Last Updated: 14.November 2022
Privacy Notice
This MNTD Privacy Notice (the “Notice”) explains how your personal data is collected and processed when you access and use the website available at https://getmntd.com (the “Website”).
We kindly ask you to read this Notice carefully before using the Website and providing us any personal data.
Contact Information
The Website is operated by MNTD PTE. LTD. (“we”, “our”, “us”), a company registered in Singapore, having Unique Entity Number 202124287C and registered address at 1 Marina boulevard #28-00 One Marina Boulevard Singapore (018989).
With respect to the personal data collected on the Website we act as a data controller.
Data Protection Officer
MNTD has appointed the external DPO — Sekurno OÜ:
An information security and data protection firm.
Company number: 14992608.
Address: Estonia, Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 10151.
DPO’s email: [email protected].
Please contact us or our DPO to receive answers to any data protection-related questions. Please note that we may record any communication to preserve the evidence of your request and our response.EU representative
MNTD has appointed an EU Representative (as required by Article 27 of the GDPR). The representative would act as a contact point for supervisory authorities and data subjects located in the European Union.
Correspondence address: Rickert Rechtsanwaltsgesellschaft mbH; Colmantstraße 15, 53115, Bonn, Germany.
EU Representative’s email: [email protected]
What Personal Data We Collect
We may collect and process your personal information when you:
make a purchase on the Website (“Purchase Data”);
contact us via the Website or contact details available on the Website (“Contact Data”);
agree to receive updates or marketing emails from us (“Marketing Data”); or
access and browse the Website (“Website Data”).
Such personal data is collected and processed as follows:
Purchase Data
While making a purchase on the Website you provide us with your billing and shipping information. Such information is necessary to purchase and deliver the products available on the Website. If you do not provide us with the necessary Purchase Data, we would not be able to process your order and fulfill a contract with you. The Purchase Data includes the following:
Data item
Purpose
Legal grounds
General Information
Full name
To identify you as a purchaser of a product
Performance of a contract with you
Email address or telephone number
To provide you with the information regarding the order processing and product delivery
Performance of a contract with you
Delivery Information
Delivery address
To deliver the ordered product
Performance of a contract with you
Billing Information
Billing Address
To process the payment of the order
Performance of a contract with you
Purchase amount
To process the payment of the order
Performance of a contract with you
Date of purchase
To process the payment of the order
Performance of a contract with you
Payment method
To process the payment of the order
Performance of a contract with you
Transaction details (such as transaction ID)
To process the payment of the order
Performance of a contract with you
Wallet address
To conduct a refund if you made a purchase in digital assets (such as USDC)
Performance of a contract with you
To process the order made on the Website, we use a third-party solutions, such as Shopify, PayPal, Coinbase, etc., as may be available or updated from time to time (“Payment Solutions”). With respect to the information provided in connection with the payment Website, Payment Solutions are deemed our processor, meaning that they will process your personal data in accordance with our instructions and/or applicable legislation. However, Payment Solutions are financial institutions and are subject to certain legislation requirements, which means that they may store or use the data independently from us. Also, to use certain Payment Solutions you may need to have a registered account; we do not have access to the data of your accounts with the Payment Solutions, such data is processed independently from us. Please check the applicable privacy information of the Payment Solution that you choose to use in connection with the Website.
The Purchase Data will be stored and processed by the respective Payment Solution. We will not have full access to your payment details, such as payment card number; such information is securely stored with the Payment Solutions.
Contact Data
When you contact us via the Website or contact details available on the Website, you may provide us with the following data:
Data item
Purpose
Legal grounds
Full name
To address you correctly
Legitimate interest to assist you with your inquiry
Email address or telephone number
To contact you back, if necessary
Legitimate interest to assist you with your inquiry
Other personal information that (a) you chose to provide us or (b) is necessary for resolving the requested issue
To assist you with your inquiry related to such personal information
Legitimate interest to assist you with your inquiry
We use Zendesk to address users’ issues, answer users’ requests, contact users back, or address them properly.
