR.
  • EEA – European Economic Area.
  • GDPR – General Data Protection Regulation 2016/679 of 27 April 2016.
  • ICT Systems – the ICT Systems as defined in the Terms.
  • personal data – information about identified or identifiable natural person as defined in Art. 4(1) of the GDPR.
  • Privacy Policy – this Privacy Policy of the Onsei Wallet (testnet version) mobile application.
  • Terms – the Terms of Service of the Onsei Wallet (testnet version) mobile application available at: https://www.onseiwallet.io/terms-and-conditions
  • ULAM LABS (“we”, “our”, “us”, etc.) – ULAM LABS Konrad Rotkiewicz sp.k. with its registered office in Wrocław, address: ul. Grabiszyńska 163 / 502 (53-439 Wrocław), Poland, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS no. 0000941007.
  • User (“you”, “your”, etc.) – the User as defined in the Terms.
  • Wallet – the Wallet as defined in the Terms.
  • Changes

The current version of the Privacy Policy has been adopted and is effective as of 4 November 2024.

We may change the Privacy Policy from time to time. For example, we may do this when it is necessary due to changes in the Terms, changes in legal requirements or changes in the way we use your personal data. We may also amend the Privacy Policy to make it clearer, more accessible, and/or easier for you to understand.

You should check the Privacy Policy before using the App and/or the App Services. If we change the Privacy Policy, we will give you access to previous versions of the Privacy Policy.

  • PRIVACY NOTICE

Controller and contact details

We, ULAM LABS, are the controller of your personal data to the extent this Privacy Policy applies. You can contact us with any inquiries or complaints in respect of the personal data by email at: onseiwallet@ulam.io  or in writing to our address: ULAM LABS, Grabiszyńska 163/502, 53-439 Wrocław, Poland, EU.

Sources of personal data

We collect your personal data from the following sources:

You

We collect your personal data from you in connection with your use of the App or the App Services. For example, we collect data when you provide us with your e-mail address. We also collect your personal data from your devices or software in connection with your use of the App or the App Services. For example, we may collect information about your device, its operating system or other software, hardware details, web browser settings and so on when you are browsing the App.

Public sources

We collect your personal data from publicly available sources, such as blockchain networks in connection with providing the App Services.

Categories of personal data

We collect and use the following types of your personal data.

Blockchain data

The blockchain data includes anonymous data and, in some cases, your personal data that we receive in connection with your use of some of the App Services (e.g. Crypto-Asset Self-Hosted Address Service), as well as our activity and the activity of third parties connected with rendering such App Services. This includes publicly accessible on-chain information (which can be personal data) and limited off-chain information of technical nature (anonymous data, as a rule). This also includes Wallet public address which is a personal data when the Wallet can be linked to you (the User). In general, if blockchain data allows for your identification we treat it as personal data in compliance with the Applicable Data Protection Law. For example, this includes:

  • Wallet details (including custodial wallets)
  • Wallet transaction details (including crypto-assets, time of transfer, value of transfer, details of originator and beneficiary)

Camera data

The camera data includes data collected and used in connection with your use of your device’s camera to scan QR codes with the App. In most cases the information captured from your device’s camera is non-personal data. However, in some cases it may be used to identify you. For example, this may include:

  • Public crypto-wallet address

Customer feedback data

The customer feedback data includes data collected and used in connection with your participation in our surveys or questionnaires or your other requests, questions, and queries. For example, this may include:

  • Names and contact details
  • Feedback on the App or App Services
  • Your device and its operating system (optional)

Customer support data

The customer support data includes data collected and used in connection with customer support provided by us to you. For example, this may include:

  • Call recordings
  • Information relating to compliments or complaints
  • Names and contact details
  • Records of meetings and decisions
  • App user information (including user journeys)

Technical data

The technical data includes data collected and used in connection with the ICT Systems to provide App Services. Most of this information is anonymous data. However, in some cases it may be used to identify you, for example in combination with other data. In such cases we treat it as personal data. For example, this includes:

  • IP addresses
  • Location data
  • User hardware and software data
  • App user information (including user journeys)

Purposes and legal grounds of processing

We collect and process your personal data in connection with your use of the App and the App Services. As a rule, we process your personal data to the extent necessary to provide the App Services, ensure smooth operation of the App, as well as for other legitimate purposes. You can find more detailed description of such purposes and legal grounds for processing below.

Analytics

We use your personal data for analytical and statistical purposes. Where required by law, we will only conduct analytical activities with your consent. The legal ground for such processing is:

  • our legitimate interest (Art. 6(1)(f) of the GDPR), which consists of conducting analyses of your activity, as well as of your preferences to improve functionalities and App Services provided by us.

Compliance

We use your personal data to ensure compliance with the applicable law. For example, this includes processing of your personal data to comply with consumer protection law or the GDPR. The legal ground for processing is:

  • the necessity of processing for compliance with appropriate legal obligation under applicable law to which we are subject (Art. 6(1)(c) of the GDPR).

Contract performance

We use your personal data to perform contracts we have executed with you. For example, this includes contract subject to the Terms under which we provide the App Services. Please consult the Terms for more detailed description of the App Services. The legal ground for such processing is:

  • the necessity of processing for either taking steps at your request prior to entering into a contract and/or performance of a contract with you (Art. 6(1)(b) of the GDPR).

Legal rights

We may use your personal data, if necessary, to establish and assert claims or to defend against claims. The legal ground for such processing is:

  • our legitimate interest (Art. 6(1)(f) of the GDPR), which consists of the protection of our legal rights.