Zendesk solution is operated by Zendesk Inc., 989 Market St, San Francisco, CA, United States.
When you send a request, the requested data is also processed by Zendesk, who helps us to receive and process your inquiries. Each time you submit a support request, Zendesk creates a ticket on that request for us containing the ticket data (date/time of request and other details), user data who made a request, and the request details.
This data is necessary to address your issue, answer your request, contact you back, or address you properly, where and as applicable depending on the type of personal information. The legal basis for processing such data — is our legitimate interest to assist you with your request regarding the Website and its services/products.
Note that Zendesk is located in the US, therefore competent US state authorities may have access to the personal data processed by Zendesk. For more information on how Zendesk processes personal data, please check Zendesk Privacy Documentation.
Marketing Data
On the Website you may be allowed to subscribe to receive emails from us with news and updates about the Website and relevant products. By providing your email in the respective field of the Website, you provide your consent to receive respective emails from us and our affiliates (meaning companies that control, are under common control with, or controlled by us). Your data will be processed as follows:
Data item
Purpose
Legal grounds
Email address
To send you our marketing emails
Your consent
We use Klaviyo (a third-party solution) to send marketing emails. Klaviyo solution is operated by Klaviyo Inc., with a legal address at 125 Summer St, Floor 6, Boston, MA, United States. Since Klaviyo is located in the US, competent US authorities may have access to the personal data retained by Klaviyo. For more information on how Zendesk processes personal data, please check Klaviyo’s data privacy section.
You may always unsubscribe from receiving marketing emails by (a) contacting us or (b) clicking the unsubscribe button available within each marketing email we send you. When you unsubscribe from receiving marketing emails, your Marketing Data will be erased from the respective database.
Website Data
When you visit the Website, certain personal data is collected automatically. At first, when you access the Website, you must indicate your country of residence. This is necessary to determine whether you can order our products from the country where you are located. The legal basis for processing such data is a legitimate interest to determine whether you are able to make a purchase on the Website.
Certain personal data is collected automatically when you access and browse the Website. Most of the Website Data is collected via cookie technology. Cookies are small text files that we place on your computer while you visit us. The data stored in cookies uses identificators unique to your device, so we are able to identify the exact device. Please note, that you are able to customise cookies manually and disable any/all of them with your browser settings.
The following data is collected automatically when you access and use the Website:
Klaviyo, Klaviyo Inc., 125 Summer St, Floor 6 Boston, MA 02111 United States
If you are located in the US, we will use the Klaviyo onsite tracking solution to monitor: (1) your activities on the Website and (2) products viewed by you. The Klaviyo solution also records if you visited the Website from the email that we sent to you. With this solution we will be able to identify that a user visited a page, time of visit, user’s browser, and device operating system. If you have, at some point, clicked through a Klaviyo email to the Website, or if you have, at some point, subscribed/opted-in through a Klaviyo form, or if you have, at some point, logged into the Website and we have identify tracking installed, we will be able to know you as a particular user.
We will use the data collected with the Klaviyo solution to segment our users based on engagement level and to trigger emails to you, if you browse the Website several times without purchasing a product.
You can learn more about Klaviyo at https://help.klaviyo.com/hc/en-us/articles/360034666712-Understanding-cookies-in-Klaviyo.
The gathered information is stored for two (2) years. However, if you have Safari browser (ITP 2.1 version or later), the expiration date is seven (7) days.
The legal basis for processing such data is our legitimate interest to improve the services and reach you with communications that may be of your interest.
Google Analytics, represented by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA, United States
This type of cookie allows us to better understand users’ behavior on the Website, e.g., how many users visited the Website, how long they stayed, and how they interact with the Website and its content.
The information gathered by Google Analytics includes the following: (1) IP address, (2) the type of device used, (3) the device’s operating system, and (4) the browser used. The IP address of the user is anonymised (masked).
After collecting the aforementioned personal data, Google Analytics creates reports about the use of the Website, which contain aggregated information where we do not see any data pertaining to a particular person. In other words, we cannot identify you from the other visitors.
Google Analytics prescribes users with the unique, randomly generated string that will allow them to further associate concrete users with their computers, but only for single browsing sessions.
The cookie expiration periods are as follows:
_ga — 2 years — used to distinguish users.
_gid — 24 hours — used to distinguish users.
ga<container-id> — 2 years — used to persist session state.
gacgb_<container-id> — 90 days — contains campaign related information.
For more information regarding the retention periods, please see the Google Analytics documentation.
You may learn more about Google Analytics in the Google Analytics Privacy documentation.
Note that since Google is based in the US, competent US authorities may have access to the personal data collected via Google Analytics. In addition, Google may use this personal data for any of its own purposes, such as profiling and cross-platform tracking.
The legal basis for processing such data is your consent.
Shopify Analytics, Shopify Inc. 151 O’Connor Street, Ground floor, Ottawa, ON K2P 2L8, Canada
This type of cookie allows us to analyse the Website speed and transaction analysis.
Shopify Analytics creates reports based on specific metrics including: average order value, online store conversion rate (it shows the percentage of sessions that lead to an order), online store sessions by device type, online store sessions by location, online store sessions by traffic source, online store sessions from social source, repeat customer rate, sales by POS location, sales by social source, sales by staff, sales by traffic source, top landing pages, top products by units sold, top referrers by sessions, total online store sessions, total orders, total sales, sales attributed to marketing. Similar to Google Analytics, and Shopify Analytics the expiration period for cookies is limited to one session. Also, the session may end after 30 minutes without activity.
For more information, please refer to Shopify Analytics privacy documentation.
The legal basis for processing such data is your consent.
Goaffpro, represented by RVGA Enterprises Pvt. Ltd., Ist Floor, 159 D, new mandi Sirsa, Haryana, India
Goaffpro.com is a third-party solution that helps us to set up an affiliate program. This solution provides affiliate marketing services via affiliates who share MNTD products with their followers on social media platforms or blogs. Users may use an affiliate link to purchase MNTD products.
With Goaffpro.com we are able to identify that a particular Website user was referred to us by our affiliate. In this case, we may collect your name and email address.
The legal basis for processing such data is our legitimate interest to maintain our affiliate network.
How We Share Your Personal Data
We do not sell or rent out your personal data. However, we may share your personal data if it is reasonably necessary for the performance of our undertakings with you (process your order) and/or our legitimate interest to maintain and develop the Website. In particular, your personal information is shared with the following categories of recipients:
our affiliates;
our subcontractors and team members, e.g., support team, technical team, etc.;
third-party solutions integrated into the Website, e.g., solutions enabling to make the purchase, chat functionality, etc.;
shipping companies, in order to deliver you the products ordered on the Website;
payment institutions that process payments on the Website;
marketing email solutions, such as Klaviyo or any other solution we may use;
analytical and other similar solutions, as outlined in this Notice;
government institutions that may request access to your personal data;
new owner of the Website, if we sell or otherwise dispose of the Website or its part.
Please note that we and the aforementioned recipients may be located in jurisdictions that do not ensure the same level of data protection as the country of your residence. We will endeavor to protect your personal data while it is processed, stored, or transferred.
If and to the extent we are subject to the General Data Protection Regulation, when we transfer personal data to a country that does not ensure the same level of data protection as the country of your residence, we will use additional safeguards, namely, Standard Contractual Clauses.
How Long Do We Store Your Personal Data
As a general rule, we store your data as long as it is necessary for the purposes it was collected and according to the requirements of the applicable legislation. Following the expiration of the storage period, such data will be either erased or anonymised. In particular, your personal data will be processed as follows:
Purchase Data is processed as long as it is necessary under the requirements of the applicable legislation. According to the laws of Singapore, such data is stored for a period of five (5) years from the date it was collected.