Security

We use your personal data to ensure the security of the App and our ICT Systems and to manage them. For example, we record some of your personal data in system logs (special computer programs used for storing a chronological record containing information about events and actions related to the ICT Systems used for rendering the App Services by us). The legal ground of the processing is:

  • our legitimate interest (Art. 6(1)(f) of the GDPR), which consists of our need to ensure security and safety of our ICT Systems used in connection with the App and the App Services.

Data storage

In a nutshell, we store your personal data only as long as necessary for the purposes we collected it. After the end of the period of data storage, we permanently delete or anonymize your personal data.

The duration of storage depends on the purpose of processing. For example, we store your personal data for the period when we provide you the App Services in accordance with the agreement we have entered with you subject to the Terms. We store personal data processed based on legitimate interest(s), our or those of a third party, until you lodge an effective objection to such processing. Similarly, when we process your personal data based on your consent, we store it until you withdraw your consent.

The duration of storage or use of your data may be extended in certain situations. For example, we may store your personal data after you terminate the agreement with us when required by law. We may also continue to store and use the same dataset if we use it for a different purpose and on a different legal basis, if admissible by law. For example, if you terminate the agreement with us, we may continue to use personal data provided by you in connection with your use of the App Services when necessary to establish and assert possible claims or to defend against claims (if we have a legitimate interest to do so).

Data recipients

As a rule, we do not share your personal data unless it is necessary. For example, we may share your personal data in connection with the provision of the App Services under the Terms. We may disclose your personal data to the following categories of recipients:

  • our business partners (including service providers and contractors), such as analytical tools providers or data storage providers;
  • ULAM LABS group entities, including our affiliates, subsidiaries and, in the event of a merger, acquisition or reorganisation, the involved third party;
  • public authorities or other third parties when required by law and subject to statutory conditions and restrictions;
  • professional advisors, such as lawyers, accountants, consultants, and tax advisors.

Data transfers

We do not transfer your personal data outside of the EEA.

Requirement to provide personal data

In certain cases, provision of your personal data is mandatory by law or necessary to manage your request or to perform a contract we have with you. If you don’t provide us with your personal data in such situations, we may not be able to carry out your request, perform a contract with you (or enter into it) or comply with the law. In some cases, this may mean that we will terminate the contract or stop our engagement with you. For example, if you do not provide your personal data necessary for the complaint procedure, we may not be able to manage your complaint.

In other cases, provision of your personal data is voluntary. If you don’t provide us with your personal data in such situations, we may not be able to carry out your request or achieve our goal. For example, if you do not share your contact details with us, we may not be able to contact you.

Your rights

Under the Applicable Data Protection Law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal data.
  • Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete.
  • Your right to erasure (right to be forgotten) - You have the right to ask us to erase your personal data in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances. This right applies where we use your data based on your consent or a contract and if the processing of your data is carried out by automated means.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances. You can do this at any time. If you raise an objection, we will stop using your personal data where the basis for processing is our legitimate interest. In exceptional circumstances, we may continue to use your data despite your objection. This exception does not apply when you object to the processing of data for direct marketing purposes, i.e., if you object to it, we will stop processing your personal data on this basis.
  • Your right to withdraw consent - When we use consent as our lawful basis you have the right to withdraw your consent. You can do this at any time. If you withdraw consent, we will stop using your personal data where the basis for processing is consent. Withdrawal of consent does not affect the lawfulness of processing your data based on consent before withdrawal.

You do not usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you as a rule. To make a data protection rights request, contact us using our contact details (Section 1.1.)

How to lodge a complaint

If you have any concerns about our use of your personal data, you can make a complaint to us using our contact details (Section 1.1.)

If you remain unhappy with how we have used your data after raising a complaint with us, you can also complain to the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), a Polish data protection authority based in Warsaw, Poland (https://uodo.gov.pl).

  • COOKIE NOTICE

Introduction

This Cookie Notice describes how ULAM LABS Konrad Rotkiewicz sp.k. with its registered office in Wrocław, Poland (“ULAM LABS”, “we”, “our”, “us”) stores or accesses information on your terminal device in connection with your use of the App or the App Services.

What are cookies?

Cookies are small text files installed on your device that collect information which, generally, facilitates use of the App and the App Services. For example, cookies may remember your language preferences or other settings of your Internet browser. In most cases information used in connection with cookies is personal data. In such cases, the Privacy Notice applies to such personal data.

We may use our own cookies. We may also use third-party cookies, i.e. cookies from a domain other than the domain of the visited website, primarily for analytical activities. We may also use other technologies similar to cookies, for example HTML5 local storage, Local Shared Objects or tracking pixels. Where we refer to cookies in this Cookie Notice, we also mean such technologies.

The cookies are used only when it is admissible by law.

What cookies are used?

We and our partners are currently not using any cookies. However, we are using cookie-less analytical solutions of our analytical services providers. Below we describe in greater detail some tools of our partners used for analytical or marketing purposes:

PostHog analytics solutions

PostHog analytics solutions are a group of tools to analyse use of the Website and to produce statistics and reports on its operation (e.g. PostHog Product Analytics). The solution provider is PostHog Inc., address: 2261 Market Street #4008, San Francisco, California 94114, USA. More information about PostHog analytics solutions can be found at: https://posthog.com. You can find more information about the processing of your personal data by PostHog Inc. at: https://posthog.com/privacy.