Contact Data is processed for the period of one (1) year following our contact with you.
Marketing Data is stored until you remain subscribed to our newsletter. You may unsubscribe from receiving marketing emails in accordance with paragraph 2.3 above.
Website Data is stored during the applicable cookie storage period as described in paragraph 2.4 above. You may also learn more about such data in paragraph 2.4 above and on the websites of the applicable third parties.
Your Rights
According to the applicable data protection legislation you may have the following data protection rights:
right to access:
You are able to request us if we process your personal data. If this is the case, you may request access to your personal data that we store about you. Among others you may ask us regarding:
the purposes for collecting personal information about you;
categories of personal information concerned;
who receives your personal information or categories of such recipients;
how long we are going to store the information about you and if not possible criteria to determine the storage period;
when your personal information was obtained not from you directly, the source where it came from;
the existence of either profiling activities or automated decision making based on your personal information. Where such activities are performed, we should also inform you about the importance, and expected consequences of them;
a copy of your personal information processing. For such requests further, we may charge you with a reasonable fee. We generally provide users with an electronic copy of their personal information unless they request otherwise.
right to rectification:
You have the right to correct inaccurate (for example, old or incorrect) personal information related to you.
right to erasure or the right to be forgotten:
You have, under certain circumstances, the right to request the erasure of your personal information. Please note, that this right only applies to the data available at the time of request and is not applicable to future data.
Request to the erasure of personal information is possible when:
personal information is no longer needed for the purposes it was primarily collected or processed;
when you have already withdrawn your consent for processing your personal data, and we do not have other legal ground to process it;
when your personal data is processed under legitimate interest and you object to such legal ground. Moreover, there is no overriding legitimate interest to proceed to process your personal data;
your personal information was unlawfully processed;
when your personal data has to be erased due to legal obligation.
right to restrict processing:
You may request us to stop processing your personal information when:
you have reasonable doubts that your information is accurate, and we are verifying the accuracy of such information;
your personal information was unlawfully processed;
the purpose of your personal information collection no longer exists, but you wish to store it longer to defend a legal claim.
Moreover, you may request us to stop processing your personal data while we are working on a rectification request or request to object to processing your personal information.
right to data portability:
You have the right to obtain from us and further reuse your personal data for your own purposes within other services. You will also be able to transfer your personal information from one IT environment to another in a safe and secure way, when certain conditions apply, such as:
the processing is based on your consent or needed for the performance of a contract with you;
the processing is made only electronically, without any paper-based files included.
right to object:
You have the right to object to the processing of your personal information at any time. This allows you to prevent us from (stop) processing your personal information. This right applies only when one of the following conditions are met:
your personal information is used for direct marketing purposes;
the processing is based on our legitimate interest;
we are performing tasks carried out for the public interest or by governmental authority;
your personal information was processed for either research or statistical purposes.
right not to be subject to automated decision making and profiling:
Currently, neither we nor the Website uses your personal data for profiling or decisions made solely by automated means.
right to lodge a complaint with a supervisory authority:
You have a right to lodge a complaint with a data protection authority in a country you either reside, permanently live, work, or in a country where data protection infringement takes place.
Personal Information of Minors
Website is not intended for the use of children (under 18 years old or older, if the country of your residence determines a higher age restriction). We do not knowingly market to, or solicit data from children. We do not knowingly process, collect, or use the personal data of children, and in case we receive such data, we will erase it within a reasonable timeframe.
Revisions
We keep this Notice under regular review and may update it at any time. If we make any changes to this document, we will change the “Last Updated” date above. Please, review this Notice regularly, or follow the updates on the Website.
MNTD. App - Privacy Notice
The MNTD application available on IOS and Android platforms, including the associated software, tools, information, and services available therein (the “Application”), is provided by MNTD PTE. LTD. (“we”, “our”, “us”). With respect to personal data collected within the Application we act as a data controller.
In this Privacy Notice we explain how your personal data is collected and processed. “You”, “your” refers to you as an individual using the Application. Personal data or personal information means any information directly or indirectly identifies you as an individual.
Unless otherwise defined herein, the capitalised terms used herein shall have the meanings provided in the MNTD App Terms of Service.
We make our best efforts to process personal data in accordance with the applicable data protection legislation. If you have any questions regarding processing of your personal data, do not hesitate to contact us via the contact details provided below.
1. Contact Details
MNTD PTE. LTD.
Unique Entity Number 202124287C
1 Marina boulevard #28-00
One Marina Boulevard Singapore (018989)
Data Protection Officer
MNTD has appointed the external DPO — Sekurno OÜ:
An information security and data protection firm.
Company number: 14992608.
Address: Estonia, Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 10151.
DPO’s email: [email protected]
Please contact us or our DPO to receive answers to any data protection-related questions. Please note that we may record any communication to preserve the evidence of the existence of your request and our response.
EU representative
MNTD has appointed an EU Representative (as required by Article 27 of the GDPR). The representative would act as a contact point for supervisory authorities and data subjects.
Correspondence address: Rickert Rechtsanwaltsgesellschaft mbH; Colmantstraße 15, 53115, Bonn, Germany.
EU Representative’s email: [email protected]
2. What Information Is Collected
a. Wallet Address
When you start using the Application, you may need a Wallet. Therefore, in order for you to use the functionality of the Application, we process your public blockchain address associated with your Wallet (the “Wallet Address”). However, you may be able to access the Application without a Wallet, however, in this case, the functionality of the Application will be limited.
The Wallet Address is a unique set of numbers and letters assigned to you by the Helium Blockchain Network. Please note that the Wallet Address is publicly available within the Helium Blockchain Network to any person and we retrieve it directly from the Helium Blockchain Network each time when you access the Application.
We collect and process your Wallet Address in order to allow you to connect your Wallet to the Application, associate it with your respective Hotspots, and to demonstrate the Wallet balance. The legal basis for the processing of your Wallet Address is performance of a contract with you, i.e., to let you use the Application functionality.
We process your Wallet Address as long as the Wallet is connected to the Application and you access the Application.
b. Transactions
Within the Application, you may be able to review or initiate certain transactions on the Helium Blockchain Network.
The transactions are conducted within the Helium Blockchain Network, the Application only retrieves the information and demonstrates it within the interface.
To demonstrate the transactions within the Application interface, we receive the transaction details, such as transaction hash, payer address, payee address, date, time, and amount.
The legal basis for the processing of the Transactions is the performance of a contract with you, i.e., to let you use the Application functionality.
Please note that the Transactions is publicly available within the Helium Blockchain Network to any person. We receive the Transactions directly from the Helium Blockchain Network.
We process the Transactions as long as your Wallet is connected to the Application.
c. Hotspot Address
Each Hotspot has a unique address (identificator) assigned to it by the Helium Blockchain Network (the “Hotspot Address”). The Hotspot Address is necessary for the Helium Blockchain Network to identify each Hotspot connected to it and properly maintain the interaction of the Hotspot with the Helium Blockchain Network.
When you onboard the Hotspot within the Application, the Hotspot Address is recorded in the Helium Blockchain Network. Please note that the Hotspot Address will be: (a) processed by the Helium Blockchain Network, (b) publicly accessible by any person, and (c) processed permanently in the Helium Blockchain Network. The Hotspot Address is also automatically associated with your Wallet Address. It is not technically possible to use a Hotspot within the Application other than as described above.
Please note that you may transfer your Hotspot to a certain other Wallet Address, in which case the Hotspot will no longer be associated with the preceding Wallet Address. If you turn off the Hotspot or cease using the Application, the Hotspot Address will still be stored within the Helium Blockchain Network and will still be associated with the respective Wallet Address.
The legal basis for the processing of the Hotspot Address is performance of a contract with you, i.e., to let you use the Application and Helium Blockchain Network functionality.
We also process the Hotspot Addresses connected to the Helium Blockchain Network users to display them in the search results when a user utilises the search functionality in the Application. The legal basis for the processing of such Hotspot Addresses is our legitimate interest to provide the Application users with the search functionality of the Hotspot Addresses which are already publicly available in the Helium Blockchain Network.
We process the Hotspot Address as long as you use the Application with your respective Wallet. Accordingly, we do not process the Hotspot Address if you do not use the Application with your respective Wallet. As for the Hotspot Addresses that we demonstrate in the search results, we process them as long as they are available on the Helium Blockchain Network.
d. Hotspot Name
The Hotspot Name is a Hotspot animal name, which is composed of three (3) words automatically generated and assigned by the Helium Blockchain Network (not by us) to a certain Hotspot connected to the Helium Blockchain Network. The Hotspot Name is created with the Angry Purple Tiger algorithm.
We process the Hotspot Names in order to display them in the Application, including via search functionality.
The legal basis for the processing of the Hotspot Name is our legitimate interest to provide the Application users with the search functionality of the Hotspot Names which are already publicly available in the Helium Blockchain Network.
We process the Hotspot Names when we need to demonstrate them within the Application, including in order to display them in the Application search functionality. We retrieve the Hotspot Names from the Helium Blockchain Network.
e. Device ID
Each device using the Application is assigned with its unique identificator (the “Device ID”). The Device ID does not by itself constitute personal data as it represents a random set of symbols. We assign the Device ID to identify the device used by you in connection with the Application. In particular, we use the Device ID to send push notifications with respect to your Wallet, Hotspots, or Transactions.
f. Email Address
When you access the Application, you may be able to log in with a RAK ID account (the “RAK ID Account”), which is also operated by RAKwireless Technology Limited. More information regarding the RAK ID Account is available in the RAK ID Privacy Notice (the “RAK ID Notice”), which is available on the RAK ID website (the “RAK ID Website”). We and RAKwireless Technology Limited are deemed independent data controllers. You may exercise your data protection rights with respect to either RAKwireless Technology Limited or us. However, to manage your RAK ID Account you should use the RAK ID Website, including to disconnect your RAK ID Account from the Application.
Please note that you can manage your RAK ID Account within the RAK ID Website. The data processing of the data associated with your RAK ID Account is also subject to the RAK ID Notice. We suggest you read the RAK ID Notice before registering and using the RAK ID Account.
If you do not have a RAK ID Account, you may register it within the RAK ID Website. In this case, the email address will be stored both within the Application and RAK ID Account.
When you log in with your RAK ID Account, we will receive the email address associated with the respective RAK ID Account. The email address will be associated with your respective Wallet Address.
Log in with RAK ID Account is optional. The legal basis for processing your email address is our legitimate interest to make the use of the Application more user friendly.
g. Location
In order to properly onboard a Hotspot to the Application, you shall provide the location of the respective Hotspot (the “Location”). The Location is necessary due to the nature of the Helium Blockchain Network, which is a “proof-of-coverage” blockchain that requires to know the precise Location of each onboarded Hotspot.
You may enter the Location either manually (by personally typing the address of the Hotspot) or by using the geolocation data of your device. In the latter case, the Application will request your permission to use the geolocation data of your device; if you do not provide such permission, you will only be able to enter the Location manually.
If you use the geolocation data of your device, the Application will use the services provided by Mapbox. Such services are operated by Mapbox, Inc. registered at 740 15th Street NW, 5th Floor, Washington DC 20005, United States.
In this case, the Location may be transferred to Mapbox pursuant to this Data Processing Agreement. For more information, please review Mapbox Privacy Documentation. Note that competent US state authorities may have access to the personal data collected via Mapbox.
When you onboard a Hotspot, we will process the Location and associate it with the respective Hotspot Address. The Application will transfer the Location to the Helium Blockchain Network, as it is necessary for the proper functioning of the Hotspot and its interaction with the Helium Blockchain Network. Please note that the Location will be permanently available within the Helium Blockchain Network and it is literally impossible to either delete or change it. You may always update the Location, however, the previous Location will still be stored within the Helium Blockchain Network.
Please note that the Location must be associated with the address of the appropriate Hotspot, not necessarily with your personal location or location of your residence.
The legal basis for the processing of the Location is performance of a contract with you, i.e., to let you use the Application and Helium Blockchain Network functionality.
We process the Location as long as you use the Application with your respective Wallet. Accordingly, we do not process the Location if you do not use the Application with your respective Wallet for example when you close the Application. Please note that the Location will be permanently stored within the Helium Blockchain Network.
h. Support
You may contact us via the contact details indicated in this Privacy Notice or within the Application, including via Discord. When you contact us or submit a request, you may provide us with certain additional personal information. Such information may include your Discord account nickname, email address, or any other personal information that you choose to provide to us.
This data is necessary to address your issue, answer your request, contact you back, or address you properly, where and as applicable depending on the type of personal information. The legal basis for processing such data — our legitimate interest to assist you with your request regarding the Application.
If you contact us via Discord, certain personal data will be processed by Discord according to Discord’s Privacy Policy.
i. Analytics
We use Sentry within the Application. Sentry is the error and performance monitoring software offered by Functional Software, Inc. Sentry provides us with information about crashes and malfunctions in the Application. In case of malfunction or failure, the following information is transmitted:
information about the device and the browser, such as Sentry device ID, model and device type, screen parameters, name and version of the operating system, and settings of the device (e.g., language);
version and functionality of the Application;
date, time and timezone of the crash event;
place in the Application where the crash happened.
With the aforementioned information, we do not intend to identify you as an individual, however, according to the applicable data protection legislation, it may be considered personal data.
We use Sentry to improve the Application and ensure its stability. The legal basis for processing the data collected via Sentry is our legitimate interest. Information collected with Sentry is stored during 90 days from the date when the malfunction took place.
For more information regarding the data processing by Sentry, please refer to Sentry’s Privacy Policy
j. PIN Code
Within the Application you may create a PIN code which may be used to login into the Application and confirm the transactions regarding the transfer of the Hotspot to the other Wallet Address. Creation of a PIN code is not mandatory.
The PIN code is encrypted and stored on your device and we process it when you use the PIN code in order to verify its correctness.
The legal basis for the processing of the PIN code is our legitimate interest, i.e., to let you secure and protect the Wallet and aforementioned transactions.
We do not store your PIN code and we process it only when you use the PIN code.
k. Wi-Fi Password
In order to onboard a Hotspot to the Application, it is necessary to provide the Wi-Fi password of the network to which the Hotspot will be connected. The Application transfers the Wi-Fi password to the Hotspot, however, we do not store the Wi-Fi passwords.
The legal basis for the processing of the Wi-Fi password is performance of a contract with you, i.e., to let you use the Application functionality.
We do note store the Wi-Fi passwords and we process them only when you connect the Hotspot.
3. Your Information and Blockchain
Please kindly note that the Wallet Address, Transactions, Hotspot Address, Hotspot Name, and Location are available and used within the decentralised Helium Blockchain Network. Essentially, this data is stored within the Helium Blockchain Network. We do not control nor operate the Helium Blockchain Network. This means that due to the structure of the Helium Blockchain Network certain rights or abilities may be limited and we may not be able to influence your data on the Helium Blockchain Network. It also means that the Wallet Address, Transactions, Hotspot Address, Hotspot Name, and Location are publicly available to any person who has access to the Helium Blockchain Network. Please be aware that any transaction within the Helium Blockchain Network is irreversible and information put into the Helium Blockchain Network cannot be deleted or changed. If you do not agree with your data being processed on the Helium Blockchain Network, you should not use the Application or transact on the Helium Blockchain Network.
4. How Your Information Is Shared
We do not sell or rent out your personal data. However, we may share your personal data if it is reasonably necessary for the performance of our undertakings with you and our legitimate interest to maintain and develop the Application. In particular, your personal information is shared with the following categories of recipients:
Our affiliates if necessary due to our corporate structure.
Our subcontractors and team members, e.g., support team, technical team, etc.
Third-party solutions related to or integrated within the Application, e.g.:
RAKwireless Technology Limited, if you log in using RAK ID Account;
Mapbox, when you use geolocation tracking within the Application;
Sentry, when you use the Application and a crash takes place.
Service providers used to send push notifications
Discord, if you use Discord to contact us.
Hosting providers.
Government institutions that may request access to your personal data.
Please note that certain data will be publicly available within the Helium Blockchain Network, as described in section “Your Information and Blockchain” above. You may also share your Wallet Address and/or Hotspot Address to third parties by using the Application functionality.
5. Your Rights
According to the applicable data protection legislation, you may have the following rights:
a. to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
b. to request correction (rectification) of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected;
c. to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law;
d. to object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
e. to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (1) if you want us to establish the data’s accuracy, (2) where our use of the data is unlawful but you do not want us to erase it, (3) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, (4) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
f. to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Also note that the data available on the Helium Blockchain Network may be collected and structured by you at any time;
g. to withdraw consent at any time where we are relying on consent to process your personal data. Note that currently we do not rely on your consent to process your personal data;
h. not to be subject to a decision based solely on automated processing of data, including profiling, which produces legal effects concerning you or similarly significantly affecting you;
i. to file a complaint with a relevant supervisory authority in case we violate your rights or obligations imposed on us under the applicable data protection legislation. Relevant supervisory authority will particularly depend on where you are located or where your rights were violated.
As we cannot identify you as an individual, according to the applicable data legislation, you cannot exercise your data subject’s rights, unless you provide us with additional information confirming that the data processed by us is genuinely related to you. For this reason, we may also request you to conduct certain actions (such as to conduct a blockchain transaction) to verify your identity and confirm that you have the right to exercise the data subject’s rights. For the avoidance of doubt, you cannot enforce your data subject’s rights with respect to the personal data unless we are sure that such data is associated with you. However, in any case, certain data protection rights may be limited as described below.
Please note that due to the nature of the processing operations within the Application, we may not be able to exercise certain rights that you may have pursuant to the applicable data protection legislation. When interacting with the Helium Blockchain Network we may not be able to ensure that your personal data is deleted, corrected, or restricted. This is because the Helium Blockchain Network is a public decentralised network and blockchain technology does not generally allow for data to be deleted or changed and certain rights cannot be enforced. In these circumstances, we will only be able to exercise your rights with respect to the information that is stored on our servers and not on the Helium Blockchain Network. If you want to ensure your privacy rights are not affected in any way, you should not transact on public blockchains (such as the Helium Blockchain Network) as certain rights may not be fully available or exercisable by you or us due to the technological infrastructure of the Helium Blockchain Network.
6. Third-Party Links
This Application may include links to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and applications, and are not responsible for their privacy practices. When you leave the Application, we encourage you to read the respective privacy policy/notice/statement of the website or application you visit.
7. Children Personal Data
The Application is not intended for the use of children (under 18 years old or older, if the country of your residence determines a higher age restriction). We do not knowingly market to, or solicit data from children. We do not knowingly process, collect, or use personal data of children, and in case we acknowledge that we received such data, we will, if possible, erase it within a reasonable timeframe.
8. Changes to This Privacy Notice
We keep this Privacy Notice under regular review and we may update it at any time. If we make any changes to this document, we will change the “Last Updated” data above. Please review this Privacy Notice regularly.
----------
[End of Document.]